Commit Graph

249 Commits

Author SHA1 Message Date
Kurt Zeilenga
6939c53170 Happy new year 2003-01-03 20:20:47 +00:00
Kurt Zeilenga
f43bf6b283 cleanup 2002-12-20 04:08:06 +00:00
Howard Chu
0e69c86461 Fix Statslog messages 2002-12-17 00:23:36 +00:00
Howard Chu
40b651afb1 Fix previous commit, was freeing name from rev-lookup too soon. 2002-12-16 00:58:05 +00:00
Howard Chu
ee571c54a4 Must use reentrant gethostbyaddr for reverse lookups. Other threads may
be doing lookups too (e.g., SASL/GSSAPI)
2002-12-11 16:36:36 +00:00
Kurt Zeilenga
56ebd53e51 expand authid buffer 2002-12-08 07:56:49 +00:00
Kurt Zeilenga
7c4445aed4 Avoid magic constant (32) in allocation. Use sizeof instead 2002-12-07 18:34:25 +00:00
Kurt Zeilenga
eb41333e4c Use getpeereid(3) where available else use *_PEERCRED replacment function 2002-12-04 06:17:32 +00:00
Luke Howard
daf7d0c0eb Support SO_PEERCRED SASL EXTERNAL authorization. 2002-12-04 04:14:44 +00:00
Kurt Zeilenga
e1f2ed9bc1 Delete some old (bad) statslog messages 2002-11-11 18:38:57 +00:00
Pierangelo Masarati
dea2420569 beautify "unknown" 2002-10-26 18:51:24 +00:00
Pierangelo Masarati
8558b8808e actually, get_perms is needed by ldapi:// rgeardless of -DSLAP_X_LISTENER_MOD 2002-10-26 10:02:41 +00:00
Kurt Zeilenga
36569048ff Add "allow update_anon"
Fix -USLAP_X_LISTENER_MOD builds
2002-10-25 18:47:24 +00:00
Pierangelo Masarati
97e526cb2d add restrictions related to listeners in form of file permissions
(see in slapd(8) the description on how to enforce file permissions
on sockets in ldapi schema); at present, only user permissions are
used as follows: the url extension x-mod=-rwxrwxrwx is used; only
the user permisisons are considered, e.g. the first set of rwx;
	"r" means read is allowed from that listener
	"w" means write is allowed on that listener
	"x" means bind is not required on that listener
these restrictions ADD to those already present, and are actually
checked AFTER the other restrictions, but BEFORE ACLs, so they can
be used to apply gross restrictions but should not be viewed as
a replacement of ACLs. To compile this, #define SLAP_X_LISTENER_MOD
2002-10-25 16:43:44 +00:00
Pierangelo Masarati
956f1d16aa listener:
- use bervals for url and sockname
- pass connection_init() the listener struct pointer instead of each value
- don't copy them in the Connection struct 'cause they're not going to change
- define macros for legacy usage of c_listener_url and c_sockname
2002-10-24 10:03:52 +00:00
Pierangelo Masarati
fdd586a6b7 change socket permission syntax (to reuse function for other purposes) 2002-10-23 14:12:01 +00:00
Howard Chu
e6d10b9590 Revert previous commit. More thought needed re: IPV4 vs IPv6 failures 2002-10-09 21:18:51 +00:00
Howard Chu
2e538e19d4 ITS#2132, give up at first bind failure 2002-10-09 20:45:13 +00:00
Howard Chu
b9bd44b047 Fix ITS#2132, give up if listener fails to open 2002-10-09 18:57:50 +00:00
Howard Chu
bdf9b3ae1b Fix ITS#1033 slapd hangs with GNU Pth - don't write to the wakefd
more than once at any given time.
2002-09-21 03:52:16 +00:00
Kurt Zeilenga
3eb21d8a6c Misc cleanup 2002-09-16 21:50:55 +00:00
Kurt Zeilenga
23efa07a99 use ldap_charray_*() instead of charray_*() 2002-08-24 00:55:24 +00:00
Howard Chu
5a01db28e3 Moved slap_strcopy, slap_strncopy to lutil_strcopy, lutil_strncopy 2002-07-27 00:24:02 +00:00
Stig Venaas
bf5e3a15ca Use AF_INET instead of AF_UNSPEC when IPv6 disabled 2002-07-12 15:36:33 +00:00
Julius Enarusai
6107ba67d2 Coverted LDAP_LOG macro to use subsystem ID int values instead of string values 2002-07-11 20:33:24 +00:00
Stig Venaas
62139b6ef3 Set peeraddr also for IPv6, fixes ITS#1918 2002-07-05 20:29:15 +00:00
Stig Venaas
804490a8b1 Use IPV6_V6ONLY on IPv6 sockets if available. This way we only get IPv6
packets on the IPv6 socket, and we receive only IPv6 with -6.
2002-06-27 13:20:37 +00:00
Stig Venaas
6d025001da Ignore error if listen on socket bound to 0.0.0.0 fails and already
listening on socket bound to ::
2002-06-27 12:41:09 +00:00
Kurt Zeilenga
27fdd04153 Add -4/-6 flags to slapd to force use of IPv4 or IPv6 2002-06-15 22:01:39 +00:00
Kurt Zeilenga
faf91f1f1f Update to the 'gentle SIGHUP' patch. (ITS#1679)
- Let write operations return unwilling-to-perform after
  'gentle shutdown' has been initiated.
- Change -1 to 2 in slapd_gentle_shutdown and slapd_shutdown, since
  sig_atomic_t can be unsigned (ITS#1736).  The 'gentle SIGHUP' patch
  is older than ITS#1736 but was applied later, so it reintroduced
  the problem.

Hallvard B. Furuseth <h.b.furuseth@usit.uio.no>, June 2002.
2002-06-12 15:43:19 +00:00
Howard Chu
b89c4539b9 Fix Listeners: handles multiple addresses for a given hostname, copies
sockaddr into Listener structure.
2002-06-06 10:33:18 +00:00
Kurt Zeilenga
19eca33ca3 Gentile HUP shutdown from Hallvard 2002-06-03 16:47:43 +00:00
Howard Chu
efecf4e121 ITS#1733 eliminate o_abandonmutex 2002-04-11 08:03:40 +00:00
Howard Chu
98e3499b05 ITS#1736 slapd_shutdown can be unsigned 2002-04-11 07:28:30 +00:00
Pierangelo Masarati
f4dba925ff add a switch that enables/disables reverse lookups if configured with rlookups 2002-04-03 15:40:49 +00:00
Pierangelo Masarati
6174cb6529 improvement of permission handling of local sockets (ITS#1660, issue 2) 2002-03-23 16:07:19 +00:00
Howard Chu
f0a453dfca Fix ITS#1615 2002-03-07 20:23:48 +00:00
Pierangelo Masarati
4f2ff1c108 uses URL extensions to set socket permissions other than default
URL Syntax:

ldapi://[<path>[/????[!]x-mod=<mod>]]

where <path> is the URL-encoded path of the socket (i.e. use %2F instead
of '/' for UNIX filenames!) and <mod> is 3*[w|-] (all we need is write
permission to the socket, read/execute permissions are ignored; however,
they're set when opening the listener).  The critical flag (the optional
'!' if not used ignores the result of the chmod() operation.
2002-01-28 20:26:55 +00:00
Pierangelo Masarati
eb14feac7e provisions for user-supplied permissions 2002-01-28 17:57:53 +00:00
Pierangelo Masarati
f00f86bf22 another round at cleaning it up: better naming, more attributes and so 2002-01-28 17:21:52 +00:00
Pierangelo Masarati
619f772459 listener monitor 2002-01-11 11:43:35 +00:00
Pierangelo Masarati
5dfbf93687 need this outside for back monitor ... 2002-01-11 10:46:58 +00:00
Kurt Zeilenga
0e2af54a3f Update copyright statements 2002-01-04 21:17:25 +00:00
Howard Chu
bbcb0f8a7f Replace strcat with slap_strcopy 2001-12-26 16:25:18 +00:00
Howard Chu
8ad557e4ec fix from jon@symas.com - inet_ntoa on uninitialized sockaddr 2001-12-17 22:46:59 +00:00
Howard Chu
826056e75b More thorough backend_destroy. Added config_destroy. Destroy slap_listeners.
Plugged other small leaks.
2001-12-15 12:05:58 +00:00
Kurt Zeilenga
b4ccbc2722 ITS#1413 suggested fix
(I think I fixed this by other means, but this does no harm)
2001-12-07 17:25:34 +00:00
Howard Chu
0552b1c53f NT updates from jon@symas.com. 2001-12-07 04:03:25 +00:00
Kurt Zeilenga
b5504a1c36 Clean up some misplaced 'extern' declarations (should be headers) 2001-12-04 19:57:09 +00:00
Pierangelo Masarati
aee3600276 minor cleanup 2001-11-17 16:18:07 +00:00