Commit Graph

3544 Commits

Author SHA1 Message Date
Pierangelo Masarati
05348c5fc5 CHANGES:
- now all write operations appear to work correctly with PostgeSQL 7.0
- all write operations have been made transactional (atomic writes to
  entries are committed separately only in case of complete^1 success
  while all other operations are rolled-back by default)
- more cleanup and handling of exceptional conditions

TODO:
- deen to check with different databases and more up to date versions
  of both unixODBC and PostgreSQL.

^1: attribute add/modify/delete operations silently succeed if the
    appropriate add/delete proc does not exist for each attribute;
    this may be correct to hide undesired/unimplemented correspondence
    between LDAP and SQL databases; however, a more appropriate
    LDAP behavior would be a failure with LDAP_UNAVAILABLE if a
    single write operation cannot be executed for such reason
2002-08-16 16:45:24 +00:00
Pierangelo Masarati
b95ab4ac64 add function slap_modrdn2mods that prepares modifications list for delete/add old/new rdn values 2002-08-16 16:35:16 +00:00
Pierangelo Masarati
3a26ef5bbb silence warnings 2002-08-16 16:33:22 +00:00
Pierangelo Masarati
a7349c100e fix printableStringValidate return value bug 2002-08-16 16:32:42 +00:00
Pierangelo Masarati
115408986c changes:
- re-style according to the style giudelines for better readability
- updated to recent frontend/backend API changes
- fixed a few quirks about normalization
- "optimized" a few memory allocation/string handling functions
- fixed a few quirks about add/modify (still have to look ad modrdn)

todo:
- there is still something broken (at least with PostgreSQL and IBM db2,
  the two RDBMS O have at hand) when adding
- move everything to struct bervals and try to save a few strlen
- try some LDAP/SQL syntax relation to use appropriate value bind if possible
- ...
2002-08-13 17:12:27 +00:00
Pierangelo Masarati
7c2de5721a VERY PRELIMINARY support for PostgreSQL and IBM db2 2002-08-13 17:07:40 +00:00
Pierangelo Masarati
c4a8a3dce5 better error handling when returning results 2002-08-13 17:00:33 +00:00
Kurt Zeilenga
84fe0ad051 Log successful SASL bind (ITS#2017) 2002-08-13 03:49:21 +00:00
Kurt Zeilenga
a500feb4a6 Patch: lutil_progname() and lutil_strcopy() are not declared (ITS#2021)
================
Written by Hallvard B. Furuseth and placed into the public domain.
This software is not subject to any license of the University of Oslo.
			================

lutil_progname() and lutil_strcopy() are not declared, which can
be fatal since they do not return int.

Hallvard B. Furuseth <h.b.furuseth@usit.uio.no>, Aug 2002.
2002-08-13 02:33:20 +00:00
Kurt Zeilenga
c5b6a86502 Fix IRIX sc_mask conflict 2002-08-13 02:32:57 +00:00
Kurt Zeilenga
f8f1321760 Add support for response controls 2002-08-12 20:50:20 +00:00
Kurt Zeilenga
1c75a7f25c Fix inverted bvmatch logic in modrdn 2002-08-12 08:45:20 +00:00
Kurt Zeilenga
d250339576 Add back_bdb to modules 2002-08-11 21:06:03 +00:00
Kurt Zeilenga
f10699865e consistently reduce string_expand bv_len by 1 2002-08-11 20:26:01 +00:00
Howard Chu
9fad71dc9b Never use DB_RECOVER flag when opening DB_ENV. Recovery must be done
manually. Automatic recovery would interfere with gentlehup restarts.
2002-08-11 00:30:46 +00:00
Pierangelo Masarati
b063a50891 same as for back-meta 2002-08-10 14:25:41 +00:00
Pierangelo Masarati
328046248b initialize struct timeval (fixes ITS#2014);
also, check for return value of dnNormalize2: if the returned
DN contains undefined attributes, the normalization fails.
2002-08-10 14:13:46 +00:00
Howard Chu
07ebdca237 ITS#1893, use "schemadn" to configure subschemasubentry DN. (diff was
inaccessible, this is original code, not contributed.)
2002-08-10 03:10:52 +00:00
Pierangelo Masarati
1abb8cb339 rework connection pool handling (reduce amount of malloc) 2002-08-09 17:15:10 +00:00
Pierangelo Masarati
85a74efc71 remove dependency from LDAP_FILT_MAXSIZ (and handle arbitrary size filters) 2002-08-09 13:51:35 +00:00
Howard Chu
f7859e9913 ITS#2015 give correct index key back to presence_candidates 2002-08-08 17:27:50 +00:00
Kurt Zeilenga
e69c9067c2 Fix saslregex init bug 2002-08-07 19:17:22 +00:00
Howard Chu
44ac8a3564 Plug config leaks 2002-08-07 08:43:52 +00:00
Howard Chu
554311a4c8 Fix cargv leak in recursive read_config() 2002-08-07 08:22:43 +00:00
Kurt Zeilenga
4a4323e3b7 Move large string comment to just above UTF8StringValidate(). 2002-08-07 08:19:11 +00:00
Howard Chu
50d490be6c Revert previous commit 2002-08-07 06:37:11 +00:00
Howard Chu
13d13baeda In backend_operational don't add subschemaSubentry unless it was
requested. In send_search_entry don't malloc vrFilter flags unless
a matchedValue filter was given; malloc 1 contiguous block instead
of multiple sub-arrays.
2002-08-07 05:31:03 +00:00
Howard Chu
6862cfd97c Don't strdup conn->authz into op, just reference directly. (Conn cannot
be freed until after all associated ops are freed.)
2002-08-07 05:19:55 +00:00
Kurt Zeilenga
f1047b704e ITS#2010: use snprintf instead of strcpy to prevent buffer overflow 2002-08-06 19:31:00 +00:00
Kurt Zeilenga
3f2faa1a84 other->invalid 2002-08-06 05:38:49 +00:00
Kurt Zeilenga
a35d5b90fc For IA5, printable, telephone:
Don't allow empty string values.
Treat string values with only spaces as one space.
DirectoryString needs more work (space handling needs
to be done post normalization).
2002-08-06 05:35:59 +00:00
Kurt Zeilenga
6fdcdeb816 Add a summary to strings comment 2002-08-06 04:25:54 +00:00
Kurt Zeilenga
48f72b6862 Update string commment with examples. 2002-08-06 04:03:13 +00:00
Kurt Zeilenga
82540c5cc1 Add start of discussion of strings in LDAP/X.500 and OpenLDAP. 2002-08-06 03:52:02 +00:00
Kurt Zeilenga
3b3232f21c Fix nameAndOptionalUUID normalization,
now uses bitStringNormalize().
2002-08-06 03:18:02 +00:00
Kurt Zeilenga
3fbfd3064a Remove lint 2002-08-06 03:08:12 +00:00
Howard Chu
e14f471a27 Add #include "lutil.h" for lutil_str* functions 2002-08-06 02:36:34 +00:00
Howard Chu
61731500d0 ITS#1998 UTF8StringNormalize should accept all-space vals 2002-08-06 02:35:24 +00:00
Kurt Zeilenga
428c15d883 Misc clean up of last commit.
Still need to fix my devbox so I can test this....
2002-08-05 23:40:08 +00:00
Kurt Zeilenga
119462adfa Rework saslRegex code (not yet tested) 2002-08-05 23:16:28 +00:00
Kurt Zeilenga
64791571aa Prevent overflow in .rej creation (ITS#2007) 2002-08-05 19:44:24 +00:00
Kurt Zeilenga
c673b651e8 Set O_EXCL (ITS#2009) 2002-08-05 19:43:01 +00:00
Kurt Zeilenga
d38d19edc1 Fix lutil_str*() warnings 2002-08-05 17:56:13 +00:00
Kurt Zeilenga
526d010635 Patch: add OpenLDAPaci #public# access (ITS#2005)
================
Written by Hallvard B. Furuseth and placed into the public domain.
This software is not subject to any license of the University of Oslo.
			================

I couldn't find a way for an OpenLDAPaci to grant public access to an
entry, so I added a dnType #public# for that.  It is in the position
of subjectDn in the draft, which seems kind of stupid, so I put it
in the position of dnType instead.

Hallvard B. Furuseth <h.b.furuseth@usit.uio.no>, Aug 2002.
2002-08-05 17:53:39 +00:00
Kurt Zeilenga
f8c0481dd4 Patch: ACL #access-id#<invalid-DN> granted access to everyone (ITS#2006)
================
Written by Hallvard B. Furuseth and placed into the public domain.
This software is not subject to any license of the University of Oslo.
			================

There is a bug in OpenLDAPaci's "access-id":  If the specified DN is
invalid so dnNormalize2() fails, everyone gets access.
This means that e.g. "#access-id#[all]" gives public access, so it
might be considered a feature, but I fixed it anyway:-)  I guess that
means the change should be documented in the release notes, though.

See also ITS#2005 (add OpenLDAPaci #public# access).

Hallvard B. Furuseth <h.b.furuseth@usit.uio.no>, Aug 2002.
2002-08-05 17:52:16 +00:00
Howard Chu
771f70eb0f Fix ITS#1994, Windows heap consistency 2002-08-03 02:57:52 +00:00
Pierangelo Masarati
40f3da36b0 need <lutil.h> for lutil_gentime 2002-08-02 10:24:03 +00:00
Pierangelo Masarati
540dbbe1ed fix previous commit 2002-08-02 10:00:44 +00:00
Kurt Zeilenga
d22612e8db ITS#1951: saslRegexp limits syntax of regular expressions
Don't normalize regex.
Also, s/LDAP_OPERATIONS_ERROR/LDAP_OTHER/
2002-08-01 01:10:55 +00:00
Howard Chu
d01375b200 Fix bdb_idl_union of range and list (related to ITS#1969 2002-07-31 23:43:56 +00:00
Kurt Zeilenga
838643d5ad operationsError != Internal Error
hence, s/LDAP_OPERATIONS_ERROR/LDAP_OTHER/
2002-07-31 22:49:02 +00:00
Kurt Zeilenga
182dcf27e2 clean up curly matching 2002-07-28 07:37:46 +00:00
Kurt Zeilenga
eb581e43e7 Fix for:
SASL regex segmentation faults with group based acls (ITS#1978)
based, in part, by patch submitted by Simon Wilkinson <simon@sxw.org.uk>.
2002-07-28 07:27:55 +00:00
Kurt Zeilenga
c054d8458a Fix pkiUser 2002-07-27 10:25:42 +00:00
Kurt Zeilenga
e53214b26f ITS#1965: use snprintf 2002-07-27 07:39:50 +00:00
Kurt Zeilenga
1677f178ce ITS#1985 fix: blind commit 2002-07-27 07:37:04 +00:00
Kurt Zeilenga
2f9b89b4af Improve schema error messages 2002-07-27 06:08:51 +00:00
Howard Chu
b6620f3d25 Use lutil_gentime 2002-07-27 02:10:43 +00:00
Howard Chu
5a01db28e3 Moved slap_strcopy, slap_strncopy to lutil_strcopy, lutil_strncopy 2002-07-27 00:24:02 +00:00
Kurt Zeilenga
e981dcbad5 use strongAuthRequired instead of operationsError to indicate
authentication required before modification.
2002-07-26 15:29:36 +00:00
Howard Chu
d6ae1d95de Include <sys/stat.h> for mkdir prototype 2002-07-26 13:24:37 +00:00
Pierangelo Masarati
90f127472d fix normalization bug; change time stamping by using createTimestamp and modifyTimestamp (related to ITS#1984) 2002-07-25 09:49:02 +00:00
Pierangelo Masarati
7e81297147 fix normalization bug (related to ITS#1984) 2002-07-25 09:48:29 +00:00
Kurt Zeilenga
4d22977f7f BootParamSyntax: be more liberal than the ABNF such that
examples in RFC 2307 are treated as valid.
2002-07-24 15:29:22 +00:00
Kurt Zeilenga
3b775fce8b Should allow keystring in bootParams 2002-07-24 15:19:40 +00:00
Kurt Zeilenga
8a3d02bf6b misc cleanup 2002-07-23 18:35:12 +00:00
Julius Enarusai
2168be2b4a Converted LDAP_LOG messages to use new Macro 2002-07-23 00:01:53 +00:00
Pierangelo Masarati
437014723c fix ITS#1953 2002-07-22 14:24:32 +00:00
Howard Chu
aab953ba3f Change list->range conversion again, avoid extra c_put. 2002-07-19 23:19:53 +00:00
Jong Hyuk Choi
db490b4cef change in the IDL conversion from a list to a range 2002-07-18 15:34:51 +00:00
Kurt Zeilenga
202e516450 krbName is now builtin 2002-07-16 02:42:29 +00:00
Howard Chu
e514685144 Tweak: For slap tools, don't set DB_RECOVERY flag when opening DB environment.
This allows slapcat to run while slapd is running, otherwise causes db
corruption.
2002-07-13 00:18:15 +00:00
Howard Chu
a073e28510 Fix setting c_authz_backend for SASL binds:
in slap_sasl2dn, make sure it's set for base DN searches as well.
  in do_bind, don't zero it during multi-stage binds.
2002-07-13 00:11:03 +00:00
Howard Chu
7fdb38bca9 Fix previous commit - the stub was never needed. 2002-07-12 23:43:46 +00:00
Howard Chu
f9cbbc6770 Fix order of params to sasl_setpass. Added initial stub for setpass to
change in-directory password.
2002-07-12 20:55:12 +00:00
Stig Venaas
bf5e3a15ca Use AF_INET instead of AF_UNSPEC when IPv6 disabled 2002-07-12 15:36:33 +00:00
Julius Enarusai
6107ba67d2 Coverted LDAP_LOG macro to use subsystem ID int values instead of string values 2002-07-11 20:33:24 +00:00
Kurt Zeilenga
ef3d895cb8 More ACL to dn="" bug fixing... and add test006-acl check 2002-07-11 01:45:22 +00:00
Kurt Zeilenga
98a2e41911 Fix ACL to dn="" bug 2002-07-11 01:35:37 +00:00
Kurt Zeilenga
32a2f291ee Change dn="" to dn.base="". 2002-07-11 01:17:41 +00:00
Kurt Zeilenga
0fffad53c3 get data if ready 2002-07-10 22:03:32 +00:00
Kurt Zeilenga
fffd84ff9f Fix matched values zero allocation bug (ITS#1931) 2002-07-09 00:20:30 +00:00
Kurt Zeilenga
4f48237d22 remove lint 2002-07-08 18:55:50 +00:00
Kurt Zeilenga
e6627e93d0 Add matchedValues 2002-07-08 18:54:52 +00:00
Stig Venaas
deb62446fe Added normalization to caseIgnoreIA5Indexer() 2002-07-07 13:22:45 +00:00
Stig Venaas
62139b6ef3 Set peeraddr also for IPv6, fixes ITS#1918 2002-07-05 20:29:15 +00:00
Stig Venaas
804490a8b1 Use IPV6_V6ONLY on IPv6 sockets if available. This way we only get IPv6
packets on the IPv6 socket, and we receive only IPv6 with -6.
2002-06-27 13:20:37 +00:00
Stig Venaas
6d025001da Ignore error if listen on socket bound to 0.0.0.0 fails and already
listening on socket bound to ::
2002-06-27 12:41:09 +00:00
Kurt Zeilenga
f708b4e94e Add krbName's definition (ITS#1913) 2002-06-26 18:43:55 +00:00
Kurt Zeilenga
0a2a381d07 Fix for "no structuralObjectClass" when lastmod is off (ITS#1904) 2002-06-25 01:04:54 +00:00
Kurt Zeilenga
3d90fcda3a authcId might be NULL 2002-06-22 21:27:38 +00:00
Howard Chu
7e8c77c5de Fix dynamic module linking 2002-06-21 01:34:53 +00:00
Kurt Zeilenga
54d5d65791 Yet another schema error bug fix 2002-06-20 20:48:19 +00:00
Kurt Zeilenga
a5f29741a6 Fix off by one error in erorr reporting 2002-06-20 20:46:16 +00:00
Kurt Zeilenga
03a4901b5f assert( e != NULL ) in entry2str() 2002-06-19 22:04:28 +00:00
Pierangelo Masarati
93dbac3caf use monitorContext for the monitor database 2002-06-19 07:57:01 +00:00
Kurt Zeilenga
0371c61073 Add monitorContext rootDSE attribute 2002-06-19 06:44:16 +00:00
Kurt Zeilenga
dec67d1ad9 Hide cn=Monitor from namingContexts
Should add a special DN pointer
2002-06-19 06:06:21 +00:00
Kurt Zeilenga
35749a2520 make curlies match 2002-06-18 22:41:03 +00:00
Kurt Zeilenga
ba4faad6e5 Use correct ssfs. 2002-06-18 07:31:20 +00:00
Howard Chu
cf61e03cb8 ITS#1891, debug msg in send_search_entry 2002-06-18 00:37:45 +00:00
Kurt Zeilenga
9a38d98d37 Add option to disallow unprotected simple authentication.
Add protected simple authentication as a "strong" mechanism.
2002-06-17 22:18:27 +00:00
Kurt Zeilenga
27fdd04153 Add -4/-6 flags to slapd to force use of IPv4 or IPv6 2002-06-15 22:01:39 +00:00
Pierangelo Masarati
bf449f33bd small cleanup 2002-06-15 18:20:41 +00:00
Pierangelo Masarati
d75249abfe define and normalize static bervals alltogether 2002-06-15 17:01:35 +00:00
Pierangelo Masarati
b9254b8ab4 should compile even without Cyrus SASL 2002-06-15 15:01:17 +00:00
Kurt Zeilenga
cbba11d7cd saslAuthzTo/From LDUP URLs should have hostnames 2002-06-14 22:03:52 +00:00
Kurt Zeilenga
04df89d972 zap unnecessary include 2002-06-14 09:10:02 +00:00
Kurt Zeilenga
3b695bc6c8 Use experimental OIDs for saslAuth attributes and hide 'em
make the usage distributedOperation
2002-06-14 08:25:14 +00:00
Howard Chu
077aea8127 Fix OID clash in previous commit 2002-06-14 08:16:06 +00:00
Howard Chu
07a34489c6 Added saslAuthzTo and saslAuthzFrom to system schema.
Added sasl-authz-policy config keyword to control proxy authorization.
Moved sasl-related config processing to sasl.c:slap_sasl_config().
Moved other global defs used only in saslauthz.c into saslauthz.c.
2002-06-14 08:10:14 +00:00
Kurt Zeilenga
ad673923a3 ITS#1882: fix typo 2002-06-13 14:50:33 +00:00
Kurt Zeilenga
b5e7208cb8 Date: Thu, 2 May 2002 08:54:59 GMT
From: h.b.furuseth@usit.uio.no
To: openldap-its@OpenLDAP.org
Subject: Patch: Bugs with back-ldap/meta mappings

Full_Name: Hallvard B. Furuseth
Version: HEAD
OS: Linux
URL: http://folk.uio.no/hbf/OpenLDAP/back-ldap.txt
Submission from: (NULL) (158.36.148.34)


The source claims the 'map' attribute has syntax
map {objectclass | attribute}   {<source> | *}      [<dest> | *]
while it actually has syntax
map {objectclass | attribute} [<local name> | *] {<foreign name> |
*}
except that the code is confused about it.  Removed attributes are
put in both the maps for local and foreign names:
	# Remove description and present title as description instead
	map attribute	description
	map attribute	description title
-->
	slapd.conf: line 10: duplicate mapping found (ignored)

Also, map.c:ldap_back_map_attrs() loops forever on removed attributes
(ie. if one asks ldapsearch for an attribute which has been removed).
2002-06-12 16:39:05 +00:00
Kurt Zeilenga
faf91f1f1f Update to the 'gentle SIGHUP' patch. (ITS#1679)
- Let write operations return unwilling-to-perform after
  'gentle shutdown' has been initiated.
- Change -1 to 2 in slapd_gentle_shutdown and slapd_shutdown, since
  sig_atomic_t can be unsigned (ITS#1736).  The 'gentle SIGHUP' patch
  is older than ITS#1736 but was applied later, so it reintroduced
  the problem.

Hallvard B. Furuseth <h.b.furuseth@usit.uio.no>, June 2002.
2002-06-12 15:43:19 +00:00
Howard Chu
c5c1ddb1ca Deleted Connection->c_cdn. Use conn->c_dn instead... 2002-06-12 08:38:59 +00:00
Howard Chu
a5cd5535e8 Fix typo in previous commit 2002-06-12 04:12:51 +00:00
Howard Chu
6d1a322f73 Finished slap_sasl_setpass for Cyrus 1.5; Cyrus 2.1 is incomplete.
Added conn->c_sasl_dn, streamlined slap_sasl_bind.
2002-06-12 04:05:48 +00:00
Kurt Zeilenga
1410b3e7d9 An almost complete slap_sasl_setpass() 2002-06-12 00:13:29 +00:00
Kurt Zeilenga
d6e7f0f630 Rework c_authzid_backend in preparation for sasl_setpass() support 2002-06-11 22:56:47 +00:00
Kurt Zeilenga
4d3b4f9eb8 return PROTOCOL_ERROR if reqdata is empty. 2002-06-10 19:56:17 +00:00
Jong Hyuk Choi
09a2a8fbce DB_RMW flag to dn2id and id2entry 2002-06-10 19:02:25 +00:00
Kurt Zeilenga
116e165a5c Be less forgiving (don't ignore so many configuration errors) 2002-06-08 18:38:52 +00:00
Kurt Zeilenga
a784e4d054 Add rootdn check when rootpw is set. 2002-06-08 18:04:43 +00:00
Kurt Zeilenga
aa46324462 Fix for ITS#1842 (applied blindly) 2002-06-08 06:09:30 +00:00
Kurt Zeilenga
964d1fdd90 userPassword/authPassword can be safely subtyped (though I wouldn't
recommend it).
2002-06-07 20:32:06 +00:00
Howard Chu
3304d125c4 ITS#1837, one-level searches on leaf entries 2002-06-06 11:27:52 +00:00
Howard Chu
b89c4539b9 Fix Listeners: handles multiple addresses for a given hostname, copies
sockaddr into Listener structure.
2002-06-06 10:33:18 +00:00
Jong Hyuk Choi
976fb2265f remove dbenv->lock_put() call from transaction-protected operations 2002-06-06 10:14:14 +00:00
Kurt Zeilenga
e958a4c780 Fix up abandon merge. Hallvard will holler if I get this wrong. :-) 2002-06-05 16:53:48 +00:00
Kurt Zeilenga
951ca2bd68 Patch: Non-unique msgid for abandon in back-<shell,tcl> (ITS#1793)
================
Written by Hallvard B. Furuseth and placed into the public domain.
This software is not subject to any license of the University of Oslo.
			================

It has just occurred to me - duh - that the process ID of a back-shell
command is a perfectly good unique ID for it, and more useful than
any connection id/message id thingy.  Doesn't need extra arguments
to the shell commands either, except a pid: line to abandon.
And msgid: can still be removed in a future version.
Here is a patch.


Hallvard B. Furuseth <h.b.furuseth@usit.uio.no>, May 2002.
2002-06-05 16:40:16 +00:00
Kurt Zeilenga
19eca33ca3 Gentile HUP shutdown from Hallvard 2002-06-03 16:47:43 +00:00
Kurt Zeilenga
5c5b5455fb VLV updates 2002-06-03 16:45:09 +00:00
Kurt Zeilenga
26649fb164 Minor cleanup 2002-06-01 20:21:59 +00:00
Kurt Zeilenga
d6d18049dc reference scope checks 2002-06-01 20:01:32 +00:00
Jong Hyuk Choi
7341dc5db6 redesign of back-bdb locking :
cache entry is locked by Berkeley DB lock primitives.
2002-05-31 20:49:19 +00:00
Kurt Zeilenga
55e925abe6 Add abstract/final system attribute types.
clean up error code macros
2002-05-31 20:24:26 +00:00
Kurt Zeilenga
4832cc09d3 Fix bogus assert. 2002-05-31 20:23:33 +00:00
Kurt Zeilenga
bdad40c696 Disallow addition of system schema via config files. 2002-05-30 05:23:37 +00:00
Kurt Zeilenga
aecf4033f6 Hide some yet-to-be-implemented schema 2002-05-29 06:14:55 +00:00
Kurt Zeilenga
02fb60d3da Delete extranous assert() 2002-05-23 03:17:58 +00:00
Kurt Zeilenga
9cdce9c0ed Add back-passwd.h to the mix 2002-05-22 16:22:24 +00:00
Howard Chu
8572d6f2fd Delete $(SLAPD_MODULES) 2002-05-18 03:52:46 +00:00
Howard Chu
561400dbe8 Delete $(SLAPD_MODULES) - we never implicitly link a dynamic module,
so this feature is unnecessary. Also it was breaking Unix dynamic builds.
2002-05-18 02:05:17 +00:00
Kurt Zeilenga
3abec7d8d7 From: h.b.furuseth@usit.uio.no
Patch: str2entry() dereferences NULL  (ITS#1822)

Sorry, last patch was wrong.  I didn't notice that e->e_dn
always is NULL at that point.  Here is a corrected patch.
2002-05-16 15:45:24 +00:00
Howard Chu
4ac8a54b56 Builds on both Unix and NT now. 2002-05-16 11:00:37 +00:00
Howard Chu
3d491808a8 Fixes for MingW: (passes test007, with LDAP_DIRSEP tweaks in slapd.conf)
must include <ac/stdlib.h> to get MAX_PATH defined.
  use LDAP_DIRSEP instead of '/' in paths
  define truncate/ftruncate macros, etc.
2002-05-16 10:51:45 +00:00
Kurt Zeilenga
54d93cc003 From: h.b.furuseth@usit.uio.no
Subject: Patch: str2entry() dereferences NULL  (ITS#1822)

entry.c:str2entry() prints pdn->bv_val even though pdn is always
NULL.  pdn was pretty dn before version 1.80.
2002-05-15 20:55:43 +00:00
Kurt Zeilenga
4e51bba217 Patch: Implement surrogate parent for back-shell (ITS#1815)
================
Written by Hallvard B. Furuseth and placed into the public domain.
This software is not subject to any license of the University of Oslo.
			================

A surrogate parent is supposed to keep back-shell children from
deadlocking due to resources locked by a threading parent.

Implementation note: The surrogate parent closes all unused file
descriptors, so it logs errors to stderr instead of via Debug() and
uses relloc() instead of ch_realloc().

Also close a file descriptor leak if fork() fails in fork.c.

Hallvard B. Furuseth <h.b.furuseth@usit.uio.no>, May 2002.
2002-05-15 06:18:14 +00:00
Kurt Zeilenga
36d9d9729c Fix typo in last commit. 2002-05-15 05:44:46 +00:00
Kurt Zeilenga
10a3a1b9c9 Patch: back-shell/searchexample.* nitpicks (ITS#1816)
================
Written by Hallvard B. Furuseth and placed into the public domain.
This software is not subject to any license of the University of Oslo.
			================

searchexample.conf needs core.schema, otherwise it fails on the suffix
DN.  searchexample.sh has a spurious 'sleep', probably from testing.
Also, I suggest 'chmod +x searchexample.sh'.

Hallvard B. Furuseth <h.b.furuseth@usit.uio.no>, May 2002.
2002-05-15 05:17:08 +00:00
Howard Chu
d2ee3d52a3 Once more, fix idl_intersection. Don't walk past end of arrays. 2002-05-15 03:05:05 +00:00
Howard Chu
a2d310f92e Fix nameUIDvalidate memfree 2002-05-15 00:48:47 +00:00
Howard Chu
856e21296a Cleanup log msg 2002-05-12 19:21:12 +00:00
Howard Chu
2d94a2016c Check for NULL before comparing authcid 2002-05-12 18:42:43 +00:00
Howard Chu
d7060d19f3 Skip processing if canonicalization is invoked redundantly (SASL PLAIN).
Truncate large username instead of failing with SASL_BUFOVER; we only care
about the DN anyway. (SASL 2 only)
2002-05-12 18:40:37 +00:00
Howard Chu
aea521bec2 Fix, SASL authzIDs might not be NUL-terminated. prop names must only be
set once; setting erases all existing values.
2002-05-11 20:19:55 +00:00
Howard Chu
da7a5a8e79 Fix typo in 1.97 2002-05-11 19:24:04 +00:00
Howard Chu
dfae2441eb Cleaned up getdn normalization 2002-05-11 08:07:18 +00:00
Howard Chu
379f84ba47 Fix previous commit, free in wrong place 2002-05-11 06:58:13 +00:00
Howard Chu
b057507e23 Cleanup HAVE_TLS dependencies, cleanup username with embedded realm handling 2002-05-10 19:26:35 +00:00
Kurt Zeilenga
445b7982d7 Patch: back-passwd needs pwent mutex (ITS#1794)
================
Written by Hallvard B. Furuseth and placed into the public domain.
This software is not subject to any license of the University of Oslo.
			================

back-passwd uses getpwent() and setpwfile(), which use static data.
It needs a mutex to make sure these operations can complete without
interference from another back-passwd call.  Here is a patch.

Hallvard B. Furuseth <h.b.furuseth@usit.uio.no>, May 2002.
2002-05-09 02:26:05 +00:00
Kurt Zeilenga
15e6a98bba Patch: Non-unique msgid for abandon in back-<shell,tcl> (ITS#1793)
================
Written by Hallvard B. Furuseth and placed into the public domain.
This software is not subject to any license of the University of Oslo.
			================

Here is a patch which does what I described.  Of course, someone has
to decide if that is the right solution:-)
- Add an "opid:" line to the input to back-shell commands.
- Add an "abandonid: <opid> line to back-shell/abandon input.
- Replace message id with opid in back-tcl arguments.
- Add an abandonid = <opid> argument to back-tcl/abandon.
An opid (operation ID) is a "connection ID/message ID" string.  I
would have liked to use another name to avoid confusion with struct
slap_op->o_opid, but I could not think of another apt word.

This also fixes ITS#1784 and ITS#1792.  Since calling conventions
changed anyway, I fixed back-shell by adding abandonid: and making
opid: always be the ID of the current operation.

Hallvard B. Furuseth <h.b.furuseth@usit.uio.no>, May 2002.
2002-05-09 02:11:39 +00:00
Howard Chu
da36670ea3 Don't use slap_empty_bv in structures that are expected to be free'able. 2002-05-08 23:16:17 +00:00
Howard Chu
9ba9ac4d9e Fix dnParent: must always return a pointer relative to the input pointer. 2002-05-08 23:04:11 +00:00
Howard Chu
fbe4785c5a Delete unused CANON_BUF_SIZE #define 2002-05-07 23:29:19 +00:00
Howard Chu
6f47e13147 Cyrus 2 support now requires Cyrus 2.1.3. Adds support for in-directory
SASL secrets. (Only works with plaintext userpassword tho.)
2002-05-07 23:08:23 +00:00
Howard Chu
3831d98237 Turn these functions on again. Need backend_attribute for SASLauthz stuff.
Fix to work with NULL op.
2002-05-07 22:35:01 +00:00
Howard Chu
a067d64c3a Fixes for slap_sasl_regexp parsing and normalization 2002-05-07 18:46:32 +00:00
Howard Chu
56f1355968 Added comment for future reference re: in-directory secrets 2002-05-07 02:17:34 +00:00
Howard Chu
a039bd97ea ITS#1803, bogus free() of lber-private memory. 2002-05-06 16:51:00 +00:00
Pierangelo Masarati
bffa43e743 fix formats 2002-05-04 11:07:28 +00:00
Pierangelo Masarati
b0d1a52975 remove unused variables 2002-05-04 11:07:04 +00:00
Howard Chu
55cefef7ee ITS#1797 err used unit'd in Debug statement. (removed) 2002-05-04 10:50:24 +00:00
Howard Chu
ef678b179c ITS#1795 authid is uninit'd if tls_get_cert fails 2002-05-04 01:28:56 +00:00
Howard Chu
846a5832bb Set tls_opt_require_cert to default to NEVER. libldap defaults to DEMAND
due to client needs, we change it back here.
2002-05-04 00:07:12 +00:00
Kurt Zeilenga
9d39e1e672 fix uninitialized counter in matched values 2002-05-03 19:00:52 +00:00
Howard Chu
a352bcaa16 Fix DN freeing in BDB_HIER case. (BDB_HIER is still broken, seems to have
a bad interaction with the entry cache.)
2002-05-03 14:47:29 +00:00
Howard Chu
203c410243 Fix dependency typo from 1.99 2002-05-03 14:42:14 +00:00
Howard Chu
640bc864fa Use specific msg id instead of ANY to retrieve search results 2002-05-03 14:23:55 +00:00
Pierangelo Masarati
033631f30a s/LDAP_UNWILLING_TO_PERFORM/LDAP_ADMINLIMIT_EXCEEDED/ when search candidates exceed unckecked limit 2002-05-03 10:27:37 +00:00
Kurt Zeilenga
8c152396b9 Matched Values implementation (ITS#1776) based upon submission
form Mikhail Sahalaev <M.Sahalayev@pgr.salford.ac.uk>.
Further work needed:
	add testxxx-matchedvalues
	rework ldapsearch(1) portion of patch to generalize use of options
---
Copyright 2001, Mikhail Sahalaev, All rights reserved.
This software is not subject to any license of University Of
Salford.

Redistribution and use in source and binary forms are permitted
without restriction or fee of any kind as long as this notice
is preserved.
2002-05-02 18:56:56 +00:00
Pierangelo Masarati
b9d74aba5f broken berval after successful rewrite 2002-05-02 11:42:11 +00:00
Pierangelo Masarati
2ca323d2b5 Fixes ITS#1786: dynamically growing number of tokens in config line
for both slapd and slurpd

Copyright 2002, John Morrissey (jwm at horde dot net), All rights reserved.
This is free software; you can redistribute and use it under the same terms
as OpenLDAP itself.

Applied with changes
2002-05-02 08:48:14 +00:00
Howard Chu
b3d0ab87aa More cleanups for suffixmassage DNs 2002-05-01 19:05:09 +00:00
Howard Chu
7fae7fe155 Changed be_[n]suffix, be_[n]suffixAlias to BerVarray. No more bvec's anywhere. 2002-05-01 18:50:14 +00:00
Kurt Zeilenga
5b06af70bb Patch: Perl backend sends bind result twice (ITS#1783)
================
Written by Hallvard B. Furuseth and placed into the public domain.
This software is not subject to any license of the University of Oslo.
            ================

perl_back_bind() should not send LDAP_SUCCESS, the frontend does that.
Hallvard B. Furuseth <h.b.furuseth@usit.uio.no>, April 2002.
2002-05-01 18:10:14 +00:00
Pierangelo Masarati
c030dbfefd massage dn-valued attributes also when compiled without --enable-rewrite 2002-05-01 17:53:32 +00:00
Pierangelo Masarati
c1edf76e20 use BerVarray for suffix_massaging stuff 2002-05-01 17:45:03 +00:00
Pierangelo Masarati
1aa96af216 second round at ITS#1749 2002-05-01 16:38:30 +00:00
Pierangelo Masarati
6feec86e5d - trim check for real naming context already defined as suffix
- improve automatic massaging (prettify once)
- add (optimistic) automatic filter massaging
- cleanup of massaging stuff
2002-05-01 11:41:57 +00:00
Howard Chu
48fb754cc0 Added RFC 2459 PKCS9 emailAddress 2002-05-01 06:34:49 +00:00
Kurt Zeilenga
af02eee0d5 Reworking backend_check_restrictions for extensions
Should resolve ITS#1781.
2002-05-01 01:04:57 +00:00
Howard Chu
0f966d2fdb Changed ldap_pvt_tls_get_my_dn and ldap_pvt_tls_get_peer_dn to store result
in dn parameter and return a result code.

Changed dnX509peerNormalize as above. Added debug message on failure to
retrieve client DN.
2002-04-30 13:52:49 +00:00
Pierangelo Masarati
d019bff7b8 First commit of Hallvard's backend documentation effort
Backend documentation patch, version 1

================
Most of this text is taken from OpenLDAP.  The work of rewriting it
to manual pages is done by by Hallvard B. Furuseth and placed into
the public domain.  This software is not subject to any license of
the University of Oslo.
================

Hallvard B. Furuseth <h.b.furuseth@usit.uio.no>, April 2002.
2002-04-29 20:24:29 +00:00
Pierangelo Masarati
6b8828ed28 handle trivial cases 2002-04-29 19:14:42 +00:00
Jong Hyuk Choi
5291b41336 pointer initialization 2002-04-29 16:42:41 +00:00
Pierangelo Masarati
d3058532c9 honor limits if below soft limit 2002-04-29 10:12:50 +00:00
Howard Chu
cef9fcf78b Fix check for "anonymous" in sasl_getdn 2002-04-27 03:44:23 +00:00
Julius Enarusai
ed8f299245 ITS#1730: Misc typos in NEW_LOGGING code from Hallvard 2002-04-25 22:12:44 +00:00
Pierangelo Masarati
d2ee0b1758 fix off-by-one bug; use s/sprintf/snprintf/ 2002-04-25 19:23:37 +00:00
Howard Chu
43167d0fa6 Fix ITS#1774, BDB keys need ulen and flags to be initialized because BDB
tries to retrieve both the key and the data.
2002-04-25 05:16:15 +00:00
Howard Chu
c7262c7599 Added rebind-as-user option; saves bind credentials and sets a rebind_proc
to allow chasing referrals using the same user's credentials.
2002-04-25 02:05:34 +00:00
Kurt Zeilenga
3e3911247b Remove lint. 2002-04-22 23:03:33 +00:00
Kurt Zeilenga
0ca5d06f77 Re: PRIVATE: Patch: Passwords (ITS#1740)
================
Written by Hallvard B. Furuseth and placed into the public domain.
This software is not subject to any license of the University of Oslo.
2002-04-22 17:31:16 +00:00
Jong Hyuk Choi
60b1ee1ba9 Patch for ITS# 1643 2002-04-19 21:41:32 +00:00
Howard Chu
8c917b8d68 Put dnX509 normalizers behind #ifdef HAVE_TLS 2002-04-19 01:25:15 +00:00
Kurt Zeilenga
96eda541e9 Blind commit:
Re: Untested patch: back-tcl used wrong types  (ITS#1719)

			================
Written by Hallvard B. Furuseth and placed into the public domain.
This software is not subject to any license of the University of Oslo.
			================

> I turned it into an automatic variable.

...and used a variable-length array.  That's a gcc extension, it is not
in ANSI C89.  (It is in C99 though.)  You seem to be compiling without
-pedantic:-)  Anyway, here is a patch to turn it back into ch_malloc(),
plus some README fixes
2002-04-18 19:28:26 +00:00
Howard Chu
0aa7c83a0e Fix memory leak in previous commit 2002-04-18 15:55:05 +00:00
Howard Chu
8a5423ea8d deleted sasl_external_x509dn_convert; X509 DNs are always converted to
normalized LDAP DNs now.

Changed dnDCEnormalize to dnX509normalize, added dnX509peerNormalize,
based on new ldap_X509dn2bv() etc.
2002-04-18 12:26:36 +00:00
Howard Chu
80f67ef11e Fix slap_bv2ad initializing with wrong bv_len 2002-04-18 12:21:33 +00:00
Howard Chu
b3c7c9e3ce Delete more unused code, no need to fetch REALM in slap_sasl_bind 2002-04-17 19:47:34 +00:00
Kurt Zeilenga
7ee5d2612b Fix ssf declaration 2002-04-17 17:56:30 +00:00
Kurt Zeilenga
84f4acf124 NEW_LOGGING bugs (ITS#1730)
Here a patch for another:  A spurious `"' in back-ldbm.
From Hallvard.
2002-04-17 17:54:52 +00:00
Howard Chu
1dea5905c6 More SASL DN simplification. No more "dn:" prefix used anywhere internally. 2002-04-17 07:56:46 +00:00
Julius Enarusai
98f3c3d43b Added LDAP_LOG Messages 2002-04-16 20:11:09 +00:00
Julius Enarusai
4ab3ce1651 Added LDAP_LOG Messages 2002-04-16 19:23:49 +00:00
Jong Hyuk Choi
b7f0983efa Hallvard B. Furuseth's patch for cache lock and mutex 2002-04-16 14:03:13 +00:00
Howard Chu
1bbd51da77 ITS#1712, rewritten dn_openssl2ldap(). Added dnDCEnormalize(), used by
dn_openssl2ldap() and sasl_external_x509dn_convert. Fixed realm handling
for foreign Kerberos realms embedded in usernames.
2002-04-16 08:46:25 +00:00
Luke Howard
03679b7ce5 correct sponsor name 2002-04-16 05:36:22 +00:00
Howard Chu
ababc07479 Add "nentries" to send_search_result() Statslog message. Suggested
by ITS#1360.
2002-04-16 04:58:41 +00:00
Luke Howard
dda2e4cee0 ITS#1646 2002-04-16 04:25:44 +00:00
Luke Howard
064319ae4e ITS#1659 - forgot to define n_a 2002-04-16 04:04:40 +00:00
Luke Howard
c517c23853 ITS#1659: s/na/n_a/ 2002-04-16 03:59:22 +00:00
Luke Howard
a045fc60a5 ITS#1729, #1659 2002-04-16 03:58:21 +00:00
Luke Howard
d2585491a0 ITS#1729 2002-04-16 03:56:23 +00:00
Luke Howard
9db008f08f ITS#1676 2002-04-16 03:51:51 +00:00
Luke Howard
7127e0887c ITS#1659 2002-04-16 03:47:39 +00:00
Kurt Zeilenga
8354160f8b Patch: aclparse.c bugs (ITS#1752)
================
Written by Hallvard B. Furuseth and placed into the public domain.
This software is not subject to any license of the University of Oslo.
			================

Bug fixes:
- acl_regex_normalized_dn(pattern):
  * used pattern->bv_len even though it claimed not to,
  * would walk past the end of strings that ended (incorrectly)
    with a single '\'.
- style=regex checked for "^.*$$" twice but not for "^.*$".
- the code did not notice if dnNormalize2() failed, and would
  (at least in one case) treat a bad DN as '*'.
Some cleanup:
- changed regtest() to return void, since the return value was unused.
- changed acl_regex_normalized_dn() to take a string input argument
  instead of a half-filled berval, it looks saner that way.

Hallvard B. Furuseth <h.b.furuseth@usit.uio.no>, April 2002.
2002-04-15 20:44:05 +00:00
Kurt Zeilenga
709ce4fa6c Re: Patch: ctype functions require 'unsigned char' args (ITS#1678)
================
Written by Hallvard B. Furuseth and placed into the public domain.
This software is not subject to any license of the University of Oslo.
			================

Here are fixes for more places where the argument to ctype.h functions
should be in the range of `unsigned char'.

Explanation of the last patch (to schema_init.c:bvcasechr()):
TOLOWER() and TOUPPER() return values in the range of `unsigned char',
but bvcasechr() then compares those values with a plain `char'.  So I
convert the return values from TOLOWER()/TOUPPER() to `char' first.

Hallvard B. Furuseth <h.b.furuseth@usit.uio.no>, April 2002.
2002-04-15 20:42:42 +00:00
Julius Enarusai
15fffedad7 Added LDAP_LOG Messages 2002-04-15 20:40:15 +00:00
Julius Enarusai
a1b4f71443 Added LDAP_LOG Messages 2002-04-15 20:28:16 +00:00
Julius Enarusai
7d162b6806 Added LDAP_LOG Messages 2002-04-15 20:18:47 +00:00
Julius Enarusai
714ec82ca0 Added LDAP_LOG Messages 2002-04-15 20:05:06 +00:00
Julius Enarusai
92d24de6e0 Added LDAP_LOG Messages 2002-04-15 19:37:49 +00:00
Julius Enarusai
ef4fe3fc4b Added LDAP_LOG Messages 2002-04-15 19:16:32 +00:00
Julius Enarusai
34ef718be8 Added LDAP_LOG Messages 2002-04-15 18:59:20 +00:00
Kurt Zeilenga
02e8527248 Patch: Escape character troubles (ITS#1753)
================
Written by Hallvard B. Furuseth and placed into the public domain.
This software is not subject to any license of the University of Oslo.
			================

maildap could address buf[-1] if len was < 2.

REWRITE_SUBMATCH_ESCAPE is '%', not '\'.

librewrite and saslautz could walk past the end of a string which
ended with an escape character.

Hallvard B. Furuseth <h.b.furuseth@usit.uio.no>, April 2002.
2002-04-15 18:29:39 +00:00
Julius Enarusai
c7d183a19b Added LDAP_LOG messages 2002-04-15 17:57:44 +00:00
Pierangelo Masarati
a9b521cef4 add '-t' switch for clean config check; cleanup usage() messages 2002-04-15 17:32:08 +00:00
Kurt Zeilenga
ab3b125d1e Fix include order 2002-04-15 16:45:02 +00:00
Jong Hyuk Choi
efa7b93b23 concurrent cache access: separation of cache lock (reader/writer) and lru lock (mutex) 2002-04-15 16:40:04 +00:00
Howard Chu
66602e8faa Fix name canonicalization and authorization for Cyrus SASL 2.x 2002-04-14 04:27:46 +00:00
Howard Chu
a73ffbe3cd Previous commit included undesired changes. 2002-04-14 04:15:17 +00:00
Howard Chu
9b958147f8 Fix previous commit, == instead of != 2002-04-13 17:27:02 +00:00
Howard Chu
bf6fccd7bb ITS#1740 2002-04-13 10:56:16 +00:00
Jong Hyuk Choi
737aee17b0 fix: changing bdb_cache_return_entry_w() to bdb_cache_return_entry_r() 2002-04-11 23:17:36 +00:00
Howard Chu
17433a8412 Fix ITS#1722 - IPv4 addresses also need to be massaged for sasl_server_new. 2002-04-11 10:04:29 +00:00
Howard Chu
1dcbb23f5b ITS#1727 return allids on unknown filters to allow extended filtering 2002-04-11 08:59:30 +00:00
Howard Chu
170de200f8 ITS#1734 return error on bad config file 2002-04-11 08:51:35 +00:00
Howard Chu
d4465e376f ITS#1732 signed/unsigned integers 2002-04-11 08:46:34 +00:00