mirror/openldap
2
0
Fork 0
mirror of https://git.openldap.org/openldap/openldap.git synced 2025-01-06 10:46:21 +08:00
Code Issues Packages Projects Releases Wiki Activity
7,313 Commits 38 Branches 307 Tags 74 MiB
3a17376dfd
Commit Graph

3508 Commits

Author SHA1 Message Date
Jong Hyuk Choi
4b48c05a8e LDAP Client Update Protocol - non-persistent update (TODO: response control ...) 2002-09-04 02:00:42 +00:00
Pierangelo Masarati
5d50463376 optimize duplicate detection based on mods and existing values count 2002-09-03 15:12:36 +00:00
Kurt Zeilenga
69ba1a21bc Extend checks to substrings rules. Need to kludge around 
LDAP's kludged builtin substrings rules.
 2002-09-03 07:28:57 +00:00
Kurt Zeilenga
8a5b200c44 Add appropriate matching rule checks. 
Clean up syntax error reporting.
 2002-09-03 07:01:09 +00:00
Howard Chu
3099d89d9e Don't use sasl_set_alloc on Cyrus 2, it manages all of its memory 
internally and we don't want to get in the way.
 2002-09-02 22:25:26 +00:00
Kurt Zeilenga
3e1a896928 Update comment 2002-09-02 22:07:23 +00:00
Pierangelo Masarati
d3ca441ae8 /* 
* The original code performs ( n ) normalizations
 * and ( n * ( n - 1 ) / 2 ) matches, which hide
 * the same number of normalizations.  The new code
 * performs the same number of normalizations ( n )
 * and ( n * ( n - 1 ) / 2 ) mem compares, far less
 * expensive than an entire match, if a match is
 * equivalent to a normalization and a mem compare ...
 *
 * This is far more memory expensive than the previous,
 * but it can heavily improve performances when big
 * chunks of data are added (typical example is a group
 * with thousands of DN-syntax members; on my system:
 * for members of 5-RDN DNs,

 members         orig            bvmatch (dirty) new
 1000            0m38.456s       0m0.553s        0m0.608s
 2000            2m33.341s       0m0.851s        0m1.003s

 * Moreover, 100 groups with 10000 members each were
 * added in 37m27.933s (an analogous LDIF file was
 * loaded into Active Directory in 38m28.682s, BTW).
 *
 * Maybe we could switch to the new algorithm when
 * the number of values overcomes a given threshold?
 */
 2002-09-02 19:41:03 +00:00
Pierangelo Masarati
eb38db1be5 various fixes and improvements 2002-09-02 19:39:31 +00:00
Pierangelo Masarati
857d08ea21 use bvmatch() instead of ber_bvcmp() when testing for match without ordering 2002-09-02 19:39:06 +00:00
Kurt Zeilenga
132506e13c Add NOOP search support. 2002-09-02 17:38:17 +00:00
Kurt Zeilenga
af183089b8 unifdef -DSLAP_X_MRA_MATCH_DNATTRS 2002-09-01 00:33:20 +00:00
Kurt Zeilenga
b5f51ed4a5 have get_mra use mr_usable_with_at() as well 2002-08-31 21:39:42 +00:00
Kurt Zeilenga
c6052ac8b0 Add mr_usable_with_at() routine. Use both in generation 
of rule uses, but also in test_filter_mra()
 2002-08-31 21:23:45 +00:00
Kurt Zeilenga
5c61f55faa Make sure we don't expose hidden attribute types in rule uses 2002-08-31 20:49:50 +00:00
Kurt Zeilenga
e9a71156cc Add matching rule use support where assertion syntax != value syntax 2002-08-31 20:42:25 +00:00
Kurt Zeilenga
04c71ce9b2 List approximates as well in rule uses. 
Don't yet list ordering rules yet, these require special attention (and
hence are not marked MR_EXT yet)
 2002-08-31 19:25:41 +00:00
Kurt Zeilenga
d6ac7ac544 Fix last commit. 
Also add uses where mr is the attribute's equality rule.
 2002-08-31 19:17:54 +00:00
Kurt Zeilenga
2908cdff11 MR_EXT rules can be used with any type whose syntax is same as 
the syntax's assertion syntax.
 2002-08-31 19:05:36 +00:00
Kurt Zeilenga
6c7104c82b Don't hide matchingRuleUse's description (now implemented) 
Use attribute's cname not oid in matching rule uses
 2002-08-31 18:41:21 +00:00
Pierangelo Masarati
966dd1bdca definitely fix NOOP in back-bdb 2002-08-31 17:03:42 +00:00
Pierangelo Masarati
0d5fe062e2 improved support for NOOP; add is fine, the other write funcs still need work 2002-08-31 12:00:39 +00:00
Pierangelo Masarati
a0c54f1625 use ldap_charray_add instead of dedicated helper; get rid of dependency from ldap-int.h 2002-08-31 11:14:15 +00:00
Pierangelo Masarati
71aecea2aa fix bitwise matching (courtesy of Luke Howard) 2002-08-31 10:56:27 +00:00
Pierangelo Masarati
804a111fbd add {create,modify}Timestamp to subschema subentry (SHOULD per RFC2251; use server startup time to be conservative) 2002-08-31 10:49:03 +00:00
Pierangelo Masarati
aea52e5bc9 define macros for appropriate sizing of lutil buffers 2002-08-31 10:48:02 +00:00
Pierangelo Masarati
e2ec62f09f add matchingRuleUse to schema; use a berval instead of _oidlen in syntax and matching rule 2002-08-31 10:45:22 +00:00
Pierangelo Masarati
c76b36254c cleanup comments 2002-08-31 10:41:49 +00:00
Pierangelo Masarati
c8cfbca64d fix extendedMatch and approx hfilter andling; get rid of subtree_cond (argh, need to trim it from config and docs ...) 2002-08-31 10:39:23 +00:00
Pierangelo Masarati
a1bb43946b better handling of children_cond 2002-08-31 10:38:29 +00:00
Pierangelo Masarati
95a99bd522 trace illegal condition in backsql_strfcat 2002-08-31 10:37:42 +00:00
Pierangelo Masarati
685363e880 add 'children_cond' config statement 2002-08-31 10:36:16 +00:00
Pierangelo Masarati
b0dfd89e1b added referral support to back-{ldap,meta}; need to allow send_serch_reference() handle NULL entry pointer 2002-08-31 10:35:23 +00:00
Pierangelo Masarati
501cd4c611 fix extendedMatch values return filter control 2002-08-31 10:29:03 +00:00
Kurt Zeilenga
b04483a6a2 We don't support substrings matching via extensibleMatch 2002-08-30 19:30:58 +00:00
Howard Chu
70673417f2 Fix debug statement 2002-08-30 14:28:45 +00:00
Howard Chu
c4f74ac639 Fix crash in mra_free, freeing ber-private value. 2002-08-30 12:38:50 +00:00
Howard Chu
0614b5fdbf Fix unindent commit 2002-08-30 11:48:47 +00:00
Howard Chu
4a3a557827 Use DB_NODUPDATA when adding IDs. Silence log for DB_NOTFOUND in delete_key, 
let caller log it if they care.
 2002-08-30 11:37:43 +00:00
Howard Chu
9d4f5e13e8 Unindented a level. Fixed logging of keys. 2002-08-30 11:21:20 +00:00
Howard Chu
f32803e738 Don't mask DB_KEYEXIST errors in bdb_idl_insert_key, let dn2id see them. 
Ignore DB_KEYEXIST and DB_NOTFOUND errors in key_change.
 2002-08-30 10:41:46 +00:00
Kurt Zeilenga
81420d4f91 Yet another bug fix... this one from Luke. 2002-08-29 19:54:17 +00:00
Pierangelo Masarati
a8bf275221 cleaner handling of unchecked limit support 2002-08-29 19:43:29 +00:00
Kurt Zeilenga
ecfb311f8f Fix objectSubClassIndexer bug 2002-08-29 18:05:49 +00:00
Pierangelo Masarati
58b860a15e fix server-size controls handling in back-{ldap,meta} 2002-08-29 15:07:18 +00:00
Pierangelo Masarati
7e2317c842 add server side controls to back-ldap and back-meta 2002-08-29 14:39:31 +00:00
Pierangelo Masarati
e7d2d0a9f5 avoid zero size ch_malloc() when no attributes are present in vrFilter 2002-08-29 13:32:28 +00:00
Pierangelo Masarati
82cb585d32 trim unused var 2002-08-29 12:41:07 +00:00
Pierangelo Masarati
c38f1a63b0 this test is useless, since noop is masked SLAP_CTRL_UPDATE 2002-08-29 12:17:28 +00:00
Howard Chu
20f6bae612 Use sockbuf_max_incoming_auth after successful Bind 2002-08-29 11:53:37 +00:00
Pierangelo Masarati
fbc11bd16a - added the capability to filter based on hasSubordinate attribute 
to back-bdb, back-ldbm and back-sql (the latter with limitations);
- added handling of ":dn" attributes to extended rfc2254 filters
  and to matched value filter
- altered the behavior of get_mra() when a matching rule is given:
  now it checks whether it is compatible with the attribute syntax
  and, in case it is, the given mr is used.  In case of no type,
  the check is delayed when filtering
 2002-08-29 10:55:48 +00:00
Pierangelo Masarati
f4c5362955 add bdb_hasSubordinates() helper 2002-08-29 10:50:53 +00:00
Pierangelo Masarati
d855f97372 cleanup 2002-08-29 10:50:12 +00:00
Pierangelo Masarati
a32f8c079a cleanup hasSubordinate operational attr merge 2002-08-29 10:49:41 +00:00
Pierangelo Masarati
b16ee02a49 optimize subschema attribute merge 2002-08-29 10:49:11 +00:00
Pierangelo Masarati
f1eb3e39ec use appropriate attr list when matching value of operational attrs 2002-08-29 10:45:48 +00:00
Pierangelo Masarati
24171e1fe2 fix match result bug 2002-08-29 10:45:24 +00:00
Pierangelo Masarati
e53d272b3f cleanup error check logic; don't deref be->controls when it's NULL 2002-08-29 10:43:39 +00:00
Pierangelo Masarati
9ee916bdec fix backend initialization (including ITS#2048) 2002-08-29 10:32:48 +00:00
Howard Chu
7cdb6866cf Two more bervals instead of strings... 2002-08-29 08:47:53 +00:00
Howard Chu
4d36fd5a3e Fix ITS#1991 - referrals with sarch base == target (wasn't sure at first, 
but see diff -r1.6 -r1.7 and it's obvious.)
 2002-08-29 08:43:23 +00:00
Kurt Zeilenga
923d033c99 Finish adding subclassing indexing support 2002-08-29 02:27:15 +00:00
Kurt Zeilenga
1086ffb438 Round one of subclass indexing for objectClass and structualObjectClasss. 
add soc_cname to ObjectClass structure
 2002-08-29 01:12:59 +00:00
Kurt Zeilenga
bfa89d6e15 Include lber_pvt.h 2002-08-28 16:47:04 +00:00
Howard Chu
9c4f89c6f7 Added no-op sasl_client_auth if SASL_VERSION_MAJOR < 2. 2002-08-28 08:33:24 +00:00
Kurt Zeilenga
aa36f5d049 cleanup 2002-08-28 07:30:57 +00:00
Howard Chu
3cb7a09eb0 Added check for Cyrus SASL sasl_version() 2002-08-28 07:12:22 +00:00
Howard Chu
1602bc3aa1 Fix ITS#2047 - link ldbm.lo directly when building back-ldbm as a module 2002-08-28 02:50:30 +00:00
Kurt Zeilenga
288f0f4f6d Add another safety check 2002-08-27 17:51:35 +00:00
Howard Chu
9fa8eded08 ITS#2040 - in bdb_idl_fetch_key() use a large enough buffer to get the 
entire IDL at once, to avoid triggering BDB resource leaks.
 2002-08-27 15:11:04 +00:00
Kurt Zeilenga
aa602e0adc Return other. 2002-08-27 05:51:35 +00:00
Kurt Zeilenga
6ec6115119 Fix bug in last commit 2002-08-27 02:43:00 +00:00
Kurt Zeilenga
433eb54dc7 no structuralObjectClass is not a schema violation, but an 
internal error.  It *should* have been added.
 2002-08-27 02:28:15 +00:00
Kurt Zeilenga
11236eae56 Clean up some structuralObject checks to improve readability. 
Functionality not changed (excepting one error message).
 2002-08-27 01:55:09 +00:00
Kurt Zeilenga
00003ac539 Fix comment 2002-08-27 01:35:43 +00:00
Kurt Zeilenga
522ee4a038 Only add LASTMOD attributes if they don't exist in input. 2002-08-27 01:27:42 +00:00
Howard Chu
9f5b28baf3 Remove c_sasl_bindmutex, Binds are already serialized. 2002-08-26 22:20:30 +00:00
Kurt Zeilenga
2c4cfd7c27 remove lint 2002-08-26 20:11:19 +00:00
Kurt Zeilenga
9be4df6b7c Prevent buffer overflow 2002-08-26 20:10:45 +00:00
Kurt Zeilenga
1c5725010e Add a Connection pointer to the Operation. 2002-08-26 19:29:34 +00:00
Kurt Zeilenga
fb7ac08ada cleanup 2002-08-26 19:13:44 +00:00
Kurt Zeilenga
6f8a3919a1 Fix last commit. 2002-08-26 18:07:58 +00:00
Kurt Zeilenga
af4cb85d8b Prevent unlocking unlocked sasl_bindmutex... 2002-08-26 18:06:55 +00:00
Pierangelo Masarati
d9da0f2bb8 silence annoying warning (BTW: who initializes be?) 2002-08-26 17:37:33 +00:00
Howard Chu
53b194fa32 Fix oc_filter, it could exit early before counting the full depth of the 
filter tree. Also, only give special treatment to objectclass=*.
 2002-08-26 12:04:53 +00:00
Kurt Zeilenga
08059f1633 zap charray 2002-08-25 16:53:20 +00:00
Howard Chu
5ff509f2d3 Fix previous commit, BDB_REUSE_LOCKERS was inside a BDB version #ifdef 
but is not version-dependent.
 2002-08-25 11:06:35 +00:00
Howard Chu
1524f86778 Fix ITS#2044 duplicate search results due to broken bdb_idl_union 2002-08-25 10:18:01 +00:00
Howard Chu
5d9479a3e8 Add debug if bdb_cache_entry_db_lock fails to get a lock 
to assist in diagnosing ITS#1986
 2002-08-24 19:23:30 +00:00
Howard Chu
d6449b1d57 Experimental code that uses one locker ID per thread. Seems to work OK, 
is enabled by default. #undef BDB_REUSE_LOCKERS in back-bdb.h to disable.
Probably needs to be disabled when built with NO_THREADS.
 2002-08-24 08:11:08 +00:00
Howard Chu
925714ceef Experimental cruft to propagate valid Operation to SASL callbacks. 
If you have a better way, jupm on in...
 2002-08-24 07:34:50 +00:00
Howard Chu
1d7ee4471f Pass Operation to backend_attribute - should have been doing this all along. 2002-08-24 07:31:14 +00:00
Howard Chu
8c30114d84 Added thread-pool getkey/setkey functions 2002-08-24 05:39:43 +00:00
Kurt Zeilenga
e259c3c938 Zap 2002-08-24 00:55:56 +00:00
Kurt Zeilenga
23efa07a99 use ldap_charray_*() instead of charray_*() 2002-08-24 00:55:24 +00:00
Kurt Zeilenga
c67781d0ea use ldap_charray_free() instead of slapd's charray_free() 2002-08-24 00:40:25 +00:00
Howard Chu
77783bb4b7 Fix typo in previous commit. (Benign, code was #if'd out anyway.) 2002-08-23 22:29:08 +00:00
Pierangelo Masarati
f11c6b27e7 Final run of changes to back-sql; IBM db2 support has been tested. 
Now related ITSes need be audited and possibly closed.

Enhancements:
  - re-styled code for better readability
  - upgraded backend API to reflect recent changes
  - LDAP schema is checked when loading SQL/LDAP mapping
  - AttributeDescription/ObjectClass pointers used for more efficient
    mapping lookup
  - bervals used where string length is required often
  - atomized write operations by committing at the end of each operation
    and defaulting connection closure to rollback
  - added LDAP access control to write operations
  - fully implemented modrdn (with rdn attrs change, deleteoldrdn,
    access check, parent/children check and more)
  - added parent access control, children control to delete operation
  - added structuralObjectClass operational attribute check and
    value return on search
  - added hasSubordinate operational attribute on demand
  - search limits are appropriately enforced
  - function backsql_strcat() has been made more efficient
  - concat function has been made configurable by means of a pattern
  - added config switches:
      - fail_if_no_mapping	write operations fail if there is no mapping
      - has_ldapinfo_dn_ru	overrides autodetect
      - concat_pattern		a string containing two '?' is used
				(note that "?||?" should be more portable
				than builtin function "CONCAT(?,?)")
      - strcast_func		cast of string constants in "SELECT DISTINCT					statements (needed by PostgreSQL)
      - upper_needs_cast	cast the argument of upper when required
				(basically when building dn substring queries)

Todo:
  - add security checks for SQL statements that can be injected (?)
  - re-test with previously supported RDBMs
  - replace dn_ru and so with normalized dn (no need for upper() and so
    in dn match)
  - implement a backsql_normalize() function to replace the upper()
    conversion routines
  - note that subtree deletion, subtree renaming and so could be easily
    implemented (rollback and consistency checks are available :)
  - implement "lastmod" and other operational stuff (ldap_entries table ?)
 2002-08-23 08:54:08 +00:00
Pierangelo Masarati
7b4b4b34c4 fixed bug in reading size/time limits without style, in the form 'size=number', 'time=number' 2002-08-23 08:50:34 +00:00
Pierangelo Masarati
a038ef68e6 added attr_merge/value_add functions that dela with single attribute; bervals for '*', '+' and '1.1' made available 2002-08-23 08:49:19 +00:00
Pierangelo Masarati
ff4edfa054 added assertions to catch helper function misuse 2002-08-23 08:46:45 +00:00