Pierangelo Masarati
8866a28fb3
don't yell at regex styling that wraps all the suffix in a submatch
2004-11-30 22:50:07 +00:00
Pierangelo Masarati
e79fbb88cf
move ACIs under a dynamic infrastructure that allows run-time loadable custom access control logic (needs work)
2004-11-20 01:27:03 +00:00
Pierangelo Masarati
947268c5ee
partially revert previous commit (the "creator" special DN pattern is redundant as "dnattr" is more expressive
2004-11-15 22:57:03 +00:00
Pierangelo Masarati
064eb88ef8
move special dn patterns to style enum; add creator special dn pattern
2004-11-15 22:15:28 +00:00
Pierangelo Masarati
6a9bf9765e
add URI search to sets; documentation to come...
2004-10-07 17:05:48 +00:00
Pierangelo Masarati
4afaf4042a
minor cleanup
2004-10-06 22:20:30 +00:00
Pierangelo Masarati
4204aee7b9
extend the availability of submatches to non-regex DN patterns
2004-10-06 22:03:33 +00:00
Pierangelo Masarati
cd9a9c628d
frontend stuff moved into a database structure, essentially to allow overlays to be processed before database selection; passes all tests (ITS#3080)
2004-07-26 21:26:34 +00:00
Hallvard Furuseth
b81b0216a9
Split string literal to keep it below ANSI C's allowed 509-char limit.
2004-07-18 00:47:35 +00:00
Kurt Zeilenga
372a941334
add baseObject as alias for base.
...
cleanup
2004-06-28 06:42:00 +00:00
Kurt Zeilenga
73202e3910
Fix typo in last commit
2004-06-18 19:12:00 +00:00
Pierangelo Masarati
42f3b3d87b
improve parsing - first step
2004-06-18 09:11:53 +00:00
Pierangelo Masarati
f109f1eb6d
fix ITS#3140
2004-05-12 23:29:42 +00:00
Pierangelo Masarati
d40e5a365a
fix DN_SEPARATOR() and clarify its use
2004-05-07 09:03:05 +00:00
Pierangelo Masarati
b34cf02488
more on fixing escaped semicolon in normalized DN
2004-05-07 02:18:08 +00:00
Pierangelo Masarati
dd0e285b12
experimental ACL scope correctness test
2004-04-20 19:16:21 +00:00
Kurt Zeilenga
44725e7303
use BER_BVNULL
2004-04-07 04:11:43 +00:00
Pierangelo Masarati
006745430e
allow "expand" style in peername, sockname, sockurl as well; more sanity checks
2004-03-09 19:44:14 +00:00
Pierangelo Masarati
042869366d
use "expand" instead of "regex" for group ACLs that allow substring expansion, preserving backwards compatibility; add sanity checks
2004-03-09 16:33:05 +00:00
Pierangelo Masarati
a4e062ca36
apply advanced peername ACL (ITS#2907)
2004-03-08 18:49:12 +00:00
Pierangelo Masarati
ac0d45179f
log set in ACL (ITS#2949)
2004-03-08 11:09:49 +00:00
Kurt Zeilenga
3c598e89fb
Happy new year
2004-01-01 19:15:16 +00:00
Pierangelo Masarati
79bc396ed8
in the <what> clause of ACLs, only 'attr=' or 'attrs=' are allowed; the former for backwards compatibility, while slapd.access(5) correctly uses only the latter form
2003-12-20 15:31:54 +00:00
Pierangelo Masarati
39574bcb5f
for consistency, always allow 'onelevel' as an alias for 'one' in dnstyle
2003-12-20 15:18:21 +00:00
Kurt Zeilenga
aabcce3e58
Document +0
2003-12-19 05:06:51 +00:00
Pierangelo Masarati
4e83a282d0
improve error handling for attr val ACL syntax
2003-12-16 10:56:21 +00:00
Kurt Zeilenga
a736f237f8
Deprecate +objectClass in favor of @objectClass per IETF discussions
2003-12-16 05:55:52 +00:00
Pierangelo Masarati
ee34f3fb64
add to 'val[.<style>=<value>' ACLs special match styles for DN-valued attributes; add negated objectClass to attribute name lists for ACLs and partial replication
2003-12-16 00:49:10 +00:00
Kurt Zeilenga
4e15a84452
Updated notices
2003-11-27 01:17:14 +00:00
Kurt Zeilenga
81ed052186
Improve printing of ACLs
2003-10-15 07:48:01 +00:00
Howard Chu
6da0f1e48e
ITS#2573 dynamic group support
...
moved labeledURI into system schema
attribute types that inherit from labeledURI may be used in dynamic
groups e.g. access to * by group/groupOfURLs/memberURL=foo
2003-09-20 08:16:04 +00:00
Howard Chu
1240c70ff4
ITS#2497, implement value-level ACLs:
...
access to attr=foo val.regex=bar.*
2003-09-20 03:23:10 +00:00
Kurt Zeilenga
6f39517929
ITS#2707: fix 'access to dn.subtree="" by ...' directives
2003-09-10 02:33:36 +00:00
Hallvard Furuseth
642c8b1627
Break up too long string literals (>509 characters, ISO C's minimum max size).
2003-06-03 18:01:37 +00:00
Kurt Zeilenga
0954351565
Change ACL default style to exact (from regex)
2003-05-30 05:24:39 +00:00
Kurt Zeilenga
5cd994ed21
remove dnNormalize2
...
replace calls to dnNormalize2 with calls to dnNormalize
2003-04-29 18:28:14 +00:00
Howard Chu
ece7452b05
More memory context tweaks
2003-04-11 01:29:28 +00:00
Pierangelo Masarati
eed2d5db4d
only document 'subtree', but also allow 'sub'
2003-02-05 20:38:42 +00:00
Pierangelo Masarati
381e293b41
allow 'sub' and 'subtree' in acl (fix ITS#2300)
2003-02-05 19:39:34 +00:00
Kurt Zeilenga
6939c53170
Happy new year
2003-01-03 20:20:47 +00:00
Pierangelo Masarati
a62aa61544
much better fix for ITS#2196 (dnattr without sat_equality is bounced at config)
2002-11-25 18:37:04 +00:00
Howard Chu
e14f471a27
Add #include "lutil.h" for lutil_str* functions
2002-08-06 02:36:34 +00:00
Howard Chu
5a01db28e3
Moved slap_strcopy, slap_strncopy to lutil_strcopy, lutil_strncopy
2002-07-27 00:24:02 +00:00
Kurt Zeilenga
8a3d02bf6b
misc cleanup
2002-07-23 18:35:12 +00:00
Kurt Zeilenga
ef3d895cb8
More ACL to dn="" bug fixing... and add test006-acl check
2002-07-11 01:45:22 +00:00
Kurt Zeilenga
8354160f8b
Patch: aclparse.c bugs (ITS#1752)
...
================
Written by Hallvard B. Furuseth and placed into the public domain.
This software is not subject to any license of the University of Oslo.
================
Bug fixes:
- acl_regex_normalized_dn(pattern):
* used pattern->bv_len even though it claimed not to,
* would walk past the end of strings that ended (incorrectly)
with a single '\'.
- style=regex checked for "^.*$$" twice but not for "^.*$".
- the code did not notice if dnNormalize2() failed, and would
(at least in one case) treat a bad DN as '*'.
Some cleanup:
- changed regtest() to return void, since the return value was unused.
- changed acl_regex_normalized_dn() to take a string input argument
instead of a half-filled berval, it looks saner that way.
Hallvard B. Furuseth <h.b.furuseth@usit.uio.no>, April 2002.
2002-04-15 20:44:05 +00:00
Kurt Zeilenga
709ce4fa6c
Re: Patch: ctype functions require 'unsigned char' args (ITS#1678)
...
================
Written by Hallvard B. Furuseth and placed into the public domain.
This software is not subject to any license of the University of Oslo.
================
Here are fixes for more places where the argument to ctype.h functions
should be in the range of `unsigned char'.
Explanation of the last patch (to schema_init.c:bvcasechr()):
TOLOWER() and TOUPPER() return values in the range of `unsigned char',
but bvcasechr() then compares those values with a plain `char'. So I
convert the return values from TOLOWER()/TOUPPER() to `char' first.
Hallvard B. Furuseth <h.b.furuseth@usit.uio.no>, April 2002.
2002-04-15 20:42:42 +00:00
Pierangelo Masarati
440637dde7
various acl improvements/cleanups/speedups (need to be documented, though)
2002-04-03 15:42:19 +00:00
Pierangelo Masarati
ab6ad34692
the logic of this check was completely reversed; in case '*' is used, on't test the regula expression
2002-04-02 08:18:30 +00:00
Kurt Zeilenga
c9c3a68496
Deprecate filter_print in favor of filter2bv.
2002-03-10 17:41:14 +00:00
Kurt Zeilenga
2b71d70f2f
Reverse arguments of is_object_subclass and reverse backwards calls
2002-02-09 23:55:37 +00:00
Kurt Zeilenga
59857824ff
Treat access to dn="" as access to dn.base="". Avoid empty regex.
...
Note: by dn="" already treated as anonymous.
2002-02-08 18:32:12 +00:00
Howard Chu
5e522ca882
Changed Access.a_sockurl_pat, Connection.c_listener_url etc.
...
to struct bervals
2002-01-28 11:41:07 +00:00
Kurt Zeilenga
ce2d8ebc7e
Misc cleanup, lint removal, and minor optimizations
2002-01-13 05:00:59 +00:00
Howard Chu
8067107ed2
Added an_oc to AttributeName for caching ObjectClass lookups.
...
Added error checking to str2anlist; if the attr name doesn't match
any attribute or objectclass the offending attr name is displayed.
2002-01-10 09:54:14 +00:00
Kurt Zeilenga
0e2af54a3f
Update copyright statements
2002-01-04 21:17:25 +00:00
Howard Chu
bcdfdb968f
Changed AttributeName back into an array instead of a linked list.
...
Fixed bug in do_search eating up controls.
2002-01-03 05:38:26 +00:00
Howard Chu
f52cc9bab5
Change struct berval ** to BVarray
2002-01-02 11:00:36 +00:00
Howard Chu
743c402265
Changed search attrs from struct berval ** to AttributeName *
2001-12-31 11:35:52 +00:00
Pierangelo Masarati
3930a390e0
cleanup
2001-12-29 10:30:23 +00:00
Howard Chu
975a5e9a24
Added dnPretty2/dnNormalize2 using preallocated destination berval
2001-12-29 04:48:00 +00:00
Pierangelo Masarati
04ce28cf48
a couple of comments; will require special DN handling ...
2001-12-28 18:18:16 +00:00
Howard Chu
bbcb0f8a7f
Replace strcat with slap_strcopy
2001-12-26 16:25:18 +00:00
Howard Chu
15f630545a
Changed ma_rule_text to struct berval.
...
Changed get_filter to struct bervals
2001-12-26 13:47:10 +00:00
Howard Chu
fb3af1ccbd
Merged ber_bvstr and ber_bvstrdup into ber_str2bv.
2001-12-26 10:06:19 +00:00
Howard Chu
68b1bbb89d
Changed search attrs to struct berval **.
...
Use typedefs for all backend functions, to minimize work in future API
updates. (back-*/external.h will never need updating in the future.)
2001-12-26 08:17:44 +00:00
Howard Chu
b96645af7d
More struct berval changes, dnNormalize migration...
2001-12-26 04:17:49 +00:00
Kurt Zeilenga
d047cc854e
Require the struct berval **out argument of dnPretty/dnNormalize
...
point to a NULL pointer, that is assert( *out == NULL ).
Eventually, we'll allow **out to point to a preallocated
struct berval (to avoid unnecessary allocation).
2001-12-24 18:38:20 +00:00
Howard Chu
9e0ab3da36
Changed Access->a_set_pat and acl->acl_dn_pat to struct berval to eliminate
...
strlen() from acl processing.
2001-12-24 15:43:27 +00:00
Howard Chu
2f3399265c
Changed sai_dn, sai_ndn to struct berval. (Affects op->o_dn,o_ndn,
...
conn->c_dn,c_ndn, Access->a_dn_pat)
2001-12-24 15:11:01 +00:00
Kurt Zeilenga
5c0a8848cf
Add abstract object class checks and a bit of structuralObjectClass
...
optimization.
2001-12-20 01:41:44 +00:00
Howard Chu
ff682be26e
Added acl_destroy, acl_free.
2001-12-15 12:41:53 +00:00
Pierangelo Masarati
b4e7f0873a
trims space after comma in dn.regex acls (prelude to normalization)
2001-11-12 11:29:40 +00:00
Pierangelo Masarati
08ff231888
fixes assertion fault when the <to> clauses's argument does not have a = inside
2001-10-29 08:14:12 +00:00
Howard Chu
0e16f6acf9
Moved AttributeDescription caching into main code:
...
Changed AttributeDescription.{ad_cname,ad_lang} to struct berval everywhere
Deleted ad_free() everywhere
Added ad_mutex to init.c
The AttributeDescriptions are in a linked list hanging off of the
corresponding AttributeType.
2001-10-22 13:23:05 +00:00
Kurt Zeilenga
2c9a238571
Allow dn.base=""
2001-09-01 05:01:31 +00:00
Kurt Zeilenga
a5ea7aefd6
Add name and uid support to dnaddr
2001-03-15 04:48:29 +00:00
Julio Sánchez Fernández
6777a3a41a
Permit access defined by uniqueMember and not only DN-valued
...
attributes. This allows using groupOfUniqueNames for
access control.
Fix small typo in MRA definition.
2000-10-09 19:09:22 +00:00
Kurt Zeilenga
63ae1d22e5
Fix ACL SSF reporting
2000-09-05 18:24:24 +00:00
Kurt Zeilenga
bf3df2f7a6
restrictops, requires, disallow knobs; ssf acls; and misc other changes
...
man pages to follow...
2000-08-28 18:38:48 +00:00
Kurt Zeilenga
1c328aa9c7
Minor typedef and other clean ups
2000-08-26 01:14:05 +00:00
Mark Valence
45fdcb7163
Bug fix submitted by Anthony Brock (ITS#637)
2000-07-25 02:16:59 +00:00
Mark Valence
4b1ff75bdd
Prepare for Set ACLs and ACIs.
2000-06-29 21:41:54 +00:00
Kurt Zeilenga
d19419392c
Use ASCII_*() macros and friends. Should be combined with similiar LDAP_*()
...
macros in ldap_pvt.h.
2000-06-20 17:05:15 +00:00
Kurt Zeilenga
4b58e3b88d
Add schema checks.
2000-06-19 16:14:36 +00:00
Mark Valence
1bfcb4b039
Added .regex, .base, .one, .subtree, and .children "style" modifiers.
2000-06-12 01:35:15 +00:00
Kurt Zeilenga
c3f8de76ef
Fix up debug statement as suggested by christian.lorenz@suse.de
2000-06-07 14:07:50 +00:00
Kurt Zeilenga
693fb9424a
unifdef -DSLAPD_SCHEMA_NOT_COMPAT -USLAPD_SCHEMA_COMPAT
2000-06-06 19:43:18 +00:00
Kurt Zeilenga
b05d071c3a
Fix anonymous mapping
2000-06-03 16:29:34 +00:00
Kurt Zeilenga
3350957674
SLAPD_SCHEMA_NOT_COMPAT: ACI cleanup
2000-05-28 22:17:34 +00:00
Kurt Zeilenga
229e12b69d
SLAPD_SCHEMA_NOT_COMPAT: add subtype aware is_at_syntax()
2000-05-28 19:15:37 +00:00
Kurt Zeilenga
c98f0ea02c
SLAPD_SCHEMA_NOT_COMPAT:
...
Don't depend acl parsing upon slap_schema, it's filled in post-conf
2000-05-28 18:58:09 +00:00
Kurt Zeilenga
439c0c796d
SLAPD_SCHEMA_NOT_COMPAT: Mostly work modify
2000-05-28 16:36:34 +00:00
Kurt Zeilenga
b813a5ba30
SLAPD_SCHEMA_NOT_COMPAT: prelim ACL work
2000-05-27 19:33:08 +00:00
Kurt Zeilenga
60802201e3
Const'ification
...
SASL mech removed from backend bind callback (as SASL is managed by frontend)
Changes to some backends are untested (as I don't have all dependent
software install)
2000-05-22 03:46:57 +00:00
Kurt Zeilenga
4bc786f34b
Y2k copyright update
2000-05-13 02:47:56 +00:00
Howard Chu
55f4896cb9
Fix typo with dnattr parsing
2000-05-12 09:10:45 +00:00
Kurt Zeilenga
2f0ec52df9
Fix improperly terminated comment
2000-04-12 01:10:50 +00:00
Kurt Zeilenga
0dbaf87730
Another round of changes behind -DSLAPD_SCHEMA_NOT_COMPAT
...
plus these changes unhidden changes:
remove now meaning --enable-discreteaci configure option
fix ITS#451, slapd filters
Add ber_bvecadd() to support above
constify ldap_pvt_find_wildcard() and misc slapd routines
renamed some slap.h macros
likely broken something
2000-02-14 20:57:34 +00:00
Kurt Zeilenga
9316c4eace
ACI attributes should be of ACI syntax. Need to assign
...
OID for experimental syntax.
2000-02-01 17:53:07 +00:00