Commit Graph

182 Commits

Author SHA1 Message Date
Kurt Zeilenga
8eaaa67db0 Move {add,replace,delete}_value() routines to frontend and share.
Add error detail reporting.
2002-01-19 19:54:48 +00:00
Kurt Zeilenga
492762f1c5 Don't use BDB group/attribute callbacks as they may cause deadlock.
Add code to bdb_attribute and bdb_group where use TXN id and to
provide error, but need to rework callers (and their callers) to
ensure error is properly bubbled up to the backend operation routine
handling the transaction.  Ugh.
2002-01-17 03:58:52 +00:00
Pierangelo Masarati
52b05a5b06 more ber_*cmp optimizations 2002-01-16 19:18:41 +00:00
Kurt Zeilenga
b48c355934 Fix up last commit 2002-01-16 19:03:31 +00:00
Pierangelo Masarati
0842db2a8b fix ber_*str renaming 2002-01-16 18:50:45 +00:00
Kurt Zeilenga
7f0289a390 Move most of the new ber_*cmp routines to lber_pvt.h to keep them private,
rework them slightly to avoid computations which might result in underflow.
Rename them for consistency with other berval routines.
Remove some utf8 lint.
2002-01-16 18:16:15 +00:00
Pierangelo Masarati
af54eed042 added ber_[mem|case]cmp() macros for fast berval comparison; extensively used in acl and in dn_match macro at present 2002-01-16 11:36:47 +00:00
Kurt Zeilenga
5e6e27078c Change replace ACL semantics from U-Mich historical behavior.
U-Mich allows someone with selfwrite to use replace all values
of an attribute with a value containing their DN.  Which, of course,
could than be deleted.  This behavior was carried forward in all
versions of OpenLDAP.

The new semantics separate checks for deleting all existing values
and adding new values.  It is more logical and more inline with
the common use of selfwrite.
2002-01-15 16:23:11 +00:00
Kurt Zeilenga
f89308915a Add a default case with assert() just in case. 2002-01-14 17:25:13 +00:00
Kurt Zeilenga
9d307b4242 ITS#1530 no value replace ACL fix 2002-01-14 17:19:05 +00:00
Howard Chu
ac1332cdb8 Renamed BVarray to BerVarray. Moved slapd:bvarray_{add,free} to
liblber:ber_bvarray_{add,free}.
2002-01-14 01:43:17 +00:00
Pierangelo Masarati
fafce1601e consistently use dn_match macro throughout slapd 2002-01-12 18:17:13 +00:00
Kurt Zeilenga
7e9c78fbc6 Add ITS#1508 fix to allow ACIs to grant anonymous users access. 2002-01-11 23:48:22 +00:00
Kurt Zeilenga
319b92202b Fix ACL logic for non-regex peername, sockname, etc. 2002-01-08 02:55:03 +00:00
Howard Chu
26e327f32e Fix some debug statements 2002-01-06 07:21:06 +00:00
Pierangelo Masarati
f3b61d87b7 fix BVarray 2002-01-05 09:58:19 +00:00
Kurt Zeilenga
0e2af54a3f Update copyright statements 2002-01-04 21:17:25 +00:00
Kurt Zeilenga
763c0de59b Rework filter code
Misc cleanup / lint removal
2002-01-02 17:06:56 +00:00
Howard Chu
f52cc9bab5 Change struct berval ** to BVarray 2002-01-02 11:00:36 +00:00
Pierangelo Masarati
3930a390e0 cleanup 2001-12-29 10:30:23 +00:00
Howard Chu
975a5e9a24 Added dnPretty2/dnNormalize2 using preallocated destination berval 2001-12-29 04:48:00 +00:00
Pierangelo Masarati
f2a80ff827 fix acl_dn_pat bervalization 2001-12-28 14:47:26 +00:00
Howard Chu
d6a37432bd Changed dn_rdn/dn_rdnlen to struct berval 2001-12-28 08:38:24 +00:00
Kurt Zeilenga
21288fbb21 Misc cleanup and dn_normalize() zapping
Fix nameAndOptionalIdentifer syntax.
2001-12-26 16:42:35 +00:00
Howard Chu
7685b237b7 Fix unterminated string in previous commit. dnNormalize ought to use an
ldap_bv2dn function instead of ldap_str2dn and honor the bv_len's...
2001-12-26 04:51:10 +00:00
Howard Chu
b96645af7d More struct berval changes, dnNormalize migration... 2001-12-26 04:17:49 +00:00
Kurt Zeilenga
2dd27b0786 More struct berval DNs 2001-12-25 19:48:26 +00:00
Howard Chu
3b8cf82517 Use e_nname.bv_len 2001-12-24 17:52:07 +00:00
Howard Chu
9e0ab3da36 Changed Access->a_set_pat and acl->acl_dn_pat to struct berval to eliminate
strlen() from acl processing.
2001-12-24 15:43:27 +00:00
Howard Chu
18cd610f2d op->o_ndn berval fixes for SLAPD_ACI_ENABLED 2001-12-24 15:18:02 +00:00
Howard Chu
2f3399265c Changed sai_dn, sai_ndn to struct berval. (Affects op->o_dn,o_ndn,
conn->c_dn,c_ndn, Access->a_dn_pat)
2001-12-24 15:11:01 +00:00
Howard Chu
3bd8946ca0 from jon@symas.com - minor cleanup 2001-12-17 22:48:29 +00:00
Kurt Zeilenga
abd9be4def Remove lint and misc MSVC updates 2001-12-09 02:34:45 +00:00
Howard Chu
ad9d17d537 Added dn_rdnlen. Fixed rdn leak in limits.c. 2001-12-08 11:08:26 +00:00
Pierangelo Masarati
0f64b72a00 paranoid check for escaped dn separators when naively checking for rdn boundary 2001-12-01 16:28:21 +00:00
Pierangelo Masarati
a4c9c2c06e add const 2001-11-17 09:21:22 +00:00
Howard Chu
0e16f6acf9 Moved AttributeDescription caching into main code:
Changed AttributeDescription.{ad_cname,ad_lang} to struct berval everywhere
   Deleted ad_free() everywhere
   Added ad_mutex to init.c

The AttributeDescriptions are in a linked list hanging off of the
corresponding AttributeType.
2001-10-22 13:23:05 +00:00
Kurt Zeilenga
fdc0dd7d6a Fix some NEW_LOGGING errors 2001-10-05 21:49:04 +00:00
Kurt Zeilenga
09a7bd4331 Clean up asserts, should assert desc != NULL instead of attr != NULL 2001-09-09 18:58:54 +00:00
Kurt Zeilenga
f10028ba06 Apply ACLs to front end objects (root DSE, subschema) consistently 2001-08-28 20:28:34 +00:00
Kurt Zeilenga
9a0b6e92d7 Default ACL clause should be "by * none stop" not "by * stop".
That is, default rule should set permissions to none.
2001-06-01 20:09:03 +00:00
Gary Williams
9cf6ee8ccd fix acl log line 2001-02-08 13:21:20 +00:00
Gary Williams
f49fd8a98e fix format 2001-01-17 16:35:53 +00:00
Gary Williams
d531a20f52 more new logging (finally), behind NEW_LOGGING 2001-01-11 17:11:23 +00:00
Mark Valence
7e1d4023b8 Removed testing mods accidentally committed with previous fix. 2000-10-11 16:41:15 +00:00
Mark Valence
d8d9bec087 Added conn and op arguments to backend_group. 2000-10-11 16:25:28 +00:00
Kurt Zeilenga
7c96f629ee Add connection and operation arguments to backend callbacks.
Needed for transactions.
2000-09-29 05:25:44 +00:00
Ben Collins
810d3ce224 specifically check for NULL return from acl_get() 2000-09-13 21:49:56 +00:00
Kurt Zeilenga
7778304b16 Fix typo 2000-09-05 19:38:26 +00:00
Kurt Zeilenga
63ae1d22e5 Fix ACL SSF reporting 2000-09-05 18:24:24 +00:00
Kurt Zeilenga
bf3df2f7a6 restrictops, requires, disallow knobs; ssf acls; and misc other changes
man pages to follow...
2000-08-28 18:38:48 +00:00
Kurt Zeilenga
1c328aa9c7 Minor typedef and other clean ups 2000-08-26 01:14:05 +00:00
Kurt Zeilenga
5b856458a2 s/SAFEMEMCPY/AC_MEMCPY/
Use AC_FMEMCPY where appropriate (-llber)
2000-07-28 01:07:07 +00:00
Kurt Zeilenga
efb7672dde Do not log attribute value 2000-07-25 20:54:11 +00:00
Kurt Zeilenga
2890bc5b6d Fix entry/children always allowed bug! 2000-07-20 22:52:44 +00:00
Kurt Zeilenga
8484d2c757 Remove lint 2000-07-05 21:03:57 +00:00
Mark Valence
517fa54bb0 Fix aci link error. 2000-06-30 18:04:10 +00:00
Kurt Zeilenga
1f1f8849eb Quick fix to aci link error 2000-06-30 17:09:52 +00:00
Mark Valence
3705a26f2d Add support for Set ACLs and ACIs. Still need to make this syntax awa
re.
2000-06-29 22:02:15 +00:00
Kurt Zeilenga
3112f21612 Add attribute type/matching rule support for structuralObjectClass attribute
type.  Add type to core.schema.  Not yet populated on add nor checked on modify.
2000-06-26 05:13:41 +00:00
Mark Valence
c6ad81bcd2 Fix minor bug in handling group ACLs. 2000-06-21 19:07:56 +00:00
Mark Valence
3a31fead5e Fixed paren nesting bug, separated convoluted conditionals, added comm
ents about the logic.
2000-06-17 18:23:27 +00:00
Mark Valence
638371ebe7 Fix uninitialized variable. 2000-06-17 08:20:44 +00:00
Mark Valence
0c6b9ce2dd Fix ACI group membership test to look up OC. 2000-06-14 22:17:33 +00:00
Mark Valence
2ee8093f98 Fix ACI group membership test to look up OC. 2000-06-14 22:11:44 +00:00
Mark Valence
0ebf86f2d3 Bug hunting -- hang when checking dnattr in ACL. 2000-06-14 06:08:20 +00:00
Mark Valence
1bfcb4b039 Added .regex, .base, .one, .subtree, and .children "style" modifiers. 2000-06-12 01:35:15 +00:00
Kurt Zeilenga
a56c161bdb Misc code cleanup. 2000-06-10 22:39:30 +00:00
Kurt Zeilenga
c3f8de76ef Fix up debug statement as suggested by christian.lorenz@suse.de 2000-06-07 14:07:50 +00:00
Kurt Zeilenga
693fb9424a unifdef -DSLAPD_SCHEMA_NOT_COMPAT -USLAPD_SCHEMA_COMPAT 2000-06-06 19:43:18 +00:00
Kurt Zeilenga
eb70b602ee Rework ACI codes to use OpenLDAPaci. Add needed schema elements.
Needs work.  Volunteers welcomed.
2000-05-30 21:34:55 +00:00
Kurt Zeilenga
e4a7b953f3 SLAPD_SCHEMA_NOT_COMPAT: fix typo 2000-05-29 04:57:31 +00:00
Kurt Zeilenga
bdf9b0d017 SLAPD_SCHEMA_NOT_COMPAT: working ACLs! (have not tested ACIs) 2000-05-29 03:51:26 +00:00
Kurt Zeilenga
9e5312e166 SLAPD_SCHEMA_NOT_COMPAT: ACL cleanup (not yet working) 2000-05-29 03:44:06 +00:00
Kurt Zeilenga
3350957674 SLAPD_SCHEMA_NOT_COMPAT: ACI cleanup 2000-05-28 22:17:34 +00:00
Kurt Zeilenga
439c0c796d SLAPD_SCHEMA_NOT_COMPAT: Mostly work modify 2000-05-28 16:36:34 +00:00
Kurt Zeilenga
37235b71c0 SLAPD_SCHEMA_NOT_COMPAT: working cn=schema 2000-05-15 23:36:37 +00:00
Kurt Zeilenga
4bc786f34b Y2k copyright update 2000-05-13 02:47:56 +00:00
Kurt Zeilenga
0c134a72d6 SCHEMA_NOT_COMPAT changes 2000-04-25 13:21:06 +00:00
Kurt Zeilenga
4091381660 Yet another round of SLAPD_SCHEMA_NOT_COMPAT changes, including:
limited subtype support, modlist handling, filter updates,
lastmod attribute handling.
2000-02-28 21:16:05 +00:00
Kurt Zeilenga
ceb6412e62 More -DSLAPD_SCHEMA_NOT_COMPAT changes
Not hidden: "<anonymous>" modifiersname
2000-02-15 18:57:07 +00:00
Kurt Zeilenga
0dbaf87730 Another round of changes behind -DSLAPD_SCHEMA_NOT_COMPAT
plus these changes unhidden changes:
	remove now meaning --enable-discreteaci configure option
	fix ITS#451, slapd filters
	Add ber_bvecadd() to support above
	constify ldap_pvt_find_wildcard() and misc slapd routines
	renamed some slap.h macros
	likely broken something
2000-02-14 20:57:34 +00:00
Kurt Zeilenga
36b0423311 Add Modification/Modifications structures for -DSLAPD_SCHEMA_NOT_COMPAT 2000-02-07 20:37:10 +00:00
Kurt Zeilenga
bc51bd5180 Yet another round of SLAPD_SCHEMA_NOT_COMPAT changes...
Changes outside of #ifdef include three value filter processing.
2000-02-06 21:09:44 +00:00
Kurt Zeilenga
9316c4eace ACI attributes should be of ACI syntax. Need to assign
OID for experimental syntax.
2000-02-01 17:53:07 +00:00
Kurt Zeilenga
3a6e906194 Replace -DSLAPD_SCHEMA_COMPAT with -USLAPD_SCHEMA_NOT_COMPAT 2000-01-31 22:14:16 +00:00
Kurt Zeilenga
c5da0c76ce Additional changes to migrate to new schema codes
Still not usable.
2000-01-28 20:01:00 +00:00
Kurt Zeilenga
e9b1012fb1 Put more old schema code behind SLAPD_SCHEMA_COMPAT (which still
MUST be defined).
2000-01-28 00:33:29 +00:00
Kurt Zeilenga
434e7229ac Add code to handle operational attributes via new schema codes
behind -USLAPD_SCHEMA_COMPAT.
2000-01-27 19:02:24 +00:00
Kurt Zeilenga
df712b8597 Don't exclude no-user-modification attributes from ACL checks
unless access requested is WRITE.  This allows you to apply
an ACL to limit search/reading of no-user-modification attributes.
Writes, of course, are always prohibited (by do_add, do_modify).
2000-01-27 18:35:36 +00:00
Mark Valence
d93ef01ac7 Add get_supported_acimech() for use by root_dse, check aci OIDs against supported list. 1999-11-22 18:42:46 +00:00
Mark Valence
23cb3a0555 Added a "dnattr" case for ACIs (still need to check the ACI OID). 1999-11-08 18:50:51 +00:00
Mark Valence
af855ec94b Updated ACI code to work with new ACL changes. All changes are within the SLAPD_ACI_ENABLED #ifdef's. 1999-11-06 05:05:50 +00:00
Kurt Zeilenga
3fbee54fa5 Remove lint 1999-10-27 04:40:56 +00:00
Kurt Zeilenga
3261f219a3 Add support for Root DSE ACLs.
Add "users" shorthand (dn="^.+$")
Add regex short circuiting for common dn regexs.
1999-10-26 03:19:41 +00:00
Kurt Zeilenga
06eb390586 Make accessmask2str reentrant. 1999-10-21 23:19:22 +00:00
Kurt Zeilenga
3d765d6108 Additional changes to improve logic and logging. Still buggy. 1999-10-21 20:29:52 +00:00
Kurt Zeilenga
f6829ee903 Initial commit of new ACL engine. Engine supports descrete access
privs, additive/substractive rules, and rule continuation.  Existing
rules that use 'defaultaccess none' should be 100% compatible.  Rules
that rely other defaultaccess settings will require addition of
explicit clauses granting the access.
Needs additional testing and tuning of logs
1999-10-21 17:53:56 +00:00
Kurt Zeilenga
7a0b0b2bbf In preparation for adding dn_rewrite()...
s/dn_normalize/dn_validate/
s/dn_normalize_case/dn_normalize/
1999-09-24 01:46:37 +00:00
Kurt Zeilenga
ccfba5f2c0 Misc. cleanup 1999-09-16 02:31:29 +00:00