mirror/openldap
2
0
Fork 0
mirror of https://git.openldap.org/openldap/openldap.git synced 2024-12-27 03:20:22 +08:00
Code Issues Packages Projects Releases Wiki Activity
7,666 Commits 38 Branches 307 Tags 74 MiB
6f26183f20
Commit Graph

165 Commits

Author SHA1 Message Date
Kurt Zeilenga
763c0de59b Rework filter code 
Misc cleanup / lint removal
 2002-01-02 17:06:56 +00:00
Howard Chu
f52cc9bab5 Change struct berval ** to BVarray 2002-01-02 11:00:36 +00:00
Pierangelo Masarati
3930a390e0 cleanup 2001-12-29 10:30:23 +00:00
Howard Chu
975a5e9a24 Added dnPretty2/dnNormalize2 using preallocated destination berval 2001-12-29 04:48:00 +00:00
Pierangelo Masarati
f2a80ff827 fix acl_dn_pat bervalization 2001-12-28 14:47:26 +00:00
Howard Chu
d6a37432bd Changed dn_rdn/dn_rdnlen to struct berval 2001-12-28 08:38:24 +00:00
Kurt Zeilenga
21288fbb21 Misc cleanup and dn_normalize() zapping 
Fix nameAndOptionalIdentifer syntax.
 2001-12-26 16:42:35 +00:00
Howard Chu
7685b237b7 Fix unterminated string in previous commit. dnNormalize ought to use an 
ldap_bv2dn function instead of ldap_str2dn and honor the bv_len's...
 2001-12-26 04:51:10 +00:00
Howard Chu
b96645af7d More struct berval changes, dnNormalize migration... 2001-12-26 04:17:49 +00:00
Kurt Zeilenga
2dd27b0786 More struct berval DNs 2001-12-25 19:48:26 +00:00
Howard Chu
3b8cf82517 Use e_nname.bv_len 2001-12-24 17:52:07 +00:00
Howard Chu
9e0ab3da36 Changed Access->a_set_pat and acl->acl_dn_pat to struct berval to eliminate 
strlen() from acl processing.
 2001-12-24 15:43:27 +00:00
Howard Chu
18cd610f2d op->o_ndn berval fixes for SLAPD_ACI_ENABLED 2001-12-24 15:18:02 +00:00
Howard Chu
2f3399265c Changed sai_dn, sai_ndn to struct berval. (Affects op->o_dn,o_ndn, 
conn->c_dn,c_ndn, Access->a_dn_pat)
 2001-12-24 15:11:01 +00:00
Howard Chu
3bd8946ca0 from jon@symas.com - minor cleanup 2001-12-17 22:48:29 +00:00
Kurt Zeilenga
abd9be4def Remove lint and misc MSVC updates 2001-12-09 02:34:45 +00:00
Howard Chu
ad9d17d537 Added dn_rdnlen. Fixed rdn leak in limits.c. 2001-12-08 11:08:26 +00:00
Pierangelo Masarati
0f64b72a00 paranoid check for escaped dn separators when naively checking for rdn boundary 2001-12-01 16:28:21 +00:00
Pierangelo Masarati
a4c9c2c06e add const 2001-11-17 09:21:22 +00:00
Howard Chu
0e16f6acf9 Moved AttributeDescription caching into main code: 
Changed AttributeDescription.{ad_cname,ad_lang} to struct berval everywhere
   Deleted ad_free() everywhere
   Added ad_mutex to init.c

The AttributeDescriptions are in a linked list hanging off of the
corresponding AttributeType.
 2001-10-22 13:23:05 +00:00
Kurt Zeilenga
fdc0dd7d6a Fix some NEW_LOGGING errors 2001-10-05 21:49:04 +00:00
Kurt Zeilenga
09a7bd4331 Clean up asserts, should assert desc != NULL instead of attr != NULL 2001-09-09 18:58:54 +00:00
Kurt Zeilenga
f10028ba06 Apply ACLs to front end objects (root DSE, subschema) consistently 2001-08-28 20:28:34 +00:00
Kurt Zeilenga
9a0b6e92d7 Default ACL clause should be "by * none stop" not "by * stop". 
That is, default rule should set permissions to none.
 2001-06-01 20:09:03 +00:00
Gary Williams
9cf6ee8ccd fix acl log line 2001-02-08 13:21:20 +00:00
Gary Williams
f49fd8a98e fix format 2001-01-17 16:35:53 +00:00
Gary Williams
d531a20f52 more new logging (finally), behind NEW_LOGGING 2001-01-11 17:11:23 +00:00
Mark Valence
7e1d4023b8 Removed testing mods accidentally committed with previous fix. 2000-10-11 16:41:15 +00:00
Mark Valence
d8d9bec087 Added conn and op arguments to backend_group. 2000-10-11 16:25:28 +00:00
Kurt Zeilenga
7c96f629ee Add connection and operation arguments to backend callbacks. 
Needed for transactions.
 2000-09-29 05:25:44 +00:00
Ben Collins
810d3ce224 specifically check for NULL return from acl_get() 2000-09-13 21:49:56 +00:00
Kurt Zeilenga
7778304b16 Fix typo 2000-09-05 19:38:26 +00:00
Kurt Zeilenga
63ae1d22e5 Fix ACL SSF reporting 2000-09-05 18:24:24 +00:00
Kurt Zeilenga
bf3df2f7a6 restrictops, requires, disallow knobs; ssf acls; and misc other changes 
man pages to follow...
 2000-08-28 18:38:48 +00:00
Kurt Zeilenga
1c328aa9c7 Minor typedef and other clean ups 2000-08-26 01:14:05 +00:00
Kurt Zeilenga
5b856458a2 s/SAFEMEMCPY/AC_MEMCPY/ 
Use AC_FMEMCPY where appropriate (-llber)
 2000-07-28 01:07:07 +00:00
Kurt Zeilenga
efb7672dde Do not log attribute value 2000-07-25 20:54:11 +00:00
Kurt Zeilenga
2890bc5b6d Fix entry/children always allowed bug! 2000-07-20 22:52:44 +00:00
Kurt Zeilenga
8484d2c757 Remove lint 2000-07-05 21:03:57 +00:00
Mark Valence
517fa54bb0 Fix aci link error. 2000-06-30 18:04:10 +00:00
Kurt Zeilenga
1f1f8849eb Quick fix to aci link error 2000-06-30 17:09:52 +00:00
Mark Valence
3705a26f2d Add support for Set ACLs and ACIs. Still need to make this syntax awa 
re.
 2000-06-29 22:02:15 +00:00
Kurt Zeilenga
3112f21612 Add attribute type/matching rule support for structuralObjectClass attribute 
type.  Add type to core.schema.  Not yet populated on add nor checked on modify.
 2000-06-26 05:13:41 +00:00
Mark Valence
c6ad81bcd2 Fix minor bug in handling group ACLs. 2000-06-21 19:07:56 +00:00
Mark Valence
3a31fead5e Fixed paren nesting bug, separated convoluted conditionals, added comm 
ents about the logic.
 2000-06-17 18:23:27 +00:00
Mark Valence
638371ebe7 Fix uninitialized variable. 2000-06-17 08:20:44 +00:00
Mark Valence
0c6b9ce2dd Fix ACI group membership test to look up OC. 2000-06-14 22:17:33 +00:00
Mark Valence
2ee8093f98 Fix ACI group membership test to look up OC. 2000-06-14 22:11:44 +00:00
Mark Valence
0ebf86f2d3 Bug hunting -- hang when checking dnattr in ACL. 2000-06-14 06:08:20 +00:00
Mark Valence
1bfcb4b039 Added .regex, .base, .one, .subtree, and .children "style" modifiers. 2000-06-12 01:35:15 +00:00
Kurt Zeilenga
a56c161bdb Misc code cleanup. 2000-06-10 22:39:30 +00:00
Kurt Zeilenga
c3f8de76ef Fix up debug statement as suggested by christian.lorenz@suse.de 2000-06-07 14:07:50 +00:00
Kurt Zeilenga
693fb9424a unifdef -DSLAPD_SCHEMA_NOT_COMPAT -USLAPD_SCHEMA_COMPAT 2000-06-06 19:43:18 +00:00
Kurt Zeilenga
eb70b602ee Rework ACI codes to use OpenLDAPaci. Add needed schema elements. 
Needs work.  Volunteers welcomed.
 2000-05-30 21:34:55 +00:00
Kurt Zeilenga
e4a7b953f3 SLAPD_SCHEMA_NOT_COMPAT: fix typo 2000-05-29 04:57:31 +00:00
Kurt Zeilenga
bdf9b0d017 SLAPD_SCHEMA_NOT_COMPAT: working ACLs! (have not tested ACIs) 2000-05-29 03:51:26 +00:00
Kurt Zeilenga
9e5312e166 SLAPD_SCHEMA_NOT_COMPAT: ACL cleanup (not yet working) 2000-05-29 03:44:06 +00:00
Kurt Zeilenga
3350957674 SLAPD_SCHEMA_NOT_COMPAT: ACI cleanup 2000-05-28 22:17:34 +00:00
Kurt Zeilenga
439c0c796d SLAPD_SCHEMA_NOT_COMPAT: Mostly work modify 2000-05-28 16:36:34 +00:00
Kurt Zeilenga
37235b71c0 SLAPD_SCHEMA_NOT_COMPAT: working cn=schema 2000-05-15 23:36:37 +00:00
Kurt Zeilenga
4bc786f34b Y2k copyright update 2000-05-13 02:47:56 +00:00
Kurt Zeilenga
0c134a72d6 SCHEMA_NOT_COMPAT changes 2000-04-25 13:21:06 +00:00
Kurt Zeilenga
4091381660 Yet another round of SLAPD_SCHEMA_NOT_COMPAT changes, including: 
limited subtype support, modlist handling, filter updates,
lastmod attribute handling.
 2000-02-28 21:16:05 +00:00
Kurt Zeilenga
ceb6412e62 More -DSLAPD_SCHEMA_NOT_COMPAT changes 
Not hidden: "<anonymous>" modifiersname
 2000-02-15 18:57:07 +00:00
Kurt Zeilenga
0dbaf87730 Another round of changes behind -DSLAPD_SCHEMA_NOT_COMPAT 
plus these changes unhidden changes:
	remove now meaning --enable-discreteaci configure option
	fix ITS#451, slapd filters
	Add ber_bvecadd() to support above
	constify ldap_pvt_find_wildcard() and misc slapd routines
	renamed some slap.h macros
	likely broken something
 2000-02-14 20:57:34 +00:00
Kurt Zeilenga
36b0423311 Add Modification/Modifications structures for -DSLAPD_SCHEMA_NOT_COMPAT 2000-02-07 20:37:10 +00:00
Kurt Zeilenga
bc51bd5180 Yet another round of SLAPD_SCHEMA_NOT_COMPAT changes... 
Changes outside of #ifdef include three value filter processing.
 2000-02-06 21:09:44 +00:00
Kurt Zeilenga
9316c4eace ACI attributes should be of ACI syntax. Need to assign 
OID for experimental syntax.
 2000-02-01 17:53:07 +00:00
Kurt Zeilenga
3a6e906194 Replace -DSLAPD_SCHEMA_COMPAT with -USLAPD_SCHEMA_NOT_COMPAT 2000-01-31 22:14:16 +00:00
Kurt Zeilenga
c5da0c76ce Additional changes to migrate to new schema codes 
Still not usable.
 2000-01-28 20:01:00 +00:00
Kurt Zeilenga
e9b1012fb1 Put more old schema code behind SLAPD_SCHEMA_COMPAT (which still 
MUST be defined).
 2000-01-28 00:33:29 +00:00
Kurt Zeilenga
434e7229ac Add code to handle operational attributes via new schema codes 
behind -USLAPD_SCHEMA_COMPAT.
 2000-01-27 19:02:24 +00:00
Kurt Zeilenga
df712b8597 Don't exclude no-user-modification attributes from ACL checks 
unless access requested is WRITE.  This allows you to apply
an ACL to limit search/reading of no-user-modification attributes.
Writes, of course, are always prohibited (by do_add, do_modify).
 2000-01-27 18:35:36 +00:00
Mark Valence
d93ef01ac7 Add get_supported_acimech() for use by root_dse, check aci OIDs against supported list. 1999-11-22 18:42:46 +00:00
Mark Valence
23cb3a0555 Added a "dnattr" case for ACIs (still need to check the ACI OID). 1999-11-08 18:50:51 +00:00
Mark Valence
af855ec94b Updated ACI code to work with new ACL changes. All changes are within the SLAPD_ACI_ENABLED #ifdef's. 1999-11-06 05:05:50 +00:00
Kurt Zeilenga
3fbee54fa5 Remove lint 1999-10-27 04:40:56 +00:00
Kurt Zeilenga
3261f219a3 Add support for Root DSE ACLs. 
Add "users" shorthand (dn="^.+$")
Add regex short circuiting for common dn regexs.
 1999-10-26 03:19:41 +00:00
Kurt Zeilenga
06eb390586 Make accessmask2str reentrant. 1999-10-21 23:19:22 +00:00
Kurt Zeilenga
3d765d6108 Additional changes to improve logic and logging. Still buggy. 1999-10-21 20:29:52 +00:00
Kurt Zeilenga
f6829ee903 Initial commit of new ACL engine. Engine supports descrete access 
privs, additive/substractive rules, and rule continuation.  Existing
rules that use 'defaultaccess none' should be 100% compatible.  Rules
that rely other defaultaccess settings will require addition of
explicit clauses granting the access.
Needs additional testing and tuning of logs
 1999-10-21 17:53:56 +00:00
Kurt Zeilenga
7a0b0b2bbf In preparation for adding dn_rewrite()... 
s/dn_normalize/dn_validate/
s/dn_normalize_case/dn_normalize/
 1999-09-24 01:46:37 +00:00
Kurt Zeilenga
ccfba5f2c0 Misc. cleanup 1999-09-16 02:31:29 +00:00
Kurt Zeilenga
403f4479bc Add OpenLDAP RCSid to *.[ch] in clients, libraries, and servers. 
Replace old Id as needed (back-tcl).
Leave updating of contribWare to contributors (for now).
 1999-09-08 19:06:24 +00:00
Hallvard Furuseth
07b9eb68a3 Kill //-style comments 1999-09-05 20:53:13 +00:00
Hallvard Furuseth
c09a2c63e7 Cleanup: 
Fix printf formats, remove unused variables, add missing prototypes in slapd,
add static/const, add some return types or change to void return type.
 1999-09-02 08:05:17 +00:00
Kurt Zeilenga
87675a953d ACIs from Mark Valence <kurash@sassafras.com> (ITS#261) 1999-08-20 22:42:04 +00:00
Kurt Zeilenga
9c3ed0310b Add copyright notices. 1999-08-06 23:07:46 +00:00
Kurt Zeilenga
68d561a97b Add limited LDAP_INVALID_DN_SYNTAX support. dn_normalize{,_case}() now returns 
NULL does not meet basic syntax rules.
 1999-07-22 17:14:42 +00:00
Kurt Zeilenga
5600097ae1 Update ACL field names and usage statement to match -devel post 1999-07-22 00:50:11 +00:00
Kurt Zeilenga
933908f72f ACL CHANGES: 
by <who> <access> changed to by <who>+ <access> (joined with AND)
  added peername=<regex> sockname=<regex> url=<regex>
  removed addr=<regex> (use peername instead).
replace dn_upcase with str2upper and str2lower.  Use where needed.
 1999-07-21 20:54:23 +00:00
Kurt Zeilenga
170836751a Namespace changes 
added slap_ and ldbm_ to many structures
  added typedefs to many structures
  used typedefs
New main.c argument parsing with ldap url support (replacing -a address).
New sockaddr_in handling and support for multiple listeners.
 1999-07-19 19:40:33 +00:00
Kurt Zeilenga
e9c2895472 Add support for unsolicited notifications. 1999-07-07 18:51:39 +00:00
Kurt Zeilenga
51d1c90887 unifdef -DSLAPD_ACLGROUPS -DSLAPD_ACLAUTH 1999-07-05 06:26:26 +00:00
Kurt Zeilenga
549c89f817 Regarding previous commit: 
Fix broken ACL macros.
	Fix o_dn/o_ndn == NULL vs "".
 1999-07-04 19:53:00 +00:00
Kurt Zeilenga
106eef41d8 HEADS UP: connections are forced to "anonymous" status upon receiving 
of a bind request and, upon failure, are left "anonymous."

Rework ACL code to hide access testing within macros to facilate additions
and eventual redesign.

Addition of #ifdef SLAPD_ACLAUTH to conditional include EXPERIMENTAL
"auth" access controls.  Adds ACL_AUTH "auth" access level (above none,
below "compare").  bind requires anonymous access at this level or above access
to "entry"/"userPassword"/"krbName".  This allows administrators to restrict
which entries can be bound to.  (This will likely become default behavior
after testing has completed).
 1999-07-04 18:46:24 +00:00
Kurt Zeilenga
fe00263875 expose oc_check_operational from schema.c 
Use everywhere.
Apply search ACLs to operational attributes.
Only provide operational attributes when explicitly requested.
 1999-06-29 04:52:55 +00:00
Kurt Zeilenga
8f02beada9 PROTOTYPE: New connection management infrastructure designed to 
remove race conditions on connection close.
BROKEN: various counters for dn=monitor.
Initial testing on FreeBSD (with and without pthreads) was successfull.
Have not yet tested preemptive threading environments.
Have not built against backends other than LDBM.
 1999-03-22 07:14:54 +00:00
Hallvard Furuseth
5ef648a109 Silence warnings: Remove unused variables. Enclose some initializers in in {}. 1999-03-09 07:15:35 +00:00
Kurt Zeilenga
216049bd12 New Frontend->Backend Interface 
Separates per backend type from per backend database initialization
	and startup.  Also supports per type / per backend shutdown.
New frontend startup/shutdown routines are also provided:
	slap_init() slap_startup() slap_shutdown() slap_destroy()
New frontend->backend startup/shutdown is managed by:
	backend_init() backend_startup() backend_shutdown backend_destroy
backend_init() now calls bi_init() to initial all function pointers
for the backend (excepting bi_init() which is now the only hardcoded
entry point).  New entry points are detailed in slap.h struct
backend_info.  backend_info is a per database type structure.
Besides the new startup/shutdown entry points, the new interface
also supports per backend type configuration options.  One could have:

	backend bdb2	(new Berkeley DB 2 backend)
	bdb2_home	/directory

	database bdb2
	...

	*** This code is fairly experimental ***
	*** Much cleanup and testing is still needed ***

see slap.h for details on struct backend_db and backend_info.
 1999-02-05 09:03:47 +00:00