Pierangelo Masarati
80c2bb5003
clarify why we don't accept scheme other than ldap:// in authz-regexps
2004-12-08 19:09:54 +00:00
Howard Chu
90cc409325
Split Operation into Opheader and op
2004-11-25 22:59:00 +00:00
Howard Chu
3a5bde98ba
Disable back-bdb native syncrepl support, enable syncprov overlay,
...
remove syncrepl stuff from Operation struct
2004-11-25 21:16:54 +00:00
Pierangelo Masarati
184fc4878a
more on ITS#3396: note that the filter is mandatory, and that the protocol must be ldap://
2004-11-16 18:57:40 +00:00
Pierangelo Masarati
227961178e
fix ITS#3396 (filter in URI replacement must be present)
2004-11-16 18:43:48 +00:00
Pierangelo Masarati
5b67eecb45
don't hijack members of op for temporaries...
2004-11-12 12:49:43 +00:00
Pierangelo Masarati
761f287943
multiple precision with BIGNUM/gmp/ulong
2004-09-26 22:58:47 +00:00
Kurt Zeilenga
d611a4b49a
unifdef -UNEW_LOGGING
2004-09-04 04:54:28 +00:00
Howard Chu
91033d6552
Reworked fix for ITS#3140 - add access parameter to backend_attribute
2004-08-18 17:14:22 +00:00
Pierangelo Masarati
b94d5e17e2
rework op/rs structures to deal with opeartional attributes
2004-07-18 21:44:29 +00:00
Hallvard Furuseth
9c9c92a6a4
Fix coredump in slap_sasl_check_authz() due to wrong LDAP_LOG() format string.
2004-07-18 07:14:07 +00:00
Pierangelo Masarati
7fe1acca92
add shortcut for 'users'; but, very important, cleanup rewrite replacement to authz-regexp
2004-06-20 22:41:24 +00:00
Pierangelo Masarati
d1b692ceb4
clarify no limits in (internal) searches
2004-06-12 11:33:21 +00:00
Kurt Zeilenga
3dcc2bf092
cleanup
2004-05-31 04:01:03 +00:00
Kurt Zeilenga
2ec6755eda
Don't shortcut scope base searches. Base scope searches can be
...
useful to ensure target entry exists.
2004-05-30 22:15:39 +00:00
Pierangelo Masarati
20140992a6
cleanup
2004-05-13 22:59:14 +00:00
Pierangelo Masarati
3eebd5bb21
expose slap_sasl_matches() to allow external matching of authz* stuff; fix backwards compatibility bug for "dn:<pat>" as a shortcut to "dn.exact:<pat>"
2004-05-13 20:22:27 +00:00
Pierangelo Masarati
9284fbf8ad
remove lint and cleanup namespace
2004-05-01 15:17:43 +00:00
Pierangelo Masarati
e1268a943b
scan all results for multiple entries; fail in case more than one entry is returned, regardless of matches
2004-04-26 22:47:08 +00:00
Pierangelo Masarati
0265f31b5b
fix size test in internal search for bdb/hdb
2004-04-26 21:47:02 +00:00
Pierangelo Masarati
ff0df4b6aa
add group authz
2004-04-25 23:59:06 +00:00
Pierangelo Masarati
0cd5b9f766
parsing bug (does not affect RE22)
2004-04-24 17:47:24 +00:00
Pierangelo Masarati
b9dcdbb2d8
rename macro accordingly to new authz naming
2004-04-20 19:12:56 +00:00
Kurt Zeilenga
1372965d89
ITS#3092: Rename sl_free() and friends to slap_sl_free()
2004-04-20 03:44:57 +00:00
Kurt Zeilenga
a54900be42
s/saslAuthz/authz/
2004-04-16 06:12:13 +00:00
Pierangelo Masarati
d7884b5853
rename macro
2004-04-14 23:23:46 +00:00
Pierangelo Masarati
755210c960
use librewrite for sasl-regexp (need to #define SLAP_X_SASL_REWRITE; ITS#2886); lots of cleanup
2004-04-13 16:47:04 +00:00
Howard Chu
692c37720f
Fix internal search limits (due to recent limit_check change)
2004-04-07 15:10:26 +00:00
Kurt Zeilenga
44725e7303
use BER_BVNULL
2004-04-07 04:11:43 +00:00
Kurt Zeilenga
c7e89d57be
swap be_isroot and be_isroot_dn symbols
2004-04-06 01:06:20 +00:00
Howard Chu
09a379394a
ITS#3033 fix debug msg segv
2004-03-20 09:51:33 +00:00
Kurt Zeilenga
e323437c6a
cleanup for release engineering
2004-03-18 01:06:39 +00:00
Pierangelo Masarati
5716b7f1b2
document saslAuthzTo/saslAuthzFrom new syntax; add onelevel style to DN type
2004-03-06 11:00:49 +00:00
Kurt Zeilenga
3c598e89fb
Happy new year
2004-01-01 19:15:16 +00:00
Pierangelo Masarati
42d7d6d743
propagate flags to sasl-regexp functions (will need it later)
2003-12-18 18:32:45 +00:00
Pierangelo Masarati
113727ba53
allow 'all' vs. 'any' sasl-authz-policy
2003-12-18 18:28:43 +00:00
Pierangelo Masarati
f2a9089e4d
cleanup most of the -pedantic warnings (ITS#2884) and other small fixes
2003-12-17 20:55:46 +00:00
Kurt Zeilenga
271fff13de
Sync with HEAD
2003-12-17 17:55:27 +00:00
Pierangelo Masarati
bc972e0656
allow 'AUTHZ' mech in proxyAuthz control to allow also the <mech> part of the 'u:' user
2003-12-15 18:19:14 +00:00
Pierangelo Masarati
b4629f1e79
fix previous commits
2003-12-14 14:08:15 +00:00
Kurt Zeilenga
5b0236f4ae
Add u: comment
2003-12-13 23:41:44 +00:00
Kurt Zeilenga
1fadacaa31
Forward parse the uauthzid. A realm cannot be specified unless
...
a mechanism is specified. (Few mechanisms (DIGEST-MD5 only) support
separate realms.)
2003-12-13 23:38:05 +00:00
Pierangelo Masarati
4602c935f7
saslAuthzTo/From stuff
...
when comparing IDs to saslAuthzTo/From values, the saslAuthzTo
saslAuthzFrom values can take different forms:
dn[.<style>]:<pattern>
<style> ::= exact ; exact match
children ; children of <pattern> match
subtree ; <pattern> or children of <pattern> match
regex ; <pattern> is regcomp() & regexec()
if no <style>, then exact is assumed
u[.<mech>][/<realm>]:<user>
when parsing a proxyAuthz value, only exact DN is allowed,
and no <mech> can be specified. <user> cannot contain ':'
and <mech> cannot contain '/'.
2003-12-13 23:02:59 +00:00
Pierangelo Masarati
d6bc071dd9
add subtree/children styles to saslAuthzTo/From; 'dn:' now defaults to exact
2003-12-13 12:23:56 +00:00
Pierangelo Masarati
43db7cf4bf
cleanup saslauthz code
2003-12-13 10:58:31 +00:00
Howard Chu
be1a728c5b
Added sc_next and sc_cleanup to slap_callback
2003-12-07 08:51:23 +00:00
Luke Howard
369b1515db
Ensure exact DNs are normalized in slap_parseURI.
2003-12-06 02:16:39 +00:00
Kurt Zeilenga
20c8ea8a44
Update Mark's notice (with permission)
2003-12-04 21:12:17 +00:00
Pierangelo Masarati
93d0c25c45
syntax improvement (ITS#2852)
2003-12-03 00:29:29 +00:00
Pierangelo Masarati
ff919168fb
if rule is an URI, must have a filter field
2003-12-01 07:50:27 +00:00