Kurt Zeilenga
1372965d89
ITS#3092: Rename sl_free() and friends to slap_sl_free()
2004-04-20 03:44:57 +00:00
Kurt Zeilenga
a54900be42
s/saslAuthz/authz/
2004-04-16 06:12:13 +00:00
Pierangelo Masarati
d7884b5853
rename macro
2004-04-14 23:23:46 +00:00
Pierangelo Masarati
755210c960
use librewrite for sasl-regexp (need to #define SLAP_X_SASL_REWRITE; ITS#2886); lots of cleanup
2004-04-13 16:47:04 +00:00
Howard Chu
692c37720f
Fix internal search limits (due to recent limit_check change)
2004-04-07 15:10:26 +00:00
Kurt Zeilenga
44725e7303
use BER_BVNULL
2004-04-07 04:11:43 +00:00
Kurt Zeilenga
c7e89d57be
swap be_isroot and be_isroot_dn symbols
2004-04-06 01:06:20 +00:00
Howard Chu
09a379394a
ITS#3033 fix debug msg segv
2004-03-20 09:51:33 +00:00
Kurt Zeilenga
e323437c6a
cleanup for release engineering
2004-03-18 01:06:39 +00:00
Pierangelo Masarati
5716b7f1b2
document saslAuthzTo/saslAuthzFrom new syntax; add onelevel style to DN type
2004-03-06 11:00:49 +00:00
Kurt Zeilenga
3c598e89fb
Happy new year
2004-01-01 19:15:16 +00:00
Pierangelo Masarati
42d7d6d743
propagate flags to sasl-regexp functions (will need it later)
2003-12-18 18:32:45 +00:00
Pierangelo Masarati
113727ba53
allow 'all' vs. 'any' sasl-authz-policy
2003-12-18 18:28:43 +00:00
Pierangelo Masarati
f2a9089e4d
cleanup most of the -pedantic warnings (ITS#2884) and other small fixes
2003-12-17 20:55:46 +00:00
Kurt Zeilenga
271fff13de
Sync with HEAD
2003-12-17 17:55:27 +00:00
Pierangelo Masarati
bc972e0656
allow 'AUTHZ' mech in proxyAuthz control to allow also the <mech> part of the 'u:' user
2003-12-15 18:19:14 +00:00
Pierangelo Masarati
b4629f1e79
fix previous commits
2003-12-14 14:08:15 +00:00
Kurt Zeilenga
5b0236f4ae
Add u: comment
2003-12-13 23:41:44 +00:00
Kurt Zeilenga
1fadacaa31
Forward parse the uauthzid. A realm cannot be specified unless
...
a mechanism is specified. (Few mechanisms (DIGEST-MD5 only) support
separate realms.)
2003-12-13 23:38:05 +00:00
Pierangelo Masarati
4602c935f7
saslAuthzTo/From stuff
...
when comparing IDs to saslAuthzTo/From values, the saslAuthzTo
saslAuthzFrom values can take different forms:
dn[.<style>]:<pattern>
<style> ::= exact ; exact match
children ; children of <pattern> match
subtree ; <pattern> or children of <pattern> match
regex ; <pattern> is regcomp() & regexec()
if no <style>, then exact is assumed
u[.<mech>][/<realm>]:<user>
when parsing a proxyAuthz value, only exact DN is allowed,
and no <mech> can be specified. <user> cannot contain ':'
and <mech> cannot contain '/'.
2003-12-13 23:02:59 +00:00
Pierangelo Masarati
d6bc071dd9
add subtree/children styles to saslAuthzTo/From; 'dn:' now defaults to exact
2003-12-13 12:23:56 +00:00
Pierangelo Masarati
43db7cf4bf
cleanup saslauthz code
2003-12-13 10:58:31 +00:00
Howard Chu
be1a728c5b
Added sc_next and sc_cleanup to slap_callback
2003-12-07 08:51:23 +00:00
Luke Howard
369b1515db
Ensure exact DNs are normalized in slap_parseURI.
2003-12-06 02:16:39 +00:00
Kurt Zeilenga
20c8ea8a44
Update Mark's notice (with permission)
2003-12-04 21:12:17 +00:00
Pierangelo Masarati
93d0c25c45
syntax improvement (ITS#2852)
2003-12-03 00:29:29 +00:00
Pierangelo Masarati
ff919168fb
if rule is an URI, must have a filter field
2003-12-01 07:50:27 +00:00
Kurt Zeilenga
4e15a84452
Updated notices
2003-11-27 01:17:14 +00:00
Howard Chu
f4649fbde3
ITS#2825 fix SASL internal searches
2003-11-13 21:42:28 +00:00
Howard Chu
bb13266a15
Plug memleak in slap_parseURI
2003-09-20 05:55:48 +00:00
Luke Howard
d649ae0808
Inherit operation pblock for SLAPI
2003-08-31 08:14:54 +00:00
Kurt Zeilenga
009191da73
delete incorrect URI description. RFC 2255 should be used.
2003-07-31 08:41:11 +00:00
Kurt Zeilenga
46122fa688
Fix ITS#2578
2003-06-15 05:52:51 +00:00
Kurt Zeilenga
7ca24a8591
Another round of minor copyright updates
2003-05-25 03:56:57 +00:00
Howard Chu
9dace23dec
Change slap_sasl_authorized to take an Operation instead of a Connection,
...
for compatibility with proxyAuthz control
2003-05-24 02:44:46 +00:00
Howard Chu
83f0acc1d8
ITS#2533 backend_attribute uses tmpmemctx, must free accordingly
2003-05-24 02:06:18 +00:00
Howard Chu
b6ef8c1876
ITS#2505 - make sr_strings per-op instead of static
2003-05-12 23:57:19 +00:00
Kurt Zeilenga
5cd994ed21
remove dnNormalize2
...
replace calls to dnNormalize2 with calls to dnNormalize
2003-04-29 18:28:14 +00:00
Hallvard Furuseth
778a38f49c
Reduce warnings: Add missing 0 or NULL initializers for struct members.
2003-04-29 16:36:19 +00:00
Howard Chu
280fc819cf
Memory context tweaks for Bind
2003-04-12 06:56:42 +00:00
Howard Chu
ece7452b05
More memory context tweaks
2003-04-11 01:29:28 +00:00
Howard Chu
f897519d11
Minor cleanups
2003-04-09 23:37:00 +00:00
Howard Chu
813d5c8ed8
First cut at thread-local malloc. Only used by search() for now...
...
Needs work in normalizers, etc.
2003-04-09 16:52:03 +00:00
Howard Chu
9355dca9af
Consolidated slap_callbacks into one function. Removed send_search_result.
2003-04-01 04:12:18 +00:00
Howard Chu
e8c58b4e7f
Major API change - (SLAP_OP_BLOCKS) All request parameters are
...
consolidated into the Operation structure. All reply parameters
are consolidated into the new SlapReply structure. Most operations
now have identical call signatures... Changes are not #ifdef'd,
revert to -r NO_SLAP_OP_BLOCKS if necessary to back out.
2003-03-30 09:03:54 +00:00
Howard Chu
40454ccec8
Added op->o_is_auth_check; use ACL_AUTH instead of ACL_SEARCH/ACL_READ
...
in access_allowed() if flag is set. Set in sasl/saslauth searches.
2003-03-10 22:07:21 +00:00
Howard Chu
9beaa08d79
Fix slap_sasl_authorized, c_authz_backend may be NULL
2003-03-02 00:21:24 +00:00
Howard Chu
979e5073cf
Revert previous kludge in controls.c, use ldap_pvt_thread_pool_context
...
instead if c_sasl_bindop is NULL.
2003-02-16 19:34:29 +00:00
Kurt Zeilenga
8f82e9f772
ITS#2117: remove suffixalias support until someone fixes it
2003-02-09 07:20:03 +00:00
Kurt Zeilenga
5192938964
code cleanup
2003-02-07 19:05:45 +00:00
Luke Howard
dfc7d338a6
Add sendreference callback
2003-02-01 07:04:13 +00:00
Kurt Zeilenga
6939c53170
Happy new year
2003-01-03 20:20:47 +00:00
Howard Chu
4e4818771c
Plug memory leak
2002-12-18 22:44:13 +00:00
Kurt Zeilenga
7be4d566d7
cleanup
2002-12-13 00:18:54 +00:00
Luke Howard
6730080081
Allow the root DN to switch to any authorization identity.
2002-12-05 12:25:16 +00:00
Howard Chu
574090d184
Fix slap_sasl2dn(), performing internal search with wrong op.o_ndn.
2002-12-04 22:37:51 +00:00
Kurt Zeilenga
da76c1951e
First-cut proxy authorization support.
2002-12-03 06:11:32 +00:00
Kurt Zeilenga
ab80b03057
back_attribute() should use ACL_AUTH not ACL_READ (at
...
least for current callers, may need to pass it the
permission level)
2002-09-05 02:37:10 +00:00
Howard Chu
70673417f2
Fix debug statement
2002-08-30 14:28:45 +00:00
Howard Chu
925714ceef
Experimental cruft to propagate valid Operation to SASL callbacks.
...
If you have a better way, jupm on in...
2002-08-24 07:34:50 +00:00
Kurt Zeilenga
3a15afa057
Fix abstract schema check
2002-08-22 02:27:42 +00:00
Howard Chu
505a141c75
Use search callbacks in slap_sasl_checkpass and slap_auxprop_lookup,
...
use ACL_AUTH for acl checks.
2002-08-20 05:32:54 +00:00
Kurt Zeilenga
6e02fe2e8a
Remove #if 0 code
2002-08-16 18:58:39 +00:00
Pierangelo Masarati
3a26ef5bbb
silence warnings
2002-08-16 16:33:22 +00:00
Kurt Zeilenga
e69c9067c2
Fix saslregex init bug
2002-08-07 19:17:22 +00:00
Kurt Zeilenga
428c15d883
Misc clean up of last commit.
...
Still need to fix my devbox so I can test this....
2002-08-05 23:40:08 +00:00
Kurt Zeilenga
119462adfa
Rework saslRegex code (not yet tested)
2002-08-05 23:16:28 +00:00
Kurt Zeilenga
d22612e8db
ITS#1951: saslRegexp limits syntax of regular expressions
...
Don't normalize regex.
Also, s/LDAP_OPERATIONS_ERROR/LDAP_OTHER/
2002-08-01 01:10:55 +00:00
Kurt Zeilenga
eb581e43e7
Fix for:
...
SASL regex segmentation faults with group based acls (ITS#1978)
based, in part, by patch submitted by Simon Wilkinson <simon@sxw.org.uk>.
2002-07-28 07:27:55 +00:00
Kurt Zeilenga
8a3d02bf6b
misc cleanup
2002-07-23 18:35:12 +00:00
Howard Chu
a073e28510
Fix setting c_authz_backend for SASL binds:
...
in slap_sasl2dn, make sure it's set for base DN searches as well.
in do_bind, don't zero it during multi-stage binds.
2002-07-13 00:11:03 +00:00
Julius Enarusai
6107ba67d2
Coverted LDAP_LOG macro to use subsystem ID int values instead of string values
2002-07-11 20:33:24 +00:00
Kurt Zeilenga
cbba11d7cd
saslAuthzTo/From LDUP URLs should have hostnames
2002-06-14 22:03:52 +00:00
Howard Chu
07a34489c6
Added saslAuthzTo and saslAuthzFrom to system schema.
...
Added sasl-authz-policy config keyword to control proxy authorization.
Moved sasl-related config processing to sasl.c:slap_sasl_config().
Moved other global defs used only in saslauthz.c into saslauthz.c.
2002-06-14 08:10:14 +00:00
Kurt Zeilenga
d6e7f0f630
Rework c_authzid_backend in preparation for sasl_setpass() support
2002-06-11 22:56:47 +00:00
Howard Chu
6f47e13147
Cyrus 2 support now requires Cyrus 2.1.3. Adds support for in-directory
...
SASL secrets. (Only works with plaintext userpassword tho.)
2002-05-07 23:08:23 +00:00
Howard Chu
a067d64c3a
Fixes for slap_sasl_regexp parsing and normalization
2002-05-07 18:46:32 +00:00
Howard Chu
56f1355968
Added comment for future reference re: in-directory secrets
2002-05-07 02:17:34 +00:00
Howard Chu
1dea5905c6
More SASL DN simplification. No more "dn:" prefix used anywhere internally.
2002-04-17 07:56:46 +00:00
Kurt Zeilenga
02e8527248
Patch: Escape character troubles (ITS#1753)
...
================
Written by Hallvard B. Furuseth and placed into the public domain.
This software is not subject to any license of the University of Oslo.
================
maildap could address buf[-1] if len was < 2.
REWRITE_SUBMATCH_ESCAPE is '%', not '\'.
librewrite and saslautz could walk past the end of a string which
ended with an escape character.
Hallvard B. Furuseth <h.b.furuseth@usit.uio.no>, April 2002.
2002-04-15 18:29:39 +00:00
Howard Chu
efecf4e121
ITS#1733 eliminate o_abandonmutex
2002-04-11 08:03:40 +00:00
Howard Chu
f516e34918
ITS#1681 - detect bad filter in slap_parseURI() - from Hallvard Furuseth
2002-04-09 10:41:15 +00:00
Howard Chu
1353ded30c
Change slap_parseURI to use ldap_parse_url. Other struct berval changes.
2002-04-05 05:37:01 +00:00
Kurt Zeilenga
3d89f398a9
Fix callback initializer.
2002-03-04 21:28:46 +00:00
Kurt Zeilenga
d23c559646
Don't use 'shtool mkln' as ln(1) replacement.
...
Allow both <sasl/sasl.h> and <sasl.h>
2002-02-11 08:28:51 +00:00
Kurt Zeilenga
b315d8af34
Update Cyrus SASL detection to always look for <sasl.h> regardless
...
of version and then try -lsasl2 and -lsasl. Make SASL code
conditional on SASL_VERSION_MAJOR, not HAVE_CYRUS_SASL.
2002-02-10 17:51:19 +00:00
Howard Chu
8a4e92b259
Support for Cyrus SASLv2. Untested.
2002-02-10 14:27:23 +00:00
Kurt Zeilenga
0a31400d63
Some misc cleanup
2002-01-29 06:06:20 +00:00
Howard Chu
d937237987
Eliminated dn_normalize. No more migration.
2002-01-26 14:51:45 +00:00
Howard Chu
4191f39037
Changed slap_authz_info.sai_mech to struct berval.
...
Changed sasl_* to use struct bervals.
2002-01-26 13:57:41 +00:00
Howard Chu
eab49fe5da
Cleanup lint
2002-01-19 04:50:26 +00:00
Howard Chu
ac1332cdb8
Renamed BVarray to BerVarray. Moved slapd:bvarray_{add,free} to
...
liblber:ber_bvarray_{add,free}.
2002-01-14 01:43:17 +00:00
Howard Chu
d0724c769e
Fix mutex leak in previous commit
2002-01-13 17:17:29 +00:00
Howard Chu
f20991dea7
Changed to use search callbacks instead of connection_internal_open
2002-01-13 17:12:43 +00:00
Howard Chu
029306a5be
Use ldap_queue.h instead of <ac/queue.h>
2002-01-03 00:12:46 +00:00
Kurt Zeilenga
c603bc3946
use sizeof instead of strlen/hardcoded-consts
2002-01-02 17:04:09 +00:00
Howard Chu
f52cc9bab5
Change struct berval ** to BVarray
2002-01-02 11:00:36 +00:00
Howard Chu
10961151ef
Use queue-compat for Connection->c_ops,c_pending_ops
2001-12-31 04:08:29 +00:00
Howard Chu
975a5e9a24
Added dnPretty2/dnNormalize2 using preallocated destination berval
2001-12-29 04:48:00 +00:00
Kurt Zeilenga
cddf7e0e00
More struct berval DN changes
...
decrease dependency on dn_validate/dn_normalize
2001-12-27 07:13:13 +00:00