Commit Graph

514 Commits

Author SHA1 Message Date
Kurt Zeilenga
2c2a54d6d7 Add DNS SRV backend framework (a work in progress). 2000-05-10 18:17:38 +00:00
Howard Chu
f0c4f83ea2 libldap/tls.c: change tls_verify_cb to no longer ignore verification errors.
This means a ldaps connection may drop before any LDAP protocol exchange
occurs (due to expired cert, unrecognized CAs, etc.).
  Change ldap_pvt_tls_connect to copy any TLS error string to ld_error upon
connection failure, otherwise client just sees "can't contact LDAP server."

slapd/connection.c: add flush/delay when SSL_accept fails, to allow any
TLS alerts we generated to propagate back to the client. (Which will then
be picked up by ldap_pvt_tls_connect on the client...)
2000-05-10 17:07:09 +00:00
Howard Chu
9842b8fa87 Remove MINGW32 declarations of snprintf and vsnprintf, the new mingw32
distributions define them now.
2000-05-10 16:12:38 +00:00
Howard Chu
8a3100e636 Remove declaration of strerror_r, it clashes on AIX and we never use it
anyway.
2000-05-10 16:11:38 +00:00
Kurt Zeilenga
f224e69558 Add experimental code to check simple bind passwords
against Cyrus SASLdb.  Like other cleartext mechanisms,
should be protected from eavesdropping.
2000-05-10 04:29:51 +00:00
Kurt Zeilenga
d0555fffe6 Error handling changes including separation of client v. server
SASL to LDAP translation.  plus comments and other minor changes
2000-05-03 18:59:58 +00:00
Kurt Zeilenga
802ee714e4 Framework for authpasswd. Needs work. Behind #ifdef 2000-04-25 13:28:03 +00:00
Kurt Zeilenga
274bf59441 replace ldap_dnssrv_init() with lower level calls
ldap_domain2dn()
    ldap_domain2hostlist()
and provide prototype to soon-to-be-implemented
    ldap_dn2domain().
ldap_dnssrv_init(), if needed, can easily be implemented
using ldap_create(), ldap_set_option() and the above
commands.
2000-04-25 10:38:03 +00:00
Kurt Zeilenga
c02d7e2cb6 ITS#503: Extend ldap tools to support SASL/TLS
Submitted by Gabor Gombas <gombasg@inf.elte.hu>
2000-04-20 09:23:51 +00:00
Kurt Zeilenga
177279176c Chage DEFAULT_DB_PAGE_SIZE to 4096 and allow external define to
override ldbm.h setting.
2000-03-17 20:28:36 +00:00
Kurt Zeilenga
d14c7ad7c2 Depend HAVE_NT_THREADS on _WINNT 2000-03-17 19:35:20 +00:00
Kurt Zeilenga
1aae2ffb46 Remove discrete right macro (not used) 2000-03-17 01:48:44 +00:00
Dmitry Kovalev
f28e0c1967 update Win32 build environment to support back-sql 2000-03-16 19:58:36 +00:00
Kurt Zeilenga
91f292bc00 Delete SLAPD_DISCRETE_ACI 2000-03-16 19:15:21 +00:00
Kurt Zeilenga
6141b1eebe Delete (again) unneeded discrete-aci flag and regenerate... 2000-03-16 19:14:48 +00:00
Dmitry Kovalev
8dc136ddd6 update Unix build environment to support back-sql
2 more steps left: add back-sql directory itself, and update Win32 build environment.
2000-03-16 18:54:11 +00:00
Kurt Zeilenga
17527368d1 work args of ldap_negotiated_sasl_bind_s() and provide examples
with authentication id and authorization ids.  Note: this routine
doesn't actually negotiate anything.  It likely should be renamed
ldap_sasl_auth_s() or ldap_sasl_bind_multistep() or something.
2000-03-14 02:54:08 +00:00
Kurt Zeilenga
8e6ba5831a tempnam() is available in MSVC5 2000-02-25 19:30:28 +00:00
Kurt Zeilenga
0dbaf87730 Another round of changes behind -DSLAPD_SCHEMA_NOT_COMPAT
plus these changes unhidden changes:
	remove now meaning --enable-discreteaci configure option
	fix ITS#451, slapd filters
	Add ber_bvecadd() to support above
	constify ldap_pvt_find_wildcard() and misc slapd routines
	renamed some slap.h macros
	likely broken something
2000-02-14 20:57:34 +00:00
Kurt Zeilenga
6968ede534 ITS#450: teach LDBM/GDBM about cursors 2000-02-11 02:05:14 +00:00
Kurt Zeilenga
9dde98577d Move ldap_unicode_t to ldap_pvt.h, typedef to ldap_ucs2_t for now.
ldap_ucs2_t is a short.  The unicode routines may break if
sizeof(short) != 2...
2000-01-27 05:27:36 +00:00
Kurt Zeilenga
4eb13130a9 typedef ber_int_t ldap_ucs4_t 2000-01-27 01:04:17 +00:00
Kurt Zeilenga
ed9969b1c4 Make ldap_utf8_bytes() act like strlen() not sizeof() 2000-01-23 23:33:01 +00:00
Kurt Zeilenga
42cc5e5333 Fix bugs in UTF-8 code. Apply to getdn and charray. 2000-01-23 23:07:24 +00:00
Kurt Zeilenga
61b509d881 Add some robustness to UTF-8 routines. 2000-01-23 18:43:30 +00:00
Kurt Zeilenga
16c903909c Add comments to UTF-8 declarations.
Add US ASCII optimizations macros.
#ifdef out unused routines
Ready to hack getdn.c and others to support UTF-8
2000-01-23 05:35:38 +00:00
Kurt Zeilenga
22ba55371e Move ldap_utf8_*() declarations from ldap-int.h to ldap_pvt.h.
We may likely want to expose the routines at a later date (ldap_utf8.h?).
2000-01-22 21:09:24 +00:00
Kurt Zeilenga
9ac0eab126 remove UNSPECIFIED_TLS... HOST implies ldap:// 2000-01-14 01:08:15 +00:00
Kurt Zeilenga
9c4c8e8c1f Regenerate using proper tools. 2000-01-13 23:02:51 +00:00
Kurt Zeilenga
0426431639 Fix --enabel-kbind=auto --without-kerberos detection 2000-01-11 04:20:59 +00:00
Kurt Zeilenga
fb49e2771e --disable-kbind --disable-kpasswd should imply --without-kerberos
under "auto" selection.  If not auto, just warn.
Rebuild configure using appropriate tools.
2000-01-08 19:23:26 +00:00
Kurt Zeilenga
6437785a82 Initial implementation of Kerberos password verification for
simple bind via:
	{KERBEROS}principal
Code is disabled by default (for security reasons).  Use
--enable-kpasswd to enable.  Behind SLAPD_KPASSWD.
Reworked Kerberos detection and split out KBIND as independent
feature (--disable-kbind) (LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND).
KBIND depends upon detection of KRB4 (or KRB425) support.  Detection,
building with eBones (as distributed with FreeBSD 3.4) okay, but
wasn't able to test as I don't have a K4 KDC handy.
--with-kerberos has a number of detection options... most likely
don't work properly.
2000-01-08 18:42:11 +00:00
Luke Howard
5a0bbd7eed Imported <ldap.h> in <ldap_pvt.h> so ldap_pvt_sasl_bind() has necessary
types. Changed const sasl_callback_t * to LDAP_CONST sasl_callback_t *.
2000-01-05 12:56:17 +00:00
Luke Howard
a466a64318 Added support for connecting to LDAP servers located using DNS
SRV records. Added lock around resolver library which is shared
by the DNS SRV code and the getdxbyname() code.
2000-01-03 02:33:22 +00:00
Luke Howard
57b62dc7d4 Added ldap_pvt_sasl_bind() prototype to ldap_pvt.h. This
required importing sasl.h into ldap_pvt.h, thus that import
was removed from ldap-int.h.
2000-01-03 00:15:30 +00:00
Luke Howard
9b4e3b2234 Merged in preliminary support for Cyrus SASL library;
support for DCE slash-delimited, left-to-right DNs;
support for a domain socket transport (enable with
--enable-ldapi); and extensions to URL parsing to
support the latter transport.
2000-01-02 01:21:25 +00:00
Kurt Zeilenga
33e50afb6b Don't reference draft 1999-12-18 19:50:38 +00:00
Kurt Zeilenga
a3d0b9d667 Fix 2 vs 4 typo 1999-12-18 19:49:39 +00:00
Kurt Zeilenga
e56a2a8d78 Remove old DLL IMPORT/EXPORT macros 1999-12-18 19:49:13 +00:00
Kurt Zeilenga
c061aaa81c Temporary fix for BEOS.
tcp_read/write should not be used.
1999-12-17 21:31:44 +00:00
Kurt Zeilenga
e808aa49cb Add #ifndef GDBM_NOLOCK clause to LDBM_NOLOCKING 1999-12-17 18:43:02 +00:00
Kurt Zeilenga
37d28e7d0d Add ber_bvstr and ber_bvstrdup string to berval allocators. 1999-12-17 05:37:33 +00:00
Kurt Zeilenga
e495b982af Add LDAP_RES_EXTENDED_PARTIAL tag 1999-12-14 00:47:20 +00:00
Kurt Zeilenga
235d5e56e8 Clarify that the contents of this file need not be update by the
installer.
1999-12-14 00:30:02 +00:00
Kurt Zeilenga
b1639dadd6 Remove lint
Add copyrights
1999-12-13 04:53:59 +00:00
Kurt Zeilenga
fe5608c4d5 Wrap request/response bervals in a sequence. 1999-12-11 19:33:45 +00:00
Mark Valence
e0e7e9842e client/server controls added to ldap_start_tls(). 1999-12-10 18:26:12 +00:00
Kurt Zeilenga
431dad371c Fix slapd SASL/ExternalOps encoding
Add controls to extended ops API signatures, need impl.
Update password to support optional server side generation of
new password, verification of old password, and changing of
non-bound user's passwords.
1999-12-10 04:52:32 +00:00
Mark Valence
454284f1ea Adds for Start TLS functionality on slapd and LDAP C API. 1999-12-09 22:33:22 +00:00
Kurt Zeilenga
36a6f6d99b Add TAG defines for X_CHANGE_PASSWD ID, OLD, NEW.
Relocated modify struct to be next to other structs.
1999-12-09 17:00:54 +00:00