summaryrefslogtreecommitdiffstats
path: root/source4/libcli/ldap/ldap_controls.c
Commit message (Collapse)AuthorAgeFilesLines
* s4: libcli: ldap message - Ensure all asn1_XX returns are checked.Jeremy Allison2014-09-261-4/+4
| | | | | | | | Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Ronnie Sahlberg <ronniesahlberg@gmail.com> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Fri Sep 26 03:15:00 CEST 2014 on sn-devel-104
* s4: libcli: ldap controls - Ensure all asn1_XX returns are checked.Jeremy Allison2014-09-261-5/+15
| | | | | Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Ronnie Sahlberg <ronniesahlberg@gmail.com>
* s4-ldap: handle VERIFY_NAME control encoding/decodingMatthieu Patou2012-06-221-0/+96
|
* s4:samdb:rootdse: implement the schemaUpgradeInProgress operation in ldap modifyMichael Adam2012-04-181-0/+1
| | | | | | | | | | | This is preliminary in that it is implemented as a no-op for a start just to be able to successfully answer the request, which seems to be sufficient in order to e.g. survive the exchange schema extensions. Signed-off-by: Matthieu Patou <mat@matws.net> Autobuild-User: Michael Adam <obnox@samba.org> Autobuild-Date: Wed Apr 18 02:48:28 CEST 2012 on sn-devel-104
* s4-ldap: added DSDB_CONTROL_NO_GLOBAL_CATALOG to ldap encoding listAndrew Tridgell2011-10-041-18/+7
| | | | | | also remove all the duplicated comments Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
* s4:ldap_controls: allow DSDB_CONTROL_BYPASS_PASSWORD_HASH_OID over sockets.Stefan Metzmacher2010-12-131-2/+2
| | | | | | | | | The DSDB_CONTROL_BYPASS_PASSWORD_HASH_OID control has to data attached to it. So we can allow it to be send over LDAP. We'll accept this control over the privileged ldapi socket only. metze
* s4-ldb: Changes the aclread module to use LDB_HANDLE_FLAG_UNTRUSTED to ↵Nadezhda Ivanova2010-10-271-2/+0
| | | | | | | | | | | determine the source of the request The aclread module used to use a control to make sure the request comes from the ldap server, but now the rootdse filters out any unregistered controls comming from ldap, so the control is lost. Using the LDB_HANDLE_FLAG_UNTRUSTED is a much more elegant solution. Autobuild-User: Nadezhda Ivanova <nivanova@samba.org> Autobuild-Date: Wed Oct 27 11:55:11 UTC 2010 on sn-devel-104
* s4/ldb:introduce the LDB_CONTROL_PROVISION_OID controlMatthias Dieter Wallnöfer2010-10-231-0/+2
| | | | | | | This control is exactly thought for the actions which previously were performed using the RELAX one. We agreed that the RELAX control will only remain for interactions with OpenLDAP.
* ldb:rename LDB_CONTROL_BYPASSOPERATIONAL_OID into ↵Matthias Dieter Wallnöfer2010-10-231-2/+2
| | | | | | LDB_CONTROL_BYPASS_OPERATIONAL_OID It's nicer to have this consistent with "BYPASS_PASSWORD_HASH".
* Revert "s4:dsdb - make the RELAX control private"Andrew Bartlett2010-10-181-2/+1
| | | | | | | | This must be available to the OpenLDAP backend, to set the GUID values in some situations. We need a proper ACL mechanism to control the use or abuse of this control. This reverts commit 10adee89367cee9add993869280542418fb3d370.
* s4:dsdb - make the RELAX control privateMatthias Dieter Wallnöfer2010-10-161-1/+2
| | | | | | | This makes our LDAP much more secure and less error-prone. Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Sat Oct 16 19:43:36 UTC 2010 on sn-devel-104
* s4:libcli/ldap/ldap_controls.c - fix up the controls listMatthias Dieter Wallnöfer2010-10-161-29/+49
| | | | | | - add missing private controls and comments - use control defines rather than hardcoded values -> easier to comprehend - reorder controls
* s4-ldap: Added a control to apply the access checks on read via LDAPNadezhda Ivanova2010-09-261-0/+2
|
* s4-dsdb: added support for LDB_CONTROL_RODC_DCPROMO_OIDAndrew Tridgell2010-08-171-0/+1
| | | | | | | | | | | | this control adds a unique msDS-SecondaryKrbTgtNumber attribute to a user object. There is some 'interesting' interaction with the rangeLower and rangeUpper attributes and this add. We don't implementat rangeLower/rangeUpper yet, but when we do we'll need an override for this control (or be careful about module ordering). Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
* s4-ldap: use common functions for ldap flag controls encode/decodeAndrew Tridgell2010-08-171-163/+11
| | | | | | | many controls are simple present/not-present flags, and don't need their own parsers Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
* s4/libcli: Register LDB_CONTROL_REVEAL_INTERNALS and ↵Endi S. Dewata2010-06-281-0/+4
| | | | | | DSDB_CONTROL_PASSWORD_CHANGE_STATUS_OID controls. Signed-off-by: Matthias Dieter Wallnöfer <mdw@samba.org>
* ldb:controls - add the "TREE_DELETE" control for allowing subtree deletesMatthias Dieter Wallnöfer2010-06-201-0/+20
|
* s4:ldap_controls.c - remove encoding functions for private recalculate SD ↵Matthias Dieter Wallnöfer2010-06-201-19/+0
| | | | control
* s4: Remove an uselessly exposed controlMatthieu Patou2010-06-071-1/+0
|
* s4:libcli/ldap Rename ldap.h to libcli_ldap.hAndrew Bartlett2010-05-211-1/+1
| | | | | | | It is a problem if a samba header is called ldap.h if we also want to use OpenLDAP's ldap.h Andrew Bartlett
* s4-libcli: Added NULL handlers for DSDB_CONTROL_DN_STORAGE_FORMAT_OID and ↵Endi S. Dewata2010-03-021-0/+4
| | | | | | LDB_CONTROL_AS_SYSTEM_OID Signed-off-by: Andrew Bartlett <abartlet@samba.org>
* s4: fix SD update and password change in upgrade scriptMatthieu Patou2009-11-281-0/+20
| | | | | | | | | - reserve a new Samba OID for recalculate SD control - fix the update SD function - fix handling of kvno in the update_machine_account_password function - fix handling of handles in RPC winreg server Signed-off-by: Andrew Tridgell <tridge@samba.org>
* s4:ldbcli - Added encoder/decoder for relax control.Endi S. Dewata2009-11-191-2/+20
|
* s4:libcli/ldap Add 'relax' OID to known network representationsAndrew Bartlett2009-11-121-0/+2
| | | | | | | | This patch, inspired by a patche by Endi S. Dewata <edewata@redhat.com>, allows this control to be passed to the LDAP backend. Andrew Bartlett
* s4: fix various warnings (not "const" related ones)Matthias Dieter Wallnöfer2009-10-021-2/+2
|
* s4:libcli/ldap: add support for new Recycle Bin Feature LDAP ControlsStefan Metzmacher2009-07-231-0/+40
| | | | | | | LDAP_SERVER_SHOW_RECYCLED_OID 1.2.840.113556.1.4.2064 LDAP_SERVER_SHOW_DEACTIVATED_LINK_OID 1.2.840.113556.1.4.2065 metze
* fixed the encoding/decoding of the reverse attribute for server side sortAndrew Tridgell2009-06-101-3/+10
|
* libcli/ldap: move generic ldap control encoding code to ldap_message.cStefan Metzmacher2009-02-241-127/+4
| | | | | | | As they can we static there, we pass the specific handlers as parameter where we need to support controls. metze
* s4:libcli/ldap: don't use 'void **out' as arguments as the behavior is not ↵Stefan Metzmacher2009-02-241-17/+32
| | | | | | defined in C. metze
* s4:dsdb: add support for DSDB_OPENLDAP_DEREFERENCE_CONTROLAndrew Bartlett2008-12-171-0/+115
| | | | | | | | | | | Encode and decode the OpenLDAP dereference control (draft-masarati-ldap-deref-00) At this time, the ldb_controls infrustructure does not handle request and reply controls having different formats, so this is purely the client implementation (ie, there is no decode of the client->server packet, and no encode of the server->client packet). Signed-off-by: Stefan Metzmacher <metze@samba.org>
* Make sure prototypes are always included, make some functions static andJelmer Vernooij2008-10-201-0/+1
| | | | remove some unused functions.
* Fix include paths to new location of libutil.Jelmer Vernooij2008-10-111-1/+1
|
* util: Move asn1 to lib/util to trim down the number of subsystems.Jelmer Vernooij2008-01-151-1/+1
| | | | (This used to be commit 44e1cfd2d0ef62e4ee541cec00581a7151d951b3)
* r26192: Handle, test and implement the style of extended_dn requiest that ↵Andrew Bartlett2007-12-211-2/+16
| | | | | | | | | | | | MMC uses. It appears that the control value is optional, implying type 0 responses. Failing to parse this was causing LDAP disconnects with 'unavailable critical extension'. Andrew Bartlett (This used to be commit 833dfc2f2af84c45f954e428c9ea6babf100ba92)
* r25554: Convert last instances of BOOL, True and False to the standard types.Jelmer Vernooij2007-10-101-265/+265
| | | | (This used to be commit 566aa14139510788548a874e9213d91317f83ca9)
* r24248: Attempt to fix bug #4830 by <mwallnoefer@yahoo.de>. If there is noAndrew Bartlett2007-10-101-0/+1
| | | | | | | | payload to the control, we still need to inialise *value, as otherwise we read uninitialised data later. Andrew Bartlett (This used to be commit f6566480b7f1b4036b38284aa539f3a69f5c4573)
* r23792: convert Samba4 to GPLv3Andrew Tridgell2007-10-101-3/+2
| | | | | | There are still a few tidyups of old FSF addresses to come (in both s3 and s4). More commits soon. (This used to be commit fcf38a38ac691abd0fa51b89dc951a08e89fdafa)
* r23036: error checking on asn1_init() failureAndrew Tridgell2007-10-101-0/+40
| | | | (This used to be commit 26cf8494084c0106ef0e1c9b6ef40eeadf945ef2)
* r23030: finally fixed up our asn1 code to use better memory allocation. ThisAndrew Tridgell2007-10-101-177/+167
| | | | | should allow us to fix some long standing memory leaks. (This used to be commit 3db49c2ec9968221c1361785b94061046ecd159d)
* r21806: I've been working over the last week to fix up the LDAP backend forAndrew Bartlett2007-10-101-27/+44
| | | | | | | | | | | | | | | | | | | | | | | | | | Samba4. This only broke on global catalog queries, which turned out to be due to changes in the partitions module that metze needed for his DRSUAPI work. I've reworked partitions.c to always include the 'problematic' control, and therefore demonstrated that this is the issue. This ensures consistency, and should help with finding issues like this in future. As this control (DSDB_CONTROL_CURRENT_PARTITION_OID) is not intended to be linearised, I've added logic to allow it to be skipped when creating network packets. I've likewise make our LDAP server skip unknown controls, when marked 'not critical' on it's input, rather than just dropping the entire request. I need some help to generate a correct error packet when it is marked critical. Further work could perhaps be to have the ldap_encode routine return a textual description of what failed to encode, as that would have saved me a lot of time... Andrew Bartlett (This used to be commit eef710668f91d1bbaa2d834d9e653e11c8aac817)
* r17430: implement the LDAP_SERVER_PERMISSIVE_MODIFY control in the clientStefan Metzmacher2007-10-101-0/+20
| | | | | metze (This used to be commit 96259f0f24b114e505241c9d2deb702a8b40f1b6)
* r17429: implement the LDAP_SERVER_SHOW_DELETED control in the clientStefan Metzmacher2007-10-101-0/+20
| | | | | metze (This used to be commit 40dc7c1787c16bfc15ac87fee81d2d2d1f3d2fde)
* r17420: add client support for the LDAP_SERVER_DOMAIN_SCOPE controlStefan Metzmacher2007-10-101-0/+20
| | | | | metze (This used to be commit 84e74a759cfa49ebc8b4ba1b8e729d6d920fc55a)
* r17419: add client support for the LDAP_SERVER_SEARCH_OPTIONS support.Stefan Metzmacher2007-10-101-0/+59
| | | | | | | | | with this you can limit a search to a specific partitions or a search over all partitions without getting referrals. (Witch is the default behavior on the Global Catalog Port) metze (This used to be commit 4ccd0f8171f3748ee6efe1abd3f894d2cdf46bf4)
* r17418: add client support for the LDAP_SERVER_SD_FLAGS controlStefan Metzmacher2007-10-101-0/+59
| | | | | metze (This used to be commit 23759a1e9b05c4fde475a9016cb0b7447656d7e7)
* r15573: Fix build of systems that have iconv headers in non-standard locationsJelmer Vernooij2007-10-101-1/+0
| | | | | | | Split of system/locale.h header from system/iconv.h Previously, iconv wasn't being used on these systems (This used to be commit aa6d66fda69779d1c2948a1aca85dbd5208f1cba)
* r15365: Fix error in my previous commit, caught by metze.Jelmer Vernooij2007-10-101-3/+3
| | | | (This used to be commit 0d99397007960e555f562f1498a202407e235f36)
* r15358: Fix some compiler warnings / type safety. Found by tccJelmer Vernooij2007-10-101-2/+6
| | | | (This used to be commit 12ba42de5886f9f4f9b1698476557e0c217d06f3)
* r14424: another empty controls caseAndrew Tridgell2007-10-101-1/+3
| | | | (This used to be commit 7d0eb678bf3649fb4e09da039dd1b716ea3df2cc)
* r13609: Get in the initial work on making ldb asyncSimo Sorce2007-10-101-9/+40
| | | | | | | | | | | | Currently only ldb_ildap is async, the plan is to first make all backend support the async calls, and then remove the sync functions from backends and keep the only in the API. Modules will need to be transformed along the way. Simo (This used to be commit 1e2c13b2d52de7c534493dd79a2c0596a3e8c1f5)
generated by cgit (git 2.34.1) at 2025-06-14 11:15:31 +0000