mirror/openldap
2
0
Fork 0
mirror of https://git.openldap.org/openldap/openldap.git synced 2024-12-21 03:10:25 +08:00
Code Issues Packages Projects Releases Wiki Activity
8,427 Commits 38 Branches 307 Tags 74 MiB
4f77f04a83
Commit Graph

157 Commits

Author SHA1 Message Date
Howard Chu
a5cd5535e8 Fix typo in previous commit 2002-06-12 04:12:51 +00:00
Howard Chu
6d1a322f73 Finished slap_sasl_setpass for Cyrus 1.5; Cyrus 2.1 is incomplete. 
Added conn->c_sasl_dn, streamlined slap_sasl_bind.
 2002-06-12 04:05:48 +00:00
Kurt Zeilenga
1410b3e7d9 An almost complete slap_sasl_setpass() 2002-06-12 00:13:29 +00:00
Howard Chu
856e21296a Cleanup log msg 2002-05-12 19:21:12 +00:00
Howard Chu
2d94a2016c Check for NULL before comparing authcid 2002-05-12 18:42:43 +00:00
Howard Chu
d7060d19f3 Skip processing if canonicalization is invoked redundantly (SASL PLAIN). 
Truncate large username instead of failing with SASL_BUFOVER; we only care
about the DN anyway. (SASL 2 only)
 2002-05-12 18:40:37 +00:00
Howard Chu
aea521bec2 Fix, SASL authzIDs might not be NUL-terminated. prop names must only be 
set once; setting erases all existing values.
 2002-05-11 20:19:55 +00:00
Howard Chu
da7a5a8e79 Fix typo in 1.97 2002-05-11 19:24:04 +00:00
Howard Chu
dfae2441eb Cleaned up getdn normalization 2002-05-11 08:07:18 +00:00
Howard Chu
379f84ba47 Fix previous commit, free in wrong place 2002-05-11 06:58:13 +00:00
Howard Chu
b057507e23 Cleanup HAVE_TLS dependencies, cleanup username with embedded realm handling 2002-05-10 19:26:35 +00:00
Howard Chu
da36670ea3 Don't use slap_empty_bv in structures that are expected to be free'able. 2002-05-08 23:16:17 +00:00
Howard Chu
fbe4785c5a Delete unused CANON_BUF_SIZE #define 2002-05-07 23:29:19 +00:00
Howard Chu
6f47e13147 Cyrus 2 support now requires Cyrus 2.1.3. Adds support for in-directory 
SASL secrets. (Only works with plaintext userpassword tho.)
 2002-05-07 23:08:23 +00:00
Howard Chu
cef9fcf78b Fix check for "anonymous" in sasl_getdn 2002-04-27 03:44:23 +00:00
Howard Chu
8a5423ea8d deleted sasl_external_x509dn_convert; X509 DNs are always converted to 
normalized LDAP DNs now.

Changed dnDCEnormalize to dnX509normalize, added dnX509peerNormalize,
based on new ldap_X509dn2bv() etc.
 2002-04-18 12:26:36 +00:00
Howard Chu
b3c7c9e3ce Delete more unused code, no need to fetch REALM in slap_sasl_bind 2002-04-17 19:47:34 +00:00
Kurt Zeilenga
7ee5d2612b Fix ssf declaration 2002-04-17 17:56:30 +00:00
Howard Chu
1dea5905c6 More SASL DN simplification. No more "dn:" prefix used anywhere internally. 2002-04-17 07:56:46 +00:00
Howard Chu
1bbd51da77 ITS#1712, rewritten dn_openssl2ldap(). Added dnDCEnormalize(), used by 
dn_openssl2ldap() and sasl_external_x509dn_convert. Fixed realm handling
for foreign Kerberos realms embedded in usernames.
 2002-04-16 08:46:25 +00:00
Howard Chu
66602e8faa Fix name canonicalization and authorization for Cyrus SASL 2.x 2002-04-14 04:27:46 +00:00
Howard Chu
a73ffbe3cd Previous commit included undesired changes. 2002-04-14 04:15:17 +00:00
Howard Chu
9b958147f8 Fix previous commit, == instead of != 2002-04-13 17:27:02 +00:00
Howard Chu
17433a8412 Fix ITS#1722 - IPv4 addresses also need to be massaged for sasl_server_new. 2002-04-11 10:04:29 +00:00
Howard Chu
70d4ef9a85 ITS#1714 dn->bv_val malloc len+1 2002-04-05 06:34:15 +00:00
Kurt Zeilenga
2f7858044e ITS#1636 fix 2002-03-11 03:05:43 +00:00
Kurt Zeilenga
ec34550487 Note that we likely need to make some of this conditional. 2002-02-11 20:33:27 +00:00
Kurt Zeilenga
d23c559646 Don't use 'shtool mkln' as ln(1) replacement. 
Allow both <sasl/sasl.h> and <sasl.h>
 2002-02-11 08:28:51 +00:00
Kurt Zeilenga
f3548d371f notes needs for future additions 2002-02-11 01:58:36 +00:00
Kurt Zeilenga
5e31e90c74 Fix compile error properly 2002-02-10 18:05:04 +00:00
Kurt Zeilenga
b315d8af34 Update Cyrus SASL detection to always look for <sasl.h> regardless 
of version and then try -lsasl2 and -lsasl.  Make SASL code
conditional on SASL_VERSION_MAJOR, not HAVE_CYRUS_SASL.
 2002-02-10 17:51:19 +00:00
Howard Chu
8a4e92b259 Support for Cyrus SASLv2. Untested. 2002-02-10 14:27:23 +00:00
Kurt Zeilenga
14662be692 Add whoami extended operation. 
Add no-op control (needs backend implementation)
Updated modify password extended option API
Kludged control infrastructure to support frontend only controls
 2002-01-28 20:25:30 +00:00
Howard Chu
4191f39037 Changed slap_authz_info.sai_mech to struct berval. 
Changed sasl_* to use struct bervals.
 2002-01-26 13:57:41 +00:00
Kurt Zeilenga
20af643fc4 more cleanup 2002-01-16 04:40:41 +00:00
Kurt Zeilenga
0e2af54a3f Update copyright statements 2002-01-04 21:17:25 +00:00
Kurt Zeilenga
c603bc3946 use sizeof instead of strlen/hardcoded-consts 2002-01-02 17:04:09 +00:00
Kurt Zeilenga
cddf7e0e00 More struct berval DN changes 
decrease dependency on dn_validate/dn_normalize
 2001-12-27 07:13:13 +00:00
Kurt Zeilenga
ef7a99ff99 Additional struct berval DN changes... 2001-12-26 23:26:55 +00:00
Howard Chu
826056e75b More thorough backend_destroy. Added config_destroy. Destroy slap_listeners. 
Plugged other small leaks.
 2001-12-15 12:05:58 +00:00
Howard Chu
d0b1ca692a Minor strlen cleanup 2001-12-09 13:57:55 +00:00
Pierangelo Masarati
aee3600276 minor cleanup 2001-11-17 16:18:07 +00:00
Mark Adamson
e0ff8d6782 fix various memory leaks 2001-11-05 23:14:42 +00:00
Kurt Zeilenga
61de99937f ldif.h include cleanup 2001-09-25 00:03:24 +00:00
Kurt Zeilenga
22688a7ad6 Minor cleanup of last commit 2001-09-18 18:24:47 +00:00
Kurt Zeilenga
7a18352c06 Patch for SASL EXTERNAL. Needs to be tested with other mechanisms. 2001-09-18 07:44:18 +00:00
Howard Chu
bb06fd8d6b Fix crashes for SASL/EXTERNAL binds: 
in slap_sasl_getdn, test id, not dn. dn is still NULL
  also, don't check for trailing slash
  in slap_sasl_bind, initialize reslen to 0
 2001-09-18 03:10:05 +00:00
Mark Adamson
fac77083cc Skip over the "dn:" prefix when passing a DN to dn_normalize(). 2001-08-29 23:01:24 +00:00
Gary Williams
e565505f21 fix logging macros (thanks Mei) 2001-02-02 13:49:26 +00:00
Mark Adamson
68ab73a0f5 Make sure the variable used for SASL REALM is initialized, in case of no REALM. 2001-01-23 19:18:03 +00:00
Kurt Zeilenga
65cdfa68f0 Fix more typos 2001-01-22 22:03:44 +00:00
Kurt Zeilenga
a4f37d6303 Fix typo 2001-01-22 21:10:54 +00:00
Kurt Zeilenga
28d1dbd8ac Add "sasl-external-x509dn-convert" configuration option aimed 
at providing authid TLS/X.509 to LDAP DN mapping.  Experimental.
 2001-01-19 00:47:32 +00:00
Kurt Zeilenga
1302713f09 Fix SASL_REALM bug 
Minor cleanup of logging code, variable scope
 2001-01-19 00:01:25 +00:00
Mark Adamson
6b4ec38178 Change the SASL DN's from cn=authzid to cn=auth 2001-01-18 20:05:15 +00:00
Gary Williams
f49fd8a98e fix format 2001-01-17 16:35:53 +00:00
Gary Williams
ffcdc6d11d More new logging (Behind NEW_LOGGING) 2001-01-15 19:17:29 +00:00
Mark Adamson
2231d5e64e Make SASL authorization work for NULL, "u:", and "dn:" authz strings. 2000-11-30 22:00:15 +00:00
Kurt Zeilenga
b285814f8e Fix layer installation 2000-10-12 19:02:31 +00:00
Kurt Zeilenga
27b30275a6 We need to set sasl_layers prior to returning result... 2000-10-07 02:00:54 +00:00
Kurt Zeilenga
a912e6eea0 Make sure authzid form produces a valid subject DN. Support 
both u: and dn: forms.
Rework sasl-regex DN be of the form
	uid=user,cn=realm,cn=mech,cn=authz
Fix up slapd.conf(5)
 2000-10-06 23:50:38 +00:00
Kurt Zeilenga
6b80b349fa remove cruft 2000-09-28 22:25:34 +00:00
Kurt Zeilenga
2b82d4f486 remove lint 
update bdb codes
 2000-09-22 01:40:57 +00:00
Mark Adamson
bf1ee530ea Implementation of SASL authorization. 2000-09-21 17:32:54 +00:00
Kurt Zeilenga
c9de004a86 Fix logging bug 2000-09-21 16:53:45 +00:00
Kurt Zeilenga
50714d2d48 merge changes from authPassword work which should fix SPASSWD code... 2000-09-20 00:28:57 +00:00
Kurt Zeilenga
a60438c1ce Add sasl-host option and treat sasl-realm as global only 
(ie: not backend specific).
 2000-08-30 01:44:39 +00:00
Kurt Zeilenga
1c328aa9c7 Minor typedef and other clean ups 2000-08-26 01:14:05 +00:00
Kurt Zeilenga
7b548b4a91 Make settings match manual page. 2000-08-24 01:12:54 +00:00
Kurt Zeilenga
df8c837c80 Fix typos 2000-08-15 23:42:44 +00:00
Kurt Zeilenga
3b03b64b77 Add char* ldap_pvt_get_fqdn(char*) which returns the FQDN of the 
input.  In input==NULL, returns FQDN of local host.
Fixed copy_hostent() uninitialized pointer bug.
Replaced gethostname calls with ldap_pvt_get_fqdn( NULL ) calls.
 2000-08-15 01:55:43 +00:00
Kurt Zeilenga
a50f391bb3 Working SASL security layers! 2000-07-28 00:04:07 +00:00
Kurt Zeilenga
9e37451421 Fix typo 2000-07-27 01:10:51 +00:00
Kurt Zeilenga
a71a7cdd98 Rework authorization handling such that authzid u:user gets mapped to 
authzdn uid=user.  Disallow authzid in DN form until we have a
validator.
 2000-07-24 23:05:45 +00:00
Kurt Zeilenga
804100b431 Fix sasl end game processing. 2000-07-20 18:39:40 +00:00
Kurt Zeilenga
a8521d3034 Fix mech==NULL bug 2000-07-20 01:04:34 +00:00
Kurt Zeilenga
d2b05a3858 Rework SASL command line arguments. Default is now to authenticate 
using best available mechanism.  (authzid prompting to be disabled)
To use simple bind, -x is required (implied if -P 2) with -D/-[Ww]
To use simple "anonymous" bind, just -x will do.
 2000-07-15 23:25:46 +00:00
Kurt Zeilenga
a6154d03f2 Misc cleanup 2000-07-15 00:45:31 +00:00
Kurt Zeilenga
5bca08d716 Store sasl callbacks in session handle so that they can properly freed. 2000-07-15 00:01:09 +00:00
Kurt Zeilenga
c8ca70f3ae Fix callbacks. 2000-07-14 22:00:16 +00:00
Kurt Zeilenga
1e3aa01b7b Fix SSF reporting. 2000-07-14 20:57:52 +00:00
Kurt Zeilenga
36fb2d9d78 rework SASL callbacks 2000-07-14 20:56:30 +00:00
Kurt Zeilenga
14859793d0 Add logging support 2000-07-14 04:35:36 +00:00
Kurt Zeilenga
5fc22599e2 Update SASL code to reuse context through life of session. 
Replace 'negotiated' with 'interactive' bind
Add hooks for SASL/EXTERNAL
Disable SASL security layers
Rework SASL command line and config file parameters
 2000-07-13 22:54:38 +00:00
Kurt Zeilenga
489fd210df Change reporting of SASL username 2000-07-06 01:22:42 +00:00
Kurt Zeilenga
51cef9dbed Return last step output in final response. 
And some code cleanup.
 2000-07-05 21:43:11 +00:00
Kurt Zeilenga
064d6aae65 Reverse SASL mechanism restriction #ifdef 2000-06-26 05:29:37 +00:00
Kurt Zeilenga
a56c161bdb Misc code cleanup. 2000-06-10 22:39:30 +00:00
Kurt Zeilenga
60802201e3 Const'ification 
SASL mech removed from backend bind callback (as SASL is managed by frontend)
Changes to some backends are untested (as I don't have all dependent
  software install)
 2000-05-22 03:46:57 +00:00
Kurt Zeilenga
a1430fdfdb Rework root dse and other info entry codes to produce entry 
to caller (do_search) such that info can be used by other
operations (ie: do_compare).
SLAPD_SCHEMA_NOT_COMPAT: Add additional code to support filters (needs work)
 2000-05-16 16:22:52 +00:00
Kurt Zeilenga
4e5992c190 Fix unsigned * vs unsigned long * bugs 2000-05-16 04:52:37 +00:00
Kurt Zeilenga
4bc786f34b Y2k copyright update 2000-05-13 02:47:56 +00:00
Kurt Zeilenga
4fad202b44 hostname needs to be static 2000-05-11 02:41:34 +00:00
Kurt Zeilenga
f224e69558 Add experimental code to check simple bind passwords 
against Cyrus SASLdb.  Like other cleartext mechanisms,
should be protected from eavesdropping.
 2000-05-10 04:29:51 +00:00
Kurt Zeilenga
d0555fffe6 Error handling changes including separation of client v. server 
SASL to LDAP translation.  plus comments and other minor changes
 2000-05-03 18:59:58 +00:00
Kurt Zeilenga
b872bf3a91 fix -UHAVE_CYRUS_SASL 2000-04-25 19:28:00 +00:00
Kurt Zeilenga
20351a05cc SASL: me thinks I got the states okay... now to test. 2000-04-25 18:02:50 +00:00
Kurt Zeilenga
42a20681cc SASL closer to working from frontend only, need to work through 
states.
 2000-04-25 17:23:54 +00:00
Kurt Zeilenga
55ae3cffd8 SASL code without backend support. Should work with 
external store, but not yet tested.  [Intent is to support
both in same server... may not be doable]
 2000-04-25 16:03:17 +00:00
Kurt Zeilenga
6f2a817d9d bind/sasl cleanup PRIOR TO moving call from backend to frontend 2000-04-25 13:21:42 +00:00