Commit Graph

5033 Commits

Author SHA1 Message Date
Howard Chu
c3bb9e42a6 More cleanup 2003-12-20 09:55:17 +00:00
Howard Chu
59f76d543c Clean up prev commit 2003-12-20 09:19:19 +00:00
Howard Chu
d27b734770 ITS#2889 - fix explicit objectClass inclusion/exclusion 2003-12-20 06:28:05 +00:00
Luke Howard
120adb6b1b Fix slapi_modify_internal() to deal with just the modification type of
a mod operation
2003-12-19 10:10:59 +00:00
Kurt Zeilenga
aabcce3e58 Document +0 2003-12-19 05:06:51 +00:00
Kurt Zeilenga
5481755c0e Move ldapi to /var/run 2003-12-19 02:28:06 +00:00
Kurt Zeilenga
fdbd8705ae Move pid/args files into $(RUNDIR)/run
Move ldapi into $(RUNDIR)/run/openldap
2003-12-19 02:18:29 +00:00
Howard Chu
3b0b66de10 Fix install rule 2003-12-18 20:26:05 +00:00
Kurt Zeilenga
e9133952fb Move experimental built-in SASL behind SLAP_BUILTIN_SASL macro 2003-12-18 20:01:47 +00:00
Pierangelo Masarati
42d7d6d743 propagate flags to sasl-regexp functions (will need it later) 2003-12-18 18:32:45 +00:00
Pierangelo Masarati
113727ba53 allow 'all' vs. 'any' sasl-authz-policy 2003-12-18 18:28:43 +00:00
Kurt Zeilenga
babc993ef7 clarify default access control policy 2003-12-18 17:32:30 +00:00
Kurt Zeilenga
9647ccd945 Completely untested built-in EXTERNAL implementation
Needs identity mapping and proxy authorization support
2003-12-18 06:52:39 +00:00
Howard Chu
e4b899df95 ITS#2884 silence warning. We don't dereference this pointer, we just use
it's value as a unique key.
2003-12-18 03:54:48 +00:00
Howard Chu
9777dc2114 ITS#2883 initialize rc before running callbacks 2003-12-18 03:50:09 +00:00
Kurt Zeilenga
3eb5337020 Make modify/increment conditional 2003-12-17 21:42:48 +00:00
Pierangelo Masarati
f2a9089e4d cleanup most of the -pedantic warnings (ITS#2884) and other small fixes 2003-12-17 20:55:46 +00:00
Kurt Zeilenga
271fff13de Sync with HEAD 2003-12-17 17:55:27 +00:00
Luke Howard
516fd0ff50 First round of SLAPI cleanups - use slapi_int_XXX for internal functions
(slapi_x_XXX is still reserved for exported functions that are not part
of the SLAPI specification)
2003-12-16 15:49:31 +00:00
Pierangelo Masarati
2d948c7106 fix a couple of (too optimistic) comments... 2003-12-16 14:25:36 +00:00
Luke Howard
c8f62b12d3 Honour any controls that are sent by a SLAPI plugin 2003-12-16 11:17:54 +00:00
Pierangelo Masarati
8fa476a5c6 line up comments and code 2003-12-16 11:05:52 +00:00
Pierangelo Masarati
4e83a282d0 improve error handling for attr val ACL syntax 2003-12-16 10:56:21 +00:00
Luke Howard
0bcddbc908 Don't leak SLAPI_RESCONTROLS when free'ing parameter block - these
are allocated by the plugin
2003-12-16 05:59:50 +00:00
Kurt Zeilenga
a736f237f8 Deprecate +objectClass in favor of @objectClass per IETF discussions 2003-12-16 05:55:52 +00:00
Kurt Zeilenga
e3ffc1b165 Revert last commit 2003-12-16 01:55:56 +00:00
Pierangelo Masarati
e2483d8a9b honor '!' (objectClass negation) when checking attribute presence in list 2003-12-16 01:10:33 +00:00
Pierangelo Masarati
ee34f3fb64 add to 'val[.<style>=<value>' ACLs special match styles for DN-valued attributes; add negated objectClass to attribute name lists for ACLs and partial replication 2003-12-16 00:49:10 +00:00
Howard Chu
6e6bef8f56 Fix - need to initialize lutil_passwd. 2003-12-16 00:39:29 +00:00
Pierangelo Masarati
bc972e0656 allow 'AUTHZ' mech in proxyAuthz control to allow also the <mech> part of the 'u:' user 2003-12-15 18:19:14 +00:00
Pierangelo Masarati
3a5c53a8b1 typo 2003-12-14 15:36:46 +00:00
Pierangelo Masarati
b4629f1e79 fix previous commits 2003-12-14 14:08:15 +00:00
Pierangelo Masarati
588f1f6185 resolve naming conflicts when compiling rwm overlay as static (will disappear as soon as rwm stuff is removed from back-ldap/back-meta) 2003-12-14 11:13:25 +00:00
Kurt Zeilenga
4d29df5bd1 Add LDAP_DEPRECATED macro
Need to remove use of deprecated functions.
2003-12-14 02:47:42 +00:00
Kurt Zeilenga
5b0236f4ae Add u: comment 2003-12-13 23:41:44 +00:00
Kurt Zeilenga
1fadacaa31 Forward parse the uauthzid. A realm cannot be specified unless
a mechanism is specified.  (Few mechanisms (DIGEST-MD5 only) support
separate realms.)
2003-12-13 23:38:05 +00:00
Pierangelo Masarati
4602c935f7 saslAuthzTo/From stuff
when comparing IDs to saslAuthzTo/From values, the saslAuthzTo
saslAuthzFrom values can take different forms:

dn[.<style>]:<pattern>

<style> ::= 	exact		; exact match
		children	; children of <pattern> match
		subtree		; <pattern> or children of <pattern> match
		regex		; <pattern> is regcomp() & regexec()
if no <style>, then exact is assumed

u[.<mech>][/<realm>]:<user>

when parsing a proxyAuthz value, only exact DN is allowed,
and no <mech> can be specified.  <user> cannot contain ':'
and <mech> cannot contain '/'.
2003-12-13 23:02:59 +00:00
Howard Chu
0d8613c274 Use c_authmech when c_sasl_bind_mech is empty 2003-12-13 22:43:01 +00:00
Howard Chu
e85cd1e154 Fix prev commit, use c_authtype 2003-12-13 22:16:03 +00:00
Howard Chu
d9aec4ef28 Always set c_authmech 2003-12-13 21:39:51 +00:00
Kurt Zeilenga
4bedf015f0 cleanup 2003-12-13 18:57:00 +00:00
Kurt Zeilenga
dbc37977f2 Look for the '@' in userid@realm in reverse so that a@b@c results
in userid of a@b and realm of c.
2003-12-13 17:25:59 +00:00
Pierangelo Masarati
6e5ddd6420 note a potential problem 2003-12-13 17:21:17 +00:00
Pierangelo Masarati
5a00f25542 conn must be non-null 2003-12-13 15:29:49 +00:00
Pierangelo Masarati
d6bc071dd9 add subtree/children styles to saslAuthzTo/From; 'dn:' now defaults to exact 2003-12-13 12:23:56 +00:00
Pierangelo Masarati
43db7cf4bf cleanup saslauthz code 2003-12-13 10:58:31 +00:00
Pierangelo Masarati
529a03df53 use dedicated admin identity to proxyAuthz 2003-12-13 10:57:42 +00:00
Pierangelo Masarati
9c5fe98a79 declare overlays_init() 2003-12-13 10:57:13 +00:00
Howard Chu
b011c51390 Clean up entry initialization 2003-12-13 02:00:07 +00:00
Kurt Zeilenga
552a51ca50 Tweak the codes 2003-12-11 07:28:01 +00:00