Kurt Zeilenga
492762f1c5
Don't use BDB group/attribute callbacks as they may cause deadlock.
...
Add code to bdb_attribute and bdb_group where use TXN id and to
provide error, but need to rework callers (and their callers) to
ensure error is properly bubbled up to the backend operation routine
handling the transaction. Ugh.
2002-01-17 03:58:52 +00:00
Pierangelo Masarati
52b05a5b06
more ber_*cmp optimizations
2002-01-16 19:18:41 +00:00
Kurt Zeilenga
b48c355934
Fix up last commit
2002-01-16 19:03:31 +00:00
Pierangelo Masarati
0842db2a8b
fix ber_*str renaming
2002-01-16 18:50:45 +00:00
Kurt Zeilenga
7f0289a390
Move most of the new ber_*cmp routines to lber_pvt.h to keep them private,
...
rework them slightly to avoid computations which might result in underflow.
Rename them for consistency with other berval routines.
Remove some utf8 lint.
2002-01-16 18:16:15 +00:00
Pierangelo Masarati
af54eed042
added ber_[mem|case]cmp() macros for fast berval comparison; extensively used in acl and in dn_match macro at present
2002-01-16 11:36:47 +00:00
Kurt Zeilenga
5e6e27078c
Change replace ACL semantics from U-Mich historical behavior.
...
U-Mich allows someone with selfwrite to use replace all values
of an attribute with a value containing their DN. Which, of course,
could than be deleted. This behavior was carried forward in all
versions of OpenLDAP.
The new semantics separate checks for deleting all existing values
and adding new values. It is more logical and more inline with
the common use of selfwrite.
2002-01-15 16:23:11 +00:00
Kurt Zeilenga
f89308915a
Add a default case with assert() just in case.
2002-01-14 17:25:13 +00:00
Kurt Zeilenga
9d307b4242
ITS#1530 no value replace ACL fix
2002-01-14 17:19:05 +00:00
Howard Chu
ac1332cdb8
Renamed BVarray to BerVarray. Moved slapd:bvarray_{add,free} to
...
liblber:ber_bvarray_{add,free}.
2002-01-14 01:43:17 +00:00
Pierangelo Masarati
fafce1601e
consistently use dn_match macro throughout slapd
2002-01-12 18:17:13 +00:00
Kurt Zeilenga
7e9c78fbc6
Add ITS#1508 fix to allow ACIs to grant anonymous users access.
2002-01-11 23:48:22 +00:00
Kurt Zeilenga
319b92202b
Fix ACL logic for non-regex peername, sockname, etc.
2002-01-08 02:55:03 +00:00
Howard Chu
26e327f32e
Fix some debug statements
2002-01-06 07:21:06 +00:00
Pierangelo Masarati
f3b61d87b7
fix BVarray
2002-01-05 09:58:19 +00:00
Kurt Zeilenga
0e2af54a3f
Update copyright statements
2002-01-04 21:17:25 +00:00
Kurt Zeilenga
763c0de59b
Rework filter code
...
Misc cleanup / lint removal
2002-01-02 17:06:56 +00:00
Howard Chu
f52cc9bab5
Change struct berval ** to BVarray
2002-01-02 11:00:36 +00:00
Pierangelo Masarati
3930a390e0
cleanup
2001-12-29 10:30:23 +00:00
Howard Chu
975a5e9a24
Added dnPretty2/dnNormalize2 using preallocated destination berval
2001-12-29 04:48:00 +00:00
Pierangelo Masarati
f2a80ff827
fix acl_dn_pat bervalization
2001-12-28 14:47:26 +00:00
Howard Chu
d6a37432bd
Changed dn_rdn/dn_rdnlen to struct berval
2001-12-28 08:38:24 +00:00
Kurt Zeilenga
21288fbb21
Misc cleanup and dn_normalize() zapping
...
Fix nameAndOptionalIdentifer syntax.
2001-12-26 16:42:35 +00:00
Howard Chu
7685b237b7
Fix unterminated string in previous commit. dnNormalize ought to use an
...
ldap_bv2dn function instead of ldap_str2dn and honor the bv_len's...
2001-12-26 04:51:10 +00:00
Howard Chu
b96645af7d
More struct berval changes, dnNormalize migration...
2001-12-26 04:17:49 +00:00
Kurt Zeilenga
2dd27b0786
More struct berval DNs
2001-12-25 19:48:26 +00:00
Howard Chu
3b8cf82517
Use e_nname.bv_len
2001-12-24 17:52:07 +00:00
Howard Chu
9e0ab3da36
Changed Access->a_set_pat and acl->acl_dn_pat to struct berval to eliminate
...
strlen() from acl processing.
2001-12-24 15:43:27 +00:00
Howard Chu
18cd610f2d
op->o_ndn berval fixes for SLAPD_ACI_ENABLED
2001-12-24 15:18:02 +00:00
Howard Chu
2f3399265c
Changed sai_dn, sai_ndn to struct berval. (Affects op->o_dn,o_ndn,
...
conn->c_dn,c_ndn, Access->a_dn_pat)
2001-12-24 15:11:01 +00:00
Howard Chu
3bd8946ca0
from jon@symas.com - minor cleanup
2001-12-17 22:48:29 +00:00
Kurt Zeilenga
abd9be4def
Remove lint and misc MSVC updates
2001-12-09 02:34:45 +00:00
Howard Chu
ad9d17d537
Added dn_rdnlen. Fixed rdn leak in limits.c.
2001-12-08 11:08:26 +00:00
Pierangelo Masarati
0f64b72a00
paranoid check for escaped dn separators when naively checking for rdn boundary
2001-12-01 16:28:21 +00:00
Pierangelo Masarati
a4c9c2c06e
add const
2001-11-17 09:21:22 +00:00
Howard Chu
0e16f6acf9
Moved AttributeDescription caching into main code:
...
Changed AttributeDescription.{ad_cname,ad_lang} to struct berval everywhere
Deleted ad_free() everywhere
Added ad_mutex to init.c
The AttributeDescriptions are in a linked list hanging off of the
corresponding AttributeType.
2001-10-22 13:23:05 +00:00
Kurt Zeilenga
fdc0dd7d6a
Fix some NEW_LOGGING errors
2001-10-05 21:49:04 +00:00
Kurt Zeilenga
09a7bd4331
Clean up asserts, should assert desc != NULL instead of attr != NULL
2001-09-09 18:58:54 +00:00
Kurt Zeilenga
f10028ba06
Apply ACLs to front end objects (root DSE, subschema) consistently
2001-08-28 20:28:34 +00:00
Kurt Zeilenga
9a0b6e92d7
Default ACL clause should be "by * none stop" not "by * stop".
...
That is, default rule should set permissions to none.
2001-06-01 20:09:03 +00:00
Gary Williams
9cf6ee8ccd
fix acl log line
2001-02-08 13:21:20 +00:00
Gary Williams
f49fd8a98e
fix format
2001-01-17 16:35:53 +00:00
Gary Williams
d531a20f52
more new logging (finally), behind NEW_LOGGING
2001-01-11 17:11:23 +00:00
Mark Valence
7e1d4023b8
Removed testing mods accidentally committed with previous fix.
2000-10-11 16:41:15 +00:00
Mark Valence
d8d9bec087
Added conn and op arguments to backend_group.
2000-10-11 16:25:28 +00:00
Kurt Zeilenga
7c96f629ee
Add connection and operation arguments to backend callbacks.
...
Needed for transactions.
2000-09-29 05:25:44 +00:00
Ben Collins
810d3ce224
specifically check for NULL return from acl_get()
2000-09-13 21:49:56 +00:00
Kurt Zeilenga
7778304b16
Fix typo
2000-09-05 19:38:26 +00:00
Kurt Zeilenga
63ae1d22e5
Fix ACL SSF reporting
2000-09-05 18:24:24 +00:00
Kurt Zeilenga
bf3df2f7a6
restrictops, requires, disallow knobs; ssf acls; and misc other changes
...
man pages to follow...
2000-08-28 18:38:48 +00:00
Kurt Zeilenga
1c328aa9c7
Minor typedef and other clean ups
2000-08-26 01:14:05 +00:00
Kurt Zeilenga
5b856458a2
s/SAFEMEMCPY/AC_MEMCPY/
...
Use AC_FMEMCPY where appropriate (-llber)
2000-07-28 01:07:07 +00:00
Kurt Zeilenga
efb7672dde
Do not log attribute value
2000-07-25 20:54:11 +00:00
Kurt Zeilenga
2890bc5b6d
Fix entry/children always allowed bug!
2000-07-20 22:52:44 +00:00
Kurt Zeilenga
8484d2c757
Remove lint
2000-07-05 21:03:57 +00:00
Mark Valence
517fa54bb0
Fix aci link error.
2000-06-30 18:04:10 +00:00
Kurt Zeilenga
1f1f8849eb
Quick fix to aci link error
2000-06-30 17:09:52 +00:00
Mark Valence
3705a26f2d
Add support for Set ACLs and ACIs. Still need to make this syntax awa
...
re.
2000-06-29 22:02:15 +00:00
Kurt Zeilenga
3112f21612
Add attribute type/matching rule support for structuralObjectClass attribute
...
type. Add type to core.schema. Not yet populated on add nor checked on modify.
2000-06-26 05:13:41 +00:00
Mark Valence
c6ad81bcd2
Fix minor bug in handling group ACLs.
2000-06-21 19:07:56 +00:00
Mark Valence
3a31fead5e
Fixed paren nesting bug, separated convoluted conditionals, added comm
...
ents about the logic.
2000-06-17 18:23:27 +00:00
Mark Valence
638371ebe7
Fix uninitialized variable.
2000-06-17 08:20:44 +00:00
Mark Valence
0c6b9ce2dd
Fix ACI group membership test to look up OC.
2000-06-14 22:17:33 +00:00
Mark Valence
2ee8093f98
Fix ACI group membership test to look up OC.
2000-06-14 22:11:44 +00:00
Mark Valence
0ebf86f2d3
Bug hunting -- hang when checking dnattr in ACL.
2000-06-14 06:08:20 +00:00
Mark Valence
1bfcb4b039
Added .regex, .base, .one, .subtree, and .children "style" modifiers.
2000-06-12 01:35:15 +00:00
Kurt Zeilenga
a56c161bdb
Misc code cleanup.
2000-06-10 22:39:30 +00:00
Kurt Zeilenga
c3f8de76ef
Fix up debug statement as suggested by christian.lorenz@suse.de
2000-06-07 14:07:50 +00:00
Kurt Zeilenga
693fb9424a
unifdef -DSLAPD_SCHEMA_NOT_COMPAT -USLAPD_SCHEMA_COMPAT
2000-06-06 19:43:18 +00:00
Kurt Zeilenga
eb70b602ee
Rework ACI codes to use OpenLDAPaci. Add needed schema elements.
...
Needs work. Volunteers welcomed.
2000-05-30 21:34:55 +00:00
Kurt Zeilenga
e4a7b953f3
SLAPD_SCHEMA_NOT_COMPAT: fix typo
2000-05-29 04:57:31 +00:00
Kurt Zeilenga
bdf9b0d017
SLAPD_SCHEMA_NOT_COMPAT: working ACLs! (have not tested ACIs)
2000-05-29 03:51:26 +00:00
Kurt Zeilenga
9e5312e166
SLAPD_SCHEMA_NOT_COMPAT: ACL cleanup (not yet working)
2000-05-29 03:44:06 +00:00
Kurt Zeilenga
3350957674
SLAPD_SCHEMA_NOT_COMPAT: ACI cleanup
2000-05-28 22:17:34 +00:00
Kurt Zeilenga
439c0c796d
SLAPD_SCHEMA_NOT_COMPAT: Mostly work modify
2000-05-28 16:36:34 +00:00
Kurt Zeilenga
37235b71c0
SLAPD_SCHEMA_NOT_COMPAT: working cn=schema
2000-05-15 23:36:37 +00:00
Kurt Zeilenga
4bc786f34b
Y2k copyright update
2000-05-13 02:47:56 +00:00
Kurt Zeilenga
0c134a72d6
SCHEMA_NOT_COMPAT changes
2000-04-25 13:21:06 +00:00
Kurt Zeilenga
4091381660
Yet another round of SLAPD_SCHEMA_NOT_COMPAT changes, including:
...
limited subtype support, modlist handling, filter updates,
lastmod attribute handling.
2000-02-28 21:16:05 +00:00
Kurt Zeilenga
ceb6412e62
More -DSLAPD_SCHEMA_NOT_COMPAT changes
...
Not hidden: "<anonymous>" modifiersname
2000-02-15 18:57:07 +00:00
Kurt Zeilenga
0dbaf87730
Another round of changes behind -DSLAPD_SCHEMA_NOT_COMPAT
...
plus these changes unhidden changes:
remove now meaning --enable-discreteaci configure option
fix ITS#451, slapd filters
Add ber_bvecadd() to support above
constify ldap_pvt_find_wildcard() and misc slapd routines
renamed some slap.h macros
likely broken something
2000-02-14 20:57:34 +00:00
Kurt Zeilenga
36b0423311
Add Modification/Modifications structures for -DSLAPD_SCHEMA_NOT_COMPAT
2000-02-07 20:37:10 +00:00
Kurt Zeilenga
bc51bd5180
Yet another round of SLAPD_SCHEMA_NOT_COMPAT changes...
...
Changes outside of #ifdef include three value filter processing.
2000-02-06 21:09:44 +00:00
Kurt Zeilenga
9316c4eace
ACI attributes should be of ACI syntax. Need to assign
...
OID for experimental syntax.
2000-02-01 17:53:07 +00:00
Kurt Zeilenga
3a6e906194
Replace -DSLAPD_SCHEMA_COMPAT with -USLAPD_SCHEMA_NOT_COMPAT
2000-01-31 22:14:16 +00:00
Kurt Zeilenga
c5da0c76ce
Additional changes to migrate to new schema codes
...
Still not usable.
2000-01-28 20:01:00 +00:00
Kurt Zeilenga
e9b1012fb1
Put more old schema code behind SLAPD_SCHEMA_COMPAT (which still
...
MUST be defined).
2000-01-28 00:33:29 +00:00
Kurt Zeilenga
434e7229ac
Add code to handle operational attributes via new schema codes
...
behind -USLAPD_SCHEMA_COMPAT.
2000-01-27 19:02:24 +00:00
Kurt Zeilenga
df712b8597
Don't exclude no-user-modification attributes from ACL checks
...
unless access requested is WRITE. This allows you to apply
an ACL to limit search/reading of no-user-modification attributes.
Writes, of course, are always prohibited (by do_add, do_modify).
2000-01-27 18:35:36 +00:00
Mark Valence
d93ef01ac7
Add get_supported_acimech() for use by root_dse, check aci OIDs against supported list.
1999-11-22 18:42:46 +00:00
Mark Valence
23cb3a0555
Added a "dnattr" case for ACIs (still need to check the ACI OID).
1999-11-08 18:50:51 +00:00
Mark Valence
af855ec94b
Updated ACI code to work with new ACL changes. All changes are within the SLAPD_ACI_ENABLED #ifdef's.
1999-11-06 05:05:50 +00:00
Kurt Zeilenga
3fbee54fa5
Remove lint
1999-10-27 04:40:56 +00:00
Kurt Zeilenga
3261f219a3
Add support for Root DSE ACLs.
...
Add "users" shorthand (dn="^.+$")
Add regex short circuiting for common dn regexs.
1999-10-26 03:19:41 +00:00
Kurt Zeilenga
06eb390586
Make accessmask2str reentrant.
1999-10-21 23:19:22 +00:00
Kurt Zeilenga
3d765d6108
Additional changes to improve logic and logging. Still buggy.
1999-10-21 20:29:52 +00:00
Kurt Zeilenga
f6829ee903
Initial commit of new ACL engine. Engine supports descrete access
...
privs, additive/substractive rules, and rule continuation. Existing
rules that use 'defaultaccess none' should be 100% compatible. Rules
that rely other defaultaccess settings will require addition of
explicit clauses granting the access.
Needs additional testing and tuning of logs
1999-10-21 17:53:56 +00:00
Kurt Zeilenga
7a0b0b2bbf
In preparation for adding dn_rewrite()...
...
s/dn_normalize/dn_validate/
s/dn_normalize_case/dn_normalize/
1999-09-24 01:46:37 +00:00
Kurt Zeilenga
ccfba5f2c0
Misc. cleanup
1999-09-16 02:31:29 +00:00
Kurt Zeilenga
403f4479bc
Add OpenLDAP RCSid to *.[ch] in clients, libraries, and servers.
...
Replace old Id as needed (back-tcl).
Leave updating of contribWare to contributors (for now).
1999-09-08 19:06:24 +00:00