Commit Graph

111 Commits

Author SHA1 Message Date
Pierangelo Masarati
5716b7f1b2 document saslAuthzTo/saslAuthzFrom new syntax; add onelevel style to DN type 2004-03-06 11:00:49 +00:00
Kurt Zeilenga
3c598e89fb Happy new year 2004-01-01 19:15:16 +00:00
Pierangelo Masarati
42d7d6d743 propagate flags to sasl-regexp functions (will need it later) 2003-12-18 18:32:45 +00:00
Pierangelo Masarati
113727ba53 allow 'all' vs. 'any' sasl-authz-policy 2003-12-18 18:28:43 +00:00
Pierangelo Masarati
f2a9089e4d cleanup most of the -pedantic warnings (ITS#2884) and other small fixes 2003-12-17 20:55:46 +00:00
Kurt Zeilenga
271fff13de Sync with HEAD 2003-12-17 17:55:27 +00:00
Pierangelo Masarati
bc972e0656 allow 'AUTHZ' mech in proxyAuthz control to allow also the <mech> part of the 'u:' user 2003-12-15 18:19:14 +00:00
Pierangelo Masarati
b4629f1e79 fix previous commits 2003-12-14 14:08:15 +00:00
Kurt Zeilenga
5b0236f4ae Add u: comment 2003-12-13 23:41:44 +00:00
Kurt Zeilenga
1fadacaa31 Forward parse the uauthzid. A realm cannot be specified unless
a mechanism is specified.  (Few mechanisms (DIGEST-MD5 only) support
separate realms.)
2003-12-13 23:38:05 +00:00
Pierangelo Masarati
4602c935f7 saslAuthzTo/From stuff
when comparing IDs to saslAuthzTo/From values, the saslAuthzTo
saslAuthzFrom values can take different forms:

dn[.<style>]:<pattern>

<style> ::= 	exact		; exact match
		children	; children of <pattern> match
		subtree		; <pattern> or children of <pattern> match
		regex		; <pattern> is regcomp() & regexec()
if no <style>, then exact is assumed

u[.<mech>][/<realm>]:<user>

when parsing a proxyAuthz value, only exact DN is allowed,
and no <mech> can be specified.  <user> cannot contain ':'
and <mech> cannot contain '/'.
2003-12-13 23:02:59 +00:00
Pierangelo Masarati
d6bc071dd9 add subtree/children styles to saslAuthzTo/From; 'dn:' now defaults to exact 2003-12-13 12:23:56 +00:00
Pierangelo Masarati
43db7cf4bf cleanup saslauthz code 2003-12-13 10:58:31 +00:00
Howard Chu
be1a728c5b Added sc_next and sc_cleanup to slap_callback 2003-12-07 08:51:23 +00:00
Luke Howard
369b1515db Ensure exact DNs are normalized in slap_parseURI. 2003-12-06 02:16:39 +00:00
Kurt Zeilenga
20c8ea8a44 Update Mark's notice (with permission) 2003-12-04 21:12:17 +00:00
Pierangelo Masarati
93d0c25c45 syntax improvement (ITS#2852) 2003-12-03 00:29:29 +00:00
Pierangelo Masarati
ff919168fb if rule is an URI, must have a filter field 2003-12-01 07:50:27 +00:00
Kurt Zeilenga
4e15a84452 Updated notices 2003-11-27 01:17:14 +00:00
Howard Chu
f4649fbde3 ITS#2825 fix SASL internal searches 2003-11-13 21:42:28 +00:00
Howard Chu
bb13266a15 Plug memleak in slap_parseURI 2003-09-20 05:55:48 +00:00
Luke Howard
d649ae0808 Inherit operation pblock for SLAPI 2003-08-31 08:14:54 +00:00
Kurt Zeilenga
009191da73 delete incorrect URI description. RFC 2255 should be used. 2003-07-31 08:41:11 +00:00
Kurt Zeilenga
46122fa688 Fix ITS#2578 2003-06-15 05:52:51 +00:00
Kurt Zeilenga
7ca24a8591 Another round of minor copyright updates 2003-05-25 03:56:57 +00:00
Howard Chu
9dace23dec Change slap_sasl_authorized to take an Operation instead of a Connection,
for compatibility with proxyAuthz control
2003-05-24 02:44:46 +00:00
Howard Chu
83f0acc1d8 ITS#2533 backend_attribute uses tmpmemctx, must free accordingly 2003-05-24 02:06:18 +00:00
Howard Chu
b6ef8c1876 ITS#2505 - make sr_strings per-op instead of static 2003-05-12 23:57:19 +00:00
Kurt Zeilenga
5cd994ed21 remove dnNormalize2
replace calls to dnNormalize2 with calls to dnNormalize
2003-04-29 18:28:14 +00:00
Hallvard Furuseth
778a38f49c Reduce warnings: Add missing 0 or NULL initializers for struct members. 2003-04-29 16:36:19 +00:00
Howard Chu
280fc819cf Memory context tweaks for Bind 2003-04-12 06:56:42 +00:00
Howard Chu
ece7452b05 More memory context tweaks 2003-04-11 01:29:28 +00:00
Howard Chu
f897519d11 Minor cleanups 2003-04-09 23:37:00 +00:00
Howard Chu
813d5c8ed8 First cut at thread-local malloc. Only used by search() for now...
Needs work in normalizers, etc.
2003-04-09 16:52:03 +00:00
Howard Chu
9355dca9af Consolidated slap_callbacks into one function. Removed send_search_result. 2003-04-01 04:12:18 +00:00
Howard Chu
e8c58b4e7f Major API change - (SLAP_OP_BLOCKS) All request parameters are
consolidated into the Operation structure. All reply parameters
are consolidated into the new SlapReply structure. Most operations
now have identical call signatures... Changes are not #ifdef'd,
revert to -r NO_SLAP_OP_BLOCKS if necessary to back out.
2003-03-30 09:03:54 +00:00
Howard Chu
40454ccec8 Added op->o_is_auth_check; use ACL_AUTH instead of ACL_SEARCH/ACL_READ
in access_allowed() if flag is set. Set in sasl/saslauth searches.
2003-03-10 22:07:21 +00:00
Howard Chu
9beaa08d79 Fix slap_sasl_authorized, c_authz_backend may be NULL 2003-03-02 00:21:24 +00:00
Howard Chu
979e5073cf Revert previous kludge in controls.c, use ldap_pvt_thread_pool_context
instead if c_sasl_bindop is NULL.
2003-02-16 19:34:29 +00:00
Kurt Zeilenga
8f82e9f772 ITS#2117: remove suffixalias support until someone fixes it 2003-02-09 07:20:03 +00:00
Kurt Zeilenga
5192938964 code cleanup 2003-02-07 19:05:45 +00:00
Luke Howard
dfc7d338a6 Add sendreference callback 2003-02-01 07:04:13 +00:00
Kurt Zeilenga
6939c53170 Happy new year 2003-01-03 20:20:47 +00:00
Howard Chu
4e4818771c Plug memory leak 2002-12-18 22:44:13 +00:00
Kurt Zeilenga
7be4d566d7 cleanup 2002-12-13 00:18:54 +00:00
Luke Howard
6730080081 Allow the root DN to switch to any authorization identity. 2002-12-05 12:25:16 +00:00
Howard Chu
574090d184 Fix slap_sasl2dn(), performing internal search with wrong op.o_ndn. 2002-12-04 22:37:51 +00:00
Kurt Zeilenga
da76c1951e First-cut proxy authorization support. 2002-12-03 06:11:32 +00:00
Kurt Zeilenga
ab80b03057 back_attribute() should use ACL_AUTH not ACL_READ (at
least for current callers, may need to pass it the
permission level)
2002-09-05 02:37:10 +00:00
Howard Chu
70673417f2 Fix debug statement 2002-08-30 14:28:45 +00:00