Commit Graph

138 Commits

Author SHA1 Message Date
Howard Chu
45aadbbbba Eliminate unnecessary per-operation dn_normalize(o_ndn); it's already
done in do_bind() and there's space in the connection structure for c_ndn
already, just copy it.
2001-12-09 14:46:29 +00:00
Pierangelo Masarati
aee3600276 minor cleanup 2001-11-17 16:18:07 +00:00
Kurt Zeilenga
82fad7d0c8 First stable an implementing latest namedref specification.
Includes rewriting of URLs where the DN of the referral object
and the DN of the ref attribute attribute are not the same.
Also, always returns explicit DN and scope.
Currently, back-ldbm only.  Needs to be ported to back-bdb.
2001-10-26 02:05:14 +00:00
Kurt Zeilenga
cc6fab319e Add support for separate max incoming for anonymous and authenticated
sessions (defaults: 256K and 16M respectively).
2001-05-29 20:00:55 +00:00
Kurt Zeilenga
0fc62be316 Rework security restrictions for SASL bind 2001-02-03 03:17:22 +00:00
Gary Williams
f49fd8a98e fix format 2001-01-17 16:35:53 +00:00
Gary Williams
d531a20f52 more new logging (finally), behind NEW_LOGGING 2001-01-11 17:11:23 +00:00
Kurt Zeilenga
dbdba34972 First-cut at manageDSAit-aware backend selection. 2000-10-21 03:29:02 +00:00
Kurt Zeilenga
2b2ee1ccbd Return authMethodNotSupported not authUnknown for unknown
bind authentication method
2000-10-13 05:28:23 +00:00
Kurt Zeilenga
27b30275a6 We need to set sasl_layers prior to returning result... 2000-10-07 02:00:54 +00:00
Mark Adamson
bf1ee530ea Implementation of SASL authorization. 2000-09-21 17:32:54 +00:00
Kurt Zeilenga
825c3c4c5c Fix handling of optional cred 2000-09-15 00:09:44 +00:00
Kurt Zeilenga
3342ea3b49 Add more bind allow/disallow flags 2000-09-11 18:24:24 +00:00
Kurt Zeilenga
2e13824d0d Add "allow tls_2_anon" to allow StartTLS to force session to anonymous.
Add "disallow tls_authc" to disallow StartTLS when session is authenticated.
Create and use connection2anonymous routine for consistency.
2000-09-08 22:59:01 +00:00
Kurt Zeilenga
4e8973e6cb Rework bind restrictions 2000-08-28 23:37:44 +00:00
Kurt Zeilenga
102f12a71a Restrict bind 2000-08-28 23:29:29 +00:00
Kurt Zeilenga
3e91d48127 Move authzid_backend to after restrictions checks 2000-08-28 21:28:22 +00:00
Kurt Zeilenga
9715e7f008 Add disallow and requires to man page. Fix sasl ssf handling bug. 2000-08-28 18:58:13 +00:00
Kurt Zeilenga
bf3df2f7a6 restrictops, requires, disallow knobs; ssf acls; and misc other changes
man pages to follow...
2000-08-28 18:38:48 +00:00
Kurt Zeilenga
1c328aa9c7 Minor typedef and other clean ups 2000-08-26 01:14:05 +00:00
Kurt Zeilenga
a50f391bb3 Working SASL security layers! 2000-07-28 00:04:07 +00:00
Kurt Zeilenga
5fc22599e2 Update SASL code to reuse context through life of session.
Replace 'negotiated' with 'interactive' bind
Add hooks for SASL/EXTERNAL
Disable SASL security layers
Rework SASL command line and config file parameters
2000-07-13 22:54:38 +00:00
Kurt Zeilenga
5c4cef793f Fix error handling 2000-07-05 22:15:43 +00:00
Kurt Zeilenga
60802201e3 Const'ification
SASL mech removed from backend bind callback (as SASL is managed by frontend)
Changes to some backends are untested (as I don't have all dependent
  software install)
2000-05-22 03:46:57 +00:00
Kurt Zeilenga
b2f56a7318 SLAPD_SCHEMA_NOT_COMPAT: framework for value_match() and value_find() 2000-05-21 22:46:51 +00:00
Kurt Zeilenga
4bc786f34b Y2k copyright update 2000-05-13 02:47:56 +00:00
Kurt Zeilenga
643864c569 Change negotiated mechanism:
If application provide one, use it.  If application doesn't
	provide one, use best of server advertised.
Fix SASL/ANONYMOUS (not normally used, but should work)
PLAIN is not currently working... might be local to me as my
Cyrus installation is a bit hosted.
2000-05-11 20:16:26 +00:00
Kurt Zeilenga
92e2453467 A NULL (empty) SASL mechanism should not result in a protocol error. 2000-04-26 09:20:25 +00:00
Kurt Zeilenga
20351a05cc SASL: me thinks I got the states okay... now to test. 2000-04-25 18:02:50 +00:00
Kurt Zeilenga
42a20681cc SASL closer to working from frontend only, need to work through
states.
2000-04-25 17:23:54 +00:00
Kurt Zeilenga
55ae3cffd8 SASL code without backend support. Should work with
external store, but not yet tested.  [Intent is to support
both in same server... may not be doable]
2000-04-25 16:03:17 +00:00
Kurt Zeilenga
2e22c55a6c Fix typo in prev commit 2000-04-25 13:25:55 +00:00
Kurt Zeilenga
6f2a817d9d bind/sasl cleanup PRIOR TO moving call from backend to frontend 2000-04-25 13:21:42 +00:00
Kurt Zeilenga
4710c74605 Rework error handling. Add error descriptions.
Don't use LDAP_OPERATIONS_ERROR for internal errors.  Use LDAP_OTHER
instead.  (more changes needed in this area)
2000-03-03 22:37:06 +00:00
Kurt Zeilenga
e96865c1a8 Reorder error detection based upon precedence 2000-03-01 22:59:34 +00:00
Kurt Zeilenga
ac7f6c2e37 Replace do_*() return -1 with return SLAPD_DISCONNECT.
Only return SLAPD_DISCONNECT with a send_ldap_disconnect()
was called.
Add initial code for support predetermined filter results
when filter is undefined (or known to be true or false).
2000-02-29 23:48:01 +00:00
Kurt Zeilenga
3708530620 Didn't return after returning unknown critical control.
Noticed that abandon and unbind don't have control support... something for
another day.
2000-02-01 01:22:06 +00:00
Luke Howard
9b4e3b2234 Merged in preliminary support for Cyrus SASL library;
support for DCE slash-delimited, left-to-right DNs;
support for a domain socket transport (enable with
--enable-ldapi); and extensions to URL parsing to
support the latter transport.
2000-01-02 01:21:25 +00:00
Kurt Zeilenga
d5edb4bff6 Reengineered ldappasswd(1). Uses extended operation to set
user password.  Likely to be modified to use bind control
instead.  Use of modify deprecated in favor mechanisms that
support passwords stored externally to the directory (such
as in a SASL service).
Modified slapd extended operation infrastructure to support
backend provided extended operations.
1999-12-08 04:37:59 +00:00
Howard Chu
3b49944829 Fix to avoid freeing an uninitialized pointer 1999-11-05 22:45:43 +00:00
Howard Chu
2395c6c23c Added line to #include "ldap_pvt.h". Part of Mingw32 support.
See README 1.27 log.
1999-10-28 07:13:33 +00:00
Kurt Zeilenga
7a0b0b2bbf In preparation for adding dn_rewrite()...
s/dn_normalize/dn_validate/
s/dn_normalize_case/dn_normalize/
1999-09-24 01:46:37 +00:00
Howard Chu
b070303a6b Fix previous dn checkin 1999-09-19 01:29:45 +00:00
Howard Chu
f991ef04e6 Added mixed-case as well as up-cased DN argument. The behavior of back-bdb2
and back-ldbm are preserved, they only use the up-cased DNs. back-passwd
uses the mixed-case DN. All others are using mixed-case DN, may need more
fixing.
1999-09-18 23:40:03 +00:00
Kurt Zeilenga
403f4479bc Add OpenLDAP RCSid to *.[ch] in clients, libraries, and servers.
Replace old Id as needed (back-tcl).
Leave updating of contribWare to contributors (for now).
1999-09-08 19:06:24 +00:00
Kurt Zeilenga
2a74677799 const'fication 1999-08-20 19:00:44 +00:00
Kurt Zeilenga
8ead8c5fd9 Clean up debug messages. 1999-08-19 00:40:18 +00:00
Hallvard Furuseth
6054463eeb Minor cleanup:
Fix Statlog() formats, remove an implicit int, include <ctype.h> for isspace().
1999-08-07 05:36:48 +00:00
Kurt Zeilenga
9c3ed0310b Add copyright notices. 1999-08-06 23:07:46 +00:00
Kurt Zeilenga
354d49fb9a List supportedSASLmechanisms based upon what sasl_listmech() returns. 1999-08-03 23:23:05 +00:00
Kurt Zeilenga
f90ed5aef8 Add a little SASL framework and remove old X-DIGEST-MD5 hardcode.
This code is not called (yet).
1999-08-03 02:37:42 +00:00
Kurt Zeilenga
c12547cf3b Resurrect suffix aliasing... 1999-07-27 18:43:30 +00:00
Kurt Zeilenga
68d561a97b Add limited LDAP_INVALID_DN_SYNTAX support. dn_normalize{,_case}() now returns
NULL does not meet basic syntax rules.
1999-07-22 17:14:42 +00:00
Kurt Zeilenga
059ee8c86d (re)introduce o_connid such that STATS doesn't need c_mutex (which it
didn't bother to acquire)...
1999-07-16 22:24:32 +00:00
Kurt Zeilenga
73276e84ae Import experimental referral implementation from OPENLDAP_DEVEL_REFERRALS.
Includes support for update referral for each replicated backend.
	Reworked replication test to use update referral.
Includes major rewrite of response encoding codes (result.c).
Includes reworked alias support and eliminates old suffix alias codes
(can be emulated using named alias).
Includes (untested) support for the Manage DSA IT control.
Works in LDAPv2 world.  Still testing in LDAPv3 world.
Added default referral (test009) test.
1999-07-16 02:45:46 +00:00
Kurt Zeilenga
e9c2895472 Add support for unsolicited notifications. 1999-07-07 18:51:39 +00:00
Kurt Zeilenga
00086db3f6 Add get_ctrls()... 1999-07-05 23:01:17 +00:00
Kurt Zeilenga
549c89f817 Regarding previous commit:
Fix broken ACL macros.
	Fix o_dn/o_ndn == NULL vs "".
1999-07-04 19:53:00 +00:00
Kurt Zeilenga
106eef41d8 HEADS UP: connections are forced to "anonymous" status upon receiving
of a bind request and, upon failure, are left "anonymous."

Rework ACL code to hide access testing within macros to facilate additions
and eventual redesign.

Addition of #ifdef SLAPD_ACLAUTH to conditional include EXPERIMENTAL
"auth" access controls.  Adds ACL_AUTH "auth" access level (above none,
below "compare").  bind requires anonymous access at this level or above access
to "entry"/"userPassword"/"krbName".  This allows administrators to restrict
which entries can be bound to.  (This will likely become default behavior
after testing has completed).
1999-07-04 18:46:24 +00:00
Kurt Zeilenga
b7bbc7504d More bind changes to support SASL/DIGEST.
Added configuration support for "digest-realm <realm>" configure directive.
Added connection state and bind_in_progress fields to cn=monitor connection
attribute.
1999-07-02 19:48:07 +00:00
Kurt Zeilenga
97bc107537 Add macros to support testing of error categories to ldap.h
Modify ldap_result to assert returned error is not an one reserved
for API use.
Modify frontend LDAP operation routines to return an error code.
The returned value will be used to determine if an unsolicited notification
should be sent to the client.
Need to review returned error codes.  Namely some LDAP_PROTOCOL_ERROR
will like need to be changed (as they will cause unsolicited notifications).
1999-07-01 21:20:45 +00:00
Kurt Zeilenga
ddd0559284 Fairly complete slapd SASL bind parsing... and centralized cleanup code.
Update error strings and cldap misuse of server error.
1999-07-01 04:42:01 +00:00
Kurt Zeilenga
129ee42f37 NO-OP SASL parsing... DIGEST-MD5 coming soon. 1999-07-01 03:18:00 +00:00
Kurt Zeilenga
f9db1ea889 Rework BER decoding with lieu of LDAPv3 controls (coming soon).
Add place holder for handling LDAPv3 extended operations (coming soon).
1999-06-30 22:43:27 +00:00
Kurt Zeilenga
1ee85df297 Add framework for sasl and controls. 1999-06-29 03:17:22 +00:00
Kurt Zeilenga
dcc5bdfe7e Log out to stderr, add LDAP_VERSION3 support to bind.c and modrdn.c 1999-06-29 01:02:48 +00:00
Kurt Zeilenga
2660d0b42f Remove old U-Mich v3.0 and OLD_LDAP_* crud.
Leave only LDAPv2+ and LDAPv3.
1999-06-29 00:03:34 +00:00
Kurt Zeilenga
669b8f4047 ber_int_t, ber_tag_t, ber_socket_t, ber_len_t
added lber_types.h.nt, lber_types.h.in
removal of NULLxxx internal macros (in favor of NULL).
ch_free added to slapd,slurpd/ch_malloc.c
#define free ch_free (should be removed after s/free/ch_free/g) in proto-slap.h
ch_malloc and friends use ber_memalloc and friends
1999-06-18 23:53:05 +00:00
Kurt Zeilenga
22d98c85c3 ldap.h:
added comments
 removed LDAP_MAX_ATTR_LEN
 removed LDAP_COMPAT* from <ldap.h> but not code.
 move LDAP_DEFAULT_REFHOPCOUNT to ldap-int.h
 added experimental options macros
 added LDAP_CONTROL_REFERRALS macros
libldap:
 Replace ld_attrbuffer with per use allocated attributed.
 ldap_first/next_attribute attributes now must be freed (as per draft).
 unifdef -DLDAP_API_FEATURE_X_OPENLDAP_V2_REFERRALS
1999-05-22 06:11:48 +00:00
Kurt Zeilenga
6762f1d48a Should not have freed ber_buf when freeing temp copy 1999-05-20 22:01:38 +00:00
Kurt Zeilenga
d8cb38c2ef method tag should be unsigned long.
connection assert should use s, not i.
1999-05-19 07:15:16 +00:00
Kurt Zeilenga
dc07e765f2 Vienna Bulk Commit
This commit includes many changes.  All changes compile under NT but
have not been tested under UNIX.

A Summary of changes (likely incomplete):

NT changes:
	Removed lint.
	Clean up configuration support for "Debug", "Release", "SDebug",
		and "SRelease" configurations.
	Share output directories for clients, libraries,
		and slapd.  (maybe they should be combined further
		and moved to build/{,S}{Debug,Release}).
	Enable threading when _MT is defined.
	Enable debuging when _DEBUG is defined.
	Disable setting of NDEBUG under Release/SRelease.  Asserts
		are disabled in <ac/assert.h> when LDAP_DEBUG is not
		defined.
	Added 'build/main.dsp' Master project.
	Removed non-slapd projects from slapd.dsp (see main.dsp).
	Removed replaced many uses of _WIN32 macro with feature based
		macros.

ldap_cdefs.h changes
	#define LDAP_CONST const
		(see below)
	#define LDAP_F(type) LDAP_F_PRE type LDAP_F_POST
		To allow specifiers to be added before and after
		the type declaration.  (For DLL handling)

LBER/LDAP changes
	Namespace changes:
		s/lber_/ber_/ for here and there.
		s/NAME_ERROR/LDAP_NAME_ERROR/g
	Deleted NULLMSG and other NULL* macros for namespace reasons.
	"const" libraries.  Installed headers (ie: lber.h, ldap.h)
		use LDAP_CONST macro.  Normally set to 'const' when
		__STDC__.  Can be set externally to enable/disable
		'constification' of external interface.  Internal
		interface always uses 'const'.  Did not fix warnings
		in -lldif (in lieu of new LDIF parser).

	Added _ext API implementations (excepting search and bind).
		Need to implement ldap_int_get_controls() for reponses
		with controls.

	Added numberous assert() checks.

LDAP_R
	_MT defines HAVE_NT_THREADS
	Added numberous assert() checks.
	Changed ldap_pthread_t back to unsigned long.  Used cast
	to HANDLE in _join().

LDBM
	Replaced _WIN32 with HAVE_SYSLOG

ud
	Added version string if MKVERSION is not defined.  (MKVERSION
		needs to be set under UNIX).

slapd
	Made connection sockbuf field a pointer to a sockbuf.  This
		removed slap.h dependency on lber-int.h.  lber-int.h now only
		included by those files needing to mess with the sockbuf.
	Used ber_* functions/macros to access sockbuf internals whenever
		possible.
	Added version string if MKVERSION is not defined.  (MKVERSION
		needs to be set under UNIX).
	Removed FD_SET unsigned lint

slapd/tools
	Used EXEEXT to added ".exe" to routines.  Need to define EXEEXT
		under UNIX.

ldappasswd
	Added ldappasswd.dsp.  Ported to NT.  Used getpid() to seed rand().

nt_debug
	Minor cleanup.  Added "portable.h" include and used <ac/*.h> where
	appropriate.  Added const to char* format argument.
1999-05-19 01:12:33 +00:00
Kurt Zeilenga
8f02beada9 PROTOTYPE: New connection management infrastructure designed to
remove race conditions on connection close.
BROKEN: various counters for dn=monitor.
Initial testing on FreeBSD (with and without pthreads) was successfull.
Have not yet tested preemptive threading environments.
Have not built against backends other than LDBM.
1999-03-22 07:14:54 +00:00
Hallvard Furuseth
5ef648a109 Silence warnings: Remove unused variables. Enclose some initializers in in {}. 1999-03-09 07:15:35 +00:00
Hallvard Furuseth
3250aef49c function pointers are incompatible with `void *'; remove NULL or replace with 0 1999-03-03 18:49:59 +00:00
Kurt Zeilenga
72ba4cfb71 Use -lldap_r instead of -lldap -lthread.
Likely broke things for non-posix threadings....

Update -lldap_r implementation to:
	remove attribute support
	hide thread detachment
	provide concurrency accessors
	provide initialization function
	fix gethostby{addr,name}_r codes (not coverred by HAVE_REENTRANT_FUNCTIONS)
Update servers/libraries to use ldap_pvt_thread_ calls.
Cleanup server codes (no #ifdef HAVE_PTHREAD_THIS or _THATs)!
Removed -llthread
1999-01-28 04:34:55 +00:00
Kurt Zeilenga
5bfb3ac221 nextid cleanup in preparation to disable next_id_return(). 1999-01-22 01:40:39 +00:00
Kurt Zeilenga
127ec9c46c Fix c_cdn typo. Ouch. 1999-01-21 02:25:09 +00:00
Kurt Zeilenga
09421a74db Add c_protocol to slap_conn to track protocol version used by client.
Is initialized to 0 (unknown) and then set to 2 or 3 on bind.  Should
also be 0->3 if a special (or any) operation occurs before the bind.
1999-01-21 02:21:39 +00:00
Kurt Zeilenga
0503205c93 suffixAlias will return a normalized uppercase DN if input is normalized
and uppercase.  (aliased_dn are stored in normalized uppercase format).
1999-01-19 19:29:11 +00:00
Kurt Zeilenga
e2a15115b0 Update slap_conn to maintain client provided dn and bound dn.
Update slap_op to maintain dn and ndn (derived from conn->c_dn).
Update ldbm_back_bind to return actual bound dn (including rootdn)
	for use in slapd_conn.  Other backends use client dn.
Modify other codes to use ndn (normalized uppercase dn) most everywhere.
Aliasing, Suffixing and modrdn could use more work.
Applied suffixing to compare and modrdn.
1999-01-19 05:10:50 +00:00
Kurt Zeilenga
e2ee741ea8 Replace strdup() with ch_strdup() such that exit() will be called
if strdup fails.  This is better than not checking, but we should
add orderly shutdown.
1998-11-27 20:21:54 +00:00
Hallvard Furuseth
7e6ad5100c Protoized, moved extern definitions to .h files, fixed related bugs.
Most function and variable definitions are now preceded by its extern
definition, for error checking.  Retyped a number of functions, usually
to return void.  Fixed a number of printf format errors.

API changes (in ldap/include):
  Added avl_dup_ok, avl_prefixapply, removed ber_fatten (probably typo
  for ber_flatten), retyped ldap_sort_strcasecmp, grew lutil.h.

A number of `extern' declarations are left (some added by protoize), to
be cleaned away later.  Mostly strdup(), strcasecmp(), mktemp(), optind,
optarg, errno.
1998-11-15 22:40:11 +00:00
Hallvard Furuseth
8761bbb6e9 ber_scanf() returns unsigned long, not int 1998-11-08 02:56:47 +00:00
Kurt Zeilenga
2a869f5a99 merged with autoconf branch 1998-10-25 01:41:42 +00:00
Kurt Zeilenga
bf6c1e0ad2 Added Will Ballantyne's General Aliasing code.
Not quite sure if the entry lock handling is correct yet.
1998-10-24 02:42:38 +00:00
Kurt Zeilenga
238f7361d6 slapd returned "partial results and referral" even when no default
referral has been configured in the server.  Fix provided by Hallvard.
1998-10-23 22:20:45 +00:00
Kurt Zeilenga
42e0d83cb3 Initial revision 1998-08-09 00:43:13 +00:00