mirror/openldap
2
0
Fork 0
mirror of https://git.openldap.org/openldap/openldap.git synced 2024-12-21 03:10:25 +08:00
Code Issues Packages Projects Releases Wiki Activity
11,083 Commits 38 Branches 307 Tags 74 MiB
62febe5dff
Commit Graph

237 Commits

Author SHA1 Message Date
Kurt Zeilenga
231f8464d1 cleanup 2003-04-29 21:14:12 +00:00
Kurt Zeilenga
5cd994ed21 remove dnNormalize2 
replace calls to dnNormalize2 with calls to dnNormalize
 2003-04-29 18:28:14 +00:00
Luke Howard
86a18c2ea2 Don't pollute op->o_bd in access_allowed() 2003-04-18 04:57:15 +00:00
Pierangelo Masarati
194528d689 fix ACI per-thread memory management 2003-04-12 17:42:51 +00:00
Howard Chu
280fc819cf Memory context tweaks for Bind 2003-04-12 06:56:42 +00:00
Howard Chu
ece7452b05 More memory context tweaks 2003-04-11 01:29:28 +00:00
Kurt Zeilenga
c75be97ae9 #ifdef -DSLAP_NVALUES 2003-04-05 03:35:16 +00:00
Pierangelo Masarati
df29552130 fix new API leftover 2003-04-03 21:17:44 +00:00
Howard Chu
e8c58b4e7f Major API change - (SLAP_OP_BLOCKS) All request parameters are 
consolidated into the Operation structure. All reply parameters
are consolidated into the new SlapReply structure. Most operations
now have identical call signatures... Changes are not #ifdef'd,
revert to -r NO_SLAP_OP_BLOCKS if necessary to back out.
 2003-03-30 09:03:54 +00:00
Howard Chu
5ad51b6150 SLAP_NVALUES tweaks - after input, a_nvals is always populated. If there is 
no normalizer, a_nvals = a_vals.
 2003-03-24 01:56:56 +00:00
Howard Chu
3f48cabdde Fix typo 2003-03-23 15:45:06 +00:00
Kurt Zeilenga
8873006105 SLAP_NVALUES changes 
and misc cleanup
 2003-03-16 18:10:16 +00:00
Kurt Zeilenga
c0477e1532 Fix test006-acls 2003-03-15 23:02:55 +00:00
Kurt Zeilenga
3972e13fc3 NVALUES: fix a couple of value_find_ex() calls 2003-03-15 22:47:17 +00:00
Pierangelo Masarati
bfe6d806d9 (ultimately?) fix ITS#2361 2003-03-11 12:23:20 +00:00
Howard Chu
5c3909f567 ITS#2361, skip sockname, peername, peerdomain, sockurl ACLs if the 
corresponding conn->field is NULL. (overwrites previous commit.)
 2003-03-10 22:28:35 +00:00
Pierangelo Masarati
11c225d40c check conn->c_listener before use (hack to fix ITS#2361; need to review this part of slapi) 2003-03-10 22:19:32 +00:00
Howard Chu
40454ccec8 Added op->o_is_auth_check; use ACL_AUTH instead of ACL_SEARCH/ACL_READ 
in access_allowed() if flag is set. Set in sasl/saslauth searches.
 2003-03-10 22:07:21 +00:00
Kurt Zeilenga
152829be87 SLAP_NVALUES: 
schema engine updated (but not schema routines so things don't run yet)
	nvalues mostly populated, enough for tests 0-2 to pass
	schema routines needs lots of work
	modify/mods codes needs lots of work
 2003-02-27 01:54:43 +00:00
Pierangelo Masarati
937475efbf blind fix 2003-02-26 21:45:56 +00:00
Kurt Zeilenga
25886d989a Change MR flag names and add comments as to what they mean to slap.h 2003-02-26 02:55:28 +00:00
Howard Chu
cbf7b063e3 ITS#2285 string_expand for acl set 2003-01-30 20:59:47 +00:00
Kurt Zeilenga
6939c53170 Happy new year 2003-01-03 20:20:47 +00:00
Pierangelo Masarati
8e74ed4dfc fix initialization size and silence warning 2002-12-05 11:47:44 +00:00
Howard Chu
b1798f9160 Fix typo in prev commit value_find/_ex 2002-12-04 23:20:22 +00:00
Howard Chu
09679eb715 Added SLAP_MR_VALUE_NORMALIZED_MATCH, avoid redundant normalize when 
calling value_find with already-normalized DNs
 2002-12-04 18:19:46 +00:00
Howard Chu
827ea96e16 ITS#1523 enhanced ACL caching 2002-12-04 02:35:00 +00:00
Kurt Zeilenga
33248a02e1 Code cleanup (no functional changes) 2002-10-01 04:07:55 +00:00
Pierangelo Masarati
857d08ea21 use bvmatch() instead of ber_bvcmp() when testing for match without ordering 2002-09-02 19:39:06 +00:00
Howard Chu
1d7ee4471f Pass Operation to backend_attribute - should have been doing this all along. 2002-08-24 07:31:14 +00:00
Kurt Zeilenga
f10699865e consistently reduce string_expand bv_len by 1 2002-08-11 20:26:01 +00:00
Kurt Zeilenga
526d010635 Patch: add OpenLDAPaci #public# access (ITS#2005) 
================
Written by Hallvard B. Furuseth and placed into the public domain.
This software is not subject to any license of the University of Oslo.
			================

I couldn't find a way for an OpenLDAPaci to grant public access to an
entry, so I added a dnType #public# for that.  It is in the position
of subjectDn in the draft, which seems kind of stupid, so I put it
in the position of dnType instead.

Hallvard B. Furuseth <h.b.furuseth@usit.uio.no>, Aug 2002.
 2002-08-05 17:53:39 +00:00
Kurt Zeilenga
f8c0481dd4 Patch: ACL #access-id#<invalid-DN> granted access to everyone (ITS#2006) 
================
Written by Hallvard B. Furuseth and placed into the public domain.
This software is not subject to any license of the University of Oslo.
			================

There is a bug in OpenLDAPaci's "access-id":  If the specified DN is
invalid so dnNormalize2() fails, everyone gets access.
This means that e.g. "#access-id#[all]" gives public access, so it
might be considered a feature, but I fixed it anyway:-)  I guess that
means the change should be documented in the release notes, though.

See also ITS#2005 (add OpenLDAPaci #public# access).

Hallvard B. Furuseth <h.b.furuseth@usit.uio.no>, Aug 2002.
 2002-08-05 17:52:16 +00:00
Kurt Zeilenga
182dcf27e2 clean up curly matching 2002-07-28 07:37:46 +00:00
Kurt Zeilenga
8a3d02bf6b misc cleanup 2002-07-23 18:35:12 +00:00
Julius Enarusai
6107ba67d2 Coverted LDAP_LOG macro to use subsystem ID int values instead of string values 2002-07-11 20:33:24 +00:00
Kurt Zeilenga
98a2e41911 Fix ACL to dn="" bug 2002-07-11 01:35:37 +00:00
Pierangelo Masarati
bf449f33bd small cleanup 2002-06-15 18:20:41 +00:00
Pierangelo Masarati
d75249abfe define and normalize static bervals alltogether 2002-06-15 17:01:35 +00:00
Kurt Zeilenga
3e3911247b Remove lint. 2002-04-22 23:03:33 +00:00
Pierangelo Masarati
4b9fa66188 use BVC() macro (changed in BER_BVC) to initialize constant bervals 2002-04-08 18:37:37 +00:00
Pierangelo Masarati
4ca97f4118 uniform temporary buf sizes; use automatic buffers instead of heap 2002-04-08 11:09:34 +00:00
Pierangelo Masarati
440637dde7 various acl improvements/cleanups/speedups (need to be documented, though) 2002-04-03 15:42:19 +00:00
Pierangelo Masarati
ab6ad34692 the logic of this check was completely reversed; in case '*' is used, on't test the regula expression 2002-04-02 08:18:30 +00:00
Pierangelo Masarati
1658aa0893 fix counting twice the substitution length (caused berval to have wrong length, rejected by subsequent dnNormalize) 2002-03-30 15:44:30 +00:00
Pierangelo Masarati
49f324a1fa fix ITS#1671 and more 2002-03-23 16:53:44 +00:00
Howard Chu
6b0fb09e0d Fix ITS#1607, longstanding bug in group and dnattr acls, gave access 
to anonymous connections.
 2002-03-20 13:11:37 +00:00
Kurt Zeilenga
d50eb2e959 C translator portability changes (ITS#1609) 2002-02-23 23:47:37 +00:00
Pierangelo Masarati
33d5f0f8f8 honor the ber_len field to allow to exploit ldap_bv2[r]dn to handle DNs embedded in longer strings ... 2002-02-13 12:09:36 +00:00
Kurt Zeilenga
32fb8b0bff Add ACL state recording to avoid multiple evaluation of 
value-independent access controls.
 2002-02-09 05:14:17 +00:00
Kurt Zeilenga
357a2fba5b Update comment 2002-02-08 18:26:53 +00:00
Pierangelo Masarati
cf5489ff00 fixes ITS#1582 (didn't trap SLAP_MOD_SOFTADD modification type) 2002-02-06 08:41:05 +00:00
Howard Chu
5e522ca882 Changed Access.a_sockurl_pat, Connection.c_listener_url etc. 
to struct bervals
 2002-01-28 11:41:07 +00:00
Howard Chu
b6b4d837e3 Some more struct berval conversions 2002-01-28 10:11:36 +00:00
Pierangelo Masarati
f74e81aa99 check on escaped rdn separator not needed any more 2002-01-22 08:30:32 +00:00
Kurt Zeilenga
8eaaa67db0 Move {add,replace,delete}_value() routines to frontend and share. 
Add error detail reporting.
 2002-01-19 19:54:48 +00:00
Kurt Zeilenga
492762f1c5 Don't use BDB group/attribute callbacks as they may cause deadlock. 
Add code to bdb_attribute and bdb_group where use TXN id and to
provide error, but need to rework callers (and their callers) to
ensure error is properly bubbled up to the backend operation routine
handling the transaction.  Ugh.
 2002-01-17 03:58:52 +00:00
Pierangelo Masarati
52b05a5b06 more ber_*cmp optimizations 2002-01-16 19:18:41 +00:00
Kurt Zeilenga
b48c355934 Fix up last commit 2002-01-16 19:03:31 +00:00
Pierangelo Masarati
0842db2a8b fix ber_*str renaming 2002-01-16 18:50:45 +00:00
Kurt Zeilenga
7f0289a390 Move most of the new ber_*cmp routines to lber_pvt.h to keep them private, 
rework them slightly to avoid computations which might result in underflow.
Rename them for consistency with other berval routines.
Remove some utf8 lint.
 2002-01-16 18:16:15 +00:00
Pierangelo Masarati
af54eed042 added ber_[mem|case]cmp() macros for fast berval comparison; extensively used in acl and in dn_match macro at present 2002-01-16 11:36:47 +00:00
Kurt Zeilenga
5e6e27078c Change replace ACL semantics from U-Mich historical behavior. 
U-Mich allows someone with selfwrite to use replace all values
of an attribute with a value containing their DN.  Which, of course,
could than be deleted.  This behavior was carried forward in all
versions of OpenLDAP.

The new semantics separate checks for deleting all existing values
and adding new values.  It is more logical and more inline with
the common use of selfwrite.
 2002-01-15 16:23:11 +00:00
Kurt Zeilenga
f89308915a Add a default case with assert() just in case. 2002-01-14 17:25:13 +00:00
Kurt Zeilenga
9d307b4242 ITS#1530 no value replace ACL fix 2002-01-14 17:19:05 +00:00
Howard Chu
ac1332cdb8 Renamed BVarray to BerVarray. Moved slapd:bvarray_{add,free} to 
liblber:ber_bvarray_{add,free}.
 2002-01-14 01:43:17 +00:00
Pierangelo Masarati
fafce1601e consistently use dn_match macro throughout slapd 2002-01-12 18:17:13 +00:00
Kurt Zeilenga
7e9c78fbc6 Add ITS#1508 fix to allow ACIs to grant anonymous users access. 2002-01-11 23:48:22 +00:00
Kurt Zeilenga
319b92202b Fix ACL logic for non-regex peername, sockname, etc. 2002-01-08 02:55:03 +00:00
Howard Chu
26e327f32e Fix some debug statements 2002-01-06 07:21:06 +00:00
Pierangelo Masarati
f3b61d87b7 fix BVarray 2002-01-05 09:58:19 +00:00
Kurt Zeilenga
0e2af54a3f Update copyright statements 2002-01-04 21:17:25 +00:00
Kurt Zeilenga
763c0de59b Rework filter code 
Misc cleanup / lint removal
 2002-01-02 17:06:56 +00:00
Howard Chu
f52cc9bab5 Change struct berval ** to BVarray 2002-01-02 11:00:36 +00:00
Pierangelo Masarati
3930a390e0 cleanup 2001-12-29 10:30:23 +00:00
Howard Chu
975a5e9a24 Added dnPretty2/dnNormalize2 using preallocated destination berval 2001-12-29 04:48:00 +00:00
Pierangelo Masarati
f2a80ff827 fix acl_dn_pat bervalization 2001-12-28 14:47:26 +00:00
Howard Chu
d6a37432bd Changed dn_rdn/dn_rdnlen to struct berval 2001-12-28 08:38:24 +00:00
Kurt Zeilenga
21288fbb21 Misc cleanup and dn_normalize() zapping 
Fix nameAndOptionalIdentifer syntax.
 2001-12-26 16:42:35 +00:00
Howard Chu
7685b237b7 Fix unterminated string in previous commit. dnNormalize ought to use an 
ldap_bv2dn function instead of ldap_str2dn and honor the bv_len's...
 2001-12-26 04:51:10 +00:00
Howard Chu
b96645af7d More struct berval changes, dnNormalize migration... 2001-12-26 04:17:49 +00:00
Kurt Zeilenga
2dd27b0786 More struct berval DNs 2001-12-25 19:48:26 +00:00
Howard Chu
3b8cf82517 Use e_nname.bv_len 2001-12-24 17:52:07 +00:00
Howard Chu
9e0ab3da36 Changed Access->a_set_pat and acl->acl_dn_pat to struct berval to eliminate 
strlen() from acl processing.
 2001-12-24 15:43:27 +00:00
Howard Chu
18cd610f2d op->o_ndn berval fixes for SLAPD_ACI_ENABLED 2001-12-24 15:18:02 +00:00
Howard Chu
2f3399265c Changed sai_dn, sai_ndn to struct berval. (Affects op->o_dn,o_ndn, 
conn->c_dn,c_ndn, Access->a_dn_pat)
 2001-12-24 15:11:01 +00:00
Howard Chu
3bd8946ca0 from jon@symas.com - minor cleanup 2001-12-17 22:48:29 +00:00
Kurt Zeilenga
abd9be4def Remove lint and misc MSVC updates 2001-12-09 02:34:45 +00:00
Howard Chu
ad9d17d537 Added dn_rdnlen. Fixed rdn leak in limits.c. 2001-12-08 11:08:26 +00:00
Pierangelo Masarati
0f64b72a00 paranoid check for escaped dn separators when naively checking for rdn boundary 2001-12-01 16:28:21 +00:00
Pierangelo Masarati
a4c9c2c06e add const 2001-11-17 09:21:22 +00:00
Howard Chu
0e16f6acf9 Moved AttributeDescription caching into main code: 
Changed AttributeDescription.{ad_cname,ad_lang} to struct berval everywhere
   Deleted ad_free() everywhere
   Added ad_mutex to init.c

The AttributeDescriptions are in a linked list hanging off of the
corresponding AttributeType.
 2001-10-22 13:23:05 +00:00
Kurt Zeilenga
fdc0dd7d6a Fix some NEW_LOGGING errors 2001-10-05 21:49:04 +00:00
Kurt Zeilenga
09a7bd4331 Clean up asserts, should assert desc != NULL instead of attr != NULL 2001-09-09 18:58:54 +00:00
Kurt Zeilenga
f10028ba06 Apply ACLs to front end objects (root DSE, subschema) consistently 2001-08-28 20:28:34 +00:00
Kurt Zeilenga
9a0b6e92d7 Default ACL clause should be "by * none stop" not "by * stop". 
That is, default rule should set permissions to none.
 2001-06-01 20:09:03 +00:00
Gary Williams
9cf6ee8ccd fix acl log line 2001-02-08 13:21:20 +00:00
Gary Williams
f49fd8a98e fix format 2001-01-17 16:35:53 +00:00
Gary Williams
d531a20f52 more new logging (finally), behind NEW_LOGGING 2001-01-11 17:11:23 +00:00
Mark Valence
7e1d4023b8 Removed testing mods accidentally committed with previous fix. 2000-10-11 16:41:15 +00:00