Commit Graph

526 Commits

Author SHA1 Message Date
Julio Sánchez Fernández
9cdd2c2037 ldap_url_parse was fundamentally broken. It would quit before
time, skipping the filter, for instance.  Also, we were parsing
twice the scope and the filter.  I think this change is right,
but could use more eyeballs...
1999-07-23 20:36:11 +00:00
Randy Kunkee
6bef298437 Remove extra code (non-functional change, just produces warning on OSF4.0e). 1999-07-23 00:56:56 +00:00
Kurt Zeilenga
d147e609d2 Implement TCP_NODELAY on both client and server side. 1999-07-22 21:49:35 +00:00
Kurt Zeilenga
42304b7ada Fix control parsing and controls free routine. 1999-07-22 04:47:58 +00:00
Kurt Zeilenga
933908f72f ACL CHANGES:
by <who> <access> changed to by <who>+ <access> (joined with AND)
  added peername=<regex> sockname=<regex> url=<regex>
  removed addr=<regex> (use peername instead).
replace dn_upcase with str2upper and str2lower.  Use where needed.
1999-07-21 20:54:23 +00:00
Kurt Zeilenga
17eb202732 Unhex url extensions. 1999-07-21 20:44:40 +00:00
Julio Sánchez Fernández
5f53b747a5 Partial support for a new option to help debug TLS connections,
not yet user-settable.  Defaults "on" for now.
Partial support for temporary RSA keys, skeleton for DH.
Add call to X509V3_add_standard_extensions() on init, mod_ssl
does this too, but I am unsure about what it does.
Move management of client CA certificates to a new routine, since
it is going to get more complex than the current code.
1999-07-21 19:18:08 +00:00
Julio Sánchez Fernández
e892ebfc5e Some content for tls_verify_cb where parts of our policy should
be implemented.

The rest of this change mostly contains random ideas taken from
mod_ssl.  The purpose is to get the repository in sync with the
code I am testing.  I still can't manage to make Netscape send
its certificate to slapd, though it works with Apache/mod_ssl
(with the same certificates).  Trying s_client against both
does not shed any light.  If anyone manages to make it work,
please let us know.
1999-07-20 18:31:53 +00:00
Julio Sánchez Fernández
463a7ec91d We were freeing lud_dn when when lud_host was meant, leading to
arena corruption.
1999-07-20 11:11:57 +00:00
Kurt Zeilenga
543aafd991 Implement RFC2255 URL format. 1999-07-19 19:32:47 +00:00
Kurt Zeilenga
d2487f9219 s/time(0)/time(NULL)/ 1999-07-19 19:28:21 +00:00
Hallvard Furuseth
cde93a6e06 make ldap.ld_lberoptions unsigned, like berelement.ber_options 1999-07-18 01:20:45 +00:00
Kurt Zeilenga
12f481d657 Import patches mistakenly applied to OPENLDAP_DEVEL_REFERRALS.
ldap_modify: delete of last attribute value should delete attribute (ITS#229)
thr_nt: use sleep to yield
1999-07-18 00:33:30 +00:00
Hallvard Furuseth
5ab862aee7 Pass socklen_t* instead of int* to getsockopt, accept, getpeername, recvfrom 1999-07-16 18:43:10 +00:00
Julio Sánchez Fernández
85acec922f We were not remembering the allocated SSL thing in the Sockbuf.
Set flags without relying on errno (this change may be gratuitous
or wrong).
1999-07-16 15:46:15 +00:00
Kurt Zeilenga
73276e84ae Import experimental referral implementation from OPENLDAP_DEVEL_REFERRALS.
Includes support for update referral for each replicated backend.
	Reworked replication test to use update referral.
Includes major rewrite of response encoding codes (result.c).
Includes reworked alias support and eliminates old suffix alias codes
(can be emulated using named alias).
Includes (untested) support for the Manage DSA IT control.
Works in LDAPv2 world.  Still testing in LDAPv3 world.
Added default referral (test009) test.
1999-07-16 02:45:46 +00:00
Julio Sánchez Fernández
7a64fcf7b3 Set ciphers from slapd.conf.
More error checking and reporting.
Slowly getting there, SSL_accept succeeds now, but connection breaks
immediately after that (my glue logic with slapd is broken).
1999-07-15 21:03:47 +00:00
Kurt Zeilenga
c7425738bb Add missing arg to Debug macro call 1999-07-15 20:00:05 +00:00
Julio Sánchez Fernández
41de66a0b2 New routine tls_report_error to analyze errors from OpenSSL
Change temporarily the default protocol from TLSv1 to SSLv3 with
fallback to SSLv2.  This seems necessary for slapd to accept connections
from Netscape.
Try to set the cipher list in the default context.  Does not semm to
work yet.
1999-07-15 14:59:09 +00:00
Hallvard Furuseth
5bcdf362f3 Remove duplicate 'static' 1999-07-14 23:28:56 +00:00
Kurt Zeilenga
cbb5553b03 Newer versions of OpenSSL install headers in $prefix/include/openssl... 1999-07-14 00:03:52 +00:00
Julio Sánchez Fernández
509fdc1e6d Deal with sb_trans_needs_read and sb_trans_needs_write 1999-07-13 19:40:10 +00:00
Julio Sánchez Fernández
eeec88a8c4 Add a couple of control flags to sockbufs and macros to test them. 1999-07-13 19:38:01 +00:00
Julio Sánchez Fernández
710f697fb7 Get and set TLS options 1999-07-13 19:34:07 +00:00
Julio Sánchez Fernández
70fe83b1d2 First version with TLS. Untested. 1999-07-13 19:32:51 +00:00
Julio Sánchez Fernández
43fba8fcb1 First version with TLS. Untested. 1999-07-13 19:30:41 +00:00
Julio Sánchez Fernández
97a681910e Options for TLS 1999-07-13 19:29:19 +00:00
Julio Sánchez Fernández
739466b85d Add tls.c
Add use of TLS_LIBS so that test tools compile
1999-07-13 19:27:33 +00:00
Julio Sánchez Fernández
7482777a7c Add tls.c
Add use of TLS_LIBS so that test tools compile
1999-07-13 19:25:10 +00:00
Julio Sánchez Fernández
8f4f94d415 First version of TLS glue for SSLeay/OpenSSL originally written by
Bart Hartgers.  Untested.
1999-07-13 19:11:53 +00:00
Kurt Zeilenga
94d5067b22 Use assert instead of private Assert macro 1999-07-13 18:39:20 +00:00
Hallvard Furuseth
2c27a6abcf Eliminate htonl(unsigned_long_arg), which is wrong on 64-bit OSF1/alpha 1999-07-13 09:41:25 +00:00
Hallvard Furuseth
5f880ae022 Fix LDAP_CONST->const in explode_name(), it failed when LDAP_CONST was empty. 1999-07-13 06:48:35 +00:00
Hallvard Furuseth
fb3b8e5ef1 Fix LDAP_CONNECTIONLESS code rot 1999-07-13 06:39:55 +00:00
Hallvard Furuseth
c4a13efbea Fix NULLxxx -> NULL 1999-07-13 06:37:19 +00:00
Hallvard Furuseth
6eef6bea01 ldap-int.h 1999-07-13 06:27:47 +00:00
Hallvard Furuseth
354702b94e ldap-int.h 1999-07-13 06:21:14 +00:00
Hallvard Furuseth
96e8fafb51 constify use of invalue in <ber/ldap>_set_option() 1999-07-13 05:17:50 +00:00
Hallvard Furuseth
2cc187ffbf constify ldap_int_put_controls, ldap_control_dup, ldap_controls_dup 1999-07-13 05:13:33 +00:00
Hallvard Furuseth
95b64907d3 Fix read_next_searchobj prototype: long*blenp -> ber_len_t*blenp 1999-07-13 05:04:06 +00:00
Hallvard Furuseth
55fa595f56 Add missing newline at EOF 1999-07-13 04:11:49 +00:00
Hallvard Furuseth
2026aa84fa Add bmu_funcp to bmu_align_u 1999-07-13 03:54:42 +00:00
Hallvard Furuseth
e2bfb420d7 Fix use and decl of ber_pvt_assert. Fix ac/stdio.h -> stdio.h. 1999-07-13 03:50:39 +00:00
Kurt Zeilenga
7574b70c6b Add charray (from slapd) to -lldap/-lldap_r (not yet used)
Add digest md5 codes to -lldap/-lldap_r (work in progress)
1999-07-07 17:58:21 +00:00
Kurt Zeilenga
4831bb0a75 request value should be optional. 1999-07-07 17:52:06 +00:00
Kurt Zeilenga
a67b08d515 Minor editorial change. 1999-07-07 17:51:39 +00:00
Kurt Zeilenga
522cd72f43 Fix CRITICIAL typo 1999-07-07 17:49:15 +00:00
Julio Sánchez Fernández
c8e37af0ca Removed numerous memory leaks detected by Mark Meredith.
Make sure the token_val argument to get_token is always initialized
to something, either newly allocated memory or NULL.
1999-07-02 11:57:07 +00:00
Kurt Zeilenga
ddd0559284 Fairly complete slapd SASL bind parsing... and centralized cleanup code.
Update error strings and cldap misuse of server error.
1999-07-01 04:42:01 +00:00
Kurt Zeilenga
9225707a06 Modify lutil_passwd to accept a third argument char** methods to
specific which methods may be used.  This will facilate development
of a slapd config directive "passwordMethod ..." to specify which
methods should be allowed.
1999-06-29 22:24:53 +00:00