| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| | | |
| | |
| | |
| | | |
Andrew Bartlett
|
| | | | |
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
reply rules to be followed.
Add code to do a fake async callback on the skipped records.
Andrew Bartlett
|
| | | |
| | |
| | |
| | | |
Andrew Bartlett
|
| | | |
| | |
| | |
| | |
| | |
| | | |
the end.
Andrew Bartlett
|
| | | |
| | |
| | |
| | |
| | |
| | | |
drops the connection. The reconnect code needs to be hooked in here.
Andrew Bartlett
|
| | | |
| | |
| | |
| | |
| | |
| | | |
Adjust the web_server code to cope with this.
Andrew Bartlett
|
| | | |
| | |
| | |
| | | |
metze
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
- check explicit check for varargs.h as fallback from stdarg.h
and fail the build if both are not present
metze
|
| | | |
| | |
| | |
| | | |
metze
|
| | | |
| | |
| | |
| | |
| | |
| | | |
(hopefully nobody will ever see this:-)
metze
|
| | | |
| | |
| | |
| | | |
metze
|
| | | |
| | |
| | |
| | | |
metze
|
| | | | |
|
| | | |
| | |
| | |
| | | |
Andrew Bartlett
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
routines to return an NTSTATUS. This should help track down errors.
Use a bit of talloc_steal and talloc_unlink to get the real socket to
be a child of the GENSEC or TLS socket.
Always return a new socket, even for the 'pass-though' case.
Andrew Bartlett
|
| | | |
| | |
| | |
| | | |
Andrew Bartlett
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
contexts from the application layer into the socket layer.
This improves a number of correctness aspects, as we now allow LDAP
packets to cross multiple SASL packets. It should also make it much
easier to write async LDAP tests from windows clients, as they use SASL
by default. It is also vital to allowing OpenLDAP clients to use GSSAPI
against Samba4, as it negotiates a rather small SASL buffer size.
This patch mirrors the earlier work done to move TLS into the socket
layer.
Unusual in this pstch is the extra read callback argument I take. As
SASL is a layer on top of a socket, it is entirely possible for the
SASL layer to drain a socket dry, but for the caller not to have read
all the decrypted data. This would leave the system without an event
to restart the read (as the socket is dry).
As such, I re-invoke the read handler from a timed callback, which
should trigger on the next running of the event loop. I believe that
the TLS code does require a similar callback.
In trying to understand why this is required, imagine a SASL-encrypted
LDAP packet in the following formation:
+-----------------+---------------------+
| SASL Packet #1 | SASL Packet #2 |
----------------------------------------+
| LDAP Packet #1 | LDAP Packet #2 |
----------------------------------------+
In the old code, this was illegal, but it is perfectly standard
SASL-encrypted LDAP. Without the callback, we would read and process
the first LDAP packet, and the SASL code would have read the second SASL
packet (to decrypt enough data for the LDAP packet), and no data would
remain on the socket.
Without data on the socket, read events stop. That is why I add timed
events, until the SASL buffer is drained.
Another approach would be to add a hack to the event system, to have it
pretend there remained data to read off the network (but that is ugly).
In improving the code, to handle more real-world cases, I've been able
to remove almost all the special-cases in the testnonblock code. The
only special case is that we must use a deterministic partial packet
when calling send, rather than a random length. (1 + n/2). This is
needed because of the way the SASL and TLS code works, and the 'resend
on failure' requirements.
Andrew Bartlett
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Ad supports three extended operations:
- start tls
- dynamic objects
- fast binds
none of these are a priority.
|
| | | | |
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Finally acknowledge that ldb is inherently async and does not have a dual personality anymore
Rename all ldb_async_XXX functions to ldb_XXX except for ldb_async_result, it is now ldb_reply
to reflect the real function of this structure.
Simo.
|
| | | |
| | |
| | |
| | |
| | |
| | | |
the max amount of memory of one process
metze
|
| | | |
| | |
| | |
| | | |
Andrew Bartlett
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
make the testnonblock skip some things. The socket *under* the tls
socket is still tested.
Andrew Bartlett
|
| | | | |
|
| | | |
| | |
| | |
| | | |
metze
|
| | | |
| | |
| | |
| | | |
metze
|
| | | |
| | |
| | |
| | | |
metze
|
| | | |
| | |
| | |
| | |
| | |
| | | |
samba
metze
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
files.
- use the correct timeout variable (simo you should do a standalone build before commiting:-)
metze
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
is build standalone and inside samba
- add configure checks for the some type sizes for debugging
metze
|
| | | |
| | |
| | |
| | |
| | |
| | | |
should I merge that aslo to samba3?
metze
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
the children
this fixes an endless loop bug!
- reenable the test for this
should I merge this to samba3?
metze
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
that it should handle the add without a search.
Now that I'm working on better behaviour with an LDAP backend, I've
fixed the module to do just that. For an ADD, and a MODIFY with the
REPLACE flag, we do not need the search step.
Andrew Bartlett
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The function pointer was meant to be unused, this patch fixes
partition.c to use ldb_sequence_number(). (No backend provided the
pointer any more).
Set the flags onto the ldb structure, so that all backends opened by
the partitions module inherit the flags.
Set the read-ony flag when accessed as the global catalog
Modify the LDAP server to track that this query is for the global
catalog (by incoming port), and set a opqaue pointer.
Next step is to read that opaque pointer in the partitions module.
Andrew Bartlett
|
| | | |
| | |
| | |
| | |
| | |
| | | |
forms of the objectGUID and objectSID attributes.
Andrew Bartlett
|
| | | |
| | |
| | |
| | | |
Andrew Bartlett
|
| | | |
| | |
| | |
| | |
| | |
| | | |
at this point.
Andrew Bartlett
|
| | | |
| | |
| | |
| | | |
Andrew Bartlett
|
| | | |
| | |
| | |
| | | |
Andrew Bartlett
|
| | | |
| | |
| | |
| | | |
metze
|
| | | |
| | |
| | |
| | | |
metze
|
| | | |
| | |
| | |
| | | |
Andrew Bartlett
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
This clearly links the log function with its private pointer, and
makes the argument list for tdb_open_ex a bit shorter.
Andrew Bartlett
|
| | | |
| | |
| | |
| | | |
Andrew Bartlett
|
| | | |
| | |
| | |
| | |
| | |
| | | |
static checkers happy...
Andrew Bartlett
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
In particular, this removes one use of the LDB_DN_NULL_FAILED macro,
which was being used on more than DNs, had an embedded goto, and
confused the IBM checker.
In the password_hash code, ensure that sambaAttr is not, before
checking the number of values.
In GENSEC, note that this switch value can't occour. This seems to be
the only way to quiet both the IBM checker and gcc, as well as cope
with possibly invalid inputs.
Andrew Bartlet
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
easier to chase down what modules or application code gets wrong.
Ensure not to leave memory allocated on failure in ldb_search()
Andrew Bartlett
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
anywhere
- fix a bad segfault
Andrew please make test before committing.
Simo.
|
| | | |
| | |
| | |
| | | |
metze
|
