Don't allow empty string values.
Treat string values with only spaces as one space.
DirectoryString needs more work (space handling needs
to be done post normalization).
================
Written by Hallvard B. Furuseth and placed into the public domain.
This software is not subject to any license of the University of Oslo.
================
I couldn't find a way for an OpenLDAPaci to grant public access to an
entry, so I added a dnType #public# for that. It is in the position
of subjectDn in the draft, which seems kind of stupid, so I put it
in the position of dnType instead.
Hallvard B. Furuseth <h.b.furuseth@usit.uio.no>, Aug 2002.
================
Written by Hallvard B. Furuseth and placed into the public domain.
This software is not subject to any license of the University of Oslo.
================
There is a bug in OpenLDAPaci's "access-id": If the specified DN is
invalid so dnNormalize2() fails, everyone gets access.
This means that e.g. "#access-id#[all]" gives public access, so it
might be considered a feature, but I fixed it anyway:-) I guess that
means the change should be documented in the release notes, though.
See also ITS#2005 (add OpenLDAPaci #public# access).
Hallvard B. Furuseth <h.b.furuseth@usit.uio.no>, Aug 2002.
Added sasl-authz-policy config keyword to control proxy authorization.
Moved sasl-related config processing to sasl.c:slap_sasl_config().
Moved other global defs used only in saslauthz.c into saslauthz.c.
From: h.b.furuseth@usit.uio.no
To: openldap-its@OpenLDAP.org
Subject: Patch: Bugs with back-ldap/meta mappings
Full_Name: Hallvard B. Furuseth
Version: HEAD
OS: Linux
URL: http://folk.uio.no/hbf/OpenLDAP/back-ldap.txt
Submission from: (NULL) (158.36.148.34)
The source claims the 'map' attribute has syntax
map {objectclass | attribute} {<source> | *} [<dest> | *]
while it actually has syntax
map {objectclass | attribute} [<local name> | *] {<foreign name> |
*}
except that the code is confused about it. Removed attributes are
put in both the maps for local and foreign names:
# Remove description and present title as description instead
map attribute description
map attribute description title
-->
slapd.conf: line 10: duplicate mapping found (ignored)
Also, map.c:ldap_back_map_attrs() loops forever on removed attributes
(ie. if one asks ldapsearch for an attribute which has been removed).
- Let write operations return unwilling-to-perform after
'gentle shutdown' has been initiated.
- Change -1 to 2 in slapd_gentle_shutdown and slapd_shutdown, since
sig_atomic_t can be unsigned (ITS#1736). The 'gentle SIGHUP' patch
is older than ITS#1736 but was applied later, so it reintroduced
the problem.
Hallvard B. Furuseth <h.b.furuseth@usit.uio.no>, June 2002.
================
Written by Hallvard B. Furuseth and placed into the public domain.
This software is not subject to any license of the University of Oslo.
================
It has just occurred to me - duh - that the process ID of a back-shell
command is a perfectly good unique ID for it, and more useful than
any connection id/message id thingy. Doesn't need extra arguments
to the shell commands either, except a pid: line to abandon.
And msgid: can still be removed in a future version.
Here is a patch.
Hallvard B. Furuseth <h.b.furuseth@usit.uio.no>, May 2002.
Patch: str2entry() dereferences NULL (ITS#1822)
Sorry, last patch was wrong. I didn't notice that e->e_dn
always is NULL at that point. Here is a corrected patch.
Subject: Patch: str2entry() dereferences NULL (ITS#1822)
entry.c:str2entry() prints pdn->bv_val even though pdn is always
NULL. pdn was pretty dn before version 1.80.
================
Written by Hallvard B. Furuseth and placed into the public domain.
This software is not subject to any license of the University of Oslo.
================
A surrogate parent is supposed to keep back-shell children from
deadlocking due to resources locked by a threading parent.
Implementation note: The surrogate parent closes all unused file
descriptors, so it logs errors to stderr instead of via Debug() and
uses relloc() instead of ch_realloc().
Also close a file descriptor leak if fork() fails in fork.c.
Hallvard B. Furuseth <h.b.furuseth@usit.uio.no>, May 2002.
================
Written by Hallvard B. Furuseth and placed into the public domain.
This software is not subject to any license of the University of Oslo.
================
searchexample.conf needs core.schema, otherwise it fails on the suffix
DN. searchexample.sh has a spurious 'sleep', probably from testing.
Also, I suggest 'chmod +x searchexample.sh'.
Hallvard B. Furuseth <h.b.furuseth@usit.uio.no>, May 2002.
================
Written by Hallvard B. Furuseth and placed into the public domain.
This software is not subject to any license of the University of Oslo.
================
back-passwd uses getpwent() and setpwfile(), which use static data.
It needs a mutex to make sure these operations can complete without
interference from another back-passwd call. Here is a patch.
Hallvard B. Furuseth <h.b.furuseth@usit.uio.no>, May 2002.
================
Written by Hallvard B. Furuseth and placed into the public domain.
This software is not subject to any license of the University of Oslo.
================
Here is a patch which does what I described. Of course, someone has
to decide if that is the right solution:-)
- Add an "opid:" line to the input to back-shell commands.
- Add an "abandonid: <opid> line to back-shell/abandon input.
- Replace message id with opid in back-tcl arguments.
- Add an abandonid = <opid> argument to back-tcl/abandon.
An opid (operation ID) is a "connection ID/message ID" string. I
would have liked to use another name to avoid confusion with struct
slap_op->o_opid, but I could not think of another apt word.
This also fixes ITS#1784 and ITS#1792. Since calling conventions
changed anyway, I fixed back-shell by adding abandonid: and making
opid: always be the ID of the current operation.
Hallvard B. Furuseth <h.b.furuseth@usit.uio.no>, May 2002.
form Mikhail Sahalaev <M.Sahalayev@pgr.salford.ac.uk>.
Further work needed:
add testxxx-matchedvalues
rework ldapsearch(1) portion of patch to generalize use of options
---
Copyright 2001, Mikhail Sahalaev, All rights reserved.
This software is not subject to any license of University Of
Salford.
Redistribution and use in source and binary forms are permitted
without restriction or fee of any kind as long as this notice
is preserved.
for both slapd and slurpd
Copyright 2002, John Morrissey (jwm at horde dot net), All rights reserved.
This is free software; you can redistribute and use it under the same terms
as OpenLDAP itself.
Applied with changes
================
Written by Hallvard B. Furuseth and placed into the public domain.
This software is not subject to any license of the University of Oslo.
================
perl_back_bind() should not send LDAP_SUCCESS, the frontend does that.
Hallvard B. Furuseth <h.b.furuseth@usit.uio.no>, April 2002.
Backend documentation patch, version 1
================
Most of this text is taken from OpenLDAP. The work of rewriting it
to manual pages is done by by Hallvard B. Furuseth and placed into
the public domain. This software is not subject to any license of
the University of Oslo.
================
Hallvard B. Furuseth <h.b.furuseth@usit.uio.no>, April 2002.
================
Written by Hallvard B. Furuseth and placed into the public domain.
This software is not subject to any license of the University of Oslo.
Re: Untested patch: back-tcl used wrong types (ITS#1719)
================
Written by Hallvard B. Furuseth and placed into the public domain.
This software is not subject to any license of the University of Oslo.
================
> I turned it into an automatic variable.
...and used a variable-length array. That's a gcc extension, it is not
in ANSI C89. (It is in C99 though.) You seem to be compiling without
-pedantic:-) Anyway, here is a patch to turn it back into ch_malloc(),
plus some README fixes
================
Written by Hallvard B. Furuseth and placed into the public domain.
This software is not subject to any license of the University of Oslo.
================
Bug fixes:
- acl_regex_normalized_dn(pattern):
* used pattern->bv_len even though it claimed not to,
* would walk past the end of strings that ended (incorrectly)
with a single '\'.
- style=regex checked for "^.*$$" twice but not for "^.*$".
- the code did not notice if dnNormalize2() failed, and would
(at least in one case) treat a bad DN as '*'.
Some cleanup:
- changed regtest() to return void, since the return value was unused.
- changed acl_regex_normalized_dn() to take a string input argument
instead of a half-filled berval, it looks saner that way.
Hallvard B. Furuseth <h.b.furuseth@usit.uio.no>, April 2002.
================
Written by Hallvard B. Furuseth and placed into the public domain.
This software is not subject to any license of the University of Oslo.
================
Here are fixes for more places where the argument to ctype.h functions
should be in the range of `unsigned char'.
Explanation of the last patch (to schema_init.c:bvcasechr()):
TOLOWER() and TOUPPER() return values in the range of `unsigned char',
but bvcasechr() then compares those values with a plain `char'. So I
convert the return values from TOLOWER()/TOUPPER() to `char' first.
Hallvard B. Furuseth <h.b.furuseth@usit.uio.no>, April 2002.
================
Written by Hallvard B. Furuseth and placed into the public domain.
This software is not subject to any license of the University of Oslo.
================
maildap could address buf[-1] if len was < 2.
REWRITE_SUBMATCH_ESCAPE is '%', not '\'.
librewrite and saslautz could walk past the end of a string which
ended with an escape character.
Hallvard B. Furuseth <h.b.furuseth@usit.uio.no>, April 2002.
