Pierangelo Masarati
dd0e285b12
experimental ACL scope correctness test
2004-04-20 19:16:21 +00:00
Kurt Zeilenga
44725e7303
use BER_BVNULL
2004-04-07 04:11:43 +00:00
Pierangelo Masarati
006745430e
allow "expand" style in peername, sockname, sockurl as well; more sanity checks
2004-03-09 19:44:14 +00:00
Pierangelo Masarati
042869366d
use "expand" instead of "regex" for group ACLs that allow substring expansion, preserving backwards compatibility; add sanity checks
2004-03-09 16:33:05 +00:00
Pierangelo Masarati
a4e062ca36
apply advanced peername ACL (ITS#2907)
2004-03-08 18:49:12 +00:00
Pierangelo Masarati
ac0d45179f
log set in ACL (ITS#2949)
2004-03-08 11:09:49 +00:00
Kurt Zeilenga
3c598e89fb
Happy new year
2004-01-01 19:15:16 +00:00
Pierangelo Masarati
79bc396ed8
in the <what> clause of ACLs, only 'attr=' or 'attrs=' are allowed; the former for backwards compatibility, while slapd.access(5) correctly uses only the latter form
2003-12-20 15:31:54 +00:00
Pierangelo Masarati
39574bcb5f
for consistency, always allow 'onelevel' as an alias for 'one' in dnstyle
2003-12-20 15:18:21 +00:00
Kurt Zeilenga
aabcce3e58
Document +0
2003-12-19 05:06:51 +00:00
Pierangelo Masarati
4e83a282d0
improve error handling for attr val ACL syntax
2003-12-16 10:56:21 +00:00
Kurt Zeilenga
a736f237f8
Deprecate +objectClass in favor of @objectClass per IETF discussions
2003-12-16 05:55:52 +00:00
Pierangelo Masarati
ee34f3fb64
add to 'val[.<style>=<value>' ACLs special match styles for DN-valued attributes; add negated objectClass to attribute name lists for ACLs and partial replication
2003-12-16 00:49:10 +00:00
Kurt Zeilenga
4e15a84452
Updated notices
2003-11-27 01:17:14 +00:00
Kurt Zeilenga
81ed052186
Improve printing of ACLs
2003-10-15 07:48:01 +00:00
Howard Chu
6da0f1e48e
ITS#2573 dynamic group support
...
moved labeledURI into system schema
attribute types that inherit from labeledURI may be used in dynamic
groups e.g. access to * by group/groupOfURLs/memberURL=foo
2003-09-20 08:16:04 +00:00
Howard Chu
1240c70ff4
ITS#2497, implement value-level ACLs:
...
access to attr=foo val.regex=bar.*
2003-09-20 03:23:10 +00:00
Kurt Zeilenga
6f39517929
ITS#2707: fix 'access to dn.subtree="" by ...' directives
2003-09-10 02:33:36 +00:00
Hallvard Furuseth
642c8b1627
Break up too long string literals (>509 characters, ISO C's minimum max size).
2003-06-03 18:01:37 +00:00
Kurt Zeilenga
0954351565
Change ACL default style to exact (from regex)
2003-05-30 05:24:39 +00:00
Kurt Zeilenga
5cd994ed21
remove dnNormalize2
...
replace calls to dnNormalize2 with calls to dnNormalize
2003-04-29 18:28:14 +00:00
Howard Chu
ece7452b05
More memory context tweaks
2003-04-11 01:29:28 +00:00
Pierangelo Masarati
eed2d5db4d
only document 'subtree', but also allow 'sub'
2003-02-05 20:38:42 +00:00
Pierangelo Masarati
381e293b41
allow 'sub' and 'subtree' in acl (fix ITS#2300)
2003-02-05 19:39:34 +00:00
Kurt Zeilenga
6939c53170
Happy new year
2003-01-03 20:20:47 +00:00
Pierangelo Masarati
a62aa61544
much better fix for ITS#2196 (dnattr without sat_equality is bounced at config)
2002-11-25 18:37:04 +00:00
Howard Chu
e14f471a27
Add #include "lutil.h" for lutil_str* functions
2002-08-06 02:36:34 +00:00
Howard Chu
5a01db28e3
Moved slap_strcopy, slap_strncopy to lutil_strcopy, lutil_strncopy
2002-07-27 00:24:02 +00:00
Kurt Zeilenga
8a3d02bf6b
misc cleanup
2002-07-23 18:35:12 +00:00
Kurt Zeilenga
ef3d895cb8
More ACL to dn="" bug fixing... and add test006-acl check
2002-07-11 01:45:22 +00:00
Kurt Zeilenga
8354160f8b
Patch: aclparse.c bugs (ITS#1752)
...
================
Written by Hallvard B. Furuseth and placed into the public domain.
This software is not subject to any license of the University of Oslo.
================
Bug fixes:
- acl_regex_normalized_dn(pattern):
* used pattern->bv_len even though it claimed not to,
* would walk past the end of strings that ended (incorrectly)
with a single '\'.
- style=regex checked for "^.*$$" twice but not for "^.*$".
- the code did not notice if dnNormalize2() failed, and would
(at least in one case) treat a bad DN as '*'.
Some cleanup:
- changed regtest() to return void, since the return value was unused.
- changed acl_regex_normalized_dn() to take a string input argument
instead of a half-filled berval, it looks saner that way.
Hallvard B. Furuseth <h.b.furuseth@usit.uio.no>, April 2002.
2002-04-15 20:44:05 +00:00
Kurt Zeilenga
709ce4fa6c
Re: Patch: ctype functions require 'unsigned char' args (ITS#1678)
...
================
Written by Hallvard B. Furuseth and placed into the public domain.
This software is not subject to any license of the University of Oslo.
================
Here are fixes for more places where the argument to ctype.h functions
should be in the range of `unsigned char'.
Explanation of the last patch (to schema_init.c:bvcasechr()):
TOLOWER() and TOUPPER() return values in the range of `unsigned char',
but bvcasechr() then compares those values with a plain `char'. So I
convert the return values from TOLOWER()/TOUPPER() to `char' first.
Hallvard B. Furuseth <h.b.furuseth@usit.uio.no>, April 2002.
2002-04-15 20:42:42 +00:00
Pierangelo Masarati
440637dde7
various acl improvements/cleanups/speedups (need to be documented, though)
2002-04-03 15:42:19 +00:00
Pierangelo Masarati
ab6ad34692
the logic of this check was completely reversed; in case '*' is used, on't test the regula expression
2002-04-02 08:18:30 +00:00
Kurt Zeilenga
c9c3a68496
Deprecate filter_print in favor of filter2bv.
2002-03-10 17:41:14 +00:00
Kurt Zeilenga
2b71d70f2f
Reverse arguments of is_object_subclass and reverse backwards calls
2002-02-09 23:55:37 +00:00
Kurt Zeilenga
59857824ff
Treat access to dn="" as access to dn.base="". Avoid empty regex.
...
Note: by dn="" already treated as anonymous.
2002-02-08 18:32:12 +00:00
Howard Chu
5e522ca882
Changed Access.a_sockurl_pat, Connection.c_listener_url etc.
...
to struct bervals
2002-01-28 11:41:07 +00:00
Kurt Zeilenga
ce2d8ebc7e
Misc cleanup, lint removal, and minor optimizations
2002-01-13 05:00:59 +00:00
Howard Chu
8067107ed2
Added an_oc to AttributeName for caching ObjectClass lookups.
...
Added error checking to str2anlist; if the attr name doesn't match
any attribute or objectclass the offending attr name is displayed.
2002-01-10 09:54:14 +00:00
Kurt Zeilenga
0e2af54a3f
Update copyright statements
2002-01-04 21:17:25 +00:00
Howard Chu
bcdfdb968f
Changed AttributeName back into an array instead of a linked list.
...
Fixed bug in do_search eating up controls.
2002-01-03 05:38:26 +00:00
Howard Chu
f52cc9bab5
Change struct berval ** to BVarray
2002-01-02 11:00:36 +00:00
Howard Chu
743c402265
Changed search attrs from struct berval ** to AttributeName *
2001-12-31 11:35:52 +00:00
Pierangelo Masarati
3930a390e0
cleanup
2001-12-29 10:30:23 +00:00
Howard Chu
975a5e9a24
Added dnPretty2/dnNormalize2 using preallocated destination berval
2001-12-29 04:48:00 +00:00
Pierangelo Masarati
04ce28cf48
a couple of comments; will require special DN handling ...
2001-12-28 18:18:16 +00:00
Howard Chu
bbcb0f8a7f
Replace strcat with slap_strcopy
2001-12-26 16:25:18 +00:00
Howard Chu
15f630545a
Changed ma_rule_text to struct berval.
...
Changed get_filter to struct bervals
2001-12-26 13:47:10 +00:00
Howard Chu
fb3af1ccbd
Merged ber_bvstr and ber_bvstrdup into ber_str2bv.
2001-12-26 10:06:19 +00:00