Pierangelo Masarati
91b4e991be
cleanup & silence warnings
2005-04-11 21:35:34 +00:00
Pierangelo Masarati
53ce94a25d
protect all occurrences of ACL_DISCLOSE
2005-04-09 17:00:40 +00:00
Pierangelo Masarati
4abbf9c610
implement add/delete granularity in write access (ITS#3631)
2005-04-08 00:18:24 +00:00
Pierangelo Masarati
f1698e30f5
update diagnostics and man pages
2005-04-04 12:24:50 +00:00
Pierangelo Masarati
3eb87b2faa
implement "realdn" by clause in ACLs (ITS#3627; accounting for Howard's remarks)
2005-04-03 01:59:03 +00:00
Pierangelo Masarati
584b21d20b
initial commit of "level" styles for "dn" and "self" by clauses (ITS#3615)
2005-03-31 18:10:11 +00:00
Howard Chu
a2a9ae725f
Drop "access " from acl_unparse
2005-03-01 23:17:54 +00:00
Howard Chu
e0ca6e386e
Added acl_unparse, slap_sasl_getpolicy
2005-02-22 12:02:34 +00:00
Pierangelo Masarati
b381e1bcc8
cosmetic changes
2005-01-12 14:25:08 +00:00
Pierangelo Masarati
b46518ff77
silence warning for global scoped global ACLs
2005-01-12 00:53:50 +00:00
Kurt Zeilenga
1c5d78d8dd
Add "disclose" and "manage" ACL levels (but no meat).
...
Disclose permission intended to be used for "disclose on error"
(as in our present "none"), none being "don't disclose on error".
Manage permission is intended to be used to allow DSA IT management
(e.g., changing entryCSNs, structuralObjectClass, etc.).
2005-01-08 05:26:18 +00:00
Kurt Zeilenga
dc0eacd40b
Happy New Year!
2005-01-01 20:49:32 +00:00
Pierangelo Masarati
564c34d131
fix ITS#3416
2004-12-03 08:41:06 +00:00
Pierangelo Masarati
8866a28fb3
don't yell at regex styling that wraps all the suffix in a submatch
2004-11-30 22:50:07 +00:00
Pierangelo Masarati
e79fbb88cf
move ACIs under a dynamic infrastructure that allows run-time loadable custom access control logic (needs work)
2004-11-20 01:27:03 +00:00
Pierangelo Masarati
947268c5ee
partially revert previous commit (the "creator" special DN pattern is redundant as "dnattr" is more expressive
2004-11-15 22:57:03 +00:00
Pierangelo Masarati
064eb88ef8
move special dn patterns to style enum; add creator special dn pattern
2004-11-15 22:15:28 +00:00
Pierangelo Masarati
6a9bf9765e
add URI search to sets; documentation to come...
2004-10-07 17:05:48 +00:00
Pierangelo Masarati
4afaf4042a
minor cleanup
2004-10-06 22:20:30 +00:00
Pierangelo Masarati
4204aee7b9
extend the availability of submatches to non-regex DN patterns
2004-10-06 22:03:33 +00:00
Pierangelo Masarati
cd9a9c628d
frontend stuff moved into a database structure, essentially to allow overlays to be processed before database selection; passes all tests (ITS#3080)
2004-07-26 21:26:34 +00:00
Hallvard Furuseth
b81b0216a9
Split string literal to keep it below ANSI C's allowed 509-char limit.
2004-07-18 00:47:35 +00:00
Kurt Zeilenga
372a941334
add baseObject as alias for base.
...
cleanup
2004-06-28 06:42:00 +00:00
Kurt Zeilenga
73202e3910
Fix typo in last commit
2004-06-18 19:12:00 +00:00
Pierangelo Masarati
42f3b3d87b
improve parsing - first step
2004-06-18 09:11:53 +00:00
Pierangelo Masarati
f109f1eb6d
fix ITS#3140
2004-05-12 23:29:42 +00:00
Pierangelo Masarati
d40e5a365a
fix DN_SEPARATOR() and clarify its use
2004-05-07 09:03:05 +00:00
Pierangelo Masarati
b34cf02488
more on fixing escaped semicolon in normalized DN
2004-05-07 02:18:08 +00:00
Pierangelo Masarati
dd0e285b12
experimental ACL scope correctness test
2004-04-20 19:16:21 +00:00
Kurt Zeilenga
44725e7303
use BER_BVNULL
2004-04-07 04:11:43 +00:00
Pierangelo Masarati
006745430e
allow "expand" style in peername, sockname, sockurl as well; more sanity checks
2004-03-09 19:44:14 +00:00
Pierangelo Masarati
042869366d
use "expand" instead of "regex" for group ACLs that allow substring expansion, preserving backwards compatibility; add sanity checks
2004-03-09 16:33:05 +00:00
Pierangelo Masarati
a4e062ca36
apply advanced peername ACL (ITS#2907)
2004-03-08 18:49:12 +00:00
Pierangelo Masarati
ac0d45179f
log set in ACL (ITS#2949)
2004-03-08 11:09:49 +00:00
Kurt Zeilenga
3c598e89fb
Happy new year
2004-01-01 19:15:16 +00:00
Pierangelo Masarati
79bc396ed8
in the <what> clause of ACLs, only 'attr=' or 'attrs=' are allowed; the former for backwards compatibility, while slapd.access(5) correctly uses only the latter form
2003-12-20 15:31:54 +00:00
Pierangelo Masarati
39574bcb5f
for consistency, always allow 'onelevel' as an alias for 'one' in dnstyle
2003-12-20 15:18:21 +00:00
Kurt Zeilenga
aabcce3e58
Document +0
2003-12-19 05:06:51 +00:00
Pierangelo Masarati
4e83a282d0
improve error handling for attr val ACL syntax
2003-12-16 10:56:21 +00:00
Kurt Zeilenga
a736f237f8
Deprecate +objectClass in favor of @objectClass per IETF discussions
2003-12-16 05:55:52 +00:00
Pierangelo Masarati
ee34f3fb64
add to 'val[.<style>=<value>' ACLs special match styles for DN-valued attributes; add negated objectClass to attribute name lists for ACLs and partial replication
2003-12-16 00:49:10 +00:00
Kurt Zeilenga
4e15a84452
Updated notices
2003-11-27 01:17:14 +00:00
Kurt Zeilenga
81ed052186
Improve printing of ACLs
2003-10-15 07:48:01 +00:00
Howard Chu
6da0f1e48e
ITS#2573 dynamic group support
...
moved labeledURI into system schema
attribute types that inherit from labeledURI may be used in dynamic
groups e.g. access to * by group/groupOfURLs/memberURL=foo
2003-09-20 08:16:04 +00:00
Howard Chu
1240c70ff4
ITS#2497, implement value-level ACLs:
...
access to attr=foo val.regex=bar.*
2003-09-20 03:23:10 +00:00
Kurt Zeilenga
6f39517929
ITS#2707: fix 'access to dn.subtree="" by ...' directives
2003-09-10 02:33:36 +00:00
Hallvard Furuseth
642c8b1627
Break up too long string literals (>509 characters, ISO C's minimum max size).
2003-06-03 18:01:37 +00:00
Kurt Zeilenga
0954351565
Change ACL default style to exact (from regex)
2003-05-30 05:24:39 +00:00
Kurt Zeilenga
5cd994ed21
remove dnNormalize2
...
replace calls to dnNormalize2 with calls to dnNormalize
2003-04-29 18:28:14 +00:00
Howard Chu
ece7452b05
More memory context tweaks
2003-04-11 01:29:28 +00:00
Pierangelo Masarati
eed2d5db4d
only document 'subtree', but also allow 'sub'
2003-02-05 20:38:42 +00:00
Pierangelo Masarati
381e293b41
allow 'sub' and 'subtree' in acl (fix ITS#2300)
2003-02-05 19:39:34 +00:00
Kurt Zeilenga
6939c53170
Happy new year
2003-01-03 20:20:47 +00:00
Pierangelo Masarati
a62aa61544
much better fix for ITS#2196 (dnattr without sat_equality is bounced at config)
2002-11-25 18:37:04 +00:00
Howard Chu
e14f471a27
Add #include "lutil.h" for lutil_str* functions
2002-08-06 02:36:34 +00:00
Howard Chu
5a01db28e3
Moved slap_strcopy, slap_strncopy to lutil_strcopy, lutil_strncopy
2002-07-27 00:24:02 +00:00
Kurt Zeilenga
8a3d02bf6b
misc cleanup
2002-07-23 18:35:12 +00:00
Kurt Zeilenga
ef3d895cb8
More ACL to dn="" bug fixing... and add test006-acl check
2002-07-11 01:45:22 +00:00
Kurt Zeilenga
8354160f8b
Patch: aclparse.c bugs (ITS#1752)
...
================
Written by Hallvard B. Furuseth and placed into the public domain.
This software is not subject to any license of the University of Oslo.
================
Bug fixes:
- acl_regex_normalized_dn(pattern):
* used pattern->bv_len even though it claimed not to,
* would walk past the end of strings that ended (incorrectly)
with a single '\'.
- style=regex checked for "^.*$$" twice but not for "^.*$".
- the code did not notice if dnNormalize2() failed, and would
(at least in one case) treat a bad DN as '*'.
Some cleanup:
- changed regtest() to return void, since the return value was unused.
- changed acl_regex_normalized_dn() to take a string input argument
instead of a half-filled berval, it looks saner that way.
Hallvard B. Furuseth <h.b.furuseth@usit.uio.no>, April 2002.
2002-04-15 20:44:05 +00:00
Kurt Zeilenga
709ce4fa6c
Re: Patch: ctype functions require 'unsigned char' args (ITS#1678)
...
================
Written by Hallvard B. Furuseth and placed into the public domain.
This software is not subject to any license of the University of Oslo.
================
Here are fixes for more places where the argument to ctype.h functions
should be in the range of `unsigned char'.
Explanation of the last patch (to schema_init.c:bvcasechr()):
TOLOWER() and TOUPPER() return values in the range of `unsigned char',
but bvcasechr() then compares those values with a plain `char'. So I
convert the return values from TOLOWER()/TOUPPER() to `char' first.
Hallvard B. Furuseth <h.b.furuseth@usit.uio.no>, April 2002.
2002-04-15 20:42:42 +00:00
Pierangelo Masarati
440637dde7
various acl improvements/cleanups/speedups (need to be documented, though)
2002-04-03 15:42:19 +00:00
Pierangelo Masarati
ab6ad34692
the logic of this check was completely reversed; in case '*' is used, on't test the regula expression
2002-04-02 08:18:30 +00:00
Kurt Zeilenga
c9c3a68496
Deprecate filter_print in favor of filter2bv.
2002-03-10 17:41:14 +00:00
Kurt Zeilenga
2b71d70f2f
Reverse arguments of is_object_subclass and reverse backwards calls
2002-02-09 23:55:37 +00:00
Kurt Zeilenga
59857824ff
Treat access to dn="" as access to dn.base="". Avoid empty regex.
...
Note: by dn="" already treated as anonymous.
2002-02-08 18:32:12 +00:00
Howard Chu
5e522ca882
Changed Access.a_sockurl_pat, Connection.c_listener_url etc.
...
to struct bervals
2002-01-28 11:41:07 +00:00
Kurt Zeilenga
ce2d8ebc7e
Misc cleanup, lint removal, and minor optimizations
2002-01-13 05:00:59 +00:00
Howard Chu
8067107ed2
Added an_oc to AttributeName for caching ObjectClass lookups.
...
Added error checking to str2anlist; if the attr name doesn't match
any attribute or objectclass the offending attr name is displayed.
2002-01-10 09:54:14 +00:00
Kurt Zeilenga
0e2af54a3f
Update copyright statements
2002-01-04 21:17:25 +00:00
Howard Chu
bcdfdb968f
Changed AttributeName back into an array instead of a linked list.
...
Fixed bug in do_search eating up controls.
2002-01-03 05:38:26 +00:00
Howard Chu
f52cc9bab5
Change struct berval ** to BVarray
2002-01-02 11:00:36 +00:00
Howard Chu
743c402265
Changed search attrs from struct berval ** to AttributeName *
2001-12-31 11:35:52 +00:00
Pierangelo Masarati
3930a390e0
cleanup
2001-12-29 10:30:23 +00:00
Howard Chu
975a5e9a24
Added dnPretty2/dnNormalize2 using preallocated destination berval
2001-12-29 04:48:00 +00:00
Pierangelo Masarati
04ce28cf48
a couple of comments; will require special DN handling ...
2001-12-28 18:18:16 +00:00
Howard Chu
bbcb0f8a7f
Replace strcat with slap_strcopy
2001-12-26 16:25:18 +00:00
Howard Chu
15f630545a
Changed ma_rule_text to struct berval.
...
Changed get_filter to struct bervals
2001-12-26 13:47:10 +00:00
Howard Chu
fb3af1ccbd
Merged ber_bvstr and ber_bvstrdup into ber_str2bv.
2001-12-26 10:06:19 +00:00
Howard Chu
68b1bbb89d
Changed search attrs to struct berval **.
...
Use typedefs for all backend functions, to minimize work in future API
updates. (back-*/external.h will never need updating in the future.)
2001-12-26 08:17:44 +00:00
Howard Chu
b96645af7d
More struct berval changes, dnNormalize migration...
2001-12-26 04:17:49 +00:00
Kurt Zeilenga
d047cc854e
Require the struct berval **out argument of dnPretty/dnNormalize
...
point to a NULL pointer, that is assert( *out == NULL ).
Eventually, we'll allow **out to point to a preallocated
struct berval (to avoid unnecessary allocation).
2001-12-24 18:38:20 +00:00
Howard Chu
9e0ab3da36
Changed Access->a_set_pat and acl->acl_dn_pat to struct berval to eliminate
...
strlen() from acl processing.
2001-12-24 15:43:27 +00:00
Howard Chu
2f3399265c
Changed sai_dn, sai_ndn to struct berval. (Affects op->o_dn,o_ndn,
...
conn->c_dn,c_ndn, Access->a_dn_pat)
2001-12-24 15:11:01 +00:00
Kurt Zeilenga
5c0a8848cf
Add abstract object class checks and a bit of structuralObjectClass
...
optimization.
2001-12-20 01:41:44 +00:00
Howard Chu
ff682be26e
Added acl_destroy, acl_free.
2001-12-15 12:41:53 +00:00
Pierangelo Masarati
b4e7f0873a
trims space after comma in dn.regex acls (prelude to normalization)
2001-11-12 11:29:40 +00:00
Pierangelo Masarati
08ff231888
fixes assertion fault when the <to> clauses's argument does not have a = inside
2001-10-29 08:14:12 +00:00
Howard Chu
0e16f6acf9
Moved AttributeDescription caching into main code:
...
Changed AttributeDescription.{ad_cname,ad_lang} to struct berval everywhere
Deleted ad_free() everywhere
Added ad_mutex to init.c
The AttributeDescriptions are in a linked list hanging off of the
corresponding AttributeType.
2001-10-22 13:23:05 +00:00
Kurt Zeilenga
2c9a238571
Allow dn.base=""
2001-09-01 05:01:31 +00:00
Kurt Zeilenga
a5ea7aefd6
Add name and uid support to dnaddr
2001-03-15 04:48:29 +00:00
Julio Sánchez Fernández
6777a3a41a
Permit access defined by uniqueMember and not only DN-valued
...
attributes. This allows using groupOfUniqueNames for
access control.
Fix small typo in MRA definition.
2000-10-09 19:09:22 +00:00
Kurt Zeilenga
63ae1d22e5
Fix ACL SSF reporting
2000-09-05 18:24:24 +00:00
Kurt Zeilenga
bf3df2f7a6
restrictops, requires, disallow knobs; ssf acls; and misc other changes
...
man pages to follow...
2000-08-28 18:38:48 +00:00
Kurt Zeilenga
1c328aa9c7
Minor typedef and other clean ups
2000-08-26 01:14:05 +00:00
Mark Valence
45fdcb7163
Bug fix submitted by Anthony Brock (ITS#637)
2000-07-25 02:16:59 +00:00
Mark Valence
4b1ff75bdd
Prepare for Set ACLs and ACIs.
2000-06-29 21:41:54 +00:00
Kurt Zeilenga
d19419392c
Use ASCII_*() macros and friends. Should be combined with similiar LDAP_*()
...
macros in ldap_pvt.h.
2000-06-20 17:05:15 +00:00
Kurt Zeilenga
4b58e3b88d
Add schema checks.
2000-06-19 16:14:36 +00:00
Mark Valence
1bfcb4b039
Added .regex, .base, .one, .subtree, and .children "style" modifiers.
2000-06-12 01:35:15 +00:00
Kurt Zeilenga
c3f8de76ef
Fix up debug statement as suggested by christian.lorenz@suse.de
2000-06-07 14:07:50 +00:00