Commit Graph

355 Commits

Author SHA1 Message Date
Pierangelo Masarati
006745430e allow "expand" style in peername, sockname, sockurl as well; more sanity checks 2004-03-09 19:44:14 +00:00
Pierangelo Masarati
042869366d use "expand" instead of "regex" for group ACLs that allow substring expansion, preserving backwards compatibility; add sanity checks 2004-03-09 16:33:05 +00:00
Pierangelo Masarati
a4e062ca36 apply advanced peername ACL (ITS#2907) 2004-03-08 18:49:12 +00:00
Kurt Zeilenga
3c598e89fb Happy new year 2004-01-01 19:15:16 +00:00
Luke Howard
c03a70955d Make defaulted backend available to ACL plugin pblock 2004-01-01 09:42:44 +00:00
Luke Howard
03e5db818f Fix ACL plugin bug - return value of ACL plugins was being ignored 2004-01-01 06:33:18 +00:00
Luke Howard
f289d6b7f0 Fix assertion failure if acl_check_modlist() called where op->o_bd == NULL.
Behavior now matches access_allowed() - the first backend is used. The
code needs review, I have not tested it.
2003-12-30 03:50:14 +00:00
Luke Howard
0549d46adf Don't require slapi to be in the path - always include slapi/slapi.h 2003-12-28 04:17:48 +00:00
Pierangelo Masarati
f2a9089e4d cleanup most of the -pedantic warnings (ITS#2884) and other small fixes 2003-12-17 20:55:46 +00:00
Luke Howard
516fd0ff50 First round of SLAPI cleanups - use slapi_int_XXX for internal functions
(slapi_x_XXX is still reserved for exported functions that are not part
of the SLAPI specification)
2003-12-16 15:49:31 +00:00
Pierangelo Masarati
ee34f3fb64 add to 'val[.<style>=<value>' ACLs special match styles for DN-valued attributes; add negated objectClass to attribute name lists for ACLs and partial replication 2003-12-16 00:49:10 +00:00
Kurt Zeilenga
4e15a84452 Updated notices 2003-11-27 01:17:14 +00:00
Howard Chu
01f7a7466b SLAPI fix - no-op when slapi_plugins_used == 0 2003-10-24 05:58:42 +00:00
Howard Chu
1240c70ff4 ITS#2497, implement value-level ACLs:
access to attr=foo val.regex=bar.*
2003-09-20 03:23:10 +00:00
Howard Chu
94e88c3700 ITS#2679 don't use cached ACL state from different attribute 2003-09-16 22:03:26 +00:00
Kurt Zeilenga
a1b9d3148e subtree ACI patch from Ralf 2003-09-09 18:37:31 +00:00
Luke Howard
0edb270b9e Support for ACL plugins 2003-08-31 08:17:21 +00:00
Howard Chu
dc41a6b37e ITS#2529 null DN in log 2003-05-22 09:22:41 +00:00
Kurt Zeilenga
231f8464d1 cleanup 2003-04-29 21:14:12 +00:00
Kurt Zeilenga
5cd994ed21 remove dnNormalize2
replace calls to dnNormalize2 with calls to dnNormalize
2003-04-29 18:28:14 +00:00
Luke Howard
86a18c2ea2 Don't pollute op->o_bd in access_allowed() 2003-04-18 04:57:15 +00:00
Pierangelo Masarati
194528d689 fix ACI per-thread memory management 2003-04-12 17:42:51 +00:00
Howard Chu
280fc819cf Memory context tweaks for Bind 2003-04-12 06:56:42 +00:00
Howard Chu
ece7452b05 More memory context tweaks 2003-04-11 01:29:28 +00:00
Kurt Zeilenga
c75be97ae9 #ifdef -DSLAP_NVALUES 2003-04-05 03:35:16 +00:00
Pierangelo Masarati
df29552130 fix new API leftover 2003-04-03 21:17:44 +00:00
Howard Chu
e8c58b4e7f Major API change - (SLAP_OP_BLOCKS) All request parameters are
consolidated into the Operation structure. All reply parameters
are consolidated into the new SlapReply structure. Most operations
now have identical call signatures... Changes are not #ifdef'd,
revert to -r NO_SLAP_OP_BLOCKS if necessary to back out.
2003-03-30 09:03:54 +00:00
Howard Chu
5ad51b6150 SLAP_NVALUES tweaks - after input, a_nvals is always populated. If there is
no normalizer, a_nvals = a_vals.
2003-03-24 01:56:56 +00:00
Howard Chu
3f48cabdde Fix typo 2003-03-23 15:45:06 +00:00
Kurt Zeilenga
8873006105 SLAP_NVALUES changes
and misc cleanup
2003-03-16 18:10:16 +00:00
Kurt Zeilenga
c0477e1532 Fix test006-acls 2003-03-15 23:02:55 +00:00
Kurt Zeilenga
3972e13fc3 NVALUES: fix a couple of value_find_ex() calls 2003-03-15 22:47:17 +00:00
Pierangelo Masarati
bfe6d806d9 (ultimately?) fix ITS#2361 2003-03-11 12:23:20 +00:00
Howard Chu
5c3909f567 ITS#2361, skip sockname, peername, peerdomain, sockurl ACLs if the
corresponding conn->field is NULL. (overwrites previous commit.)
2003-03-10 22:28:35 +00:00
Pierangelo Masarati
11c225d40c check conn->c_listener before use (hack to fix ITS#2361; need to review this part of slapi) 2003-03-10 22:19:32 +00:00
Howard Chu
40454ccec8 Added op->o_is_auth_check; use ACL_AUTH instead of ACL_SEARCH/ACL_READ
in access_allowed() if flag is set. Set in sasl/saslauth searches.
2003-03-10 22:07:21 +00:00
Kurt Zeilenga
152829be87 SLAP_NVALUES:
schema engine updated (but not schema routines so things don't run yet)
	nvalues mostly populated, enough for tests 0-2 to pass
	schema routines needs lots of work
	modify/mods codes needs lots of work
2003-02-27 01:54:43 +00:00
Pierangelo Masarati
937475efbf blind fix 2003-02-26 21:45:56 +00:00
Kurt Zeilenga
25886d989a Change MR flag names and add comments as to what they mean to slap.h 2003-02-26 02:55:28 +00:00
Howard Chu
cbf7b063e3 ITS#2285 string_expand for acl set 2003-01-30 20:59:47 +00:00
Kurt Zeilenga
6939c53170 Happy new year 2003-01-03 20:20:47 +00:00
Pierangelo Masarati
8e74ed4dfc fix initialization size and silence warning 2002-12-05 11:47:44 +00:00
Howard Chu
b1798f9160 Fix typo in prev commit value_find/_ex 2002-12-04 23:20:22 +00:00
Howard Chu
09679eb715 Added SLAP_MR_VALUE_NORMALIZED_MATCH, avoid redundant normalize when
calling value_find with already-normalized DNs
2002-12-04 18:19:46 +00:00
Howard Chu
827ea96e16 ITS#1523 enhanced ACL caching 2002-12-04 02:35:00 +00:00
Kurt Zeilenga
33248a02e1 Code cleanup (no functional changes) 2002-10-01 04:07:55 +00:00
Pierangelo Masarati
857d08ea21 use bvmatch() instead of ber_bvcmp() when testing for match without ordering 2002-09-02 19:39:06 +00:00
Howard Chu
1d7ee4471f Pass Operation to backend_attribute - should have been doing this all along. 2002-08-24 07:31:14 +00:00
Kurt Zeilenga
f10699865e consistently reduce string_expand bv_len by 1 2002-08-11 20:26:01 +00:00
Kurt Zeilenga
526d010635 Patch: add OpenLDAPaci #public# access (ITS#2005)
================
Written by Hallvard B. Furuseth and placed into the public domain.
This software is not subject to any license of the University of Oslo.
			================

I couldn't find a way for an OpenLDAPaci to grant public access to an
entry, so I added a dnType #public# for that.  It is in the position
of subjectDn in the draft, which seems kind of stupid, so I put it
in the position of dnType instead.

Hallvard B. Furuseth <h.b.furuseth@usit.uio.no>, Aug 2002.
2002-08-05 17:53:39 +00:00
Kurt Zeilenga
f8c0481dd4 Patch: ACL #access-id#<invalid-DN> granted access to everyone (ITS#2006)
================
Written by Hallvard B. Furuseth and placed into the public domain.
This software is not subject to any license of the University of Oslo.
			================

There is a bug in OpenLDAPaci's "access-id":  If the specified DN is
invalid so dnNormalize2() fails, everyone gets access.
This means that e.g. "#access-id#[all]" gives public access, so it
might be considered a feature, but I fixed it anyway:-)  I guess that
means the change should be documented in the release notes, though.

See also ITS#2005 (add OpenLDAPaci #public# access).

Hallvard B. Furuseth <h.b.furuseth@usit.uio.no>, Aug 2002.
2002-08-05 17:52:16 +00:00
Kurt Zeilenga
182dcf27e2 clean up curly matching 2002-07-28 07:37:46 +00:00
Kurt Zeilenga
8a3d02bf6b misc cleanup 2002-07-23 18:35:12 +00:00
Julius Enarusai
6107ba67d2 Coverted LDAP_LOG macro to use subsystem ID int values instead of string values 2002-07-11 20:33:24 +00:00
Kurt Zeilenga
98a2e41911 Fix ACL to dn="" bug 2002-07-11 01:35:37 +00:00
Pierangelo Masarati
bf449f33bd small cleanup 2002-06-15 18:20:41 +00:00
Pierangelo Masarati
d75249abfe define and normalize static bervals alltogether 2002-06-15 17:01:35 +00:00
Kurt Zeilenga
3e3911247b Remove lint. 2002-04-22 23:03:33 +00:00
Pierangelo Masarati
4b9fa66188 use BVC() macro (changed in BER_BVC) to initialize constant bervals 2002-04-08 18:37:37 +00:00
Pierangelo Masarati
4ca97f4118 uniform temporary buf sizes; use automatic buffers instead of heap 2002-04-08 11:09:34 +00:00
Pierangelo Masarati
440637dde7 various acl improvements/cleanups/speedups (need to be documented, though) 2002-04-03 15:42:19 +00:00
Pierangelo Masarati
ab6ad34692 the logic of this check was completely reversed; in case '*' is used, on't test the regula expression 2002-04-02 08:18:30 +00:00
Pierangelo Masarati
1658aa0893 fix counting twice the substitution length (caused berval to have wrong length, rejected by subsequent dnNormalize) 2002-03-30 15:44:30 +00:00
Pierangelo Masarati
49f324a1fa fix ITS#1671 and more 2002-03-23 16:53:44 +00:00
Howard Chu
6b0fb09e0d Fix ITS#1607, longstanding bug in group and dnattr acls, gave access
to anonymous connections.
2002-03-20 13:11:37 +00:00
Kurt Zeilenga
d50eb2e959 C translator portability changes (ITS#1609) 2002-02-23 23:47:37 +00:00
Pierangelo Masarati
33d5f0f8f8 honor the ber_len field to allow to exploit ldap_bv2[r]dn to handle DNs embedded in longer strings ... 2002-02-13 12:09:36 +00:00
Kurt Zeilenga
32fb8b0bff Add ACL state recording to avoid multiple evaluation of
value-independent access controls.
2002-02-09 05:14:17 +00:00
Kurt Zeilenga
357a2fba5b Update comment 2002-02-08 18:26:53 +00:00
Pierangelo Masarati
cf5489ff00 fixes ITS#1582 (didn't trap SLAP_MOD_SOFTADD modification type) 2002-02-06 08:41:05 +00:00
Howard Chu
5e522ca882 Changed Access.a_sockurl_pat, Connection.c_listener_url etc.
to struct bervals
2002-01-28 11:41:07 +00:00
Howard Chu
b6b4d837e3 Some more struct berval conversions 2002-01-28 10:11:36 +00:00
Pierangelo Masarati
f74e81aa99 check on escaped rdn separator not needed any more 2002-01-22 08:30:32 +00:00
Kurt Zeilenga
8eaaa67db0 Move {add,replace,delete}_value() routines to frontend and share.
Add error detail reporting.
2002-01-19 19:54:48 +00:00
Kurt Zeilenga
492762f1c5 Don't use BDB group/attribute callbacks as they may cause deadlock.
Add code to bdb_attribute and bdb_group where use TXN id and to
provide error, but need to rework callers (and their callers) to
ensure error is properly bubbled up to the backend operation routine
handling the transaction.  Ugh.
2002-01-17 03:58:52 +00:00
Pierangelo Masarati
52b05a5b06 more ber_*cmp optimizations 2002-01-16 19:18:41 +00:00
Kurt Zeilenga
b48c355934 Fix up last commit 2002-01-16 19:03:31 +00:00
Pierangelo Masarati
0842db2a8b fix ber_*str renaming 2002-01-16 18:50:45 +00:00
Kurt Zeilenga
7f0289a390 Move most of the new ber_*cmp routines to lber_pvt.h to keep them private,
rework them slightly to avoid computations which might result in underflow.
Rename them for consistency with other berval routines.
Remove some utf8 lint.
2002-01-16 18:16:15 +00:00
Pierangelo Masarati
af54eed042 added ber_[mem|case]cmp() macros for fast berval comparison; extensively used in acl and in dn_match macro at present 2002-01-16 11:36:47 +00:00
Kurt Zeilenga
5e6e27078c Change replace ACL semantics from U-Mich historical behavior.
U-Mich allows someone with selfwrite to use replace all values
of an attribute with a value containing their DN.  Which, of course,
could than be deleted.  This behavior was carried forward in all
versions of OpenLDAP.

The new semantics separate checks for deleting all existing values
and adding new values.  It is more logical and more inline with
the common use of selfwrite.
2002-01-15 16:23:11 +00:00
Kurt Zeilenga
f89308915a Add a default case with assert() just in case. 2002-01-14 17:25:13 +00:00
Kurt Zeilenga
9d307b4242 ITS#1530 no value replace ACL fix 2002-01-14 17:19:05 +00:00
Howard Chu
ac1332cdb8 Renamed BVarray to BerVarray. Moved slapd:bvarray_{add,free} to
liblber:ber_bvarray_{add,free}.
2002-01-14 01:43:17 +00:00
Pierangelo Masarati
fafce1601e consistently use dn_match macro throughout slapd 2002-01-12 18:17:13 +00:00
Kurt Zeilenga
7e9c78fbc6 Add ITS#1508 fix to allow ACIs to grant anonymous users access. 2002-01-11 23:48:22 +00:00
Kurt Zeilenga
319b92202b Fix ACL logic for non-regex peername, sockname, etc. 2002-01-08 02:55:03 +00:00
Howard Chu
26e327f32e Fix some debug statements 2002-01-06 07:21:06 +00:00
Pierangelo Masarati
f3b61d87b7 fix BVarray 2002-01-05 09:58:19 +00:00
Kurt Zeilenga
0e2af54a3f Update copyright statements 2002-01-04 21:17:25 +00:00
Kurt Zeilenga
763c0de59b Rework filter code
Misc cleanup / lint removal
2002-01-02 17:06:56 +00:00
Howard Chu
f52cc9bab5 Change struct berval ** to BVarray 2002-01-02 11:00:36 +00:00
Pierangelo Masarati
3930a390e0 cleanup 2001-12-29 10:30:23 +00:00
Howard Chu
975a5e9a24 Added dnPretty2/dnNormalize2 using preallocated destination berval 2001-12-29 04:48:00 +00:00
Pierangelo Masarati
f2a80ff827 fix acl_dn_pat bervalization 2001-12-28 14:47:26 +00:00
Howard Chu
d6a37432bd Changed dn_rdn/dn_rdnlen to struct berval 2001-12-28 08:38:24 +00:00
Kurt Zeilenga
21288fbb21 Misc cleanup and dn_normalize() zapping
Fix nameAndOptionalIdentifer syntax.
2001-12-26 16:42:35 +00:00
Howard Chu
7685b237b7 Fix unterminated string in previous commit. dnNormalize ought to use an
ldap_bv2dn function instead of ldap_str2dn and honor the bv_len's...
2001-12-26 04:51:10 +00:00
Howard Chu
b96645af7d More struct berval changes, dnNormalize migration... 2001-12-26 04:17:49 +00:00
Kurt Zeilenga
2dd27b0786 More struct berval DNs 2001-12-25 19:48:26 +00:00
Howard Chu
3b8cf82517 Use e_nname.bv_len 2001-12-24 17:52:07 +00:00
Howard Chu
9e0ab3da36 Changed Access->a_set_pat and acl->acl_dn_pat to struct berval to eliminate
strlen() from acl processing.
2001-12-24 15:43:27 +00:00
Howard Chu
18cd610f2d op->o_ndn berval fixes for SLAPD_ACI_ENABLED 2001-12-24 15:18:02 +00:00
Howard Chu
2f3399265c Changed sai_dn, sai_ndn to struct berval. (Affects op->o_dn,o_ndn,
conn->c_dn,c_ndn, Access->a_dn_pat)
2001-12-24 15:11:01 +00:00
Howard Chu
3bd8946ca0 from jon@symas.com - minor cleanup 2001-12-17 22:48:29 +00:00
Kurt Zeilenga
abd9be4def Remove lint and misc MSVC updates 2001-12-09 02:34:45 +00:00
Howard Chu
ad9d17d537 Added dn_rdnlen. Fixed rdn leak in limits.c. 2001-12-08 11:08:26 +00:00
Pierangelo Masarati
0f64b72a00 paranoid check for escaped dn separators when naively checking for rdn boundary 2001-12-01 16:28:21 +00:00
Pierangelo Masarati
a4c9c2c06e add const 2001-11-17 09:21:22 +00:00
Howard Chu
0e16f6acf9 Moved AttributeDescription caching into main code:
Changed AttributeDescription.{ad_cname,ad_lang} to struct berval everywhere
   Deleted ad_free() everywhere
   Added ad_mutex to init.c

The AttributeDescriptions are in a linked list hanging off of the
corresponding AttributeType.
2001-10-22 13:23:05 +00:00
Kurt Zeilenga
fdc0dd7d6a Fix some NEW_LOGGING errors 2001-10-05 21:49:04 +00:00
Kurt Zeilenga
09a7bd4331 Clean up asserts, should assert desc != NULL instead of attr != NULL 2001-09-09 18:58:54 +00:00
Kurt Zeilenga
f10028ba06 Apply ACLs to front end objects (root DSE, subschema) consistently 2001-08-28 20:28:34 +00:00
Kurt Zeilenga
9a0b6e92d7 Default ACL clause should be "by * none stop" not "by * stop".
That is, default rule should set permissions to none.
2001-06-01 20:09:03 +00:00
Gary Williams
9cf6ee8ccd fix acl log line 2001-02-08 13:21:20 +00:00
Gary Williams
f49fd8a98e fix format 2001-01-17 16:35:53 +00:00
Gary Williams
d531a20f52 more new logging (finally), behind NEW_LOGGING 2001-01-11 17:11:23 +00:00
Mark Valence
7e1d4023b8 Removed testing mods accidentally committed with previous fix. 2000-10-11 16:41:15 +00:00
Mark Valence
d8d9bec087 Added conn and op arguments to backend_group. 2000-10-11 16:25:28 +00:00
Kurt Zeilenga
7c96f629ee Add connection and operation arguments to backend callbacks.
Needed for transactions.
2000-09-29 05:25:44 +00:00
Ben Collins
810d3ce224 specifically check for NULL return from acl_get() 2000-09-13 21:49:56 +00:00
Kurt Zeilenga
7778304b16 Fix typo 2000-09-05 19:38:26 +00:00
Kurt Zeilenga
63ae1d22e5 Fix ACL SSF reporting 2000-09-05 18:24:24 +00:00
Kurt Zeilenga
bf3df2f7a6 restrictops, requires, disallow knobs; ssf acls; and misc other changes
man pages to follow...
2000-08-28 18:38:48 +00:00
Kurt Zeilenga
1c328aa9c7 Minor typedef and other clean ups 2000-08-26 01:14:05 +00:00
Kurt Zeilenga
5b856458a2 s/SAFEMEMCPY/AC_MEMCPY/
Use AC_FMEMCPY where appropriate (-llber)
2000-07-28 01:07:07 +00:00
Kurt Zeilenga
efb7672dde Do not log attribute value 2000-07-25 20:54:11 +00:00
Kurt Zeilenga
2890bc5b6d Fix entry/children always allowed bug! 2000-07-20 22:52:44 +00:00
Kurt Zeilenga
8484d2c757 Remove lint 2000-07-05 21:03:57 +00:00
Mark Valence
517fa54bb0 Fix aci link error. 2000-06-30 18:04:10 +00:00
Kurt Zeilenga
1f1f8849eb Quick fix to aci link error 2000-06-30 17:09:52 +00:00
Mark Valence
3705a26f2d Add support for Set ACLs and ACIs. Still need to make this syntax awa
re.
2000-06-29 22:02:15 +00:00
Kurt Zeilenga
3112f21612 Add attribute type/matching rule support for structuralObjectClass attribute
type.  Add type to core.schema.  Not yet populated on add nor checked on modify.
2000-06-26 05:13:41 +00:00
Mark Valence
c6ad81bcd2 Fix minor bug in handling group ACLs. 2000-06-21 19:07:56 +00:00
Mark Valence
3a31fead5e Fixed paren nesting bug, separated convoluted conditionals, added comm
ents about the logic.
2000-06-17 18:23:27 +00:00
Mark Valence
638371ebe7 Fix uninitialized variable. 2000-06-17 08:20:44 +00:00
Mark Valence
0c6b9ce2dd Fix ACI group membership test to look up OC. 2000-06-14 22:17:33 +00:00
Mark Valence
2ee8093f98 Fix ACI group membership test to look up OC. 2000-06-14 22:11:44 +00:00
Mark Valence
0ebf86f2d3 Bug hunting -- hang when checking dnattr in ACL. 2000-06-14 06:08:20 +00:00
Mark Valence
1bfcb4b039 Added .regex, .base, .one, .subtree, and .children "style" modifiers. 2000-06-12 01:35:15 +00:00
Kurt Zeilenga
a56c161bdb Misc code cleanup. 2000-06-10 22:39:30 +00:00
Kurt Zeilenga
c3f8de76ef Fix up debug statement as suggested by christian.lorenz@suse.de 2000-06-07 14:07:50 +00:00
Kurt Zeilenga
693fb9424a unifdef -DSLAPD_SCHEMA_NOT_COMPAT -USLAPD_SCHEMA_COMPAT 2000-06-06 19:43:18 +00:00
Kurt Zeilenga
eb70b602ee Rework ACI codes to use OpenLDAPaci. Add needed schema elements.
Needs work.  Volunteers welcomed.
2000-05-30 21:34:55 +00:00
Kurt Zeilenga
e4a7b953f3 SLAPD_SCHEMA_NOT_COMPAT: fix typo 2000-05-29 04:57:31 +00:00
Kurt Zeilenga
bdf9b0d017 SLAPD_SCHEMA_NOT_COMPAT: working ACLs! (have not tested ACIs) 2000-05-29 03:51:26 +00:00
Kurt Zeilenga
9e5312e166 SLAPD_SCHEMA_NOT_COMPAT: ACL cleanup (not yet working) 2000-05-29 03:44:06 +00:00
Kurt Zeilenga
3350957674 SLAPD_SCHEMA_NOT_COMPAT: ACI cleanup 2000-05-28 22:17:34 +00:00
Kurt Zeilenga
439c0c796d SLAPD_SCHEMA_NOT_COMPAT: Mostly work modify 2000-05-28 16:36:34 +00:00
Kurt Zeilenga
37235b71c0 SLAPD_SCHEMA_NOT_COMPAT: working cn=schema 2000-05-15 23:36:37 +00:00
Kurt Zeilenga
4bc786f34b Y2k copyright update 2000-05-13 02:47:56 +00:00
Kurt Zeilenga
0c134a72d6 SCHEMA_NOT_COMPAT changes 2000-04-25 13:21:06 +00:00
Kurt Zeilenga
4091381660 Yet another round of SLAPD_SCHEMA_NOT_COMPAT changes, including:
limited subtype support, modlist handling, filter updates,
lastmod attribute handling.
2000-02-28 21:16:05 +00:00
Kurt Zeilenga
ceb6412e62 More -DSLAPD_SCHEMA_NOT_COMPAT changes
Not hidden: "<anonymous>" modifiersname
2000-02-15 18:57:07 +00:00
Kurt Zeilenga
0dbaf87730 Another round of changes behind -DSLAPD_SCHEMA_NOT_COMPAT
plus these changes unhidden changes:
	remove now meaning --enable-discreteaci configure option
	fix ITS#451, slapd filters
	Add ber_bvecadd() to support above
	constify ldap_pvt_find_wildcard() and misc slapd routines
	renamed some slap.h macros
	likely broken something
2000-02-14 20:57:34 +00:00
Kurt Zeilenga
36b0423311 Add Modification/Modifications structures for -DSLAPD_SCHEMA_NOT_COMPAT 2000-02-07 20:37:10 +00:00
Kurt Zeilenga
bc51bd5180 Yet another round of SLAPD_SCHEMA_NOT_COMPAT changes...
Changes outside of #ifdef include three value filter processing.
2000-02-06 21:09:44 +00:00
Kurt Zeilenga
9316c4eace ACI attributes should be of ACI syntax. Need to assign
OID for experimental syntax.
2000-02-01 17:53:07 +00:00
Kurt Zeilenga
3a6e906194 Replace -DSLAPD_SCHEMA_COMPAT with -USLAPD_SCHEMA_NOT_COMPAT 2000-01-31 22:14:16 +00:00
Kurt Zeilenga
c5da0c76ce Additional changes to migrate to new schema codes
Still not usable.
2000-01-28 20:01:00 +00:00
Kurt Zeilenga
e9b1012fb1 Put more old schema code behind SLAPD_SCHEMA_COMPAT (which still
MUST be defined).
2000-01-28 00:33:29 +00:00
Kurt Zeilenga
434e7229ac Add code to handle operational attributes via new schema codes
behind -USLAPD_SCHEMA_COMPAT.
2000-01-27 19:02:24 +00:00
Kurt Zeilenga
df712b8597 Don't exclude no-user-modification attributes from ACL checks
unless access requested is WRITE.  This allows you to apply
an ACL to limit search/reading of no-user-modification attributes.
Writes, of course, are always prohibited (by do_add, do_modify).
2000-01-27 18:35:36 +00:00
Mark Valence
d93ef01ac7 Add get_supported_acimech() for use by root_dse, check aci OIDs against supported list. 1999-11-22 18:42:46 +00:00
Mark Valence
23cb3a0555 Added a "dnattr" case for ACIs (still need to check the ACI OID). 1999-11-08 18:50:51 +00:00
Mark Valence
af855ec94b Updated ACI code to work with new ACL changes. All changes are within the SLAPD_ACI_ENABLED #ifdef's. 1999-11-06 05:05:50 +00:00
Kurt Zeilenga
3fbee54fa5 Remove lint 1999-10-27 04:40:56 +00:00
Kurt Zeilenga
3261f219a3 Add support for Root DSE ACLs.
Add "users" shorthand (dn="^.+$")
Add regex short circuiting for common dn regexs.
1999-10-26 03:19:41 +00:00
Kurt Zeilenga
06eb390586 Make accessmask2str reentrant. 1999-10-21 23:19:22 +00:00
Kurt Zeilenga
3d765d6108 Additional changes to improve logic and logging. Still buggy. 1999-10-21 20:29:52 +00:00
Kurt Zeilenga
f6829ee903 Initial commit of new ACL engine. Engine supports descrete access
privs, additive/substractive rules, and rule continuation.  Existing
rules that use 'defaultaccess none' should be 100% compatible.  Rules
that rely other defaultaccess settings will require addition of
explicit clauses granting the access.
Needs additional testing and tuning of logs
1999-10-21 17:53:56 +00:00
Kurt Zeilenga
7a0b0b2bbf In preparation for adding dn_rewrite()...
s/dn_normalize/dn_validate/
s/dn_normalize_case/dn_normalize/
1999-09-24 01:46:37 +00:00
Kurt Zeilenga
ccfba5f2c0 Misc. cleanup 1999-09-16 02:31:29 +00:00
Kurt Zeilenga
403f4479bc Add OpenLDAP RCSid to *.[ch] in clients, libraries, and servers.
Replace old Id as needed (back-tcl).
Leave updating of contribWare to contributors (for now).
1999-09-08 19:06:24 +00:00
Hallvard Furuseth
07b9eb68a3 Kill //-style comments 1999-09-05 20:53:13 +00:00
Hallvard Furuseth
c09a2c63e7 Cleanup:
Fix printf formats, remove unused variables, add missing prototypes in slapd,
add static/const, add some return types or change to void return type.
1999-09-02 08:05:17 +00:00
Kurt Zeilenga
87675a953d ACIs from Mark Valence <kurash@sassafras.com> (ITS#261) 1999-08-20 22:42:04 +00:00
Kurt Zeilenga
9c3ed0310b Add copyright notices. 1999-08-06 23:07:46 +00:00
Kurt Zeilenga
68d561a97b Add limited LDAP_INVALID_DN_SYNTAX support. dn_normalize{,_case}() now returns
NULL does not meet basic syntax rules.
1999-07-22 17:14:42 +00:00
Kurt Zeilenga
5600097ae1 Update ACL field names and usage statement to match -devel post 1999-07-22 00:50:11 +00:00
Kurt Zeilenga
933908f72f ACL CHANGES:
by <who> <access> changed to by <who>+ <access> (joined with AND)
  added peername=<regex> sockname=<regex> url=<regex>
  removed addr=<regex> (use peername instead).
replace dn_upcase with str2upper and str2lower.  Use where needed.
1999-07-21 20:54:23 +00:00
Kurt Zeilenga
170836751a Namespace changes
added slap_ and ldbm_ to many structures
  added typedefs to many structures
  used typedefs
New main.c argument parsing with ldap url support (replacing -a address).
New sockaddr_in handling and support for multiple listeners.
1999-07-19 19:40:33 +00:00
Kurt Zeilenga
e9c2895472 Add support for unsolicited notifications. 1999-07-07 18:51:39 +00:00
Kurt Zeilenga
51d1c90887 unifdef -DSLAPD_ACLGROUPS -DSLAPD_ACLAUTH 1999-07-05 06:26:26 +00:00
Kurt Zeilenga
549c89f817 Regarding previous commit:
Fix broken ACL macros.
	Fix o_dn/o_ndn == NULL vs "".
1999-07-04 19:53:00 +00:00
Kurt Zeilenga
106eef41d8 HEADS UP: connections are forced to "anonymous" status upon receiving
of a bind request and, upon failure, are left "anonymous."

Rework ACL code to hide access testing within macros to facilate additions
and eventual redesign.

Addition of #ifdef SLAPD_ACLAUTH to conditional include EXPERIMENTAL
"auth" access controls.  Adds ACL_AUTH "auth" access level (above none,
below "compare").  bind requires anonymous access at this level or above access
to "entry"/"userPassword"/"krbName".  This allows administrators to restrict
which entries can be bound to.  (This will likely become default behavior
after testing has completed).
1999-07-04 18:46:24 +00:00
Kurt Zeilenga
fe00263875 expose oc_check_operational from schema.c
Use everywhere.
Apply search ACLs to operational attributes.
Only provide operational attributes when explicitly requested.
1999-06-29 04:52:55 +00:00
Kurt Zeilenga
8f02beada9 PROTOTYPE: New connection management infrastructure designed to
remove race conditions on connection close.
BROKEN: various counters for dn=monitor.
Initial testing on FreeBSD (with and without pthreads) was successfull.
Have not yet tested preemptive threading environments.
Have not built against backends other than LDBM.
1999-03-22 07:14:54 +00:00
Hallvard Furuseth
5ef648a109 Silence warnings: Remove unused variables. Enclose some initializers in in {}. 1999-03-09 07:15:35 +00:00
Kurt Zeilenga
216049bd12 New Frontend->Backend Interface
Separates per backend type from per backend database initialization
	and startup.  Also supports per type / per backend shutdown.
New frontend startup/shutdown routines are also provided:
	slap_init() slap_startup() slap_shutdown() slap_destroy()
New frontend->backend startup/shutdown is managed by:
	backend_init() backend_startup() backend_shutdown backend_destroy
backend_init() now calls bi_init() to initial all function pointers
for the backend (excepting bi_init() which is now the only hardcoded
entry point).  New entry points are detailed in slap.h struct
backend_info.  backend_info is a per database type structure.
Besides the new startup/shutdown entry points, the new interface
also supports per backend type configuration options.  One could have:

	backend bdb2	(new Berkeley DB 2 backend)
	bdb2_home	/directory

	database bdb2
	...

	*** This code is fairly experimental ***
	*** Much cleanup and testing is still needed ***

see slap.h for details on struct backend_db and backend_info.
1999-02-05 09:03:47 +00:00
Kurt Zeilenga
f9b416ea7c ndn & strcasecmp cleanup 1999-01-20 03:05:35 +00:00
Kurt Zeilenga
e2a15115b0 Update slap_conn to maintain client provided dn and bound dn.
Update slap_op to maintain dn and ndn (derived from conn->c_dn).
Update ldbm_back_bind to return actual bound dn (including rootdn)
	for use in slapd_conn.  Other backends use client dn.
Modify other codes to use ndn (normalized uppercase dn) most everywhere.
Aliasing, Suffixing and modrdn could use more work.
Applied suffixing to compare and modrdn.
1999-01-19 05:10:50 +00:00
Kurt Zeilenga
64cd7d3346 Preliminary Fixes for ITS#24, ITS#26, and ldbm_back_add race condition.
Resolved deadlock by passing target entry to be_group and using
this if dn same as bdn.  It might actually be safer to check
entry ids instead of dns.
Resolved bogus add to cache after failed acl check by deferring
cache add until after parent/acl checks have successful been
completed.
Eliminated race condition caused by concurrent adds
of same dn by adding 'li_add_mutex' around the critical section
of code (most of ldbm_back_add).
This code is preliminary and still needs significant testing.
1998-12-30 03:35:23 +00:00
Kurt Zeilenga
2d15a94d16 LDAP C-API changes
struct friendly (Friendly) changed to ldap_friendly (LDAPFriendly)
	  ldap_friendly friend prefix changed to 'lf_' from 'f_'
	removed mod_next field from LDAPMod (struct ldapmod)
	modified slapd to use new LDAPModList (struct ldapmodlist) struct.
Added LDAPv3 result codes to ldap.h
1998-12-21 00:21:58 +00:00
Kurt Zeilenga
e2ee741ea8 Replace strdup() with ch_strdup() such that exit() will be called
if strdup fails.  This is better than not checking, but we should
add orderly shutdown.
1998-11-27 20:21:54 +00:00
Kurt Zeilenga
58f36940c5 string_expand used hardcoded size instead of bufsiz argument.
pointed out by Jorg Pietschmann <pietsch@swissline.ch>.
1998-11-24 02:29:53 +00:00
Hallvard Furuseth
17fe0f59f8 gcc -Wformat cleanup 1998-11-23 04:33:53 +00:00
Hallvard Furuseth
7e6ad5100c Protoized, moved extern definitions to .h files, fixed related bugs.
Most function and variable definitions are now preceded by its extern
definition, for error checking.  Retyped a number of functions, usually
to return void.  Fixed a number of printf format errors.

API changes (in ldap/include):
  Added avl_dup_ok, avl_prefixapply, removed ber_fatten (probably typo
  for ber_flatten), retyped ldap_sort_strcasecmp, grew lutil.h.

A number of `extern' declarations are left (some added by protoize), to
be cleaned away later.  Mostly strdup(), strcasecmp(), mktemp(), optind,
optarg, errno.
1998-11-15 22:40:11 +00:00
Stuart Lynne
7c52060c67 1. extend aclgroup's to be able to specify objectClassValue and groupAttrName
2. update print_acl() a bit and call it during aclparse if LDAP_DEBUG_ACL
1998-10-27 02:07:12 +00:00
Kurt Zeilenga
2a869f5a99 merged with autoconf branch 1998-10-25 01:41:42 +00:00