mirror/openldap
2
0
Fork 0
mirror of https://git.openldap.org/openldap/openldap.git synced 2024-12-27 03:20:22 +08:00
Code Issues Packages Projects Releases Wiki Activity
8,479 Commits 38 Branches 307 Tags 74 MiB
d2db0733ab
Commit Graph

225 Commits

Author SHA1 Message Date
Howard Chu
efecf4e121 ITS#1733 eliminate o_abandonmutex 2002-04-11 08:03:40 +00:00
Howard Chu
5c4a924f81 ITS#1735 unused conn.c_uthc_backend, include ldap_pvt.h 2002-04-11 07:42:57 +00:00
Pierangelo Masarati
c22f10f4ca don't count operations per request if back-monitor is not built 2002-04-08 19:13:13 +00:00
Pierangelo Masarati
51e33154b3 count initiated/completed operations divided per request 2002-04-08 18:41:15 +00:00
Howard Chu
5c70106657 ITS#1708 ldap_pvt_tls_sb_ctx() et al 2002-04-05 06:48:03 +00:00
Pierangelo Masarati
af3a65b924 do not print -1 as %lu 2002-03-30 08:45:21 +00:00
Kurt Zeilenga
0be4d842bc Update control framework 
Misc cleanup
NT updates
 2002-03-24 02:17:21 +00:00
Pierangelo Masarati
49f324a1fa fix ITS#1671 and more 2002-03-23 16:53:44 +00:00
Pierangelo Masarati
fa654ae447 fix ITS#1660 (issue 1) 2002-03-23 16:06:22 +00:00
Howard Chu
f181388a5e Fix ITS#1655, don't retrieve sd until we've checked for valid c_sb. 2002-03-20 23:47:08 +00:00
Howard Chu
35554dadf3 use ber_str2bv() instead of ch_strdup/strlen. 2002-03-18 08:57:59 +00:00
Kurt Zeilenga
a4635f3ada CLDAP fixes 2002-03-06 20:58:20 +00:00
Kurt Zeilenga
0a31400d63 Some misc cleanup 2002-01-29 06:06:20 +00:00
Howard Chu
5e522ca882 Changed Access.a_sockurl_pat, Connection.c_listener_url etc. 
to struct bervals
 2002-01-28 11:41:07 +00:00
Howard Chu
4191f39037 Changed slap_authz_info.sai_mech to struct berval. 
Changed sasl_* to use struct bervals.
 2002-01-26 13:57:41 +00:00
Kurt Zeilenga
9a3dcc376c Zap connection_internal_* 2002-01-13 18:05:16 +00:00
Howard Chu
f0cd9956ed readahead is only needed on UDP, don't use it on TCP. (Save unneeded memcpy) 2002-01-10 22:00:17 +00:00
Howard Chu
ce7d8d26f2 Changed conn->c_cdn to struct berval. 2002-01-06 03:26:09 +00:00
Kurt Zeilenga
0e2af54a3f Update copyright statements 2002-01-04 21:17:25 +00:00
Howard Chu
029306a5be Use ldap_queue.h instead of <ac/queue.h> 2002-01-03 00:12:46 +00:00
Howard Chu
743c402265 Changed search attrs from struct berval ** to AttributeName * 2001-12-31 11:35:52 +00:00
Howard Chu
10961151ef Use queue-compat for Connection->c_ops,c_pending_ops 2001-12-31 04:08:29 +00:00
Howard Chu
776ce133e9 More str2rdn tweaks 2001-12-30 09:42:58 +00:00
Howard Chu
2f3399265c Changed sai_dn, sai_ndn to struct berval. (Affects op->o_dn,o_ndn, 
conn->c_dn,c_ndn, Access->a_dn_pat)
 2001-12-24 15:11:01 +00:00
Howard Chu
773b3aff16 more cleanup from jon@symas.com 2001-12-18 04:52:55 +00:00
Howard Chu
45aadbbbba Eliminate unnecessary per-operation dn_normalize(o_ndn); it's already 
done in do_bind() and there's space in the connection structure for c_ndn
already, just copy it.
 2001-12-09 14:46:29 +00:00
Kurt Zeilenga
b5504a1c36 Clean up some misplaced 'extern' declarations (should be headers) 2001-12-04 19:57:09 +00:00
Pierangelo Masarati
aee3600276 minor cleanup 2001-11-17 16:18:07 +00:00
Mark Adamson
8c16d30087 optimize number of calls to slap_get_time() 2001-11-13 01:38:30 +00:00
Howard Chu
a0a24d73dc Added backend_group result caching. 2001-11-12 19:25:41 +00:00
Howard Chu
693a81e1db More CLDAP tweaks, to differentiate between real LDAPv2 CLDAP and "other" 
LDAP/UDP messages. Slapd marks received CLDAP messages as LDAP_VERSION2.
The client library can generate CLDAP queries if -Protocol 2 is chosen,
otherwise not. LDAPv2 CLDAP cannot query the slapd rootDSE, gets no reply.
 2001-10-02 01:02:23 +00:00
Howard Chu
926b454765 Set protocol to LDAP_VERSION2 on UDP session. 2001-09-28 00:49:01 +00:00
Howard Chu
647b5f84ee Resurrection/rewrite of CLDAP (RFC1798 Connectionless LDAP). 
Compile with -DLDAP_CONNECTIONLESS to use this code.
For slapd, use "-h cldap://" to listen on UDP.
For ldapsearch, use "-H cldap://" to query on UDP.
Client-side support is very minimal:
  no automatic timeout/retries
  no basedn wildcard expansion on results
  no support for specifying multiple servers at once.
 2001-09-28 00:18:40 +00:00
Kurt Zeilenga
77f776dfd1 Another round of TLS updates to support secure referral chasing 2001-06-25 19:17:42 +00:00
Kurt Zeilenga
cc6fab319e Add support for separate max incoming for anonymous and authenticated 
sessions (defaults: 256K and 16M respectively).
 2001-05-29 20:00:55 +00:00
Kurt Zeilenga
4055077607 Add simple configure support for sockbuf max incoming 2001-05-05 07:29:21 +00:00
Kurt Zeilenga
abce5abf34 Quick sb_max_incoming hack, should be configurable (likely 
with differing anonymous vs authenticated values).
 2001-05-04 21:55:07 +00:00
Gary Williams
f49fd8a98e fix format 2001-01-17 16:35:53 +00:00
Gary Williams
d531a20f52 more new logging (finally), behind NEW_LOGGING 2001-01-11 17:11:23 +00:00
Mark Adamson
466ff113e1 ITS#897, internal connections need to free their single operation struct. 2000-12-08 22:34:22 +00:00
Kurt Zeilenga
82e7b2e049 label io as "ldap_" 2000-10-14 00:12:39 +00:00
Kurt Zeilenga
f164e69baa Don't recursive lock connections_mutex in idle timeout routine 2000-09-22 18:18:39 +00:00
Kurt Zeilenga
2b82d4f486 remove lint 
update bdb codes
 2000-09-22 01:40:57 +00:00
Kurt Zeilenga
d78a515860 Fix build issues 2000-09-21 23:00:51 +00:00
Mark Adamson
bf1ee530ea Implementation of SASL authorization. 2000-09-21 17:32:54 +00:00
Kurt Zeilenga
2e13824d0d Add "allow tls_2_anon" to allow StartTLS to force session to anonymous. 
Add "disallow tls_authc" to disallow StartTLS when session is authenticated.
Create and use connection2anonymous routine for consistency.
 2000-09-08 22:59:01 +00:00
Kurt Zeilenga
2c342e894c Minor change to connection error handling 2000-09-08 18:46:18 +00:00
Kurt Zeilenga
f97482e10f Fix authz bug introduced by last change 2000-09-05 19:45:06 +00:00
Kurt Zeilenga
c8c969a184 Rework connection lock code to avoid unnecessary lock reaquire 2000-09-05 19:11:27 +00:00
Kurt Zeilenga
488189aed2 Fix SSF ACLs 2000-09-05 18:48:09 +00:00
Kurt Zeilenga
309c458ed4 Experimental fix for deadlock 2000-09-02 00:19:06 +00:00
Kurt Zeilenga
553a78e2ee Don't drain after TLS failure.... causes busy forever loop 2000-08-30 22:08:19 +00:00
Kurt Zeilenga
bf3df2f7a6 restrictops, requires, disallow knobs; ssf acls; and misc other changes 
man pages to follow...
 2000-08-28 18:38:48 +00:00
Kurt Zeilenga
1c328aa9c7 Minor typedef and other clean ups 2000-08-26 01:14:05 +00:00
Kurt Zeilenga
20a67a2dbc needs ldap_pvt.h 2000-08-17 04:20:12 +00:00
Howard Chu
0f8047b95e Implemented ldap_pvt_tls_get_peer() for use with SASL/EXTERNAL. 
Added ldap_pvt_tls_get_strength() - return encryption strength, for
use as a SASL session security factor.
 2000-08-16 23:27:41 +00:00
Kurt Zeilenga
a50f391bb3 Working SASL security layers! 2000-07-28 00:04:07 +00:00
Kurt Zeilenga
b213ce3a69 Remove cruft 2000-07-27 20:12:16 +00:00
Kurt Zeilenga
e7e7bca4c0 Fix typo 2000-07-23 21:22:19 +00:00
Kurt Zeilenga
5bca08d716 Store sasl callbacks in session handle so that they can properly freed. 2000-07-15 00:01:09 +00:00
Kurt Zeilenga
5fc22599e2 Update SASL code to reuse context through life of session. 
Replace 'negotiated' with 'interactive' bind
Add hooks for SASL/EXTERNAL
Disable SASL security layers
Rework SASL command line and config file parameters
 2000-07-13 22:54:38 +00:00
Kurt Zeilenga
1f1993989a s/enable-unix/enable-local/ 
s/LDAP_PF_UNIX/LDAP_PF_LOCAL/
s/AF_UNIX/AF_LOCAL/
s/PF_UNIX/PF_LOCAL/
 2000-07-09 21:49:36 +00:00
Kurt Zeilenga
b7d1b10bca Minor cleanup 2000-06-14 21:11:56 +00:00
Kurt Zeilenga
ec426532b2 Reworked thread code to better support thread-library specific 
r/w locks and thread pools.  Hide internal structures (using
pthread'ish technics).  Place common code in threads.c.  Move
no-thread code to thr_stub.c.  Move thread pool code to tpool.c.
Removed setconcurrency call from initializer, added 'concurrency'
directive to slapd.  Tested code under pthreads, pth, and no-threads.
 2000-06-13 02:42:13 +00:00
Mark Valence
3cad129608 Removed active_threads count and associated mutex/cond. Replaced with 
ldap_pvt_thread_pool_backload() as needed.  All tests run OK on pthre
ads (linux), cthreads, NT threads, and Pth.
 2000-06-10 06:40:03 +00:00
Kurt Zeilenga
55dba4395f Update PF_INET6 and PF_UNIX detection, both default to auto 2000-06-09 23:09:51 +00:00
Kurt Zeilenga
88848d3aea ~ NULL was a bad idea. 2000-06-08 03:12:14 +00:00
Kurt Zeilenga
61be4bd0c8 remove pointer v. int lint from ber_sockbuf_ctrl. 2000-06-08 01:08:01 +00:00
Mark Valence
7ec6a4363f Use thread pool for operation threads. 2000-06-07 19:27:33 +00:00
Mark Valence
bac87c2562 Bug fix for new sockbuf code under NT. Added mutex protection against 
deadlock in connection_resched.
 2000-06-04 04:29:07 +00:00
Kurt Zeilenga
c23536faa9 remove lint 2000-06-01 22:01:00 +00:00
Kurt Zeilenga
2e0912622b ITS#537: lber io rewrite from Gambor Gombas. 
Copyright 2000 Gábor Gombás. All rights reserved.
This is free software. You may redistribute and use it under the same
terms as OpenLDAP itself.
 2000-06-01 20:59:21 +00:00
Kurt Zeilenga
60802201e3 Const'ification 
SASL mech removed from backend bind callback (as SASL is managed by frontend)
Changes to some backends are untested (as I don't have all dependent
  software install)
 2000-05-22 03:46:57 +00:00
Kurt Zeilenga
b2f56a7318 SLAPD_SCHEMA_NOT_COMPAT: framework for value_match() and value_find() 2000-05-21 22:46:51 +00:00
Kurt Zeilenga
4bc786f34b Y2k copyright update 2000-05-13 02:47:56 +00:00
Howard Chu
f0c4f83ea2 libldap/tls.c: change tls_verify_cb to no longer ignore verification errors. 
This means a ldaps connection may drop before any LDAP protocol exchange
occurs (due to expired cert, unrecognized CAs, etc.).
  Change ldap_pvt_tls_connect to copy any TLS error string to ld_error upon
connection failure, otherwise client just sees "can't contact LDAP server."

slapd/connection.c: add flush/delay when SSL_accept fails, to allow any
TLS alerts we generated to propagate back to the client. (Which will then
be picked up by ldap_pvt_tls_connect on the client...)
 2000-05-10 17:07:09 +00:00
Kurt Zeilenga
42a20681cc SASL closer to working from frontend only, need to work through 
states.
 2000-04-25 17:23:54 +00:00
Kurt Zeilenga
55ae3cffd8 SASL code without backend support. Should work with 
external store, but not yet tested.  [Intent is to support
both in same server... may not be doable]
 2000-04-25 16:03:17 +00:00
Kurt Zeilenga
10588da3c5 Print tag with SASL in progress operations error. 2000-03-02 01:20:00 +00:00
Kurt Zeilenga
ddb9755ba7 Move handling of operations errors due to submission of 
non-bind requests while a multi-step SASL bind process
is under to connection.c.  Return LDAP_OPERATIONS_ERROR,
not LDAP_SASL_BIND_IN_PROGRESS.
 2000-03-02 00:59:10 +00:00
Kurt Zeilenga
ac7f6c2e37 Replace do_*() return -1 with return SLAPD_DISCONNECT. 
Only return SLAPD_DISCONNECT with a send_ldap_disconnect()
was called.
Add initial code for support predetermined filter results
when filter is undefined (or known to be true or false).
 2000-02-29 23:48:01 +00:00
Luke Howard
9b4e3b2234 Merged in preliminary support for Cyrus SASL library; 
support for DCE slash-delimited, left-to-right DNs;
support for a domain socket transport (enable with
--enable-ldapi); and extensions to URL parsing to
support the latter transport.
 2000-01-02 01:21:25 +00:00
Mark Valence
bb693fd1b5 Bug fix: re-used Connection have TLS value for previous conn. 1999-12-09 21:06:42 +00:00
Kurt Zeilenga
64e8eeaa95 Slight modification to last commit to cast %ld args to long 1999-10-20 00:25:04 +00:00
Howard Chu
f0b0fe9f94 Fix stupid "got <garbage> of 0 so far" debug message after ber_get_next. 1999-10-19 12:15:42 +00:00
Kurt Zeilenga
7a0b0b2bbf In preparation for adding dn_rewrite()... 
s/dn_normalize/dn_validate/
s/dn_normalize_case/dn_normalize/
 1999-09-24 01:46:37 +00:00
Kurt Zeilenga
403f4479bc Add OpenLDAP RCSid to *.[ch] in clients, libraries, and servers. 
Replace old Id as needed (back-tcl).
Leave updating of contribWare to contributors (for now).
 1999-09-08 19:06:24 +00:00
Hallvard Furuseth
4a5e2febed Some constification & lint removal 1999-09-04 21:15:49 +00:00
Howard Chu
193d30bf84 In previous commit - change strerror() to STRERROR(). 
Use strerror() if available.
 1999-08-29 02:59:29 +00:00
Howard Chu
a60406860f Use strerror() 1999-08-29 01:50:12 +00:00
Kurt Zeilenga
0afcadc4dd Remove misplaced asserts. connection_resched changes connection state 
to UNUSED without holding connections mutex.  It's not safe for
connection_init to check connection state until after acquires the
c_mutex.
 1999-08-27 19:31:42 +00:00
Kurt Zeilenga
9bf50242c3 Plug ber leakage: 
result was leaking ber's in some error cases.  ber_flush now called
with no freeing so that caller of send_ldap_ber() can free its own ber.
c->c_currentber was also being leaked if connection was destory
current when a PDU input was outstanding.
Fixed ber_flush to free ber upon write only to file.
 1999-08-27 05:45:53 +00:00
Kurt Zeilenga
9e82379b6e More CSRI malloc debugging support and destroy sockbuf fix. 
Test008 now runs without leak.
 1999-08-19 18:48:17 +00:00
Kurt Zeilenga
8ead8c5fd9 Clean up debug messages. 1999-08-19 00:40:18 +00:00
Kurt Zeilenga
34647dd8d7 Force to LDAPv3 until BIND 1999-08-13 06:09:48 +00:00
Hallvard Furuseth
6054463eeb Minor cleanup: 
Fix Statlog() formats, remove an implicit int, include <ctype.h> for isspace().
 1999-08-07 05:36:48 +00:00
Kurt Zeilenga
9c3ed0310b Add copyright notices. 1999-08-06 23:07:46 +00:00
Kurt Zeilenga
b67eb8e2be Don't have time to finish SASL right now... this is a work in progress 
but is safely tucked away behind --with-cyrus-sasl.
 1999-08-04 00:11:22 +00:00
Kurt Zeilenga
68d561a97b Add limited LDAP_INVALID_DN_SYNTAX support. dn_normalize{,_case}() now returns 
NULL does not meet basic syntax rules.
 1999-07-22 17:14:42 +00:00
Kurt Zeilenga
933908f72f ACL CHANGES: 
by <who> <access> changed to by <who>+ <access> (joined with AND)
  added peername=<regex> sockname=<regex> url=<regex>
  removed addr=<regex> (use peername instead).
replace dn_upcase with str2upper and str2lower.  Use where needed.
 1999-07-21 20:54:23 +00:00