summaryrefslogtreecommitdiff
path: root/source4/ldap_server
AgeCommit message (Collapse)AuthorFilesLines
2025-08-26s4:lib/tls: let tstream_tls_params_server_lpcfg() use lpcfg_dns_hostname() ↵Stefan Metzmacher2-11/+0
internally This is simpler and the next step will also make use of lpcfg_additional_dns_hostnames() too... BUG: https://bugzilla.samba.org/show_bug.cgi?id=15899 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
2025-04-18s4:ldap_server: make use of tstream_tls_params_server_lpcfg()Stefan Metzmacher1-20/+8
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org>
2025-03-12s4/ldap server: avoid NULL deref if search control has no dataDouglas Bagnall1-2/+6
We switch to ldb_request_replace_control() so that the old search control is removed in the NULL data case. Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Volker Lendecke <vl@samba.org>
2024-07-09ldap_server: Add a ldapsrv debug class to log LDAP queriesAndréas Leroux4-0/+12
Patch updated for recent samba versions in merge request #3295 by kvvloten Initial patch created by Jeremy Allison (https://www.spinics.net/lists/samba/msg161128.html) to log LDAP server queries/functions in a separate file Signed-off-by: Andréas Leroux <aleroux@tranquil.it> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Jo Sutton <josutton@catalyst.net.nz> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Tue Jul 9 08:37:22 UTC 2024 on atb-devel-224
2024-06-10dsdb: Make argument order of dsdb_update_gmsa_{entry_,}keys() consistant ↵Andrew Bartlett1-2/+3
with other uses Other functions in this file are TALLOC_CTX, struct ldb_context *, not the other way around. Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>
2024-04-23s4:ldap_server: remove unused include of gensec_internal.hStefan Metzmacher1-1/+0
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-04-23s4:ldap_server: add support for tls channel bindingsStefan Metzmacher2-8/+65
ldap server require strong auth = allow_sasl_over_tls is now an alias for 'allow_sasl_without_tls_channel_bindings' and should be avoided and changed to 'yes' or 'allow_sasl_without_tls_channel_bindings'. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15621 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-04-21s4:ldap_server: Update gMSA keys when DSDB_CONTROL_GMSA_UPDATE_OID control ↵Jo Sutton1-0/+44
is specified Signed-off-by: Jo Sutton <josutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-04-16s4:ldap_server: Consider ldapi connections to be encryptedJo Sutton1-1/+1
Modifications to unicodePwd require an encrypted connection. This change allows unicodePwd to be modified over an ldapi connection. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15634 Signed-off-by: Jo Sutton <josutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-04-16s4:ldap_server: Store whether an LDAP connection is over ldapiJo Sutton2-4/+7
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15634 Signed-off-by: Jo Sutton <josutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-04-16s4:ldap_server: Add copy of non‐privileged ops specifically for ldapi ↵Jo Sutton1-1/+25
connections BUG: https://bugzilla.samba.org/show_bug.cgi?id=15634 Signed-off-by: Jo Sutton <josutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-04-16s4:ldap_server: Rename privileged ops to indicate they are used for ldapiJo Sutton1-4/+4
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15634 Signed-off-by: Jo Sutton <josutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-04-16s4:ldap_server: Fix code spellingJo Sutton1-1/+1
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15634 Signed-off-by: Jo Sutton <josutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-04-16s4:ldap_server: Remove trailing whitespaceJo Sutton2-12/+12
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15634 Signed-off-by: Jo Sutton <josutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-02-16s4:ldap_server: Remove trailing whitespaceJo Sutton1-9/+9
Signed-off-by: Jo Sutton <josutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-12-29s4/ldap_backend: do_call: use modern DBG macrosBjörn Jacke1-2/+2
Signed-off-by: Bjoern Jacke <bjacke@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Fri Dec 29 13:50:05 UTC 2023 on atb-devel-224
2023-12-29s4/ldap_backend: abandonrequest: use modern DBG macrosBjörn Jacke1-1/+1
Signed-off-by: Bjoern Jacke <bjacke@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2023-12-29s4/ldap_backend: CompareRequest: use modern DBG macrosBjörn Jacke1-8/+7
Signed-off-by: Bjoern Jacke <bjacke@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2023-12-29s4/ldap_backend: modifydnrequest: use modern DBG macrosBjörn Jacke1-6/+5
Signed-off-by: Bjoern Jacke <bjacke@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2023-12-29s4/ldap_backend: delrequest: use modern DBG macrosBjörn Jacke1-3/+2
Signed-off-by: Bjoern Jacke <bjacke@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2023-12-29s4/ldap_backend: addrequest: use modern DBG macrosBjörn Jacke1-3/+2
Signed-off-by: Bjoern Jacke <bjacke@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2023-12-29s4/ldap_backend: modifyrequest: use modern DBG_ macroBjörn Jacke1-3/+2
Signed-off-by: Bjoern Jacke <bjacke@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2023-12-29s4/ldap_backend: SearchRequest: use modern DBG_ macroBjörn Jacke1-6/+6
Signed-off-by: Bjoern Jacke <bjacke@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2023-12-29s4/ldap_backend: unwilling: use modern DBG_ macroBjörn Jacke1-1/+1
Signed-off-by: Bjoern Jacke <bjacke@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2023-12-29s4/ldap_backend: encode: use modern DBG_ macroBjörn Jacke1-2/+2
Signed-off-by: Bjoern Jacke <bjacke@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2023-12-29s4/ldap_backend: change a printf %d to %u for resultsBjörn Jacke1-1/+1
Signed-off-by: Bjoern Jacke <bjacke@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2023-12-29s4/ldap_backend: fix a NULL dereferenceBjörn Jacke1-1/+2
Signed-off-by: Bjoern Jacke <bjacke@samba.org>> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2023-10-25libcli/util: add struct tstream_context to tstream_read_pdu_blob_full_fn_tRalph Boehme1-1/+3
Add struct tstream_context to tstream_read_pdu_blob_full_fn_t and update all callers of tstream_read_pdu_blob_send() to use the correct callback. Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-10-24s4:ldap_server: make use of tstream_bsd_fail_readv_first_error(true)Stefan Metzmacher1-0/+2
This avoids doing useless work in case the client connection is already broken. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-08-14s3:ldap_server: Fix code spellingAndreas Schneider1-1/+1
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-08-08s4:ldap_server: Add missing newlines to logging messagesJoseph Sutton3-4/+4
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-07-31dsdb: Add dsdb_search_scope_as_string() and use in ldap_backend.cAndrew Bartlett1-3/+2
This will be useful when adding debugging to other routines. Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2023-07-25s4:ldap_server: reload tls certificates on smbcontrol reload-certsJule Anger2-0/+117
Reload certificates with the command 'smbcontrol ldap_server reload-certs'. The message is send to the master process, who forwards it to the workers processes. The master process reload and, if necessary, create the certificates first, then the workers processes reload them. Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> Signed-off-by: Jule Anger <janger@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-07-25s4:ldap_server: remember dns_host_name in ldap_serviceJule Anger2-4/+4
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> Signed-off-by: Jule Anger <janger@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-07-25s4:ldap_server: don't store task_server in ldapsrv_serviceJule Anger2-10/+47
We store individual pointers we need and adjust them as needed in ldapsrv_post_fork() and the newly added ldapsrv_before_loop(). This will be required for the next steps. Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> Signed-off-by: Jule Anger <janger@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-06-25auth: Add functionality to log client and server policy informationJoseph Sutton1-1/+3
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-04-26ldap_server: Implement the rfc4532 whoami exopVolker Lendecke1-0/+48
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-04-06dsdb: modify unicodePwd requires encrypted connectionRob van der Linde1-0/+23
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Thu Apr 6 01:33:05 UTC 2023 on atb-devel-224
2022-10-19s4:ldap_server: let ldapsrv_call_writev_start use conn_idle_time to limit ↵Stefan Metzmacher1-0/+5
the time If the client is not able to receive the results within connections idle time, then we should treat it as dead. It's value is 15 minutes (900 s) by default. In order to limit that further an admin can use 'socket options' and set TCP_KEEPCNT, TCP_KEEPIDLE, TCP_KEEPINTVL and/or TCP_USER_TIMEOUT to useful values. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15202 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Wed Oct 19 17:13:39 UTC 2022 on sn-devel-184
2022-04-26ldap_server: Fix typosVolker Lendecke2-2/+2
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2021-11-25CVE-2021-3670 ldap_server: Clearly log LDAP queries and timeoutsAndrew Bartlett1-22/+99
This puts all the detail on one line so it can be searched by IP address and connecting SID. This relies on the anr handling as otherwise this log becomes the expanded query, not the original one. RN: Provide clear logs of the LDAP search and who made it, including a warning (at log level 3) for queries that are 1/4 of the hard timeout. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14694 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org> Autobuild-Date(master): Thu Nov 25 02:30:42 UTC 2021 on sn-devel-184
2021-11-25CVE-2021-3670 ldap_server: Remove duplicate print of LDAP search detailsAndrew Bartlett1-3/+0
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14694 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2021-11-25CVE-2021-3670 ldap_server: Ensure value of MaxQueryDuration is greater than zeroJoseph Sutton1-1/+3
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14694 Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2021-11-25CVE-2021-3670 ldap_server: Set timeout on requests based on MaxQueryDurationJoseph Sutton1-1/+11
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14694 Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2021-04-09s4:ldap_server: Use cli_credentials_init_server()Andreas Schneider1-8/+1
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-11-27s4: rename source4/smbd/ to source4/samba/Ralph Boehme4-7/+7
Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Ralph Böhme <slow@samba.org> Autobuild-Date(master): Fri Nov 27 10:07:18 UTC 2020 on sn-devel-184
2020-09-07s4:ldap_server: Use samba_server_gensec_start() in ldapsrv_backend_Init()Stefan Metzmacher1-26/+23
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
2020-08-28lib/util: remove extra safe_string.h fileMatthew DeVore1-0/+2
lib/util/safe_string.h is similar to source3/include/safe_string.h, but the former has fewer checks. It is missing bcopy, strcasecmp, and strncasecmp. Add the missing elements to lib/util/safe_string.h remove the other safe_string.h which is in the source3-specific path. To accomodate existing uses of str(n?)casecmp, add #undef lines to source files where they are used. Signed-off-by: Matthew DeVore <matvore@google.com> Reviewed-by: David Mulder <dmulder@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Fri Aug 28 02:18:40 UTC 2020 on sn-devel-184
2020-08-21ldap_server: Terminate LDAP connections on krb ticket expiryVolker Lendecke3-0/+100
See RFC4511 section 4.4.1 and https://lists.samba.org/archive/cifs-protocol/2020-August/003515.html for details: Windows terminates LDAP connections when the krb5 ticket expires, Samba should do the same. This patch slightly deviates from Windows behaviour by sending a LDAP exop response with msgid 0 that is ASN1-encoded conforming to RFC4511. Bug: https://bugzilla.samba.org/show_bug.cgi?id=14465 Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2020-08-21ldap_server: Add the krb5 expiry to conn->limitsVolker Lendecke3-0/+20
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14465 Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
generated by cgit v1.2.3 (git 2.25.1) at 2026-05-06 23:10:02 +0000