mirror/openldap
2
0
Fork 0
mirror of https://git.openldap.org/openldap/openldap.git synced 2025-01-12 10:54:48 +08:00
Code Issues Packages Projects Releases Wiki Activity
13,194 Commits 38 Branches 307 Tags 75 MiB
12beb27e46
Commit Graph

7377 Commits

Author SHA1 Message Date
Pierangelo Masarati
00b5d8c1bc allow objectClass checking including sups 2005-08-20 19:01:53 +00:00
Pierangelo Masarati
15d1b4d5dd cleanup locking 2005-08-20 19:00:56 +00:00
Pierangelo Masarati
6bae592866 cleanup objectclass inheritance; don't proceed if initial lookup resulted in a hit with "success" errcode and the base is search; either the filter doesn't match, or the same action is taken twice 2005-08-20 18:00:40 +00:00
Pierangelo Masarati
f227a96053 more for the allop overlay 2005-08-20 11:53:31 +00:00
Pierangelo Masarati
95f65ff352 all-operational overlay: allows to configure part of te DIT so that requests 
with requested attribute lists empty or containing "*" are expanded
to contain "+" as well, so that all operational attributes are returned.
This may be required to work around dumb clients that interrogate
the rootDSE requesting "*" and expecting operational attributes to be
returned as well.  To make it a bit more generic, it can be configured
to do the same for an arbitrary search described by an URI.  For example,

overlay		allop
allop-URI	ldap:///??sub

before any database instantiation causes all searches to return "*","+"
when ors_attrs is NULL or countains "*".
 2005-08-20 11:48:13 +00:00
Pierangelo Masarati
fdfcf0406e need an AUXILIARY objectClass to play with some special error codes (need to update man page as well)... 2005-08-20 11:31:51 +00:00
Pierangelo Masarati
e5d302e84f normalize/pretty attributes when possible 2005-08-20 11:31:07 +00:00
Kurt Zeilenga
6f99b15ee0 Clarify second all user attrs comment 2005-08-20 07:00:16 +00:00
Kurt Zeilenga
5beeb04346 Clarify attribute comment 2005-08-20 06:58:22 +00:00
Pierangelo Masarati
725423ef4f couldn't slapcat with ACIs in slapd.conf :) 2005-08-19 00:30:10 +00:00
Pierangelo Masarati
3356017b93 complete ACI syntax exploitation 2005-08-19 00:25:18 +00:00
Pierangelo Masarati
9c02a32b7c more about matchedDN in back-meta (ITS#3944) 2005-08-18 14:55:28 +00:00
Pierangelo Masarati
ef38cc9501 cleanup 2005-08-18 12:50:48 +00:00
Pierangelo Masarati
66c173deb9 a bit redundant, but works around ITS#3951 2005-08-18 12:14:07 +00:00
Pierangelo Masarati
11211d0dae strip entryDN from search entries; frontend will reattach it :( 2005-08-18 11:26:29 +00:00
Pierangelo Masarati
e066ec210e merge sml_managing into sml_flags (SLAP_MOD_MANAGING) 2005-08-18 08:48:10 +00:00
Pierangelo Masarati
9487629061 zero out sml_managing any time a Modifications is built (use calloc?) 2005-08-18 08:12:26 +00:00
Howard Chu
315c4a3b72 ITS#3946 reset lockout status at beginning of all Binds 2005-08-18 07:05:56 +00:00
Luke Howard
2ff5c27f63 Check for NULL in be_match() 
Use be_match() in backend.c operational processing
 2005-08-18 04:34:04 +00:00
Luke Howard
53a15b6820 Use be_match() instead of testing pointer equivalence 2005-08-18 04:12:54 +00:00
Luke Howard
6cf14a777a Add be_match() macro: one cannot always compare BackendDB pointer 
values in order to test equivalence, because the overlay engine
may have reset the backend pointer to a temporary copy on the stack.

So, we test pointer equivalence of the BackendDB itself, then of
be_nsuffix -- this macro can be updated if necessary.
 2005-08-18 04:12:04 +00:00
Pierangelo Masarati
ef7421b87d more on manage access level 2005-08-18 02:25:10 +00:00
Pierangelo Masarati
add1add854 condition compile dynacl 2005-08-17 22:41:30 +00:00
Pierangelo Masarati
b2284183f9 more on manage 2005-08-17 22:06:46 +00:00
Pierangelo Masarati
965d00a1dd allow to manage entryUUID; allow to manage noUserMod attrs during add 2005-08-17 20:53:39 +00:00
Pierangelo Masarati
557f5eb2ca allow noUserMod attrs write proxying when manageDIT is set (still to work in frontend for add) 2005-08-17 19:40:02 +00:00
Pierangelo Masarati
5873048347 fix return code (prevents clean usage of back-ldap for internal searchs) 2005-08-17 19:38:36 +00:00
Pierangelo Masarati
ec49990d51 ACIs almost entirely factored out of slapd 
Added OpenLDAPaciSyntax based on ITS#3877 by Nikita Shulga
aci_mask() doesn't exploit the normalized value yet (next step)
The case #define SLAPD_ACI_ENABLED / #undef SLAP_DYNACL should
be removed
 2005-08-17 17:14:57 +00:00
Howard Chu
d247840d6b ITS#3946 use connection_destroy hook to reset lockouts instead of unbind 2005-08-17 16:42:22 +00:00
Pierangelo Masarati
69c6cd5365 fix small issues with dynacl and ACI in general 2005-08-17 14:44:41 +00:00
Pierangelo Masarati
99ea177e05 implement overlapping targets enhancement (ITS#3711) 2005-08-17 08:34:49 +00:00
Pierangelo Masarati
76f52279ef fix "matched" return and return code (ITS#3944) 2005-08-17 08:25:48 +00:00
Pierangelo Masarati
24befe380c fix resources release issue 2005-08-17 08:25:10 +00:00
Pierangelo Masarati
c4ab7b1af2 in some cases, back-meta needs to propagate pseudo-root identity even if it's not the authorizing backend 2005-08-17 08:19:37 +00:00
Pierangelo Masarati
ecd99b83dd set "matched" as appropriate (ITS#3942) 2005-08-17 08:13:24 +00:00
Pierangelo Masarati
88e89bf4e7 cleanup 2005-08-17 08:08:23 +00:00
Luke Howard
d174f6720a Add read-only SLAPI_X_ADD_STRUCTURAL_CLASS pblock extension. 
This is necessary to compensate for a regression in the SLAPI
implementation since it moved to an overlay: global add preop
plugins no longer have access to operational attributes,
because slap_mods_opattrs() is called by fe_op_add(), invoked
after the global SLAPI overlay.

(Some of our plugins need to the structural object class of the
to-be-added entry.)

I suppose an option would be to have the SLAPI overlay
optimistically call slap_mods_opattrs() (as long as this can be
called idempotently). If there are any other ideas let me know.
 2005-08-17 07:25:27 +00:00
Kurt Zeilenga
65d2925249 ITS#3941: posixGroup should be STRUCTURAL 2005-08-17 07:10:02 +00:00
Hallvard Furuseth
a0b5f5138b Remove unused label "error_return" 2005-08-16 19:45:50 +00:00
Luke Howard
f68a2b1663 Make sure we release entry lock before sending paged response 2005-08-15 11:27:42 +00:00
Howard Chu
88dd1c5659 More optimization for CSN filter checks 2005-08-15 07:18:19 +00:00
Howard Chu
8c20a11293 Fix prev commit 2005-08-15 05:36:56 +00:00
Howard Chu
71bc69bfff Optimize FINDCSN case 2005-08-15 00:04:13 +00:00
Howard Chu
b15a72caec ITS#3931 fix dnRelativeMatch return values 2005-08-14 23:08:20 +00:00
Howard Chu
f4c1eee382 ITS#3935 tweak sessionlog description 2005-08-14 08:35:31 +00:00
Howard Chu
9326c2b313 ITS#3845 allow rootpw to be used for rootdn SASL binds, based on 
patch from Jason Townsend
 2005-08-14 08:00:54 +00:00
Hallvard Furuseth
9873eb7ab0 Add missing Statslog() statements (loglevel stats/stats2): 
"ABANDON", "STARTTLS", "CANCEL", "WHOAMI", "PASSMOD", "EXT", "INTERM",
  "TLS established", SASL and Extended Response "RESULT".
In Statslog output "conn=xx fd=yy closed", append the reason in
  "()" unless client or server closed the connection after Unbind.
Still missing Statslog output from a number of failed requests.
 2005-08-14 00:14:58 +00:00
Hallvard Furuseth
a222469d0d assert expects int. (int)<nonnull ptr/long> can be 0. Use assert(arg!=0/NULL). 2005-08-13 21:10:41 +00:00
Pierangelo Masarati
f6ef5170fa personally, I'm much more comfortable using hex for log levels... 2005-08-13 16:04:40 +00:00
Howard Chu
0246338206 utime is not needed here any more 2005-08-13 13:18:00 +00:00
Howard Chu
c722dd9ca8 Rework auto-recovery logic: 
Removes ITS#3824 patch.
  Adds trace message for ITS#3833.
  Streamlines ITS#3607 patch.
 2005-08-13 12:59:45 +00:00
Kurt Zeilenga
77173d35e9 Replace PW_GECOS/PASSWD macros 2005-08-12 22:28:17 +00:00
Kurt Zeilenga
eceb493bc0 Use IANA assigned OIDs 2005-08-12 21:24:13 +00:00
Kurt Zeilenga
7dec65ee10 Replace 666 OIDs for Assertion/pre-read/post-read controls with 
appropriate IANA assigned OIDs, and remove hide.
 2005-08-12 18:08:15 +00:00
Pierangelo Masarati
7b9173d0bb should compile also when #undef HAVE_TLS 2005-08-12 10:51:39 +00:00
Pierangelo Masarati
a23466f64a should compile also when #undef HAVE_TLS 2005-08-12 10:49:55 +00:00
Kurt Zeilenga
13accb8b28 Not sure why autoheader isn't doing its job... 2005-08-12 06:17:24 +00:00
Pierangelo Masarati
e93c8f18d4 minor cleanup 2005-08-11 23:53:52 +00:00
Pierangelo Masarati
d10250d9f6 add authzSyntax for authzTo/authzFrom attributes; add X-ORDERED 'VALUES' if support for ordered_value_{validate,pretty,normalize} is present; exploit normalization in slap_parseURI (only #ifdef LDAP_DEVEL) 2005-08-11 23:52:17 +00:00
Pierangelo Masarati
53a4d530d9 plug one-time leak 2005-08-11 23:35:47 +00:00
Pierangelo Masarati
2b93e9b376 wrap validate/pretty/normalize for ordered values (only #ifdef LDAP_DEVEL) 2005-08-11 23:35:15 +00:00
Pierangelo Masarati
53921b2c1a fix error message 2005-08-11 21:02:32 +00:00
Pierangelo Masarati
6cd013b254 silence warning 2005-08-11 19:32:28 +00:00
Pierangelo Masarati
c6e2a69f27 fix tls propagation, including rebind 2005-08-11 16:01:24 +00:00
Pierangelo Masarati
e9cb5b0efb don't get tricked when option separator occurs past end of berval 2005-08-11 02:09:03 +00:00
Howard Chu
ba0996f1c1 ITS#3929 "test -e" doesn't exist on Solaris 2005-08-11 00:27:59 +00:00
Howard Chu
99e2e5d886 Move ldap_pvt_thread_initialize() earlier. (See -devel; same as ITS#3793) 2005-08-10 23:19:47 +00:00
Pierangelo Masarati
0db4013fb0 temporarily fix SLAPD_OVERLAY_ACCESS conflict 2005-08-10 18:53:21 +00:00
Pierangelo Masarati
98363b43a6 enable syncrepl support by default 2005-08-10 16:54:45 +00:00
Howard Chu
6c21412122 Fix backend selection diagnostics 2005-08-10 11:26:32 +00:00
Pierangelo Masarati
f8407435cc cleanup 2005-08-10 10:25:24 +00:00
Pierangelo Masarati
f38e72b26c trim use of uninitialized data; please review 2005-08-10 10:21:37 +00:00
Hallvard Furuseth
d50820cdd6 Read LDAPResult.resultCode & ModifyRequest.modification.operation 
and send SortResult.sortResult as BER ENUMERATED, not BER INTEGER.

libldap: ldap_parse_extended_result, try_read1msg, build_result_ber,
ldap_parse_sasl_bind_result.  slapd: do_modify, send_ldap_controls.
 2005-08-10 00:54:38 +00:00
Luke Howard
3647cba131 ITS#3924 
Also, fix slapi_dn_parent() crasher
 2005-08-09 05:28:58 +00:00
Pierangelo Masarati
eae2233d0c don't leak in case of attribute not found 2005-08-09 03:39:12 +00:00
Luke Howard
2e36d49a73 Fix slapi_str2entry()/slapi_entry2str() allocation 2005-08-09 02:56:21 +00:00
Luke Howard
6461a5b7fd ITS#3924 2005-08-09 02:12:18 +00:00
Howard Chu
c30992f05e ITS#3922 don't leak ber buffer on decode/parse errors 2005-08-09 00:26:39 +00:00
Howard Chu
28be8691cc ITS#3922 plug another cookie parsing leak 2005-08-09 00:11:42 +00:00
Howard Chu
0b2a428a29 ITS#3917 don't check csn syntax if schema isn't inited yet 2005-08-08 23:56:40 +00:00
Howard Chu
a99e5846b3 ITS#3917 revert prev commit 2005-08-08 23:45:29 +00:00
Pierangelo Masarati
9f1703d0d3 more (in)sanity stuff 2005-08-08 22:49:54 +00:00
Hallvard Furuseth
f927b77456 Remove unused variables in config_updatedn() 2005-08-08 22:35:38 +00:00
Hallvard Furuseth
64512ad4d7 assert expects int. (int)<nonnull ptr/long> can be 0. Use assert(arg!=0/NULL). 2005-08-08 22:25:56 +00:00
Hallvard Furuseth
7843e7fbb2 Destroy monitor_info.mi_cache_mutex 2005-08-08 21:29:13 +00:00
Pierangelo Masarati
c984c229d6 plug more one-time leaks; rearrange subsystems setup 2005-08-08 20:45:10 +00:00
Hallvard Furuseth
b1e4b27388 #include <ac/ctype.h>, needed by last commit 2005-08-08 20:19:25 +00:00
Pierangelo Masarati
b286c9264b plug another one-time leak 2005-08-08 20:01:04 +00:00
Pierangelo Masarati
64af435895 ITS#3914 bug was very close to that leak: rwm_dnattr_rewrite() already freed the original value (all this stuff may need work) 2005-08-08 19:49:48 +00:00
Pierangelo Masarati
47351e3b5c fix yet another leak (not related to ITS#3914, though) 2005-08-08 19:41:10 +00:00
Hallvard Furuseth
3142c03e5a Fix typo in previous commit (slapi_dn.c -> slapi_dn.lo) 2005-08-08 14:30:34 +00:00
Pierangelo Masarati
cccf35c749 allow textual log levels in command line 2005-08-08 14:01:40 +00:00
Luke Howard
d463430295 Remove slapi_x_be_select() 2005-08-08 13:26:02 +00:00
Luke Howard
d96f3615b3 New file - slapi_dn.c 2005-08-08 13:25:24 +00:00
Luke Howard
7d557f0b0d Add Slapi_DN API 2005-08-08 13:24:18 +00:00
Howard Chu
ae8a333bc8 ITS#3917 init schema before parsing args 2005-08-08 12:51:38 +00:00
Howard Chu
9365649dad ITS#3922 fix syncrepl ctxcsn leak 2005-08-08 12:38:19 +00:00
Luke Howard
3858ce0728 Add slapi_x_be_select() (to be replaced with slapi_be_select() when 
we support Slapi_DN API)
 2005-08-08 11:01:39 +00:00
Luke Howard
ef81368404 Don't return frontend as SLAPI_BACKEND, return actual backend instead 
for compat with 2.2 plugins

Add a couple of backend SLAPI APIs
 2005-08-08 09:33:02 +00:00
Luke Howard
17ffdc07b6 Don't decrement descriptor count until we have checked connection is not UDP 2005-08-08 03:44:17 +00:00