mirror/openldap
2
0
Fork 0
mirror of https://git.openldap.org/openldap/openldap.git synced 2025-01-12 10:54:48 +08:00
Code Issues Packages Projects Releases Wiki Activity
23,169 Commits 38 Branches 307 Tags 75 MiB
7046444327
Commit Graph

223 Commits

Author SHA1 Message Date
Kurt Zeilenga
3a468f5d90 cleanup 2004-03-24 23:44:45 +00:00
Howard Chu
2d0af83c71 ITS#2934 - don't touch conn->c_sasl_dn for Simple Binds 2004-02-26 11:48:34 +00:00
Kurt Zeilenga
3c598e89fb Happy new year 2004-01-01 19:15:16 +00:00
Luke Howard
0549d46adf Don't require slapi to be in the path - always include slapi/slapi.h 2003-12-28 04:17:48 +00:00
Luke Howard
b0416d1140 Cleanup SLAPI namespace 2003-12-28 04:14:19 +00:00
Luke Howard
516fd0ff50 First round of SLAPI cleanups - use slapi_int_XXX for internal functions 
(slapi_x_XXX is still reserved for exported functions that are not part
of the SLAPI specification)
 2003-12-16 15:49:31 +00:00
Howard Chu
e85cd1e154 Fix prev commit, use c_authtype 2003-12-13 22:16:03 +00:00
Howard Chu
d9aec4ef28 Always set c_authmech 2003-12-13 21:39:51 +00:00
Kurt Zeilenga
4e15a84452 Updated notices 2003-11-27 01:17:14 +00:00
Howard Chu
01f7a7466b SLAPI fix - no-op when slapi_plugins_used == 0 2003-10-24 05:58:42 +00:00
Luke Howard
114d0081c1 Fix for Howard's fix for ITS #2704 
The oblique SLAPI interface requires that preop bind plugins return 1 in the
case that they have authoritatively handled the bind; of course, this is
the same return value that doPluginFNs() returns in the case of no plugins
being called.

This patch should distinguish between the two cases...
 2003-09-23 07:40:29 +00:00
Howard Chu
a8ae9bb31d ITS#2704 don't hang client when no preop plugins are loaded 2003-09-23 05:35:38 +00:00
Kurt Zeilenga
4679178db2 Don't pass NULL when string is expected. 
Other Cleanup
 2003-09-15 21:22:20 +00:00
Luke Howard
b3e8d9189c Fix SLAPI bind pre-operation plugin regression 2003-09-11 09:04:03 +00:00
Luke Howard
57f242c3fb Call SASL bind post-op SLAPI plugin _after_ DN has been set 2003-08-31 03:11:05 +00:00
Luke Howard
e40215e780 Call post-op bind functions after SASL bind 2003-08-31 03:08:06 +00:00
Kurt Zeilenga
3186a1c27a Remove deprecated code. Will remove slap.h code define later. 2003-08-09 03:44:30 +00:00
Hallvard Furuseth
6af256b8e1 Fix some Statslog()s: Add missing newlines. Print file descriptor as long. 2003-05-15 23:45:33 +00:00
Luke Howard
e4779aefc1 A pre-operation plugin is not required to set SLAPI_RESULT_CODE in 
order to prevent the operation from being passed to the backend. It
need only return a non-zero error code.
 2003-04-30 13:37:14 +00:00
Pierangelo Masarati
adf3744dd6 fix backsql new API; use berbuf instead of berval 2003-04-15 21:55:25 +00:00
Howard Chu
3aabc4ed43 doPlugins return code fix 2003-04-14 00:07:48 +00:00
Howard Chu
280fc819cf Memory context tweaks for Bind 2003-04-12 06:56:42 +00:00
Howard Chu
ece7452b05 More memory context tweaks 2003-04-11 01:29:28 +00:00
Pierangelo Masarati
e8c264b1f6 safe defaults 2003-04-03 21:40:04 +00:00
Howard Chu
fa9bf23501 Minor cleanup 2003-03-31 07:49:34 +00:00
Luke Howard
2fdbc55374 SLAPI cleanup 2003-03-31 06:41:30 +00:00
Howard Chu
e8c58b4e7f Major API change - (SLAP_OP_BLOCKS) All request parameters are 
consolidated into the Operation structure. All reply parameters
are consolidated into the new SlapReply structure. Most operations
now have identical call signatures... Changes are not #ifdef'd,
revert to -r NO_SLAP_OP_BLOCKS if necessary to back out.
 2003-03-30 09:03:54 +00:00
Kurt Zeilenga
e906747d51 call LDAPv2 what it is (historical) 2003-03-06 01:00:05 +00:00
Kurt Zeilenga
fb73fea612 More understandable error text 2003-02-19 16:19:13 +00:00
Kurt Zeilenga
aaf253318b Move include <slapi.h> behind #ifdef 2003-02-10 02:09:00 +00:00
Kurt Zeilenga
8f82e9f772 ITS#2117: remove suffixalias support until someone fixes it 2003-02-09 07:20:03 +00:00
Kurt Zeilenga
2fccb8d68e really put SLAPI behind its #ifdef 2003-02-07 19:06:15 +00:00
Pierangelo Masarati
c3847a6136 slapi header cleanup 2003-01-27 21:53:23 +00:00
Luke Howard
0650e6ad52 Allow plugin to retrieve desired attribute list and state of manageDSAit control 
Support search preop/rewrite/postop plugins for root DSE and subschema
 2003-01-23 08:45:28 +00:00
Kurt Zeilenga
58bff46c7c s/AUTHZ/BIND/ for consistency with other Statslog() messages 2003-01-22 21:37:04 +00:00
Luke Howard
ff263ec6a7 Return LDAP_OTHER instead of LDAP_OPERATIONS_ERROR for internal SLAPI 
failure
 2003-01-21 09:42:26 +00:00
Luke Howard
30d946959e Set SLAPI_BIND_CREDENTIALS for bind preoperation plugin 2003-01-21 08:35:48 +00:00
Luke Howard
53ced8a648 Allow SLAPI bind plugins to set the authorization identity, at least for 
simple binds
 2003-01-21 06:30:38 +00:00
Luke Howard
8e8b4093f5 Mark Sun ONE 5.x SLAPI plugin types to avoid collisions 
Rename internal slapi_XXX API to slapi_x_XXX
Always set result code/matched/error text in operation parameter block
to make available to postoperation plugins
 2003-01-21 02:46:55 +00:00
Luke Howard
d484a9781c Conform SLAPI to Netscape, iPlanet and Sun ONE Directory Server 
behaviour:

1. Plugins never return LDAP result codes, instead they return a
   small integer (0 or -1, others for special cases)
2. Preoperation plugins can abort processing by returning a non-
   zero value to the frontend
3. Postoperation plugins never abort processing (all are called)
   and their return values are ignored
 2003-01-20 23:18:11 +00:00
Kurt Zeilenga
6d1ca4c747 Remove values match v. filter struct field macro overloads 
Use LDAP_SLISTs instead of per-struct list management for schema structs
misc cleanup and lint removal
 2003-01-20 20:21:17 +00:00
Kurt Zeilenga
bcd7306877 ITS#2268: SASL/ANONYMOUS fixes from kuenne@rentec.com 2003-01-20 18:09:46 +00:00
Luke Howard
6a5f29b60a Use new SLAPI API for setting associated parameters associated with the 
Connection, Operation and Backend structures.

Ensure that SLAPI_MODIFY_MODS is set to an array of LDAPMods.
 2003-01-19 15:30:10 +00:00
Kurt Zeilenga
6939c53170 Happy new year 2003-01-03 20:20:47 +00:00
Pierangelo Masarati
e9a74cffba slapi used the old version of the LDAP_LOG macro (caught by Howard) 2002-12-27 14:59:01 +00:00
Pierangelo Masarati
1b70e16448 SLAPI - Netscape plugin API for slapd - based on patch contributed by Steve Omrani <somrani@us.ibm.com> as ITS#2073 2002-12-07 17:19:29 +00:00
Kurt Zeilenga
390cdcfbc2 Add AUTHZ stats logging 2002-11-11 18:55:45 +00:00
Kurt Zeilenga
023d0e2a5c Rework unprotected simple bind checks 2002-10-08 19:03:18 +00:00
Kurt Zeilenga
36fca96695 if "disallow bind_simple_unprotected", require at least SSF of 2 2002-10-08 01:06:49 +00:00
Pierangelo Masarati
857d08ea21 use bvmatch() instead of ber_bvcmp() when testing for match without ordering 2002-09-02 19:39:06 +00:00
Howard Chu
20f6bae612 Use sockbuf_max_incoming_auth after successful Bind 2002-08-29 11:53:37 +00:00
Howard Chu
9f5b28baf3 Remove c_sasl_bindmutex, Binds are already serialized. 2002-08-26 22:20:30 +00:00
Kurt Zeilenga
6f8a3919a1 Fix last commit. 2002-08-26 18:07:58 +00:00
Kurt Zeilenga
af4cb85d8b Prevent unlocking unlocked sasl_bindmutex... 2002-08-26 18:06:55 +00:00
Pierangelo Masarati
d9da0f2bb8 silence annoying warning (BTW: who initializes be?) 2002-08-26 17:37:33 +00:00
Howard Chu
925714ceef Experimental cruft to propagate valid Operation to SASL callbacks. 
If you have a better way, jupm on in...
 2002-08-24 07:34:50 +00:00
Kurt Zeilenga
84fe0ad051 Log successful SASL bind (ITS#2017) 2002-08-13 03:49:21 +00:00
Howard Chu
a073e28510 Fix setting c_authz_backend for SASL binds: 
in slap_sasl2dn, make sure it's set for base DN searches as well.
  in do_bind, don't zero it during multi-stage binds.
 2002-07-13 00:11:03 +00:00
Julius Enarusai
6107ba67d2 Coverted LDAP_LOG macro to use subsystem ID int values instead of string values 2002-07-11 20:33:24 +00:00
Kurt Zeilenga
ba4faad6e5 Use correct ssfs. 2002-06-18 07:31:20 +00:00
Kurt Zeilenga
9a38d98d37 Add option to disallow unprotected simple authentication. 
Add protected simple authentication as a "strong" mechanism.
 2002-06-17 22:18:27 +00:00
Howard Chu
c5c1ddb1ca Deleted Connection->c_cdn. Use conn->c_dn instead... 2002-06-12 08:38:59 +00:00
Kurt Zeilenga
d6e7f0f630 Rework c_authzid_backend in preparation for sasl_setpass() support 2002-06-11 22:56:47 +00:00
Kurt Zeilenga
af02eee0d5 Reworking backend_check_restrictions for extensions 
Should resolve ITS#1781.
 2002-05-01 01:04:57 +00:00
Pierangelo Masarati
4a8ab5dbf2 Mostly based on patches provided by Hallvard B. Furuseth 
ITS#1677 - cast away const warnings
ITS#1678 - unsigned char args to ctype funcs
ITS#1682 - don't redefine ldap_debug
ITS#1683 - uninitialized vars
ITS#1703 - ldo_debug initialization
ITS#1705 - unsigned testing
ITS#1706 - socklen_t args
ITS#1719 - back-tcl update (other cleanups/fixes/improvements; yet untested)
ITS#1724 - integerNormalize/integerFilter/integerIndexer bugs
ITS#1725 - libdes not required

Implement back-null (/dev/null style backend)
Cleanup some misc warnings ("%lu" format, unused/uninitialized vars,
        ambiguous operator precedence)

Kurt, please regenerate configure
 2002-04-08 09:43:22 +00:00
Howard Chu
4191f39037 Changed slap_authz_info.sai_mech to struct berval. 
Changed sasl_* to use struct bervals.
 2002-01-26 13:57:41 +00:00
Howard Chu
ac1332cdb8 Renamed BVarray to BerVarray. Moved slapd:bvarray_{add,free} to 
liblber:ber_bvarray_{add,free}.
 2002-01-14 01:43:17 +00:00
Howard Chu
ec46a2f33a Use 'm' ber_scanf format where convenient 2002-01-06 06:11:01 +00:00
Howard Chu
ce7d8d26f2 Changed conn->c_cdn to struct berval. 2002-01-06 03:26:09 +00:00
Kurt Zeilenga
eaf3264184 Add some critical control checks. 2002-01-06 00:36:55 +00:00
Kurt Zeilenga
0e2af54a3f Update copyright statements 2002-01-04 21:17:25 +00:00
Howard Chu
f52cc9bab5 Change struct berval ** to BVarray 2002-01-02 11:00:36 +00:00
Howard Chu
975a5e9a24 Added dnPretty2/dnNormalize2 using preallocated destination berval 2001-12-29 04:48:00 +00:00
Howard Chu
292c575c1f Added dnPrettyNormal, do both Pretty and Normalize at once to save 
some ldap_str2dn overhead.
 2001-12-28 07:27:15 +00:00
Kurt Zeilenga
ef7a99ff99 Additional struct berval DN changes... 2001-12-26 23:26:55 +00:00
Kurt Zeilenga
21cecb3831 Update referral handling to use struct berval DNs. 2001-12-26 20:59:24 +00:00
Howard Chu
d474789d0d First pass at converting bind to struct bervals 2001-12-26 11:41:38 +00:00
Kurt Zeilenga
3336619c80 More "char *" to struct berval DN changes 2001-12-25 02:30:01 +00:00
Howard Chu
70194f9ad6 Changed suffix_alias() to use struct berval * in-place. 2001-12-24 16:29:18 +00:00
Howard Chu
2f3399265c Changed sai_dn, sai_ndn to struct berval. (Affects op->o_dn,o_ndn, 
conn->c_dn,c_ndn, Access->a_dn_pat)
 2001-12-24 15:11:01 +00:00
Howard Chu
9969058a06 Fix typo in berval commit 2001-12-24 13:47:47 +00:00
Kurt Zeilenga
0c28b66a75 use dnPretty instead of dn_pretty 2001-12-23 00:43:57 +00:00
Kurt Zeilenga
a4a1325a6a Update BER decoding of PDU to use "o" (struct berval) instead of 
"a" (char **)... another step towards BerValue DNs.
 2001-12-22 21:52:58 +00:00
Kurt Zeilenga
d23313a068 LDAPv2 disallow and other flag changes 
Fix compile errors
 2001-12-21 04:44:34 +00:00
Howard Chu
ef0b308bea Changed backglue configuration. Added noSubordinates arg to select_backend 
to deal with glued subordinates.
 2001-12-10 12:09:40 +00:00
Howard Chu
45aadbbbba Eliminate unnecessary per-operation dn_normalize(o_ndn); it's already 
done in do_bind() and there's space in the connection structure for c_ndn
already, just copy it.
 2001-12-09 14:46:29 +00:00
Pierangelo Masarati
aee3600276 minor cleanup 2001-11-17 16:18:07 +00:00
Kurt Zeilenga
82fad7d0c8 First stable an implementing latest namedref specification. 
Includes rewriting of URLs where the DN of the referral object
and the DN of the ref attribute attribute are not the same.
Also, always returns explicit DN and scope.
Currently, back-ldbm only.  Needs to be ported to back-bdb.
 2001-10-26 02:05:14 +00:00
Kurt Zeilenga
cc6fab319e Add support for separate max incoming for anonymous and authenticated 
sessions (defaults: 256K and 16M respectively).
 2001-05-29 20:00:55 +00:00
Kurt Zeilenga
0fc62be316 Rework security restrictions for SASL bind 2001-02-03 03:17:22 +00:00
Gary Williams
f49fd8a98e fix format 2001-01-17 16:35:53 +00:00
Gary Williams
d531a20f52 more new logging (finally), behind NEW_LOGGING 2001-01-11 17:11:23 +00:00
Kurt Zeilenga
dbdba34972 First-cut at manageDSAit-aware backend selection. 2000-10-21 03:29:02 +00:00
Kurt Zeilenga
2b2ee1ccbd Return authMethodNotSupported not authUnknown for unknown 
bind authentication method
 2000-10-13 05:28:23 +00:00
Kurt Zeilenga
27b30275a6 We need to set sasl_layers prior to returning result... 2000-10-07 02:00:54 +00:00
Mark Adamson
bf1ee530ea Implementation of SASL authorization. 2000-09-21 17:32:54 +00:00
Kurt Zeilenga
825c3c4c5c Fix handling of optional cred 2000-09-15 00:09:44 +00:00
Kurt Zeilenga
3342ea3b49 Add more bind allow/disallow flags 2000-09-11 18:24:24 +00:00
Kurt Zeilenga
2e13824d0d Add "allow tls_2_anon" to allow StartTLS to force session to anonymous. 
Add "disallow tls_authc" to disallow StartTLS when session is authenticated.
Create and use connection2anonymous routine for consistency.
 2000-09-08 22:59:01 +00:00
Kurt Zeilenga
4e8973e6cb Rework bind restrictions 2000-08-28 23:37:44 +00:00