Commit Graph

115 Commits

Author SHA1 Message Date
Kurt Zeilenga
81ed052186 Improve printing of ACLs 2003-10-15 07:48:01 +00:00
Howard Chu
6da0f1e48e ITS#2573 dynamic group support
moved labeledURI into system schema
  attribute types that inherit from labeledURI may be used in dynamic
    groups e.g. access to * by group/groupOfURLs/memberURL=foo
2003-09-20 08:16:04 +00:00
Howard Chu
1240c70ff4 ITS#2497, implement value-level ACLs:
access to attr=foo val.regex=bar.*
2003-09-20 03:23:10 +00:00
Kurt Zeilenga
6f39517929 ITS#2707: fix 'access to dn.subtree="" by ...' directives 2003-09-10 02:33:36 +00:00
Hallvard Furuseth
642c8b1627 Break up too long string literals (>509 characters, ISO C's minimum max size). 2003-06-03 18:01:37 +00:00
Kurt Zeilenga
0954351565 Change ACL default style to exact (from regex) 2003-05-30 05:24:39 +00:00
Kurt Zeilenga
5cd994ed21 remove dnNormalize2
replace calls to dnNormalize2 with calls to dnNormalize
2003-04-29 18:28:14 +00:00
Howard Chu
ece7452b05 More memory context tweaks 2003-04-11 01:29:28 +00:00
Pierangelo Masarati
eed2d5db4d only document 'subtree', but also allow 'sub' 2003-02-05 20:38:42 +00:00
Pierangelo Masarati
381e293b41 allow 'sub' and 'subtree' in acl (fix ITS#2300) 2003-02-05 19:39:34 +00:00
Kurt Zeilenga
6939c53170 Happy new year 2003-01-03 20:20:47 +00:00
Pierangelo Masarati
a62aa61544 much better fix for ITS#2196 (dnattr without sat_equality is bounced at config) 2002-11-25 18:37:04 +00:00
Howard Chu
e14f471a27 Add #include "lutil.h" for lutil_str* functions 2002-08-06 02:36:34 +00:00
Howard Chu
5a01db28e3 Moved slap_strcopy, slap_strncopy to lutil_strcopy, lutil_strncopy 2002-07-27 00:24:02 +00:00
Kurt Zeilenga
8a3d02bf6b misc cleanup 2002-07-23 18:35:12 +00:00
Kurt Zeilenga
ef3d895cb8 More ACL to dn="" bug fixing... and add test006-acl check 2002-07-11 01:45:22 +00:00
Kurt Zeilenga
8354160f8b Patch: aclparse.c bugs (ITS#1752)
================
Written by Hallvard B. Furuseth and placed into the public domain.
This software is not subject to any license of the University of Oslo.
			================

Bug fixes:
- acl_regex_normalized_dn(pattern):
  * used pattern->bv_len even though it claimed not to,
  * would walk past the end of strings that ended (incorrectly)
    with a single '\'.
- style=regex checked for "^.*$$" twice but not for "^.*$".
- the code did not notice if dnNormalize2() failed, and would
  (at least in one case) treat a bad DN as '*'.
Some cleanup:
- changed regtest() to return void, since the return value was unused.
- changed acl_regex_normalized_dn() to take a string input argument
  instead of a half-filled berval, it looks saner that way.

Hallvard B. Furuseth <h.b.furuseth@usit.uio.no>, April 2002.
2002-04-15 20:44:05 +00:00
Kurt Zeilenga
709ce4fa6c Re: Patch: ctype functions require 'unsigned char' args (ITS#1678)
================
Written by Hallvard B. Furuseth and placed into the public domain.
This software is not subject to any license of the University of Oslo.
			================

Here are fixes for more places where the argument to ctype.h functions
should be in the range of `unsigned char'.

Explanation of the last patch (to schema_init.c:bvcasechr()):
TOLOWER() and TOUPPER() return values in the range of `unsigned char',
but bvcasechr() then compares those values with a plain `char'.  So I
convert the return values from TOLOWER()/TOUPPER() to `char' first.

Hallvard B. Furuseth <h.b.furuseth@usit.uio.no>, April 2002.
2002-04-15 20:42:42 +00:00
Pierangelo Masarati
440637dde7 various acl improvements/cleanups/speedups (need to be documented, though) 2002-04-03 15:42:19 +00:00
Pierangelo Masarati
ab6ad34692 the logic of this check was completely reversed; in case '*' is used, on't test the regula expression 2002-04-02 08:18:30 +00:00
Kurt Zeilenga
c9c3a68496 Deprecate filter_print in favor of filter2bv. 2002-03-10 17:41:14 +00:00
Kurt Zeilenga
2b71d70f2f Reverse arguments of is_object_subclass and reverse backwards calls 2002-02-09 23:55:37 +00:00
Kurt Zeilenga
59857824ff Treat access to dn="" as access to dn.base="". Avoid empty regex.
Note: by dn="" already treated as anonymous.
2002-02-08 18:32:12 +00:00
Howard Chu
5e522ca882 Changed Access.a_sockurl_pat, Connection.c_listener_url etc.
to struct bervals
2002-01-28 11:41:07 +00:00
Kurt Zeilenga
ce2d8ebc7e Misc cleanup, lint removal, and minor optimizations 2002-01-13 05:00:59 +00:00
Howard Chu
8067107ed2 Added an_oc to AttributeName for caching ObjectClass lookups.
Added error checking to str2anlist; if the attr name doesn't match
any attribute or objectclass the offending attr name is displayed.
2002-01-10 09:54:14 +00:00
Kurt Zeilenga
0e2af54a3f Update copyright statements 2002-01-04 21:17:25 +00:00
Howard Chu
bcdfdb968f Changed AttributeName back into an array instead of a linked list.
Fixed bug in do_search eating up controls.
2002-01-03 05:38:26 +00:00
Howard Chu
f52cc9bab5 Change struct berval ** to BVarray 2002-01-02 11:00:36 +00:00
Howard Chu
743c402265 Changed search attrs from struct berval ** to AttributeName * 2001-12-31 11:35:52 +00:00
Pierangelo Masarati
3930a390e0 cleanup 2001-12-29 10:30:23 +00:00
Howard Chu
975a5e9a24 Added dnPretty2/dnNormalize2 using preallocated destination berval 2001-12-29 04:48:00 +00:00
Pierangelo Masarati
04ce28cf48 a couple of comments; will require special DN handling ... 2001-12-28 18:18:16 +00:00
Howard Chu
bbcb0f8a7f Replace strcat with slap_strcopy 2001-12-26 16:25:18 +00:00
Howard Chu
15f630545a Changed ma_rule_text to struct berval.
Changed get_filter to struct bervals
2001-12-26 13:47:10 +00:00
Howard Chu
fb3af1ccbd Merged ber_bvstr and ber_bvstrdup into ber_str2bv. 2001-12-26 10:06:19 +00:00
Howard Chu
68b1bbb89d Changed search attrs to struct berval **.
Use typedefs for all backend functions, to minimize work in future API
updates. (back-*/external.h will never need updating in the future.)
2001-12-26 08:17:44 +00:00
Howard Chu
b96645af7d More struct berval changes, dnNormalize migration... 2001-12-26 04:17:49 +00:00
Kurt Zeilenga
d047cc854e Require the struct berval **out argument of dnPretty/dnNormalize
point to a NULL pointer, that is assert( *out == NULL ).
Eventually, we'll allow **out to point to a preallocated
struct berval (to avoid unnecessary allocation).
2001-12-24 18:38:20 +00:00
Howard Chu
9e0ab3da36 Changed Access->a_set_pat and acl->acl_dn_pat to struct berval to eliminate
strlen() from acl processing.
2001-12-24 15:43:27 +00:00
Howard Chu
2f3399265c Changed sai_dn, sai_ndn to struct berval. (Affects op->o_dn,o_ndn,
conn->c_dn,c_ndn, Access->a_dn_pat)
2001-12-24 15:11:01 +00:00
Kurt Zeilenga
5c0a8848cf Add abstract object class checks and a bit of structuralObjectClass
optimization.
2001-12-20 01:41:44 +00:00
Howard Chu
ff682be26e Added acl_destroy, acl_free. 2001-12-15 12:41:53 +00:00
Pierangelo Masarati
b4e7f0873a trims space after comma in dn.regex acls (prelude to normalization) 2001-11-12 11:29:40 +00:00
Pierangelo Masarati
08ff231888 fixes assertion fault when the <to> clauses's argument does not have a = inside 2001-10-29 08:14:12 +00:00
Howard Chu
0e16f6acf9 Moved AttributeDescription caching into main code:
Changed AttributeDescription.{ad_cname,ad_lang} to struct berval everywhere
   Deleted ad_free() everywhere
   Added ad_mutex to init.c

The AttributeDescriptions are in a linked list hanging off of the
corresponding AttributeType.
2001-10-22 13:23:05 +00:00
Kurt Zeilenga
2c9a238571 Allow dn.base="" 2001-09-01 05:01:31 +00:00
Kurt Zeilenga
a5ea7aefd6 Add name and uid support to dnaddr 2001-03-15 04:48:29 +00:00
Julio Sánchez Fernández
6777a3a41a Permit access defined by uniqueMember and not only DN-valued
attributes.  This allows using groupOfUniqueNames for
access control.
Fix small typo in MRA definition.
2000-10-09 19:09:22 +00:00
Kurt Zeilenga
63ae1d22e5 Fix ACL SSF reporting 2000-09-05 18:24:24 +00:00