Commit Graph

286 Commits

Author SHA1 Message Date
Pierangelo Masarati
97e526cb2d add restrictions related to listeners in form of file permissions
(see in slapd(8) the description on how to enforce file permissions
on sockets in ldapi schema); at present, only user permissions are
used as follows: the url extension x-mod=-rwxrwxrwx is used; only
the user permisisons are considered, e.g. the first set of rwx;
	"r" means read is allowed from that listener
	"w" means write is allowed on that listener
	"x" means bind is not required on that listener
these restrictions ADD to those already present, and are actually
checked AFTER the other restrictions, but BEFORE ACLs, so they can
be used to apply gross restrictions but should not be viewed as
a replacement of ACLs. To compile this, #define SLAP_X_LISTENER_MOD
2002-10-25 16:43:44 +00:00
Pierangelo Masarati
956f1d16aa listener:
- use bervals for url and sockname
- pass connection_init() the listener struct pointer instead of each value
- don't copy them in the Connection struct 'cause they're not going to change
- define macros for legacy usage of c_listener_url and c_sockname
2002-10-24 10:03:52 +00:00
Pierangelo Masarati
fdd586a6b7 change socket permission syntax (to reuse function for other purposes) 2002-10-23 14:12:01 +00:00
Howard Chu
e6d10b9590 Revert previous commit. More thought needed re: IPV4 vs IPv6 failures 2002-10-09 21:18:51 +00:00
Howard Chu
2e538e19d4 ITS#2132, give up at first bind failure 2002-10-09 20:45:13 +00:00
Howard Chu
b9bd44b047 Fix ITS#2132, give up if listener fails to open 2002-10-09 18:57:50 +00:00
Howard Chu
bdf9b3ae1b Fix ITS#1033 slapd hangs with GNU Pth - don't write to the wakefd
more than once at any given time.
2002-09-21 03:52:16 +00:00
Kurt Zeilenga
3eb21d8a6c Misc cleanup 2002-09-16 21:50:55 +00:00
Kurt Zeilenga
23efa07a99 use ldap_charray_*() instead of charray_*() 2002-08-24 00:55:24 +00:00
Howard Chu
5a01db28e3 Moved slap_strcopy, slap_strncopy to lutil_strcopy, lutil_strncopy 2002-07-27 00:24:02 +00:00
Stig Venaas
bf5e3a15ca Use AF_INET instead of AF_UNSPEC when IPv6 disabled 2002-07-12 15:36:33 +00:00
Julius Enarusai
6107ba67d2 Coverted LDAP_LOG macro to use subsystem ID int values instead of string values 2002-07-11 20:33:24 +00:00
Stig Venaas
62139b6ef3 Set peeraddr also for IPv6, fixes ITS#1918 2002-07-05 20:29:15 +00:00
Stig Venaas
804490a8b1 Use IPV6_V6ONLY on IPv6 sockets if available. This way we only get IPv6
packets on the IPv6 socket, and we receive only IPv6 with -6.
2002-06-27 13:20:37 +00:00
Stig Venaas
6d025001da Ignore error if listen on socket bound to 0.0.0.0 fails and already
listening on socket bound to ::
2002-06-27 12:41:09 +00:00
Kurt Zeilenga
27fdd04153 Add -4/-6 flags to slapd to force use of IPv4 or IPv6 2002-06-15 22:01:39 +00:00
Kurt Zeilenga
faf91f1f1f Update to the 'gentle SIGHUP' patch. (ITS#1679)
- Let write operations return unwilling-to-perform after
  'gentle shutdown' has been initiated.
- Change -1 to 2 in slapd_gentle_shutdown and slapd_shutdown, since
  sig_atomic_t can be unsigned (ITS#1736).  The 'gentle SIGHUP' patch
  is older than ITS#1736 but was applied later, so it reintroduced
  the problem.

Hallvard B. Furuseth <h.b.furuseth@usit.uio.no>, June 2002.
2002-06-12 15:43:19 +00:00
Howard Chu
b89c4539b9 Fix Listeners: handles multiple addresses for a given hostname, copies
sockaddr into Listener structure.
2002-06-06 10:33:18 +00:00
Kurt Zeilenga
19eca33ca3 Gentile HUP shutdown from Hallvard 2002-06-03 16:47:43 +00:00
Howard Chu
efecf4e121 ITS#1733 eliminate o_abandonmutex 2002-04-11 08:03:40 +00:00
Howard Chu
98e3499b05 ITS#1736 slapd_shutdown can be unsigned 2002-04-11 07:28:30 +00:00
Pierangelo Masarati
f4dba925ff add a switch that enables/disables reverse lookups if configured with rlookups 2002-04-03 15:40:49 +00:00
Pierangelo Masarati
6174cb6529 improvement of permission handling of local sockets (ITS#1660, issue 2) 2002-03-23 16:07:19 +00:00
Howard Chu
f0a453dfca Fix ITS#1615 2002-03-07 20:23:48 +00:00
Pierangelo Masarati
4f2ff1c108 uses URL extensions to set socket permissions other than default
URL Syntax:

ldapi://[<path>[/????[!]x-mod=<mod>]]

where <path> is the URL-encoded path of the socket (i.e. use %2F instead
of '/' for UNIX filenames!) and <mod> is 3*[w|-] (all we need is write
permission to the socket, read/execute permissions are ignored; however,
they're set when opening the listener).  The critical flag (the optional
'!' if not used ignores the result of the chmod() operation.
2002-01-28 20:26:55 +00:00
Pierangelo Masarati
eb14feac7e provisions for user-supplied permissions 2002-01-28 17:57:53 +00:00
Pierangelo Masarati
f00f86bf22 another round at cleaning it up: better naming, more attributes and so 2002-01-28 17:21:52 +00:00
Pierangelo Masarati
619f772459 listener monitor 2002-01-11 11:43:35 +00:00
Pierangelo Masarati
5dfbf93687 need this outside for back monitor ... 2002-01-11 10:46:58 +00:00
Kurt Zeilenga
0e2af54a3f Update copyright statements 2002-01-04 21:17:25 +00:00
Howard Chu
bbcb0f8a7f Replace strcat with slap_strcopy 2001-12-26 16:25:18 +00:00
Howard Chu
8ad557e4ec fix from jon@symas.com - inet_ntoa on uninitialized sockaddr 2001-12-17 22:46:59 +00:00
Howard Chu
826056e75b More thorough backend_destroy. Added config_destroy. Destroy slap_listeners.
Plugged other small leaks.
2001-12-15 12:05:58 +00:00
Kurt Zeilenga
b4ccbc2722 ITS#1413 suggested fix
(I think I fixed this by other means, but this does no harm)
2001-12-07 17:25:34 +00:00
Howard Chu
0552b1c53f NT updates from jon@symas.com. 2001-12-07 04:03:25 +00:00
Kurt Zeilenga
b5504a1c36 Clean up some misplaced 'extern' declarations (should be headers) 2001-12-04 19:57:09 +00:00
Pierangelo Masarati
aee3600276 minor cleanup 2001-11-17 16:18:07 +00:00
Mark Adamson
8c16d30087 optimize number of calls to slap_get_time() 2001-11-13 01:38:30 +00:00
Kurt Zeilenga
d03acd7209 Fix uninitialized pointer bug. 2001-11-03 22:02:57 +00:00
Kurt Zeilenga
d9fb94f1a8 Updated busy loop protection 2001-10-23 22:17:41 +00:00
Kurt Zeilenga
17264d1ad4 Experiment with busy loop protection... 2001-10-21 00:48:14 +00:00
Howard Chu
693a81e1db More CLDAP tweaks, to differentiate between real LDAPv2 CLDAP and "other"
LDAP/UDP messages. Slapd marks received CLDAP messages as LDAP_VERSION2.
The client library can generate CLDAP queries if -Protocol 2 is chosen,
otherwise not. LDAPv2 CLDAP cannot query the slapd rootDSE, gets no reply.
2001-10-02 01:02:23 +00:00
Kurt Zeilenga
44146a1cb7 Rework DB_THREAD support. CDB support needs reimplementation. 2001-10-01 06:08:46 +00:00
Stig Venaas
3c28bb413d Removed a superfluous line left after the ai_addr == NULL fix 2001-09-29 09:40:47 +00:00
Kurt Zeilenga
e78265738d Rework getaddrinfo() stuff for ai_addr == NULL 2001-09-29 06:33:54 +00:00
Howard Chu
647b5f84ee Resurrection/rewrite of CLDAP (RFC1798 Connectionless LDAP).
Compile with -DLDAP_CONNECTIONLESS to use this code.
For slapd, use "-h cldap://" to listen on UDP.
For ldapsearch, use "-H cldap://" to query on UDP.
Client-side support is very minimal:
  no automatic timeout/retries
  no basedn wildcard expansion on results
  no support for specifying multiple servers at once.
2001-09-28 00:18:40 +00:00
Kurt Zeilenga
2f761834b2 Fix NEW_LGGING typo 2001-08-29 19:49:05 +00:00
Stig Venaas
70f7e55344 Changed get_listener_addresses() to not use getaddrinfo() for PF_LOCAL 2001-08-26 11:03:27 +00:00
Randy Kunkee
a9097044ea Remove global_backendsyncfreq code (code has been pushed down into back-ldbm). 2001-06-28 18:02:46 +00:00
Randy Kunkee
d492880870 Add sync_daemon to daemon.c, enabled by global configuration
backendsyncfreq <seconds>.  Setting this automatically enables
dbnosync (because the synchronizer takes care of it).
2001-06-22 08:38:58 +00:00
Kurt Zeilenga
af2ab5f0a5 Make sure we yield() on a failed accept() 2001-05-10 17:39:10 +00:00
Kurt Zeilenga
d523048634 Fix have inet_ntop bug 2001-05-09 23:41:16 +00:00
Kurt Zeilenga
be26f1a9f7 Fix typos 2001-05-04 22:50:51 +00:00
Kurt Zeilenga
383391b460 detect and use fcntl (for BSD/OS)
detect inet_ntop (for MacOSX)
2001-05-03 05:53:34 +00:00
Kurt Zeilenga
3fdbff6923 SLP updates 2001-05-02 19:44:21 +00:00
Gary Williams
7c53c9ba1c fix windows-specific logging line 2001-02-02 14:49:35 +00:00
Kurt Zeilenga
fa21f7fe86 Fix IP= port numbers 2001-01-24 00:08:15 +00:00
Gary Williams
f49fd8a98e fix format 2001-01-17 16:35:53 +00:00
Kurt Zeilenga
8a22a0e0d0 SLP extension derived from patch provided by Caldera Systems.
Copyright 2000, Caldera Systems, Inc All rights reserved.
This software is not subject to any license of Caldera Systems, Inc

This is free software; you can redistribute and use it
under the same terms as OpenLDAP itself
2001-01-16 22:18:33 +00:00
Gary Williams
ffcdc6d11d More new logging (Behind NEW_LOGGING) 2001-01-15 19:17:29 +00:00
Kurt Zeilenga
04e2da58ed ITS#895: gai_strerror fix 2000-11-24 05:30:52 +00:00
Kurt Zeilenga
9e7accb034 This patch replaces gai_strerror with AC_GAI_STRERROR in daemon.c and also
uses AC_GAI_STRERROR to report getaddrinfo failures in os-ip.c
-- Stig Venass
2000-10-19 18:05:11 +00:00
Kurt Zeilenga
2dbd6c6d0e remove lint 2000-10-18 00:35:09 +00:00
Kurt Zeilenga
a865220fd8 Bump listeners to 10 2000-10-17 06:36:22 +00:00
Kurt Zeilenga
1fb923e6e2 Replace last commit with Stig's improved version 2000-10-16 21:45:35 +00:00
Kurt Zeilenga
820965a412 ITS#839: getaddrinfo portability fix from Gabar Gombas 2000-10-16 20:32:39 +00:00
Kurt Zeilenga
fc227a8816 Remove cpp lint 2000-10-16 20:04:42 +00:00
Kurt Zeilenga
16fcdec8df Import Stig reorganized daemon.c + style changes 2000-10-12 21:59:08 +00:00
Julio Sánchez Fernández
bdf3ec2fb3 Remove lint. 2000-10-09 19:11:46 +00:00
Kurt Zeilenga
5c66902abb Fix typo 2000-10-02 14:10:51 +00:00
Kurt Zeilenga
fcc86b2456 Check for shutdown after successful select() 2000-09-30 05:34:34 +00:00
Kurt Zeilenga
b7b075ba75 Remove unneeded getpeername call (use accept() from).
cleanup #ifdef, localize variables, and misc changes.
2000-09-23 20:39:52 +00:00
Kurt Zeilenga
aa5b7d4d52 Restrict keepalive/nodelay setsockopt to IP streams 2000-09-23 19:14:40 +00:00
Kurt Zeilenga
bbae507a8f Set TCP_NODELAY and SO_KEEPALIVE after every accept() as some accept()
implementations do not create new socket with all properties of
listening socket.
2000-09-21 19:08:17 +00:00
Mark Adamson
bf1ee530ea Implementation of SASL authorization. 2000-09-21 17:32:54 +00:00
Kurt Zeilenga
434b0738dd Don't check fd_sets until after we check fd < dtblsize 2000-09-18 19:01:21 +00:00
Kurt Zeilenga
d4a89d30f8 Minor IPv6 changes (ITS#716) suggested by Stig Venass <venaas@uninett.no> 2000-09-06 19:03:33 +00:00
Kurt Zeilenga
1c328aa9c7 Minor typedef and other clean ups 2000-08-26 01:14:05 +00:00
Kurt Zeilenga
60c474a4a0 ITS#681: Fix for problems with IPv6 and ACLs
from Stig Venaas <venaas@uninett.no>
---
Copyright 2000 Stig Venaas, UNINETT
All rights reserved.

Redistribution and use in source and binary forms are permitted
without restriction or fee of any kind as long as this notice is
preserved. The name of UNINETT may not be used to endorse or promote
products derived from this software without specific prior written
permission. This software is provided ``as is'' without express or
implied warranty.
2000-08-24 18:34:48 +00:00
Kurt Zeilenga
f286380c82 Check for IP using != AF_LOCAL instead of = AF_INET 2000-08-17 04:22:36 +00:00
Kurt Zeilenga
5b856458a2 s/SAFEMEMCPY/AC_MEMCPY/
Use AC_FMEMCPY where appropriate (-llber)
2000-07-28 01:07:07 +00:00
Kurt Zeilenga
3ad45a0662 Clean up WSAENOTSOCK code (no functional change) 2000-07-25 20:04:23 +00:00
Kurt Zeilenga
cd5aed0bbe Use sigaction to set SA_RESTART (if appropriate).
Portability of this code needs to tested.
2000-07-22 00:37:51 +00:00
Kurt Zeilenga
27f674a926 Share function declarations between varients 2000-07-21 22:47:46 +00:00
Kurt Zeilenga
3c91b7e05a Clarify message logged upon host_access() failure 2000-07-18 03:12:55 +00:00
Kurt Zeilenga
5fc22599e2 Update SASL code to reuse context through life of session.
Replace 'negotiated' with 'interactive' bind
Add hooks for SASL/EXTERNAL
Disable SASL security layers
Rework SASL command line and config file parameters
2000-07-13 22:54:38 +00:00
Kurt Zeilenga
1f1993989a s/enable-unix/enable-local/
s/LDAP_PF_UNIX/LDAP_PF_LOCAL/
s/AF_UNIX/AF_LOCAL/
s/PF_UNIX/PF_LOCAL/
2000-07-09 21:49:36 +00:00
Kurt Zeilenga
8670bb6ba2 Add missing sockerr call 2000-06-26 05:23:33 +00:00
Kurt Zeilenga
5f20cf1ed5 Modify ldapsearch(1) significantly. Now handles LDAPv3 search
references, extended results, and extended partial results.  LDIF
extended to support these new features and reported version 2.
-L now limits output to LDIFv1 for compatibility reasons.  No
-L is now LDIFv2.  Old alternative form is no longer supported.

Use LDAP_TMPDIR (in ldap_config.h) instead of hardcoded /tmp
Use LDAP_FILE_URI_PREFIX (in ldap_config.h) instead of hardcoded
	file://tmp/
2000-06-25 00:35:17 +00:00
Kurt Zeilenga
ec426532b2 Reworked thread code to better support thread-library specific
r/w locks and thread pools.  Hide internal structures (using
pthread'ish technics).  Place common code in threads.c.  Move
no-thread code to thr_stub.c.  Move thread pool code to tpool.c.
Removed setconcurrency call from initializer, added 'concurrency'
directive to slapd.  Tested code under pthreads, pth, and no-threads.
2000-06-13 02:42:13 +00:00
Kurt Zeilenga
1ef14875db Thought I fixed these errors previously... oh well. 2000-06-10 23:06:08 +00:00
Mark Valence
3cad129608 Removed active_threads count and associated mutex/cond. Replaced with
ldap_pvt_thread_pool_backload() as needed.  All tests run OK on pthre
ads (linux), cthreads, NT threads, and Pth.
2000-06-10 06:40:03 +00:00
Kurt Zeilenga
55dba4395f Update PF_INET6 and PF_UNIX detection, both default to auto 2000-06-09 23:09:51 +00:00
Kurt Zeilenga
140a579e32 Additional IPv6 changes from Stig Venaas
Copyright 2000 Stig Venaas, UNINETT
All rights reserved.

Redistribution and use in source and binary forms are permitted
without restriction or fee of any kind as long as this notice is
preserved. The name of UNINETT may not be used to endorse or promote
products derived from this software without specific prior written
permission. This software is provided ``as is'' without express or
implied warranty.
2000-06-09 17:00:22 +00:00
Kurt Zeilenga
bb9d8a0f20 Initialize peername with EOS. 2000-06-08 23:12:52 +00:00
Mark Valence
7ec6a4363f Use thread pool for operation threads. 2000-06-07 19:27:33 +00:00
Kurt Zeilenga
60d6c13d73 Use ldap_pvt_url_scheme2tls() to test for ldaps:// 2000-06-07 17:50:58 +00:00
Mark Valence
185641cb12 ldap_is_ldaps_url takes a char *. Is there a better fix, since the ur
l is already parsed?
2000-06-07 17:28:01 +00:00
Kurt Zeilenga
e5ebc553ac Rework URI parser to provide true scheme not proto/properties.
Plus more pthread rwlock code
2000-06-07 01:09:40 +00:00
Kurt Zeilenga
64d7227821 Basic IPv6 support...
Copyright 2000 Stig Venaas, UNINETT
All rights reserved.

Redistribution and use in source and binary forms are permitted
without restriction or fee of any kind as long as this notice is
preserved. The name of UNINETT may not be used to endorse or promote
products derived from this software without specific prior written
permission. This software is provided ``as is'' without express or
implied warranty.
2000-06-06 20:23:22 +00:00