Commit Graph

1583 Commits

Author SHA1 Message Date
Howard Chu
e8e7847175 ITS#1797 silence uninit'd var warnings 2002-05-04 10:52:05 +00:00
Howard Chu
3590877b77 Initialize authid in case ldap_pvt_tls_get_my_dn fails 2002-05-04 01:32:41 +00:00
Howard Chu
0390a171b9 Changed default tls_opt_require_cert value to LDAP_OPT_X_TLS_DEMAND; force
a fatal error when TLS server cert verification fails.

Changed ldap_pvt_tls_check_hostname to return LDAP_SUCCESS when no cert is
found: this can now only occur if tls_opt_require_cert was explicitly set
to NEVER or ALLOW.

In tls_verify_cb, added a text translation of the verification error code
to the debug message.
2002-05-04 00:05:48 +00:00
Howard Chu
6c1a786d6c Fix previous commit, wrong if condition 2002-05-03 13:07:42 +00:00
Howard Chu
ed871b997c Break up large SASL writes into units of SASL maxoutbuf size. 2002-05-03 13:04:55 +00:00
Howard Chu
931c4eb35f For Cyrus 2, cannot free session_callbacks in ldap_int_sasl_open, must
wait until ldap_int_sasl_close because SASL doesn't copy our structure,
it uses it directly.
2002-05-03 12:10:47 +00:00
Kurt Zeilenga
8c152396b9 Matched Values implementation (ITS#1776) based upon submission
form Mikhail Sahalaev <M.Sahalayev@pgr.salford.ac.uk>.
Further work needed:
	add testxxx-matchedvalues
	rework ldapsearch(1) portion of patch to generalize use of options
---
Copyright 2001, Mikhail Sahalaev, All rights reserved.
This software is not subject to any license of University Of
Salford.

Redistribution and use in source and binary forms are permitted
without restriction or fee of any kind as long as this notice
is preserved.
2002-05-02 18:56:56 +00:00
Howard Chu
b732d3ec55 Fix previous commit, only zero out v3 refer_cnt if we got a SEARCH_RESULT.
If we got a SEARCH_REFERENCE, we need to keep going...
2002-05-02 12:08:19 +00:00
Kurt Zeilenga
d82d018f20 add an RFC 2849 check... but behind #if 0 as I'm now thinking this
is not appropriate.
2002-05-01 04:40:26 +00:00
Kurt Zeilenga
96483c8dcd cleanup before working on changes 2002-05-01 04:23:59 +00:00
Howard Chu
c9699c1072 Fix previous commit - must fully init newAVA 2002-04-30 14:43:05 +00:00
Howard Chu
b005540094 Added ldap_ucs_to_utf8s to convert ASN.1 T61STRING, BMPSTRING, and
UNIVERSALSTRING to UTF-8 format.

Rewrote ldap_X509dn2bv to check ASN.1 types and use above function.
2002-04-30 13:57:01 +00:00
Howard Chu
de3e81cebb Changed ldap_pvt_tls_get_my_dn and ldap_pvt_tls_get_peer_dn to store result
in dn parameter and return a result code.
2002-04-30 13:50:56 +00:00
Pierangelo Masarati
d019bff7b8 First commit of Hallvard's backend documentation effort
Backend documentation patch, version 1

================
Most of this text is taken from OpenLDAP.  The work of rewriting it
to manual pages is done by by Hallvard B. Furuseth and placed into
the public domain.  This software is not subject to any license of
the University of Oslo.
================

Hallvard B. Furuseth <h.b.furuseth@usit.uio.no>, April 2002.
2002-04-29 20:24:29 +00:00
Stig Venaas
e08bc054c7 Adding support for compatibility decomposition to ucdata lib, and switch
from NFC to NFKC in UTF8bvnormalize() and UTF8bvnormcmp()
2002-04-19 12:59:57 +00:00
Howard Chu
5528772f23 In ldap_int_tls_start, authid is very temporary, not const. 2002-04-19 04:35:16 +00:00
Howard Chu
202aa8c793 Fix memory leak in previous commit 2002-04-18 16:02:02 +00:00
Howard Chu
17ae956518 Added ldap_X509dn2bv()
deleted ldap_pvt_tls_get_peer()
  changed ldap_pvt_tls_get_peer_dn() to use ldap_X509dn2bv()
  added ldap_pvt_tls_get_my_dn()
2002-04-18 12:29:30 +00:00
Howard Chu
315ac06912 Fix warnings from sasl_errdetail 2002-04-18 12:20:55 +00:00
Howard Chu
98a416b584 Additional error reporting for Cyrus SASL 2. Attempt to get SASL-EXTERNAL
working ifor Cyrus 2. (Both GSSAPI and EXTERNAL are broken at the moment.)
2002-04-18 00:48:36 +00:00
Howard Chu
dc3e5fb99d ITS#818, ITS#980, ITS#1234 ldapsearch/referral hang - set refer_cnt to 0
after v3refs have been chased. They are fully processed by the time we get
back, so we should just return the current result message to the caller.
2002-04-16 12:53:13 +00:00
Howard Chu
491d2ae5b9 ITS#1720 chk_sasl for Cyrus SASL 2 2002-04-16 04:05:51 +00:00
Kurt Zeilenga
709ce4fa6c Re: Patch: ctype functions require 'unsigned char' args (ITS#1678)
================
Written by Hallvard B. Furuseth and placed into the public domain.
This software is not subject to any license of the University of Oslo.
			================

Here are fixes for more places where the argument to ctype.h functions
should be in the range of `unsigned char'.

Explanation of the last patch (to schema_init.c:bvcasechr()):
TOLOWER() and TOUPPER() return values in the range of `unsigned char',
but bvcasechr() then compares those values with a plain `char'.  So I
convert the return values from TOLOWER()/TOUPPER() to `char' first.

Hallvard B. Furuseth <h.b.furuseth@usit.uio.no>, April 2002.
2002-04-15 20:42:42 +00:00
Kurt Zeilenga
319440033f Patch: ucdata 2.4 bugs (ITS#1751)
================
Written by Hallvard B. Furuseth and placed into the public domain.
This software is not subject to any license of the University of Oslo.
			================

ucgendat.c accessed unallocated memory when i == ncodes_size.

The changes others are trivial, I just include them since I'm patching
ucdata anyway:

ucdata.c   had some pointless '0 <= unsigned' comparisons.

ucstr.c    assigned a long* to an unsigned long*.  Since malloc()
           returns void*, the result need not be cast at all.

I'll send the ucgendat.c and ucdata.c patches to Mark Leisher
<mleisher@crl.nmsu.edu>.

Hallvard B. Furuseth <h.b.furuseth@usit.uio.no>, April 2002.
2002-04-15 20:39:22 +00:00
Kurt Zeilenga
02e8527248 Patch: Escape character troubles (ITS#1753)
================
Written by Hallvard B. Furuseth and placed into the public domain.
This software is not subject to any license of the University of Oslo.
			================

maildap could address buf[-1] if len was < 2.

REWRITE_SUBMATCH_ESCAPE is '%', not '\'.

librewrite and saslautz could walk past the end of a string which
ended with an escape character.

Hallvard B. Furuseth <h.b.furuseth@usit.uio.no>, April 2002.
2002-04-15 18:29:39 +00:00
Howard Chu
bb17493d31 ITS#1732 signed/unsigned fixes 2002-04-11 08:47:37 +00:00
Pierangelo Masarati
4a2b9b2195 ITS#1730 2002-04-08 18:39:23 +00:00
Pierangelo Masarati
8de44663f7 ITS#1730 and completion of ITS#1701 2002-04-08 10:34:04 +00:00
Pierangelo Masarati
4a8ab5dbf2 Mostly based on patches provided by Hallvard B. Furuseth
ITS#1677 - cast away const warnings
ITS#1678 - unsigned char args to ctype funcs
ITS#1682 - don't redefine ldap_debug
ITS#1683 - uninitialized vars
ITS#1703 - ldo_debug initialization
ITS#1705 - unsigned testing
ITS#1706 - socklen_t args
ITS#1719 - back-tcl update (other cleanups/fixes/improvements; yet untested)
ITS#1724 - integerNormalize/integerFilter/integerIndexer bugs
ITS#1725 - libdes not required

Implement back-null (/dev/null style backend)
Cleanup some misc warnings ("%lu" format, unused/uninitialized vars,
        ambiguous operator precedence)

Kurt, please regenerate configure
2002-04-08 09:43:22 +00:00
Pierangelo Masarati
6b8e16efec fix ambiguous use of && and || (please check :) 2002-04-06 09:30:24 +00:00
Howard Chu
5c70106657 ITS#1708 ldap_pvt_tls_sb_ctx() et al 2002-04-05 06:48:03 +00:00
Stig Venaas
891f987928 Changed to use lower case for case folding 2002-04-04 12:50:46 +00:00
Kurt Zeilenga
b0b8546f05 Patch: More format bugs (ITS#1702)
================
Written by Hallvard B. Furuseth and placed into the public domain.
This software is not subject to any license of the University of Oslo.
2002-04-02 18:56:26 +00:00
Kurt Zeilenga
26b99bc35d ITS#1701. Fix ber_scanf() return tag handling.
Based upon patch submitted by Hallvard B. Furuseth <h.b.furuseth@usit.uio.no>.
2002-04-02 18:40:04 +00:00
Julius Enarusai
b082ed9355 Added LDAP_LOG Messages 2002-04-02 00:22:57 +00:00
Julius Enarusai
e86782aab9 Added LDAP_LOG messages 2002-04-01 23:39:36 +00:00
Julius Enarusai
fff5d3de60 Added LDAP_LOG messages 2002-04-01 22:31:44 +00:00
Julius Enarusai
e30c52dfb7 Added LDAP_LOG Messages 2002-04-01 22:28:02 +00:00
Julius Enarusai
70c73da22c Added LDAP_LOG messages 2002-04-01 22:08:32 +00:00
Kurt Zeilenga
111b464642 move ldap_int_put_filter to ldap_pvt_put_filter
and other cleanup
2002-03-30 00:42:40 +00:00
Julius Enarusai
b7bd4368d9 Added LDAP_LOG messages 2002-03-29 17:46:28 +00:00
Julius Enarusai
ae31411a0d Added LDAP_LOG messages 2002-03-27 22:35:35 +00:00
Julius Enarusai
688f45dd06 Added LDAP_LOG messages 2002-03-27 22:23:24 +00:00
Julius Enarusai
171281f3ec Added LDAP_LOG messages 2002-03-27 22:03:35 +00:00
Julius Enarusai
3921e1b0c2 Added LDAP_LOG messages 2002-03-27 21:38:32 +00:00
Julius Enarusai
c0325aed88 Added LDAP_LOG messages 2002-03-27 21:16:36 +00:00
Julius Enarusai
3654b0d4c0 Added LDAP_LOG messages 2002-03-27 19:51:13 +00:00
Julius Enarusai
9c90811315 Added LDAP_LOG messages 2002-03-27 19:43:07 +00:00
Julius Enarusai
a299e74d21 Added LDAP_LOG messages 2002-03-27 19:37:50 +00:00
Julius Enarusai
b4243bc119 Added LDAP_LOG messages 2002-03-27 19:28:43 +00:00
Julius Enarusai
150aa3fc7b Added LDAP_LOG messages 2002-03-27 19:18:11 +00:00
Julius Enarusai
3ab1ea7300 Added LDAP_LOG messages 2002-03-27 19:12:18 +00:00
Julius Enarusai
e4f2c9425a Added LDAP_LOG messages 2002-03-27 18:50:45 +00:00
Julius Enarusai
d88bc7a8b5 Added LDAP_LOG messages 2002-03-27 18:20:08 +00:00
Kurt Zeilenga
e0f33c6674 s/getdat/gendat/ 2002-03-24 01:55:37 +00:00
Kurt Zeilenga
a64cae0f8c Need a bigger buffer 2002-03-23 21:14:50 +00:00
Pierangelo Masarati
e8c5f59d84 ldap_int_thread_pool_wrapper was called with wrong prototype (ITS#1673)
================
Written by Hallvard B. Furuseth and placed into the public domain.
This software is not subject to any license of the University of Oslo.
                        ================

ldap_int_thread_pool_wrapper() was defined with an parameter
struct ldap_int_thread_pool_s* but called with a void* argument.
Since these may have different representations, it can crash.


Hallvard B. Furuseth <h.b.furuseth@usit.uio.no>, March 2002.
2002-03-23 17:24:38 +00:00
Kurt Zeilenga
fcf9f451a5 Copyright 2001, Adrian Thurston, All rights reserved.
This software is not subject to any license of
Xandros Corporation.

This is free software; you can redistribute and use it under the same
terms as OpenLDAP itself.

 -------------------------------------------------------------------
This patch adds an option to ldap_get_option which can be called after
ldap_start_tls in order to obtain the pointer to the SSL object used
2002-03-11 03:39:08 +00:00
Stig Venaas
c476878fde Using new UTF8bv* all over, getting rid of UTF8normalize() and
UTF8normcmp().
2002-02-27 16:11:24 +00:00
Stig Venaas
94983da942 Added code for approximate matching in UTF8bvnormalize() and changed to use
this in approxMatch etc in schema_init.c
2002-02-26 18:38:40 +00:00
Stig Venaas
d6c3ccadc4 Optimizing UTF8bvnormcmp() by adding flags that tells which arguments are
in NFC. By default no arguments are assumed to be NFC.
2002-02-25 13:20:09 +00:00
Kurt Zeilenga
d50eb2e959 C translator portability changes (ITS#1609) 2002-02-23 23:47:37 +00:00
Kurt Zeilenga
6d9307b534 Silence a warning 2002-02-23 23:26:48 +00:00
Kurt Zeilenga
3d9cf98dad If port is zero, use default. 2002-02-21 15:39:35 +00:00
Stig Venaas
9e8f3053cb Added UTF8bvnormcmp(), should replace UTF8normcmp() 2002-02-20 15:51:10 +00:00
Pierangelo Masarati
2aec424646 use memchr in ber_bvchr 2002-02-14 21:10:13 +00:00
Pierangelo Masarati
215448ac83 substrings match works with NULs in UTF8 strings 2002-02-14 18:55:38 +00:00
Pierangelo Masarati
c31596eb78 not-so-easy-to-spot bug in filter writing 2002-02-14 18:01:15 +00:00
Stig Venaas
217103b138 Added UTF8bvnormalize which is like UTF8normalize but returns berval. It
can be passed a pointer to the berval to be used for the return value. If
this is NULL, it will allocate a new one.
2002-02-14 14:03:27 +00:00
Howard Chu
933f6a5fdd For ITS#1601, add ber_init2() using given buffer in-place instead of
allocating a copy.
2002-02-14 13:32:40 +00:00
Pierangelo Masarati
32e48d9e4d disallow unescaped NULs in UTF-8 string values 2002-02-13 22:49:03 +00:00
Kurt Zeilenga
63bdcda971 Fix for Linux on zSeries. 2002-02-13 21:26:24 +00:00
Pierangelo Masarati
39891e4e5b make UTF8STringNormalize handle NUL 2002-02-13 21:25:57 +00:00
Kurt Zeilenga
427478a753 Use memchr, not strlen, to look for embedded NULs. 2002-02-13 17:48:39 +00:00
Kurt Zeilenga
dd12660a14 Add embedded NUL check. This is one case where we don't want to
be liberal in what we accept.
2002-02-13 17:23:33 +00:00
Kurt Zeilenga
ee6d1a4d40 Check for NULs in DNs. 2002-02-13 16:41:41 +00:00
Pierangelo Masarati
6913aadcdf minor cleanup 2002-02-13 14:44:08 +00:00
Pierangelo Masarati
33d5f0f8f8 honor the ber_len field to allow to exploit ldap_bv2[r]dn to handle DNs embedded in longer strings ... 2002-02-13 12:09:36 +00:00
Pierangelo Masarati
a117c5eee7 use ldap_bv2[r]dn and turn ldap_str2[r]dn into wrappers 2002-02-13 11:46:33 +00:00
Howard Chu
b1c39eff65 Fix previous commit, need to detect very short packets. 2002-02-13 11:29:05 +00:00
Pierangelo Masarati
959edd88c0 prepare for ldap_bv2dn() 2002-02-13 10:05:22 +00:00
Howard Chu
ab099caed5 ber_get_next: return error if decoded ber_len is smaller than actual count 2002-02-13 09:59:10 +00:00
Kurt Zeilenga
f1cc2b7ab2 #if 0 RDN debugging 2002-02-13 08:00:31 +00:00
Kurt Zeilenga
275f3be363 Misc. DN fixes and cleanups, namely don't muck with AVA_BINARY values
Also, pass empty_bv when bv_val is NULL.
2002-02-13 06:35:27 +00:00
Kurt Zeilenga
a9cf0f5c08 Add uuid_to_str() detection. 2002-02-11 20:17:08 +00:00
Kurt Zeilenga
defed68e82 Fix typo 2002-02-11 18:18:34 +00:00
Howard Chu
a916535a27 Fix #include of sasl.h 2002-02-11 09:39:15 +00:00
Kurt Zeilenga
d23c559646 Don't use 'shtool mkln' as ln(1) replacement.
Allow both <sasl/sasl.h> and <sasl.h>
2002-02-11 08:28:51 +00:00
Kurt Zeilenga
ce07fb958e Update libtool usage
s/-L.../libraries -lldap/.../libraries/libldap/libldap.la/
2002-02-10 22:42:51 +00:00
Kurt Zeilenga
b315d8af34 Update Cyrus SASL detection to always look for <sasl.h> regardless
of version and then try -lsasl2 and -lsasl.  Make SASL code
conditional on SASL_VERSION_MAJOR, not HAVE_CYRUS_SASL.
2002-02-10 17:51:19 +00:00
Howard Chu
8a4e92b259 Support for Cyrus SASLv2. Untested. 2002-02-10 14:27:23 +00:00
Howard Chu
ffa4b26343 Slightly better fix for library cleanup. Requires GCC. 2002-02-09 01:09:23 +00:00
Howard Chu
1fba3a5c13 Fix flag initialization 2002-02-08 21:53:04 +00:00
Howard Chu
7d41a446cb Added conversion from UTF-8 to T.61. 2002-02-01 03:13:04 +00:00
Howard Chu
cb88cae005 First pass at T.61 <-> UTF-8 translation. Only does T.61 to UTF-8.
Feel free to inspect, not yet ready for use.
2002-01-31 13:42:06 +00:00
Howard Chu
63a4a19732 Send a warning to the client if we try to use a bad cert. 2002-01-27 03:48:08 +00:00
Howard Chu
c3c85b4062 Extended TLS_REQCERT/TLSVerifyClient syntax to 4 states: never,allow,try,
and hard/demand.
2002-01-27 02:56:18 +00:00
Howard Chu
c81d2bb855 Fix, errno was incorrect after SSL_read returned 0 bytes, caused slapd to
close the connection prematurely.
2002-01-26 13:43:22 +00:00
Howard Chu
25cd89b443 Use ber_scanf 'm' format for ignored UDP string 2002-01-17 23:30:05 +00:00
Kurt Zeilenga
7f0289a390 Move most of the new ber_*cmp routines to lber_pvt.h to keep them private,
rework them slightly to avoid computations which might result in underflow.
Rename them for consistency with other berval routines.
Remove some utf8 lint.
2002-01-16 18:16:15 +00:00