Commit Graph

47 Commits

Author SHA1 Message Date
Kurt Zeilenga
4617f2e946 Fix SPASSWD merge for real 2000-09-20 17:34:06 +00:00
Kurt Zeilenga
50714d2d48 merge changes from authPassword work which should fix SPASSWD code... 2000-09-20 00:28:57 +00:00
Kurt Zeilenga
f9690a37bb ITS#717 slapd kbind patch 2000-09-07 22:03:32 +00:00
Kurt Zeilenga
a75a024fd3 Consistently don't require "entry" access (except on search) 2000-09-05 21:48:12 +00:00
Kurt Zeilenga
acb451a031 Return unwillingToPerform for step 2 kerberos bind. 2000-06-25 20:39:34 +00:00
Kurt Zeilenga
693fb9424a unifdef -DSLAPD_SCHEMA_NOT_COMPAT -USLAPD_SCHEMA_COMPAT 2000-06-06 19:43:18 +00:00
Kurt Zeilenga
3d26427c02 SLAPD_SCHEMA_NOT_COMPAT: fix bind acls 2000-05-27 23:16:30 +00:00
Kurt Zeilenga
60802201e3 Const'ification
SASL mech removed from backend bind callback (as SASL is managed by frontend)
Changes to some backends are untested (as I don't have all dependent
  software install)
2000-05-22 03:46:57 +00:00
Kurt Zeilenga
4bc786f34b Y2k copyright update 2000-05-13 02:47:56 +00:00
Kurt Zeilenga
16937cb91d remove SASL bind call. Frontend code coming. 2000-04-25 13:10:31 +00:00
Kurt Zeilenga
28c6217a12 s/userPassword/password/ (variable name) 2000-03-17 02:06:50 +00:00
Kurt Zeilenga
0dbaf87730 Another round of changes behind -DSLAPD_SCHEMA_NOT_COMPAT
plus these changes unhidden changes:
	remove now meaning --enable-discreteaci configure option
	fix ITS#451, slapd filters
	Add ber_bvecadd() to support above
	constify ldap_pvt_find_wildcard() and misc slapd routines
	renamed some slap.h macros
	likely broken something
2000-02-14 20:57:34 +00:00
Kurt Zeilenga
6437785a82 Initial implementation of Kerberos password verification for
simple bind via:
	{KERBEROS}principal
Code is disabled by default (for security reasons).  Use
--enable-kpasswd to enable.  Behind SLAPD_KPASSWD.
Reworked Kerberos detection and split out KBIND as independent
feature (--disable-kbind) (LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND).
KBIND depends upon detection of KRB4 (or KRB425) support.  Detection,
building with eBones (as distributed with FreeBSD 3.4) okay, but
wasn't able to test as I don't have a K4 KDC handy.
--with-kerberos has a number of detection options... most likely
don't work properly.
2000-01-08 18:42:11 +00:00
Luke Howard
9b4e3b2234 Merged in preliminary support for Cyrus SASL library;
support for DCE slash-delimited, left-to-right DNs;
support for a domain socket transport (enable with
--enable-ldapi); and extensions to URL parsing to
support the latter transport.
2000-01-02 01:21:25 +00:00
Kurt Zeilenga
831bfa760e reduce slap_passwd_check to simple form 1999-12-06 21:42:10 +00:00
Kurt Zeilenga
42bb3e2e85 Move userPassord and krbName authentication routines to the frontend. 1999-11-23 19:00:09 +00:00
Kurt Zeilenga
5c876f85e6 bind should not return noSuchObject 1999-09-24 02:19:31 +00:00
Howard Chu
f991ef04e6 Added mixed-case as well as up-cased DN argument. The behavior of back-bdb2
and back-ldbm are preserved, they only use the up-cased DNs. back-passwd
uses the mixed-case DN. All others are using mixed-case DN, may need more
fixing.
1999-09-18 23:40:03 +00:00
Kurt Zeilenga
403f4479bc Add OpenLDAP RCSid to *.[ch] in clients, libraries, and servers.
Replace old Id as needed (back-tcl).
Leave updating of contribWare to contributors (for now).
1999-09-08 19:06:24 +00:00
Kurt Zeilenga
9c3ed0310b Add copyright notices. 1999-08-06 23:07:46 +00:00
Kurt Zeilenga
73276e84ae Import experimental referral implementation from OPENLDAP_DEVEL_REFERRALS.
Includes support for update referral for each replicated backend.
	Reworked replication test to use update referral.
Includes major rewrite of response encoding codes (result.c).
Includes reworked alias support and eliminates old suffix alias codes
(can be emulated using named alias).
Includes (untested) support for the Manage DSA IT control.
Works in LDAPv2 world.  Still testing in LDAPv3 world.
Added default referral (test009) test.
1999-07-16 02:45:46 +00:00
Kurt Zeilenga
b8edef2b2c Copy LDBM bind "ACL_AUTH" and SASL framework to bdb2. 1999-07-07 18:47:51 +00:00
Kurt Zeilenga
51d1c90887 unifdef -DSLAPD_ACLGROUPS -DSLAPD_ACLAUTH 1999-07-05 06:26:26 +00:00
Kurt Zeilenga
49f39bc4cf o_dn/o_ndn must not be NULL. Set to "" upon receiving bind request. 1999-07-04 19:37:25 +00:00
Kurt Zeilenga
106eef41d8 HEADS UP: connections are forced to "anonymous" status upon receiving
of a bind request and, upon failure, are left "anonymous."

Rework ACL code to hide access testing within macros to facilate additions
and eventual redesign.

Addition of #ifdef SLAPD_ACLAUTH to conditional include EXPERIMENTAL
"auth" access controls.  Adds ACL_AUTH "auth" access level (above none,
below "compare").  bind requires anonymous access at this level or above access
to "entry"/"userPassword"/"krbName".  This allows administrators to restrict
which entries can be bound to.  (This will likely become default behavior
after testing has completed).
1999-07-04 18:46:24 +00:00
Kurt Zeilenga
9225707a06 Modify lutil_passwd to accept a third argument char** methods to
specific which methods may be used.  This will facilate development
of a slapd config directive "passwordMethod ..." to specify which
methods should be allowed.
1999-06-29 22:24:53 +00:00
Kurt Zeilenga
1ee85df297 Add framework for sasl and controls. 1999-06-29 03:17:22 +00:00
Hallvard Furuseth
815a62930c UNDO LAST COMMIT. 1999-04-02 03:45:33 +00:00
Hallvard Furuseth
45118be88e Fix wait4child change: Prefer wait3 over wait. Use SIGNAL instead of signal. 1999-04-02 03:23:20 +00:00
Bart Hartgers
e0fdd89432 Annoying little son of a `free' BUG fixed. 1999-03-02 20:14:11 +00:00
Kurt Zeilenga
3984323bf9 Fix minor memory leak and remove redundant be_isroot_pw() checks.
Suggested by Pierangelo Masarati <pmasarati@bci.it> in post to -bugs.
1999-03-01 19:42:06 +00:00
Kurt Zeilenga
72ba4cfb71 Use -lldap_r instead of -lldap -lthread.
Likely broke things for non-posix threadings....

Update -lldap_r implementation to:
	remove attribute support
	hide thread detachment
	provide concurrency accessors
	provide initialization function
	fix gethostby{addr,name}_r codes (not coverred by HAVE_REENTRANT_FUNCTIONS)
Update servers/libraries to use ldap_pvt_thread_ calls.
Cleanup server codes (no #ifdef HAVE_PTHREAD_THIS or _THATs)!
Removed -llthread
1999-01-28 04:34:55 +00:00
Kurt Zeilenga
e2a15115b0 Update slap_conn to maintain client provided dn and bound dn.
Update slap_op to maintain dn and ndn (derived from conn->c_dn).
Update ldbm_back_bind to return actual bound dn (including rootdn)
	for use in slapd_conn.  Other backends use client dn.
Modify other codes to use ndn (normalized uppercase dn) most everywhere.
Aliasing, Suffixing and modrdn could use more work.
Applied suffixing to compare and modrdn.
1999-01-19 05:10:50 +00:00
Kurt Zeilenga
695508813d Fix --disable-crypt and --disable-cleartext
mutex declaration should be moved from slapd/main.c to slapd/init.c
so we don't have ripple changes through slapd/tools.
1998-12-29 21:45:08 +00:00
Kurt Zeilenga
487aa911f0 Add rc=0 fix as suggested by Tobias Reber <t.reber@dkfz-heidelberg.de>
in ITS#17.
1998-12-22 17:04:34 +00:00
Kurt Zeilenga
c1cef27bda Update slapd to use lutil_passwd() for both user and root passwords.
Remove MD5 and SHA1 options (both are now always on).  Rename
functions to be lutil_ instead of ldap_.
Create --enable-cleartext option.  Default is currently 'on'.
1998-12-01 03:36:37 +00:00
Kurt Zeilenga
b2ec7af331 Changed dn2entry to always returned a modified matched.
Modified users of this code to free matched if set.
1998-11-23 20:08:25 +00:00
Kurt Zeilenga
b5494457d8 Remove extern declarations of library functions from source.c.
This could cause problems on odd systems.  The generic
  headers should be extended as needed to include necessary
  system headers or, if necessary, make explicit declarations.
Extended ac/string.h header to look for string.h/strings.h if
  STDC_HEADERS is not defined.  Also provide basic declarations for
  str*() functions.  This could cause problems on odd systems.
Extended ac/unistd.h header to define basic declaration for misc
  functions that might be missing from headers.   This includes
  externs for getenv(), getopt(), mktemp(), tempname().
Protect fax500.h from multiple inclusion.  Moved includes of
  system/generic headers back to source files.
Made mail500 helper functions static.
Fixed includes of ctype.h, signal.h, etc. to use generics.
lutil/tempname.c: was including stdlib.h twice, one should stdio.h.
Wrapped <sys/resource.h> with HAVE_SYS_RESOURCE_H.
lber/io.c/ber_get_next(): Changed noctets back to signed.
  Used with BerRead which expects signed int as second arg and
  returns signed int.
1998-11-16 05:07:27 +00:00
Hallvard Furuseth
7e6ad5100c Protoized, moved extern definitions to .h files, fixed related bugs.
Most function and variable definitions are now preceded by its extern
definition, for error checking.  Retyped a number of functions, usually
to return void.  Fixed a number of printf format errors.

API changes (in ldap/include):
  Added avl_dup_ok, avl_prefixapply, removed ber_fatten (probably typo
  for ber_flatten), retyped ldap_sort_strcasecmp, grew lutil.h.

A number of `extern' declarations are left (some added by protoize), to
be cleaned away later.  Mostly strdup(), strcasecmp(), mktemp(), optind,
optarg, errno.
1998-11-15 22:40:11 +00:00
Kurt Zeilenga
2a869f5a99 merged with autoconf branch 1998-10-25 01:41:42 +00:00
Kurt Zeilenga
4a5d740e2e Merged in per cache entry reader/writer locks from OPENLDAP_DEVEL_THREAD 1998-09-20 20:22:46 +00:00
Kurt Zeilenga
c246205958 Add ldap_ prefix to md5 calls.
Patch submitted by Chris Smith <csmith@platform.com>
1998-09-16 19:03:22 +00:00
Kurt Zeilenga
2fb96905d2 Add Kerberos V5 support from Predrag Balorda <pele@artewisdom.com> 1998-09-08 02:26:56 +00:00
Kurt Zeilenga
cac3ea1e92 Import public domain sha1 routines from Steve Reid <steve@edmweb.com>.
Modified for OpenLDAP use by Daniel J. Gregor <djg@gregor.com>.
1998-09-03 06:25:38 +00:00
Kurt Zeilenga
8c5868b500 Add basic support for MD5 and SHA1 passwords.
SHA1 support is contributed by Daniel J. Gregor <dj@gregor.com>
	MD5 support is contributed by me <kurt@OpenLDAP.org>
	Uses public domain MD5 routines
	Uses ISC/IBM freely redistributable Base64 routines
	SHA1 support requires external SHA1 routines
1998-09-02 21:31:35 +00:00
Kurt Zeilenga
29062d06e4 LDAPworldP20: Patch for comparing crypt()ed passwords (#ifdef LDAP_CRYPT) 1998-08-09 03:34:35 +00:00
Kurt Zeilenga
42e0d83cb3 Initial revision 1998-08-09 00:43:13 +00:00