Commit Graph

282 Commits

Author SHA1 Message Date
Howard Chu
0bfaa8b4ae Changed AttributeType.sat_cname from char * to struct berval.
(will fix up back-bdb next.)
2001-11-16 07:45:37 +00:00
Howard Chu
cc4a51f23c Changed global ad_mutex into per-attributeType mutex. Added
ad_find_lang() to search an AttributeType for a given language variant.
(Will be used in back-bdb/back-ldbm index code...)
2001-11-16 07:39:14 +00:00
Howard Chu
48623df1a8 Added backend_group result caching. 2001-11-12 19:37:48 +00:00
Howard Chu
5f8058f957 Added schema_destroy() et al to free schema structures on shutdown 2001-11-07 01:03:49 +00:00
Julio Sánchez Fernández
5dbf4bddae Add a flag to help the value_* functions know whether they are seeing
a full value (in attribute type syntax) or a value in the syntax of
the matching rule (as happens in filters).
2001-10-22 19:57:23 +00:00
Howard Chu
0e16f6acf9 Moved AttributeDescription caching into main code:
Changed AttributeDescription.{ad_cname,ad_lang} to struct berval everywhere
   Deleted ad_free() everywhere
   Added ad_mutex to init.c

The AttributeDescriptions are in a linked list hanging off of the
corresponding AttributeType.
2001-10-22 13:23:05 +00:00
Julio Sánchez Fernández
4d0ab0215b First cut at certificateExactMatch, completely untested and without
indexing.
2001-10-20 10:15:09 +00:00
Howard Chu
647b5f84ee Resurrection/rewrite of CLDAP (RFC1798 Connectionless LDAP).
Compile with -DLDAP_CONNECTIONLESS to use this code.
For slapd, use "-h cldap://" to listen on UDP.
For ldapsearch, use "-H cldap://" to query on UDP.
Client-side support is very minimal:
  no automatic timeout/retries
  no basedn wildcard expansion on results
  no support for specifying multiple servers at once.
2001-09-28 00:18:40 +00:00
Kurt Zeilenga
61de99937f ldif.h include cleanup 2001-09-25 00:03:24 +00:00
Kurt Zeilenga
0a155934ab Add root DSE supportedFeatures support. 2001-09-09 04:01:07 +00:00
Pierangelo Masarati
8471ef7ed0 add global, per backend and per op_ndn time/size soft, hard and to-be-checked limits (exploited by back-ldbm); see slapd.conf(5) for details 2001-08-01 10:09:04 +00:00
Pierangelo Masarati
4051547dfa handle regex-based per op_ndn time/size limits 2001-07-28 11:24:22 +00:00
Kurt Zeilenga
5cb6b1ce02 Back out DN changes, needs more work 2001-07-21 22:44:55 +00:00
Pierangelo Masarati
ece9bdb0eb Added the suffix=<dn> parameter to replica config directive
to allow selective replication of subtrees of a single database.
Multiple occurrences allow the same replica to handle different
subtrees
2001-07-21 14:15:23 +00:00
Pierangelo Masarati
a453d7eacf dn_validate/dn_normalize has been rewritten by
David A. Cooper <david.cooper@nist.gov> (ITS#1232)
according to draft-ietf-ldapbis-dn-05.txt

A copyright statement follows:

  The functions normalize_unicode(), get_hexpair(), write_hex_pair(),
  get_next_byte(), get_next_char(), get_ber_length(),
  ber_parse_primitive_string(), ber_parse_string(), String_normalize(),
  DirectoryString_normalize(), PrintableString_normalize(),
  IA5String_normalize(), ber_parse_primitive_bitstring(),
  ber_parse_bitstring(), getNext8bits(), bitString_normalize(), match_oid(),
  match_key(), get_validated_av_in_dn(), get_validated_rdn_in_dn(),
  and get_validated_dn() in this file were developed at the National Institute
  of Standards and Technology by employees of the Federal Government in the
  course of their official duties. Pursuant to title 17 Section 105 of the
  United States Code the code in these functions is not subject to copyright
  protection and is in the public domain. The copyright for all other code in
  this file is as specified below.
2001-07-13 08:21:14 +00:00
Pierangelo Masarati
bff5608926 protos and declarations for charray and rdn stuff 2001-07-06 12:23:22 +00:00
Randy Kunkee
a9097044ea Remove global_backendsyncfreq code (code has been pushed down into back-ldbm). 2001-06-28 18:02:46 +00:00
Randy Kunkee
d492880870 Add sync_daemon to daemon.c, enabled by global configuration
backendsyncfreq <seconds>.  Setting this automatically enables
dbnosync (because the synchronizer takes care of it).
2001-06-22 08:38:58 +00:00
Kurt Zeilenga
67cf14466e Check schema NAMEs 2001-06-07 22:47:02 +00:00
Kurt Zeilenga
cc6fab319e Add support for separate max incoming for anonymous and authenticated
sessions (defaults: 256K and 16M respectively).
2001-05-29 20:00:55 +00:00
Kurt Zeilenga
0aef7722e6 Add support for obsolete attributes.
We don't support collective attributes (yet).
Remove exit() calls from scheme parsers.  Need to do same for acl parser.
2001-05-17 07:31:59 +00:00
Kurt Zeilenga
1669cd4d7b Add '=' to printableString to be consistent with ASN.1 description
of syntax.  RFC 1778/2252 are wrong and will need to be updated.
2001-05-16 19:20:29 +00:00
Kurt Zeilenga
4baa7c47da Add better modlist2mod error reporting (to client) 2001-05-10 03:41:17 +00:00
Kurt Zeilenga
24ea49810f Clean up some #ifdefs 2001-05-09 23:42:49 +00:00
Kurt Zeilenga
abce5abf34 Quick sb_max_incoming hack, should be configurable (likely
with differing anonymous vs authenticated values).
2001-05-04 21:55:07 +00:00
Kurt Zeilenga
1eb0170482 s/<anonymous>/cn=anonymous/ to avoid syntax issues 2001-04-19 19:29:38 +00:00
Kurt Zeilenga
10730ca226 Add objectClass kind checking
Kludge NADF schema to conform
2001-01-22 08:09:25 +00:00
Kurt Zeilenga
79d9ab38ba Add more restrictive numeric string validate.
Need to rework IA5 matching to support empty strings as they should
be allowed for most string types (excepting directoryString).
2001-01-17 21:02:11 +00:00
Mark Adamson
2231d5e64e Make SASL authorization work for NULL, "u:", and "dn:" authz strings. 2000-11-30 22:00:15 +00:00
Kurt Zeilenga
451146f795 Update validation of printable-like syntaxes 2000-11-04 21:09:23 +00:00
Kurt Zeilenga
17bcb2b3bb Update printableString to restrict characters per RFC1778 not isprint() 2000-11-04 20:31:50 +00:00
Julio Sánchez Fernández
5b52ae5109 Extend MRA. It now has a pointer to a MatchingRule, but a char
pointer is kept for messages and to tell a filter without rule
from one with an unknown rule.  It matters.
2000-10-15 19:10:43 +00:00
Julio Sánchez Fernández
6777a3a41a Permit access defined by uniqueMember and not only DN-valued
attributes.  This allows using groupOfUniqueNames for
access control.
Fix small typo in MRA definition.
2000-10-09 19:09:22 +00:00
Kurt Zeilenga
7c96f629ee Add connection and operation arguments to backend callbacks.
Needed for transactions.
2000-09-29 05:25:44 +00:00
Kurt Zeilenga
ce382475f0 misc cleanup 2000-09-29 02:50:34 +00:00
Mark Adamson
bf1ee530ea Implementation of SASL authorization. 2000-09-21 17:32:54 +00:00
Kurt Zeilenga
3342ea3b49 Add more bind allow/disallow flags 2000-09-11 18:24:24 +00:00
Kurt Zeilenga
2e13824d0d Add "allow tls_2_anon" to allow StartTLS to force session to anonymous.
Add "disallow tls_authc" to disallow StartTLS when session is authenticated.
Create and use connection2anonymous routine for consistency.
2000-09-08 22:59:01 +00:00
Kurt Zeilenga
cee040a321 Bring UCdata infrastructure. 2000-09-03 23:48:35 +00:00
Kurt Zeilenga
bf3df2f7a6 restrictops, requires, disallow knobs; ssf acls; and misc other changes
man pages to follow...
2000-08-28 18:38:48 +00:00
Kurt Zeilenga
1c328aa9c7 Minor typedef and other clean ups 2000-08-26 01:14:05 +00:00
Kurt Zeilenga
a7ec3506cf change "substr" to imply initial, any, final indexing. 2000-08-22 21:33:09 +00:00
Kurt Zeilenga
02f888c563 First cut of LDBM substrings indexing. Needs testing. 2000-08-22 21:26:25 +00:00
Kurt Zeilenga
32c7186b9c Add frontend support for "any" substrings assertions.
Needs to be tied into index mask and backend search code.
2000-08-22 02:23:52 +00:00
Kurt Zeilenga
7800d2d41e Remove cldap cruft 2000-08-18 03:35:19 +00:00
Kurt Zeilenga
a50f391bb3 Working SASL security layers! 2000-07-28 00:04:07 +00:00
Kurt Zeilenga
6c41d272cf Update framework to support registration of approximate matching
rules.
2000-07-24 21:29:30 +00:00
Kurt Zeilenga
3a73af57c1 conform schema routines to ldap naming conventions 2000-07-22 17:30:44 +00:00
Kurt Zeilenga
ce63e21f00 New slapindex framework (no meat) 2000-07-19 02:24:08 +00:00
Kurt Zeilenga
9c5ad6291b Add experimental caseExact/Ignore substrings indexer/filter routines. 2000-07-18 17:46:34 +00:00
Kurt Zeilenga
d2b05a3858 Rework SASL command line arguments. Default is now to authenticate
using best available mechanism.  (authzid prompting to be disabled)
To use simple bind, -x is required (implied if -P 2) with -D/-[Ww]
To use simple "anonymous" bind, just -x will do.
2000-07-15 23:25:46 +00:00
Kurt Zeilenga
5bca08d716 Store sasl callbacks in session handle so that they can properly freed. 2000-07-15 00:01:09 +00:00
Kurt Zeilenga
5fc22599e2 Update SASL code to reuse context through life of session.
Replace 'negotiated' with 'interactive' bind
Add hooks for SASL/EXTERNAL
Disable SASL security layers
Rework SASL command line and config file parameters
2000-07-13 22:54:38 +00:00
Mark Valence
d4d03e36e5 Added "threads" config to slapd.conf. 2000-07-04 19:24:13 +00:00
Kurt Zeilenga
2eb664f481 Add octetString syntax to undefined attribute type 2000-07-02 17:50:18 +00:00
Kurt Zeilenga
b1172dc5ac Add experimental support for undefined attribute types. 2000-07-02 17:16:18 +00:00
Kurt Zeilenga
b21ba52482 Clarify ad_type usage 2000-07-02 08:06:55 +00:00
Kurt Zeilenga
1566454e6e Add sets to NT build, remove LINT 2000-07-01 04:58:23 +00:00
Mark Valence
4b1ff75bdd Prepare for Set ACLs and ACIs. 2000-06-29 21:41:54 +00:00
Kurt Zeilenga
3112f21612 Add attribute type/matching rule support for structuralObjectClass attribute
type.  Add type to core.schema.  Not yet populated on add nor checked on modify.
2000-06-26 05:13:41 +00:00
Kurt Zeilenga
317d04a5d9 Modify backend_attribute to return bervals and adjust ACLs
(actually, ACL here might be dangerous)
2000-06-26 01:22:32 +00:00
Mark Valence
295f3ba0aa New backend routine: back_attribute 2000-06-21 17:23:24 +00:00
Kurt Zeilenga
d19419392c Use ASCII_*() macros and friends. Should be combined with similiar LDAP_*()
macros in ldap_pvt.h.
2000-06-20 17:05:15 +00:00
Kurt Zeilenga
01f7e78cbb Add experimental objectIdentifierFirstComponentMatch routine 2000-06-20 03:55:40 +00:00
Kurt Zeilenga
665272dca1 Minor adjustments to substrings searching 2000-06-19 20:39:11 +00:00
Kurt Zeilenga
7fec5877a3 Add SLAPD_TOP_OID macro for oc.c 2000-06-19 16:15:33 +00:00
Kurt Zeilenga
9ef1a740c2 Round one of LDAP_F() macro changes. In this round we rename
macros into our namespace and limit use to headers.  A subsequent
round will add macros to separately handle forward declarations
of variables from declaration of function prototypes.  The last
round will add additional macros for declaring actual variables and
functions.
2000-06-18 19:48:07 +00:00
Kurt Zeilenga
79ebfbc4fe Rework referral entry point with DNS SRV implementation (needs testing). 2000-06-16 03:50:02 +00:00
Kurt Zeilenga
6f378341a2 Add backend_check_referrals() framework. 2000-06-16 01:19:30 +00:00
Mark Valence
1bfcb4b039 Added .regex, .base, .one, .subtree, and .children "style" modifiers. 2000-06-12 01:35:15 +00:00
Kurt Zeilenga
a56c161bdb Misc code cleanup. 2000-06-10 22:39:30 +00:00
Kurt Zeilenga
dc1e5a9392 remove IA64 lint 2000-06-09 06:24:10 +00:00
Kurt Zeilenga
693fb9424a unifdef -DSLAPD_SCHEMA_NOT_COMPAT -USLAPD_SCHEMA_COMPAT 2000-06-06 19:43:18 +00:00
Kurt Zeilenga
ea069cb7c2 New indexer/filter codes (test suite works) with cheats
Updated NT Project files (with Cyrus SASL library depend)
2000-06-04 22:59:38 +00:00
Kurt Zeilenga
7c7fab11d4 Add extensibleObject support 2000-05-31 18:46:13 +00:00
Kurt Zeilenga
eb70b602ee Rework ACI codes to use OpenLDAPaci. Add needed schema elements.
Needs work.  Volunteers welcomed.
2000-05-30 21:34:55 +00:00
Kurt Zeilenga
3350957674 SLAPD_SCHEMA_NOT_COMPAT: ACI cleanup 2000-05-28 22:17:34 +00:00
Kurt Zeilenga
c98f0ea02c SLAPD_SCHEMA_NOT_COMPAT:
Don't depend acl parsing upon slap_schema, it's filled in post-conf
2000-05-28 18:58:09 +00:00
Kurt Zeilenga
439c0c796d SLAPD_SCHEMA_NOT_COMPAT: Mostly work modify 2000-05-28 16:36:34 +00:00
Kurt Zeilenga
1a8f509f9a s/substring/substrings/ 2000-05-27 22:46:37 +00:00
Kurt Zeilenga
2273ae0cb7 SLAPD_SCHEMA_NOT_COMPAT: add f_sub_desc -> f_sub_type for compat 2000-05-27 21:45:52 +00:00
Kurt Zeilenga
b813a5ba30 SLAPD_SCHEMA_NOT_COMPAT: prelim ACL work 2000-05-27 19:33:08 +00:00
Kurt Zeilenga
bd243c07a3 Add hooks for syntax normalizer (used by value_match)
and prettier (to be used by update operations).
2000-05-24 20:21:46 +00:00
Julio Sánchez Fernández
106ff98af0 Revert last change, 2000-05-24 20:11:21 +00:00
Kurt Zeilenga
c1da50a426 SLAPD_SCHEMA_NOT_COMPAT: equality filters
(2.5.4.0=2.5.6.0) works!	ie: (objectclass=top)
2000-05-24 18:49:30 +00:00
Julio Sánchez Fernández
2e0c16b56b Get a couple of extensions into fields easy to use at runtime. 2000-05-24 15:54:21 +00:00
Kurt Zeilenga
bf3a229423 SLAPD_SCHEMA_NOT_COMPAT: cleanup 2000-05-23 17:00:46 +00:00
Julio Sánchez Fernández
34c05b5149 Extend slapd schema structure definitions to reflect the new
extensions field in the contained structures.
2000-05-23 13:56:26 +00:00
Kurt Zeilenga
60802201e3 Const'ification
SASL mech removed from backend bind callback (as SASL is managed by frontend)
Changes to some backends are untested (as I don't have all dependent
  software install)
2000-05-22 03:46:57 +00:00
Kurt Zeilenga
b2f56a7318 SLAPD_SCHEMA_NOT_COMPAT: framework for value_match() and value_find() 2000-05-21 22:46:51 +00:00
Kurt Zeilenga
074be5fb5a SLAPD_SCHEMA_NOT_COMPAT: numerous changes to syntax flags, mostly minor
added new value_normalize() code
	need LDAPsyntaxes X- field support
2000-05-18 17:21:42 +00:00
Kurt Zeilenga
fa9f7a7d8e SLAPD_SCHEMA_NOT_COMPAT: add framework for substr value normalization
Calls value_normalize per substr component (like old code),
	likely should have/call substr_normalize which takes all components
		at once (to allow more sophisticated normalization)
2000-05-17 20:29:26 +00:00
Kurt Zeilenga
40ab90fa9c SLAPD_SCHEMA_NOT_COMPAT: Rework caching of internal schema 2000-05-15 21:05:25 +00:00
Kurt Zeilenga
dc68e41ee9 cleanup old TOOLID macro 2000-05-15 16:33:07 +00:00
Kurt Zeilenga
ae7d89fa1e SLAPD_SCHEMA_NOT_COMPAT addl. filter changes (a work in progress). 2000-05-15 00:41:29 +00:00
Kurt Zeilenga
4bc786f34b Y2k copyright update 2000-05-13 02:47:56 +00:00
Howard Chu
df7ca2c3f3 Remove #undef LDAP_MOD_BVALUES - backends like back-ldap that are also
LDAP clients themselves still need this definition.
2000-05-10 21:22:07 +00:00
Kurt Zeilenga
55ae3cffd8 SASL code without backend support. Should work with
external store, but not yet tested.  [Intent is to support
both in same server... may not be doable]
2000-04-25 16:03:17 +00:00
Kurt Zeilenga
8b09742e5c (slightly) better comments 2000-04-25 13:13:42 +00:00
Kurt Zeilenga
ddb9755ba7 Move handling of operations errors due to submission of
non-bind requests while a multi-step SASL bind process
is under to connection.c.  Return LDAP_OPERATIONS_ERROR,
not LDAP_SASL_BIND_IN_PROGRESS.
2000-03-02 00:59:10 +00:00