Howard Chu
07a34489c6
Added saslAuthzTo and saslAuthzFrom to system schema.
...
Added sasl-authz-policy config keyword to control proxy authorization.
Moved sasl-related config processing to sasl.c:slap_sasl_config().
Moved other global defs used only in saslauthz.c into saslauthz.c.
2002-06-14 08:10:14 +00:00
Howard Chu
a5cd5535e8
Fix typo in previous commit
2002-06-12 04:12:51 +00:00
Howard Chu
6d1a322f73
Finished slap_sasl_setpass for Cyrus 1.5; Cyrus 2.1 is incomplete.
...
Added conn->c_sasl_dn, streamlined slap_sasl_bind.
2002-06-12 04:05:48 +00:00
Kurt Zeilenga
1410b3e7d9
An almost complete slap_sasl_setpass()
2002-06-12 00:13:29 +00:00
Howard Chu
856e21296a
Cleanup log msg
2002-05-12 19:21:12 +00:00
Howard Chu
2d94a2016c
Check for NULL before comparing authcid
2002-05-12 18:42:43 +00:00
Howard Chu
d7060d19f3
Skip processing if canonicalization is invoked redundantly (SASL PLAIN).
...
Truncate large username instead of failing with SASL_BUFOVER; we only care
about the DN anyway. (SASL 2 only)
2002-05-12 18:40:37 +00:00
Howard Chu
aea521bec2
Fix, SASL authzIDs might not be NUL-terminated. prop names must only be
...
set once; setting erases all existing values.
2002-05-11 20:19:55 +00:00
Howard Chu
da7a5a8e79
Fix typo in 1.97
2002-05-11 19:24:04 +00:00
Howard Chu
dfae2441eb
Cleaned up getdn normalization
2002-05-11 08:07:18 +00:00
Howard Chu
379f84ba47
Fix previous commit, free in wrong place
2002-05-11 06:58:13 +00:00
Howard Chu
b057507e23
Cleanup HAVE_TLS dependencies, cleanup username with embedded realm handling
2002-05-10 19:26:35 +00:00
Howard Chu
da36670ea3
Don't use slap_empty_bv in structures that are expected to be free'able.
2002-05-08 23:16:17 +00:00
Howard Chu
fbe4785c5a
Delete unused CANON_BUF_SIZE #define
2002-05-07 23:29:19 +00:00
Howard Chu
6f47e13147
Cyrus 2 support now requires Cyrus 2.1.3. Adds support for in-directory
...
SASL secrets. (Only works with plaintext userpassword tho.)
2002-05-07 23:08:23 +00:00
Howard Chu
cef9fcf78b
Fix check for "anonymous" in sasl_getdn
2002-04-27 03:44:23 +00:00
Howard Chu
8a5423ea8d
deleted sasl_external_x509dn_convert; X509 DNs are always converted to
...
normalized LDAP DNs now.
Changed dnDCEnormalize to dnX509normalize, added dnX509peerNormalize,
based on new ldap_X509dn2bv() etc.
2002-04-18 12:26:36 +00:00
Howard Chu
b3c7c9e3ce
Delete more unused code, no need to fetch REALM in slap_sasl_bind
2002-04-17 19:47:34 +00:00
Kurt Zeilenga
7ee5d2612b
Fix ssf declaration
2002-04-17 17:56:30 +00:00
Howard Chu
1dea5905c6
More SASL DN simplification. No more "dn:" prefix used anywhere internally.
2002-04-17 07:56:46 +00:00
Howard Chu
1bbd51da77
ITS#1712, rewritten dn_openssl2ldap(). Added dnDCEnormalize(), used by
...
dn_openssl2ldap() and sasl_external_x509dn_convert. Fixed realm handling
for foreign Kerberos realms embedded in usernames.
2002-04-16 08:46:25 +00:00
Howard Chu
66602e8faa
Fix name canonicalization and authorization for Cyrus SASL 2.x
2002-04-14 04:27:46 +00:00
Howard Chu
a73ffbe3cd
Previous commit included undesired changes.
2002-04-14 04:15:17 +00:00
Howard Chu
9b958147f8
Fix previous commit, == instead of !=
2002-04-13 17:27:02 +00:00
Howard Chu
17433a8412
Fix ITS#1722 - IPv4 addresses also need to be massaged for sasl_server_new.
2002-04-11 10:04:29 +00:00
Howard Chu
70d4ef9a85
ITS#1714 dn->bv_val malloc len+1
2002-04-05 06:34:15 +00:00
Kurt Zeilenga
2f7858044e
ITS#1636 fix
2002-03-11 03:05:43 +00:00
Kurt Zeilenga
ec34550487
Note that we likely need to make some of this conditional.
2002-02-11 20:33:27 +00:00
Kurt Zeilenga
d23c559646
Don't use 'shtool mkln' as ln(1) replacement.
...
Allow both <sasl/sasl.h> and <sasl.h>
2002-02-11 08:28:51 +00:00
Kurt Zeilenga
f3548d371f
notes needs for future additions
2002-02-11 01:58:36 +00:00
Kurt Zeilenga
5e31e90c74
Fix compile error properly
2002-02-10 18:05:04 +00:00
Kurt Zeilenga
b315d8af34
Update Cyrus SASL detection to always look for <sasl.h> regardless
...
of version and then try -lsasl2 and -lsasl. Make SASL code
conditional on SASL_VERSION_MAJOR, not HAVE_CYRUS_SASL.
2002-02-10 17:51:19 +00:00
Howard Chu
8a4e92b259
Support for Cyrus SASLv2. Untested.
2002-02-10 14:27:23 +00:00
Kurt Zeilenga
14662be692
Add whoami extended operation.
...
Add no-op control (needs backend implementation)
Updated modify password extended option API
Kludged control infrastructure to support frontend only controls
2002-01-28 20:25:30 +00:00
Howard Chu
4191f39037
Changed slap_authz_info.sai_mech to struct berval.
...
Changed sasl_* to use struct bervals.
2002-01-26 13:57:41 +00:00
Kurt Zeilenga
20af643fc4
more cleanup
2002-01-16 04:40:41 +00:00
Kurt Zeilenga
0e2af54a3f
Update copyright statements
2002-01-04 21:17:25 +00:00
Kurt Zeilenga
c603bc3946
use sizeof instead of strlen/hardcoded-consts
2002-01-02 17:04:09 +00:00
Kurt Zeilenga
cddf7e0e00
More struct berval DN changes
...
decrease dependency on dn_validate/dn_normalize
2001-12-27 07:13:13 +00:00
Kurt Zeilenga
ef7a99ff99
Additional struct berval DN changes...
2001-12-26 23:26:55 +00:00
Howard Chu
826056e75b
More thorough backend_destroy. Added config_destroy. Destroy slap_listeners.
...
Plugged other small leaks.
2001-12-15 12:05:58 +00:00
Howard Chu
d0b1ca692a
Minor strlen cleanup
2001-12-09 13:57:55 +00:00
Pierangelo Masarati
aee3600276
minor cleanup
2001-11-17 16:18:07 +00:00
Mark Adamson
e0ff8d6782
fix various memory leaks
2001-11-05 23:14:42 +00:00
Kurt Zeilenga
61de99937f
ldif.h include cleanup
2001-09-25 00:03:24 +00:00
Kurt Zeilenga
22688a7ad6
Minor cleanup of last commit
2001-09-18 18:24:47 +00:00
Kurt Zeilenga
7a18352c06
Patch for SASL EXTERNAL. Needs to be tested with other mechanisms.
2001-09-18 07:44:18 +00:00
Howard Chu
bb06fd8d6b
Fix crashes for SASL/EXTERNAL binds:
...
in slap_sasl_getdn, test id, not dn. dn is still NULL
also, don't check for trailing slash
in slap_sasl_bind, initialize reslen to 0
2001-09-18 03:10:05 +00:00
Mark Adamson
fac77083cc
Skip over the "dn:" prefix when passing a DN to dn_normalize().
2001-08-29 23:01:24 +00:00
Gary Williams
e565505f21
fix logging macros (thanks Mei)
2001-02-02 13:49:26 +00:00
Mark Adamson
68ab73a0f5
Make sure the variable used for SASL REALM is initialized, in case of no REALM.
2001-01-23 19:18:03 +00:00
Kurt Zeilenga
65cdfa68f0
Fix more typos
2001-01-22 22:03:44 +00:00
Kurt Zeilenga
a4f37d6303
Fix typo
2001-01-22 21:10:54 +00:00
Kurt Zeilenga
28d1dbd8ac
Add "sasl-external-x509dn-convert" configuration option aimed
...
at providing authid TLS/X.509 to LDAP DN mapping. Experimental.
2001-01-19 00:47:32 +00:00
Kurt Zeilenga
1302713f09
Fix SASL_REALM bug
...
Minor cleanup of logging code, variable scope
2001-01-19 00:01:25 +00:00
Mark Adamson
6b4ec38178
Change the SASL DN's from cn=authzid to cn=auth
2001-01-18 20:05:15 +00:00
Gary Williams
f49fd8a98e
fix format
2001-01-17 16:35:53 +00:00
Gary Williams
ffcdc6d11d
More new logging (Behind NEW_LOGGING)
2001-01-15 19:17:29 +00:00
Mark Adamson
2231d5e64e
Make SASL authorization work for NULL, "u:", and "dn:" authz strings.
2000-11-30 22:00:15 +00:00
Kurt Zeilenga
b285814f8e
Fix layer installation
2000-10-12 19:02:31 +00:00
Kurt Zeilenga
27b30275a6
We need to set sasl_layers prior to returning result...
2000-10-07 02:00:54 +00:00
Kurt Zeilenga
a912e6eea0
Make sure authzid form produces a valid subject DN. Support
...
both u: and dn: forms.
Rework sasl-regex DN be of the form
uid=user,cn=realm,cn=mech,cn=authz
Fix up slapd.conf(5)
2000-10-06 23:50:38 +00:00
Kurt Zeilenga
6b80b349fa
remove cruft
2000-09-28 22:25:34 +00:00
Kurt Zeilenga
2b82d4f486
remove lint
...
update bdb codes
2000-09-22 01:40:57 +00:00
Mark Adamson
bf1ee530ea
Implementation of SASL authorization.
2000-09-21 17:32:54 +00:00
Kurt Zeilenga
c9de004a86
Fix logging bug
2000-09-21 16:53:45 +00:00
Kurt Zeilenga
50714d2d48
merge changes from authPassword work which should fix SPASSWD code...
2000-09-20 00:28:57 +00:00
Kurt Zeilenga
a60438c1ce
Add sasl-host option and treat sasl-realm as global only
...
(ie: not backend specific).
2000-08-30 01:44:39 +00:00
Kurt Zeilenga
1c328aa9c7
Minor typedef and other clean ups
2000-08-26 01:14:05 +00:00
Kurt Zeilenga
7b548b4a91
Make settings match manual page.
2000-08-24 01:12:54 +00:00
Kurt Zeilenga
df8c837c80
Fix typos
2000-08-15 23:42:44 +00:00
Kurt Zeilenga
3b03b64b77
Add char* ldap_pvt_get_fqdn(char*) which returns the FQDN of the
...
input. In input==NULL, returns FQDN of local host.
Fixed copy_hostent() uninitialized pointer bug.
Replaced gethostname calls with ldap_pvt_get_fqdn( NULL ) calls.
2000-08-15 01:55:43 +00:00
Kurt Zeilenga
a50f391bb3
Working SASL security layers!
2000-07-28 00:04:07 +00:00
Kurt Zeilenga
9e37451421
Fix typo
2000-07-27 01:10:51 +00:00
Kurt Zeilenga
a71a7cdd98
Rework authorization handling such that authzid u:user gets mapped to
...
authzdn uid=user. Disallow authzid in DN form until we have a
validator.
2000-07-24 23:05:45 +00:00
Kurt Zeilenga
804100b431
Fix sasl end game processing.
2000-07-20 18:39:40 +00:00
Kurt Zeilenga
a8521d3034
Fix mech==NULL bug
2000-07-20 01:04:34 +00:00
Kurt Zeilenga
d2b05a3858
Rework SASL command line arguments. Default is now to authenticate
...
using best available mechanism. (authzid prompting to be disabled)
To use simple bind, -x is required (implied if -P 2) with -D/-[Ww]
To use simple "anonymous" bind, just -x will do.
2000-07-15 23:25:46 +00:00
Kurt Zeilenga
a6154d03f2
Misc cleanup
2000-07-15 00:45:31 +00:00
Kurt Zeilenga
5bca08d716
Store sasl callbacks in session handle so that they can properly freed.
2000-07-15 00:01:09 +00:00
Kurt Zeilenga
c8ca70f3ae
Fix callbacks.
2000-07-14 22:00:16 +00:00
Kurt Zeilenga
1e3aa01b7b
Fix SSF reporting.
2000-07-14 20:57:52 +00:00
Kurt Zeilenga
36fb2d9d78
rework SASL callbacks
2000-07-14 20:56:30 +00:00
Kurt Zeilenga
14859793d0
Add logging support
2000-07-14 04:35:36 +00:00
Kurt Zeilenga
5fc22599e2
Update SASL code to reuse context through life of session.
...
Replace 'negotiated' with 'interactive' bind
Add hooks for SASL/EXTERNAL
Disable SASL security layers
Rework SASL command line and config file parameters
2000-07-13 22:54:38 +00:00
Kurt Zeilenga
489fd210df
Change reporting of SASL username
2000-07-06 01:22:42 +00:00
Kurt Zeilenga
51cef9dbed
Return last step output in final response.
...
And some code cleanup.
2000-07-05 21:43:11 +00:00
Kurt Zeilenga
064d6aae65
Reverse SASL mechanism restriction #ifdef
2000-06-26 05:29:37 +00:00
Kurt Zeilenga
a56c161bdb
Misc code cleanup.
2000-06-10 22:39:30 +00:00
Kurt Zeilenga
60802201e3
Const'ification
...
SASL mech removed from backend bind callback (as SASL is managed by frontend)
Changes to some backends are untested (as I don't have all dependent
software install)
2000-05-22 03:46:57 +00:00
Kurt Zeilenga
a1430fdfdb
Rework root dse and other info entry codes to produce entry
...
to caller (do_search) such that info can be used by other
operations (ie: do_compare).
SLAPD_SCHEMA_NOT_COMPAT: Add additional code to support filters (needs work)
2000-05-16 16:22:52 +00:00
Kurt Zeilenga
4e5992c190
Fix unsigned * vs unsigned long * bugs
2000-05-16 04:52:37 +00:00
Kurt Zeilenga
4bc786f34b
Y2k copyright update
2000-05-13 02:47:56 +00:00
Kurt Zeilenga
4fad202b44
hostname needs to be static
2000-05-11 02:41:34 +00:00
Kurt Zeilenga
f224e69558
Add experimental code to check simple bind passwords
...
against Cyrus SASLdb. Like other cleartext mechanisms,
should be protected from eavesdropping.
2000-05-10 04:29:51 +00:00
Kurt Zeilenga
d0555fffe6
Error handling changes including separation of client v. server
...
SASL to LDAP translation. plus comments and other minor changes
2000-05-03 18:59:58 +00:00
Kurt Zeilenga
b872bf3a91
fix -UHAVE_CYRUS_SASL
2000-04-25 19:28:00 +00:00
Kurt Zeilenga
20351a05cc
SASL: me thinks I got the states okay... now to test.
2000-04-25 18:02:50 +00:00
Kurt Zeilenga
42a20681cc
SASL closer to working from frontend only, need to work through
...
states.
2000-04-25 17:23:54 +00:00
Kurt Zeilenga
55ae3cffd8
SASL code without backend support. Should work with
...
external store, but not yet tested. [Intent is to support
both in same server... may not be doable]
2000-04-25 16:03:17 +00:00