Commit Graph

2218 Commits

Author SHA1 Message Date
Kurt Zeilenga
d5b1892ccc Fix acl parse bug 1999-07-21 21:08:05 +00:00
Kurt Zeilenga
933908f72f ACL CHANGES:
by <who> <access> changed to by <who>+ <access> (joined with AND)
  added peername=<regex> sockname=<regex> url=<regex>
  removed addr=<regex> (use peername instead).
replace dn_upcase with str2upper and str2lower.  Use where needed.
1999-07-21 20:54:23 +00:00
Kurt Zeilenga
17eb202732 Unhex url extensions. 1999-07-21 20:44:40 +00:00
Julio Sánchez Fernández
5f53b747a5 Partial support for a new option to help debug TLS connections,
not yet user-settable.  Defaults "on" for now.
Partial support for temporary RSA keys, skeleton for DH.
Add call to X509V3_add_standard_extensions() on init, mod_ssl
does this too, but I am unsure about what it does.
Move management of client CA certificates to a new routine, since
it is going to get more complex than the current code.
1999-07-21 19:18:08 +00:00
Kurt Zeilenga
cf9a36da3f ITS#180: add note about server-side maximal size/time limits. 1999-07-21 18:12:15 +00:00
Kurt Zeilenga
a103bf9b38 Import date parser from libldap 1999-07-21 17:36:13 +00:00
Kurt Zeilenga
29b0ed18df Fix misplaced paragraph tag 1999-07-21 17:31:37 +00:00
Gary Williams
b8b68f0668 set tls_port to zero if !defined(HAVE_TLS) to satisfy assert in slapd_daemon_init 1999-07-21 15:08:50 +00:00
Julio Sánchez Fernández
f0f29cd82e Backout the input exhaustion change, it loops. Still looking for
the right way.
1999-07-21 13:22:35 +00:00
Gary Williams
f4eb2feba5 use rd instead of i looking for listeners (line 848) 1999-07-20 21:55:06 +00:00
Julio Sánchez Fernández
e892ebfc5e Some content for tls_verify_cb where parts of our policy should
be implemented.

The rest of this change mostly contains random ideas taken from
mod_ssl.  The purpose is to get the repository in sync with the
code I am testing.  I still can't manage to make Netscape send
its certificate to slapd, though it works with Apache/mod_ssl
(with the same certificates).  Trying s_client against both
does not shed any light.  If anyone manages to make it work,
please let us know.
1999-07-20 18:31:53 +00:00
Julio Sánchez Fernández
288a28a762 Add support for TLSVerifyClient. 1999-07-20 18:05:50 +00:00
Julio Sánchez Fernández
504038ffac Move the input data exhaustion loop to connection.c from daemon.c 1999-07-20 18:03:29 +00:00
Julio Sánchez Fernández
76227acb1f Move the input data exhaustion loop to connection.c from daemon.c
Let transport (TLS or somesuch) force reading or writing on
sockets even if the higher layers think otherwise.
1999-07-20 18:02:44 +00:00
Julio Sánchez Fernández
535cc34421 If we did gethostbyname, we need no further address manipulation. 1999-07-20 11:26:44 +00:00
Julio Sánchez Fernández
463a7ec91d We were freeing lud_dn when when lud_host was meant, leading to
arena corruption.
1999-07-20 11:11:57 +00:00
Kurt Zeilenga
cb94e155ae Don't call Debug inside a signal handler 1999-07-20 07:11:56 +00:00
Kurt Zeilenga
df14b954e2 Add -mthreads for AIX gcc. 1999-07-20 04:32:42 +00:00
Kurt Zeilenga
8006ea578c Rebuild configure using:
latest autoconf (from AnonCVS)
	aclocal from latest automake (from AnonCVS)
	libtool 1.3.3
1999-07-20 02:13:16 +00:00
Kurt Zeilenga
23565fca08 Update slapd(8) with new -h option. 1999-07-19 21:45:11 +00:00
Kurt Zeilenga
b2937bee5b s/struct entry/Entry/ 1999-07-19 21:08:59 +00:00
Kurt Zeilenga
598c472bf9 s/backend_db/slap_backend_db/ 1999-07-19 21:01:07 +00:00
Kurt Zeilenga
6847e329bc Fix new URL startup code. 1999-07-19 20:48:19 +00:00
Kurt Zeilenga
4fdd533a5a Update LDAP_URL_ERR_ handling. 1999-07-19 19:48:23 +00:00
Kurt Zeilenga
170836751a Namespace changes
added slap_ and ldbm_ to many structures
  added typedefs to many structures
  used typedefs
New main.c argument parsing with ldap url support (replacing -a address).
New sockaddr_in handling and support for multiple listeners.
1999-07-19 19:40:33 +00:00
Kurt Zeilenga
543aafd991 Implement RFC2255 URL format. 1999-07-19 19:32:47 +00:00
Kurt Zeilenga
d2487f9219 s/time(0)/time(NULL)/ 1999-07-19 19:28:21 +00:00
Kurt Zeilenga
c47a2c4fce Updates from libtool 1.3.3 1999-07-18 04:56:17 +00:00
Kurt Zeilenga
7e593d2efe Replace install-sh with Autoconf 2.13 distributed version (from MIT). 1999-07-18 04:22:56 +00:00
Kurt Zeilenga
e147dc7ac0 Versions from Autoconf CVS repository (stable branch). 1999-07-18 04:14:23 +00:00
Kurt Zeilenga
5932dedb5c Replace config.guess/.sub with versions from Autoconf 2.13. 1999-07-18 03:41:06 +00:00
Hallvard Furuseth
cde93a6e06 make ldap.ld_lberoptions unsigned, like berelement.ber_options 1999-07-18 01:20:45 +00:00
Hallvard Furuseth
30b3958f94 Introduce got_<gid,uid> (the r1.4 change misbehaved with -user <root>).
Also free <user> in !HAVE_GETPWUID case.
1999-07-18 01:04:49 +00:00
Kurt Zeilenga
12f481d657 Import patches mistakenly applied to OPENLDAP_DEVEL_REFERRALS.
ldap_modify: delete of last attribute value should delete attribute (ITS#229)
thr_nt: use sleep to yield
1999-07-18 00:33:30 +00:00
Kurt Zeilenga
f92d01c2bb fix substring_comp_candidates logic if intersection of candidates
is ever empty.  See ITS#228.
1999-07-16 22:26:57 +00:00
Kurt Zeilenga
059ee8c86d (re)introduce o_connid such that STATS doesn't need c_mutex (which it
didn't bother to acquire)...
1999-07-16 22:24:32 +00:00
Julio Sánchez Fernández
661102431a Document -T and -P 1999-07-16 20:03:53 +00:00
Julio Sánchez Fernández
fbd4c530ba Document a few TLS options that do something. 1999-07-16 19:56:32 +00:00
Hallvard Furuseth
48bb692d01 Add comment that socklen_t should be used 1999-07-16 18:59:37 +00:00
Hallvard Furuseth
425bab2c47 Add comment thatPass socklen_t* instead of int* to getsockopt, accept, getpeername, recvfrom 1999-07-16 18:57:11 +00:00
Julio Sánchez Fernández
0053b27ce0 Look on connection_read() if it returns positive so it has a chance
to exhaust all protocol units received from the transport layer.
I think this is the necessary fix for the TLS-data-ready/
socket-not-ready issue, but I have not experimented that problem
yet, so I am unsure about its effectiveness.
Now, do we need something like that for connection_write?  How would
we go about implementing it?
1999-07-16 18:53:30 +00:00
Julio Sánchez Fernández
ea8669c37d Clear c_needs_tls_acccept on ldap_pvt_tls_accept errors 1999-07-16 18:48:13 +00:00
Hallvard Furuseth
5ab862aee7 Pass socklen_t* instead of int* to getsockopt, accept, getpeername, recvfrom 1999-07-16 18:43:10 +00:00
Kurt Zeilenga
973f936ce7 Fix typo in last commit. 1999-07-16 17:07:53 +00:00
Kurt Zeilenga
afba0527a5 Don't use non-portable "ln -s -f". 1999-07-16 17:04:10 +00:00
Julio Sánchez Fernández
68b508d2f0 Move calls to ldap_pvt_tls_accept to connection_read instead of
connection_init so that we get into the select() logic.
Make use of new flags in the connection.
BTW, and before I forget, it sort of works.  I have connected with
a Netscape client using a secure connection and did a failed
search (my test database is empty), but the trace looked correct.
Make sure you have your CA certificate in your Netscape preinstalled.
Otherwise, the connection fails with error 0xFFFFFFFF that is rather
uninformative.
1999-07-16 15:52:17 +00:00
Julio Sánchez Fernández
85acec922f We were not remembering the allocated SSL thing in the Sockbuf.
Set flags without relying on errno (this change may be gratuitous
or wrong).
1999-07-16 15:46:15 +00:00
Julio Sánchez Fernández
a4a675f987 Two new flags in Connection. One to indicate that it is a raw TLS
section (that is, not SASL).  The second to indicate that we need to
do SSL_accept on this connection.
1999-07-16 15:43:47 +00:00
Julio Sánchez Fernández
8af470a543 Fix syntax oid for type 2.16.840.1.113730.3.1.34 (ref) 1999-07-16 10:51:31 +00:00
Julio Sánchez Fernández
ac49f25f75 Definitely, 'dn' and 'distinguishedName' are different things. The
former is a pseudo attribute type used internally by slapd to represent
the distinguished name of an entry and its existance should not be
visible.  The latter is an "abstract" attribute type that is not meant
to exist in practice except as supertype of other dn-valued types.
So, the definition of attribute type 2.5.4.49 has been changed to be
just distinguishedName.  Work on the OPENLDAP_DEVEL_SCHEMA branch will
treat pseudo attributes especially and will not be visible to the
clients.
1999-07-16 10:39:40 +00:00