Luke Howard
30d946959e
Set SLAPI_BIND_CREDENTIALS for bind preoperation plugin
2003-01-21 08:35:48 +00:00
Luke Howard
53ced8a648
Allow SLAPI bind plugins to set the authorization identity, at least for
...
simple binds
2003-01-21 06:30:38 +00:00
Luke Howard
8e8b4093f5
Mark Sun ONE 5.x SLAPI plugin types to avoid collisions
...
Rename internal slapi_XXX API to slapi_x_XXX
Always set result code/matched/error text in operation parameter block
to make available to postoperation plugins
2003-01-21 02:46:55 +00:00
Luke Howard
d484a9781c
Conform SLAPI to Netscape, iPlanet and Sun ONE Directory Server
...
behaviour:
1. Plugins never return LDAP result codes, instead they return a
small integer (0 or -1, others for special cases)
2. Preoperation plugins can abort processing by returning a non-
zero value to the frontend
3. Postoperation plugins never abort processing (all are called)
and their return values are ignored
2003-01-20 23:18:11 +00:00
Kurt Zeilenga
6d1ca4c747
Remove values match v. filter struct field macro overloads
...
Use LDAP_SLISTs instead of per-struct list management for schema structs
misc cleanup and lint removal
2003-01-20 20:21:17 +00:00
Kurt Zeilenga
bcd7306877
ITS#2268: SASL/ANONYMOUS fixes from kuenne@rentec.com
2003-01-20 18:09:46 +00:00
Luke Howard
6a5f29b60a
Use new SLAPI API for setting associated parameters associated with the
...
Connection, Operation and Backend structures.
Ensure that SLAPI_MODIFY_MODS is set to an array of LDAPMods.
2003-01-19 15:30:10 +00:00
Kurt Zeilenga
6939c53170
Happy new year
2003-01-03 20:20:47 +00:00
Pierangelo Masarati
e9a74cffba
slapi used the old version of the LDAP_LOG macro (caught by Howard)
2002-12-27 14:59:01 +00:00
Pierangelo Masarati
1b70e16448
SLAPI - Netscape plugin API for slapd - based on patch contributed by Steve Omrani <somrani@us.ibm.com> as ITS#2073
2002-12-07 17:19:29 +00:00
Kurt Zeilenga
390cdcfbc2
Add AUTHZ stats logging
2002-11-11 18:55:45 +00:00
Kurt Zeilenga
023d0e2a5c
Rework unprotected simple bind checks
2002-10-08 19:03:18 +00:00
Kurt Zeilenga
36fca96695
if "disallow bind_simple_unprotected", require at least SSF of 2
2002-10-08 01:06:49 +00:00
Pierangelo Masarati
857d08ea21
use bvmatch() instead of ber_bvcmp() when testing for match without ordering
2002-09-02 19:39:06 +00:00
Howard Chu
20f6bae612
Use sockbuf_max_incoming_auth after successful Bind
2002-08-29 11:53:37 +00:00
Howard Chu
9f5b28baf3
Remove c_sasl_bindmutex, Binds are already serialized.
2002-08-26 22:20:30 +00:00
Kurt Zeilenga
6f8a3919a1
Fix last commit.
2002-08-26 18:07:58 +00:00
Kurt Zeilenga
af4cb85d8b
Prevent unlocking unlocked sasl_bindmutex...
2002-08-26 18:06:55 +00:00
Pierangelo Masarati
d9da0f2bb8
silence annoying warning (BTW: who initializes be?)
2002-08-26 17:37:33 +00:00
Howard Chu
925714ceef
Experimental cruft to propagate valid Operation to SASL callbacks.
...
If you have a better way, jupm on in...
2002-08-24 07:34:50 +00:00
Kurt Zeilenga
84fe0ad051
Log successful SASL bind (ITS#2017)
2002-08-13 03:49:21 +00:00
Howard Chu
a073e28510
Fix setting c_authz_backend for SASL binds:
...
in slap_sasl2dn, make sure it's set for base DN searches as well.
in do_bind, don't zero it during multi-stage binds.
2002-07-13 00:11:03 +00:00
Julius Enarusai
6107ba67d2
Coverted LDAP_LOG macro to use subsystem ID int values instead of string values
2002-07-11 20:33:24 +00:00
Kurt Zeilenga
ba4faad6e5
Use correct ssfs.
2002-06-18 07:31:20 +00:00
Kurt Zeilenga
9a38d98d37
Add option to disallow unprotected simple authentication.
...
Add protected simple authentication as a "strong" mechanism.
2002-06-17 22:18:27 +00:00
Howard Chu
c5c1ddb1ca
Deleted Connection->c_cdn. Use conn->c_dn instead...
2002-06-12 08:38:59 +00:00
Kurt Zeilenga
d6e7f0f630
Rework c_authzid_backend in preparation for sasl_setpass() support
2002-06-11 22:56:47 +00:00
Kurt Zeilenga
af02eee0d5
Reworking backend_check_restrictions for extensions
...
Should resolve ITS#1781.
2002-05-01 01:04:57 +00:00
Pierangelo Masarati
4a8ab5dbf2
Mostly based on patches provided by Hallvard B. Furuseth
...
ITS#1677 - cast away const warnings
ITS#1678 - unsigned char args to ctype funcs
ITS#1682 - don't redefine ldap_debug
ITS#1683 - uninitialized vars
ITS#1703 - ldo_debug initialization
ITS#1705 - unsigned testing
ITS#1706 - socklen_t args
ITS#1719 - back-tcl update (other cleanups/fixes/improvements; yet untested)
ITS#1724 - integerNormalize/integerFilter/integerIndexer bugs
ITS#1725 - libdes not required
Implement back-null (/dev/null style backend)
Cleanup some misc warnings ("%lu" format, unused/uninitialized vars,
ambiguous operator precedence)
Kurt, please regenerate configure
2002-04-08 09:43:22 +00:00
Howard Chu
4191f39037
Changed slap_authz_info.sai_mech to struct berval.
...
Changed sasl_* to use struct bervals.
2002-01-26 13:57:41 +00:00
Howard Chu
ac1332cdb8
Renamed BVarray to BerVarray. Moved slapd:bvarray_{add,free} to
...
liblber:ber_bvarray_{add,free}.
2002-01-14 01:43:17 +00:00
Howard Chu
ec46a2f33a
Use 'm' ber_scanf format where convenient
2002-01-06 06:11:01 +00:00
Howard Chu
ce7d8d26f2
Changed conn->c_cdn to struct berval.
2002-01-06 03:26:09 +00:00
Kurt Zeilenga
eaf3264184
Add some critical control checks.
2002-01-06 00:36:55 +00:00
Kurt Zeilenga
0e2af54a3f
Update copyright statements
2002-01-04 21:17:25 +00:00
Howard Chu
f52cc9bab5
Change struct berval ** to BVarray
2002-01-02 11:00:36 +00:00
Howard Chu
975a5e9a24
Added dnPretty2/dnNormalize2 using preallocated destination berval
2001-12-29 04:48:00 +00:00
Howard Chu
292c575c1f
Added dnPrettyNormal, do both Pretty and Normalize at once to save
...
some ldap_str2dn overhead.
2001-12-28 07:27:15 +00:00
Kurt Zeilenga
ef7a99ff99
Additional struct berval DN changes...
2001-12-26 23:26:55 +00:00
Kurt Zeilenga
21cecb3831
Update referral handling to use struct berval DNs.
2001-12-26 20:59:24 +00:00
Howard Chu
d474789d0d
First pass at converting bind to struct bervals
2001-12-26 11:41:38 +00:00
Kurt Zeilenga
3336619c80
More "char *" to struct berval DN changes
2001-12-25 02:30:01 +00:00
Howard Chu
70194f9ad6
Changed suffix_alias() to use struct berval * in-place.
2001-12-24 16:29:18 +00:00
Howard Chu
2f3399265c
Changed sai_dn, sai_ndn to struct berval. (Affects op->o_dn,o_ndn,
...
conn->c_dn,c_ndn, Access->a_dn_pat)
2001-12-24 15:11:01 +00:00
Howard Chu
9969058a06
Fix typo in berval commit
2001-12-24 13:47:47 +00:00
Kurt Zeilenga
0c28b66a75
use dnPretty instead of dn_pretty
2001-12-23 00:43:57 +00:00
Kurt Zeilenga
a4a1325a6a
Update BER decoding of PDU to use "o" (struct berval) instead of
...
"a" (char **)... another step towards BerValue DNs.
2001-12-22 21:52:58 +00:00
Kurt Zeilenga
d23313a068
LDAPv2 disallow and other flag changes
...
Fix compile errors
2001-12-21 04:44:34 +00:00
Howard Chu
ef0b308bea
Changed backglue configuration. Added noSubordinates arg to select_backend
...
to deal with glued subordinates.
2001-12-10 12:09:40 +00:00
Howard Chu
45aadbbbba
Eliminate unnecessary per-operation dn_normalize(o_ndn); it's already
...
done in do_bind() and there's space in the connection structure for c_ndn
already, just copy it.
2001-12-09 14:46:29 +00:00
Pierangelo Masarati
aee3600276
minor cleanup
2001-11-17 16:18:07 +00:00
Kurt Zeilenga
82fad7d0c8
First stable an implementing latest namedref specification.
...
Includes rewriting of URLs where the DN of the referral object
and the DN of the ref attribute attribute are not the same.
Also, always returns explicit DN and scope.
Currently, back-ldbm only. Needs to be ported to back-bdb.
2001-10-26 02:05:14 +00:00
Kurt Zeilenga
cc6fab319e
Add support for separate max incoming for anonymous and authenticated
...
sessions (defaults: 256K and 16M respectively).
2001-05-29 20:00:55 +00:00
Kurt Zeilenga
0fc62be316
Rework security restrictions for SASL bind
2001-02-03 03:17:22 +00:00
Gary Williams
f49fd8a98e
fix format
2001-01-17 16:35:53 +00:00
Gary Williams
d531a20f52
more new logging (finally), behind NEW_LOGGING
2001-01-11 17:11:23 +00:00
Kurt Zeilenga
dbdba34972
First-cut at manageDSAit-aware backend selection.
2000-10-21 03:29:02 +00:00
Kurt Zeilenga
2b2ee1ccbd
Return authMethodNotSupported not authUnknown for unknown
...
bind authentication method
2000-10-13 05:28:23 +00:00
Kurt Zeilenga
27b30275a6
We need to set sasl_layers prior to returning result...
2000-10-07 02:00:54 +00:00
Mark Adamson
bf1ee530ea
Implementation of SASL authorization.
2000-09-21 17:32:54 +00:00
Kurt Zeilenga
825c3c4c5c
Fix handling of optional cred
2000-09-15 00:09:44 +00:00
Kurt Zeilenga
3342ea3b49
Add more bind allow/disallow flags
2000-09-11 18:24:24 +00:00
Kurt Zeilenga
2e13824d0d
Add "allow tls_2_anon" to allow StartTLS to force session to anonymous.
...
Add "disallow tls_authc" to disallow StartTLS when session is authenticated.
Create and use connection2anonymous routine for consistency.
2000-09-08 22:59:01 +00:00
Kurt Zeilenga
4e8973e6cb
Rework bind restrictions
2000-08-28 23:37:44 +00:00
Kurt Zeilenga
102f12a71a
Restrict bind
2000-08-28 23:29:29 +00:00
Kurt Zeilenga
3e91d48127
Move authzid_backend to after restrictions checks
2000-08-28 21:28:22 +00:00
Kurt Zeilenga
9715e7f008
Add disallow and requires to man page. Fix sasl ssf handling bug.
2000-08-28 18:58:13 +00:00
Kurt Zeilenga
bf3df2f7a6
restrictops, requires, disallow knobs; ssf acls; and misc other changes
...
man pages to follow...
2000-08-28 18:38:48 +00:00
Kurt Zeilenga
1c328aa9c7
Minor typedef and other clean ups
2000-08-26 01:14:05 +00:00
Kurt Zeilenga
a50f391bb3
Working SASL security layers!
2000-07-28 00:04:07 +00:00
Kurt Zeilenga
5fc22599e2
Update SASL code to reuse context through life of session.
...
Replace 'negotiated' with 'interactive' bind
Add hooks for SASL/EXTERNAL
Disable SASL security layers
Rework SASL command line and config file parameters
2000-07-13 22:54:38 +00:00
Kurt Zeilenga
5c4cef793f
Fix error handling
2000-07-05 22:15:43 +00:00
Kurt Zeilenga
60802201e3
Const'ification
...
SASL mech removed from backend bind callback (as SASL is managed by frontend)
Changes to some backends are untested (as I don't have all dependent
software install)
2000-05-22 03:46:57 +00:00
Kurt Zeilenga
b2f56a7318
SLAPD_SCHEMA_NOT_COMPAT: framework for value_match() and value_find()
2000-05-21 22:46:51 +00:00
Kurt Zeilenga
4bc786f34b
Y2k copyright update
2000-05-13 02:47:56 +00:00
Kurt Zeilenga
643864c569
Change negotiated mechanism:
...
If application provide one, use it. If application doesn't
provide one, use best of server advertised.
Fix SASL/ANONYMOUS (not normally used, but should work)
PLAIN is not currently working... might be local to me as my
Cyrus installation is a bit hosted.
2000-05-11 20:16:26 +00:00
Kurt Zeilenga
92e2453467
A NULL (empty) SASL mechanism should not result in a protocol error.
2000-04-26 09:20:25 +00:00
Kurt Zeilenga
20351a05cc
SASL: me thinks I got the states okay... now to test.
2000-04-25 18:02:50 +00:00
Kurt Zeilenga
42a20681cc
SASL closer to working from frontend only, need to work through
...
states.
2000-04-25 17:23:54 +00:00
Kurt Zeilenga
55ae3cffd8
SASL code without backend support. Should work with
...
external store, but not yet tested. [Intent is to support
both in same server... may not be doable]
2000-04-25 16:03:17 +00:00
Kurt Zeilenga
2e22c55a6c
Fix typo in prev commit
2000-04-25 13:25:55 +00:00
Kurt Zeilenga
6f2a817d9d
bind/sasl cleanup PRIOR TO moving call from backend to frontend
2000-04-25 13:21:42 +00:00
Kurt Zeilenga
4710c74605
Rework error handling. Add error descriptions.
...
Don't use LDAP_OPERATIONS_ERROR for internal errors. Use LDAP_OTHER
instead. (more changes needed in this area)
2000-03-03 22:37:06 +00:00
Kurt Zeilenga
e96865c1a8
Reorder error detection based upon precedence
2000-03-01 22:59:34 +00:00
Kurt Zeilenga
ac7f6c2e37
Replace do_*() return -1 with return SLAPD_DISCONNECT.
...
Only return SLAPD_DISCONNECT with a send_ldap_disconnect()
was called.
Add initial code for support predetermined filter results
when filter is undefined (or known to be true or false).
2000-02-29 23:48:01 +00:00
Kurt Zeilenga
3708530620
Didn't return after returning unknown critical control.
...
Noticed that abandon and unbind don't have control support... something for
another day.
2000-02-01 01:22:06 +00:00
Luke Howard
9b4e3b2234
Merged in preliminary support for Cyrus SASL library;
...
support for DCE slash-delimited, left-to-right DNs;
support for a domain socket transport (enable with
--enable-ldapi); and extensions to URL parsing to
support the latter transport.
2000-01-02 01:21:25 +00:00
Kurt Zeilenga
d5edb4bff6
Reengineered ldappasswd(1). Uses extended operation to set
...
user password. Likely to be modified to use bind control
instead. Use of modify deprecated in favor mechanisms that
support passwords stored externally to the directory (such
as in a SASL service).
Modified slapd extended operation infrastructure to support
backend provided extended operations.
1999-12-08 04:37:59 +00:00
Howard Chu
3b49944829
Fix to avoid freeing an uninitialized pointer
1999-11-05 22:45:43 +00:00
Howard Chu
2395c6c23c
Added line to #include "ldap_pvt.h". Part of Mingw32 support.
...
See README 1.27 log.
1999-10-28 07:13:33 +00:00
Kurt Zeilenga
7a0b0b2bbf
In preparation for adding dn_rewrite()...
...
s/dn_normalize/dn_validate/
s/dn_normalize_case/dn_normalize/
1999-09-24 01:46:37 +00:00
Howard Chu
b070303a6b
Fix previous dn checkin
1999-09-19 01:29:45 +00:00
Howard Chu
f991ef04e6
Added mixed-case as well as up-cased DN argument. The behavior of back-bdb2
...
and back-ldbm are preserved, they only use the up-cased DNs. back-passwd
uses the mixed-case DN. All others are using mixed-case DN, may need more
fixing.
1999-09-18 23:40:03 +00:00
Kurt Zeilenga
403f4479bc
Add OpenLDAP RCSid to *.[ch] in clients, libraries, and servers.
...
Replace old Id as needed (back-tcl).
Leave updating of contribWare to contributors (for now).
1999-09-08 19:06:24 +00:00
Kurt Zeilenga
2a74677799
const'fication
1999-08-20 19:00:44 +00:00
Kurt Zeilenga
8ead8c5fd9
Clean up debug messages.
1999-08-19 00:40:18 +00:00
Hallvard Furuseth
6054463eeb
Minor cleanup:
...
Fix Statlog() formats, remove an implicit int, include <ctype.h> for isspace().
1999-08-07 05:36:48 +00:00
Kurt Zeilenga
9c3ed0310b
Add copyright notices.
1999-08-06 23:07:46 +00:00
Kurt Zeilenga
354d49fb9a
List supportedSASLmechanisms based upon what sasl_listmech() returns.
1999-08-03 23:23:05 +00:00
Kurt Zeilenga
f90ed5aef8
Add a little SASL framework and remove old X-DIGEST-MD5 hardcode.
...
This code is not called (yet).
1999-08-03 02:37:42 +00:00