Kurt Zeilenga
2e13824d0d
Add "allow tls_2_anon" to allow StartTLS to force session to anonymous.
...
Add "disallow tls_authc" to disallow StartTLS when session is authenticated.
Create and use connection2anonymous routine for consistency.
2000-09-08 22:59:01 +00:00
Kurt Zeilenga
2c342e894c
Minor change to connection error handling
2000-09-08 18:46:18 +00:00
Kurt Zeilenga
f97482e10f
Fix authz bug introduced by last change
2000-09-05 19:45:06 +00:00
Kurt Zeilenga
c8c969a184
Rework connection lock code to avoid unnecessary lock reaquire
2000-09-05 19:11:27 +00:00
Kurt Zeilenga
488189aed2
Fix SSF ACLs
2000-09-05 18:48:09 +00:00
Kurt Zeilenga
309c458ed4
Experimental fix for deadlock
2000-09-02 00:19:06 +00:00
Kurt Zeilenga
553a78e2ee
Don't drain after TLS failure.... causes busy forever loop
2000-08-30 22:08:19 +00:00
Kurt Zeilenga
bf3df2f7a6
restrictops, requires, disallow knobs; ssf acls; and misc other changes
...
man pages to follow...
2000-08-28 18:38:48 +00:00
Kurt Zeilenga
1c328aa9c7
Minor typedef and other clean ups
2000-08-26 01:14:05 +00:00
Kurt Zeilenga
20a67a2dbc
needs ldap_pvt.h
2000-08-17 04:20:12 +00:00
Howard Chu
0f8047b95e
Implemented ldap_pvt_tls_get_peer() for use with SASL/EXTERNAL.
...
Added ldap_pvt_tls_get_strength() - return encryption strength, for
use as a SASL session security factor.
2000-08-16 23:27:41 +00:00
Kurt Zeilenga
a50f391bb3
Working SASL security layers!
2000-07-28 00:04:07 +00:00
Kurt Zeilenga
b213ce3a69
Remove cruft
2000-07-27 20:12:16 +00:00
Kurt Zeilenga
e7e7bca4c0
Fix typo
2000-07-23 21:22:19 +00:00
Kurt Zeilenga
5bca08d716
Store sasl callbacks in session handle so that they can properly freed.
2000-07-15 00:01:09 +00:00
Kurt Zeilenga
5fc22599e2
Update SASL code to reuse context through life of session.
...
Replace 'negotiated' with 'interactive' bind
Add hooks for SASL/EXTERNAL
Disable SASL security layers
Rework SASL command line and config file parameters
2000-07-13 22:54:38 +00:00
Kurt Zeilenga
1f1993989a
s/enable-unix/enable-local/
...
s/LDAP_PF_UNIX/LDAP_PF_LOCAL/
s/AF_UNIX/AF_LOCAL/
s/PF_UNIX/PF_LOCAL/
2000-07-09 21:49:36 +00:00
Kurt Zeilenga
b7d1b10bca
Minor cleanup
2000-06-14 21:11:56 +00:00
Kurt Zeilenga
ec426532b2
Reworked thread code to better support thread-library specific
...
r/w locks and thread pools. Hide internal structures (using
pthread'ish technics). Place common code in threads.c. Move
no-thread code to thr_stub.c. Move thread pool code to tpool.c.
Removed setconcurrency call from initializer, added 'concurrency'
directive to slapd. Tested code under pthreads, pth, and no-threads.
2000-06-13 02:42:13 +00:00
Mark Valence
3cad129608
Removed active_threads count and associated mutex/cond. Replaced with
...
ldap_pvt_thread_pool_backload() as needed. All tests run OK on pthre
ads (linux), cthreads, NT threads, and Pth.
2000-06-10 06:40:03 +00:00
Kurt Zeilenga
55dba4395f
Update PF_INET6 and PF_UNIX detection, both default to auto
2000-06-09 23:09:51 +00:00
Kurt Zeilenga
88848d3aea
~ NULL was a bad idea.
2000-06-08 03:12:14 +00:00
Kurt Zeilenga
61be4bd0c8
remove pointer v. int lint from ber_sockbuf_ctrl.
2000-06-08 01:08:01 +00:00
Mark Valence
7ec6a4363f
Use thread pool for operation threads.
2000-06-07 19:27:33 +00:00
Mark Valence
bac87c2562
Bug fix for new sockbuf code under NT. Added mutex protection against
...
deadlock in connection_resched.
2000-06-04 04:29:07 +00:00
Kurt Zeilenga
c23536faa9
remove lint
2000-06-01 22:01:00 +00:00
Kurt Zeilenga
2e0912622b
ITS#537: lber io rewrite from Gambor Gombas.
...
Copyright 2000 Gábor Gombás. All rights reserved.
This is free software. You may redistribute and use it under the same
terms as OpenLDAP itself.
2000-06-01 20:59:21 +00:00
Kurt Zeilenga
60802201e3
Const'ification
...
SASL mech removed from backend bind callback (as SASL is managed by frontend)
Changes to some backends are untested (as I don't have all dependent
software install)
2000-05-22 03:46:57 +00:00
Kurt Zeilenga
b2f56a7318
SLAPD_SCHEMA_NOT_COMPAT: framework for value_match() and value_find()
2000-05-21 22:46:51 +00:00
Kurt Zeilenga
4bc786f34b
Y2k copyright update
2000-05-13 02:47:56 +00:00
Howard Chu
f0c4f83ea2
libldap/tls.c: change tls_verify_cb to no longer ignore verification errors.
...
This means a ldaps connection may drop before any LDAP protocol exchange
occurs (due to expired cert, unrecognized CAs, etc.).
Change ldap_pvt_tls_connect to copy any TLS error string to ld_error upon
connection failure, otherwise client just sees "can't contact LDAP server."
slapd/connection.c: add flush/delay when SSL_accept fails, to allow any
TLS alerts we generated to propagate back to the client. (Which will then
be picked up by ldap_pvt_tls_connect on the client...)
2000-05-10 17:07:09 +00:00
Kurt Zeilenga
42a20681cc
SASL closer to working from frontend only, need to work through
...
states.
2000-04-25 17:23:54 +00:00
Kurt Zeilenga
55ae3cffd8
SASL code without backend support. Should work with
...
external store, but not yet tested. [Intent is to support
both in same server... may not be doable]
2000-04-25 16:03:17 +00:00
Kurt Zeilenga
10588da3c5
Print tag with SASL in progress operations error.
2000-03-02 01:20:00 +00:00
Kurt Zeilenga
ddb9755ba7
Move handling of operations errors due to submission of
...
non-bind requests while a multi-step SASL bind process
is under to connection.c. Return LDAP_OPERATIONS_ERROR,
not LDAP_SASL_BIND_IN_PROGRESS.
2000-03-02 00:59:10 +00:00
Kurt Zeilenga
ac7f6c2e37
Replace do_*() return -1 with return SLAPD_DISCONNECT.
...
Only return SLAPD_DISCONNECT with a send_ldap_disconnect()
was called.
Add initial code for support predetermined filter results
when filter is undefined (or known to be true or false).
2000-02-29 23:48:01 +00:00
Luke Howard
9b4e3b2234
Merged in preliminary support for Cyrus SASL library;
...
support for DCE slash-delimited, left-to-right DNs;
support for a domain socket transport (enable with
--enable-ldapi); and extensions to URL parsing to
support the latter transport.
2000-01-02 01:21:25 +00:00
Mark Valence
bb693fd1b5
Bug fix: re-used Connection have TLS value for previous conn.
1999-12-09 21:06:42 +00:00
Kurt Zeilenga
64e8eeaa95
Slight modification to last commit to cast %ld args to long
1999-10-20 00:25:04 +00:00
Howard Chu
f0b0fe9f94
Fix stupid "got <garbage> of 0 so far" debug message after ber_get_next.
1999-10-19 12:15:42 +00:00
Kurt Zeilenga
7a0b0b2bbf
In preparation for adding dn_rewrite()...
...
s/dn_normalize/dn_validate/
s/dn_normalize_case/dn_normalize/
1999-09-24 01:46:37 +00:00
Kurt Zeilenga
403f4479bc
Add OpenLDAP RCSid to *.[ch] in clients, libraries, and servers.
...
Replace old Id as needed (back-tcl).
Leave updating of contribWare to contributors (for now).
1999-09-08 19:06:24 +00:00
Hallvard Furuseth
4a5e2febed
Some constification & lint removal
1999-09-04 21:15:49 +00:00
Howard Chu
193d30bf84
In previous commit - change strerror() to STRERROR().
...
Use strerror() if available.
1999-08-29 02:59:29 +00:00
Howard Chu
a60406860f
Use strerror()
1999-08-29 01:50:12 +00:00
Kurt Zeilenga
0afcadc4dd
Remove misplaced asserts. connection_resched changes connection state
...
to UNUSED without holding connections mutex. It's not safe for
connection_init to check connection state until after acquires the
c_mutex.
1999-08-27 19:31:42 +00:00
Kurt Zeilenga
9bf50242c3
Plug ber leakage:
...
result was leaking ber's in some error cases. ber_flush now called
with no freeing so that caller of send_ldap_ber() can free its own ber.
c->c_currentber was also being leaked if connection was destory
current when a PDU input was outstanding.
Fixed ber_flush to free ber upon write only to file.
1999-08-27 05:45:53 +00:00
Kurt Zeilenga
9e82379b6e
More CSRI malloc debugging support and destroy sockbuf fix.
...
Test008 now runs without leak.
1999-08-19 18:48:17 +00:00
Kurt Zeilenga
8ead8c5fd9
Clean up debug messages.
1999-08-19 00:40:18 +00:00
Kurt Zeilenga
34647dd8d7
Force to LDAPv3 until BIND
1999-08-13 06:09:48 +00:00