Hallvard Furuseth
a1e27aae40
Format fix: Make style_strings[] global for debug output in dynacl_aci_parse()
2005-07-04 06:25:02 +00:00
Howard Chu
9c246fce39
ITS#3830, fix val-specific ACLs
2005-07-03 01:51:35 +00:00
Kurt Zeilenga
b703938d61
symbol rename for AIX (ITS#3787)
2005-06-16 19:17:38 +00:00
Howard Chu
8f58409749
Add SLAP_MOD_INTERNAL flag to Modifications, allow internal ops to bypass
...
ACL checks when modifying user-modifiable attributes as non-root user.
2005-06-04 09:44:39 +00:00
Howard Chu
f19a4ea9ec
More value ACL style tweaks
2005-05-10 00:51:28 +00:00
Pierangelo Masarati
a6f8cd07f6
partially revert previous commit (ITS#3652)
2005-04-13 01:03:46 +00:00
Pierangelo Masarati
a85603c10b
more on ITS#3652
2005-04-12 22:38:54 +00:00
Pierangelo Masarati
2430af4e8b
fix slapacl when doing cross-database access checking
2005-04-12 22:13:42 +00:00
Pierangelo Masarati
387864a9f2
cleanup previous commit
2005-04-12 19:35:53 +00:00
Pierangelo Masarati
d2dd3a616c
hide changes behind specific #ifdef, conditioned by LDAP_DEBUG; always allow access on back-dnssrv
2005-04-12 01:07:30 +00:00
Pierangelo Masarati
f103c78530
cleanup previous commit
2005-04-12 00:34:13 +00:00
Pierangelo Masarati
15016154b6
add ACL hook to overlays
2005-04-12 00:24:04 +00:00
Pierangelo Masarati
91b4e991be
cleanup & silence warnings
2005-04-11 21:35:34 +00:00
Pierangelo Masarati
4abbf9c610
implement add/delete granularity in write access (ITS#3631)
2005-04-08 00:18:24 +00:00
Pierangelo Masarati
e0fd9ebf14
cleanup previous commits
2005-04-04 11:19:21 +00:00
Pierangelo Masarati
3eb87b2faa
implement "realdn" by clause in ACLs (ITS#3627; accounting for Howard's remarks)
2005-04-03 01:59:03 +00:00
Pierangelo Masarati
584b21d20b
initial commit of "level" styles for "dn" and "self" by clauses (ITS#3615)
2005-03-31 18:10:11 +00:00
Pierangelo Masarati
a96f2af281
more dnParent() and misc cleanup
2005-03-30 22:45:46 +00:00
Pierangelo Masarati
22bc85dc77
minor cleanup
2005-03-30 18:58:52 +00:00
Howard Chu
0076b40c32
Convert backendInfo/backendDB to STAILQs
2005-03-24 05:13:31 +00:00
Howard Chu
1e5f43ddd1
In aci_set_gather propagate op->o_private to subordinate search
2005-03-17 22:28:30 +00:00
Howard Chu
e0ca6e386e
Added acl_unparse, slap_sasl_getpolicy
2005-02-22 12:02:34 +00:00
Pierangelo Masarati
b381e1bcc8
cosmetic changes
2005-01-12 14:25:08 +00:00
Kurt Zeilenga
1c5d78d8dd
Add "disclose" and "manage" ACL levels (but no meat).
...
Disclose permission intended to be used for "disclose on error"
(as in our present "none"), none being "don't disclose on error".
Manage permission is intended to be used to allow DSA IT management
(e.g., changing entryCSNs, structuralObjectClass, etc.).
2005-01-08 05:26:18 +00:00
Kurt Zeilenga
dc0eacd40b
Happy New Year!
2005-01-01 20:49:32 +00:00
Pierangelo Masarati
e891dbcdc4
fix dynacl compile
2004-11-26 00:34:48 +00:00
Howard Chu
90cc409325
Split Operation into Opheader and op
2004-11-25 22:59:00 +00:00
Howard Chu
3a5bde98ba
Disable back-bdb native syncrepl support, enable syncprov overlay,
...
remove syncrepl stuff from Operation struct
2004-11-25 21:16:54 +00:00
Pierangelo Masarati
dceaa05c0e
should fix compile when SLAPD_ACI_ENABLED is undefined
2004-11-23 21:20:13 +00:00
Pierangelo Masarati
f93d4a31e8
allow a "users" type in ACI
2004-11-20 14:07:07 +00:00
Pierangelo Masarati
cc0353610f
more cleanup and ITS number
2004-11-20 12:12:57 +00:00
Pierangelo Masarati
c75386a279
cleanup fix to ITS#3303
2004-11-20 12:07:39 +00:00
Pierangelo Masarati
40762c524a
fix ITS#3303
2004-11-20 11:55:46 +00:00
Pierangelo Masarati
1e650374c2
add more semantics to the "type" field; fix a bug in anonymous operations; treat children aci_mask() as internal searches
2004-11-20 11:45:05 +00:00
Pierangelo Masarati
e79fbb88cf
move ACIs under a dynamic infrastructure that allows run-time loadable custom access control logic (needs work)
2004-11-20 01:27:03 +00:00
Pierangelo Masarati
947268c5ee
partially revert previous commit (the "creator" special DN pattern is redundant as "dnattr" is more expressive
2004-11-15 22:57:03 +00:00
Pierangelo Masarati
064eb88ef8
move special dn patterns to style enum; add creator special dn pattern
2004-11-15 22:15:28 +00:00
Pierangelo Masarati
9eabe1365b
improve memory allocation in sets
2004-10-08 15:07:22 +00:00
Pierangelo Masarati
2f6f6f6a07
"optimize" sets: since the attr part must be an attribute, use the AttributeDescription
2004-10-08 00:28:16 +00:00
Pierangelo Masarati
58edfcca31
improve previous commit
2004-10-07 23:38:17 +00:00
Pierangelo Masarati
aa2e9413f1
fix previous commit
2004-10-07 22:31:36 +00:00
Pierangelo Masarati
e5ade14256
improve previous commit; now attrs in URI, if any, are added to that in the [<dn>]/<attr> form
2004-10-07 20:44:01 +00:00
Pierangelo Masarati
6a9bf9765e
add URI search to sets; documentation to come...
2004-10-07 17:05:48 +00:00
Pierangelo Masarati
2b74930cb0
s/free/slap_sl_free/
2004-10-06 23:53:30 +00:00
Pierangelo Masarati
4204aee7b9
extend the availability of submatches to non-regex DN patterns
2004-10-06 22:03:33 +00:00
Pierangelo Masarati
6ef9689b3f
fix string_expand error cases; cleanup
2004-10-04 20:52:58 +00:00
Kurt Zeilenga
d611a4b49a
unifdef -UNEW_LOGGING
2004-09-04 04:54:28 +00:00
Howard Chu
91033d6552
Reworked fix for ITS#3140 - add access parameter to backend_attribute
2004-08-18 17:14:22 +00:00
Pierangelo Masarati
bfb6465533
cleanup
2004-08-06 16:40:15 +00:00
Pierangelo Masarati
cd9a9c628d
frontend stuff moved into a database structure, essentially to allow overlays to be processed before database selection; passes all tests (ITS#3080)
2004-07-26 21:26:34 +00:00
Pierangelo Masarati
74f224583b
quick fix for ITS#3215; needs work to re-enable ACI caching, if possible at all
2004-07-02 16:45:06 +00:00
Pierangelo Masarati
6465801cfc
beautify comment
2004-06-30 16:26:06 +00:00
Pierangelo Masarati
f109f1eb6d
fix ITS#3140
2004-05-12 23:29:42 +00:00
Pierangelo Masarati
d40e5a365a
fix DN_SEPARATOR() and clarify its use
2004-05-07 09:03:05 +00:00
Pierangelo Masarati
b34cf02488
more on fixing escaped semicolon in normalized DN
2004-05-07 02:18:08 +00:00
Pierangelo Masarati
b69a2acdf5
use fist backend only if there is no global ACL (ITS#3100)
2004-04-20 19:26:02 +00:00
Pierangelo Masarati
1c952c8a7e
revert prevuos NULL o_bd commit
2004-04-20 15:18:06 +00:00
Pierangelo Masarati
30f697beeb
improve dn.one="" fix
2004-04-20 14:50:16 +00:00
Pierangelo Masarati
537a4cae02
global ACLs were not used because op->o_bd is set to &backends[0] if NULL
2004-04-20 14:42:48 +00:00
Pierangelo Masarati
3c5f305a7f
fix acl bug when using dn.one=""
2004-04-20 14:15:39 +00:00
Kurt Zeilenga
1372965d89
ITS#3092: Rename sl_free() and friends to slap_sl_free()
2004-04-20 03:44:57 +00:00
Pierangelo Masarati
7b65d46b1b
add slapacl tool
2004-04-20 00:08:44 +00:00
Kurt Zeilenga
c7f0438044
bvalue cleanup
2004-04-08 06:49:17 +00:00
Kurt Zeilenga
44725e7303
use BER_BVNULL
2004-04-07 04:11:43 +00:00
Kurt Zeilenga
c7e89d57be
swap be_isroot and be_isroot_dn symbols
2004-04-06 01:06:20 +00:00
Pierangelo Masarati
e516247068
exploit new isroot_dn helper
2004-04-05 17:31:27 +00:00
Howard Chu
35c774d3b8
Yet more for ITS#3008. Seems to work properly now.
2004-03-10 09:11:20 +00:00
Howard Chu
3853fade60
More for ITS#3008
2004-03-10 08:00:41 +00:00
Howard Chu
cac30b1855
ITS#3008 fix value-based ACLs
2004-03-10 02:59:03 +00:00
Pierangelo Masarati
006745430e
allow "expand" style in peername, sockname, sockurl as well; more sanity checks
2004-03-09 19:44:14 +00:00
Pierangelo Masarati
042869366d
use "expand" instead of "regex" for group ACLs that allow substring expansion, preserving backwards compatibility; add sanity checks
2004-03-09 16:33:05 +00:00
Pierangelo Masarati
a4e062ca36
apply advanced peername ACL (ITS#2907)
2004-03-08 18:49:12 +00:00
Kurt Zeilenga
3c598e89fb
Happy new year
2004-01-01 19:15:16 +00:00
Luke Howard
c03a70955d
Make defaulted backend available to ACL plugin pblock
2004-01-01 09:42:44 +00:00
Luke Howard
03e5db818f
Fix ACL plugin bug - return value of ACL plugins was being ignored
2004-01-01 06:33:18 +00:00
Luke Howard
f289d6b7f0
Fix assertion failure if acl_check_modlist() called where op->o_bd == NULL.
...
Behavior now matches access_allowed() - the first backend is used. The
code needs review, I have not tested it.
2003-12-30 03:50:14 +00:00
Luke Howard
0549d46adf
Don't require slapi to be in the path - always include slapi/slapi.h
2003-12-28 04:17:48 +00:00
Pierangelo Masarati
f2a9089e4d
cleanup most of the -pedantic warnings (ITS#2884) and other small fixes
2003-12-17 20:55:46 +00:00
Luke Howard
516fd0ff50
First round of SLAPI cleanups - use slapi_int_XXX for internal functions
...
(slapi_x_XXX is still reserved for exported functions that are not part
of the SLAPI specification)
2003-12-16 15:49:31 +00:00
Pierangelo Masarati
ee34f3fb64
add to 'val[.<style>=<value>' ACLs special match styles for DN-valued attributes; add negated objectClass to attribute name lists for ACLs and partial replication
2003-12-16 00:49:10 +00:00
Kurt Zeilenga
4e15a84452
Updated notices
2003-11-27 01:17:14 +00:00
Howard Chu
01f7a7466b
SLAPI fix - no-op when slapi_plugins_used == 0
2003-10-24 05:58:42 +00:00
Howard Chu
1240c70ff4
ITS#2497, implement value-level ACLs:
...
access to attr=foo val.regex=bar.*
2003-09-20 03:23:10 +00:00
Howard Chu
94e88c3700
ITS#2679 don't use cached ACL state from different attribute
2003-09-16 22:03:26 +00:00
Kurt Zeilenga
a1b9d3148e
subtree ACI patch from Ralf
2003-09-09 18:37:31 +00:00
Luke Howard
0edb270b9e
Support for ACL plugins
2003-08-31 08:17:21 +00:00
Howard Chu
dc41a6b37e
ITS#2529 null DN in log
2003-05-22 09:22:41 +00:00
Kurt Zeilenga
231f8464d1
cleanup
2003-04-29 21:14:12 +00:00
Kurt Zeilenga
5cd994ed21
remove dnNormalize2
...
replace calls to dnNormalize2 with calls to dnNormalize
2003-04-29 18:28:14 +00:00
Luke Howard
86a18c2ea2
Don't pollute op->o_bd in access_allowed()
2003-04-18 04:57:15 +00:00
Pierangelo Masarati
194528d689
fix ACI per-thread memory management
2003-04-12 17:42:51 +00:00
Howard Chu
280fc819cf
Memory context tweaks for Bind
2003-04-12 06:56:42 +00:00
Howard Chu
ece7452b05
More memory context tweaks
2003-04-11 01:29:28 +00:00
Kurt Zeilenga
c75be97ae9
#ifdef -DSLAP_NVALUES
2003-04-05 03:35:16 +00:00
Pierangelo Masarati
df29552130
fix new API leftover
2003-04-03 21:17:44 +00:00
Howard Chu
e8c58b4e7f
Major API change - (SLAP_OP_BLOCKS) All request parameters are
...
consolidated into the Operation structure. All reply parameters
are consolidated into the new SlapReply structure. Most operations
now have identical call signatures... Changes are not #ifdef'd,
revert to -r NO_SLAP_OP_BLOCKS if necessary to back out.
2003-03-30 09:03:54 +00:00
Howard Chu
5ad51b6150
SLAP_NVALUES tweaks - after input, a_nvals is always populated. If there is
...
no normalizer, a_nvals = a_vals.
2003-03-24 01:56:56 +00:00
Howard Chu
3f48cabdde
Fix typo
2003-03-23 15:45:06 +00:00
Kurt Zeilenga
8873006105
SLAP_NVALUES changes
...
and misc cleanup
2003-03-16 18:10:16 +00:00
Kurt Zeilenga
c0477e1532
Fix test006-acls
2003-03-15 23:02:55 +00:00