Commit Graph

3292 Commits

Author SHA1 Message Date
Kurt Zeilenga
27fdd04153 Add -4/-6 flags to slapd to force use of IPv4 or IPv6 2002-06-15 22:01:39 +00:00
Pierangelo Masarati
bf449f33bd small cleanup 2002-06-15 18:20:41 +00:00
Pierangelo Masarati
d75249abfe define and normalize static bervals alltogether 2002-06-15 17:01:35 +00:00
Pierangelo Masarati
b9254b8ab4 should compile even without Cyrus SASL 2002-06-15 15:01:17 +00:00
Kurt Zeilenga
cbba11d7cd saslAuthzTo/From LDUP URLs should have hostnames 2002-06-14 22:03:52 +00:00
Kurt Zeilenga
04df89d972 zap unnecessary include 2002-06-14 09:10:02 +00:00
Kurt Zeilenga
3b695bc6c8 Use experimental OIDs for saslAuth attributes and hide 'em
make the usage distributedOperation
2002-06-14 08:25:14 +00:00
Howard Chu
077aea8127 Fix OID clash in previous commit 2002-06-14 08:16:06 +00:00
Howard Chu
07a34489c6 Added saslAuthzTo and saslAuthzFrom to system schema.
Added sasl-authz-policy config keyword to control proxy authorization.
Moved sasl-related config processing to sasl.c:slap_sasl_config().
Moved other global defs used only in saslauthz.c into saslauthz.c.
2002-06-14 08:10:14 +00:00
Kurt Zeilenga
ad673923a3 ITS#1882: fix typo 2002-06-13 14:50:33 +00:00
Kurt Zeilenga
b5e7208cb8 Date: Thu, 2 May 2002 08:54:59 GMT
From: h.b.furuseth@usit.uio.no
To: openldap-its@OpenLDAP.org
Subject: Patch: Bugs with back-ldap/meta mappings

Full_Name: Hallvard B. Furuseth
Version: HEAD
OS: Linux
URL: http://folk.uio.no/hbf/OpenLDAP/back-ldap.txt
Submission from: (NULL) (158.36.148.34)


The source claims the 'map' attribute has syntax
map {objectclass | attribute}   {<source> | *}      [<dest> | *]
while it actually has syntax
map {objectclass | attribute} [<local name> | *] {<foreign name> |
*}
except that the code is confused about it.  Removed attributes are
put in both the maps for local and foreign names:
	# Remove description and present title as description instead
	map attribute	description
	map attribute	description title
-->
	slapd.conf: line 10: duplicate mapping found (ignored)

Also, map.c:ldap_back_map_attrs() loops forever on removed attributes
(ie. if one asks ldapsearch for an attribute which has been removed).
2002-06-12 16:39:05 +00:00
Kurt Zeilenga
faf91f1f1f Update to the 'gentle SIGHUP' patch. (ITS#1679)
- Let write operations return unwilling-to-perform after
  'gentle shutdown' has been initiated.
- Change -1 to 2 in slapd_gentle_shutdown and slapd_shutdown, since
  sig_atomic_t can be unsigned (ITS#1736).  The 'gentle SIGHUP' patch
  is older than ITS#1736 but was applied later, so it reintroduced
  the problem.

Hallvard B. Furuseth <h.b.furuseth@usit.uio.no>, June 2002.
2002-06-12 15:43:19 +00:00
Howard Chu
c5c1ddb1ca Deleted Connection->c_cdn. Use conn->c_dn instead... 2002-06-12 08:38:59 +00:00
Howard Chu
a5cd5535e8 Fix typo in previous commit 2002-06-12 04:12:51 +00:00
Howard Chu
6d1a322f73 Finished slap_sasl_setpass for Cyrus 1.5; Cyrus 2.1 is incomplete.
Added conn->c_sasl_dn, streamlined slap_sasl_bind.
2002-06-12 04:05:48 +00:00
Kurt Zeilenga
1410b3e7d9 An almost complete slap_sasl_setpass() 2002-06-12 00:13:29 +00:00
Kurt Zeilenga
d6e7f0f630 Rework c_authzid_backend in preparation for sasl_setpass() support 2002-06-11 22:56:47 +00:00
Kurt Zeilenga
4d3b4f9eb8 return PROTOCOL_ERROR if reqdata is empty. 2002-06-10 19:56:17 +00:00
Jong Hyuk Choi
09a2a8fbce DB_RMW flag to dn2id and id2entry 2002-06-10 19:02:25 +00:00
Kurt Zeilenga
116e165a5c Be less forgiving (don't ignore so many configuration errors) 2002-06-08 18:38:52 +00:00
Kurt Zeilenga
a784e4d054 Add rootdn check when rootpw is set. 2002-06-08 18:04:43 +00:00
Kurt Zeilenga
aa46324462 Fix for ITS#1842 (applied blindly) 2002-06-08 06:09:30 +00:00
Kurt Zeilenga
964d1fdd90 userPassword/authPassword can be safely subtyped (though I wouldn't
recommend it).
2002-06-07 20:32:06 +00:00
Howard Chu
3304d125c4 ITS#1837, one-level searches on leaf entries 2002-06-06 11:27:52 +00:00
Howard Chu
b89c4539b9 Fix Listeners: handles multiple addresses for a given hostname, copies
sockaddr into Listener structure.
2002-06-06 10:33:18 +00:00
Jong Hyuk Choi
976fb2265f remove dbenv->lock_put() call from transaction-protected operations 2002-06-06 10:14:14 +00:00
Kurt Zeilenga
e958a4c780 Fix up abandon merge. Hallvard will holler if I get this wrong. :-) 2002-06-05 16:53:48 +00:00
Kurt Zeilenga
951ca2bd68 Patch: Non-unique msgid for abandon in back-<shell,tcl> (ITS#1793)
================
Written by Hallvard B. Furuseth and placed into the public domain.
This software is not subject to any license of the University of Oslo.
			================

It has just occurred to me - duh - that the process ID of a back-shell
command is a perfectly good unique ID for it, and more useful than
any connection id/message id thingy.  Doesn't need extra arguments
to the shell commands either, except a pid: line to abandon.
And msgid: can still be removed in a future version.
Here is a patch.


Hallvard B. Furuseth <h.b.furuseth@usit.uio.no>, May 2002.
2002-06-05 16:40:16 +00:00
Kurt Zeilenga
19eca33ca3 Gentile HUP shutdown from Hallvard 2002-06-03 16:47:43 +00:00
Kurt Zeilenga
5c5b5455fb VLV updates 2002-06-03 16:45:09 +00:00
Kurt Zeilenga
26649fb164 Minor cleanup 2002-06-01 20:21:59 +00:00
Kurt Zeilenga
d6d18049dc reference scope checks 2002-06-01 20:01:32 +00:00
Jong Hyuk Choi
7341dc5db6 redesign of back-bdb locking :
cache entry is locked by Berkeley DB lock primitives.
2002-05-31 20:49:19 +00:00
Kurt Zeilenga
55e925abe6 Add abstract/final system attribute types.
clean up error code macros
2002-05-31 20:24:26 +00:00
Kurt Zeilenga
4832cc09d3 Fix bogus assert. 2002-05-31 20:23:33 +00:00
Kurt Zeilenga
bdad40c696 Disallow addition of system schema via config files. 2002-05-30 05:23:37 +00:00
Kurt Zeilenga
aecf4033f6 Hide some yet-to-be-implemented schema 2002-05-29 06:14:55 +00:00
Kurt Zeilenga
02fb60d3da Delete extranous assert() 2002-05-23 03:17:58 +00:00
Kurt Zeilenga
9cdce9c0ed Add back-passwd.h to the mix 2002-05-22 16:22:24 +00:00
Howard Chu
8572d6f2fd Delete $(SLAPD_MODULES) 2002-05-18 03:52:46 +00:00
Howard Chu
561400dbe8 Delete $(SLAPD_MODULES) - we never implicitly link a dynamic module,
so this feature is unnecessary. Also it was breaking Unix dynamic builds.
2002-05-18 02:05:17 +00:00
Kurt Zeilenga
3abec7d8d7 From: h.b.furuseth@usit.uio.no
Patch: str2entry() dereferences NULL  (ITS#1822)

Sorry, last patch was wrong.  I didn't notice that e->e_dn
always is NULL at that point.  Here is a corrected patch.
2002-05-16 15:45:24 +00:00
Howard Chu
4ac8a54b56 Builds on both Unix and NT now. 2002-05-16 11:00:37 +00:00
Howard Chu
3d491808a8 Fixes for MingW: (passes test007, with LDAP_DIRSEP tweaks in slapd.conf)
must include <ac/stdlib.h> to get MAX_PATH defined.
  use LDAP_DIRSEP instead of '/' in paths
  define truncate/ftruncate macros, etc.
2002-05-16 10:51:45 +00:00
Kurt Zeilenga
54d93cc003 From: h.b.furuseth@usit.uio.no
Subject: Patch: str2entry() dereferences NULL  (ITS#1822)

entry.c:str2entry() prints pdn->bv_val even though pdn is always
NULL.  pdn was pretty dn before version 1.80.
2002-05-15 20:55:43 +00:00
Kurt Zeilenga
4e51bba217 Patch: Implement surrogate parent for back-shell (ITS#1815)
================
Written by Hallvard B. Furuseth and placed into the public domain.
This software is not subject to any license of the University of Oslo.
			================

A surrogate parent is supposed to keep back-shell children from
deadlocking due to resources locked by a threading parent.

Implementation note: The surrogate parent closes all unused file
descriptors, so it logs errors to stderr instead of via Debug() and
uses relloc() instead of ch_realloc().

Also close a file descriptor leak if fork() fails in fork.c.

Hallvard B. Furuseth <h.b.furuseth@usit.uio.no>, May 2002.
2002-05-15 06:18:14 +00:00
Kurt Zeilenga
36d9d9729c Fix typo in last commit. 2002-05-15 05:44:46 +00:00
Kurt Zeilenga
10a3a1b9c9 Patch: back-shell/searchexample.* nitpicks (ITS#1816)
================
Written by Hallvard B. Furuseth and placed into the public domain.
This software is not subject to any license of the University of Oslo.
			================

searchexample.conf needs core.schema, otherwise it fails on the suffix
DN.  searchexample.sh has a spurious 'sleep', probably from testing.
Also, I suggest 'chmod +x searchexample.sh'.

Hallvard B. Furuseth <h.b.furuseth@usit.uio.no>, May 2002.
2002-05-15 05:17:08 +00:00
Howard Chu
d2ee3d52a3 Once more, fix idl_intersection. Don't walk past end of arrays. 2002-05-15 03:05:05 +00:00
Howard Chu
a2d310f92e Fix nameUIDvalidate memfree 2002-05-15 00:48:47 +00:00
Howard Chu
856e21296a Cleanup log msg 2002-05-12 19:21:12 +00:00
Howard Chu
2d94a2016c Check for NULL before comparing authcid 2002-05-12 18:42:43 +00:00
Howard Chu
d7060d19f3 Skip processing if canonicalization is invoked redundantly (SASL PLAIN).
Truncate large username instead of failing with SASL_BUFOVER; we only care
about the DN anyway. (SASL 2 only)
2002-05-12 18:40:37 +00:00
Howard Chu
aea521bec2 Fix, SASL authzIDs might not be NUL-terminated. prop names must only be
set once; setting erases all existing values.
2002-05-11 20:19:55 +00:00
Howard Chu
da7a5a8e79 Fix typo in 1.97 2002-05-11 19:24:04 +00:00
Howard Chu
dfae2441eb Cleaned up getdn normalization 2002-05-11 08:07:18 +00:00
Howard Chu
379f84ba47 Fix previous commit, free in wrong place 2002-05-11 06:58:13 +00:00
Howard Chu
b057507e23 Cleanup HAVE_TLS dependencies, cleanup username with embedded realm handling 2002-05-10 19:26:35 +00:00
Kurt Zeilenga
445b7982d7 Patch: back-passwd needs pwent mutex (ITS#1794)
================
Written by Hallvard B. Furuseth and placed into the public domain.
This software is not subject to any license of the University of Oslo.
			================

back-passwd uses getpwent() and setpwfile(), which use static data.
It needs a mutex to make sure these operations can complete without
interference from another back-passwd call.  Here is a patch.

Hallvard B. Furuseth <h.b.furuseth@usit.uio.no>, May 2002.
2002-05-09 02:26:05 +00:00
Kurt Zeilenga
15e6a98bba Patch: Non-unique msgid for abandon in back-<shell,tcl> (ITS#1793)
================
Written by Hallvard B. Furuseth and placed into the public domain.
This software is not subject to any license of the University of Oslo.
			================

Here is a patch which does what I described.  Of course, someone has
to decide if that is the right solution:-)
- Add an "opid:" line to the input to back-shell commands.
- Add an "abandonid: <opid> line to back-shell/abandon input.
- Replace message id with opid in back-tcl arguments.
- Add an abandonid = <opid> argument to back-tcl/abandon.
An opid (operation ID) is a "connection ID/message ID" string.  I
would have liked to use another name to avoid confusion with struct
slap_op->o_opid, but I could not think of another apt word.

This also fixes ITS#1784 and ITS#1792.  Since calling conventions
changed anyway, I fixed back-shell by adding abandonid: and making
opid: always be the ID of the current operation.

Hallvard B. Furuseth <h.b.furuseth@usit.uio.no>, May 2002.
2002-05-09 02:11:39 +00:00
Howard Chu
da36670ea3 Don't use slap_empty_bv in structures that are expected to be free'able. 2002-05-08 23:16:17 +00:00
Howard Chu
9ba9ac4d9e Fix dnParent: must always return a pointer relative to the input pointer. 2002-05-08 23:04:11 +00:00
Howard Chu
fbe4785c5a Delete unused CANON_BUF_SIZE #define 2002-05-07 23:29:19 +00:00
Howard Chu
6f47e13147 Cyrus 2 support now requires Cyrus 2.1.3. Adds support for in-directory
SASL secrets. (Only works with plaintext userpassword tho.)
2002-05-07 23:08:23 +00:00
Howard Chu
3831d98237 Turn these functions on again. Need backend_attribute for SASLauthz stuff.
Fix to work with NULL op.
2002-05-07 22:35:01 +00:00
Howard Chu
a067d64c3a Fixes for slap_sasl_regexp parsing and normalization 2002-05-07 18:46:32 +00:00
Howard Chu
56f1355968 Added comment for future reference re: in-directory secrets 2002-05-07 02:17:34 +00:00
Howard Chu
a039bd97ea ITS#1803, bogus free() of lber-private memory. 2002-05-06 16:51:00 +00:00
Pierangelo Masarati
bffa43e743 fix formats 2002-05-04 11:07:28 +00:00
Pierangelo Masarati
b0d1a52975 remove unused variables 2002-05-04 11:07:04 +00:00
Howard Chu
55cefef7ee ITS#1797 err used unit'd in Debug statement. (removed) 2002-05-04 10:50:24 +00:00
Howard Chu
ef678b179c ITS#1795 authid is uninit'd if tls_get_cert fails 2002-05-04 01:28:56 +00:00
Howard Chu
846a5832bb Set tls_opt_require_cert to default to NEVER. libldap defaults to DEMAND
due to client needs, we change it back here.
2002-05-04 00:07:12 +00:00
Kurt Zeilenga
9d39e1e672 fix uninitialized counter in matched values 2002-05-03 19:00:52 +00:00
Howard Chu
a352bcaa16 Fix DN freeing in BDB_HIER case. (BDB_HIER is still broken, seems to have
a bad interaction with the entry cache.)
2002-05-03 14:47:29 +00:00
Howard Chu
203c410243 Fix dependency typo from 1.99 2002-05-03 14:42:14 +00:00
Howard Chu
640bc864fa Use specific msg id instead of ANY to retrieve search results 2002-05-03 14:23:55 +00:00
Pierangelo Masarati
033631f30a s/LDAP_UNWILLING_TO_PERFORM/LDAP_ADMINLIMIT_EXCEEDED/ when search candidates exceed unckecked limit 2002-05-03 10:27:37 +00:00
Kurt Zeilenga
8c152396b9 Matched Values implementation (ITS#1776) based upon submission
form Mikhail Sahalaev <M.Sahalayev@pgr.salford.ac.uk>.
Further work needed:
	add testxxx-matchedvalues
	rework ldapsearch(1) portion of patch to generalize use of options
---
Copyright 2001, Mikhail Sahalaev, All rights reserved.
This software is not subject to any license of University Of
Salford.

Redistribution and use in source and binary forms are permitted
without restriction or fee of any kind as long as this notice
is preserved.
2002-05-02 18:56:56 +00:00
Pierangelo Masarati
b9d74aba5f broken berval after successful rewrite 2002-05-02 11:42:11 +00:00
Pierangelo Masarati
2ca323d2b5 Fixes ITS#1786: dynamically growing number of tokens in config line
for both slapd and slurpd

Copyright 2002, John Morrissey (jwm at horde dot net), All rights reserved.
This is free software; you can redistribute and use it under the same terms
as OpenLDAP itself.

Applied with changes
2002-05-02 08:48:14 +00:00
Howard Chu
b3d0ab87aa More cleanups for suffixmassage DNs 2002-05-01 19:05:09 +00:00
Howard Chu
7fae7fe155 Changed be_[n]suffix, be_[n]suffixAlias to BerVarray. No more bvec's anywhere. 2002-05-01 18:50:14 +00:00
Kurt Zeilenga
5b06af70bb Patch: Perl backend sends bind result twice (ITS#1783)
================
Written by Hallvard B. Furuseth and placed into the public domain.
This software is not subject to any license of the University of Oslo.
            ================

perl_back_bind() should not send LDAP_SUCCESS, the frontend does that.
Hallvard B. Furuseth <h.b.furuseth@usit.uio.no>, April 2002.
2002-05-01 18:10:14 +00:00
Pierangelo Masarati
c030dbfefd massage dn-valued attributes also when compiled without --enable-rewrite 2002-05-01 17:53:32 +00:00
Pierangelo Masarati
c1edf76e20 use BerVarray for suffix_massaging stuff 2002-05-01 17:45:03 +00:00
Pierangelo Masarati
1aa96af216 second round at ITS#1749 2002-05-01 16:38:30 +00:00
Pierangelo Masarati
6feec86e5d - trim check for real naming context already defined as suffix
- improve automatic massaging (prettify once)
- add (optimistic) automatic filter massaging
- cleanup of massaging stuff
2002-05-01 11:41:57 +00:00
Howard Chu
48fb754cc0 Added RFC 2459 PKCS9 emailAddress 2002-05-01 06:34:49 +00:00
Kurt Zeilenga
af02eee0d5 Reworking backend_check_restrictions for extensions
Should resolve ITS#1781.
2002-05-01 01:04:57 +00:00
Howard Chu
0f966d2fdb Changed ldap_pvt_tls_get_my_dn and ldap_pvt_tls_get_peer_dn to store result
in dn parameter and return a result code.

Changed dnX509peerNormalize as above. Added debug message on failure to
retrieve client DN.
2002-04-30 13:52:49 +00:00
Pierangelo Masarati
d019bff7b8 First commit of Hallvard's backend documentation effort
Backend documentation patch, version 1

================
Most of this text is taken from OpenLDAP.  The work of rewriting it
to manual pages is done by by Hallvard B. Furuseth and placed into
the public domain.  This software is not subject to any license of
the University of Oslo.
================

Hallvard B. Furuseth <h.b.furuseth@usit.uio.no>, April 2002.
2002-04-29 20:24:29 +00:00
Pierangelo Masarati
6b8828ed28 handle trivial cases 2002-04-29 19:14:42 +00:00
Jong Hyuk Choi
5291b41336 pointer initialization 2002-04-29 16:42:41 +00:00
Pierangelo Masarati
d3058532c9 honor limits if below soft limit 2002-04-29 10:12:50 +00:00
Howard Chu
cef9fcf78b Fix check for "anonymous" in sasl_getdn 2002-04-27 03:44:23 +00:00
Julius Enarusai
ed8f299245 ITS#1730: Misc typos in NEW_LOGGING code from Hallvard 2002-04-25 22:12:44 +00:00
Pierangelo Masarati
d2ee0b1758 fix off-by-one bug; use s/sprintf/snprintf/ 2002-04-25 19:23:37 +00:00
Howard Chu
43167d0fa6 Fix ITS#1774, BDB keys need ulen and flags to be initialized because BDB
tries to retrieve both the key and the data.
2002-04-25 05:16:15 +00:00
Howard Chu
c7262c7599 Added rebind-as-user option; saves bind credentials and sets a rebind_proc
to allow chasing referrals using the same user's credentials.
2002-04-25 02:05:34 +00:00