summaryrefslogtreecommitdiffstats
path: root/source4/ldap_server
Commit message (Collapse)AuthorAgeFilesLines
* dsdb-schema: do not reload more often than schema_reload_intervalMatthieu Patou2012-06-221-2/+23
| | | | | | | | | | | | | Samba 4 use to try to reload the schema every time dsdb_get_schema was called (which could be 20+ time per ldb request). Now we only reload at most every xx seconds (xx being the value of dsdb:"schema_reload_interval" or 120). The timestamp of the last reloaded schema is kept in the dsdb_schema object. There is also a timestamp in the ldb_context, that is used by the LDAP server to know if it has to reload the schema after handling the request. This is used to allow that the schema will be immediately reload after a schemaUpdateNow request has been issued, the reload can't occur in the handling of the LDAP request itself because we have a transaction autostarted.
* lib/param: Create a seperate server role for "active directory domain ↵Andrew Bartlett2012-06-151-1/+1
| | | | | | | | | | | | | | | controller" This will allow us to detect from the smb.conf if this is a Samba4 AD DC which will allow smarter handling of (for example) accidentially starting smbd rather than samba. To cope with upgrades from existing Samba4 installs, 'domain controller' is a synonym of 'active directory domain controller' and new parameters 'classic primary domain controller' and 'classic backup domain controller' are added. Andrew Bartlett
* Introduce system MIT krb5 build with --with-system-mitkrb5 option.Alexander Bokovoy2012-05-231-0/+1
| | | | | | | | | | | | | | | | | System MIT krb5 build also enabled by specifying --without-ad-dc When --with-system-mitkrb5 (or --withou-ad-dc) option is passed to top level configure in WAF build we are trying to detect and use system-wide MIT krb5 libraries. As result, Samba 4 DC functionality will be disabled due to the fact that it is currently impossible to implement embedded KDC server with MIT krb5. Thus, --with-system-mitkrb5/--without-ad-dc build will only produce * Samba 4 client libraries and their Python bindings * Samba 3 server (smbd, nmbd, winbindd from source3/) * Samba 3 client libraries In addition, Samba 4 DC server-specific tests will not be compiled into smbtorture. This in particular affects spoolss_win, spoolss_notify, and remote_pac rpc tests.
* s4:ldap_server: fix typo in DEBUG() messageStefan Metzmacher2012-04-031-1/+1
| | | | metze
* gensec: move event context from gensec_*_init() to gensec_update()Andrew Bartlett2011-10-181-1/+1
| | | | | | | | | | | | This avoids keeping the event context around on a the gensec_security context structure long term. In the Samba3 server, the event context we either supply is a NULL pointer as no server-side modules currently use the event context. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
* s4:ldap_backend.c/"map_ldb_error" - handle errors similar to "PyErr_SetLdbError"Matthias Dieter Wallnöfer2011-10-111-6/+2
| | | | | | | | | | If the call was done using an error string ("add_err_string"), then use that one without an additional "ldb_strerror()" for the definitive LDAP output. Otherwise generate one using "ldb_strerror()". This omits redundancies in the error string generation (twice the same information by "ldb_strerror()"). Signed-off-by: Andrew Tridgell <tridge@samba.org>
* s4-ldap-server: disallow all modifies on global catalog portAndrew Tridgell2011-10-041-0/+20
|
* s4-ldap_server: Fix segfault on startup failure of ldap serverAndrew Bartlett2011-09-271-2/+2
|
* s4-ldap-server: set the NO_GLOBAL_CATALOG control on non-GC operationsAndrew Tridgell2011-09-221-0/+2
| | | | this makes us honor GC semantics on the two ldap ports
* credentials: Rename library to samba-credentials to avoid name clashes.Jelmer Vernooij2011-08-181-1/+1
| | | | | Autobuild-User: Jelmer Vernooij <jelmer@samba.org> Autobuild-Date: Thu Aug 18 22:16:38 CEST 2011 on sn-devel-104
* gensec: clarify memory ownership for gensec_session_info() and ↵Andrew Bartlett2011-08-031-4/+2
| | | | | | | | | | | | | | | gensec_session_key() This is slightly less efficient, because we no longer keep a cache on the gensec structures, but much clearer in terms of memory ownership. Both gensec_session_info() and gensec_session_key() now take a mem_ctx and put the result only on that context. Some duplication of memory in the callers (who were rightly uncertain about who was the rightful owner of the returned memory) has been removed to compensate for the internal copy. Andrew Bartlett
* Use tevent_req_oomVolker Lendecke2011-06-201-1/+1
| | | | This fixes a few Coverity errors
* libcli/util Rename common map_nt_error_from_unix to avoid duplicate symbolAndrew Bartlett2011-06-201-1/+1
| | | | | | | | | | | | The two error tables need to be combined, but for now seperate the names. (As the common parts of the tree now use the _common function, errmap_unix.c must be included in the s3 autoconf build). Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Mon Jun 20 08:12:03 CEST 2011 on sn-devel-104
* s4-ipv6: update callers to load_interface_list()Andrew Tridgell2011-06-061-1/+1
|
* s4-ipv6: use "ip" instead of "ipv4" for serversAndrew Tridgell2011-06-061-4/+4
| | | | | this allows stream_setup_socket() to work with both v4 and v6 addresses
* s4-ipv6: use iface_list_wildcard() to listen on IPv6Andrew Tridgell2011-06-061-3/+12
| | | | | when we need to listen on a wildcard address, we now listen on a list of sockets, usually 0.0.0.0 and ::
* s4-interfaces Rename interfaces code so not to conflict with source3/Andrew Bartlett2011-05-081-3/+3
| | | | | | | | | The iface_count, iface_n_bcast, and load_interfaces functions conflicted with functions of the same name in source3, so the source4 functions were renamed. Hopefully we can actually wrap one around the other in future. Andrew Bartlett
* s4-param Rename private_path() -> lpcfg_private_path()Andrew Bartlett2011-04-291-2/+2
| | | | | | This is consistent with lock_path() Andrew Bartlett
* s4/ldb - remove now superflous "ldb_dn_validate" checksMatthias Dieter Wallnöfer2011-03-041-1/+1
| | | | | | | If we immediately afterwards perform an LDB base operation then we don't need an explicit "ldb_dn_validate" check anymore (only OOM makes sense). Reviewed by: Tridge
* s4:LDAP server - remove validation checks of input DNsMatthias Dieter Wallnöfer2011-03-041-23/+8
| | | | | | | We should rather try to let the LDB modules perform these checks otherwise different backends behaviour differently. Reviewed by: Tridge
* s4-nterr: move auth_nt_status_squash to nt_status_squash and move to nterr.cGünther Deschner2011-03-041-2/+2
| | | | Guenther
* ldb: use #include <ldb.h> for ldbAndrew Tridgell2011-02-103-6/+6
| | | | | | | | thi ensures we are using the header corresponding to the version of ldb we're linking against. Otherwise we could use the system ldb for link and the in-tree one for include Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
* Added SSL global catalogWilliam Brown2011-02-011-3/+18
| | | | | | | | Reviewed-by: Andrew Bartlett Signed-off-by: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Tue Feb 1 20:05:39 CET 2011 on sn-devel-104
* s4-ldap_server Allow multiple binds on LDAP serverAndrew Bartlett2011-01-071-0/+18
| | | | | Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Fri Jan 7 00:02:23 CET 2011 on sn-devel-104
* s4:ldap_server: don't call ldb_req_mark_untrusted() on the privileged ldapi ↵Stefan Metzmacher2010-12-133-8/+21
| | | | | | socket metze
* s4:ldap_server: rename helper functions to ldapsrv_ prefix and pass ldapsrv_callStefan Metzmacher2010-12-131-15/+19
| | | | metze
* s4-ldap: removed an incorrect talloc_move()Andrew Tridgell2010-12-011-1/+1
| | | | | | | | | | | | | | the parent of this session_info is either the stream_connection, or its a system_session(). In either case reparenting it on the ldapsrv_connection doesn't achieve anything that I can see. The move was causing a steal on reference error because the session_info often has multiple references. Thanks to Metze for spotting this. Autobuild-User: Andrew Tridgell <tridge@samba.org> Autobuild-Date: Wed Dec 1 22:10:42 CET 2010 on sn-devel-104
* service_ldap, service_smb: Lowercase output file names.Jelmer Vernooij2010-11-221-1/+1
| | | | | Autobuild-User: Jelmer Vernooij <jelmer@samba.org> Autobuild-Date: Mon Nov 22 20:28:14 CET 2010 on sn-devel-104
* s4: Build ldap and samba3_smb services as shared modules.Jelmer Vernooij2010-11-151-1/+2
| | | | | Autobuild-User: Jelmer Vernooij <jelmer@samba.org> Autobuild-Date: Mon Nov 15 03:04:41 UTC 2010 on sn-devel-104
* s4-server: make server sockets a child of the task contextAndrew Tridgell2010-11-151-8/+10
| | | | | | | | | | | | We previously allocated sockets as direct children of the event context. That led to crashes if a service called task_server_terminate(), as it left the socket open and handling events for a dead protocol. Making them a child of the task allows the task to terminate and take all its sockets with it. Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
* credentials: Lowercase library name,Jelmer Vernooij2010-11-071-1/+1
| | | | | Autobuild-User: Jelmer Vernooij <jelmer@samba.org> Autobuild-Date: Sun Nov 7 01:48:44 UTC 2010 on sn-devel-104
* samdb: Lowercase library name.Jelmer Vernooij2010-11-071-1/+1
|
* s4/auth: Add logon_parameters to authenticate_username_pwAnatoliy Atanasov2010-11-051-0/+2
| | | | | | | | We need to be able to set the logon parameters in the same way as in the ntlm server so we can handle openldap simple authentication call correctly. Autobuild-User: Anatoliy Atanasov <anatoliy@samba.org> Autobuild-Date: Fri Nov 5 06:32:43 UTC 2010 on sn-devel-104
* s4-ldap_server Don't DEBUG() at level 2 every time a caller disconnectsAndrew Bartlett2010-11-051-3/+0
| | | | | Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Fri Nov 5 00:12:37 UTC 2010 on sn-devel-104
* s4: Remove the old perl/m4/make/mk-based build system.Jelmer Vernooij2010-10-311-22/+0
| | | | | | | | The new waf-based build system now has all the same functionality, and the old build system has been broken for quite some time. Autobuild-User: Jelmer Vernooij <jelmer@samba.org> Autobuild-Date: Sun Oct 31 02:01:44 UTC 2010 on sn-devel-104
* s4-smbd: don't initialise process models more than onceAndrew Tridgell2010-10-301-1/+1
| | | | | | | | | this also removes the event_context parameter from process model initialisation. It isn't needed, and is confusing when a process model init can be called from more than one place, possibly with different event contexts. Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
* s4-ldb: Changes the aclread module to use LDB_HANDLE_FLAG_UNTRUSTED to ↵Nadezhda Ivanova2010-10-271-1/+0
| | | | | | | | | | | determine the source of the request The aclread module used to use a control to make sure the request comes from the ldap server, but now the rootdse filters out any unregistered controls comming from ldap, so the control is lost. Using the LDB_HANDLE_FLAG_UNTRUSTED is a much more elegant solution. Autobuild-User: Nadezhda Ivanova <nivanova@samba.org> Autobuild-Date: Wed Oct 27 11:55:11 UTC 2010 on sn-devel-104
* waf: Stop automaticaly changing dashes to underscores in library names.Jelmer Vernooij2010-10-261-1/+1
|
* waf: Remove lib prefix from libraries manually.Jelmer Vernooij2010-10-261-1/+1
|
* s4: Rename LIBCLI_LDAP to libcli_ldap.Jelmer Vernooij2010-10-241-1/+1
|
* s4: Rename LIBSAMBA-* to libsamba-*Jelmer Vernooij2010-10-241-1/+1
|
* s4-ldap: mark all ldap:// requests as untrustedAndrew Tridgell2010-10-191-0/+21
| | | | | | this allows the rootdse module to filter unregistered controls Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
* s4:ldap_server - use error code constantMatthias Dieter Wallnöfer2010-10-181-1/+1
| | | | | Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Mon Oct 18 20:32:40 UTC 2010 on sn-devel-104
* ldap_server: Add missing dependency on gensec_server_start.Jelmer Vernooij2010-10-111-1/+1
|
* samdb: Add flags argument to samdb_connect().Jelmer Vernooij2010-10-102-4/+2
|
* s4:ldap_server: rewrite to socket layer to use tstreamStefan Metzmacher2010-10-084-305/+690
| | | | | | | | | | This should make our sasl and tls handling much more robust against partial sent pdus. metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Fri Oct 8 11:55:26 UTC 2010 on sn-devel-104
* Revert "s4:ldap_server: rewrite to socket layer to use tstream"Stefan Metzmacher2010-10-074-694/+305
| | | | | | | | | | | | | | This reverts commit b53fbc75acc525f2e2450370e704a62791271788. There are problems with problems with broken gnutls versions. We can readd this once we have the needed configure checks to detect the bug in gnutls. See https://bugzilla.samba.org/show_bug.cgi?id=7218. metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Thu Oct 7 10:31:18 UTC 2010 on sn-devel-104
* s4:ldap_server: rewrite to socket layer to use tstreamStefan Metzmacher2010-10-044-308/+697
| | | | | | | This should make our sasl and tls handling much more robust against partial sent pdus. metze
* s4-ldap: Added a control to apply the access checks on read via LDAPNadezhda Ivanova2010-09-261-0/+1
|
* s4-ldapserver: serialise ldap server operationsAndrew Tridgell2010-09-072-0/+60
| | | | | | | | | This ensures that two ldap server operations cannot happen in parallel by using packet_recv_disable() and packet_recv_enable() to disable other interfaces during ldap calls. This prevents problems caused by parallel ldap operations where transactions could overlap.
generated by cgit (git 2.34.1) at 2025-09-03 19:37:46 +0000