mirror/openldap
2
0
Fork 0
mirror of https://git.openldap.org/openldap/openldap.git synced 2024-12-27 03:20:22 +08:00
Code Issues Packages Projects Releases Wiki Activity
13,211 Commits 38 Branches 307 Tags 74 MiB
7a85e25402
Commit Graph

232 Commits

Author SHA1 Message Date
Howard Chu
0d8613c274 Use c_authmech when c_sasl_bind_mech is empty 2003-12-13 22:43:01 +00:00
Kurt Zeilenga
dbc37977f2 Look for the '@' in userid@realm in reverse so that a@b@c results 
in userid of a@b and realm of c.
 2003-12-13 17:25:59 +00:00
Pierangelo Masarati
6e5ddd6420 note a potential problem 2003-12-13 17:21:17 +00:00
Pierangelo Masarati
5a00f25542 conn must be non-null 2003-12-13 15:29:49 +00:00
Howard Chu
be1a728c5b Added sc_next and sc_cleanup to slap_callback 2003-12-07 08:51:23 +00:00
Howard Chu
42d8c0a39d Added slap_null_cb 2003-12-01 12:03:20 +00:00
Howard Chu
0a5f1e8516 #ifdef for slap_auxprop_store 2003-11-29 23:01:56 +00:00
Kurt Zeilenga
f0cd57eb9b cleanup 2003-11-29 22:37:07 +00:00
Pierangelo Masarati
e30a736354 clarify auxprop_store member type 2003-11-29 17:50:50 +00:00
Howard Chu
ddd056158e Add auxprop_store support for Cyrus SASL 2.1.16+ 2003-11-29 07:02:16 +00:00
Kurt Zeilenga
4e15a84452 Updated notices 2003-11-27 01:17:14 +00:00
Howard Chu
f4649fbde3 ITS#2825 fix SASL internal searches 2003-11-13 21:42:28 +00:00
Howard Chu
b5b036d9fb ITS#2762 tweak SASL include paths 2003-10-11 01:24:44 +00:00
Kurt Zeilenga
3e49a9cf6e add "proxy" to "authorization" in a few places 2003-09-19 18:23:37 +00:00
Howard Chu
1881ae872f ITS#2729 fix typos 2003-09-19 00:49:33 +00:00
Howard Chu
10811b6f51 Clarify/standardize library version mismatch error messages 2003-09-12 00:54:21 +00:00
Luke Howard
d649ae0808 Inherit operation pblock for SLAPI 2003-08-31 08:14:54 +00:00
Howard Chu
9dace23dec Change slap_sasl_authorized to take an Operation instead of a Connection, 
for compatibility with proxyAuthz control
 2003-05-24 02:44:46 +00:00
Howard Chu
46e2b97757 ITS#2424 use two SASL contexts per session to conform to RFC 2222 2003-05-01 04:11:57 +00:00
Howard Chu
04c5d82817 Fix prev commit 2003-04-30 16:00:36 +00:00
Howard Chu
4b73446ab5 ITS#2424 reset SASL on an existing connection 2003-04-30 15:38:32 +00:00
Howard Chu
7e2273b30e Added errmsg arg to lutil_passwd_{check,hash} functions 2003-04-30 07:52:05 +00:00
Kurt Zeilenga
5cd994ed21 remove dnNormalize2 
replace calls to dnNormalize2 with calls to dnNormalize
 2003-04-29 18:28:14 +00:00
Hallvard Furuseth
778a38f49c Reduce warnings: Add missing 0 or NULL initializers for struct members. 2003-04-29 16:36:19 +00:00
Howard Chu
280fc819cf Memory context tweaks for Bind 2003-04-12 06:56:42 +00:00
Howard Chu
ece7452b05 More memory context tweaks 2003-04-11 01:29:28 +00:00
Howard Chu
f897519d11 Minor cleanups 2003-04-09 23:37:00 +00:00
Howard Chu
813d5c8ed8 First cut at thread-local malloc. Only used by search() for now... 
Needs work in normalizers, etc.
 2003-04-09 16:52:03 +00:00
Howard Chu
aa3b717937 Don't build generic_filter dynamically, it's a simple static. 2003-04-09 08:28:19 +00:00
Howard Chu
b282339c96 Minor cleanup, use shorthand macros 2003-04-04 05:49:21 +00:00
Howard Chu
9355dca9af Consolidated slap_callbacks into one function. Removed send_search_result. 2003-04-01 04:12:18 +00:00
Howard Chu
fa9bf23501 Minor cleanup 2003-03-31 07:49:34 +00:00
Howard Chu
e8c58b4e7f Major API change - (SLAP_OP_BLOCKS) All request parameters are 
consolidated into the Operation structure. All reply parameters
are consolidated into the new SlapReply structure. Most operations
now have identical call signatures... Changes are not #ifdef'd,
revert to -r NO_SLAP_OP_BLOCKS if necessary to back out.
 2003-03-30 09:03:54 +00:00
Kurt Zeilenga
8873006105 SLAP_NVALUES changes 
and misc cleanup
 2003-03-16 18:10:16 +00:00
Howard Chu
40454ccec8 Added op->o_is_auth_check; use ACL_AUTH instead of ACL_SEARCH/ACL_READ 
in access_allowed() if flag is set. Set in sasl/saslauth searches.
 2003-03-10 22:07:21 +00:00
Howard Chu
65bf90ff73 Use struct berval for exop reqoid everywhere. Define berval constants 
for the known exops.
 2003-02-16 06:15:28 +00:00
Pierangelo Masarati
f8a1007994 (mostly blind) fix of possible leak/dangling pointer and cleanup 2003-02-07 00:46:11 +00:00
Pierangelo Masarati
9f28f12346 make sure the DN is null-terminated before normalizing it 2003-02-06 19:15:14 +00:00
Luke Howard
eee0086ab2 Add search ref callback 2003-02-01 07:05:01 +00:00
Kurt Zeilenga
bcd7306877 ITS#2268: SASL/ANONYMOUS fixes from kuenne@rentec.com 2003-01-20 18:09:46 +00:00
Kurt Zeilenga
6939c53170 Happy new year 2003-01-03 20:20:47 +00:00
Kurt Zeilenga
a3837b107a Minor cleanup 2002-12-21 22:54:25 +00:00
Kurt Zeilenga
539693f56c Correct fix 2002-12-20 17:57:00 +00:00
Kurt Zeilenga
b47d0d6b6a if 0 out bad statslog 2002-12-20 17:25:51 +00:00
Howard Chu
0e69c86461 Fix Statslog messages 2002-12-17 00:23:36 +00:00
Howard Chu
7c7daf8556 Statslog additions: 
Added StatslogTest macro.
	Added attributes to modify and search Statslog.
	Added Statslog of SASL authcid.
 2002-12-16 12:14:37 +00:00
Kurt Zeilenga
7be4d566d7 cleanup 2002-12-13 00:18:54 +00:00
Howard Chu
88adbc8691 Fix ITS#2234 canonicalization bug 2002-12-12 13:49:25 +00:00
Luke Howard
a6edb2ae36 Treat all EXTERNAL DNs are already normalized. 2002-12-04 04:13:20 +00:00
Kurt Zeilenga
da76c1951e First-cut proxy authorization support. 2002-12-03 06:11:32 +00:00
Howard Chu
3260b26717 Fix ITS#2200, must use SASL creds exactly as received 2002-11-28 16:16:05 +00:00
Howard Chu
ca4764ccfa ITS#2202, set SASL_SUCCESS_DATA on sasl_server_new(). 2002-11-27 03:49:04 +00:00
Howard Chu
36c915a134 Fix ITS#2200, revert patch in rev 1.128. SASL/Kerberos4 requires a patch 
to Cyrus SASL lib/server.c, can't fix it here.
 2002-11-27 03:46:42 +00:00
Julius Enarusai
fe569dbb75 Converted ch_malloc and ch_calloc calls to SLAP_MALLOC and SLAP_CALLOC. 2002-11-19 18:24:18 +00:00
Howard Chu
24f1a11cde Fix sasl_server_start invocation, must pass NULL cred when credlen is 0. 2002-11-01 02:14:55 +00:00
Kurt Zeilenga
27cb98d28d Remove lint 2002-10-09 23:35:45 +00:00
Howard Chu
73207c7110 Replace HACK in slap_sasl_canonicalize with safer test. 2002-09-05 11:01:12 +00:00
Howard Chu
3099d89d9e Don't use sasl_set_alloc on Cyrus 2, it manages all of its memory 
internally and we don't want to get in the way.
 2002-09-02 22:25:26 +00:00
Kurt Zeilenga
bfa89d6e15 Include lber_pvt.h 2002-08-28 16:47:04 +00:00
Howard Chu
9c4f89c6f7 Added no-op sasl_client_auth if SASL_VERSION_MAJOR < 2. 2002-08-28 08:33:24 +00:00
Kurt Zeilenga
aa36f5d049 cleanup 2002-08-28 07:30:57 +00:00
Howard Chu
3cb7a09eb0 Added check for Cyrus SASL sasl_version() 2002-08-28 07:12:22 +00:00
Howard Chu
925714ceef Experimental cruft to propagate valid Operation to SASL callbacks. 
If you have a better way, jupm on in...
 2002-08-24 07:34:50 +00:00
Kurt Zeilenga
23efa07a99 use ldap_charray_*() instead of charray_*() 2002-08-24 00:55:24 +00:00
Howard Chu
505a141c75 Use search callbacks in slap_sasl_checkpass and slap_auxprop_lookup, 
use ACL_AUTH for acl checks.
 2002-08-20 05:32:54 +00:00
Pierangelo Masarati
3a26ef5bbb silence warnings 2002-08-16 16:33:22 +00:00
Howard Chu
e14f471a27 Add #include "lutil.h" for lutil_str* functions 2002-08-06 02:36:34 +00:00
Kurt Zeilenga
d38d19edc1 Fix lutil_str*() warnings 2002-08-05 17:56:13 +00:00
Kurt Zeilenga
eb581e43e7 Fix for: 
SASL regex segmentation faults with group based acls (ITS#1978)
based, in part, by patch submitted by Simon Wilkinson <simon@sxw.org.uk>.
 2002-07-28 07:27:55 +00:00
Howard Chu
5a01db28e3 Moved slap_strcopy, slap_strncopy to lutil_strcopy, lutil_strncopy 2002-07-27 00:24:02 +00:00
Julius Enarusai
2168be2b4a Converted LDAP_LOG messages to use new Macro 2002-07-23 00:01:53 +00:00
Howard Chu
7fdb38bca9 Fix previous commit - the stub was never needed. 2002-07-12 23:43:46 +00:00
Howard Chu
f9cbbc6770 Fix order of params to sasl_setpass. Added initial stub for setpass to 
change in-directory password.
 2002-07-12 20:55:12 +00:00
Julius Enarusai
6107ba67d2 Coverted LDAP_LOG macro to use subsystem ID int values instead of string values 2002-07-11 20:33:24 +00:00
Howard Chu
07a34489c6 Added saslAuthzTo and saslAuthzFrom to system schema. 
Added sasl-authz-policy config keyword to control proxy authorization.
Moved sasl-related config processing to sasl.c:slap_sasl_config().
Moved other global defs used only in saslauthz.c into saslauthz.c.
 2002-06-14 08:10:14 +00:00
Howard Chu
a5cd5535e8 Fix typo in previous commit 2002-06-12 04:12:51 +00:00
Howard Chu
6d1a322f73 Finished slap_sasl_setpass for Cyrus 1.5; Cyrus 2.1 is incomplete. 
Added conn->c_sasl_dn, streamlined slap_sasl_bind.
 2002-06-12 04:05:48 +00:00
Kurt Zeilenga
1410b3e7d9 An almost complete slap_sasl_setpass() 2002-06-12 00:13:29 +00:00
Howard Chu
856e21296a Cleanup log msg 2002-05-12 19:21:12 +00:00
Howard Chu
2d94a2016c Check for NULL before comparing authcid 2002-05-12 18:42:43 +00:00
Howard Chu
d7060d19f3 Skip processing if canonicalization is invoked redundantly (SASL PLAIN). 
Truncate large username instead of failing with SASL_BUFOVER; we only care
about the DN anyway. (SASL 2 only)
 2002-05-12 18:40:37 +00:00
Howard Chu
aea521bec2 Fix, SASL authzIDs might not be NUL-terminated. prop names must only be 
set once; setting erases all existing values.
 2002-05-11 20:19:55 +00:00
Howard Chu
da7a5a8e79 Fix typo in 1.97 2002-05-11 19:24:04 +00:00
Howard Chu
dfae2441eb Cleaned up getdn normalization 2002-05-11 08:07:18 +00:00
Howard Chu
379f84ba47 Fix previous commit, free in wrong place 2002-05-11 06:58:13 +00:00
Howard Chu
b057507e23 Cleanup HAVE_TLS dependencies, cleanup username with embedded realm handling 2002-05-10 19:26:35 +00:00
Howard Chu
da36670ea3 Don't use slap_empty_bv in structures that are expected to be free'able. 2002-05-08 23:16:17 +00:00
Howard Chu
fbe4785c5a Delete unused CANON_BUF_SIZE #define 2002-05-07 23:29:19 +00:00
Howard Chu
6f47e13147 Cyrus 2 support now requires Cyrus 2.1.3. Adds support for in-directory 
SASL secrets. (Only works with plaintext userpassword tho.)
 2002-05-07 23:08:23 +00:00
Howard Chu
cef9fcf78b Fix check for "anonymous" in sasl_getdn 2002-04-27 03:44:23 +00:00
Howard Chu
8a5423ea8d deleted sasl_external_x509dn_convert; X509 DNs are always converted to 
normalized LDAP DNs now.

Changed dnDCEnormalize to dnX509normalize, added dnX509peerNormalize,
based on new ldap_X509dn2bv() etc.
 2002-04-18 12:26:36 +00:00
Howard Chu
b3c7c9e3ce Delete more unused code, no need to fetch REALM in slap_sasl_bind 2002-04-17 19:47:34 +00:00
Kurt Zeilenga
7ee5d2612b Fix ssf declaration 2002-04-17 17:56:30 +00:00
Howard Chu
1dea5905c6 More SASL DN simplification. No more "dn:" prefix used anywhere internally. 2002-04-17 07:56:46 +00:00
Howard Chu
1bbd51da77 ITS#1712, rewritten dn_openssl2ldap(). Added dnDCEnormalize(), used by 
dn_openssl2ldap() and sasl_external_x509dn_convert. Fixed realm handling
for foreign Kerberos realms embedded in usernames.
 2002-04-16 08:46:25 +00:00
Howard Chu
66602e8faa Fix name canonicalization and authorization for Cyrus SASL 2.x 2002-04-14 04:27:46 +00:00
Howard Chu
a73ffbe3cd Previous commit included undesired changes. 2002-04-14 04:15:17 +00:00
Howard Chu
9b958147f8 Fix previous commit, == instead of != 2002-04-13 17:27:02 +00:00
Howard Chu
17433a8412 Fix ITS#1722 - IPv4 addresses also need to be massaged for sasl_server_new. 2002-04-11 10:04:29 +00:00
Howard Chu
70d4ef9a85 ITS#1714 dn->bv_val malloc len+1 2002-04-05 06:34:15 +00:00