Pierangelo Masarati
e79fbb88cf
move ACIs under a dynamic infrastructure that allows run-time loadable custom access control logic (needs work)
2004-11-20 01:27:03 +00:00
Pierangelo Masarati
947268c5ee
partially revert previous commit (the "creator" special DN pattern is redundant as "dnattr" is more expressive
2004-11-15 22:57:03 +00:00
Pierangelo Masarati
064eb88ef8
move special dn patterns to style enum; add creator special dn pattern
2004-11-15 22:15:28 +00:00
Pierangelo Masarati
6a9bf9765e
add URI search to sets; documentation to come...
2004-10-07 17:05:48 +00:00
Pierangelo Masarati
4afaf4042a
minor cleanup
2004-10-06 22:20:30 +00:00
Pierangelo Masarati
4204aee7b9
extend the availability of submatches to non-regex DN patterns
2004-10-06 22:03:33 +00:00
Pierangelo Masarati
cd9a9c628d
frontend stuff moved into a database structure, essentially to allow overlays to be processed before database selection; passes all tests (ITS#3080)
2004-07-26 21:26:34 +00:00
Hallvard Furuseth
b81b0216a9
Split string literal to keep it below ANSI C's allowed 509-char limit.
2004-07-18 00:47:35 +00:00
Kurt Zeilenga
372a941334
add baseObject as alias for base.
...
cleanup
2004-06-28 06:42:00 +00:00
Kurt Zeilenga
73202e3910
Fix typo in last commit
2004-06-18 19:12:00 +00:00
Pierangelo Masarati
42f3b3d87b
improve parsing - first step
2004-06-18 09:11:53 +00:00
Pierangelo Masarati
f109f1eb6d
fix ITS#3140
2004-05-12 23:29:42 +00:00
Pierangelo Masarati
d40e5a365a
fix DN_SEPARATOR() and clarify its use
2004-05-07 09:03:05 +00:00
Pierangelo Masarati
b34cf02488
more on fixing escaped semicolon in normalized DN
2004-05-07 02:18:08 +00:00
Pierangelo Masarati
dd0e285b12
experimental ACL scope correctness test
2004-04-20 19:16:21 +00:00
Kurt Zeilenga
44725e7303
use BER_BVNULL
2004-04-07 04:11:43 +00:00
Pierangelo Masarati
006745430e
allow "expand" style in peername, sockname, sockurl as well; more sanity checks
2004-03-09 19:44:14 +00:00
Pierangelo Masarati
042869366d
use "expand" instead of "regex" for group ACLs that allow substring expansion, preserving backwards compatibility; add sanity checks
2004-03-09 16:33:05 +00:00
Pierangelo Masarati
a4e062ca36
apply advanced peername ACL (ITS#2907)
2004-03-08 18:49:12 +00:00
Pierangelo Masarati
ac0d45179f
log set in ACL (ITS#2949)
2004-03-08 11:09:49 +00:00
Kurt Zeilenga
3c598e89fb
Happy new year
2004-01-01 19:15:16 +00:00
Pierangelo Masarati
79bc396ed8
in the <what> clause of ACLs, only 'attr=' or 'attrs=' are allowed; the former for backwards compatibility, while slapd.access(5) correctly uses only the latter form
2003-12-20 15:31:54 +00:00
Pierangelo Masarati
39574bcb5f
for consistency, always allow 'onelevel' as an alias for 'one' in dnstyle
2003-12-20 15:18:21 +00:00
Kurt Zeilenga
aabcce3e58
Document +0
2003-12-19 05:06:51 +00:00
Pierangelo Masarati
4e83a282d0
improve error handling for attr val ACL syntax
2003-12-16 10:56:21 +00:00
Kurt Zeilenga
a736f237f8
Deprecate +objectClass in favor of @objectClass per IETF discussions
2003-12-16 05:55:52 +00:00
Pierangelo Masarati
ee34f3fb64
add to 'val[.<style>=<value>' ACLs special match styles for DN-valued attributes; add negated objectClass to attribute name lists for ACLs and partial replication
2003-12-16 00:49:10 +00:00
Kurt Zeilenga
4e15a84452
Updated notices
2003-11-27 01:17:14 +00:00
Kurt Zeilenga
81ed052186
Improve printing of ACLs
2003-10-15 07:48:01 +00:00
Howard Chu
6da0f1e48e
ITS#2573 dynamic group support
...
moved labeledURI into system schema
attribute types that inherit from labeledURI may be used in dynamic
groups e.g. access to * by group/groupOfURLs/memberURL=foo
2003-09-20 08:16:04 +00:00
Howard Chu
1240c70ff4
ITS#2497, implement value-level ACLs:
...
access to attr=foo val.regex=bar.*
2003-09-20 03:23:10 +00:00
Kurt Zeilenga
6f39517929
ITS#2707: fix 'access to dn.subtree="" by ...' directives
2003-09-10 02:33:36 +00:00
Hallvard Furuseth
642c8b1627
Break up too long string literals (>509 characters, ISO C's minimum max size).
2003-06-03 18:01:37 +00:00
Kurt Zeilenga
0954351565
Change ACL default style to exact (from regex)
2003-05-30 05:24:39 +00:00
Kurt Zeilenga
5cd994ed21
remove dnNormalize2
...
replace calls to dnNormalize2 with calls to dnNormalize
2003-04-29 18:28:14 +00:00
Howard Chu
ece7452b05
More memory context tweaks
2003-04-11 01:29:28 +00:00
Pierangelo Masarati
eed2d5db4d
only document 'subtree', but also allow 'sub'
2003-02-05 20:38:42 +00:00
Pierangelo Masarati
381e293b41
allow 'sub' and 'subtree' in acl (fix ITS#2300)
2003-02-05 19:39:34 +00:00
Kurt Zeilenga
6939c53170
Happy new year
2003-01-03 20:20:47 +00:00
Pierangelo Masarati
a62aa61544
much better fix for ITS#2196 (dnattr without sat_equality is bounced at config)
2002-11-25 18:37:04 +00:00
Howard Chu
e14f471a27
Add #include "lutil.h" for lutil_str* functions
2002-08-06 02:36:34 +00:00
Howard Chu
5a01db28e3
Moved slap_strcopy, slap_strncopy to lutil_strcopy, lutil_strncopy
2002-07-27 00:24:02 +00:00
Kurt Zeilenga
8a3d02bf6b
misc cleanup
2002-07-23 18:35:12 +00:00
Kurt Zeilenga
ef3d895cb8
More ACL to dn="" bug fixing... and add test006-acl check
2002-07-11 01:45:22 +00:00
Kurt Zeilenga
8354160f8b
Patch: aclparse.c bugs (ITS#1752)
...
================
Written by Hallvard B. Furuseth and placed into the public domain.
This software is not subject to any license of the University of Oslo.
================
Bug fixes:
- acl_regex_normalized_dn(pattern):
* used pattern->bv_len even though it claimed not to,
* would walk past the end of strings that ended (incorrectly)
with a single '\'.
- style=regex checked for "^.*$$" twice but not for "^.*$".
- the code did not notice if dnNormalize2() failed, and would
(at least in one case) treat a bad DN as '*'.
Some cleanup:
- changed regtest() to return void, since the return value was unused.
- changed acl_regex_normalized_dn() to take a string input argument
instead of a half-filled berval, it looks saner that way.
Hallvard B. Furuseth <h.b.furuseth@usit.uio.no>, April 2002.
2002-04-15 20:44:05 +00:00
Kurt Zeilenga
709ce4fa6c
Re: Patch: ctype functions require 'unsigned char' args (ITS#1678)
...
================
Written by Hallvard B. Furuseth and placed into the public domain.
This software is not subject to any license of the University of Oslo.
================
Here are fixes for more places where the argument to ctype.h functions
should be in the range of `unsigned char'.
Explanation of the last patch (to schema_init.c:bvcasechr()):
TOLOWER() and TOUPPER() return values in the range of `unsigned char',
but bvcasechr() then compares those values with a plain `char'. So I
convert the return values from TOLOWER()/TOUPPER() to `char' first.
Hallvard B. Furuseth <h.b.furuseth@usit.uio.no>, April 2002.
2002-04-15 20:42:42 +00:00
Pierangelo Masarati
440637dde7
various acl improvements/cleanups/speedups (need to be documented, though)
2002-04-03 15:42:19 +00:00
Pierangelo Masarati
ab6ad34692
the logic of this check was completely reversed; in case '*' is used, on't test the regula expression
2002-04-02 08:18:30 +00:00
Kurt Zeilenga
c9c3a68496
Deprecate filter_print in favor of filter2bv.
2002-03-10 17:41:14 +00:00
Kurt Zeilenga
2b71d70f2f
Reverse arguments of is_object_subclass and reverse backwards calls
2002-02-09 23:55:37 +00:00