Commit Graph

7211 Commits

Author SHA1 Message Date
Kurt Zeilenga
af4cb85d8b Prevent unlocking unlocked sasl_bindmutex... 2002-08-26 18:06:55 +00:00
Pierangelo Masarati
d9da0f2bb8 silence annoying warning (BTW: who initializes be?) 2002-08-26 17:37:33 +00:00
Howard Chu
53b194fa32 Fix oc_filter, it could exit early before counting the full depth of the
filter tree. Also, only give special treatment to objectclass=*.
2002-08-26 12:04:53 +00:00
Kurt Zeilenga
08059f1633 zap charray 2002-08-25 16:53:20 +00:00
Howard Chu
5ff509f2d3 Fix previous commit, BDB_REUSE_LOCKERS was inside a BDB version #ifdef
but is not version-dependent.
2002-08-25 11:06:35 +00:00
Howard Chu
1524f86778 Fix ITS#2044 duplicate search results due to broken bdb_idl_union 2002-08-25 10:18:01 +00:00
Kurt Zeilenga
bdcba5ad3a Add link to SDF tools at CPAN. 2002-08-24 23:37:59 +00:00
Howard Chu
5d9479a3e8 Add debug if bdb_cache_entry_db_lock fails to get a lock
to assist in diagnosing ITS#1986
2002-08-24 19:23:30 +00:00
Kurt Zeilenga
7dc1e069e8 Increase res_query buffers to 64k 2002-08-24 17:03:24 +00:00
Howard Chu
d6449b1d57 Experimental code that uses one locker ID per thread. Seems to work OK,
is enabled by default. #undef BDB_REUSE_LOCKERS in back-bdb.h to disable.
Probably needs to be disabled when built with NO_THREADS.
2002-08-24 08:11:08 +00:00
Howard Chu
925714ceef Experimental cruft to propagate valid Operation to SASL callbacks.
If you have a better way, jupm on in...
2002-08-24 07:34:50 +00:00
Howard Chu
1d7ee4471f Pass Operation to backend_attribute - should have been doing this all along. 2002-08-24 07:31:14 +00:00
Kurt Zeilenga
99912c586f Remove cruft 2002-08-24 06:29:06 +00:00
Kurt Zeilenga
18e4362b07 Add ldapwhoami(1) 2002-08-24 06:28:10 +00:00
Kurt Zeilenga
dabbefd908 Add -y. 2002-08-24 06:19:39 +00:00
Kurt Zeilenga
8de258d2e2 Patch: 'ldapmodify -y file' reads password from file (ITS#2031)
================
Written by Hallvard B. Furuseth and placed into the public domain.
This software is not subject to any license of the University of Oslo.
            ================
Adapted by Kurt Zeilenga for inclusion in OpenLDAP.  My comments are
marked with enclosed with square brackets (e.g. [Kurt's comment] below.
            ================

If I run ldapmodify & co from a script, I don't want to use '-W password'
because the password shows up in the output of 'ps' for everyone,
and I can't pipe the password to 'ldapmodify -w' because -w uses
getpassphrase() which reads from the tty instead of stdin.
So I added '-y file' which reads the password from file.  The programs
exit if the file cannot be read.

[Complete contents of file is used as password.  Use:
	echo -n "secret" > password
to create a file with "secret" as the password.  The -n avoids
adding a newline (which would invalidate the password).  Note
that echo is a builtin and hence its arguments are not visible
to 'ps'.]

I changed ldapmodify, ldapmodrdn, ldapdelete, ldapsearch, ldapcompare.
I did not bother to change ldappasswd and ldapwhoami, because they
prompt for many passwords.  [I fixed up ldapwhoami.]

Rerun autoconf after applying this patch. [Done.]

Note:  I do not know if Windows NT has fstat(), so I set HAVE_FSTAT to
undef in portable.nt.  (fstat() is used to warn if the file is publicly
readable or writeable.)  [I used fstat() to set the buffer size to
read.]

[Note: using the contents of a file extends the tools to support
passwords which could not normally be provided using getpassphrase()
or via the command line.]

Hallvard B. Furuseth <h.b.furuseth@usit.uio.no>, Aug 2002.
[Kurt D. Zeilenga <kurt@openldap.org>, Aug 2002.]
2002-08-24 05:47:17 +00:00
Howard Chu
8c30114d84 Added thread-pool getkey/setkey functions 2002-08-24 05:39:43 +00:00
Kurt Zeilenga
e259c3c938 Zap 2002-08-24 00:55:56 +00:00
Kurt Zeilenga
23efa07a99 use ldap_charray_*() instead of charray_*() 2002-08-24 00:55:24 +00:00
Kurt Zeilenga
c67781d0ea use ldap_charray_free() instead of slapd's charray_free() 2002-08-24 00:40:25 +00:00
Kurt Zeilenga
86717ac2d9 NT port fixes 2002-08-24 00:37:59 +00:00
Howard Chu
77783bb4b7 Fix typo in previous commit. (Benign, code was #if'd out anyway.) 2002-08-23 22:29:08 +00:00
Pierangelo Masarati
f11c6b27e7 Final run of changes to back-sql; IBM db2 support has been tested.
Now related ITSes need be audited and possibly closed.

Enhancements:
  - re-styled code for better readability
  - upgraded backend API to reflect recent changes
  - LDAP schema is checked when loading SQL/LDAP mapping
  - AttributeDescription/ObjectClass pointers used for more efficient
    mapping lookup
  - bervals used where string length is required often
  - atomized write operations by committing at the end of each operation
    and defaulting connection closure to rollback
  - added LDAP access control to write operations
  - fully implemented modrdn (with rdn attrs change, deleteoldrdn,
    access check, parent/children check and more)
  - added parent access control, children control to delete operation
  - added structuralObjectClass operational attribute check and
    value return on search
  - added hasSubordinate operational attribute on demand
  - search limits are appropriately enforced
  - function backsql_strcat() has been made more efficient
  - concat function has been made configurable by means of a pattern
  - added config switches:
      - fail_if_no_mapping	write operations fail if there is no mapping
      - has_ldapinfo_dn_ru	overrides autodetect
      - concat_pattern		a string containing two '?' is used
				(note that "?||?" should be more portable
				than builtin function "CONCAT(?,?)")
      - strcast_func		cast of string constants in "SELECT DISTINCT					statements (needed by PostgreSQL)
      - upper_needs_cast	cast the argument of upper when required
				(basically when building dn substring queries)

Todo:
  - add security checks for SQL statements that can be injected (?)
  - re-test with previously supported RDBMs
  - replace dn_ru and so with normalized dn (no need for upper() and so
    in dn match)
  - implement a backsql_normalize() function to replace the upper()
    conversion routines
  - note that subtree deletion, subtree renaming and so could be easily
    implemented (rollback and consistency checks are available :)
  - implement "lastmod" and other operational stuff (ldap_entries table ?)
2002-08-23 08:54:08 +00:00
Pierangelo Masarati
7b4b4b34c4 fixed bug in reading size/time limits without style, in the form 'size=number', 'time=number' 2002-08-23 08:50:34 +00:00
Pierangelo Masarati
a038ef68e6 added attr_merge/value_add functions that dela with single attribute; bervals for '*', '+' and '1.1' made available 2002-08-23 08:49:19 +00:00
Pierangelo Masarati
ff4edfa054 added assertions to catch helper function misuse 2002-08-23 08:46:45 +00:00
Pierangelo Masarati
4046c4226e add upper/lower funcs that also compute the length of the string (not used yet) 2002-08-23 08:45:17 +00:00
Howard Chu
b3ddb5734b Fix indexing bug in splitting indirect blocks 2002-08-23 03:07:33 +00:00
Howard Chu
33d5c0abd7 Fix errors in replica directive 2002-08-22 20:32:09 +00:00
Howard Chu
1aa551f545 include actual ucdata.h, not the symlink. liblutil/passwd.c needs this
header file, and we now build liblutil before liblunicode.
2002-08-22 11:44:27 +00:00
Howard Chu
cd60deb4a9 OS/390 EBCDIC support 2002-08-22 04:39:59 +00:00
Howard Chu
3b9f4a82ee Added support for BDB 4.1.17 2002-08-22 04:00:06 +00:00
Kurt Zeilenga
3a15afa057 Fix abstract schema check 2002-08-22 02:27:42 +00:00
Kurt Zeilenga
1b6c3fc57f Add dumpasn1 logging to TODO. 2002-08-21 18:45:08 +00:00
Pierangelo Masarati
d4bc79864d fix previous commit 2002-08-21 18:11:30 +00:00
Jong Hyuk Choi
b81122d441 Slapadd is changed to include Operational Attributes (entryUUID, entryCSN,
creatorsName, modifiersName, createTimestamp, modifyTimestamp) when it adds
from ldif file. Month field in time format in entryCSN is changed to 1~12.
2002-08-21 00:11:32 +00:00
Kurt Zeilenga
65760c064e ITS#2004 AD lang bug fix 2002-08-20 19:08:18 +00:00
Howard Chu
505a141c75 Use search callbacks in slap_sasl_checkpass and slap_auxprop_lookup,
use ACL_AUTH for acl checks.
2002-08-20 05:32:54 +00:00
Kurt Zeilenga
e1536926b7 Quick check of LOCK_ID() return. Likely should retry... but not forever. 2002-08-20 03:10:08 +00:00
Kurt Zeilenga
9fc4a749dc More places where LOCK_ID() calls need to be checked. 2002-08-20 02:57:06 +00:00
Kurt Zeilenga
041c3700e1 fix typo in last commit 2002-08-19 07:08:59 +00:00
Kurt Zeilenga
930ecd3930 Normalized form should be pretty. 2002-08-19 07:07:25 +00:00
Kurt Zeilenga
678d686017 make dc const 2002-08-17 19:59:35 +00:00
Kurt Zeilenga
472484725f Update dn2domain() to use str2dn() instead of explode_dn() 2002-08-17 19:42:59 +00:00
Kurt Zeilenga
22ec2b9e19 cleanup 2002-08-17 02:52:39 +00:00
Howard Chu
e5091f5926 Updated register_syntax, register_matching_rule for more convenient
calling from other modules
2002-08-17 01:29:18 +00:00
Kurt Zeilenga
6e02fe2e8a Remove #if 0 code 2002-08-16 18:58:39 +00:00
Pierangelo Masarati
05348c5fc5 CHANGES:
- now all write operations appear to work correctly with PostgeSQL 7.0
- all write operations have been made transactional (atomic writes to
  entries are committed separately only in case of complete^1 success
  while all other operations are rolled-back by default)
- more cleanup and handling of exceptional conditions

TODO:
- deen to check with different databases and more up to date versions
  of both unixODBC and PostgreSQL.

^1: attribute add/modify/delete operations silently succeed if the
    appropriate add/delete proc does not exist for each attribute;
    this may be correct to hide undesired/unimplemented correspondence
    between LDAP and SQL databases; however, a more appropriate
    LDAP behavior would be a failure with LDAP_UNAVAILABLE if a
    single write operation cannot be executed for such reason
2002-08-16 16:45:24 +00:00
Pierangelo Masarati
b95ab4ac64 add function slap_modrdn2mods that prepares modifications list for delete/add old/new rdn values 2002-08-16 16:35:16 +00:00
Pierangelo Masarati
3a26ef5bbb silence warnings 2002-08-16 16:33:22 +00:00