Commit Graph

3611 Commits

Author SHA1 Message Date
Kurt Zeilenga
06f69e603c Add security restrictions examples 2002-10-08 01:15:20 +00:00
Kurt Zeilenga
36fca96695 if "disallow bind_simple_unprotected", require at least SSF of 2 2002-10-08 01:06:49 +00:00
Kurt Zeilenga
df6c69ffd6 More entry level access control for back-shell
(should be applied to back-perl and other programmable backends)
2002-10-07 21:56:43 +00:00
Kurt Zeilenga
3a17376dfd s/256/LBER_ELEMENT_SIZEOF/
set LBER_ELEMENT_SIZEOF to 256
maybe this should be set to N*sizeof(size_t) or something
2002-10-07 21:01:47 +00:00
Kurt Zeilenga
cb73d243fb More "entry" level ACLs for entry add, delete, and rename. 2002-10-07 19:19:29 +00:00
Kurt Zeilenga
d19db4b7ed Fix up last commits 2002-10-04 23:42:27 +00:00
Kurt Zeilenga
9fbcc90bd5 Add "entry" ACL checks for add/delete/rename ops 2002-10-04 23:26:28 +00:00
Kurt Zeilenga
8975676fa4 Clean up some #else #if 'ing 2002-10-04 18:36:44 +00:00
Kurt Zeilenga
5b591d0dec Fix subentry OIDs 2002-10-02 01:18:46 +00:00
Kurt Zeilenga
33248a02e1 Code cleanup (no functional changes) 2002-10-01 04:07:55 +00:00
Kurt Zeilenga
f5e6d1db41 #unifdef -DSCHEMA_DN 2002-09-29 04:30:38 +00:00
Kurt Zeilenga
4ef4c9eb06 Return default referral if DN maps to empty domain. 2002-09-26 16:12:39 +00:00
Kurt Zeilenga
b4e1ea15f3 benign buffer overflow fix (ITS#1964) 2002-09-25 04:34:33 +00:00
Kurt Zeilenga
bbbf2f4ca7 Fix handling of non-critical controls for backends which
support no controls.
2002-09-24 18:20:59 +00:00
Kurt Zeilenga
d0a4fee37a Minor updates 2002-09-22 19:09:47 +00:00
Kurt Zeilenga
976c35fbf0 fix possible uninit bug 2002-09-21 04:33:19 +00:00
Howard Chu
bdf9b3ae1b Fix ITS#1033 slapd hangs with GNU Pth - don't write to the wakefd
more than once at any given time.
2002-09-21 03:52:16 +00:00
Kurt Zeilenga
f558b6b02f Add experimental +/- AttributeName support. 2002-09-21 00:11:43 +00:00
Kurt Zeilenga
d9d58ae02f Save "-" for no subtypes 2002-09-20 19:58:25 +00:00
Howard Chu
9ba829436e Add dummy reference to lutil_uuidstr() for dynamically loaded back-bdb
and back-ldbm.
2002-09-20 01:02:33 +00:00
Howard Chu
104f8cc409 Simpler fix for NO_THREADS 2002-09-19 06:34:53 +00:00
Howard Chu
ff9e580d33 Updated BDB_HIER for current API 2002-09-19 06:08:12 +00:00
Howard Chu
6fa0363d09 Don't set bdb yield with NO_THREADS 2002-09-19 01:38:00 +00:00
Howard Chu
919274432b Fixes for NO_THREADS
Use a per-env locker ID
	Always set lock_detect, since we allow slapadd etc. concurrently
Also removed unused lock_detect_task code. lockdetect config keyword only
needs <policy>, no <seconds> argument.
2002-09-19 01:13:27 +00:00
Howard Chu
7666bb7482 Add calls to module_init/module_kill to support dynamically loaded backends. 2002-09-18 11:58:19 +00:00
Kurt Zeilenga
3eb21d8a6c Misc cleanup 2002-09-16 21:50:55 +00:00
Kurt Zeilenga
f0364e25d1 Fix sizeof [r]buf typo 2002-09-16 21:35:33 +00:00
Kurt Zeilenga
cc7d1433bb For object classes in attribute lists, use '+' (or '-') to indicate
name is an objectClass.
2002-09-16 20:48:08 +00:00
Kurt Zeilenga
a1da292989 Wrap csn filter frees with sync mode check. 2002-09-15 22:42:50 +00:00
Kurt Zeilenga
88c8cca820 Fix return value 2002-09-15 22:42:07 +00:00
Kurt Zeilenga
0ad91236fd Add LDAP_CONTROL_CLIENT_UPDATE to list of supported controls 2002-09-15 22:28:38 +00:00
Kurt Zeilenga
1d0e916c6f Misc CLIENT_UPDATE cleanups 2002-09-15 22:22:51 +00:00
Kurt Zeilenga
2a9783bd5e Fix typos in last commit 2002-09-15 22:13:25 +00:00
Kurt Zeilenga
629a0219f2 Cleanup up LDAP_CLIENT_UPDATE code... including some bug fixing. 2002-09-15 21:08:34 +00:00
Jong Hyuk Choi
1509e321de LCUP Response Control Code 2002-09-14 00:29:06 +00:00
Howard Chu
3e61f0630d Fix ITS#2082, bdb_idl_intersection 2002-09-13 20:19:56 +00:00
Howard Chu
7e493b87be Fix debug messages 2002-09-13 20:19:15 +00:00
Howard Chu
a8297e6d22 Fix test of uninit'd rc at LOCK_ID 2002-09-13 12:32:08 +00:00
Howard Chu
1263e40b55 Set BDB's global allocators to ber_*, don't bother with the per-env setting. 2002-09-12 02:47:18 +00:00
Pierangelo Masarati
ae2cd84d16 trim c++ style comments 2002-09-11 17:15:55 +00:00
Howard Chu
7823832770 Fix ITS#2075, NULL moddn->newsup->bv_val 2002-09-11 10:59:41 +00:00
Pierangelo Masarati
8758a30bf2 #undef SLAP_X_FILTER_HASSUBORDINATES while I fix the entry lock problem ... 2002-09-10 10:10:11 +00:00
Howard Chu
35e8b8325d Unifdef BDB_IDL_MULTI. 2002-09-10 04:20:45 +00:00
Kurt Zeilenga
e6fdfd4cee only optimize objectClass filters when (objectClass=*) is
presented... avoids (&(objectClass=*)(objectClass=foo)) problems.
2002-09-09 23:25:22 +00:00
Howard Chu
9953574b47 Fix: if slapadd was used with an un-ordered LDIF file, we can't rely on
entries having ascending entry IDs. Always start from the beginning of
the candidate list. (This should be fine in the general case as well,
since the subtree index will also have refined the candidates.)
2002-09-09 04:24:38 +00:00
Howard Chu
30de884223 More memory cleanup 2002-09-09 00:56:57 +00:00
Howard Chu
a4b30ce455 Plug memleaks from -r1.45 2002-09-09 00:55:52 +00:00
Pierangelo Masarati
b8240724ad optimize also duplicate/existence check in value delete operations 2002-09-07 16:08:30 +00:00
Howard Chu
b623e4495b Fix typo in one-level searches, left over from -r1.23 cleanup 2002-09-06 12:37:24 +00:00
Kurt Zeilenga
37d9880495 Some LCUP clean up 2002-09-06 00:29:20 +00:00
Howard Chu
73207c7110 Replace HACK in slap_sasl_canonicalize with safer test. 2002-09-05 11:01:12 +00:00
Kurt Zeilenga
ab80b03057 back_attribute() should use ACL_AUTH not ACL_READ (at
least for current callers, may need to pass it the
permission level)
2002-09-05 02:37:10 +00:00
Howard Chu
62ceae250c ITS#2065 omit libbackends.a when no static backends configured.
Also fixed dependencies for dynamic backends and tools.
2002-09-04 10:58:25 +00:00
Jong Hyuk Choi
4b48c05a8e LDAP Client Update Protocol - non-persistent update (TODO: response control ...) 2002-09-04 02:00:42 +00:00
Pierangelo Masarati
5d50463376 optimize duplicate detection based on mods and existing values count 2002-09-03 15:12:36 +00:00
Kurt Zeilenga
69ba1a21bc Extend checks to substrings rules. Need to kludge around
LDAP's kludged builtin substrings rules.
2002-09-03 07:28:57 +00:00
Kurt Zeilenga
8a5b200c44 Add appropriate matching rule checks.
Clean up syntax error reporting.
2002-09-03 07:01:09 +00:00
Howard Chu
3099d89d9e Don't use sasl_set_alloc on Cyrus 2, it manages all of its memory
internally and we don't want to get in the way.
2002-09-02 22:25:26 +00:00
Kurt Zeilenga
3e1a896928 Update comment 2002-09-02 22:07:23 +00:00
Pierangelo Masarati
d3ca441ae8 /*
* The original code performs ( n ) normalizations
 * and ( n * ( n - 1 ) / 2 ) matches, which hide
 * the same number of normalizations.  The new code
 * performs the same number of normalizations ( n )
 * and ( n * ( n - 1 ) / 2 ) mem compares, far less
 * expensive than an entire match, if a match is
 * equivalent to a normalization and a mem compare ...
 *
 * This is far more memory expensive than the previous,
 * but it can heavily improve performances when big
 * chunks of data are added (typical example is a group
 * with thousands of DN-syntax members; on my system:
 * for members of 5-RDN DNs,

 members         orig            bvmatch (dirty) new
 1000            0m38.456s       0m0.553s        0m0.608s
 2000            2m33.341s       0m0.851s        0m1.003s

 * Moreover, 100 groups with 10000 members each were
 * added in 37m27.933s (an analogous LDIF file was
 * loaded into Active Directory in 38m28.682s, BTW).
 *
 * Maybe we could switch to the new algorithm when
 * the number of values overcomes a given threshold?
 */
2002-09-02 19:41:03 +00:00
Pierangelo Masarati
eb38db1be5 various fixes and improvements 2002-09-02 19:39:31 +00:00
Pierangelo Masarati
857d08ea21 use bvmatch() instead of ber_bvcmp() when testing for match without ordering 2002-09-02 19:39:06 +00:00
Kurt Zeilenga
132506e13c Add NOOP search support. 2002-09-02 17:38:17 +00:00
Kurt Zeilenga
af183089b8 unifdef -DSLAP_X_MRA_MATCH_DNATTRS 2002-09-01 00:33:20 +00:00
Kurt Zeilenga
b5f51ed4a5 have get_mra use mr_usable_with_at() as well 2002-08-31 21:39:42 +00:00
Kurt Zeilenga
c6052ac8b0 Add mr_usable_with_at() routine. Use both in generation
of rule uses, but also in test_filter_mra()
2002-08-31 21:23:45 +00:00
Kurt Zeilenga
5c61f55faa Make sure we don't expose hidden attribute types in rule uses 2002-08-31 20:49:50 +00:00
Kurt Zeilenga
e9a71156cc Add matching rule use support where assertion syntax != value syntax 2002-08-31 20:42:25 +00:00
Kurt Zeilenga
04c71ce9b2 List approximates as well in rule uses.
Don't yet list ordering rules yet, these require special attention (and
hence are not marked MR_EXT yet)
2002-08-31 19:25:41 +00:00
Kurt Zeilenga
d6ac7ac544 Fix last commit.
Also add uses where mr is the attribute's equality rule.
2002-08-31 19:17:54 +00:00
Kurt Zeilenga
2908cdff11 MR_EXT rules can be used with any type whose syntax is same as
the syntax's assertion syntax.
2002-08-31 19:05:36 +00:00
Kurt Zeilenga
6c7104c82b Don't hide matchingRuleUse's description (now implemented)
Use attribute's cname not oid in matching rule uses
2002-08-31 18:41:21 +00:00
Pierangelo Masarati
966dd1bdca definitely fix NOOP in back-bdb 2002-08-31 17:03:42 +00:00
Pierangelo Masarati
0d5fe062e2 improved support for NOOP; add is fine, the other write funcs still need work 2002-08-31 12:00:39 +00:00
Pierangelo Masarati
a0c54f1625 use ldap_charray_add instead of dedicated helper; get rid of dependency from ldap-int.h 2002-08-31 11:14:15 +00:00
Pierangelo Masarati
71aecea2aa fix bitwise matching (courtesy of Luke Howard) 2002-08-31 10:56:27 +00:00
Pierangelo Masarati
804a111fbd add {create,modify}Timestamp to subschema subentry (SHOULD per RFC2251; use server startup time to be conservative) 2002-08-31 10:49:03 +00:00
Pierangelo Masarati
aea52e5bc9 define macros for appropriate sizing of lutil buffers 2002-08-31 10:48:02 +00:00
Pierangelo Masarati
e2ec62f09f add matchingRuleUse to schema; use a berval instead of _oidlen in syntax and matching rule 2002-08-31 10:45:22 +00:00
Pierangelo Masarati
c76b36254c cleanup comments 2002-08-31 10:41:49 +00:00
Pierangelo Masarati
c8cfbca64d fix extendedMatch and approx hfilter andling; get rid of subtree_cond (argh, need to trim it from config and docs ...) 2002-08-31 10:39:23 +00:00
Pierangelo Masarati
a1bb43946b better handling of children_cond 2002-08-31 10:38:29 +00:00
Pierangelo Masarati
95a99bd522 trace illegal condition in backsql_strfcat 2002-08-31 10:37:42 +00:00
Pierangelo Masarati
685363e880 add 'children_cond' config statement 2002-08-31 10:36:16 +00:00
Pierangelo Masarati
b0dfd89e1b added referral support to back-{ldap,meta}; need to allow send_serch_reference() handle NULL entry pointer 2002-08-31 10:35:23 +00:00
Pierangelo Masarati
501cd4c611 fix extendedMatch values return filter control 2002-08-31 10:29:03 +00:00
Kurt Zeilenga
b04483a6a2 We don't support substrings matching via extensibleMatch 2002-08-30 19:30:58 +00:00
Howard Chu
70673417f2 Fix debug statement 2002-08-30 14:28:45 +00:00
Howard Chu
c4f74ac639 Fix crash in mra_free, freeing ber-private value. 2002-08-30 12:38:50 +00:00
Howard Chu
0614b5fdbf Fix unindent commit 2002-08-30 11:48:47 +00:00
Howard Chu
4a3a557827 Use DB_NODUPDATA when adding IDs. Silence log for DB_NOTFOUND in delete_key,
let caller log it if they care.
2002-08-30 11:37:43 +00:00
Howard Chu
9d4f5e13e8 Unindented a level. Fixed logging of keys. 2002-08-30 11:21:20 +00:00
Howard Chu
f32803e738 Don't mask DB_KEYEXIST errors in bdb_idl_insert_key, let dn2id see them.
Ignore DB_KEYEXIST and DB_NOTFOUND errors in key_change.
2002-08-30 10:41:46 +00:00
Kurt Zeilenga
81420d4f91 Yet another bug fix... this one from Luke. 2002-08-29 19:54:17 +00:00
Pierangelo Masarati
a8bf275221 cleaner handling of unchecked limit support 2002-08-29 19:43:29 +00:00
Kurt Zeilenga
ecfb311f8f Fix objectSubClassIndexer bug 2002-08-29 18:05:49 +00:00
Pierangelo Masarati
58b860a15e fix server-size controls handling in back-{ldap,meta} 2002-08-29 15:07:18 +00:00
Pierangelo Masarati
7e2317c842 add server side controls to back-ldap and back-meta 2002-08-29 14:39:31 +00:00
Pierangelo Masarati
e7d2d0a9f5 avoid zero size ch_malloc() when no attributes are present in vrFilter 2002-08-29 13:32:28 +00:00
Pierangelo Masarati
82cb585d32 trim unused var 2002-08-29 12:41:07 +00:00
Pierangelo Masarati
c38f1a63b0 this test is useless, since noop is masked SLAP_CTRL_UPDATE 2002-08-29 12:17:28 +00:00
Howard Chu
20f6bae612 Use sockbuf_max_incoming_auth after successful Bind 2002-08-29 11:53:37 +00:00
Pierangelo Masarati
fbc11bd16a - added the capability to filter based on hasSubordinate attribute
to back-bdb, back-ldbm and back-sql (the latter with limitations);
- added handling of ":dn" attributes to extended rfc2254 filters
  and to matched value filter
- altered the behavior of get_mra() when a matching rule is given:
  now it checks whether it is compatible with the attribute syntax
  and, in case it is, the given mr is used.  In case of no type,
  the check is delayed when filtering
2002-08-29 10:55:48 +00:00
Pierangelo Masarati
f4c5362955 add bdb_hasSubordinates() helper 2002-08-29 10:50:53 +00:00
Pierangelo Masarati
d855f97372 cleanup 2002-08-29 10:50:12 +00:00
Pierangelo Masarati
a32f8c079a cleanup hasSubordinate operational attr merge 2002-08-29 10:49:41 +00:00
Pierangelo Masarati
b16ee02a49 optimize subschema attribute merge 2002-08-29 10:49:11 +00:00
Pierangelo Masarati
f1eb3e39ec use appropriate attr list when matching value of operational attrs 2002-08-29 10:45:48 +00:00
Pierangelo Masarati
24171e1fe2 fix match result bug 2002-08-29 10:45:24 +00:00
Pierangelo Masarati
e53d272b3f cleanup error check logic; don't deref be->controls when it's NULL 2002-08-29 10:43:39 +00:00
Pierangelo Masarati
9ee916bdec fix backend initialization (including ITS#2048) 2002-08-29 10:32:48 +00:00
Howard Chu
7cdb6866cf Two more bervals instead of strings... 2002-08-29 08:47:53 +00:00
Howard Chu
4d36fd5a3e Fix ITS#1991 - referrals with sarch base == target (wasn't sure at first,
but see diff -r1.6 -r1.7 and it's obvious.)
2002-08-29 08:43:23 +00:00
Kurt Zeilenga
923d033c99 Finish adding subclassing indexing support 2002-08-29 02:27:15 +00:00
Kurt Zeilenga
1086ffb438 Round one of subclass indexing for objectClass and structualObjectClasss.
add soc_cname to ObjectClass structure
2002-08-29 01:12:59 +00:00
Kurt Zeilenga
bfa89d6e15 Include lber_pvt.h 2002-08-28 16:47:04 +00:00
Howard Chu
9c4f89c6f7 Added no-op sasl_client_auth if SASL_VERSION_MAJOR < 2. 2002-08-28 08:33:24 +00:00
Kurt Zeilenga
aa36f5d049 cleanup 2002-08-28 07:30:57 +00:00
Howard Chu
3cb7a09eb0 Added check for Cyrus SASL sasl_version() 2002-08-28 07:12:22 +00:00
Howard Chu
1602bc3aa1 Fix ITS#2047 - link ldbm.lo directly when building back-ldbm as a module 2002-08-28 02:50:30 +00:00
Kurt Zeilenga
288f0f4f6d Add another safety check 2002-08-27 17:51:35 +00:00
Howard Chu
9fa8eded08 ITS#2040 - in bdb_idl_fetch_key() use a large enough buffer to get the
entire IDL at once, to avoid triggering BDB resource leaks.
2002-08-27 15:11:04 +00:00
Kurt Zeilenga
aa602e0adc Return other. 2002-08-27 05:51:35 +00:00
Kurt Zeilenga
6ec6115119 Fix bug in last commit 2002-08-27 02:43:00 +00:00
Kurt Zeilenga
433eb54dc7 no structuralObjectClass is not a schema violation, but an
internal error.  It *should* have been added.
2002-08-27 02:28:15 +00:00
Kurt Zeilenga
11236eae56 Clean up some structuralObject checks to improve readability.
Functionality not changed (excepting one error message).
2002-08-27 01:55:09 +00:00
Kurt Zeilenga
00003ac539 Fix comment 2002-08-27 01:35:43 +00:00
Kurt Zeilenga
522ee4a038 Only add LASTMOD attributes if they don't exist in input. 2002-08-27 01:27:42 +00:00
Howard Chu
9f5b28baf3 Remove c_sasl_bindmutex, Binds are already serialized. 2002-08-26 22:20:30 +00:00
Kurt Zeilenga
2c4cfd7c27 remove lint 2002-08-26 20:11:19 +00:00
Kurt Zeilenga
9be4df6b7c Prevent buffer overflow 2002-08-26 20:10:45 +00:00
Kurt Zeilenga
1c5725010e Add a Connection pointer to the Operation. 2002-08-26 19:29:34 +00:00
Kurt Zeilenga
fb7ac08ada cleanup 2002-08-26 19:13:44 +00:00
Kurt Zeilenga
6f8a3919a1 Fix last commit. 2002-08-26 18:07:58 +00:00
Kurt Zeilenga
af4cb85d8b Prevent unlocking unlocked sasl_bindmutex... 2002-08-26 18:06:55 +00:00
Pierangelo Masarati
d9da0f2bb8 silence annoying warning (BTW: who initializes be?) 2002-08-26 17:37:33 +00:00
Howard Chu
53b194fa32 Fix oc_filter, it could exit early before counting the full depth of the
filter tree. Also, only give special treatment to objectclass=*.
2002-08-26 12:04:53 +00:00
Kurt Zeilenga
08059f1633 zap charray 2002-08-25 16:53:20 +00:00
Howard Chu
5ff509f2d3 Fix previous commit, BDB_REUSE_LOCKERS was inside a BDB version #ifdef
but is not version-dependent.
2002-08-25 11:06:35 +00:00
Howard Chu
1524f86778 Fix ITS#2044 duplicate search results due to broken bdb_idl_union 2002-08-25 10:18:01 +00:00
Howard Chu
5d9479a3e8 Add debug if bdb_cache_entry_db_lock fails to get a lock
to assist in diagnosing ITS#1986
2002-08-24 19:23:30 +00:00
Howard Chu
d6449b1d57 Experimental code that uses one locker ID per thread. Seems to work OK,
is enabled by default. #undef BDB_REUSE_LOCKERS in back-bdb.h to disable.
Probably needs to be disabled when built with NO_THREADS.
2002-08-24 08:11:08 +00:00
Howard Chu
925714ceef Experimental cruft to propagate valid Operation to SASL callbacks.
If you have a better way, jupm on in...
2002-08-24 07:34:50 +00:00
Howard Chu
1d7ee4471f Pass Operation to backend_attribute - should have been doing this all along. 2002-08-24 07:31:14 +00:00
Howard Chu
8c30114d84 Added thread-pool getkey/setkey functions 2002-08-24 05:39:43 +00:00
Kurt Zeilenga
e259c3c938 Zap 2002-08-24 00:55:56 +00:00
Kurt Zeilenga
23efa07a99 use ldap_charray_*() instead of charray_*() 2002-08-24 00:55:24 +00:00
Kurt Zeilenga
c67781d0ea use ldap_charray_free() instead of slapd's charray_free() 2002-08-24 00:40:25 +00:00
Howard Chu
77783bb4b7 Fix typo in previous commit. (Benign, code was #if'd out anyway.) 2002-08-23 22:29:08 +00:00
Pierangelo Masarati
f11c6b27e7 Final run of changes to back-sql; IBM db2 support has been tested.
Now related ITSes need be audited and possibly closed.

Enhancements:
  - re-styled code for better readability
  - upgraded backend API to reflect recent changes
  - LDAP schema is checked when loading SQL/LDAP mapping
  - AttributeDescription/ObjectClass pointers used for more efficient
    mapping lookup
  - bervals used where string length is required often
  - atomized write operations by committing at the end of each operation
    and defaulting connection closure to rollback
  - added LDAP access control to write operations
  - fully implemented modrdn (with rdn attrs change, deleteoldrdn,
    access check, parent/children check and more)
  - added parent access control, children control to delete operation
  - added structuralObjectClass operational attribute check and
    value return on search
  - added hasSubordinate operational attribute on demand
  - search limits are appropriately enforced
  - function backsql_strcat() has been made more efficient
  - concat function has been made configurable by means of a pattern
  - added config switches:
      - fail_if_no_mapping	write operations fail if there is no mapping
      - has_ldapinfo_dn_ru	overrides autodetect
      - concat_pattern		a string containing two '?' is used
				(note that "?||?" should be more portable
				than builtin function "CONCAT(?,?)")
      - strcast_func		cast of string constants in "SELECT DISTINCT					statements (needed by PostgreSQL)
      - upper_needs_cast	cast the argument of upper when required
				(basically when building dn substring queries)

Todo:
  - add security checks for SQL statements that can be injected (?)
  - re-test with previously supported RDBMs
  - replace dn_ru and so with normalized dn (no need for upper() and so
    in dn match)
  - implement a backsql_normalize() function to replace the upper()
    conversion routines
  - note that subtree deletion, subtree renaming and so could be easily
    implemented (rollback and consistency checks are available :)
  - implement "lastmod" and other operational stuff (ldap_entries table ?)
2002-08-23 08:54:08 +00:00