Commit Graph

166 Commits

Author SHA1 Message Date
Pierangelo Masarati
3a9fd69747 handle "dn=*" <what> clause 2005-05-23 20:29:01 +00:00
Howard Chu
f19a4ea9ec More value ACL style tweaks 2005-05-10 00:51:28 +00:00
Howard Chu
29a37854bf Fix acl_unparse - add missing style specifiers 2005-05-10 00:32:43 +00:00
Pierangelo Masarati
d23243a507 more on strict config parsing (ITS#3705) 2005-05-06 16:42:03 +00:00
Howard Chu
345ba007b8 Must always accept "base" for ACL_STYLE_BASE since that is always how
it gets unparsed.
2005-05-05 21:47:40 +00:00
Pierangelo Masarati
a7b82686a8 fix SIGSEGV when default style is used for "val" (ITS#3700) 2005-05-03 12:13:16 +00:00
Howard Chu
f5e36e1bbd Fix dnattr unparsing 2005-04-21 07:15:02 +00:00
Howard Chu
b5ef8ea6f4 More modify support. ACL editing works. 2005-04-19 16:39:48 +00:00
Pierangelo Masarati
98294f1125 fix access unparse (ITS#3631) 2005-04-12 23:10:48 +00:00
Pierangelo Masarati
91b4e991be cleanup & silence warnings 2005-04-11 21:35:34 +00:00
Pierangelo Masarati
53ce94a25d protect all occurrences of ACL_DISCLOSE 2005-04-09 17:00:40 +00:00
Pierangelo Masarati
4abbf9c610 implement add/delete granularity in write access (ITS#3631) 2005-04-08 00:18:24 +00:00
Pierangelo Masarati
f1698e30f5 update diagnostics and man pages 2005-04-04 12:24:50 +00:00
Pierangelo Masarati
3eb87b2faa implement "realdn" by clause in ACLs (ITS#3627; accounting for Howard's remarks) 2005-04-03 01:59:03 +00:00
Pierangelo Masarati
584b21d20b initial commit of "level" styles for "dn" and "self" by clauses (ITS#3615) 2005-03-31 18:10:11 +00:00
Howard Chu
a2a9ae725f Drop "access " from acl_unparse 2005-03-01 23:17:54 +00:00
Howard Chu
e0ca6e386e Added acl_unparse, slap_sasl_getpolicy 2005-02-22 12:02:34 +00:00
Pierangelo Masarati
b381e1bcc8 cosmetic changes 2005-01-12 14:25:08 +00:00
Pierangelo Masarati
b46518ff77 silence warning for global scoped global ACLs 2005-01-12 00:53:50 +00:00
Kurt Zeilenga
1c5d78d8dd Add "disclose" and "manage" ACL levels (but no meat).
Disclose permission intended to be used for "disclose on error"
(as in our present "none"), none being "don't disclose on error".

Manage permission is intended to be used to allow DSA IT management
(e.g., changing entryCSNs, structuralObjectClass, etc.).
2005-01-08 05:26:18 +00:00
Kurt Zeilenga
dc0eacd40b Happy New Year! 2005-01-01 20:49:32 +00:00
Pierangelo Masarati
564c34d131 fix ITS#3416 2004-12-03 08:41:06 +00:00
Pierangelo Masarati
8866a28fb3 don't yell at regex styling that wraps all the suffix in a submatch 2004-11-30 22:50:07 +00:00
Pierangelo Masarati
e79fbb88cf move ACIs under a dynamic infrastructure that allows run-time loadable custom access control logic (needs work) 2004-11-20 01:27:03 +00:00
Pierangelo Masarati
947268c5ee partially revert previous commit (the "creator" special DN pattern is redundant as "dnattr" is more expressive 2004-11-15 22:57:03 +00:00
Pierangelo Masarati
064eb88ef8 move special dn patterns to style enum; add creator special dn pattern 2004-11-15 22:15:28 +00:00
Pierangelo Masarati
6a9bf9765e add URI search to sets; documentation to come... 2004-10-07 17:05:48 +00:00
Pierangelo Masarati
4afaf4042a minor cleanup 2004-10-06 22:20:30 +00:00
Pierangelo Masarati
4204aee7b9 extend the availability of submatches to non-regex DN patterns 2004-10-06 22:03:33 +00:00
Pierangelo Masarati
cd9a9c628d frontend stuff moved into a database structure, essentially to allow overlays to be processed before database selection; passes all tests (ITS#3080) 2004-07-26 21:26:34 +00:00
Hallvard Furuseth
b81b0216a9 Split string literal to keep it below ANSI C's allowed 509-char limit. 2004-07-18 00:47:35 +00:00
Kurt Zeilenga
372a941334 add baseObject as alias for base.
cleanup
2004-06-28 06:42:00 +00:00
Kurt Zeilenga
73202e3910 Fix typo in last commit 2004-06-18 19:12:00 +00:00
Pierangelo Masarati
42f3b3d87b improve parsing - first step 2004-06-18 09:11:53 +00:00
Pierangelo Masarati
f109f1eb6d fix ITS#3140 2004-05-12 23:29:42 +00:00
Pierangelo Masarati
d40e5a365a fix DN_SEPARATOR() and clarify its use 2004-05-07 09:03:05 +00:00
Pierangelo Masarati
b34cf02488 more on fixing escaped semicolon in normalized DN 2004-05-07 02:18:08 +00:00
Pierangelo Masarati
dd0e285b12 experimental ACL scope correctness test 2004-04-20 19:16:21 +00:00
Kurt Zeilenga
44725e7303 use BER_BVNULL 2004-04-07 04:11:43 +00:00
Pierangelo Masarati
006745430e allow "expand" style in peername, sockname, sockurl as well; more sanity checks 2004-03-09 19:44:14 +00:00
Pierangelo Masarati
042869366d use "expand" instead of "regex" for group ACLs that allow substring expansion, preserving backwards compatibility; add sanity checks 2004-03-09 16:33:05 +00:00
Pierangelo Masarati
a4e062ca36 apply advanced peername ACL (ITS#2907) 2004-03-08 18:49:12 +00:00
Pierangelo Masarati
ac0d45179f log set in ACL (ITS#2949) 2004-03-08 11:09:49 +00:00
Kurt Zeilenga
3c598e89fb Happy new year 2004-01-01 19:15:16 +00:00
Pierangelo Masarati
79bc396ed8 in the <what> clause of ACLs, only 'attr=' or 'attrs=' are allowed; the former for backwards compatibility, while slapd.access(5) correctly uses only the latter form 2003-12-20 15:31:54 +00:00
Pierangelo Masarati
39574bcb5f for consistency, always allow 'onelevel' as an alias for 'one' in dnstyle 2003-12-20 15:18:21 +00:00
Kurt Zeilenga
aabcce3e58 Document +0 2003-12-19 05:06:51 +00:00
Pierangelo Masarati
4e83a282d0 improve error handling for attr val ACL syntax 2003-12-16 10:56:21 +00:00
Kurt Zeilenga
a736f237f8 Deprecate +objectClass in favor of @objectClass per IETF discussions 2003-12-16 05:55:52 +00:00
Pierangelo Masarati
ee34f3fb64 add to 'val[.<style>=<value>' ACLs special match styles for DN-valued attributes; add negated objectClass to attribute name lists for ACLs and partial replication 2003-12-16 00:49:10 +00:00