summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
| | | * r17272: move the callback stuff into a substructureStefan Metzmacher2006-07-271-8/+10
| | | | | | | | | | | | | | | | metze
| | | * r17270: split the logic of saying this auth backend wants to handle thisStefan Metzmacher2006-07-277-41/+140
| | | | | | | | | | | | | | | | | | | | | | | | | | | | request from the password checking. This will help to make the password checking hook async later metze
| | | * r17268: change the smb2 session setup to use the new ↵Stefan Metzmacher2006-07-271-61/+91
| | | | | | | | | | | | | | | | | | | | | | | | gensec_update_send/recv() api metze
| | | * r17267: - add an async interface for gensec_update() to the public gensec apiStefan Metzmacher2006-07-272-0/+78
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - note this is still uses the sync update() hook of the gensec modules but it allows me to fix the callers first Later auth_check_password() will also get an async version, so that we can later implement an async version of auth_winbind using async IRPC to the winbind task. metze
| | | * r17265: some reformattingStefan Metzmacher2006-07-271-57/+27
| | | | | | | | | | | | | | | | metze
| | | * r17264: - remove unused includes from tallocStefan Metzmacher2006-07-262-15/+17
| | | | | | | | | | | | | | | | | | | | | | | | | | | | - check explicit check for varargs.h as fallback from stdarg.h and fail the build if both are not present metze
| | | * r17263: export talloc_free_children()Stefan Metzmacher2006-07-261-0/+1
| | | | | | | | | | | | | | | | metze
| | | * r17257: make the size_t is to small error more verboseStefan Metzmacher2006-07-261-0/+4
| | | | | | | | | | | | | | | | | | | | | | | | (hopefully nobody will ever see this:-) metze
| | | * r17256: fix 2 crash bugs, which are introduced by making parametersStefan Metzmacher2006-07-261-0/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | ref pointers! I'm sure there're more places and more care is needed when idl files are changed. Hopefully testing against windows in the build farm find such bugs in future... Why is in the client library this no more possible: NTSTATUS foo([in,out,ref] uint8 *foo); and then just r.in.foo = &foo; status = dcerpc_foo(p, mem_ctx, &r); and r.out.foo will set to r.in.foo via pidl magic, that worked some time ago... metze
| | | * r17255: fixed BENCH-NBENCH for new smb_raw_find_first() syntaxAndrew Tridgell2006-07-261-1/+2
| | | |
| | | * r17253: add configure checks for writev/readv to see how portable they'reStefan Metzmacher2006-07-261-0/+3
| | | | | | | | | | | | | | | | metze
| | | * r17251: - split out the starttls into its own functionStefan Metzmacher2006-07-261-42/+96
| | | | | | | | | | | | | | | | | | | | | | | | - give an operations error when tls is already on the socket metze
| | | * r17250: Fix comment, the Samba3 winbind protocol uses the host byte order here.Andrew Bartlett2006-07-261-1/+1
| | | | | | | | | | | | | | | | Andrew Bartlett
| | | * r17243: some svcctl idl fixes from <andrzej.hajda@wp.pl>Stefan Metzmacher2006-07-251-7/+7
| | | | | | | | | | | | | | | | metze
| | | * r17241: substitude @datarootdir@ with old autoconf versions:-)Stefan Metzmacher2006-07-251-0/+1
| | | | | | | | | | | | | | | | metze
| | | * r17240: move extended operations to a new fileStefan Metzmacher2006-07-253-78/+98
| | | | | | | | | | | | | | | | metze
| | | * r17238: Add datarootdir (required for newer autoconf versions)Jelmer Vernooij2006-07-251-0/+1
| | | |
| | | * r17237: - keep pointer to the different socketsStefan Metzmacher2006-07-254-3/+10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - we need this to later: - to disallow a StartTLS when TLS is already in use - to place the TLS socket between the raw and sasl socket when we had a sasl bind before the StartTLS - and rfc4513 says that the server may allow to remove the TLS from the tcp connection again and reuse raw tcp - and also a 2nd sasl bind should replace the old sasl socket metze
| | | * r17230: don't overwrite the error with NT_STATUS_NO_MEMORYStefan Metzmacher2006-07-251-10/+7
| | | | | | | | | | | | | | | | metze
| | | * r17227: don't call a function which takes some nonoptional argsStefan Metzmacher2006-07-251-9/+15
| | | | | | | | | | | | | | | | | | | | | | | | with NULL. metze
| | | * r17226: add some comments about ldap binds and pending requestsStefan Metzmacher2006-07-251-0/+14
| | | | | | | | | | | | | | | | metze
| | | * r17225: Fix the build by fixing the spelling of START-TLS.Andrew Bartlett2006-07-251-1/+1
| | | | | | | | | | | | | | | | Andrew Bartlett
| | | * r17224: Accept the start-tls extended request. Getting OpenLDAP to recogniseAndrew Bartlett2006-07-251-1/+58
| | | | | | | | | | | | | | | | | | | | | | | | | | | | our certificate, and proceed with the connection is left as an exercise for the reader... Andrew Bartlett
| | | * r17223: In some protocols it is not possible to negoitate off some features,Andrew Bartlett2006-07-251-5/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | without the agreement of the peer. This can cause problems, because one side things sealing is disabled, while the other thinks it is enabled. Andrew Bartlett
| | | * r17222: Change the function prototypes for the GENSEc and TLS socket creationAndrew Bartlett2006-07-258-78/+148
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | routines to return an NTSTATUS. This should help track down errors. Use a bit of talloc_steal and talloc_unlink to get the real socket to be a child of the GENSEC or TLS socket. Always return a new socket, even for the 'pass-though' case. Andrew Bartlett
| | | * r17221: Add some integer wrap parinoia to data_blob_append().Andrew Bartlett2006-07-251-5/+18
| | | | | | | | | | | | | | | | Andrew Bartlett
| | | * r17215: Prepare the SASL socket before actually settting it. This allowsAndrew Bartlett2006-07-241-29/+51
| | | | | | | | | | | | | | | | | | | | | | | | errors to be reported corectly, rather than just dropping the socket. Andrew Bartlett
| | | * r17210: I wonder how I missed this, build farm caught it.Simo Sorce2006-07-231-1/+1
| | | |
| | | * r17209: Add dependency over the new share configuration module into smbdSimo Sorce2006-07-231-1/+2
| | | | | | | | | | | | | | | | Should fix some build farm machine
| | | * r17208: Add a away to test the ldb module.Simo Sorce2006-07-232-0/+257
| | | | | | | | | | | | | | | | | | | | Actually you can't test both classic and ldb together, but you can replace the standard script/tests/mktestsetup.sh file with this one and run make test to see share_ldb in action
| | | * r17207: Add the ldb based shares configuration moduleSimo Sorce2006-07-232-0/+291
| | | |
| | | * r17206: Add a modular API for share configuration.Simo Sorce2006-07-2330-230/+1005
| | | | | | | | | | | | | | | | Commit the classic backwards compatible module which is the default one
| | | * r17205: Even if this makes me look foolish, at least start to scratch on the ↵Volker Lendecke2006-07-232-24/+308
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | surface of spoolss. If snum is to be removed, then we should make at least the attempt to walk parts of the code before and after the changes. This walks GetPrinterInfo level 0-7. Volker
| | | * r17197: This patch moves the encryption of bulk data on SASL negotiated securityAndrew Bartlett2006-07-2318-248/+639
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | contexts from the application layer into the socket layer. This improves a number of correctness aspects, as we now allow LDAP packets to cross multiple SASL packets. It should also make it much easier to write async LDAP tests from windows clients, as they use SASL by default. It is also vital to allowing OpenLDAP clients to use GSSAPI against Samba4, as it negotiates a rather small SASL buffer size. This patch mirrors the earlier work done to move TLS into the socket layer. Unusual in this pstch is the extra read callback argument I take. As SASL is a layer on top of a socket, it is entirely possible for the SASL layer to drain a socket dry, but for the caller not to have read all the decrypted data. This would leave the system without an event to restart the read (as the socket is dry). As such, I re-invoke the read handler from a timed callback, which should trigger on the next running of the event loop. I believe that the TLS code does require a similar callback. In trying to understand why this is required, imagine a SASL-encrypted LDAP packet in the following formation: +-----------------+---------------------+ | SASL Packet #1 | SASL Packet #2 | ----------------------------------------+ | LDAP Packet #1 | LDAP Packet #2 | ----------------------------------------+ In the old code, this was illegal, but it is perfectly standard SASL-encrypted LDAP. Without the callback, we would read and process the first LDAP packet, and the SASL code would have read the second SASL packet (to decrypt enough data for the LDAP packet), and no data would remain on the socket. Without data on the socket, read events stop. That is why I add timed events, until the SASL buffer is drained. Another approach would be to add a hack to the event system, to have it pretend there remained data to read off the network (but that is ugly). In improving the code, to handle more real-world cases, I've been able to remove almost all the special-cases in the testnonblock code. The only special case is that we must use a deterministic partial packet when calling send, rather than a random length. (1 + n/2). This is needed because of the way the SASL and TLS code works, and the 'resend on failure' requirements. Andrew Bartlett
| | | * r17196: Clarify that SSL is used for LDAP as well as SWAT.Andrew Bartlett2006-07-231-1/+1
| | | | | | | | | | | | | | | | Andrew Bartlett
| | | * r17195: Start thinking how to implement extended operations.Simo Sorce2006-07-222-0/+18
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Ad supports three extended operations: - start tls - dynamic objects - fast binds none of these are a priority.
| | | * r17193: Remove ancient stuff never really usedSimo Sorce2006-07-222-364/+0
| | | |
| | | * r17189: Add the new LDAP rfc seriesSimo Sorce2006-07-2224-0/+27176
| | | |
| | | * r17187: Beginnings of a little lsa walker for Samba3, if only to prevent theVolker Lendecke2006-07-222-0/+78
| | | | | | | | | | | | | | | | | | | | | | | | regression we had in 3.0.23... Volker
| | | * r17186: "async" word abuse clean-up part 2Simo Sorce2006-07-2223-286/+272
| | | |
| | | * r17185: Oh, I wanted to do this for sooo long time.Simo Sorce2006-07-2224-427/+427
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Finally acknowledge that ldb is inherently async and does not have a dual personality anymore Rename all ldb_async_XXX functions to ldb_XXX except for ldb_async_result, it is now ldb_reply to reflect the real function of this structure. Simo.
| | | * r17176: remove off_t from talloc. size_t is large enough to holdStefan Metzmacher2006-07-215-13/+11
| | | | | | | | | | | | | | | | | | | | | | | | the max amount of memory of one process metze
| | | * r17174: Enable gnutls code, which requires the HAVE_GNUTLS CPP macro.Andrew Bartlett2006-07-211-0/+3
| | | | | | | | | | | | | | | | Andrew Bartlett
| | | * r17173: Check for oversize output, not oversize input, and fix the GSSAPI mechAndrew Bartlett2006-07-211-10/+11
| | | | | | | | | | | | | | | | | | | | | | | | to work (it broke it in the previous commit). Andrew Bartlett
| | | * r17171: Add a gensec function to determine the maximum negotiated buffer size,Andrew Bartlett2006-07-213-34/+134
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | and the maximum amount of user data that may be fitted into that. This is used in the new SASL code, to correctly honour SASL buffer sizes. Andrew Bartlett
| | | * r17170: Catch some more out-of-memory cases, and provide some clues whenAndrew Bartlett2006-07-211-7/+18
| | | | | | | | | | | | | | | | | | | | | | | | chasing down bad signatures that may be due to data truncation. Andrew Bartlett
| | | * r17169: Test LDAP with testnonblock.Andrew Bartlett2006-07-211-1/+1
| | | | | | | | | | | | | | | | Andrew Bartlett
| | | * r17168: Now that TLS (and soon SASL) is below the socket layer, we need toAndrew Bartlett2006-07-214-14/+29
| | | | | | | | | | | | | | | | | | | | | | | | | | | | make the testnonblock skip some things. The socket *under* the tls socket is still tested. Andrew Bartlett
| | | * r17167: indentAndrew Bartlett2006-07-211-1/+1
| | | |
| | | * r17157: bail out if sizeof(size_t) < sizeof(void *)Stefan Metzmacher2006-07-201-0/+4
| | | | | | | | | | | | | | | | metze
generated by cgit (git 2.34.1) at 2025-10-03 02:36:17 +0000