mirror/openldap
2
0
Fork 0
mirror of https://git.openldap.org/openldap/openldap.git synced 2024-12-27 03:20:22 +08:00
Code Issues Packages Projects Releases Wiki Activity
18,124 Commits 38 Branches 307 Tags 74 MiB
1661146831
Commit Graph

349 Commits

Author SHA1 Message Date
Luke Howard
cbf33d4fb1 Handle LDAP_MOD_INCREMENT in acl_check_modlist() 2005-12-24 16:02:15 +00:00
Pierangelo Masarati
da03eb0390 normalize value in "exact" attrval clause (ITS#4255) 2005-12-09 10:33:01 +00:00
Howard Chu
b831ebba7d ITS#4218 streamline frontend/overlay access_allowed. Probably need to 
do the same for acl_group and acl_attribute.
 2005-11-26 07:53:07 +00:00
Pierangelo Masarati
d34fffcaf9 use lutil_ato*() whenever appropriate 2005-11-24 01:10:05 +00:00
Pierangelo Masarati
4537065ffc further isolation and cleanup of ACI code 2005-11-10 00:52:43 +00:00
Howard Chu
7dcb68f6fa Move CSN invocations to backends 2005-10-13 11:58:44 +00:00
Pierangelo Masarati
9129a2f7ee silence warnings 2005-09-10 18:59:35 +00:00
Pierangelo Masarati
8e3adc2428 fix uninitialized, signedness and other issues (ITS#3854) 2005-08-26 16:52:51 +00:00
Pierangelo Masarati
4bc8197dcb further ACI factoring out & confinement 2005-08-22 16:03:35 +00:00
Pierangelo Masarati
e066ec210e merge sml_managing into sml_flags (SLAP_MOD_MANAGING) 2005-08-18 08:48:10 +00:00
Pierangelo Masarati
ef7421b87d more on manage access level 2005-08-18 02:25:10 +00:00
Pierangelo Masarati
b2284183f9 more on manage 2005-08-17 22:06:46 +00:00
Pierangelo Masarati
ec49990d51 ACIs almost entirely factored out of slapd 
Added OpenLDAPaciSyntax based on ITS#3877 by Nikita Shulga
aci_mask() doesn't exploit the normalized value yet (next step)
The case #define SLAPD_ACI_ENABLED / #undef SLAP_DYNACL should
be removed
 2005-08-17 17:14:57 +00:00
Pierangelo Masarati
69c6cd5365 fix small issues with dynacl and ACI in general 2005-08-17 14:44:41 +00:00
Pierangelo Masarati
f38e72b26c trim use of uninitialized data; please review 2005-08-10 10:21:37 +00:00
Pierangelo Masarati
c3b977b2da ACL logging was incomplete (and misleading) 2005-08-07 11:36:18 +00:00
Hallvard Furuseth
5a6eabb69d Silence unused variable warnings 2005-07-27 08:52:32 +00:00
Pierangelo Masarati
d2b863fa24 fix previous commit (see NOTE and FIXMEs) 2005-07-23 10:29:40 +00:00
Luke Howard
9e4ea429e5 Add fe_access_allowed(), should allow global ACL overlays to work 2005-07-23 04:18:48 +00:00
Pierangelo Masarati
bccf2a7282 backout previous commit: frontendDB doesn't have the right rootn, ACLs and so 2005-07-22 17:22:51 +00:00
Luke Howard
6da978d5a0 Support for global ACL overlays, corresponding SLAPI support 2005-07-22 05:01:09 +00:00
Luke Howard
ffe20229dc Move most of SLAPI frontend into overlay 2005-07-21 16:35:20 +00:00
Hallvard Furuseth
2b70a083e6 Delete unused variable. 2005-07-18 06:30:47 +00:00
Hallvard Furuseth
81ecb0b153 assert expects int. (int)<nonnull ptr/long> can be 0. Use assert(arg!=0/NULL). 2005-07-18 06:22:33 +00:00
Pierangelo Masarati
deec44b89a fix further ITS#3830 issues; allow to specify a matching rule for non-DN match 2005-07-05 12:00:14 +00:00
Hallvard Furuseth
a1e27aae40 Format fix: Make style_strings[] global for debug output in dynacl_aci_parse() 2005-07-04 06:25:02 +00:00
Howard Chu
9c246fce39 ITS#3830, fix val-specific ACLs 2005-07-03 01:51:35 +00:00
Kurt Zeilenga
b703938d61 symbol rename for AIX (ITS#3787) 2005-06-16 19:17:38 +00:00
Howard Chu
8f58409749 Add SLAP_MOD_INTERNAL flag to Modifications, allow internal ops to bypass 
ACL checks when modifying user-modifiable attributes as non-root user.
 2005-06-04 09:44:39 +00:00
Howard Chu
f19a4ea9ec More value ACL style tweaks 2005-05-10 00:51:28 +00:00
Pierangelo Masarati
a6f8cd07f6 partially revert previous commit (ITS#3652) 2005-04-13 01:03:46 +00:00
Pierangelo Masarati
a85603c10b more on ITS#3652 2005-04-12 22:38:54 +00:00
Pierangelo Masarati
2430af4e8b fix slapacl when doing cross-database access checking 2005-04-12 22:13:42 +00:00
Pierangelo Masarati
387864a9f2 cleanup previous commit 2005-04-12 19:35:53 +00:00
Pierangelo Masarati
d2dd3a616c hide changes behind specific #ifdef, conditioned by LDAP_DEBUG; always allow access on back-dnssrv 2005-04-12 01:07:30 +00:00
Pierangelo Masarati
f103c78530 cleanup previous commit 2005-04-12 00:34:13 +00:00
Pierangelo Masarati
15016154b6 add ACL hook to overlays 2005-04-12 00:24:04 +00:00
Pierangelo Masarati
91b4e991be cleanup & silence warnings 2005-04-11 21:35:34 +00:00
Pierangelo Masarati
4abbf9c610 implement add/delete granularity in write access (ITS#3631) 2005-04-08 00:18:24 +00:00
Pierangelo Masarati
e0fd9ebf14 cleanup previous commits 2005-04-04 11:19:21 +00:00
Pierangelo Masarati
3eb87b2faa implement "realdn" by clause in ACLs (ITS#3627; accounting for Howard's remarks) 2005-04-03 01:59:03 +00:00
Pierangelo Masarati
584b21d20b initial commit of "level" styles for "dn" and "self" by clauses (ITS#3615) 2005-03-31 18:10:11 +00:00
Pierangelo Masarati
a96f2af281 more dnParent() and misc cleanup 2005-03-30 22:45:46 +00:00
Pierangelo Masarati
22bc85dc77 minor cleanup 2005-03-30 18:58:52 +00:00
Howard Chu
0076b40c32 Convert backendInfo/backendDB to STAILQs 2005-03-24 05:13:31 +00:00
Howard Chu
1e5f43ddd1 In aci_set_gather propagate op->o_private to subordinate search 2005-03-17 22:28:30 +00:00
Howard Chu
e0ca6e386e Added acl_unparse, slap_sasl_getpolicy 2005-02-22 12:02:34 +00:00
Pierangelo Masarati
b381e1bcc8 cosmetic changes 2005-01-12 14:25:08 +00:00
Kurt Zeilenga
1c5d78d8dd Add "disclose" and "manage" ACL levels (but no meat). 
Disclose permission intended to be used for "disclose on error"
(as in our present "none"), none being "don't disclose on error".

Manage permission is intended to be used to allow DSA IT management
(e.g., changing entryCSNs, structuralObjectClass, etc.).
 2005-01-08 05:26:18 +00:00
Kurt Zeilenga
dc0eacd40b Happy New Year! 2005-01-01 20:49:32 +00:00
Pierangelo Masarati
e891dbcdc4 fix dynacl compile 2004-11-26 00:34:48 +00:00
Howard Chu
90cc409325 Split Operation into Opheader and op 2004-11-25 22:59:00 +00:00
Howard Chu
3a5bde98ba Disable back-bdb native syncrepl support, enable syncprov overlay, 
remove syncrepl stuff from Operation struct
 2004-11-25 21:16:54 +00:00
Pierangelo Masarati
dceaa05c0e should fix compile when SLAPD_ACI_ENABLED is undefined 2004-11-23 21:20:13 +00:00
Pierangelo Masarati
f93d4a31e8 allow a "users" type in ACI 2004-11-20 14:07:07 +00:00
Pierangelo Masarati
cc0353610f more cleanup and ITS number 2004-11-20 12:12:57 +00:00
Pierangelo Masarati
c75386a279 cleanup fix to ITS#3303 2004-11-20 12:07:39 +00:00
Pierangelo Masarati
40762c524a fix ITS#3303 2004-11-20 11:55:46 +00:00
Pierangelo Masarati
1e650374c2 add more semantics to the "type" field; fix a bug in anonymous operations; treat children aci_mask() as internal searches 2004-11-20 11:45:05 +00:00
Pierangelo Masarati
e79fbb88cf move ACIs under a dynamic infrastructure that allows run-time loadable custom access control logic (needs work) 2004-11-20 01:27:03 +00:00
Pierangelo Masarati
947268c5ee partially revert previous commit (the "creator" special DN pattern is redundant as "dnattr" is more expressive 2004-11-15 22:57:03 +00:00
Pierangelo Masarati
064eb88ef8 move special dn patterns to style enum; add creator special dn pattern 2004-11-15 22:15:28 +00:00
Pierangelo Masarati
9eabe1365b improve memory allocation in sets 2004-10-08 15:07:22 +00:00
Pierangelo Masarati
2f6f6f6a07 "optimize" sets: since the attr part must be an attribute, use the AttributeDescription 2004-10-08 00:28:16 +00:00
Pierangelo Masarati
58edfcca31 improve previous commit 2004-10-07 23:38:17 +00:00
Pierangelo Masarati
aa2e9413f1 fix previous commit 2004-10-07 22:31:36 +00:00
Pierangelo Masarati
e5ade14256 improve previous commit; now attrs in URI, if any, are added to that in the [<dn>]/<attr> form 2004-10-07 20:44:01 +00:00
Pierangelo Masarati
6a9bf9765e add URI search to sets; documentation to come... 2004-10-07 17:05:48 +00:00
Pierangelo Masarati
2b74930cb0 s/free/slap_sl_free/ 2004-10-06 23:53:30 +00:00
Pierangelo Masarati
4204aee7b9 extend the availability of submatches to non-regex DN patterns 2004-10-06 22:03:33 +00:00
Pierangelo Masarati
6ef9689b3f fix string_expand error cases; cleanup 2004-10-04 20:52:58 +00:00
Kurt Zeilenga
d611a4b49a unifdef -UNEW_LOGGING 2004-09-04 04:54:28 +00:00
Howard Chu
91033d6552 Reworked fix for ITS#3140 - add access parameter to backend_attribute 2004-08-18 17:14:22 +00:00
Pierangelo Masarati
bfb6465533 cleanup 2004-08-06 16:40:15 +00:00
Pierangelo Masarati
cd9a9c628d frontend stuff moved into a database structure, essentially to allow overlays to be processed before database selection; passes all tests (ITS#3080) 2004-07-26 21:26:34 +00:00
Pierangelo Masarati
74f224583b quick fix for ITS#3215; needs work to re-enable ACI caching, if possible at all 2004-07-02 16:45:06 +00:00
Pierangelo Masarati
6465801cfc beautify comment 2004-06-30 16:26:06 +00:00
Pierangelo Masarati
f109f1eb6d fix ITS#3140 2004-05-12 23:29:42 +00:00
Pierangelo Masarati
d40e5a365a fix DN_SEPARATOR() and clarify its use 2004-05-07 09:03:05 +00:00
Pierangelo Masarati
b34cf02488 more on fixing escaped semicolon in normalized DN 2004-05-07 02:18:08 +00:00
Pierangelo Masarati
b69a2acdf5 use fist backend only if there is no global ACL (ITS#3100) 2004-04-20 19:26:02 +00:00
Pierangelo Masarati
1c952c8a7e revert prevuos NULL o_bd commit 2004-04-20 15:18:06 +00:00
Pierangelo Masarati
30f697beeb improve dn.one="" fix 2004-04-20 14:50:16 +00:00
Pierangelo Masarati
537a4cae02 global ACLs were not used because op->o_bd is set to &backends[0] if NULL 2004-04-20 14:42:48 +00:00
Pierangelo Masarati
3c5f305a7f fix acl bug when using dn.one="" 2004-04-20 14:15:39 +00:00
Kurt Zeilenga
1372965d89 ITS#3092: Rename sl_free() and friends to slap_sl_free() 2004-04-20 03:44:57 +00:00
Pierangelo Masarati
7b65d46b1b add slapacl tool 2004-04-20 00:08:44 +00:00
Kurt Zeilenga
c7f0438044 bvalue cleanup 2004-04-08 06:49:17 +00:00
Kurt Zeilenga
44725e7303 use BER_BVNULL 2004-04-07 04:11:43 +00:00
Kurt Zeilenga
c7e89d57be swap be_isroot and be_isroot_dn symbols 2004-04-06 01:06:20 +00:00
Pierangelo Masarati
e516247068 exploit new isroot_dn helper 2004-04-05 17:31:27 +00:00
Howard Chu
35c774d3b8 Yet more for ITS#3008. Seems to work properly now. 2004-03-10 09:11:20 +00:00
Howard Chu
3853fade60 More for ITS#3008 2004-03-10 08:00:41 +00:00
Howard Chu
cac30b1855 ITS#3008 fix value-based ACLs 2004-03-10 02:59:03 +00:00
Pierangelo Masarati
006745430e allow "expand" style in peername, sockname, sockurl as well; more sanity checks 2004-03-09 19:44:14 +00:00
Pierangelo Masarati
042869366d use "expand" instead of "regex" for group ACLs that allow substring expansion, preserving backwards compatibility; add sanity checks 2004-03-09 16:33:05 +00:00
Pierangelo Masarati
a4e062ca36 apply advanced peername ACL (ITS#2907) 2004-03-08 18:49:12 +00:00
Kurt Zeilenga
3c598e89fb Happy new year 2004-01-01 19:15:16 +00:00
Luke Howard
c03a70955d Make defaulted backend available to ACL plugin pblock 2004-01-01 09:42:44 +00:00
Luke Howard
03e5db818f Fix ACL plugin bug - return value of ACL plugins was being ignored 2004-01-01 06:33:18 +00:00