Commit Graph

7084 Commits

Author SHA1 Message Date
Kurt Zeilenga
4ef042fee4 Clean up filters 2002-08-28 01:16:25 +00:00
Kurt Zeilenga
44c214d4a0 Fix some formatting issues 2002-08-28 01:11:47 +00:00
Kurt Zeilenga
bb172cb518 clarify "authorization" feature as "proxy authorization". 2002-08-27 23:24:43 +00:00
Kurt Zeilenga
4fa2b12342 Trim subordinate classes from input (and expected output). 2002-08-27 21:41:37 +00:00
Kurt Zeilenga
22915aac93 More OID clarifications. 2002-08-27 20:20:52 +00:00
Kurt Zeilenga
8c03d7ed4b Fix typos 2002-08-27 19:20:29 +00:00
Kurt Zeilenga
8889129762 Warn about hijacking. 2002-08-27 18:17:09 +00:00
Kurt Zeilenga
288f0f4f6d Add another safety check 2002-08-27 17:51:35 +00:00
Howard Chu
9fa8eded08 ITS#2040 - in bdb_idl_fetch_key() use a large enough buffer to get the
entire IDL at once, to avoid triggering BDB resource leaks.
2002-08-27 15:11:04 +00:00
Kurt Zeilenga
aa602e0adc Return other. 2002-08-27 05:51:35 +00:00
Kurt Zeilenga
6ec6115119 Fix bug in last commit 2002-08-27 02:43:00 +00:00
Kurt Zeilenga
433eb54dc7 no structuralObjectClass is not a schema violation, but an
internal error.  It *should* have been added.
2002-08-27 02:28:15 +00:00
Kurt Zeilenga
11236eae56 Clean up some structuralObject checks to improve readability.
Functionality not changed (excepting one error message).
2002-08-27 01:55:09 +00:00
Kurt Zeilenga
00003ac539 Fix comment 2002-08-27 01:35:43 +00:00
Kurt Zeilenga
522ee4a038 Only add LASTMOD attributes if they don't exist in input. 2002-08-27 01:27:42 +00:00
Howard Chu
9f5b28baf3 Remove c_sasl_bindmutex, Binds are already serialized. 2002-08-26 22:20:30 +00:00
Kurt Zeilenga
09e64b6fe8 Add note regard StartTLS over 389. 2002-08-26 22:10:32 +00:00
Kurt Zeilenga
2c4cfd7c27 remove lint 2002-08-26 20:11:19 +00:00
Kurt Zeilenga
9be4df6b7c Prevent buffer overflow 2002-08-26 20:10:45 +00:00
Kurt Zeilenga
1c5725010e Add a Connection pointer to the Operation. 2002-08-26 19:29:34 +00:00
Julius Enarusai
48593e1484 Fix compile error when --without-threads configure option is set. Function
headers differ from prototypes in ldap_pvt_threads.h
2002-08-26 19:26:09 +00:00
Kurt Zeilenga
fb7ac08ada cleanup 2002-08-26 19:13:44 +00:00
Kurt Zeilenga
6f8a3919a1 Fix last commit. 2002-08-26 18:07:58 +00:00
Kurt Zeilenga
af4cb85d8b Prevent unlocking unlocked sasl_bindmutex... 2002-08-26 18:06:55 +00:00
Pierangelo Masarati
d9da0f2bb8 silence annoying warning (BTW: who initializes be?) 2002-08-26 17:37:33 +00:00
Howard Chu
53b194fa32 Fix oc_filter, it could exit early before counting the full depth of the
filter tree. Also, only give special treatment to objectclass=*.
2002-08-26 12:04:53 +00:00
Kurt Zeilenga
08059f1633 zap charray 2002-08-25 16:53:20 +00:00
Howard Chu
5ff509f2d3 Fix previous commit, BDB_REUSE_LOCKERS was inside a BDB version #ifdef
but is not version-dependent.
2002-08-25 11:06:35 +00:00
Howard Chu
1524f86778 Fix ITS#2044 duplicate search results due to broken bdb_idl_union 2002-08-25 10:18:01 +00:00
Kurt Zeilenga
bdcba5ad3a Add link to SDF tools at CPAN. 2002-08-24 23:37:59 +00:00
Howard Chu
5d9479a3e8 Add debug if bdb_cache_entry_db_lock fails to get a lock
to assist in diagnosing ITS#1986
2002-08-24 19:23:30 +00:00
Kurt Zeilenga
7dc1e069e8 Increase res_query buffers to 64k 2002-08-24 17:03:24 +00:00
Howard Chu
d6449b1d57 Experimental code that uses one locker ID per thread. Seems to work OK,
is enabled by default. #undef BDB_REUSE_LOCKERS in back-bdb.h to disable.
Probably needs to be disabled when built with NO_THREADS.
2002-08-24 08:11:08 +00:00
Howard Chu
925714ceef Experimental cruft to propagate valid Operation to SASL callbacks.
If you have a better way, jupm on in...
2002-08-24 07:34:50 +00:00
Howard Chu
1d7ee4471f Pass Operation to backend_attribute - should have been doing this all along. 2002-08-24 07:31:14 +00:00
Kurt Zeilenga
99912c586f Remove cruft 2002-08-24 06:29:06 +00:00
Kurt Zeilenga
18e4362b07 Add ldapwhoami(1) 2002-08-24 06:28:10 +00:00
Kurt Zeilenga
dabbefd908 Add -y. 2002-08-24 06:19:39 +00:00
Kurt Zeilenga
8de258d2e2 Patch: 'ldapmodify -y file' reads password from file (ITS#2031)
================
Written by Hallvard B. Furuseth and placed into the public domain.
This software is not subject to any license of the University of Oslo.
            ================
Adapted by Kurt Zeilenga for inclusion in OpenLDAP.  My comments are
marked with enclosed with square brackets (e.g. [Kurt's comment] below.
            ================

If I run ldapmodify & co from a script, I don't want to use '-W password'
because the password shows up in the output of 'ps' for everyone,
and I can't pipe the password to 'ldapmodify -w' because -w uses
getpassphrase() which reads from the tty instead of stdin.
So I added '-y file' which reads the password from file.  The programs
exit if the file cannot be read.

[Complete contents of file is used as password.  Use:
	echo -n "secret" > password
to create a file with "secret" as the password.  The -n avoids
adding a newline (which would invalidate the password).  Note
that echo is a builtin and hence its arguments are not visible
to 'ps'.]

I changed ldapmodify, ldapmodrdn, ldapdelete, ldapsearch, ldapcompare.
I did not bother to change ldappasswd and ldapwhoami, because they
prompt for many passwords.  [I fixed up ldapwhoami.]

Rerun autoconf after applying this patch. [Done.]

Note:  I do not know if Windows NT has fstat(), so I set HAVE_FSTAT to
undef in portable.nt.  (fstat() is used to warn if the file is publicly
readable or writeable.)  [I used fstat() to set the buffer size to
read.]

[Note: using the contents of a file extends the tools to support
passwords which could not normally be provided using getpassphrase()
or via the command line.]

Hallvard B. Furuseth <h.b.furuseth@usit.uio.no>, Aug 2002.
[Kurt D. Zeilenga <kurt@openldap.org>, Aug 2002.]
2002-08-24 05:47:17 +00:00
Howard Chu
8c30114d84 Added thread-pool getkey/setkey functions 2002-08-24 05:39:43 +00:00
Kurt Zeilenga
e259c3c938 Zap 2002-08-24 00:55:56 +00:00
Kurt Zeilenga
23efa07a99 use ldap_charray_*() instead of charray_*() 2002-08-24 00:55:24 +00:00
Kurt Zeilenga
c67781d0ea use ldap_charray_free() instead of slapd's charray_free() 2002-08-24 00:40:25 +00:00
Kurt Zeilenga
86717ac2d9 NT port fixes 2002-08-24 00:37:59 +00:00
Howard Chu
77783bb4b7 Fix typo in previous commit. (Benign, code was #if'd out anyway.) 2002-08-23 22:29:08 +00:00
Pierangelo Masarati
f11c6b27e7 Final run of changes to back-sql; IBM db2 support has been tested.
Now related ITSes need be audited and possibly closed.

Enhancements:
  - re-styled code for better readability
  - upgraded backend API to reflect recent changes
  - LDAP schema is checked when loading SQL/LDAP mapping
  - AttributeDescription/ObjectClass pointers used for more efficient
    mapping lookup
  - bervals used where string length is required often
  - atomized write operations by committing at the end of each operation
    and defaulting connection closure to rollback
  - added LDAP access control to write operations
  - fully implemented modrdn (with rdn attrs change, deleteoldrdn,
    access check, parent/children check and more)
  - added parent access control, children control to delete operation
  - added structuralObjectClass operational attribute check and
    value return on search
  - added hasSubordinate operational attribute on demand
  - search limits are appropriately enforced
  - function backsql_strcat() has been made more efficient
  - concat function has been made configurable by means of a pattern
  - added config switches:
      - fail_if_no_mapping	write operations fail if there is no mapping
      - has_ldapinfo_dn_ru	overrides autodetect
      - concat_pattern		a string containing two '?' is used
				(note that "?||?" should be more portable
				than builtin function "CONCAT(?,?)")
      - strcast_func		cast of string constants in "SELECT DISTINCT					statements (needed by PostgreSQL)
      - upper_needs_cast	cast the argument of upper when required
				(basically when building dn substring queries)

Todo:
  - add security checks for SQL statements that can be injected (?)
  - re-test with previously supported RDBMs
  - replace dn_ru and so with normalized dn (no need for upper() and so
    in dn match)
  - implement a backsql_normalize() function to replace the upper()
    conversion routines
  - note that subtree deletion, subtree renaming and so could be easily
    implemented (rollback and consistency checks are available :)
  - implement "lastmod" and other operational stuff (ldap_entries table ?)
2002-08-23 08:54:08 +00:00
Pierangelo Masarati
7b4b4b34c4 fixed bug in reading size/time limits without style, in the form 'size=number', 'time=number' 2002-08-23 08:50:34 +00:00
Pierangelo Masarati
a038ef68e6 added attr_merge/value_add functions that dela with single attribute; bervals for '*', '+' and '1.1' made available 2002-08-23 08:49:19 +00:00
Pierangelo Masarati
ff4edfa054 added assertions to catch helper function misuse 2002-08-23 08:46:45 +00:00
Pierangelo Masarati
4046c4226e add upper/lower funcs that also compute the length of the string (not used yet) 2002-08-23 08:45:17 +00:00