upstream/openldap
1
0
Fork 0
mirror of https://git.openldap.org/openldap/openldap.git synced 2025-12-23 08:09:34 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions
22163 commits 38 branches 309 tags 68 MiB
Commit graph

289 commits

Author SHA1 Message Date
Pierangelo Masarati
942ca17669 cleanup resource release 2006-06-08 23:41:02 +00:00
Pierangelo Masarati
740f196548 rework quarantine locking and so 2006-06-07 23:25:38 +00:00
Pierangelo Masarati
186813daed rearrange quarantine handling during proxyAuthz bind; bind anonymously if no bindmethod is defined 2006-05-30 01:20:32 +00:00
Pierangelo Masarati
f5fcd2c169 cleanup previous commit 2006-05-30 00:12:23 +00:00
Pierangelo Masarati
a6406de871 make room for plugins that deal with quarantine end 2006-05-29 21:43:20 +00:00
Pierangelo Masarati
795841b5a4 implement proxy quarantine (ITS#4569) 2006-05-27 19:54:27 +00:00
Pierangelo Masarati
e5c173691d add cancel strategies (ITS#4560) 2006-05-20 14:29:01 +00:00
Pierangelo Masarati
fcbc1f484d fix referrals return for ops other than search (ITS#4557); use slab memory for temporaries in returning referrals 2006-05-18 22:28:22 +00:00
Pierangelo Masarati
073f14ceac lc_bound_ndn is occasionally saved to keep track of who bound; don't use it to bind unless credentials are present as well 2006-05-16 02:56:59 +00:00
Pierangelo Masarati
9c9b6f7353 idassert: setup rebind stuff when binding for proxyAuthz, so that referral chasing tries to rebind with the correct identity (partially address ITS#3526) 2006-05-16 01:10:51 +00:00
Pierangelo Masarati
3b7084c170 reset the conn field in the cached connection if the bound DN is privileged (ITS#4547) 2006-05-15 01:42:05 +00:00
Pierangelo Masarati
26d1fc8c48 more cleanup of previous commits 2006-05-14 18:09:56 +00:00
Pierangelo Masarati
f87e6270d4 improve previous commit 2006-05-14 17:53:40 +00:00
Pierangelo Masarati
0c33c17bb5 "single-conn" forces flushing of existing conns during rebind on same conn (ITS#4546) 2006-05-14 17:32:15 +00:00
Pierangelo Masarati
3393b15594 cleanup resource release 2006-05-14 15:11:53 +00:00
Pierangelo Masarati
373ded8d24 add URI list resorting feature (ITS#4524) 2006-05-06 16:15:25 +00:00
Pierangelo Masarati
401b211d98 touch idle-timeout HAVE_TLS odds; silence warning #ifndef HAVE_TLS 2006-05-06 10:50:13 +00:00
Pierangelo Masarati
3b5d411af2 fix idassert "override" 2006-05-01 22:54:07 +00:00
Pierangelo Masarati
4d894c7d24 don't idassert if proxyAuthz == boundDN (ITS#4497) 2006-04-21 21:07:31 +00:00
Pierangelo Masarati
e01743193d more coverity issues 2006-04-14 00:17:27 +00:00
Hallvard Furuseth
7a19d8855d Remove useless assert: unsigned lc->lc_refcnt >= 0 2006-04-13 22:20:55 +00:00
Pierangelo Masarati
bd8514fb1e address protocol version issues (ITS#4488) 2006-04-13 16:20:00 +00:00
Pierangelo Masarati
666e0677ca re-fix previous commit 2006-04-08 15:59:59 +00:00
Pierangelo Masarati
cc8109db06 fix previous commit 2006-04-08 14:45:19 +00:00
Pierangelo Masarati
0500576056 add support for old proxyAuthz encoding; allow to workaround buggy implementations of the new version (now RFC4370) 2006-04-08 11:12:30 +00:00
Pierangelo Masarati
6a293c65b3 line up network-timeout with back-meta 2006-04-07 09:08:37 +00:00
Pierangelo Masarati
8c1b8d3f7b actually, if a connection is already in the AVL tree, use it if not binding; otherwise use a tainted one; taint connections that must be freed when refcnt goes to zero 2006-04-07 01:28:56 +00:00
Kurt Zeilenga
45d0479d37 Reverse last commit. Wrong tree. 2006-04-05 00:40:53 +00:00
Kurt Zeilenga
31d64d4642 No LogTest in re23 2006-04-05 00:39:46 +00:00
Pierangelo Masarati
02966c3d1c fix handling of expired connections (ITS#4429; need to look at back-meta as well) 2006-03-29 01:26:42 +00:00
Pierangelo Masarati
bacd1f170f leave existing controls in place if proxyAuthz is not required by idassert (ITS#4457) 2006-03-28 21:45:54 +00:00
Pierangelo Masarati
1418b2c5b1 fix previous commit: actually free the connection in case of failed bind 2006-03-25 01:12:27 +00:00
Pierangelo Masarati
fd5208c18f destroy bind connection after failed bind (ITS#4428) 2006-03-25 00:33:42 +00:00
Pierangelo Masarati
3160c03dab cleanup previous commit 2006-03-23 23:01:14 +00:00
Pierangelo Masarati
3437406a0b honor "chase-referrals no" (ITS#4447) 2006-03-23 21:01:19 +00:00
Pierangelo Masarati
3861c47316 queue implicit binds (ITS#4409) 2006-03-03 16:27:00 +00:00
Kurt Zeilenga
cbc11c9233 unifdef -DLDAP_NULL_IS_NULL 2006-02-14 23:18:12 +00:00
Pierangelo Masarati
f4c578cb31 delete all conns cached for a single client->proxy connection (partially addresses ITS#4387) 2006-02-06 21:39:56 +00:00
Pierangelo Masarati
f0d6ac3e0b debug cleanup 2006-02-04 15:50:22 +00:00
Pierangelo Masarati
54aefe30f7 implement proxy long-lived connection TTL 2006-02-01 23:10:12 +00:00
Pierangelo Masarati
7038044c91 in abnormal cases, error may be sent twice 2006-01-11 15:32:34 +00:00
Pierangelo Masarati
0dce854ce4 complete fix to back-ldap (ITS#4315?); not sure dobind should actually be treated as a bind... 2006-01-11 12:11:59 +00:00
Pierangelo Masarati
7368ffb77a don't idassert anon2anon (ITS#4321) 2006-01-10 13:17:31 +00:00
Pierangelo Masarati
f3c2c7ba48 use slab memory for proxyauthz 2006-01-09 20:00:51 +00:00
Pierangelo Masarati
6995603a3d refine fix to ITS#4315; apply it to back-meta as well 2006-01-09 14:20:37 +00:00
Howard Chu
8538223def TS#4315 fix prev commit, spinning in ldap_back_dobind 2006-01-09 09:37:52 +00:00
Howard Chu
2b39a26150 ITS#4315 fix bind concurrency issue 2006-01-09 09:14:53 +00:00
Kurt Zeilenga
acbb5cf689 Happy new year! 2006-01-03 23:11:52 +00:00
Pierangelo Masarati
8c2ceeb605 don't idassert anonymous unless explicitly configured (ITS#4272) 2005-12-20 20:43:14 +00:00
Pierangelo Masarati
4538422dc9 better handling of internal operations 2005-12-15 13:47:25 +00:00
Pierangelo Masarati
430aff35bb assume operations with version set to 0 are internal, and use LDAPv3 2005-12-15 11:39:46 +00:00
Pierangelo Masarati
fcda57e90f use macros instead of numbers... 2005-12-13 20:11:26 +00:00
Pierangelo Masarati
1b42fde372 implement (per-target) per-conn proxy-side idle-timeout (ITS#4115); revitalize (per-target) network-timeout in back-meta; fix issue with connection initialization error in ldap_back_retry(); cleanup configuration of back-ldap 2005-12-07 17:35:02 +00:00
Pierangelo Masarati
2ea72234aa return more appropriate error code 2005-12-06 20:04:52 +00:00
Pierangelo Masarati
4852bf8a58 don't care about empty matched/text #ifdef LDAP_NULL_IS_NULL 2005-11-20 01:59:26 +00:00
Pierangelo Masarati
7fa4b159bf fix dangling resources issue in slapd-ldap; completely rework slapo-chain to fix the resource leak/concurrency issue; add support for multiple well-known URIs to set credentials for, and deal with unknown URIs anonymously; similar reworking and cleanup for slapd-meta 2005-11-19 15:00:50 +00:00
Pierangelo Masarati
78bd3bf6a3 handle LDAPv2 when returning timelimit; silence warning 2005-11-11 09:54:07 +00:00
Pierangelo Masarati
93abd4c616 cannot happen... 2005-11-09 12:58:57 +00:00
Pierangelo Masarati
4cab386d13 backport write operation timeouts from back-meta to back-ldap; minor cleanup & silence warnings 2005-11-06 23:29:10 +00:00
Pierangelo Masarati
4744733638 don't copy o_ndn into lc_bound_ndn, otherwise we end up in a bind with DN but no password\! 2005-10-14 23:25:57 +00:00
Pierangelo Masarati
112be0118e cleanup states/timeout handling in back-ldap/meta; add connection pooling and defer of pseudoroot bind to back-meta 2005-09-24 18:39:26 +00:00
Pierangelo Masarati
fb3fc81c7e improved authz_backend detection for internal databases (ITS#4018) 2005-09-10 09:56:29 +00:00
Pierangelo Masarati
866148810e release resources (ITS#4016) 2005-09-09 02:37:38 +00:00
Pierangelo Masarati
075220dd7e need some minimal timeout otherwise strange issues occur 2005-08-22 18:14:41 +00:00
Pierangelo Masarati
15d1b4d5dd cleanup locking 2005-08-20 19:00:56 +00:00
Pierangelo Masarati
5873048347 fix return code (prevents clean usage of back-ldap for internal searchs) 2005-08-17 19:38:36 +00:00
Hallvard Furuseth
a0b5f5138b Remove unused label "error_return" 2005-08-16 19:45:50 +00:00
Pierangelo Masarati
7b9173d0bb should compile also when #undef HAVE_TLS 2005-08-12 10:51:39 +00:00
Pierangelo Masarati
a23466f64a should compile also when #undef HAVE_TLS 2005-08-12 10:49:55 +00:00
Pierangelo Masarati
c6e2a69f27 fix tls propagation, including rebind 2005-08-11 16:01:24 +00:00
Pierangelo Masarati
fa27310d77 use trylock only where necessary 2005-08-07 00:35:11 +00:00
Pierangelo Masarati
4ed743cc84 remove unrequired member; address ITS#3913 2005-08-02 22:48:30 +00:00
Pierangelo Masarati
4148ddc31f save 1 function call... 2005-08-02 08:13:16 +00:00
Pierangelo Masarati
a91ebfac79 plug leaks 2005-07-25 20:47:39 +00:00
Pierangelo Masarati
3e84f692aa there might definitely be concurrency issues, but it's not pooled connections' fault 2005-07-23 22:03:35 +00:00
Pierangelo Masarati
e810105f87 (mostly) reverting previous commit (overconservative) 2005-07-23 22:02:12 +00:00
Pierangelo Masarati
796316bc84 strengthen concurrency protection 2005-07-23 19:39:51 +00:00
Pierangelo Masarati
6adfb5dd2f note an issue 2005-07-22 03:23:26 +00:00
Hallvard Furuseth
81ecb0b153 assert expects int. (int)<nonnull ptr/long> can be 0. Use assert(arg!=0/NULL). 2005-07-18 06:22:33 +00:00
Pierangelo Masarati
681a547e13 fix potential deadlock 2005-07-04 22:41:27 +00:00
Pierangelo Masarati
982981d465 fix potential deadlock; improve idassert in case of authzFrom rules (new flag values); rootdn can always idassert 2005-07-03 23:27:56 +00:00
Pierangelo Masarati
1aaa18b180 more on ITS#3808 2005-06-29 18:16:29 +00:00
Pierangelo Masarati
9e811df052 seems to definitely fix issues related to ITS#3808 2005-06-29 16:38:09 +00:00
Pierangelo Masarati
cbe9c74675 return LDAP_SUCCESS if Start TLS failed but was not critical 2005-06-29 12:38:18 +00:00
Pierangelo Masarati
671b02f748 more on ITS#3808 2005-06-29 12:28:40 +00:00
Pierangelo Masarati
196af0e056 (partial?) fix ITS#3808 2005-06-29 11:44:11 +00:00
Pierangelo Masarati
a7f44159c1 complete back-config support, including chain overlay; passes all tests; HEADS-UP: few syntax changes (essentially backwards compatible) 2005-05-23 07:25:00 +00:00
Pierangelo Masarati
471f4772a0 cleanup connection locking 2005-04-21 00:49:35 +00:00
Pierangelo Masarati
a141e3badf enable use of asynchronous call to StartTLS 2005-04-16 02:56:46 +00:00
Pierangelo Masarati
5affbfa428 add SASL bind for acl-authc; use slap_bindconf 2005-04-10 23:44:06 +00:00
Pierangelo Masarati
edfbbeb653 clarify comment 2005-02-19 16:55:14 +00:00
Pierangelo Masarati
f8b463d0bc use asynchronous StartTLS 2005-02-19 16:14:22 +00:00
Howard Chu
beaeb5ed5c Fix if HAVE_TLS is missing 2005-02-18 04:20:56 +00:00
Pierangelo Masarati
e50092878d temporarily revert to synchronous start tls 2005-02-05 17:33:22 +00:00
Pierangelo Masarati
43138aa500 use asynchronous Start TLS exop; allow propagating TLS if used in the original connection; minor cleanup 2005-02-05 15:55:02 +00:00
Howard Chu
122cdf4549 In ldap_back_bind, don't send success result, frontend does it 2005-02-01 00:19:45 +00:00
Pierangelo Masarati
cfc77f0a0a make referrals chasing optional (default is to chase them) 2005-01-30 22:56:59 +00:00
Pierangelo Masarati
3dd2f4150b allow proxyAuthz of users authenticated via SASL 2005-01-26 20:01:02 +00:00
Pierangelo Masarati
c6b6d2a5ec StartTLS (ITS#3507) + chain overlay fixes and improvements 2005-01-24 09:38:11 +00:00
Pierangelo Masarati
1d919d35a5 remove #ifdef's for identity assertion 2005-01-20 09:04:37 +00:00
Pierangelo Masarati
41d7c03e8b clear out the error 2005-01-09 23:30:19 +00:00
Pierangelo Masarati
cd2e651c26 ITS#3469: C99 compliance 2005-01-08 11:25:11 +00:00
Pierangelo Masarati
4d8267595f retry on ldap_result() with a timeout 2005-01-08 09:19:51 +00:00
Kurt Zeilenga
dc0eacd40b Happy New Year! 2005-01-01 20:49:32 +00:00
Pierangelo Masarati
fefa59059d minor cleanup 2004-12-08 19:11:27 +00:00
Pierangelo Masarati
f176935a58 remove rewrite stuff -- now delegted to rwm overlay 2004-11-13 14:43:30 +00:00
Pierangelo Masarati
dd367a2b78 make sure we're comparing the same database 2004-11-11 13:12:34 +00:00
Howard Chu
55f12a7eee Add a retry for failed connections 2004-10-01 11:16:38 +00:00
Kurt Zeilenga
d611a4b49a unifdef -UNEW_LOGGING 2004-09-04 04:54:28 +00:00
Pierangelo Masarati
a7b55f4f44 assert administrative identity instead of the required one if doing auth check in non-caching mode 2004-07-23 00:11:05 +00:00
Pierangelo Masarati
277d921945 clear shared connections when ldap_result fails with -1 (typically, remote server is down); fixes ITS#3217 2004-07-04 23:35:18 +00:00
Pierangelo Masarati
1f70ad82f2 clean up unnecessary checks; don't use SASL native authz if authz ID is not static, because back-ldap pools connections... 2004-06-21 00:57:12 +00:00
Pierangelo Masarati
eca48b6f20 not sure that cyrus-sasl doesn't honor empty authz; need to check 2004-06-20 23:21:40 +00:00
Pierangelo Masarati
5bfb9fd590 make authz mode selection fully manual, plus more cleanup 2004-06-20 22:42:36 +00:00
Pierangelo Masarati
f34b11760a allow a hidden parameter to instruct the proxy that the SASL mech can do native authz; will disappear as soon as I can detect it automnatically 2004-06-19 18:18:26 +00:00
Pierangelo Masarati
e6065fb20d li->be didn't work; since it seems to be unnecessary, it's been removed; please check 2004-06-19 15:16:51 +00:00
Jong Hyuk Choi
f60f2d5048 Fix typo 2004-06-08 02:52:59 +00:00
Pierangelo Masarati
a18e199e0d more on identity assertion 2004-05-22 17:26:02 +00:00
Pierangelo Masarati
cdebc4d376 more on idassert: SASL bind/authz 2004-05-15 10:11:10 +00:00
Pierangelo Masarati
8b954144d6 reflect Kurt's comments on ID assertion 2004-05-14 10:01:22 +00:00
Pierangelo Masarati
66ddf62922 add idassert code (undocumented yet) 2004-05-13 20:25:53 +00:00
Kurt Zeilenga
44725e7303 use BER_BVNULL 2004-04-07 04:11:43 +00:00
Pierangelo Masarati
e17be551a4 fix previous commit 2004-04-06 08:47:59 +00:00
Pierangelo Masarati
6a1dd9a1cd exploit new frontend API 2 protocol error mapping; use urldesc... 2004-04-05 17:36:53 +00:00
Pierangelo Masarati
65b49dd312 add "searchFilterAttrDN" rewrite context, and allow filterstring rewrite 2004-03-10 21:11:14 +00:00
Kurt Zeilenga
3c598e89fb Happy new year 2004-01-01 19:15:16 +00:00
Pierangelo Masarati
529a03df53 use dedicated admin identity to proxyAuthz 2003-12-13 10:57:42 +00:00
Kurt Zeilenga
fbba83b20f notices and acknowledgements 2003-12-08 17:41:40 +00:00
Kurt Zeilenga
ed369e02af Don't search for proxy authz control unnecessarily. 
Add note regarding control use with the Bind operation.
 2003-12-01 21:49:52 +00:00
Pierangelo Masarati
cdb11fc5eb add administrative bind and proxyAuthz control to enable bound operations in distributed directories (need to manually #define LDAP_BACK_PROXY_AUTHZ and patches from ITS#2851 and ITS#2852) 2003-12-01 08:04:51 +00:00
Kurt Zeilenga
a3d8cda201 notices and acknowledges 2003-11-27 06:35:14 +00:00
Howard Chu
9c47359912 Bind fixes for chaining 2003-06-11 22:35:31 +00:00
Hallvard Furuseth
6362a51fe8 Printf %p expects a void pointer. 
Other pointers may have different representation.
 2003-05-22 22:00:54 +00:00
Howard Chu
b7351c66bc ITS#2511 use %p to log pointer values 2003-05-14 13:54:15 +00:00
Pierangelo Masarati
629885a269 use SLAP_PTRCMP 2003-04-18 17:16:48 +00:00
Pierangelo Masarati
6bcbe9ad31 reset passwords before freeindg them 2003-04-18 10:02:43 +00:00
Howard Chu
d7a1eb0ea2 Fix AVL comparisons 2003-04-17 04:36:42 +00:00
Pierangelo Masarati
93abccdee3 group rewrite/map stuff in one structure and optimize more function calls 2003-04-07 16:52:59 +00:00
Pierangelo Masarati
77c4389f55 use rewrite info instead of ldapinfo for reusability in back-meta; will change soon 2003-04-07 12:53:00 +00:00
Howard Chu
68c5f6fa98 Cleanup ENABLE_REWRITE ifdefs, put into a new ldap_back_dn_massage(). 
All DN attrs are massaged, whether or not ENABLE_REWRITE is defined.
Use "dnAttr" rewriteContext for Add, Compare, & Modify.
Fixed ldap_back_compare.
 2003-04-07 10:15:18 +00:00
Pierangelo Masarati
4235da91d4 massage bound dn only if operating on authz backend 2003-04-05 11:31:54 +00:00
Pierangelo Masarati
cb33a9ff44 minor fixes: leaks, dangling pointers, cleaner tag skip 
for subschemaSubentry; still having problems with group ACLs ...
 2003-04-05 01:20:55 +00:00
Pierangelo Masarati
ab3ab80ecd more args elimination + allow specific messages when mapping client API errors to LDAP_OTHER 2003-04-04 22:20:49 +00:00
Pierangelo Masarati
dfbbd11bd3 remove more unnecessary args 2003-04-04 00:43:40 +00:00
Howard Chu
a9339c99f6 Fix shared/private binds, fix entry_get malloc 2003-04-03 23:55:57 +00:00
Pierangelo Masarati
ebe0bb0b52 trim unnecessary args 2003-04-03 23:23:56 +00:00
Pierangelo Masarati
44c2d8a771 backout this for now 2003-04-03 23:09:17 +00:00
Pierangelo Masarati
d07ea8b450 need this to be able to bound searches when back-ldap and the source are on the same server; does it look fine? 2003-04-03 21:44:43 +00:00
Pierangelo Masarati
17e46d8468 cleanup and fixes 2003-04-03 21:35:27 +00:00
Howard Chu
3d0ffa1d58 Fix typos in prev commit 2003-04-02 00:40:51 +00:00