Pierangelo Masarati
ec49990d51
ACIs almost entirely factored out of slapd
...
Added OpenLDAPaciSyntax based on ITS#3877 by Nikita Shulga
aci_mask() doesn't exploit the normalized value yet (next step)
The case #define SLAPD_ACI_ENABLED / #undef SLAP_DYNACL should
be removed
2005-08-17 17:14:57 +00:00
Howard Chu
d247840d6b
ITS#3946 use connection_destroy hook to reset lockouts instead of unbind
2005-08-17 16:42:22 +00:00
Pierangelo Masarati
a583d1a9e5
fix testers (tnx to Luca)
2005-08-17 16:19:58 +00:00
Pierangelo Masarati
69c6cd5365
fix small issues with dynacl and ACI in general
2005-08-17 14:44:41 +00:00
Pierangelo Masarati
35de807a93
add posixGroup access control via dynacl as an example of how dynacl work
2005-08-17 14:32:27 +00:00
Pierangelo Masarati
99ea177e05
implement overlapping targets enhancement (ITS#3711)
2005-08-17 08:34:49 +00:00
Pierangelo Masarati
90255dfc42
back out fix to ITS#3932
2005-08-17 08:32:47 +00:00
Pierangelo Masarati
76f52279ef
fix "matched" return and return code (ITS#3944)
2005-08-17 08:25:48 +00:00
Pierangelo Masarati
24befe380c
fix resources release issue
2005-08-17 08:25:10 +00:00
Pierangelo Masarati
c4ab7b1af2
in some cases, back-meta needs to propagate pseudo-root identity even if it's not the authorizing backend
2005-08-17 08:19:37 +00:00
Pierangelo Masarati
0d35dcf83a
better handling of bind retry
2005-08-17 08:17:30 +00:00
Pierangelo Masarati
ecd99b83dd
set "matched" as appropriate (ITS#3942)
2005-08-17 08:13:24 +00:00
Pierangelo Masarati
88e89bf4e7
cleanup
2005-08-17 08:08:23 +00:00
Pierangelo Masarati
4f5502ef9f
rework internal functions - need the parsed list of URIs before massaging; no impact on exposed funcs
2005-08-17 07:50:28 +00:00
Luke Howard
d174f6720a
Add read-only SLAPI_X_ADD_STRUCTURAL_CLASS pblock extension.
...
This is necessary to compensate for a regression in the SLAPI
implementation since it moved to an overlay: global add preop
plugins no longer have access to operational attributes,
because slap_mods_opattrs() is called by fe_op_add(), invoked
after the global SLAPI overlay.
(Some of our plugins need to the structural object class of the
to-be-added entry.)
I suppose an option would be to have the SLAPI overlay
optimistically call slap_mods_opattrs() (as long as this can be
called idempotently). If there are any other ideas let me know.
2005-08-17 07:25:27 +00:00
Luke Howard
9f865579df
Add SLAPI_X_ADD_STRUCTURAL_CLASS
2005-08-17 07:12:51 +00:00
Kurt Zeilenga
65d2925249
ITS#3941: posixGroup should be STRUCTURAL
2005-08-17 07:10:02 +00:00
Hallvard Furuseth
a0b5f5138b
Remove unused label "error_return"
2005-08-16 19:45:50 +00:00
Luke Howard
f68a2b1663
Make sure we release entry lock before sending paged response
2005-08-15 11:27:42 +00:00
Howard Chu
88dd1c5659
More optimization for CSN filter checks
2005-08-15 07:18:19 +00:00
Howard Chu
8c20a11293
Fix prev commit
2005-08-15 05:36:56 +00:00
Howard Chu
71bc69bfff
Optimize FINDCSN case
2005-08-15 00:04:13 +00:00
Howard Chu
b15a72caec
ITS#3931 fix dnRelativeMatch return values
2005-08-14 23:08:20 +00:00
Howard Chu
19b8e9e1ce
ITS#3936 fix wording, add clarification
2005-08-14 08:48:57 +00:00
Howard Chu
f4c1eee382
ITS#3935 tweak sessionlog description
2005-08-14 08:35:31 +00:00
Howard Chu
da2c46fe22
ITS#3935 fix sessionlog description
2005-08-14 08:20:54 +00:00
Howard Chu
9326c2b313
ITS#3845 allow rootpw to be used for rootdn SASL binds, based on
...
patch from Jason Townsend
2005-08-14 08:00:54 +00:00
Hallvard Furuseth
9873eb7ab0
Add missing Statslog() statements (loglevel stats/stats2):
...
"ABANDON", "STARTTLS", "CANCEL", "WHOAMI", "PASSMOD", "EXT", "INTERM",
"TLS established", SASL and Extended Response "RESULT".
In Statslog output "conn=xx fd=yy closed", append the reason in
"()" unless client or server closed the connection after Unbind.
Still missing Statslog output from a number of failed requests.
2005-08-14 00:14:58 +00:00
Hallvard Furuseth
a222469d0d
assert expects int. (int)<nonnull ptr/long> can be 0. Use assert(arg!=0/NULL).
2005-08-13 21:10:41 +00:00
Pierangelo Masarati
388c076768
fix ITS#3932 - regex/rewrite concurrency issue
2005-08-13 18:43:20 +00:00
Pierangelo Masarati
d8fbe2d32c
regression for ITS#3506
2005-08-13 16:28:52 +00:00
Pierangelo Masarati
f6ef5170fa
personally, I'm much more comfortable using hex for log levels...
2005-08-13 16:04:40 +00:00
Pierangelo Masarati
5631f25839
alternate fix to ITS#3916
2005-08-13 15:22:09 +00:00
Howard Chu
0246338206
utime is not needed here any more
2005-08-13 13:18:00 +00:00
Howard Chu
c722dd9ca8
Rework auto-recovery logic:
...
Removes ITS#3824 patch.
Adds trace message for ITS#3833.
Streamlines ITS#3607 patch.
2005-08-13 12:59:45 +00:00
Kurt Zeilenga
eceb493bc0
Use IANA assigned OIDs
2005-08-12 21:24:13 +00:00
Kurt Zeilenga
7c5105fc93
ITS#3904: fix installed man page symlinks
2005-08-12 21:14:32 +00:00
Kurt Zeilenga
97565597be
Reflect main COPYRIGHT file
2005-08-12 19:30:20 +00:00
Kurt Zeilenga
7dec65ee10
Replace 666 OIDs for Assertion/pre-read/post-read controls with
...
appropriate IANA assigned OIDs, and remove hide.
2005-08-12 18:08:15 +00:00
Pierangelo Masarati
7b9173d0bb
should compile also when #undef HAVE_TLS
2005-08-12 10:51:39 +00:00
Pierangelo Masarati
a23466f64a
should compile also when #undef HAVE_TLS
2005-08-12 10:49:55 +00:00
Kurt Zeilenga
e371d7c68b
AC_DEFUN cleanup
2005-08-12 03:20:54 +00:00
Pierangelo Masarati
e93c8f18d4
minor cleanup
2005-08-11 23:53:52 +00:00
Pierangelo Masarati
d10250d9f6
add authzSyntax for authzTo/authzFrom attributes; add X-ORDERED 'VALUES' if support for ordered_value_{validate,pretty,normalize} is present; exploit normalization in slap_parseURI (only #ifdef LDAP_DEVEL)
2005-08-11 23:52:17 +00:00
Pierangelo Masarati
53a4d530d9
plug one-time leak
2005-08-11 23:35:47 +00:00
Pierangelo Masarati
2b93e9b376
wrap validate/pretty/normalize for ordered values (only #ifdef LDAP_DEVEL)
2005-08-11 23:35:15 +00:00
Howard Chu
5944f306d7
ITS#3910 heimdal 0.7 compatibility, silence warnings
2005-08-11 21:05:19 +00:00
Pierangelo Masarati
53921b2c1a
fix error message
2005-08-11 21:02:32 +00:00
Pierangelo Masarati
6cd013b254
silence warning
2005-08-11 19:32:28 +00:00
Pierangelo Masarati
3638b6c722
solve a deadlock during unbind: ldap_send_unbind() is called by ldap_free_connection() only, and just in case the last arg is not 0; but most of the times ldap_free_connection() is called with ld_req_mutex locked, so it shouldn't be locked again from inside ldap_send_unbind()
2005-08-11 17:11:41 +00:00