ira/wip.git
14 years agor17380: An expanded test, cross-referencing the global catalog to the main port.
Andrew Bartlett [Thu, 3 Aug 2006 09:18:44 +0000 (09:18 +0000)]
r17380: An expanded test, cross-referencing the global catalog to the main port.

Andrew Bartlett

14 years agor17379: Pre-generate DH parameters, to avoid doing this at runtime in our testsuite.
Andrew Bartlett [Thu, 3 Aug 2006 08:02:54 +0000 (08:02 +0000)]
r17379: Pre-generate DH parameters, to avoid doing this at runtime in our testsuite.

Andrew Bartlett

14 years agor17377: This attribute is maintained by the modules, don't override it.
Andrew Bartlett [Thu, 3 Aug 2006 00:59:39 +0000 (00:59 +0000)]
r17377: This attribute is maintained by the modules, don't override it.

Andrew Bartlett

14 years agor17370: Fix tdb searches, we need to return an LDAP_REPLY_DONE packet when done.
Simo Sorce [Wed, 2 Aug 2006 00:01:09 +0000 (00:01 +0000)]
r17370: Fix tdb searches, we need to return an LDAP_REPLY_DONE packet when done.
Awesome how this didn't break everything around...

14 years agor17368: Add 'const' to ldb_match_msg().
Andrew Bartlett [Tue, 1 Aug 2006 22:46:49 +0000 (22:46 +0000)]
r17368: Add 'const' to ldb_match_msg().

Andrew Bartlett

14 years agor17362: session_info and smbpid are available from the ntvfs_handle
Stefan Metzmacher [Tue, 1 Aug 2006 10:58:01 +0000 (10:58 +0000)]
r17362: session_info and smbpid are available from the ntvfs_handle
so we don't need them on the pvfs_file struct.

also we don't need to check is the handle has the correct session
as this is job of the frontend server

metze

14 years agor17361: check that file handles are only accessable
Stefan Metzmacher [Tue, 1 Aug 2006 10:42:03 +0000 (10:42 +0000)]
r17361: check that file handles are only accessable
by the correct session in the SMB frontend server

metze

14 years agor17360: add some comments
Stefan Metzmacher [Tue, 1 Aug 2006 10:37:34 +0000 (10:37 +0000)]
r17360: add some comments

metze

14 years agor17359: http://www.cs.wisc.edu/~cao/cs739/draft-leach-cifs-v1-spec-01.txt
Stefan Metzmacher [Tue, 1 Aug 2006 10:11:37 +0000 (10:11 +0000)]
r17359: cs.wisc.edu/~cao/cs739/draft-leach-cifs-v1-spec-01.txt
says that with the 0xffff fid all files only for the given pid
should be flushed

Does samba3 handle this correct?

metze

14 years agor17357: - fix the build
Stefan Metzmacher [Tue, 1 Aug 2006 09:09:45 +0000 (09:09 +0000)]
r17357: - fix the build
- generate the IDL_NDR_* variables before using them
  (this was the reason I didn't noticed this error)

metze

14 years agor17352: Don't do a modify on the objectClasses, as OpenLDAP doesn't like
Andrew Bartlett [Tue, 1 Aug 2006 05:58:06 +0000 (05:58 +0000)]
r17352: Don't do a modify on the objectClasses, as OpenLDAP doesn't like
this.  Instead, handle this one in the add.

Andrew Bartlett

14 years agor17351: Remove extra LDB partition we don't actually use (these are in the
Andrew Bartlett [Tue, 1 Aug 2006 05:56:47 +0000 (05:56 +0000)]
r17351: Remove extra LDB partition we don't actually use (these are in the
main database, under cn=templates).

Andrew Bartlett

14 years agor17350: Avoid a couple of memleaks, unnecessary code and use a more linear style
Simo Sorce [Tue, 1 Aug 2006 03:22:02 +0000 (03:22 +0000)]
r17350: Avoid a couple of memleaks, unnecessary code and use a more linear style

14 years agor17349: We can't just return sucess here, modules below us expect the async
Andrew Bartlett [Tue, 1 Aug 2006 02:25:05 +0000 (02:25 +0000)]
r17349: We can't just return sucess here, modules below us expect the async
reply rules to be followed.

Add code to do a fake async callback on the skipped records.

Andrew Bartlett

14 years agor17344: move the gensec_update_request structure into the header file
Stefan Metzmacher [Mon, 31 Jul 2006 15:52:26 +0000 (15:52 +0000)]
r17344: move the gensec_update_request structure into the header file
and add a private_data for the backends.

metze

14 years agor17343: let auth_winbind use IRPC against the winbind task.
Stefan Metzmacher [Mon, 31 Jul 2006 15:42:27 +0000 (15:42 +0000)]
r17343: let auth_winbind use IRPC against the winbind task.
(currently this uses the sync IRPC_CALL(), but when
auth_check_password will be async for the backend this will
change to IRPC_CALL_SEND()

the old module which uses the samba3 protocol against winbind
is still available as 'winbind_samba3'

metze

14 years agor17342: implement a SamLogon via IRPC in samba4's winbind
Stefan Metzmacher [Mon, 31 Jul 2006 15:38:18 +0000 (15:38 +0000)]
r17342: implement a SamLogon via IRPC in samba4's winbind

metze

14 years agor17341: pass a messaging context to auth_context_create()
Stefan Metzmacher [Mon, 31 Jul 2006 14:05:08 +0000 (14:05 +0000)]
r17341: pass a messaging context to auth_context_create()
and gensec_server_start().

calling them with NULL for event context or messaging context
is no longer allowed!

metze

14 years agor17340: initialize elements od dcesrc_call_state in one central place
Stefan Metzmacher [Mon, 31 Jul 2006 13:40:49 +0000 (13:40 +0000)]
r17340: initialize elements od dcesrc_call_state in one central place
and pass the messaging context to the call

metze

14 years agor17339: pass the event context and messaging context together to the
Stefan Metzmacher [Mon, 31 Jul 2006 13:34:00 +0000 (13:34 +0000)]
r17339: pass the event context and messaging context together to the
smb ejs functions

metze

14 years agor17337: make better usage of the composite api
Stefan Metzmacher [Mon, 31 Jul 2006 08:14:27 +0000 (08:14 +0000)]
r17337: make better usage of the composite api
and create an event context explicit

metze

14 years agor17336: make the logic a bit more easier to understand...
Stefan Metzmacher [Mon, 31 Jul 2006 07:29:44 +0000 (07:29 +0000)]
r17336: make the logic a bit more easier to understand...

metze

14 years agor17332: May as well make this a round number
Andrew Bartlett [Mon, 31 Jul 2006 01:20:05 +0000 (01:20 +0000)]
r17332: May as well make this a round number

14 years agor17331: Oops, how did I commit this empty file...
Andrew Bartlett [Mon, 31 Jul 2006 01:16:28 +0000 (01:16 +0000)]
r17331: Oops, how did I commit this empty file...

Andrew Bartlett

14 years agor17330: Enable the partitions module.
Andrew Bartlett [Mon, 31 Jul 2006 01:00:18 +0000 (01:00 +0000)]
r17330: Enable the partitions module.

This module redirects various samdb requests into different modules,
depending on the prefix.  It also makes moving to an LDAP backend
easier, as it is just a different partition backend.

This adds yet another stage to the provision process, as we must setup
the partitions before we setup the magic attributes.

Andrew Bartlett

14 years agor17329: - after a composite_continue() we need to call return;
Stefan Metzmacher [Sun, 30 Jul 2006 19:22:39 +0000 (19:22 +0000)]
r17329: - after a composite_continue() we need to call return;
- add some comments

metze

14 years agor17328: make better usage of the composite api
Stefan Metzmacher [Sun, 30 Jul 2006 19:00:16 +0000 (19:00 +0000)]
r17328: make better usage of the composite api

metze

14 years agor17327: when the connect with the ipv6 socket was ok,
Stefan Metzmacher [Sun, 30 Jul 2006 18:59:03 +0000 (18:59 +0000)]
r17327: when the connect with the ipv6 socket was ok,
we need to inform the caller...

metze

14 years agor17326: make better usage of the composite api
Stefan Metzmacher [Sun, 30 Jul 2006 18:36:17 +0000 (18:36 +0000)]
r17326: make better usage of the composite api

metze

14 years agor17325: make better usage of the composite api
Stefan Metzmacher [Sun, 30 Jul 2006 18:24:07 +0000 (18:24 +0000)]
r17325: make better usage of the composite api

metze

14 years agor17324: make better usage of the composite api
Stefan Metzmacher [Sun, 30 Jul 2006 17:55:09 +0000 (17:55 +0000)]
r17324: make better usage of the composite api

metze

14 years agor17323: make better use of the composite api and fix the memory
Stefan Metzmacher [Sun, 30 Jul 2006 17:50:37 +0000 (17:50 +0000)]
r17323: make better use of the composite api and fix the memory
hierachy

metze

14 years agor17322: make better use of the composite api
Stefan Metzmacher [Sun, 30 Jul 2006 17:45:11 +0000 (17:45 +0000)]
r17322: make better use of the composite api

metze

14 years agor17321: give better error codes
Stefan Metzmacher [Sun, 30 Jul 2006 17:43:58 +0000 (17:43 +0000)]
r17321: give better error codes

metze

14 years agor17320: - print the debug message before the composite context get received by the...
Stefan Metzmacher [Sun, 30 Jul 2006 17:34:37 +0000 (17:34 +0000)]
r17320: - print the debug message before the composite context get received by the caller
- steal pipe2 to the state structure so we don't need to take about freeing is later

metze

14 years agor17319: make better usage of the composite api
Stefan Metzmacher [Sun, 30 Jul 2006 17:31:12 +0000 (17:31 +0000)]
r17319: make better usage of the composite api

metze

14 years agor17318: make better usage of the composite api
Stefan Metzmacher [Sun, 30 Jul 2006 17:29:02 +0000 (17:29 +0000)]
r17318: make better usage of the composite api

metze

14 years agor17317: - add a composite_create() function that allocates and initialize
Stefan Metzmacher [Sun, 30 Jul 2006 16:48:41 +0000 (16:48 +0000)]
r17317: - add a composite_create() function that allocates and initialize
  the composite_context structue, we should try to convert all code
  to use this because there're a lot of places where the we have
  bugs with this task...
- add a composite_continue_smb2() helper

We should try to hide the internals of the composite code from the users
to avoid errors (and I found a lot of them... and will fix then step by step)

metze

14 years agor17306: fix compiler warning
Stefan Metzmacher [Sat, 29 Jul 2006 07:56:03 +0000 (07:56 +0000)]
r17306: fix compiler warning

metze

14 years agor17305: allow 'declare [...] union foo;'
Stefan Metzmacher [Sat, 29 Jul 2006 06:00:58 +0000 (06:00 +0000)]
r17305: allow 'declare [...] union foo;'

metze

14 years agor17304: Improve ldb_tdb error strings a bit more.
Andrew Bartlett [Sat, 29 Jul 2006 03:00:16 +0000 (03:00 +0000)]
r17304: Improve ldb_tdb error strings a bit more.

Andrew Bartlett

14 years agor17303: More testing results: Don't try and call a NULL callback, and use the
Andrew Bartlett [Sat, 29 Jul 2006 02:00:33 +0000 (02:00 +0000)]
r17303: More testing results: Don't try and call a NULL callback, and use the
correct parameter, as this is called for more than just 'add'.

Andrew Bartlett

14 years agor17302: Testing!
Andrew Bartlett [Sat, 29 Jul 2006 01:52:15 +0000 (01:52 +0000)]
r17302: Testing!

This confirms that records are replicated into the correct databases,
and that the case insensitive flags really work.

Andrew Bartlett

14 years agor17301: Add a new function to copy a list of attributes, while adding one to
Andrew Bartlett [Sat, 29 Jul 2006 01:23:50 +0000 (01:23 +0000)]
r17301: Add a new function to copy a list of attributes, while adding one to
the end.

Andrew Bartlett

14 years agor17300: Try to fix some segfaults in ldb_ildap module, when the remote server
Andrew Bartlett [Sat, 29 Jul 2006 01:22:22 +0000 (01:22 +0000)]
r17300: Try to fix some segfaults in ldb_ildap module, when the remote server
drops the connection.  The reconnect code needs to be hooked in here.

Andrew Bartlett

14 years agor17299: Improve the partition module to replicate attribute records into all
Andrew Bartlett [Sat, 29 Jul 2006 01:13:53 +0000 (01:13 +0000)]
r17299: Improve the partition module to replicate attribute records into all
partitions.

Test that we do that correctly.

Andrew Bartlett

14 years agor17298: Fix up the local_password module to the current LDB API, and build it by...
Andrew Bartlett [Fri, 28 Jul 2006 23:46:39 +0000 (23:46 +0000)]
r17298: Fix up the local_password module to the current LDB API, and build it by default.

Andrew Bartlett

14 years agor17297: Some compilers don't seem to like the ;;
Andrew Bartlett [Fri, 28 Jul 2006 23:35:11 +0000 (23:35 +0000)]
r17297: Some compilers don't seem to like the ;;

Andrew Bartlett

14 years agor17290: don't do any stuff that can fail in the _recv function
Stefan Metzmacher [Fri, 28 Jul 2006 11:51:07 +0000 (11:51 +0000)]
r17290: don't do any stuff that can fail in the _recv function

metze

14 years agor17289: Fix the build: I havn't commited this module yet.
Andrew Bartlett [Fri, 28 Jul 2006 07:49:07 +0000 (07:49 +0000)]
r17289: Fix the build: I havn't commited this module yet.

Andrew Bartlett

14 years agor17288: Don't mess with entries in the local password prefix, and fix const
Andrew Bartlett [Fri, 28 Jul 2006 06:30:03 +0000 (06:30 +0000)]
r17288: Don't mess with entries in the local password prefix, and fix const
warnings.

Andrew Bartlett

14 years agor17287: Add the local_password module to the tree, so it doesn't get lost in
Andrew Bartlett [Fri, 28 Jul 2006 06:29:09 +0000 (06:29 +0000)]
r17287: Add the local_password module to the tree, so it doesn't get lost in
ldb API changes.

Andrew Bartlett

14 years agor17286: Simply fail the tls_initialise if we don't have TLS compiled in.
Andrew Bartlett [Fri, 28 Jul 2006 03:51:20 +0000 (03:51 +0000)]
r17286: Simply fail the tls_initialise if we don't have TLS compiled in.
Adjust the web_server code to cope with this.

Andrew Bartlett

14 years agor17285: some reformating
Stefan Metzmacher [Thu, 27 Jul 2006 19:33:15 +0000 (19:33 +0000)]
r17285: some reformating

metze

14 years agor17284: move the input checking stuff from ntlmssp_update() into its
Stefan Metzmacher [Thu, 27 Jul 2006 19:20:57 +0000 (19:20 +0000)]
r17284: move the input checking stuff from ntlmssp_update() into its
own function.

metze

14 years agor17283: use the async calls of auth_check_password() and gensec_update()
Stefan Metzmacher [Thu, 27 Jul 2006 19:07:15 +0000 (19:07 +0000)]
r17283: use the async calls of auth_check_password() and gensec_update()
in the smb server.

metze

14 years agor17282: test some simple operation with the LANMAN1 and LANMAN2 protocol,
Stefan Metzmacher [Thu, 27 Jul 2006 18:10:56 +0000 (18:10 +0000)]
r17282: test some simple operation with the LANMAN1 and LANMAN2 protocol,
that finally tests our RAW_SESSSETUP_OLD code

metze

14 years agor17281: we now have client/server max protol
Stefan Metzmacher [Thu, 27 Jul 2006 18:08:12 +0000 (18:08 +0000)]
r17281: we now have client/server max protol

metze

14 years agor17280: NT_STATUS_INVALID_HANDLE maps to ERRbadfid, which is wrong in this
Stefan Metzmacher [Thu, 27 Jul 2006 18:06:09 +0000 (18:06 +0000)]
r17280: NT_STATUS_INVALID_HANDLE maps to ERRbadfid, which is wrong in this
places, so only overwrite ERRbaduid and ERRinvnid when NTSTATUS support
is given.

metze

14 years agor17278: fix un uninitialized value found by valgrind
Stefan Metzmacher [Thu, 27 Jul 2006 16:44:59 +0000 (16:44 +0000)]
r17278: fix un uninitialized value found by valgrind

metze

14 years agor17277: we need to trigger an event when we return directly,
Stefan Metzmacher [Thu, 27 Jul 2006 16:20:59 +0000 (16:20 +0000)]
r17277: we need to trigger an event when we return directly,
otherwise the callers callback function will not be called
and the caller is hanging forever...

metze

14 years agor17274: fix typos
Stefan Metzmacher [Thu, 27 Jul 2006 14:19:51 +0000 (14:19 +0000)]
r17274: fix typos

metze

14 years agor17273: add an async version of auth_check_password() on the public
Stefan Metzmacher [Thu, 27 Jul 2006 13:02:27 +0000 (13:02 +0000)]
r17273: add an async version of auth_check_password() on the public
auth interface and implement the sync version as wrapper
to auth_check_password_send/recv()

as next all callers need to be converted to the async interface
and then the modules

metze

14 years agor17272: move the callback stuff into a substructure
Stefan Metzmacher [Thu, 27 Jul 2006 12:59:41 +0000 (12:59 +0000)]
r17272: move the callback stuff into a substructure

metze

14 years agor17270: split the logic of saying this auth backend wants to handle this
Stefan Metzmacher [Thu, 27 Jul 2006 11:24:18 +0000 (11:24 +0000)]
r17270: split the logic of saying this auth backend wants to handle this
request from the password checking. This will help to make
the password checking hook async later

metze

14 years agor17268: change the smb2 session setup to use the new gensec_update_send/recv() api
Stefan Metzmacher [Thu, 27 Jul 2006 10:03:54 +0000 (10:03 +0000)]
r17268: change the smb2 session setup to use the new gensec_update_send/recv() api

metze

14 years agor17267: - add an async interface for gensec_update() to the public gensec api
Stefan Metzmacher [Thu, 27 Jul 2006 10:02:21 +0000 (10:02 +0000)]
r17267: - add an async interface for gensec_update() to the public gensec api
- note this is still uses the sync update() hook of the gensec modules
  but it allows me to fix the callers first

Later auth_check_password() will also get an async version,
so that we can later implement an async version of auth_winbind
using async IRPC to the winbind task.

metze

14 years agor17265: some reformatting
Stefan Metzmacher [Thu, 27 Jul 2006 09:37:55 +0000 (09:37 +0000)]
r17265: some reformatting

metze

14 years agor17264: - remove unused includes from talloc
Stefan Metzmacher [Wed, 26 Jul 2006 17:34:50 +0000 (17:34 +0000)]
r17264: - remove unused includes from talloc
- check explicit check for varargs.h as fallback from stdarg.h
  and fail the build if both are not present

metze

14 years agor17263: export talloc_free_children()
Stefan Metzmacher [Wed, 26 Jul 2006 17:32:47 +0000 (17:32 +0000)]
r17263: export talloc_free_children()

metze

14 years agor17257: make the size_t is to small error more verbose
Stefan Metzmacher [Wed, 26 Jul 2006 13:06:01 +0000 (13:06 +0000)]
r17257: make the size_t is to small error more verbose
(hopefully nobody will ever see this:-)

metze

14 years agor17256: fix 2 crash bugs, which are introduced by making parameters
Stefan Metzmacher [Wed, 26 Jul 2006 12:25:16 +0000 (12:25 +0000)]
r17256: fix 2 crash bugs, which are introduced by making parameters
ref pointers!

I'm sure there're more places and more care is needed when idl files
are changed. Hopefully testing against windows in the build farm
find such bugs in future...

Why is in the client library this no more possible:

NTSTATUS foo([in,out,ref] uint8 *foo);

and then just

r.in.foo = &foo;
status = dcerpc_foo(p, mem_ctx, &r);

and r.out.foo will set to r.in.foo via pidl magic,
that worked some time ago...

metze

14 years agor17255: fixed BENCH-NBENCH for new smb_raw_find_first() syntax
Andrew Tridgell [Wed, 26 Jul 2006 11:41:08 +0000 (11:41 +0000)]
r17255: fixed BENCH-NBENCH for new smb_raw_find_first() syntax

14 years agor17253: add configure checks for writev/readv to see how portable they're
Stefan Metzmacher [Wed, 26 Jul 2006 07:01:35 +0000 (07:01 +0000)]
r17253: add configure checks for writev/readv to see how portable they're

metze

14 years agor17251: - split out the starttls into its own function
Stefan Metzmacher [Wed, 26 Jul 2006 06:18:13 +0000 (06:18 +0000)]
r17251: - split out the starttls into its own function
- give an operations error when tls is already on the socket

metze

14 years agor17250: Fix comment, the Samba3 winbind protocol uses the host byte order here.
Andrew Bartlett [Wed, 26 Jul 2006 05:19:36 +0000 (05:19 +0000)]
r17250: Fix comment, the Samba3 winbind protocol uses the host byte order here.

Andrew Bartlett

14 years agor17243: some svcctl idl fixes from <andrzej.hajda@wp.pl>
Stefan Metzmacher [Tue, 25 Jul 2006 20:40:31 +0000 (20:40 +0000)]
r17243: some svcctl idl fixes from <andrzej.hajda@wp.pl>

metze

14 years agor17241: substitude @datarootdir@ with old autoconf versions:-)
Stefan Metzmacher [Tue, 25 Jul 2006 20:09:45 +0000 (20:09 +0000)]
r17241: substitude @datarootdir@ with old autoconf versions:-)

metze

14 years agor17240: move extended operations to a new file
Stefan Metzmacher [Tue, 25 Jul 2006 20:05:00 +0000 (20:05 +0000)]
r17240: move extended operations to a new file

metze

14 years agor17238: Add datarootdir (required for newer autoconf versions)
Jelmer Vernooij [Tue, 25 Jul 2006 19:43:49 +0000 (19:43 +0000)]
r17238: Add datarootdir (required for newer autoconf versions)

14 years agor17237: - keep pointer to the different sockets
Stefan Metzmacher [Tue, 25 Jul 2006 19:20:04 +0000 (19:20 +0000)]
r17237: - keep pointer to the different sockets
- we need this to later:
  - to disallow a StartTLS when TLS is already in use
  - to place the TLS socket between the raw and sasl socket
    when we had a sasl bind before the StartTLS
  - and rfc4513 says that the server may allow to remove the TLS from
    the tcp connection again and reuse raw tcp
  - and also a 2nd sasl bind should replace the old sasl socket

metze

14 years agor17230: don't overwrite the error with NT_STATUS_NO_MEMORY
Stefan Metzmacher [Tue, 25 Jul 2006 12:48:40 +0000 (12:48 +0000)]
r17230: don't overwrite the error with NT_STATUS_NO_MEMORY

metze

14 years agor17227: don't call a function which takes some nonoptional args
Stefan Metzmacher [Tue, 25 Jul 2006 08:00:30 +0000 (08:00 +0000)]
r17227: don't call a function which takes some nonoptional args
with NULL.

metze

14 years agor17226: add some comments about ldap binds and pending requests
Stefan Metzmacher [Tue, 25 Jul 2006 07:48:23 +0000 (07:48 +0000)]
r17226: add some comments about ldap binds and pending requests

metze

14 years agor17225: Fix the build by fixing the spelling of START-TLS.
Andrew Bartlett [Tue, 25 Jul 2006 03:41:32 +0000 (03:41 +0000)]
r17225: Fix the build by fixing the spelling of START-TLS.

Andrew Bartlett

14 years agor17224: Accept the start-tls extended request. Getting OpenLDAP to recognise
Andrew Bartlett [Tue, 25 Jul 2006 02:57:51 +0000 (02:57 +0000)]
r17224: Accept the start-tls extended request.  Getting OpenLDAP to recognise
our certificate, and proceed with the connection is left as an
exercise for the reader...

Andrew Bartlett

14 years agor17223: In some protocols it is not possible to negoitate off some features,
Andrew Bartlett [Tue, 25 Jul 2006 02:21:54 +0000 (02:21 +0000)]
r17223: In some protocols it is not possible to negoitate off some features,
without the agreement of the peer.  This can cause problems, because
one side things sealing is disabled, while the other thinks it is
enabled.

Andrew Bartlett

14 years agor17222: Change the function prototypes for the GENSEc and TLS socket creation
Andrew Bartlett [Tue, 25 Jul 2006 00:57:27 +0000 (00:57 +0000)]
r17222: Change the function prototypes for the GENSEc and TLS socket creation
routines to return an NTSTATUS.  This should help track down errors.

Use a bit of talloc_steal and talloc_unlink to get the real socket to
be a child of the GENSEC or TLS socket.

Always return a new socket, even for the 'pass-though' case.

Andrew Bartlett

14 years agor17221: Add some integer wrap parinoia to data_blob_append().
Andrew Bartlett [Tue, 25 Jul 2006 00:53:03 +0000 (00:53 +0000)]
r17221: Add some integer wrap parinoia to data_blob_append().

Andrew Bartlett

14 years agor17215: Prepare the SASL socket before actually settting it. This allows
Andrew Bartlett [Mon, 24 Jul 2006 00:45:21 +0000 (00:45 +0000)]
r17215: Prepare the SASL socket before actually settting it.  This allows
errors to be reported corectly, rather than just dropping the socket.

Andrew Bartlett

14 years agor17210: I wonder how I missed this, build farm caught it.
Simo Sorce [Sun, 23 Jul 2006 20:04:42 +0000 (20:04 +0000)]
r17210: I wonder how I missed this, build farm caught it.

14 years agor17209: Add dependency over the new share configuration module into smbd
Simo Sorce [Sun, 23 Jul 2006 19:54:11 +0000 (19:54 +0000)]
r17209: Add dependency over the new share configuration module into smbd
Should fix some build farm machine

14 years agor17208: Add a away to test the ldb module.
Simo Sorce [Sun, 23 Jul 2006 18:49:07 +0000 (18:49 +0000)]
r17208: Add a away to test the ldb module.
Actually you can't test both classic and ldb together, but you can replace the standard
script/tests/mktestsetup.sh file with this one and run make test to see share_ldb in action

14 years agor17207: Add the ldb based shares configuration module
Simo Sorce [Sun, 23 Jul 2006 18:47:56 +0000 (18:47 +0000)]
r17207: Add the ldb based shares configuration module

14 years agor17206: Add a modular API for share configuration.
Simo Sorce [Sun, 23 Jul 2006 18:43:07 +0000 (18:43 +0000)]
r17206: Add a modular API for share configuration.
Commit the classic backwards compatible module which is the default one

14 years agor17205: Even if this makes me look foolish, at least start to scratch on the surface
Volker Lendecke [Sun, 23 Jul 2006 16:54:16 +0000 (16:54 +0000)]
r17205: Even if this makes me look foolish, at least start to scratch on the surface
of spoolss. If snum is to be removed, then we should make at least the attempt
to walk parts of the code before and after the changes.

This walks GetPrinterInfo level 0-7.

Volker

14 years agor17197: This patch moves the encryption of bulk data on SASL negotiated security
Andrew Bartlett [Sun, 23 Jul 2006 02:50:08 +0000 (02:50 +0000)]
r17197: This patch moves the encryption of bulk data on SASL negotiated security
contexts from the application layer into the socket layer.

This improves a number of correctness aspects, as we now allow LDAP
packets to cross multiple SASL packets.  It should also make it much
easier to write async LDAP tests from windows clients, as they use SASL
by default.  It is also vital to allowing OpenLDAP clients to use GSSAPI
against Samba4, as it negotiates a rather small SASL buffer size.

This patch mirrors the earlier work done to move TLS into the socket
layer.

Unusual in this pstch is the extra read callback argument I take.  As
SASL is a layer on top of a socket, it is entirely possible for the
SASL layer to drain a socket dry, but for the caller not to have read
all the decrypted data.  This would leave the system without an event
to restart the read (as the socket is dry).

As such, I re-invoke the read handler from a timed callback, which
should trigger on the next running of the event loop.  I believe that
the TLS code does require a similar callback.

In trying to understand why this is required, imagine a SASL-encrypted
LDAP packet in the following formation:

+-----------------+---------------------+
| SASL  Packet #1 | SASL Packet #2      |
----------------------------------------+
| LDAP Packet #1       | LDAP Packet #2 |
----------------------------------------+

In the old code, this was illegal, but it is perfectly standard
SASL-encrypted LDAP.  Without the callback, we would read and process
the first LDAP packet, and the SASL code would have read the second SASL
packet (to decrypt enough data for the LDAP packet), and no data would
remain on the socket.

Without data on the socket, read events stop.  That is why I add timed
events, until the SASL buffer is drained.

Another approach would be to add a hack to the event system, to have it
pretend there remained data to read off the network (but that is ugly).

In improving the code, to handle more real-world cases, I've been able
to remove almost all the special-cases in the testnonblock code.  The
only special case is that we must use a deterministic partial packet
when calling send, rather than a random length.  (1 + n/2).  This is
needed because of the way the SASL and TLS code works, and the 'resend
on failure' requirements.

Andrew Bartlett

14 years agor17196: Clarify that SSL is used for LDAP as well as SWAT.
Andrew Bartlett [Sun, 23 Jul 2006 02:44:16 +0000 (02:44 +0000)]
r17196: Clarify that SSL is used for LDAP as well as SWAT.

Andrew Bartlett

14 years agor17195: Start thinking how to implement extended operations.
Simo Sorce [Sat, 22 Jul 2006 21:16:01 +0000 (21:16 +0000)]
r17195: Start thinking how to implement extended operations.
Ad supports three extended operations:
- start tls
- dynamic objects
- fast binds

none of these are a priority.

14 years agor17193: Remove ancient stuff never really used
Simo Sorce [Sat, 22 Jul 2006 20:01:45 +0000 (20:01 +0000)]
r17193: Remove ancient stuff never really used