Pierangelo Masarati
3b5d411af2
fix idassert "override"
2006-05-01 22:54:07 +00:00
Pierangelo Masarati
4d894c7d24
don't idassert if proxyAuthz == boundDN (ITS#4497)
2006-04-21 21:07:31 +00:00
Pierangelo Masarati
e01743193d
more coverity issues
2006-04-14 00:17:27 +00:00
Hallvard Furuseth
7a19d8855d
Remove useless assert: unsigned lc->lc_refcnt >= 0
2006-04-13 22:20:55 +00:00
Pierangelo Masarati
bd8514fb1e
address protocol version issues (ITS#4488)
2006-04-13 16:20:00 +00:00
Pierangelo Masarati
666e0677ca
re-fix previous commit
2006-04-08 15:59:59 +00:00
Pierangelo Masarati
cc8109db06
fix previous commit
2006-04-08 14:45:19 +00:00
Pierangelo Masarati
0500576056
add support for old proxyAuthz encoding; allow to workaround buggy implementations of the new version (now RFC4370)
2006-04-08 11:12:30 +00:00
Pierangelo Masarati
6a293c65b3
line up network-timeout with back-meta
2006-04-07 09:08:37 +00:00
Pierangelo Masarati
8c1b8d3f7b
actually, if a connection is already in the AVL tree, use it if not binding; otherwise use a tainted one; taint connections that must be freed when refcnt goes to zero
2006-04-07 01:28:56 +00:00
Kurt Zeilenga
45d0479d37
Reverse last commit. Wrong tree.
2006-04-05 00:40:53 +00:00
Kurt Zeilenga
31d64d4642
No LogTest in re23
2006-04-05 00:39:46 +00:00
Pierangelo Masarati
02966c3d1c
fix handling of expired connections (ITS#4429; need to look at back-meta as well)
2006-03-29 01:26:42 +00:00
Pierangelo Masarati
bacd1f170f
leave existing controls in place if proxyAuthz is not required by idassert (ITS#4457)
2006-03-28 21:45:54 +00:00
Pierangelo Masarati
1418b2c5b1
fix previous commit: actually free the connection in case of failed bind
2006-03-25 01:12:27 +00:00
Pierangelo Masarati
fd5208c18f
destroy bind connection after failed bind (ITS#4428)
2006-03-25 00:33:42 +00:00
Pierangelo Masarati
3160c03dab
cleanup previous commit
2006-03-23 23:01:14 +00:00
Pierangelo Masarati
3437406a0b
honor "chase-referrals no" (ITS#4447)
2006-03-23 21:01:19 +00:00
Pierangelo Masarati
3861c47316
queue implicit binds (ITS#4409)
2006-03-03 16:27:00 +00:00
Kurt Zeilenga
cbc11c9233
unifdef -DLDAP_NULL_IS_NULL
2006-02-14 23:18:12 +00:00
Pierangelo Masarati
f4c578cb31
delete all conns cached for a single client->proxy connection (partially addresses ITS#4387)
2006-02-06 21:39:56 +00:00
Pierangelo Masarati
f0d6ac3e0b
debug cleanup
2006-02-04 15:50:22 +00:00
Pierangelo Masarati
54aefe30f7
implement proxy long-lived connection TTL
2006-02-01 23:10:12 +00:00
Pierangelo Masarati
7038044c91
in abnormal cases, error may be sent twice
2006-01-11 15:32:34 +00:00
Pierangelo Masarati
0dce854ce4
complete fix to back-ldap (ITS#4315?); not sure dobind should actually be treated as a bind...
2006-01-11 12:11:59 +00:00
Pierangelo Masarati
7368ffb77a
don't idassert anon2anon (ITS#4321)
2006-01-10 13:17:31 +00:00
Pierangelo Masarati
f3c2c7ba48
use slab memory for proxyauthz
2006-01-09 20:00:51 +00:00
Pierangelo Masarati
6995603a3d
refine fix to ITS#4315; apply it to back-meta as well
2006-01-09 14:20:37 +00:00
Howard Chu
8538223def
TS#4315 fix prev commit, spinning in ldap_back_dobind
2006-01-09 09:37:52 +00:00
Howard Chu
2b39a26150
ITS#4315 fix bind concurrency issue
2006-01-09 09:14:53 +00:00
Kurt Zeilenga
acbb5cf689
Happy new year!
2006-01-03 23:11:52 +00:00
Pierangelo Masarati
8c2ceeb605
don't idassert anonymous unless explicitly configured (ITS#4272)
2005-12-20 20:43:14 +00:00
Pierangelo Masarati
4538422dc9
better handling of internal operations
2005-12-15 13:47:25 +00:00
Pierangelo Masarati
430aff35bb
assume operations with version set to 0 are internal, and use LDAPv3
2005-12-15 11:39:46 +00:00
Pierangelo Masarati
fcda57e90f
use macros instead of numbers...
2005-12-13 20:11:26 +00:00
Pierangelo Masarati
1b42fde372
implement (per-target) per-conn proxy-side idle-timeout (ITS#4115); revitalize (per-target) network-timeout in back-meta; fix issue with connection initialization error in ldap_back_retry(); cleanup configuration of back-ldap
2005-12-07 17:35:02 +00:00
Pierangelo Masarati
2ea72234aa
return more appropriate error code
2005-12-06 20:04:52 +00:00
Pierangelo Masarati
4852bf8a58
don't care about empty matched/text #ifdef LDAP_NULL_IS_NULL
2005-11-20 01:59:26 +00:00
Pierangelo Masarati
7fa4b159bf
fix dangling resources issue in slapd-ldap; completely rework slapo-chain to fix the resource leak/concurrency issue; add support for multiple well-known URIs to set credentials for, and deal with unknown URIs anonymously; similar reworking and cleanup for slapd-meta
2005-11-19 15:00:50 +00:00
Pierangelo Masarati
78bd3bf6a3
handle LDAPv2 when returning timelimit; silence warning
2005-11-11 09:54:07 +00:00
Pierangelo Masarati
93abd4c616
cannot happen...
2005-11-09 12:58:57 +00:00
Pierangelo Masarati
4cab386d13
backport write operation timeouts from back-meta to back-ldap; minor cleanup & silence warnings
2005-11-06 23:29:10 +00:00
Pierangelo Masarati
4744733638
don't copy o_ndn into lc_bound_ndn, otherwise we end up in a bind with DN but no password\!
2005-10-14 23:25:57 +00:00
Pierangelo Masarati
112be0118e
cleanup states/timeout handling in back-ldap/meta; add connection pooling and defer of pseudoroot bind to back-meta
2005-09-24 18:39:26 +00:00
Pierangelo Masarati
fb3fc81c7e
improved authz_backend detection for internal databases (ITS#4018)
2005-09-10 09:56:29 +00:00
Pierangelo Masarati
866148810e
release resources (ITS#4016)
2005-09-09 02:37:38 +00:00
Pierangelo Masarati
075220dd7e
need some minimal timeout otherwise strange issues occur
2005-08-22 18:14:41 +00:00
Pierangelo Masarati
15d1b4d5dd
cleanup locking
2005-08-20 19:00:56 +00:00
Pierangelo Masarati
5873048347
fix return code (prevents clean usage of back-ldap for internal searchs)
2005-08-17 19:38:36 +00:00
Hallvard Furuseth
a0b5f5138b
Remove unused label "error_return"
2005-08-16 19:45:50 +00:00
Pierangelo Masarati
7b9173d0bb
should compile also when #undef HAVE_TLS
2005-08-12 10:51:39 +00:00
Pierangelo Masarati
a23466f64a
should compile also when #undef HAVE_TLS
2005-08-12 10:49:55 +00:00
Pierangelo Masarati
c6e2a69f27
fix tls propagation, including rebind
2005-08-11 16:01:24 +00:00
Pierangelo Masarati
fa27310d77
use trylock only where necessary
2005-08-07 00:35:11 +00:00
Pierangelo Masarati
4ed743cc84
remove unrequired member; address ITS#3913
2005-08-02 22:48:30 +00:00
Pierangelo Masarati
4148ddc31f
save 1 function call...
2005-08-02 08:13:16 +00:00
Pierangelo Masarati
a91ebfac79
plug leaks
2005-07-25 20:47:39 +00:00
Pierangelo Masarati
3e84f692aa
there might definitely be concurrency issues, but it's not pooled connections' fault
2005-07-23 22:03:35 +00:00
Pierangelo Masarati
e810105f87
(mostly) reverting previous commit (overconservative)
2005-07-23 22:02:12 +00:00
Pierangelo Masarati
796316bc84
strengthen concurrency protection
2005-07-23 19:39:51 +00:00
Pierangelo Masarati
6adfb5dd2f
note an issue
2005-07-22 03:23:26 +00:00
Hallvard Furuseth
81ecb0b153
assert expects int. (int)<nonnull ptr/long> can be 0. Use assert(arg!=0/NULL).
2005-07-18 06:22:33 +00:00
Pierangelo Masarati
681a547e13
fix potential deadlock
2005-07-04 22:41:27 +00:00
Pierangelo Masarati
982981d465
fix potential deadlock; improve idassert in case of authzFrom rules (new flag values); rootdn can always idassert
2005-07-03 23:27:56 +00:00
Pierangelo Masarati
1aaa18b180
more on ITS#3808
2005-06-29 18:16:29 +00:00
Pierangelo Masarati
9e811df052
seems to definitely fix issues related to ITS#3808
2005-06-29 16:38:09 +00:00
Pierangelo Masarati
cbe9c74675
return LDAP_SUCCESS if Start TLS failed but was not critical
2005-06-29 12:38:18 +00:00
Pierangelo Masarati
671b02f748
more on ITS#3808
2005-06-29 12:28:40 +00:00
Pierangelo Masarati
196af0e056
(partial?) fix ITS#3808
2005-06-29 11:44:11 +00:00
Pierangelo Masarati
a7f44159c1
complete back-config support, including chain overlay; passes all tests; HEADS-UP: few syntax changes (essentially backwards compatible)
2005-05-23 07:25:00 +00:00
Pierangelo Masarati
471f4772a0
cleanup connection locking
2005-04-21 00:49:35 +00:00
Pierangelo Masarati
a141e3badf
enable use of asynchronous call to StartTLS
2005-04-16 02:56:46 +00:00
Pierangelo Masarati
5affbfa428
add SASL bind for acl-authc; use slap_bindconf
2005-04-10 23:44:06 +00:00
Pierangelo Masarati
edfbbeb653
clarify comment
2005-02-19 16:55:14 +00:00
Pierangelo Masarati
f8b463d0bc
use asynchronous StartTLS
2005-02-19 16:14:22 +00:00
Howard Chu
beaeb5ed5c
Fix if HAVE_TLS is missing
2005-02-18 04:20:56 +00:00
Pierangelo Masarati
e50092878d
temporarily revert to synchronous start tls
2005-02-05 17:33:22 +00:00
Pierangelo Masarati
43138aa500
use asynchronous Start TLS exop; allow propagating TLS if used in the original connection; minor cleanup
2005-02-05 15:55:02 +00:00
Howard Chu
122cdf4549
In ldap_back_bind, don't send success result, frontend does it
2005-02-01 00:19:45 +00:00
Pierangelo Masarati
cfc77f0a0a
make referrals chasing optional (default is to chase them)
2005-01-30 22:56:59 +00:00
Pierangelo Masarati
3dd2f4150b
allow proxyAuthz of users authenticated via SASL
2005-01-26 20:01:02 +00:00
Pierangelo Masarati
c6b6d2a5ec
StartTLS (ITS#3507) + chain overlay fixes and improvements
2005-01-24 09:38:11 +00:00
Pierangelo Masarati
1d919d35a5
remove #ifdef's for identity assertion
2005-01-20 09:04:37 +00:00
Pierangelo Masarati
41d7c03e8b
clear out the error
2005-01-09 23:30:19 +00:00
Pierangelo Masarati
cd2e651c26
ITS#3469: C99 compliance
2005-01-08 11:25:11 +00:00
Pierangelo Masarati
4d8267595f
retry on ldap_result() with a timeout
2005-01-08 09:19:51 +00:00
Kurt Zeilenga
dc0eacd40b
Happy New Year!
2005-01-01 20:49:32 +00:00
Pierangelo Masarati
fefa59059d
minor cleanup
2004-12-08 19:11:27 +00:00
Pierangelo Masarati
f176935a58
remove rewrite stuff -- now delegted to rwm overlay
2004-11-13 14:43:30 +00:00
Pierangelo Masarati
dd367a2b78
make sure we're comparing the same database
2004-11-11 13:12:34 +00:00
Howard Chu
55f12a7eee
Add a retry for failed connections
2004-10-01 11:16:38 +00:00
Kurt Zeilenga
d611a4b49a
unifdef -UNEW_LOGGING
2004-09-04 04:54:28 +00:00
Pierangelo Masarati
a7b55f4f44
assert administrative identity instead of the required one if doing auth check in non-caching mode
2004-07-23 00:11:05 +00:00
Pierangelo Masarati
277d921945
clear shared connections when ldap_result fails with -1 (typically, remote server is down); fixes ITS#3217
2004-07-04 23:35:18 +00:00
Pierangelo Masarati
1f70ad82f2
clean up unnecessary checks; don't use SASL native authz if authz ID is not static, because back-ldap pools connections...
2004-06-21 00:57:12 +00:00
Pierangelo Masarati
eca48b6f20
not sure that cyrus-sasl doesn't honor empty authz; need to check
2004-06-20 23:21:40 +00:00
Pierangelo Masarati
5bfb9fd590
make authz mode selection fully manual, plus more cleanup
2004-06-20 22:42:36 +00:00
Pierangelo Masarati
f34b11760a
allow a hidden parameter to instruct the proxy that the SASL mech can do native authz; will disappear as soon as I can detect it automnatically
2004-06-19 18:18:26 +00:00
Pierangelo Masarati
e6065fb20d
li->be didn't work; since it seems to be unnecessary, it's been removed; please check
2004-06-19 15:16:51 +00:00
Jong Hyuk Choi
f60f2d5048
Fix typo
2004-06-08 02:52:59 +00:00
Pierangelo Masarati
a18e199e0d
more on identity assertion
2004-05-22 17:26:02 +00:00
Pierangelo Masarati
cdebc4d376
more on idassert: SASL bind/authz
2004-05-15 10:11:10 +00:00
Pierangelo Masarati
8b954144d6
reflect Kurt's comments on ID assertion
2004-05-14 10:01:22 +00:00
Pierangelo Masarati
66ddf62922
add idassert code (undocumented yet)
2004-05-13 20:25:53 +00:00
Kurt Zeilenga
44725e7303
use BER_BVNULL
2004-04-07 04:11:43 +00:00
Pierangelo Masarati
e17be551a4
fix previous commit
2004-04-06 08:47:59 +00:00
Pierangelo Masarati
6a1dd9a1cd
exploit new frontend API 2 protocol error mapping; use urldesc...
2004-04-05 17:36:53 +00:00
Pierangelo Masarati
65b49dd312
add "searchFilterAttrDN" rewrite context, and allow filterstring rewrite
2004-03-10 21:11:14 +00:00
Kurt Zeilenga
3c598e89fb
Happy new year
2004-01-01 19:15:16 +00:00
Pierangelo Masarati
529a03df53
use dedicated admin identity to proxyAuthz
2003-12-13 10:57:42 +00:00
Kurt Zeilenga
fbba83b20f
notices and acknowledgements
2003-12-08 17:41:40 +00:00
Kurt Zeilenga
ed369e02af
Don't search for proxy authz control unnecessarily.
...
Add note regarding control use with the Bind operation.
2003-12-01 21:49:52 +00:00
Pierangelo Masarati
cdb11fc5eb
add administrative bind and proxyAuthz control to enable bound operations in distributed directories (need to manually #define LDAP_BACK_PROXY_AUTHZ and patches from ITS#2851 and ITS#2852)
2003-12-01 08:04:51 +00:00
Kurt Zeilenga
a3d8cda201
notices and acknowledges
2003-11-27 06:35:14 +00:00
Howard Chu
9c47359912
Bind fixes for chaining
2003-06-11 22:35:31 +00:00
Hallvard Furuseth
6362a51fe8
Printf %p expects a void pointer.
...
Other pointers may have different representation.
2003-05-22 22:00:54 +00:00
Howard Chu
b7351c66bc
ITS#2511 use %p to log pointer values
2003-05-14 13:54:15 +00:00
Pierangelo Masarati
629885a269
use SLAP_PTRCMP
2003-04-18 17:16:48 +00:00
Pierangelo Masarati
6bcbe9ad31
reset passwords before freeindg them
2003-04-18 10:02:43 +00:00
Howard Chu
d7a1eb0ea2
Fix AVL comparisons
2003-04-17 04:36:42 +00:00
Pierangelo Masarati
93abccdee3
group rewrite/map stuff in one structure and optimize more function calls
2003-04-07 16:52:59 +00:00
Pierangelo Masarati
77c4389f55
use rewrite info instead of ldapinfo for reusability in back-meta; will change soon
2003-04-07 12:53:00 +00:00
Howard Chu
68c5f6fa98
Cleanup ENABLE_REWRITE ifdefs, put into a new ldap_back_dn_massage().
...
All DN attrs are massaged, whether or not ENABLE_REWRITE is defined.
Use "dnAttr" rewriteContext for Add, Compare, & Modify.
Fixed ldap_back_compare.
2003-04-07 10:15:18 +00:00
Pierangelo Masarati
4235da91d4
massage bound dn only if operating on authz backend
2003-04-05 11:31:54 +00:00
Pierangelo Masarati
cb33a9ff44
minor fixes: leaks, dangling pointers, cleaner tag skip
...
for subschemaSubentry; still having problems with group ACLs ...
2003-04-05 01:20:55 +00:00
Pierangelo Masarati
ab3ab80ecd
more args elimination + allow specific messages when mapping client API errors to LDAP_OTHER
2003-04-04 22:20:49 +00:00
Pierangelo Masarati
dfbbd11bd3
remove more unnecessary args
2003-04-04 00:43:40 +00:00
Howard Chu
a9339c99f6
Fix shared/private binds, fix entry_get malloc
2003-04-03 23:55:57 +00:00
Pierangelo Masarati
ebe0bb0b52
trim unnecessary args
2003-04-03 23:23:56 +00:00
Pierangelo Masarati
44c2d8a771
backout this for now
2003-04-03 23:09:17 +00:00
Pierangelo Masarati
d07ea8b450
need this to be able to bound searches when back-ldap and the source are on the same server; does it look fine?
2003-04-03 21:44:43 +00:00
Pierangelo Masarati
17e46d8468
cleanup and fixes
2003-04-03 21:35:27 +00:00
Howard Chu
3d0ffa1d58
Fix typos in prev commit
2003-04-02 00:40:51 +00:00
Howard Chu
e8c58b4e7f
Major API change - (SLAP_OP_BLOCKS) All request parameters are
...
consolidated into the Operation structure. All reply parameters
are consolidated into the new SlapReply structure. Most operations
now have identical call signatures... Changes are not #ifdef'd,
revert to -r NO_SLAP_OP_BLOCKS if necessary to back out.
2003-03-30 09:03:54 +00:00
Howard Chu
9f0598034e
Fix do/don't send result logic
2003-02-19 00:01:22 +00:00
Howard Chu
532eea87c9
Added passwd_exop, added matchedDN rewrite for results.
2003-02-16 09:22:44 +00:00
Howard Chu
c04f3e7706
Fix previous commit
2003-02-14 09:17:42 +00:00
Howard Chu
0b6772492f
Use extended async APIs to allow direct parsing of results. Otherwise
...
they will be interleaved in LDAP*. Avoid setting any options on the handle.
2003-02-14 05:23:45 +00:00
Howard Chu
202cf8af75
Implemented connection pooling. Requires libldap_r to allow multiple threads
...
to access the same LDAP* handle.
2003-02-13 23:29:56 +00:00
Kurt Zeilenga
6939c53170
Happy new year
2003-01-03 20:20:47 +00:00
Pierangelo Masarati
a9c902a7ca
improve error messages
2002-11-10 18:16:43 +00:00
Pierangelo Masarati
58b860a15e
fix server-size controls handling in back-{ldap,meta}
2002-08-29 15:07:18 +00:00
Pierangelo Masarati
7e2317c842
add server side controls to back-ldap and back-meta
2002-08-29 14:39:31 +00:00
Kurt Zeilenga
838643d5ad
operationsError != Internal Error
...
hence, s/LDAP_OPERATIONS_ERROR/LDAP_OTHER/
2002-07-31 22:49:02 +00:00
Julius Enarusai
6107ba67d2
Coverted LDAP_LOG macro to use subsystem ID int values instead of string values
2002-07-11 20:33:24 +00:00
Howard Chu
c5c1ddb1ca
Deleted Connection->c_cdn. Use conn->c_dn instead...
2002-06-12 08:38:59 +00:00
Howard Chu
c7262c7599
Added rebind-as-user option; saves bind credentials and sets a rebind_proc
...
to allow chasing referrals using the same user's credentials.
2002-04-25 02:05:34 +00:00
Pierangelo Masarati
4a8ab5dbf2
Mostly based on patches provided by Hallvard B. Furuseth
...
ITS#1677 - cast away const warnings
ITS#1678 - unsigned char args to ctype funcs
ITS#1682 - don't redefine ldap_debug
ITS#1683 - uninitialized vars
ITS#1703 - ldo_debug initialization
ITS#1705 - unsigned testing
ITS#1706 - socklen_t args
ITS#1719 - back-tcl update (other cleanups/fixes/improvements; yet untested)
ITS#1724 - integerNormalize/integerFilter/integerIndexer bugs
ITS#1725 - libdes not required
Implement back-null (/dev/null style backend)
Cleanup some misc warnings ("%lu" format, unused/uninitialized vars,
ambiguous operator precedence)
Kurt, please regenerate configure
2002-04-08 09:43:22 +00:00
Pierangelo Masarati
f83fd25872
as a temporary hack, return result without rewriting match
2002-01-22 08:17:02 +00:00
Howard Chu
ce7d8d26f2
Changed conn->c_cdn to struct berval.
2002-01-06 03:26:09 +00:00