Commit Graph

198 Commits

Author SHA1 Message Date
Howard Chu
40454ccec8 Added op->o_is_auth_check; use ACL_AUTH instead of ACL_SEARCH/ACL_READ
in access_allowed() if flag is set. Set in sasl/saslauth searches.
2003-03-10 22:07:21 +00:00
Howard Chu
65bf90ff73 Use struct berval for exop reqoid everywhere. Define berval constants
for the known exops.
2003-02-16 06:15:28 +00:00
Pierangelo Masarati
f8a1007994 (mostly blind) fix of possible leak/dangling pointer and cleanup 2003-02-07 00:46:11 +00:00
Pierangelo Masarati
9f28f12346 make sure the DN is null-terminated before normalizing it 2003-02-06 19:15:14 +00:00
Luke Howard
eee0086ab2 Add search ref callback 2003-02-01 07:05:01 +00:00
Kurt Zeilenga
bcd7306877 ITS#2268: SASL/ANONYMOUS fixes from kuenne@rentec.com 2003-01-20 18:09:46 +00:00
Kurt Zeilenga
6939c53170 Happy new year 2003-01-03 20:20:47 +00:00
Kurt Zeilenga
a3837b107a Minor cleanup 2002-12-21 22:54:25 +00:00
Kurt Zeilenga
539693f56c Correct fix 2002-12-20 17:57:00 +00:00
Kurt Zeilenga
b47d0d6b6a if 0 out bad statslog 2002-12-20 17:25:51 +00:00
Howard Chu
0e69c86461 Fix Statslog messages 2002-12-17 00:23:36 +00:00
Howard Chu
7c7daf8556 Statslog additions:
Added StatslogTest macro.
	Added attributes to modify and search Statslog.
	Added Statslog of SASL authcid.
2002-12-16 12:14:37 +00:00
Kurt Zeilenga
7be4d566d7 cleanup 2002-12-13 00:18:54 +00:00
Howard Chu
88adbc8691 Fix ITS#2234 canonicalization bug 2002-12-12 13:49:25 +00:00
Luke Howard
a6edb2ae36 Treat all EXTERNAL DNs are already normalized. 2002-12-04 04:13:20 +00:00
Kurt Zeilenga
da76c1951e First-cut proxy authorization support. 2002-12-03 06:11:32 +00:00
Howard Chu
3260b26717 Fix ITS#2200, must use SASL creds exactly as received 2002-11-28 16:16:05 +00:00
Howard Chu
ca4764ccfa ITS#2202, set SASL_SUCCESS_DATA on sasl_server_new(). 2002-11-27 03:49:04 +00:00
Howard Chu
36c915a134 Fix ITS#2200, revert patch in rev 1.128. SASL/Kerberos4 requires a patch
to Cyrus SASL lib/server.c, can't fix it here.
2002-11-27 03:46:42 +00:00
Julius Enarusai
fe569dbb75 Converted ch_malloc and ch_calloc calls to SLAP_MALLOC and SLAP_CALLOC. 2002-11-19 18:24:18 +00:00
Howard Chu
24f1a11cde Fix sasl_server_start invocation, must pass NULL cred when credlen is 0. 2002-11-01 02:14:55 +00:00
Kurt Zeilenga
27cb98d28d Remove lint 2002-10-09 23:35:45 +00:00
Howard Chu
73207c7110 Replace HACK in slap_sasl_canonicalize with safer test. 2002-09-05 11:01:12 +00:00
Howard Chu
3099d89d9e Don't use sasl_set_alloc on Cyrus 2, it manages all of its memory
internally and we don't want to get in the way.
2002-09-02 22:25:26 +00:00
Kurt Zeilenga
bfa89d6e15 Include lber_pvt.h 2002-08-28 16:47:04 +00:00
Howard Chu
9c4f89c6f7 Added no-op sasl_client_auth if SASL_VERSION_MAJOR < 2. 2002-08-28 08:33:24 +00:00
Kurt Zeilenga
aa36f5d049 cleanup 2002-08-28 07:30:57 +00:00
Howard Chu
3cb7a09eb0 Added check for Cyrus SASL sasl_version() 2002-08-28 07:12:22 +00:00
Howard Chu
925714ceef Experimental cruft to propagate valid Operation to SASL callbacks.
If you have a better way, jupm on in...
2002-08-24 07:34:50 +00:00
Kurt Zeilenga
23efa07a99 use ldap_charray_*() instead of charray_*() 2002-08-24 00:55:24 +00:00
Howard Chu
505a141c75 Use search callbacks in slap_sasl_checkpass and slap_auxprop_lookup,
use ACL_AUTH for acl checks.
2002-08-20 05:32:54 +00:00
Pierangelo Masarati
3a26ef5bbb silence warnings 2002-08-16 16:33:22 +00:00
Howard Chu
e14f471a27 Add #include "lutil.h" for lutil_str* functions 2002-08-06 02:36:34 +00:00
Kurt Zeilenga
d38d19edc1 Fix lutil_str*() warnings 2002-08-05 17:56:13 +00:00
Kurt Zeilenga
eb581e43e7 Fix for:
SASL regex segmentation faults with group based acls (ITS#1978)
based, in part, by patch submitted by Simon Wilkinson <simon@sxw.org.uk>.
2002-07-28 07:27:55 +00:00
Howard Chu
5a01db28e3 Moved slap_strcopy, slap_strncopy to lutil_strcopy, lutil_strncopy 2002-07-27 00:24:02 +00:00
Julius Enarusai
2168be2b4a Converted LDAP_LOG messages to use new Macro 2002-07-23 00:01:53 +00:00
Howard Chu
7fdb38bca9 Fix previous commit - the stub was never needed. 2002-07-12 23:43:46 +00:00
Howard Chu
f9cbbc6770 Fix order of params to sasl_setpass. Added initial stub for setpass to
change in-directory password.
2002-07-12 20:55:12 +00:00
Julius Enarusai
6107ba67d2 Coverted LDAP_LOG macro to use subsystem ID int values instead of string values 2002-07-11 20:33:24 +00:00
Howard Chu
07a34489c6 Added saslAuthzTo and saslAuthzFrom to system schema.
Added sasl-authz-policy config keyword to control proxy authorization.
Moved sasl-related config processing to sasl.c:slap_sasl_config().
Moved other global defs used only in saslauthz.c into saslauthz.c.
2002-06-14 08:10:14 +00:00
Howard Chu
a5cd5535e8 Fix typo in previous commit 2002-06-12 04:12:51 +00:00
Howard Chu
6d1a322f73 Finished slap_sasl_setpass for Cyrus 1.5; Cyrus 2.1 is incomplete.
Added conn->c_sasl_dn, streamlined slap_sasl_bind.
2002-06-12 04:05:48 +00:00
Kurt Zeilenga
1410b3e7d9 An almost complete slap_sasl_setpass() 2002-06-12 00:13:29 +00:00
Howard Chu
856e21296a Cleanup log msg 2002-05-12 19:21:12 +00:00
Howard Chu
2d94a2016c Check for NULL before comparing authcid 2002-05-12 18:42:43 +00:00
Howard Chu
d7060d19f3 Skip processing if canonicalization is invoked redundantly (SASL PLAIN).
Truncate large username instead of failing with SASL_BUFOVER; we only care
about the DN anyway. (SASL 2 only)
2002-05-12 18:40:37 +00:00
Howard Chu
aea521bec2 Fix, SASL authzIDs might not be NUL-terminated. prop names must only be
set once; setting erases all existing values.
2002-05-11 20:19:55 +00:00
Howard Chu
da7a5a8e79 Fix typo in 1.97 2002-05-11 19:24:04 +00:00
Howard Chu
dfae2441eb Cleaned up getdn normalization 2002-05-11 08:07:18 +00:00
Howard Chu
379f84ba47 Fix previous commit, free in wrong place 2002-05-11 06:58:13 +00:00
Howard Chu
b057507e23 Cleanup HAVE_TLS dependencies, cleanup username with embedded realm handling 2002-05-10 19:26:35 +00:00
Howard Chu
da36670ea3 Don't use slap_empty_bv in structures that are expected to be free'able. 2002-05-08 23:16:17 +00:00
Howard Chu
fbe4785c5a Delete unused CANON_BUF_SIZE #define 2002-05-07 23:29:19 +00:00
Howard Chu
6f47e13147 Cyrus 2 support now requires Cyrus 2.1.3. Adds support for in-directory
SASL secrets. (Only works with plaintext userpassword tho.)
2002-05-07 23:08:23 +00:00
Howard Chu
cef9fcf78b Fix check for "anonymous" in sasl_getdn 2002-04-27 03:44:23 +00:00
Howard Chu
8a5423ea8d deleted sasl_external_x509dn_convert; X509 DNs are always converted to
normalized LDAP DNs now.

Changed dnDCEnormalize to dnX509normalize, added dnX509peerNormalize,
based on new ldap_X509dn2bv() etc.
2002-04-18 12:26:36 +00:00
Howard Chu
b3c7c9e3ce Delete more unused code, no need to fetch REALM in slap_sasl_bind 2002-04-17 19:47:34 +00:00
Kurt Zeilenga
7ee5d2612b Fix ssf declaration 2002-04-17 17:56:30 +00:00
Howard Chu
1dea5905c6 More SASL DN simplification. No more "dn:" prefix used anywhere internally. 2002-04-17 07:56:46 +00:00
Howard Chu
1bbd51da77 ITS#1712, rewritten dn_openssl2ldap(). Added dnDCEnormalize(), used by
dn_openssl2ldap() and sasl_external_x509dn_convert. Fixed realm handling
for foreign Kerberos realms embedded in usernames.
2002-04-16 08:46:25 +00:00
Howard Chu
66602e8faa Fix name canonicalization and authorization for Cyrus SASL 2.x 2002-04-14 04:27:46 +00:00
Howard Chu
a73ffbe3cd Previous commit included undesired changes. 2002-04-14 04:15:17 +00:00
Howard Chu
9b958147f8 Fix previous commit, == instead of != 2002-04-13 17:27:02 +00:00
Howard Chu
17433a8412 Fix ITS#1722 - IPv4 addresses also need to be massaged for sasl_server_new. 2002-04-11 10:04:29 +00:00
Howard Chu
70d4ef9a85 ITS#1714 dn->bv_val malloc len+1 2002-04-05 06:34:15 +00:00
Kurt Zeilenga
2f7858044e ITS#1636 fix 2002-03-11 03:05:43 +00:00
Kurt Zeilenga
ec34550487 Note that we likely need to make some of this conditional. 2002-02-11 20:33:27 +00:00
Kurt Zeilenga
d23c559646 Don't use 'shtool mkln' as ln(1) replacement.
Allow both <sasl/sasl.h> and <sasl.h>
2002-02-11 08:28:51 +00:00
Kurt Zeilenga
f3548d371f notes needs for future additions 2002-02-11 01:58:36 +00:00
Kurt Zeilenga
5e31e90c74 Fix compile error properly 2002-02-10 18:05:04 +00:00
Kurt Zeilenga
b315d8af34 Update Cyrus SASL detection to always look for <sasl.h> regardless
of version and then try -lsasl2 and -lsasl.  Make SASL code
conditional on SASL_VERSION_MAJOR, not HAVE_CYRUS_SASL.
2002-02-10 17:51:19 +00:00
Howard Chu
8a4e92b259 Support for Cyrus SASLv2. Untested. 2002-02-10 14:27:23 +00:00
Kurt Zeilenga
14662be692 Add whoami extended operation.
Add no-op control (needs backend implementation)
Updated modify password extended option API
Kludged control infrastructure to support frontend only controls
2002-01-28 20:25:30 +00:00
Howard Chu
4191f39037 Changed slap_authz_info.sai_mech to struct berval.
Changed sasl_* to use struct bervals.
2002-01-26 13:57:41 +00:00
Kurt Zeilenga
20af643fc4 more cleanup 2002-01-16 04:40:41 +00:00
Kurt Zeilenga
0e2af54a3f Update copyright statements 2002-01-04 21:17:25 +00:00
Kurt Zeilenga
c603bc3946 use sizeof instead of strlen/hardcoded-consts 2002-01-02 17:04:09 +00:00
Kurt Zeilenga
cddf7e0e00 More struct berval DN changes
decrease dependency on dn_validate/dn_normalize
2001-12-27 07:13:13 +00:00
Kurt Zeilenga
ef7a99ff99 Additional struct berval DN changes... 2001-12-26 23:26:55 +00:00
Howard Chu
826056e75b More thorough backend_destroy. Added config_destroy. Destroy slap_listeners.
Plugged other small leaks.
2001-12-15 12:05:58 +00:00
Howard Chu
d0b1ca692a Minor strlen cleanup 2001-12-09 13:57:55 +00:00
Pierangelo Masarati
aee3600276 minor cleanup 2001-11-17 16:18:07 +00:00
Mark Adamson
e0ff8d6782 fix various memory leaks 2001-11-05 23:14:42 +00:00
Kurt Zeilenga
61de99937f ldif.h include cleanup 2001-09-25 00:03:24 +00:00
Kurt Zeilenga
22688a7ad6 Minor cleanup of last commit 2001-09-18 18:24:47 +00:00
Kurt Zeilenga
7a18352c06 Patch for SASL EXTERNAL. Needs to be tested with other mechanisms. 2001-09-18 07:44:18 +00:00
Howard Chu
bb06fd8d6b Fix crashes for SASL/EXTERNAL binds:
in slap_sasl_getdn, test id, not dn. dn is still NULL
  also, don't check for trailing slash
  in slap_sasl_bind, initialize reslen to 0
2001-09-18 03:10:05 +00:00
Mark Adamson
fac77083cc Skip over the "dn:" prefix when passing a DN to dn_normalize(). 2001-08-29 23:01:24 +00:00
Gary Williams
e565505f21 fix logging macros (thanks Mei) 2001-02-02 13:49:26 +00:00
Mark Adamson
68ab73a0f5 Make sure the variable used for SASL REALM is initialized, in case of no REALM. 2001-01-23 19:18:03 +00:00
Kurt Zeilenga
65cdfa68f0 Fix more typos 2001-01-22 22:03:44 +00:00
Kurt Zeilenga
a4f37d6303 Fix typo 2001-01-22 21:10:54 +00:00
Kurt Zeilenga
28d1dbd8ac Add "sasl-external-x509dn-convert" configuration option aimed
at providing authid TLS/X.509 to LDAP DN mapping.  Experimental.
2001-01-19 00:47:32 +00:00
Kurt Zeilenga
1302713f09 Fix SASL_REALM bug
Minor cleanup of logging code, variable scope
2001-01-19 00:01:25 +00:00
Mark Adamson
6b4ec38178 Change the SASL DN's from cn=authzid to cn=auth 2001-01-18 20:05:15 +00:00
Gary Williams
f49fd8a98e fix format 2001-01-17 16:35:53 +00:00
Gary Williams
ffcdc6d11d More new logging (Behind NEW_LOGGING) 2001-01-15 19:17:29 +00:00
Mark Adamson
2231d5e64e Make SASL authorization work for NULL, "u:", and "dn:" authz strings. 2000-11-30 22:00:15 +00:00
Kurt Zeilenga
b285814f8e Fix layer installation 2000-10-12 19:02:31 +00:00