Commit Graph

129 Commits

Author SHA1 Message Date
Pierangelo Masarati
dd0e285b12 experimental ACL scope correctness test 2004-04-20 19:16:21 +00:00
Kurt Zeilenga
44725e7303 use BER_BVNULL 2004-04-07 04:11:43 +00:00
Pierangelo Masarati
006745430e allow "expand" style in peername, sockname, sockurl as well; more sanity checks 2004-03-09 19:44:14 +00:00
Pierangelo Masarati
042869366d use "expand" instead of "regex" for group ACLs that allow substring expansion, preserving backwards compatibility; add sanity checks 2004-03-09 16:33:05 +00:00
Pierangelo Masarati
a4e062ca36 apply advanced peername ACL (ITS#2907) 2004-03-08 18:49:12 +00:00
Pierangelo Masarati
ac0d45179f log set in ACL (ITS#2949) 2004-03-08 11:09:49 +00:00
Kurt Zeilenga
3c598e89fb Happy new year 2004-01-01 19:15:16 +00:00
Pierangelo Masarati
79bc396ed8 in the <what> clause of ACLs, only 'attr=' or 'attrs=' are allowed; the former for backwards compatibility, while slapd.access(5) correctly uses only the latter form 2003-12-20 15:31:54 +00:00
Pierangelo Masarati
39574bcb5f for consistency, always allow 'onelevel' as an alias for 'one' in dnstyle 2003-12-20 15:18:21 +00:00
Kurt Zeilenga
aabcce3e58 Document +0 2003-12-19 05:06:51 +00:00
Pierangelo Masarati
4e83a282d0 improve error handling for attr val ACL syntax 2003-12-16 10:56:21 +00:00
Kurt Zeilenga
a736f237f8 Deprecate +objectClass in favor of @objectClass per IETF discussions 2003-12-16 05:55:52 +00:00
Pierangelo Masarati
ee34f3fb64 add to 'val[.<style>=<value>' ACLs special match styles for DN-valued attributes; add negated objectClass to attribute name lists for ACLs and partial replication 2003-12-16 00:49:10 +00:00
Kurt Zeilenga
4e15a84452 Updated notices 2003-11-27 01:17:14 +00:00
Kurt Zeilenga
81ed052186 Improve printing of ACLs 2003-10-15 07:48:01 +00:00
Howard Chu
6da0f1e48e ITS#2573 dynamic group support
moved labeledURI into system schema
  attribute types that inherit from labeledURI may be used in dynamic
    groups e.g. access to * by group/groupOfURLs/memberURL=foo
2003-09-20 08:16:04 +00:00
Howard Chu
1240c70ff4 ITS#2497, implement value-level ACLs:
access to attr=foo val.regex=bar.*
2003-09-20 03:23:10 +00:00
Kurt Zeilenga
6f39517929 ITS#2707: fix 'access to dn.subtree="" by ...' directives 2003-09-10 02:33:36 +00:00
Hallvard Furuseth
642c8b1627 Break up too long string literals (>509 characters, ISO C's minimum max size). 2003-06-03 18:01:37 +00:00
Kurt Zeilenga
0954351565 Change ACL default style to exact (from regex) 2003-05-30 05:24:39 +00:00
Kurt Zeilenga
5cd994ed21 remove dnNormalize2
replace calls to dnNormalize2 with calls to dnNormalize
2003-04-29 18:28:14 +00:00
Howard Chu
ece7452b05 More memory context tweaks 2003-04-11 01:29:28 +00:00
Pierangelo Masarati
eed2d5db4d only document 'subtree', but also allow 'sub' 2003-02-05 20:38:42 +00:00
Pierangelo Masarati
381e293b41 allow 'sub' and 'subtree' in acl (fix ITS#2300) 2003-02-05 19:39:34 +00:00
Kurt Zeilenga
6939c53170 Happy new year 2003-01-03 20:20:47 +00:00
Pierangelo Masarati
a62aa61544 much better fix for ITS#2196 (dnattr without sat_equality is bounced at config) 2002-11-25 18:37:04 +00:00
Howard Chu
e14f471a27 Add #include "lutil.h" for lutil_str* functions 2002-08-06 02:36:34 +00:00
Howard Chu
5a01db28e3 Moved slap_strcopy, slap_strncopy to lutil_strcopy, lutil_strncopy 2002-07-27 00:24:02 +00:00
Kurt Zeilenga
8a3d02bf6b misc cleanup 2002-07-23 18:35:12 +00:00
Kurt Zeilenga
ef3d895cb8 More ACL to dn="" bug fixing... and add test006-acl check 2002-07-11 01:45:22 +00:00
Kurt Zeilenga
8354160f8b Patch: aclparse.c bugs (ITS#1752)
================
Written by Hallvard B. Furuseth and placed into the public domain.
This software is not subject to any license of the University of Oslo.
			================

Bug fixes:
- acl_regex_normalized_dn(pattern):
  * used pattern->bv_len even though it claimed not to,
  * would walk past the end of strings that ended (incorrectly)
    with a single '\'.
- style=regex checked for "^.*$$" twice but not for "^.*$".
- the code did not notice if dnNormalize2() failed, and would
  (at least in one case) treat a bad DN as '*'.
Some cleanup:
- changed regtest() to return void, since the return value was unused.
- changed acl_regex_normalized_dn() to take a string input argument
  instead of a half-filled berval, it looks saner that way.

Hallvard B. Furuseth <h.b.furuseth@usit.uio.no>, April 2002.
2002-04-15 20:44:05 +00:00
Kurt Zeilenga
709ce4fa6c Re: Patch: ctype functions require 'unsigned char' args (ITS#1678)
================
Written by Hallvard B. Furuseth and placed into the public domain.
This software is not subject to any license of the University of Oslo.
			================

Here are fixes for more places where the argument to ctype.h functions
should be in the range of `unsigned char'.

Explanation of the last patch (to schema_init.c:bvcasechr()):
TOLOWER() and TOUPPER() return values in the range of `unsigned char',
but bvcasechr() then compares those values with a plain `char'.  So I
convert the return values from TOLOWER()/TOUPPER() to `char' first.

Hallvard B. Furuseth <h.b.furuseth@usit.uio.no>, April 2002.
2002-04-15 20:42:42 +00:00
Pierangelo Masarati
440637dde7 various acl improvements/cleanups/speedups (need to be documented, though) 2002-04-03 15:42:19 +00:00
Pierangelo Masarati
ab6ad34692 the logic of this check was completely reversed; in case '*' is used, on't test the regula expression 2002-04-02 08:18:30 +00:00
Kurt Zeilenga
c9c3a68496 Deprecate filter_print in favor of filter2bv. 2002-03-10 17:41:14 +00:00
Kurt Zeilenga
2b71d70f2f Reverse arguments of is_object_subclass and reverse backwards calls 2002-02-09 23:55:37 +00:00
Kurt Zeilenga
59857824ff Treat access to dn="" as access to dn.base="". Avoid empty regex.
Note: by dn="" already treated as anonymous.
2002-02-08 18:32:12 +00:00
Howard Chu
5e522ca882 Changed Access.a_sockurl_pat, Connection.c_listener_url etc.
to struct bervals
2002-01-28 11:41:07 +00:00
Kurt Zeilenga
ce2d8ebc7e Misc cleanup, lint removal, and minor optimizations 2002-01-13 05:00:59 +00:00
Howard Chu
8067107ed2 Added an_oc to AttributeName for caching ObjectClass lookups.
Added error checking to str2anlist; if the attr name doesn't match
any attribute or objectclass the offending attr name is displayed.
2002-01-10 09:54:14 +00:00
Kurt Zeilenga
0e2af54a3f Update copyright statements 2002-01-04 21:17:25 +00:00
Howard Chu
bcdfdb968f Changed AttributeName back into an array instead of a linked list.
Fixed bug in do_search eating up controls.
2002-01-03 05:38:26 +00:00
Howard Chu
f52cc9bab5 Change struct berval ** to BVarray 2002-01-02 11:00:36 +00:00
Howard Chu
743c402265 Changed search attrs from struct berval ** to AttributeName * 2001-12-31 11:35:52 +00:00
Pierangelo Masarati
3930a390e0 cleanup 2001-12-29 10:30:23 +00:00
Howard Chu
975a5e9a24 Added dnPretty2/dnNormalize2 using preallocated destination berval 2001-12-29 04:48:00 +00:00
Pierangelo Masarati
04ce28cf48 a couple of comments; will require special DN handling ... 2001-12-28 18:18:16 +00:00
Howard Chu
bbcb0f8a7f Replace strcat with slap_strcopy 2001-12-26 16:25:18 +00:00
Howard Chu
15f630545a Changed ma_rule_text to struct berval.
Changed get_filter to struct bervals
2001-12-26 13:47:10 +00:00
Howard Chu
fb3af1ccbd Merged ber_bvstr and ber_bvstrdup into ber_str2bv. 2001-12-26 10:06:19 +00:00