mirror/openldap
2
0
Fork 0
mirror of https://git.openldap.org/openldap/openldap.git synced 2025-01-12 10:54:48 +08:00
Code Issues Packages Projects Releases Wiki Activity
12,345 Commits 38 Branches 307 Tags 75 MiB
25877b0d23
Commit Graph

270 Commits

Author SHA1 Message Date
Pierangelo Masarati
b34cf02488 more on fixing escaped semicolon in normalized DN 2004-05-07 02:18:08 +00:00
Pierangelo Masarati
b69a2acdf5 use fist backend only if there is no global ACL (ITS#3100) 2004-04-20 19:26:02 +00:00
Pierangelo Masarati
1c952c8a7e revert prevuos NULL o_bd commit 2004-04-20 15:18:06 +00:00
Pierangelo Masarati
30f697beeb improve dn.one="" fix 2004-04-20 14:50:16 +00:00
Pierangelo Masarati
537a4cae02 global ACLs were not used because op->o_bd is set to &backends[0] if NULL 2004-04-20 14:42:48 +00:00
Pierangelo Masarati
3c5f305a7f fix acl bug when using dn.one="" 2004-04-20 14:15:39 +00:00
Kurt Zeilenga
1372965d89 ITS#3092: Rename sl_free() and friends to slap_sl_free() 2004-04-20 03:44:57 +00:00
Pierangelo Masarati
7b65d46b1b add slapacl tool 2004-04-20 00:08:44 +00:00
Kurt Zeilenga
c7f0438044 bvalue cleanup 2004-04-08 06:49:17 +00:00
Kurt Zeilenga
44725e7303 use BER_BVNULL 2004-04-07 04:11:43 +00:00
Kurt Zeilenga
c7e89d57be swap be_isroot and be_isroot_dn symbols 2004-04-06 01:06:20 +00:00
Pierangelo Masarati
e516247068 exploit new isroot_dn helper 2004-04-05 17:31:27 +00:00
Howard Chu
35c774d3b8 Yet more for ITS#3008. Seems to work properly now. 2004-03-10 09:11:20 +00:00
Howard Chu
3853fade60 More for ITS#3008 2004-03-10 08:00:41 +00:00
Howard Chu
cac30b1855 ITS#3008 fix value-based ACLs 2004-03-10 02:59:03 +00:00
Pierangelo Masarati
006745430e allow "expand" style in peername, sockname, sockurl as well; more sanity checks 2004-03-09 19:44:14 +00:00
Pierangelo Masarati
042869366d use "expand" instead of "regex" for group ACLs that allow substring expansion, preserving backwards compatibility; add sanity checks 2004-03-09 16:33:05 +00:00
Pierangelo Masarati
a4e062ca36 apply advanced peername ACL (ITS#2907) 2004-03-08 18:49:12 +00:00
Kurt Zeilenga
3c598e89fb Happy new year 2004-01-01 19:15:16 +00:00
Luke Howard
c03a70955d Make defaulted backend available to ACL plugin pblock 2004-01-01 09:42:44 +00:00
Luke Howard
03e5db818f Fix ACL plugin bug - return value of ACL plugins was being ignored 2004-01-01 06:33:18 +00:00
Luke Howard
f289d6b7f0 Fix assertion failure if acl_check_modlist() called where op->o_bd == NULL. 
Behavior now matches access_allowed() - the first backend is used. The
code needs review, I have not tested it.
 2003-12-30 03:50:14 +00:00
Luke Howard
0549d46adf Don't require slapi to be in the path - always include slapi/slapi.h 2003-12-28 04:17:48 +00:00
Pierangelo Masarati
f2a9089e4d cleanup most of the -pedantic warnings (ITS#2884) and other small fixes 2003-12-17 20:55:46 +00:00
Luke Howard
516fd0ff50 First round of SLAPI cleanups - use slapi_int_XXX for internal functions 
(slapi_x_XXX is still reserved for exported functions that are not part
of the SLAPI specification)
 2003-12-16 15:49:31 +00:00
Pierangelo Masarati
ee34f3fb64 add to 'val[.<style>=<value>' ACLs special match styles for DN-valued attributes; add negated objectClass to attribute name lists for ACLs and partial replication 2003-12-16 00:49:10 +00:00
Kurt Zeilenga
4e15a84452 Updated notices 2003-11-27 01:17:14 +00:00
Howard Chu
01f7a7466b SLAPI fix - no-op when slapi_plugins_used == 0 2003-10-24 05:58:42 +00:00
Howard Chu
1240c70ff4 ITS#2497, implement value-level ACLs: 
access to attr=foo val.regex=bar.*
 2003-09-20 03:23:10 +00:00
Howard Chu
94e88c3700 ITS#2679 don't use cached ACL state from different attribute 2003-09-16 22:03:26 +00:00
Kurt Zeilenga
a1b9d3148e subtree ACI patch from Ralf 2003-09-09 18:37:31 +00:00
Luke Howard
0edb270b9e Support for ACL plugins 2003-08-31 08:17:21 +00:00
Howard Chu
dc41a6b37e ITS#2529 null DN in log 2003-05-22 09:22:41 +00:00
Kurt Zeilenga
231f8464d1 cleanup 2003-04-29 21:14:12 +00:00
Kurt Zeilenga
5cd994ed21 remove dnNormalize2 
replace calls to dnNormalize2 with calls to dnNormalize
 2003-04-29 18:28:14 +00:00
Luke Howard
86a18c2ea2 Don't pollute op->o_bd in access_allowed() 2003-04-18 04:57:15 +00:00
Pierangelo Masarati
194528d689 fix ACI per-thread memory management 2003-04-12 17:42:51 +00:00
Howard Chu
280fc819cf Memory context tweaks for Bind 2003-04-12 06:56:42 +00:00
Howard Chu
ece7452b05 More memory context tweaks 2003-04-11 01:29:28 +00:00
Kurt Zeilenga
c75be97ae9 #ifdef -DSLAP_NVALUES 2003-04-05 03:35:16 +00:00
Pierangelo Masarati
df29552130 fix new API leftover 2003-04-03 21:17:44 +00:00
Howard Chu
e8c58b4e7f Major API change - (SLAP_OP_BLOCKS) All request parameters are 
consolidated into the Operation structure. All reply parameters
are consolidated into the new SlapReply structure. Most operations
now have identical call signatures... Changes are not #ifdef'd,
revert to -r NO_SLAP_OP_BLOCKS if necessary to back out.
 2003-03-30 09:03:54 +00:00
Howard Chu
5ad51b6150 SLAP_NVALUES tweaks - after input, a_nvals is always populated. If there is 
no normalizer, a_nvals = a_vals.
 2003-03-24 01:56:56 +00:00
Howard Chu
3f48cabdde Fix typo 2003-03-23 15:45:06 +00:00
Kurt Zeilenga
8873006105 SLAP_NVALUES changes 
and misc cleanup
 2003-03-16 18:10:16 +00:00
Kurt Zeilenga
c0477e1532 Fix test006-acls 2003-03-15 23:02:55 +00:00
Kurt Zeilenga
3972e13fc3 NVALUES: fix a couple of value_find_ex() calls 2003-03-15 22:47:17 +00:00
Pierangelo Masarati
bfe6d806d9 (ultimately?) fix ITS#2361 2003-03-11 12:23:20 +00:00
Howard Chu
5c3909f567 ITS#2361, skip sockname, peername, peerdomain, sockurl ACLs if the 
corresponding conn->field is NULL. (overwrites previous commit.)
 2003-03-10 22:28:35 +00:00
Pierangelo Masarati
11c225d40c check conn->c_listener before use (hack to fix ITS#2361; need to review this part of slapi) 2003-03-10 22:19:32 +00:00
Howard Chu
40454ccec8 Added op->o_is_auth_check; use ACL_AUTH instead of ACL_SEARCH/ACL_READ 
in access_allowed() if flag is set. Set in sasl/saslauth searches.
 2003-03-10 22:07:21 +00:00
Kurt Zeilenga
152829be87 SLAP_NVALUES: 
schema engine updated (but not schema routines so things don't run yet)
	nvalues mostly populated, enough for tests 0-2 to pass
	schema routines needs lots of work
	modify/mods codes needs lots of work
 2003-02-27 01:54:43 +00:00
Pierangelo Masarati
937475efbf blind fix 2003-02-26 21:45:56 +00:00
Kurt Zeilenga
25886d989a Change MR flag names and add comments as to what they mean to slap.h 2003-02-26 02:55:28 +00:00
Howard Chu
cbf7b063e3 ITS#2285 string_expand for acl set 2003-01-30 20:59:47 +00:00
Kurt Zeilenga
6939c53170 Happy new year 2003-01-03 20:20:47 +00:00
Pierangelo Masarati
8e74ed4dfc fix initialization size and silence warning 2002-12-05 11:47:44 +00:00
Howard Chu
b1798f9160 Fix typo in prev commit value_find/_ex 2002-12-04 23:20:22 +00:00
Howard Chu
09679eb715 Added SLAP_MR_VALUE_NORMALIZED_MATCH, avoid redundant normalize when 
calling value_find with already-normalized DNs
 2002-12-04 18:19:46 +00:00
Howard Chu
827ea96e16 ITS#1523 enhanced ACL caching 2002-12-04 02:35:00 +00:00
Kurt Zeilenga
33248a02e1 Code cleanup (no functional changes) 2002-10-01 04:07:55 +00:00
Pierangelo Masarati
857d08ea21 use bvmatch() instead of ber_bvcmp() when testing for match without ordering 2002-09-02 19:39:06 +00:00
Howard Chu
1d7ee4471f Pass Operation to backend_attribute - should have been doing this all along. 2002-08-24 07:31:14 +00:00
Kurt Zeilenga
f10699865e consistently reduce string_expand bv_len by 1 2002-08-11 20:26:01 +00:00
Kurt Zeilenga
526d010635 Patch: add OpenLDAPaci #public# access (ITS#2005) 
================
Written by Hallvard B. Furuseth and placed into the public domain.
This software is not subject to any license of the University of Oslo.
			================

I couldn't find a way for an OpenLDAPaci to grant public access to an
entry, so I added a dnType #public# for that.  It is in the position
of subjectDn in the draft, which seems kind of stupid, so I put it
in the position of dnType instead.

Hallvard B. Furuseth <h.b.furuseth@usit.uio.no>, Aug 2002.
 2002-08-05 17:53:39 +00:00
Kurt Zeilenga
f8c0481dd4 Patch: ACL #access-id#<invalid-DN> granted access to everyone (ITS#2006) 
================
Written by Hallvard B. Furuseth and placed into the public domain.
This software is not subject to any license of the University of Oslo.
			================

There is a bug in OpenLDAPaci's "access-id":  If the specified DN is
invalid so dnNormalize2() fails, everyone gets access.
This means that e.g. "#access-id#[all]" gives public access, so it
might be considered a feature, but I fixed it anyway:-)  I guess that
means the change should be documented in the release notes, though.

See also ITS#2005 (add OpenLDAPaci #public# access).

Hallvard B. Furuseth <h.b.furuseth@usit.uio.no>, Aug 2002.
 2002-08-05 17:52:16 +00:00
Kurt Zeilenga
182dcf27e2 clean up curly matching 2002-07-28 07:37:46 +00:00
Kurt Zeilenga
8a3d02bf6b misc cleanup 2002-07-23 18:35:12 +00:00
Julius Enarusai
6107ba67d2 Coverted LDAP_LOG macro to use subsystem ID int values instead of string values 2002-07-11 20:33:24 +00:00
Kurt Zeilenga
98a2e41911 Fix ACL to dn="" bug 2002-07-11 01:35:37 +00:00
Pierangelo Masarati
bf449f33bd small cleanup 2002-06-15 18:20:41 +00:00
Pierangelo Masarati
d75249abfe define and normalize static bervals alltogether 2002-06-15 17:01:35 +00:00
Kurt Zeilenga
3e3911247b Remove lint. 2002-04-22 23:03:33 +00:00
Pierangelo Masarati
4b9fa66188 use BVC() macro (changed in BER_BVC) to initialize constant bervals 2002-04-08 18:37:37 +00:00
Pierangelo Masarati
4ca97f4118 uniform temporary buf sizes; use automatic buffers instead of heap 2002-04-08 11:09:34 +00:00
Pierangelo Masarati
440637dde7 various acl improvements/cleanups/speedups (need to be documented, though) 2002-04-03 15:42:19 +00:00
Pierangelo Masarati
ab6ad34692 the logic of this check was completely reversed; in case '*' is used, on't test the regula expression 2002-04-02 08:18:30 +00:00
Pierangelo Masarati
1658aa0893 fix counting twice the substitution length (caused berval to have wrong length, rejected by subsequent dnNormalize) 2002-03-30 15:44:30 +00:00
Pierangelo Masarati
49f324a1fa fix ITS#1671 and more 2002-03-23 16:53:44 +00:00
Howard Chu
6b0fb09e0d Fix ITS#1607, longstanding bug in group and dnattr acls, gave access 
to anonymous connections.
 2002-03-20 13:11:37 +00:00
Kurt Zeilenga
d50eb2e959 C translator portability changes (ITS#1609) 2002-02-23 23:47:37 +00:00
Pierangelo Masarati
33d5f0f8f8 honor the ber_len field to allow to exploit ldap_bv2[r]dn to handle DNs embedded in longer strings ... 2002-02-13 12:09:36 +00:00
Kurt Zeilenga
32fb8b0bff Add ACL state recording to avoid multiple evaluation of 
value-independent access controls.
 2002-02-09 05:14:17 +00:00
Kurt Zeilenga
357a2fba5b Update comment 2002-02-08 18:26:53 +00:00
Pierangelo Masarati
cf5489ff00 fixes ITS#1582 (didn't trap SLAP_MOD_SOFTADD modification type) 2002-02-06 08:41:05 +00:00
Howard Chu
5e522ca882 Changed Access.a_sockurl_pat, Connection.c_listener_url etc. 
to struct bervals
 2002-01-28 11:41:07 +00:00
Howard Chu
b6b4d837e3 Some more struct berval conversions 2002-01-28 10:11:36 +00:00
Pierangelo Masarati
f74e81aa99 check on escaped rdn separator not needed any more 2002-01-22 08:30:32 +00:00
Kurt Zeilenga
8eaaa67db0 Move {add,replace,delete}_value() routines to frontend and share. 
Add error detail reporting.
 2002-01-19 19:54:48 +00:00
Kurt Zeilenga
492762f1c5 Don't use BDB group/attribute callbacks as they may cause deadlock. 
Add code to bdb_attribute and bdb_group where use TXN id and to
provide error, but need to rework callers (and their callers) to
ensure error is properly bubbled up to the backend operation routine
handling the transaction.  Ugh.
 2002-01-17 03:58:52 +00:00
Pierangelo Masarati
52b05a5b06 more ber_*cmp optimizations 2002-01-16 19:18:41 +00:00
Kurt Zeilenga
b48c355934 Fix up last commit 2002-01-16 19:03:31 +00:00
Pierangelo Masarati
0842db2a8b fix ber_*str renaming 2002-01-16 18:50:45 +00:00
Kurt Zeilenga
7f0289a390 Move most of the new ber_*cmp routines to lber_pvt.h to keep them private, 
rework them slightly to avoid computations which might result in underflow.
Rename them for consistency with other berval routines.
Remove some utf8 lint.
 2002-01-16 18:16:15 +00:00
Pierangelo Masarati
af54eed042 added ber_[mem|case]cmp() macros for fast berval comparison; extensively used in acl and in dn_match macro at present 2002-01-16 11:36:47 +00:00
Kurt Zeilenga
5e6e27078c Change replace ACL semantics from U-Mich historical behavior. 
U-Mich allows someone with selfwrite to use replace all values
of an attribute with a value containing their DN.  Which, of course,
could than be deleted.  This behavior was carried forward in all
versions of OpenLDAP.

The new semantics separate checks for deleting all existing values
and adding new values.  It is more logical and more inline with
the common use of selfwrite.
 2002-01-15 16:23:11 +00:00
Kurt Zeilenga
f89308915a Add a default case with assert() just in case. 2002-01-14 17:25:13 +00:00
Kurt Zeilenga
9d307b4242 ITS#1530 no value replace ACL fix 2002-01-14 17:19:05 +00:00
Howard Chu
ac1332cdb8 Renamed BVarray to BerVarray. Moved slapd:bvarray_{add,free} to 
liblber:ber_bvarray_{add,free}.
 2002-01-14 01:43:17 +00:00
Pierangelo Masarati
fafce1601e consistently use dn_match macro throughout slapd 2002-01-12 18:17:13 +00:00