mirror/openldap
2
0
Fork 0
mirror of https://git.openldap.org/openldap/openldap.git synced 2024-12-27 03:20:22 +08:00
Code Issues Packages Projects Releases Wiki Activity
23,065 Commits 38 Branches 307 Tags 74 MiB
2f0883d161
Commit Graph

492 Commits

Author SHA1 Message Date
Howard Chu
3a5bde98ba Disable back-bdb native syncrepl support, enable syncprov overlay, 
remove syncrepl stuff from Operation struct
 2004-11-25 21:16:54 +00:00
Jong Hyuk Choi
7fa860ef16 Add the omitted part from the original buddy allocator commit 2004-11-24 17:46:47 +00:00
Howard Chu
47dd8d8732 Dynamic control management 2004-11-23 13:08:45 +00:00
Howard Chu
7e87f54716 Revert ITS#3353 patch, it needs to be reworked. 2004-10-06 05:51:38 +00:00
Howard Chu
fda3d6260e ITS#3353 consolidate slapd globals into a single struct 2004-10-01 07:33:16 +00:00
Pierangelo Masarati
d026e2c9f7 preformat "conn=%lu op=%lu" 2004-09-26 23:00:00 +00:00
Pierangelo Masarati
761f287943 multiple precision with BIGNUM/gmp/ulong 2004-09-26 22:58:47 +00:00
Pierangelo Masarati
55e251e6e8 lots of cleanup; few improvements; fix RDN selection bug when creating connection dynamic entries; rework entries ordering - now it's more intuitive and regular; optimize counters update 2004-09-12 22:12:58 +00:00
Pierangelo Masarati
a637926bf2 use GMP for multiple precision in counters 2004-09-11 16:15:53 +00:00
Kurt Zeilenga
d611a4b49a unifdef -UNEW_LOGGING 2004-09-04 04:54:28 +00:00
Luke Howard
2316461b93 Remove unused variable 2004-08-25 12:31:43 +00:00
Luke Howard
ea6f5bad65 This patch fixes some subtle interactions between SLAPI and syncrepl. Due to 
SLAPI always assigning connection and operation IDs of zero for internal
operations, such operations would cause a stale contextCSN to be returned from
slap_get_commit_csn(). As a result, SLAPI internal updates would be invisible
to replicas until an external update was made. Also, SLAPI internal operations
never called slap_graduate_commit_csn() which leaked pending CSNs.

Also included in this patch is a general cleanup of some of the SLAPI code.

Note that we need to use a separate mutex on conn_nextid to avoid a deadlock
where a post-operation plugin tries to acquire connections_mutex, having locked
the per-connection mutex, while the listener thread tries to acquire the
per-connection mutex (having locked connections_mutex). connection.c needs to
be fixed to acquire mutexes in the same order.
 2004-08-25 11:52:55 +00:00
Pierangelo Masarati
bde0761a04 should fix ITS#3265 2004-08-12 10:33:49 +00:00
Pierangelo Masarati
cd9a9c628d frontend stuff moved into a database structure, essentially to allow overlays to be processed before database selection; passes all tests (ITS#3080) 2004-07-26 21:26:34 +00:00
Kurt Zeilenga
7a6b0857b6 cleanup 2004-06-29 23:52:18 +00:00
Kurt Zeilenga
e5a37f2125 SLAPD_DISCONNECT v -1 cleanup 
misc other cleanup
 2004-06-23 01:04:52 +00:00
Kurt Zeilenga
4e6ed7072d cleanup 2004-06-22 19:49:00 +00:00
Pierangelo Masarati
528b6c7e25 clear pagedresults_state if reusing an inactive connection; prepare for more consistent behavior of pagedResults control 2004-06-21 21:31:55 +00:00
Howard Chu
9b38cd2572 ITS#3109 - added slap_tls_ctx 2004-04-26 01:10:49 +00:00
Kurt Zeilenga
1372965d89 ITS#3092: Rename sl_free() and friends to slap_sl_free() 2004-04-20 03:44:57 +00:00
Kurt Zeilenga
44725e7303 use BER_BVNULL 2004-04-07 04:11:43 +00:00
Howard Chu
81df94acaa Silence warning 2004-03-24 10:47:31 +00:00
Kurt Zeilenga
5ff057089b cleanup 2004-03-17 22:14:32 +00:00
Howard Chu
2821d0bdd6 Add connection_fake_init() 2004-03-17 19:33:13 +00:00
Kurt Zeilenga
3e586bd393 cleanup 2004-03-14 00:59:37 +00:00
Howard Chu
cdeda34029 Add c_conn_idx, to simplify external modules managing per-connection state 2004-03-12 18:22:37 +00:00
Kurt Zeilenga
5d0f6e75b4 Don't defer abandon due to pending 2004-02-10 00:17:21 +00:00
Kurt Zeilenga
3c1b2ed9cb ITS#2959: provide reason for deferring operation in log message 
Also, took away abandon operations blank check against deferment.
Abandon must be deferred in some cases (such as when other operations
are pending) and should be deferred in some other cases (such as too
many threads).
 2004-02-09 21:33:21 +00:00
Howard Chu
bb1a97544d ITS#2921, fix client connection handling for HAVE_WINSOCK 2004-01-15 20:20:17 +00:00
Kurt Zeilenga
3c598e89fb Happy new year 2004-01-01 19:15:16 +00:00
Kurt Zeilenga
fcad25da47 Misc code cleanup 2003-12-29 22:25:43 +00:00
Luke Howard
0549d46adf Don't require slapi to be in the path - always include slapi/slapi.h 2003-12-28 04:17:48 +00:00
Kurt Zeilenga
e9133952fb Move experimental built-in SASL behind SLAP_BUILTIN_SASL macro 2003-12-18 20:01:47 +00:00
Kurt Zeilenga
9647ccd945 Completely untested built-in EXTERNAL implementation 
Needs identity mapping and proxy authorization support
 2003-12-18 06:52:39 +00:00
Luke Howard
516fd0ff50 First round of SLAPI cleanups - use slapi_int_XXX for internal functions 
(slapi_x_XXX is still reserved for exported functions that are not part
of the SLAPI specification)
 2003-12-16 15:49:31 +00:00
Kurt Zeilenga
4bedf015f0 cleanup 2003-12-13 18:57:00 +00:00
Kurt Zeilenga
38ccdaf7a3 unifdef -DLDAP_CONTROL_PAGEDRESULTS (as it is always defined) 2003-12-08 18:16:07 +00:00
Howard Chu
74db966ebb Move SLAB_SIZE def to slap.h 2003-12-06 22:30:45 +00:00
Hallvard Furuseth
e491e9e522 Cleanup: Remove unused label 'no_co_op_free:' in connection_operation(). 2003-11-30 16:14:40 +00:00
Kurt Zeilenga
4e15a84452 Updated notices 2003-11-27 01:17:14 +00:00
Howard Chu
b179e05ea1 For previous, assert (writewaiter==0) in conn_destroy too. 2003-11-20 00:54:46 +00:00
Howard Chu
86c0f733a4 Cleanup prev commit, assert if writewaiter != 0 in init 2003-11-18 22:55:53 +00:00
Howard Chu
43a843dbf0 ITS#2832 init conn->c_writewaiter to 0 2003-11-18 22:18:33 +00:00
Kurt Zeilenga
99ba95ab92 cleanup 2003-11-18 22:11:11 +00:00
Jong Hyuk Choi
279760a467 1. Session history support 
- memory based session history to minimize sync traffic
	- when client is covered by a session history, then
      [add+delete] mode is used
	- when client cookie is not covered by the history because
      the cookie is too outdated and/or the history is truncated,
	  [add+present] mode is used
2. Sync cookie syntax : comma separated name=value pairs
	- csn=yyyymmddhh:mm:ssZ#0xSSSS#r#ssssr,sid=nnn
 2003-11-10 02:44:25 +00:00
Kurt Zeilenga
bfafd42163 Code and logging cleanup 2003-11-06 03:42:46 +00:00
Howard Chu
5ed0318b79 Fix retry on failure 2003-10-25 22:07:31 +00:00
Howard Chu
782d1be0ad Fix prev commit, don't timeout outbound connections 2003-10-25 21:14:07 +00:00
Howard Chu
08676eb49d Add support for outbound connections in main listener. 
Restructure syncrepl/persist to use outbound connection manager.
 2003-10-24 12:57:24 +00:00
Howard Chu
df74409d97 Fix prev commit 2003-10-24 06:01:55 +00:00
Howard Chu
01f7a7466b SLAPI fix - no-op when slapi_plugins_used == 0 2003-10-24 05:58:42 +00:00
Howard Chu
102d8159a7 ITS#2779, cache group ACLs per operation instead of per-connection 2003-10-23 01:23:45 +00:00
Howard Chu
7710791382 ITS#2684 keep psearch operations on the connection's active list so they 
can be located by connection_abandon() during an unexpected close. Remove
the operations in bdb_abandon() etc.
 2003-10-19 11:20:34 +00:00
Howard Chu
c9ef0da66b Don't timeout slow-running operations 2003-09-27 05:36:20 +00:00
Jong Hyuk Choi
4495320839 move c->c_n_ops_executing/completed to the right place 2003-09-25 20:14:53 +00:00
Kurt Zeilenga
99f968b597 Initial support for pre/post read controls. 
TODO:
	Fix transactional consistency
	Add client response control handling
 2003-09-16 18:56:04 +00:00
Howard Chu
41957e5129 ITS#2649, never defer Abandon requests 2003-09-13 11:15:23 +00:00
Jong Hyuk Choi
090ac0a772 unifdef LDAP_SYNC and LDAP_SYNCREPL 2003-08-27 22:16:04 +00:00
Luke Howard
c9e134f0f7 Support for SLAPI plugin extensions API. 
This API allows a plugin to associate arbitrary context with an
internal server object such as a connection or operation.

Some documentation is at:

http://enterprise.netscape.com/docs/directory/602/plugin/function.htm#1104211
 2003-07-03 19:04:18 +00:00
Jong Hyuk Choi
262f8bf11f LCUP primitive routines removed 2003-06-27 17:39:48 +00:00
Kurt Zeilenga
c249f3ac21 Fix vrFilter compile error 2003-06-10 03:30:14 +00:00
Kurt Zeilenga
12304f64e5 Merge partial and intermediate responses 2003-05-31 05:01:49 +00:00
Howard Chu
5d0ba372e5 Fix LBER_OPT_MEMCTX behavior 2003-05-28 22:17:08 +00:00
Howard Chu
f7d7700b6e ITS#2549, init memctx to NULL. Also reset ber memctx to NULL when freeing. 2003-05-25 01:32:39 +00:00
Jong Hyuk Choi
7e7429267e persistent search updates with recent changes 2003-05-20 20:21:39 +00:00
Hallvard Furuseth
6af256b8e1 Fix some Statslog()s: Add missing newlines. Print file descriptor as long. 2003-05-15 23:45:33 +00:00
Howard Chu
46e2b97757 ITS#2424 use two SASL contexts per session to conform to RFC 2222 2003-05-01 04:11:57 +00:00
Howard Chu
130f6e1b7d Memory context tweaks for other ops 2003-04-12 10:47:11 +00:00
Howard Chu
280fc819cf Memory context tweaks for Bind 2003-04-12 06:56:42 +00:00
Howard Chu
808cb504ce More memory context tweaks 2003-04-11 03:57:10 +00:00
Howard Chu
ece7452b05 More memory context tweaks 2003-04-11 01:29:28 +00:00
Howard Chu
374d919fc0 More memory context tweaks 2003-04-10 06:21:53 +00:00
Howard Chu
f897519d11 Minor cleanups 2003-04-09 23:37:00 +00:00
Howard Chu
ebecca7379 Eliminate getkey search 2003-04-09 17:34:58 +00:00
Howard Chu
065116c3a3 Just use a fixed size slab for now 2003-04-09 17:05:46 +00:00
Howard Chu
813d5c8ed8 First cut at thread-local malloc. Only used by search() for now... 
Needs work in normalizers, etc.
 2003-04-09 16:52:03 +00:00
Pierangelo Masarati
5f342a8431 silence warning 2003-04-03 23:08:47 +00:00
Howard Chu
9355dca9af Consolidated slap_callbacks into one function. Removed send_search_result. 2003-04-01 04:12:18 +00:00
Howard Chu
e8c58b4e7f Major API change - (SLAP_OP_BLOCKS) All request parameters are 
consolidated into the Operation structure. All reply parameters
are consolidated into the new SlapReply structure. Most operations
now have identical call signatures... Changes are not #ifdef'd,
revert to -r NO_SLAP_OP_BLOCKS if necessary to back out.
 2003-03-30 09:03:54 +00:00
Howard Chu
3a71bddbc4 ITS#2389 - added conn_max_pending/auth config keywords to cap the number 
of outstanding requests on a connection. Set rate limits for request
execution:
   no connection can have more than maxthreads/2 ops executing at once.
   a connection that is write-blocked will not execute any new ops.
   queued ops must drain before any new ops can execute.
If the queue exceeds the max_pending limit, the connection is closed.
...also fixed a bug where a connection was not marked active if it never
received a Bind.
 2003-03-27 03:35:46 +00:00
Howard Chu
a5a71d4e6c Cleanup previous commit 2003-03-26 17:42:27 +00:00
Howard Chu
13aafa46d8 struct co_arg is redundant, removed 2003-03-25 18:44:00 +00:00
Howard Chu
a63b8908cd ITS#2389 - stop reading requests on a conn if it has more than 
connection_pool_max/2 operations already executing. May want to tune
this to a higher value, e.g. connection_pool_max - XX, etc. Fix in
result.c throttles the connection too late, all threads are already
consumed by the time the send buffer blocks.
 2003-03-20 12:40:11 +00:00
Howard Chu
d18e0989d9 ITS#2382 use ch_calloc 2003-03-16 12:34:40 +00:00
Howard Chu
0423ec0bd6 Fix ITS#2335, RFC1798 sequence layout was wrong. 2003-02-28 13:04:16 +00:00
Howard Chu
507781eeb3 Partial fix of ITS#2335, restore proper CLDAP msg format for LDAPv2 2003-02-28 08:34:31 +00:00
Kurt Zeilenga
282f6bc32d Cancel exop updates 2003-02-09 05:54:45 +00:00
Kurt Zeilenga
48d47954a6 Rework #ifdef'ing of expermental controls to ease release engineering 
using LDAP_DEVEL (to indicate experimental) to enable experimental features
(true for HEAD unless LDAP_REL_ENG is defined)
 2003-02-08 21:53:05 +00:00
Jong Hyuk Choi
85b1783d5c LDAP Sync Operation (draft-zeilenga-ldup-sync) as a groundwork for an LDAP replication design 2003-02-05 07:37:02 +00:00
Jong Hyuk Choi
e1bf8cc437 Intermediate Response 2003-02-03 17:28:19 +00:00
Jong Hyuk Choi
4f64bd9402 LDAP cancel misc patch 2003-01-27 17:08:51 +00:00
Jong Hyuk Choi
0c43007e55 LDAP cancel operation 2003-01-25 00:36:50 +00:00
Luke Howard
eec370af52 LDAPv3 over UDP disposition is now compatible with Active Directory 
Stubs for PermitModify/NoReferrals controls; implementation coming soon
 2003-01-23 15:12:53 +00:00
Kurt Zeilenga
6939c53170 Happy new year 2003-01-03 20:20:47 +00:00
Howard Chu
870c3cb5c6 Revert previous, it was only masking the real problem. And caused more... 2002-12-17 04:56:41 +00:00
Howard Chu
b40e40ec3c undef CONNECTION_INPUT_LOOP, use DATA_READY_LOOP. Seems to help prevent 
hangs in heavy load situations.
 2002-12-11 18:36:02 +00:00
Pierangelo Masarati
1b70e16448 SLAPI - Netscape plugin API for slapd - based on patch contributed by Steve Omrani <somrani@us.ibm.com> as ITS#2073 2002-12-07 17:19:29 +00:00
Howard Chu
322a800c26 Fix ITS#2157, server should never attempt to unlink the client's socket. 
It likely has no name anyway, and the client owns it after all.
 2002-10-26 22:41:26 +00:00
Jong Hyuk Choi
15c5943edd Addition of servers/slapd/lcup.c and servers/slapd/back-bdb/lcup.c for persistent search 2002-10-25 17:57:03 +00:00
Jong Hyuk Choi
8074294f1d LCUP persistent search code drop 2002-10-25 17:51:30 +00:00
Pierangelo Masarati
956f1d16aa listener: 
- use bervals for url and sockname
- pass connection_init() the listener struct pointer instead of each value
- don't copy them in the Connection struct 'cause they're not going to change
- define macros for legacy usage of c_listener_url and c_sockname
 2002-10-24 10:03:52 +00:00
Kurt Zeilenga
3eb21d8a6c Misc cleanup 2002-09-16 21:50:55 +00:00
Howard Chu
9f5b28baf3 Remove c_sasl_bindmutex, Binds are already serialized. 2002-08-26 22:20:30 +00:00
Kurt Zeilenga
1c5725010e Add a Connection pointer to the Operation. 2002-08-26 19:29:34 +00:00
Howard Chu
925714ceef Experimental cruft to propagate valid Operation to SASL callbacks. 
If you have a better way, jupm on in...
 2002-08-24 07:34:50 +00:00
Howard Chu
8c30114d84 Added thread-pool getkey/setkey functions 2002-08-24 05:39:43 +00:00
Howard Chu
50d490be6c Revert previous commit 2002-08-07 06:37:11 +00:00
Howard Chu
6862cfd97c Don't strdup conn->authz into op, just reference directly. (Conn cannot 
be freed until after all associated ops are freed.)
 2002-08-07 05:19:55 +00:00
Julius Enarusai
6107ba67d2 Coverted LDAP_LOG macro to use subsystem ID int values instead of string values 2002-07-11 20:33:24 +00:00
Kurt Zeilenga
0fffad53c3 get data if ready 2002-07-10 22:03:32 +00:00
Howard Chu
c5c1ddb1ca Deleted Connection->c_cdn. Use conn->c_dn instead... 2002-06-12 08:38:59 +00:00
Kurt Zeilenga
d6e7f0f630 Rework c_authzid_backend in preparation for sasl_setpass() support 2002-06-11 22:56:47 +00:00
Howard Chu
ef678b179c ITS#1795 authid is uninit'd if tls_get_cert fails 2002-05-04 01:28:56 +00:00
Kurt Zeilenga
8c152396b9 Matched Values implementation (ITS#1776) based upon submission 
form Mikhail Sahalaev <M.Sahalayev@pgr.salford.ac.uk>.
Further work needed:
	add testxxx-matchedvalues
	rework ldapsearch(1) portion of patch to generalize use of options
---
Copyright 2001, Mikhail Sahalaev, All rights reserved.
This software is not subject to any license of University Of
Salford.

Redistribution and use in source and binary forms are permitted
without restriction or fee of any kind as long as this notice
is preserved.
 2002-05-02 18:56:56 +00:00
Howard Chu
0f966d2fdb Changed ldap_pvt_tls_get_my_dn and ldap_pvt_tls_get_peer_dn to store result 
in dn parameter and return a result code.

Changed dnX509peerNormalize as above. Added debug message on failure to
retrieve client DN.
 2002-04-30 13:52:49 +00:00
Howard Chu
0aa7c83a0e Fix memory leak in previous commit 2002-04-18 15:55:05 +00:00
Howard Chu
8a5423ea8d deleted sasl_external_x509dn_convert; X509 DNs are always converted to 
normalized LDAP DNs now.

Changed dnDCEnormalize to dnX509normalize, added dnX509peerNormalize,
based on new ldap_X509dn2bv() etc.
 2002-04-18 12:26:36 +00:00
Howard Chu
efecf4e121 ITS#1733 eliminate o_abandonmutex 2002-04-11 08:03:40 +00:00
Howard Chu
5c4a924f81 ITS#1735 unused conn.c_uthc_backend, include ldap_pvt.h 2002-04-11 07:42:57 +00:00
Pierangelo Masarati
c22f10f4ca don't count operations per request if back-monitor is not built 2002-04-08 19:13:13 +00:00
Pierangelo Masarati
51e33154b3 count initiated/completed operations divided per request 2002-04-08 18:41:15 +00:00
Howard Chu
5c70106657 ITS#1708 ldap_pvt_tls_sb_ctx() et al 2002-04-05 06:48:03 +00:00
Pierangelo Masarati
af3a65b924 do not print -1 as %lu 2002-03-30 08:45:21 +00:00
Kurt Zeilenga
0be4d842bc Update control framework 
Misc cleanup
NT updates
 2002-03-24 02:17:21 +00:00
Pierangelo Masarati
49f324a1fa fix ITS#1671 and more 2002-03-23 16:53:44 +00:00
Pierangelo Masarati
fa654ae447 fix ITS#1660 (issue 1) 2002-03-23 16:06:22 +00:00
Howard Chu
f181388a5e Fix ITS#1655, don't retrieve sd until we've checked for valid c_sb. 2002-03-20 23:47:08 +00:00
Howard Chu
35554dadf3 use ber_str2bv() instead of ch_strdup/strlen. 2002-03-18 08:57:59 +00:00
Kurt Zeilenga
a4635f3ada CLDAP fixes 2002-03-06 20:58:20 +00:00
Kurt Zeilenga
0a31400d63 Some misc cleanup 2002-01-29 06:06:20 +00:00
Howard Chu
5e522ca882 Changed Access.a_sockurl_pat, Connection.c_listener_url etc. 
to struct bervals
 2002-01-28 11:41:07 +00:00
Howard Chu
4191f39037 Changed slap_authz_info.sai_mech to struct berval. 
Changed sasl_* to use struct bervals.
 2002-01-26 13:57:41 +00:00
Kurt Zeilenga
9a3dcc376c Zap connection_internal_* 2002-01-13 18:05:16 +00:00
Howard Chu
f0cd9956ed readahead is only needed on UDP, don't use it on TCP. (Save unneeded memcpy) 2002-01-10 22:00:17 +00:00
Howard Chu
ce7d8d26f2 Changed conn->c_cdn to struct berval. 2002-01-06 03:26:09 +00:00
Kurt Zeilenga
0e2af54a3f Update copyright statements 2002-01-04 21:17:25 +00:00
Howard Chu
029306a5be Use ldap_queue.h instead of <ac/queue.h> 2002-01-03 00:12:46 +00:00
Howard Chu
743c402265 Changed search attrs from struct berval ** to AttributeName * 2001-12-31 11:35:52 +00:00
Howard Chu
10961151ef Use queue-compat for Connection->c_ops,c_pending_ops 2001-12-31 04:08:29 +00:00
Howard Chu
776ce133e9 More str2rdn tweaks 2001-12-30 09:42:58 +00:00
Howard Chu
2f3399265c Changed sai_dn, sai_ndn to struct berval. (Affects op->o_dn,o_ndn, 
conn->c_dn,c_ndn, Access->a_dn_pat)
 2001-12-24 15:11:01 +00:00
Howard Chu
773b3aff16 more cleanup from jon@symas.com 2001-12-18 04:52:55 +00:00
Howard Chu
45aadbbbba Eliminate unnecessary per-operation dn_normalize(o_ndn); it's already 
done in do_bind() and there's space in the connection structure for c_ndn
already, just copy it.
 2001-12-09 14:46:29 +00:00
Kurt Zeilenga
b5504a1c36 Clean up some misplaced 'extern' declarations (should be headers) 2001-12-04 19:57:09 +00:00
Pierangelo Masarati
aee3600276 minor cleanup 2001-11-17 16:18:07 +00:00
Mark Adamson
8c16d30087 optimize number of calls to slap_get_time() 2001-11-13 01:38:30 +00:00
Howard Chu
a0a24d73dc Added backend_group result caching. 2001-11-12 19:25:41 +00:00
Howard Chu
693a81e1db More CLDAP tweaks, to differentiate between real LDAPv2 CLDAP and "other" 
LDAP/UDP messages. Slapd marks received CLDAP messages as LDAP_VERSION2.
The client library can generate CLDAP queries if -Protocol 2 is chosen,
otherwise not. LDAPv2 CLDAP cannot query the slapd rootDSE, gets no reply.
 2001-10-02 01:02:23 +00:00
Howard Chu
926b454765 Set protocol to LDAP_VERSION2 on UDP session. 2001-09-28 00:49:01 +00:00
Howard Chu
647b5f84ee Resurrection/rewrite of CLDAP (RFC1798 Connectionless LDAP). 
Compile with -DLDAP_CONNECTIONLESS to use this code.
For slapd, use "-h cldap://" to listen on UDP.
For ldapsearch, use "-H cldap://" to query on UDP.
Client-side support is very minimal:
  no automatic timeout/retries
  no basedn wildcard expansion on results
  no support for specifying multiple servers at once.
 2001-09-28 00:18:40 +00:00
Kurt Zeilenga
77f776dfd1 Another round of TLS updates to support secure referral chasing 2001-06-25 19:17:42 +00:00
Kurt Zeilenga
cc6fab319e Add support for separate max incoming for anonymous and authenticated 
sessions (defaults: 256K and 16M respectively).
 2001-05-29 20:00:55 +00:00
Kurt Zeilenga
4055077607 Add simple configure support for sockbuf max incoming 2001-05-05 07:29:21 +00:00
Kurt Zeilenga
abce5abf34 Quick sb_max_incoming hack, should be configurable (likely 
with differing anonymous vs authenticated values).
 2001-05-04 21:55:07 +00:00
Gary Williams
f49fd8a98e fix format 2001-01-17 16:35:53 +00:00
Gary Williams
d531a20f52 more new logging (finally), behind NEW_LOGGING 2001-01-11 17:11:23 +00:00
Mark Adamson
466ff113e1 ITS#897, internal connections need to free their single operation struct. 2000-12-08 22:34:22 +00:00
Kurt Zeilenga
82e7b2e049 label io as "ldap_" 2000-10-14 00:12:39 +00:00
Kurt Zeilenga
f164e69baa Don't recursive lock connections_mutex in idle timeout routine 2000-09-22 18:18:39 +00:00
Kurt Zeilenga
2b82d4f486 remove lint 
update bdb codes
 2000-09-22 01:40:57 +00:00
Kurt Zeilenga
d78a515860 Fix build issues 2000-09-21 23:00:51 +00:00
Mark Adamson
bf1ee530ea Implementation of SASL authorization. 2000-09-21 17:32:54 +00:00
Kurt Zeilenga
2e13824d0d Add "allow tls_2_anon" to allow StartTLS to force session to anonymous. 
Add "disallow tls_authc" to disallow StartTLS when session is authenticated.
Create and use connection2anonymous routine for consistency.
 2000-09-08 22:59:01 +00:00
Kurt Zeilenga
2c342e894c Minor change to connection error handling 2000-09-08 18:46:18 +00:00
Kurt Zeilenga
f97482e10f Fix authz bug introduced by last change 2000-09-05 19:45:06 +00:00
Kurt Zeilenga
c8c969a184 Rework connection lock code to avoid unnecessary lock reaquire 2000-09-05 19:11:27 +00:00
Kurt Zeilenga
488189aed2 Fix SSF ACLs 2000-09-05 18:48:09 +00:00
Kurt Zeilenga
309c458ed4 Experimental fix for deadlock 2000-09-02 00:19:06 +00:00
Kurt Zeilenga
553a78e2ee Don't drain after TLS failure.... causes busy forever loop 2000-08-30 22:08:19 +00:00
Kurt Zeilenga
bf3df2f7a6 restrictops, requires, disallow knobs; ssf acls; and misc other changes 
man pages to follow...
 2000-08-28 18:38:48 +00:00
Kurt Zeilenga
1c328aa9c7 Minor typedef and other clean ups 2000-08-26 01:14:05 +00:00
Kurt Zeilenga
20a67a2dbc needs ldap_pvt.h 2000-08-17 04:20:12 +00:00
Howard Chu
0f8047b95e Implemented ldap_pvt_tls_get_peer() for use with SASL/EXTERNAL. 
Added ldap_pvt_tls_get_strength() - return encryption strength, for
use as a SASL session security factor.
 2000-08-16 23:27:41 +00:00
Kurt Zeilenga
a50f391bb3 Working SASL security layers! 2000-07-28 00:04:07 +00:00
Kurt Zeilenga
b213ce3a69 Remove cruft 2000-07-27 20:12:16 +00:00
Kurt Zeilenga
e7e7bca4c0 Fix typo 2000-07-23 21:22:19 +00:00
Kurt Zeilenga
5bca08d716 Store sasl callbacks in session handle so that they can properly freed. 2000-07-15 00:01:09 +00:00
Kurt Zeilenga
5fc22599e2 Update SASL code to reuse context through life of session. 
Replace 'negotiated' with 'interactive' bind
Add hooks for SASL/EXTERNAL
Disable SASL security layers
Rework SASL command line and config file parameters
 2000-07-13 22:54:38 +00:00
Kurt Zeilenga
1f1993989a s/enable-unix/enable-local/ 
s/LDAP_PF_UNIX/LDAP_PF_LOCAL/
s/AF_UNIX/AF_LOCAL/
s/PF_UNIX/PF_LOCAL/
 2000-07-09 21:49:36 +00:00
Kurt Zeilenga
b7d1b10bca Minor cleanup 2000-06-14 21:11:56 +00:00
Kurt Zeilenga
ec426532b2 Reworked thread code to better support thread-library specific 
r/w locks and thread pools.  Hide internal structures (using
pthread'ish technics).  Place common code in threads.c.  Move
no-thread code to thr_stub.c.  Move thread pool code to tpool.c.
Removed setconcurrency call from initializer, added 'concurrency'
directive to slapd.  Tested code under pthreads, pth, and no-threads.
 2000-06-13 02:42:13 +00:00
Mark Valence
3cad129608 Removed active_threads count and associated mutex/cond. Replaced with 
ldap_pvt_thread_pool_backload() as needed.  All tests run OK on pthre
ads (linux), cthreads, NT threads, and Pth.
 2000-06-10 06:40:03 +00:00
Kurt Zeilenga
55dba4395f Update PF_INET6 and PF_UNIX detection, both default to auto 2000-06-09 23:09:51 +00:00
Kurt Zeilenga
88848d3aea ~ NULL was a bad idea. 2000-06-08 03:12:14 +00:00
Kurt Zeilenga
61be4bd0c8 remove pointer v. int lint from ber_sockbuf_ctrl. 2000-06-08 01:08:01 +00:00
Mark Valence
7ec6a4363f Use thread pool for operation threads. 2000-06-07 19:27:33 +00:00
Mark Valence
bac87c2562 Bug fix for new sockbuf code under NT. Added mutex protection against 
deadlock in connection_resched.
 2000-06-04 04:29:07 +00:00
Kurt Zeilenga
c23536faa9 remove lint 2000-06-01 22:01:00 +00:00
Kurt Zeilenga
2e0912622b ITS#537: lber io rewrite from Gambor Gombas. 
Copyright 2000 Gábor Gombás. All rights reserved.
This is free software. You may redistribute and use it under the same
terms as OpenLDAP itself.
 2000-06-01 20:59:21 +00:00
Kurt Zeilenga
60802201e3 Const'ification 
SASL mech removed from backend bind callback (as SASL is managed by frontend)
Changes to some backends are untested (as I don't have all dependent
  software install)
 2000-05-22 03:46:57 +00:00
Kurt Zeilenga
b2f56a7318 SLAPD_SCHEMA_NOT_COMPAT: framework for value_match() and value_find() 2000-05-21 22:46:51 +00:00
Kurt Zeilenga
4bc786f34b Y2k copyright update 2000-05-13 02:47:56 +00:00
Howard Chu
f0c4f83ea2 libldap/tls.c: change tls_verify_cb to no longer ignore verification errors. 
This means a ldaps connection may drop before any LDAP protocol exchange
occurs (due to expired cert, unrecognized CAs, etc.).
  Change ldap_pvt_tls_connect to copy any TLS error string to ld_error upon
connection failure, otherwise client just sees "can't contact LDAP server."

slapd/connection.c: add flush/delay when SSL_accept fails, to allow any
TLS alerts we generated to propagate back to the client. (Which will then
be picked up by ldap_pvt_tls_connect on the client...)
 2000-05-10 17:07:09 +00:00
Kurt Zeilenga
42a20681cc SASL closer to working from frontend only, need to work through 
states.
 2000-04-25 17:23:54 +00:00
Kurt Zeilenga
55ae3cffd8 SASL code without backend support. Should work with 
external store, but not yet tested.  [Intent is to support
both in same server... may not be doable]
 2000-04-25 16:03:17 +00:00
Kurt Zeilenga
10588da3c5 Print tag with SASL in progress operations error. 2000-03-02 01:20:00 +00:00
Kurt Zeilenga
ddb9755ba7 Move handling of operations errors due to submission of 
non-bind requests while a multi-step SASL bind process
is under to connection.c.  Return LDAP_OPERATIONS_ERROR,
not LDAP_SASL_BIND_IN_PROGRESS.
 2000-03-02 00:59:10 +00:00
Kurt Zeilenga
ac7f6c2e37 Replace do_*() return -1 with return SLAPD_DISCONNECT. 
Only return SLAPD_DISCONNECT with a send_ldap_disconnect()
was called.
Add initial code for support predetermined filter results
when filter is undefined (or known to be true or false).
 2000-02-29 23:48:01 +00:00
Luke Howard
9b4e3b2234 Merged in preliminary support for Cyrus SASL library; 
support for DCE slash-delimited, left-to-right DNs;
support for a domain socket transport (enable with
--enable-ldapi); and extensions to URL parsing to
support the latter transport.
 2000-01-02 01:21:25 +00:00
Mark Valence
bb693fd1b5 Bug fix: re-used Connection have TLS value for previous conn. 1999-12-09 21:06:42 +00:00
Kurt Zeilenga
64e8eeaa95 Slight modification to last commit to cast %ld args to long 1999-10-20 00:25:04 +00:00
Howard Chu
f0b0fe9f94 Fix stupid "got <garbage> of 0 so far" debug message after ber_get_next. 1999-10-19 12:15:42 +00:00
Kurt Zeilenga
7a0b0b2bbf In preparation for adding dn_rewrite()... 
s/dn_normalize/dn_validate/
s/dn_normalize_case/dn_normalize/
 1999-09-24 01:46:37 +00:00
Kurt Zeilenga
403f4479bc Add OpenLDAP RCSid to *.[ch] in clients, libraries, and servers. 
Replace old Id as needed (back-tcl).
Leave updating of contribWare to contributors (for now).
 1999-09-08 19:06:24 +00:00
Hallvard Furuseth
4a5e2febed Some constification & lint removal 1999-09-04 21:15:49 +00:00
Howard Chu
193d30bf84 In previous commit - change strerror() to STRERROR(). 
Use strerror() if available.
 1999-08-29 02:59:29 +00:00
Howard Chu
a60406860f Use strerror() 1999-08-29 01:50:12 +00:00
Kurt Zeilenga
0afcadc4dd Remove misplaced asserts. connection_resched changes connection state 
to UNUSED without holding connections mutex.  It's not safe for
connection_init to check connection state until after acquires the
c_mutex.
 1999-08-27 19:31:42 +00:00
Kurt Zeilenga
9bf50242c3 Plug ber leakage: 
result was leaking ber's in some error cases.  ber_flush now called
with no freeing so that caller of send_ldap_ber() can free its own ber.
c->c_currentber was also being leaked if connection was destory
current when a PDU input was outstanding.
Fixed ber_flush to free ber upon write only to file.
 1999-08-27 05:45:53 +00:00
Kurt Zeilenga
9e82379b6e More CSRI malloc debugging support and destroy sockbuf fix. 
Test008 now runs without leak.
 1999-08-19 18:48:17 +00:00
Kurt Zeilenga
8ead8c5fd9 Clean up debug messages. 1999-08-19 00:40:18 +00:00
Kurt Zeilenga
34647dd8d7 Force to LDAPv3 until BIND 1999-08-13 06:09:48 +00:00
Hallvard Furuseth
6054463eeb Minor cleanup: 
Fix Statlog() formats, remove an implicit int, include <ctype.h> for isspace().
 1999-08-07 05:36:48 +00:00
Kurt Zeilenga
9c3ed0310b Add copyright notices. 1999-08-06 23:07:46 +00:00
Kurt Zeilenga
b67eb8e2be Don't have time to finish SASL right now... this is a work in progress 
but is safely tucked away behind --with-cyrus-sasl.
 1999-08-04 00:11:22 +00:00
Kurt Zeilenga
68d561a97b Add limited LDAP_INVALID_DN_SYNTAX support. dn_normalize{,_case}() now returns 
NULL does not meet basic syntax rules.
 1999-07-22 17:14:42 +00:00
Kurt Zeilenga
933908f72f ACL CHANGES: 
by <who> <access> changed to by <who>+ <access> (joined with AND)
  added peername=<regex> sockname=<regex> url=<regex>
  removed addr=<regex> (use peername instead).
replace dn_upcase with str2upper and str2lower.  Use where needed.
 1999-07-21 20:54:23 +00:00
Julio Sánchez Fernández
f0f29cd82e Backout the input exhaustion change, it loops. Still looking for 
the right way.
 1999-07-21 13:22:35 +00:00
Julio Sánchez Fernández
76227acb1f Move the input data exhaustion loop to connection.c from daemon.c 
Let transport (TLS or somesuch) force reading or writing on
sockets even if the higher layers think otherwise.
 1999-07-20 18:02:44 +00:00
Kurt Zeilenga
170836751a Namespace changes 
added slap_ and ldbm_ to many structures
  added typedefs to many structures
  used typedefs
New main.c argument parsing with ldap url support (replacing -a address).
New sockaddr_in handling and support for multiple listeners.
 1999-07-19 19:40:33 +00:00
Kurt Zeilenga
059ee8c86d (re)introduce o_connid such that STATS doesn't need c_mutex (which it 
didn't bother to acquire)...
 1999-07-16 22:24:32 +00:00
Julio Sánchez Fernández
ea8669c37d Clear c_needs_tls_acccept on ldap_pvt_tls_accept errors 1999-07-16 18:48:13 +00:00
Julio Sánchez Fernández
68b508d2f0 Move calls to ldap_pvt_tls_accept to connection_read instead of 
connection_init so that we get into the select() logic.
Make use of new flags in the connection.
BTW, and before I forget, it sort of works.  I have connected with
a Netscape client using a secure connection and did a failed
search (my test database is empty), but the trace looked correct.
Make sure you have your CA certificate in your Netscape preinstalled.
Otherwise, the connection fails with error 0xFFFFFFFF that is rather
uninformative.
 1999-07-16 15:52:17 +00:00
Julio Sánchez Fernández
6d75d0f8fb connection_init now takes one more argument that indicates whether to 
use TLS right away or not on that connection.
 1999-07-14 19:44:18 +00:00
Kurt Zeilenga
e9c2895472 Add support for unsolicited notifications. 1999-07-07 18:51:39 +00:00
Kurt Zeilenga
daf40a51c1 Abandon all operations upon receiving a BindRequest. 1999-07-02 21:42:53 +00:00
Kurt Zeilenga
b7bbc7504d More bind changes to support SASL/DIGEST. 
Added configuration support for "digest-realm <realm>" configure directive.
Added connection state and bind_in_progress fields to cn=monitor connection
attribute.
 1999-07-02 19:48:07 +00:00
Kurt Zeilenga
6f8fad20f2 Add conn/op bind_in_progress flags such that operations can detect 
if multiple step SASL binds are in progress.
 1999-07-02 00:04:47 +00:00
Kurt Zeilenga
f9db1ea889 Rework BER decoding with lieu of LDAPv3 controls (coming soon). 
Add place holder for handling LDAPv3 extended operations (coming soon).
 1999-06-30 22:43:27 +00:00
Kurt Zeilenga
14820afdd9 Reimplement connection counters. Format of "connection" attribute 
changed significantly.
 1999-06-30 02:50:40 +00:00
Kurt Zeilenga
1ee85df297 Add framework for sasl and controls. 1999-06-29 03:17:22 +00:00
Kurt Zeilenga
2660d0b42f Remove old U-Mich v3.0 and OLD_LDAP_* crud. 
Leave only LDAPv2+ and LDAPv3.
 1999-06-29 00:03:34 +00:00
Bastiaan Bakker
e2b5b21155 Added connection initialisation and destruction notification. Now backends can register functions in backend_info.bi_connection_init and backend_info.bi_connection_destroy that will be called when a connection is initialized or destroyed. 1999-06-23 12:31:35 +00:00
Kurt Zeilenga
2d720643be experimental connections_timeout_idle() implementation. 1999-06-19 03:20:01 +00:00
Kurt Zeilenga
669b8f4047 ber_int_t, ber_tag_t, ber_socket_t, ber_len_t 
added lber_types.h.nt, lber_types.h.in
removal of NULLxxx internal macros (in favor of NULL).
ch_free added to slapd,slurpd/ch_malloc.c
#define free ch_free (should be removed after s/free/ch_free/g) in proto-slap.h
ch_malloc and friends use ber_memalloc and friends
 1999-06-18 23:53:05 +00:00
Kurt Zeilenga
7e4b3bc2e7 initial commit of idletimeout code... everything but the actual timeout. 1999-06-18 22:54:19 +00:00
Kurt Zeilenga
36cb034611 Add test for resched state change in connection_get 1999-06-17 00:48:51 +00:00
Gary Williams
2ffc4b19ea check addr for NULL before copying 1999-06-16 19:15:03 +00:00
Kurt Zeilenga
61eaffeed2 connection_get forgot to unlock c_mutex in not used case! 1999-06-14 20:33:21 +00:00
Kurt Zeilenga
18e5e729ac Resched changes struct state without lock to avoid deadlock. 
Hence connection_get must recheck struct state after obtaining
c_mutex to detect close.
 1999-06-12 00:29:41 +00:00
Kurt Zeilenga
35e91be482 connection_get: 
Connection could be closed before acquiring connections_mutex.
	if c->c_struct_state == SLAP_C_UNUSED, return NULL.
 1999-06-12 00:03:39 +00:00
Kurt Zeilenga
0dda34c9e4 Add additional assert in connection get for race debugging. 1999-06-11 23:19:31 +00:00
Kurt Zeilenga
3cfd58eed8 EXPERIMENTAL: move slapd_remove to connections_read/_write as they 
acquire c_mutex.
 1999-06-11 19:10:45 +00:00
Kurt Zeilenga
35eff96dad Add Debug to help sort out race condition. 1999-06-10 22:21:51 +00:00
Kurt Zeilenga
9a0caa6258 Initialize connection pointer to NULL else won't be able to 
detect connection table full properly.
 1999-06-04 22:57:19 +00:00
Kurt Zeilenga
95889bc7d8 Fix typo in previous commit. 1999-06-04 22:15:35 +00:00
Kurt Zeilenga
d3181b56b8 Add diagnostics. 1999-06-04 21:43:06 +00:00
Kurt Zeilenga
2d1cf97a56 move connection_close call from connection_input to connection_resched 
to avoid accessing c_conn_state after close.
 1999-05-27 06:22:59 +00:00
Kurt Zeilenga
5936f97edc Make connection_first/next/done reentrant. 1999-05-27 05:52:38 +00:00
Kurt Zeilenga
f9219d3368 remove redundant memset 0 of connection entry after calloc. 1999-05-27 02:44:13 +00:00