upstream/openldap
1
0
Fork 0
mirror of https://git.openldap.org/openldap/openldap.git synced 2025-12-23 08:09:34 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions
24473 commits 38 branches 309 tags 68 MiB
Commit graph

239 commits

Author SHA1 Message Date
Pierangelo Masarati
da03eb0390 normalize value in "exact" attrval clause (ITS#4255) 2005-12-09 10:33:01 +00:00
Pierangelo Masarati
6459cbb7ce allow comma-separated descriptive log levels, so that tests can be run, e.g., with "SLAPD_DEBUG=stats,stats2"; s/ldap_debug/slap_debug/ 2005-11-28 10:55:07 +00:00
Pierangelo Masarati
b3c8a976ec use LDAP_SIZELIMIT_EXCEEDED; rework the return values of slap_send_search_entry(); silence a few warnings 2005-11-25 22:17:24 +00:00
Pierangelo Masarati
d34fffcaf9 use lutil_ato*() whenever appropriate 2005-11-24 01:10:05 +00:00
Pierangelo Masarati
ea0047295c fix usage 2005-10-31 16:40:11 +00:00
Pierangelo Masarati
183b696e76 address ITS#4127 (please review) 2005-10-31 16:00:51 +00:00
Kurt Zeilenga
f3e13ec5f5 Don't use #ifdefs in the inside of a macro 2005-09-19 22:17:22 +00:00
Pierangelo Masarati
b79d4bdce5 issue additional useful warning messages; may eventually turn into errors? 2005-09-16 15:00:13 +00:00
Hallvard Furuseth
a2a587c6ca Add missing comma between Debug() args 2005-09-13 03:35:53 +00:00
Pierangelo Masarati
9129a2f7ee silence warnings 2005-09-10 18:59:35 +00:00
Pierangelo Masarati
ceb9c15bdd put logging under Debug(); silence warnings; s/warnings/errors/ #ifdef'd 2005-09-10 18:42:33 +00:00
Pierangelo Masarati
82af0c95f7 cleanup dynacl usage() 2005-09-06 14:26:53 +00:00
Pierangelo Masarati
849ecbcf1f allow options in dynacl configuration 2005-08-22 16:28:50 +00:00
Pierangelo Masarati
4bc8197dcb further ACI factoring out & confinement 2005-08-22 16:03:35 +00:00
Pierangelo Masarati
3356017b93 complete ACI syntax exploitation 2005-08-19 00:25:18 +00:00
Pierangelo Masarati
add1add854 condition compile dynacl 2005-08-17 22:41:30 +00:00
Pierangelo Masarati
69c6cd5365 fix small issues with dynacl and ACI in general 2005-08-17 14:44:41 +00:00
Pierangelo Masarati
88e89bf4e7 cleanup 2005-08-17 08:08:23 +00:00
Pierangelo Masarati
682a1981a1 use macros instead of literals 2005-08-06 11:29:08 +00:00
Pierangelo Masarati
5ecdfd13b4 cleanup 2005-07-25 20:47:01 +00:00
Hallvard Furuseth
98a303fca9 Remove spurious fprintf arguments 2005-07-17 11:55:34 +00:00
Pierangelo Masarati
deec44b89a fix further ITS#3830 issues; allow to specify a matching rule for non-DN match 2005-07-05 12:00:14 +00:00
Hallvard Furuseth
a1e27aae40 Format fix: Make style_strings[] global for debug output in dynacl_aci_parse() 2005-07-04 06:25:02 +00:00
Pierangelo Masarati
3a9fd69747 handle "dn=*" <what> clause 2005-05-23 20:29:01 +00:00
Howard Chu
f19a4ea9ec More value ACL style tweaks 2005-05-10 00:51:28 +00:00
Howard Chu
29a37854bf Fix acl_unparse - add missing style specifiers 2005-05-10 00:32:43 +00:00
Pierangelo Masarati
d23243a507 more on strict config parsing (ITS#3705) 2005-05-06 16:42:03 +00:00
Howard Chu
345ba007b8 Must always accept "base" for ACL_STYLE_BASE since that is always how 
it gets unparsed.
 2005-05-05 21:47:40 +00:00
Pierangelo Masarati
a7b82686a8 fix SIGSEGV when default style is used for "val" (ITS#3700) 2005-05-03 12:13:16 +00:00
Howard Chu
f5e36e1bbd Fix dnattr unparsing 2005-04-21 07:15:02 +00:00
Howard Chu
b5ef8ea6f4 More modify support. ACL editing works. 2005-04-19 16:39:48 +00:00
Pierangelo Masarati
98294f1125 fix access unparse (ITS#3631) 2005-04-12 23:10:48 +00:00
Pierangelo Masarati
91b4e991be cleanup & silence warnings 2005-04-11 21:35:34 +00:00
Pierangelo Masarati
53ce94a25d protect all occurrences of ACL_DISCLOSE 2005-04-09 17:00:40 +00:00
Pierangelo Masarati
4abbf9c610 implement add/delete granularity in write access (ITS#3631) 2005-04-08 00:18:24 +00:00
Pierangelo Masarati
f1698e30f5 update diagnostics and man pages 2005-04-04 12:24:50 +00:00
Pierangelo Masarati
3eb87b2faa implement "realdn" by clause in ACLs (ITS#3627; accounting for Howard's remarks) 2005-04-03 01:59:03 +00:00
Pierangelo Masarati
584b21d20b initial commit of "level" styles for "dn" and "self" by clauses (ITS#3615) 2005-03-31 18:10:11 +00:00
Howard Chu
a2a9ae725f Drop "access " from acl_unparse 2005-03-01 23:17:54 +00:00
Howard Chu
e0ca6e386e Added acl_unparse, slap_sasl_getpolicy 2005-02-22 12:02:34 +00:00
Pierangelo Masarati
b381e1bcc8 cosmetic changes 2005-01-12 14:25:08 +00:00
Pierangelo Masarati
b46518ff77 silence warning for global scoped global ACLs 2005-01-12 00:53:50 +00:00
Kurt Zeilenga
1c5d78d8dd Add "disclose" and "manage" ACL levels (but no meat). 
Disclose permission intended to be used for "disclose on error"
(as in our present "none"), none being "don't disclose on error".

Manage permission is intended to be used to allow DSA IT management
(e.g., changing entryCSNs, structuralObjectClass, etc.).
 2005-01-08 05:26:18 +00:00
Kurt Zeilenga
dc0eacd40b Happy New Year! 2005-01-01 20:49:32 +00:00
Pierangelo Masarati
564c34d131 fix ITS#3416 2004-12-03 08:41:06 +00:00
Pierangelo Masarati
8866a28fb3 don't yell at regex styling that wraps all the suffix in a submatch 2004-11-30 22:50:07 +00:00
Pierangelo Masarati
e79fbb88cf move ACIs under a dynamic infrastructure that allows run-time loadable custom access control logic (needs work) 2004-11-20 01:27:03 +00:00
Pierangelo Masarati
947268c5ee partially revert previous commit (the "creator" special DN pattern is redundant as "dnattr" is more expressive 2004-11-15 22:57:03 +00:00
Pierangelo Masarati
064eb88ef8 move special dn patterns to style enum; add creator special dn pattern 2004-11-15 22:15:28 +00:00
Pierangelo Masarati
6a9bf9765e add URI search to sets; documentation to come... 2004-10-07 17:05:48 +00:00
Pierangelo Masarati
4afaf4042a minor cleanup 2004-10-06 22:20:30 +00:00
Pierangelo Masarati
4204aee7b9 extend the availability of submatches to non-regex DN patterns 2004-10-06 22:03:33 +00:00
Pierangelo Masarati
cd9a9c628d frontend stuff moved into a database structure, essentially to allow overlays to be processed before database selection; passes all tests (ITS#3080) 2004-07-26 21:26:34 +00:00
Hallvard Furuseth
b81b0216a9 Split string literal to keep it below ANSI C's allowed 509-char limit. 2004-07-18 00:47:35 +00:00
Kurt Zeilenga
372a941334 add baseObject as alias for base. 
cleanup
 2004-06-28 06:42:00 +00:00
Kurt Zeilenga
73202e3910 Fix typo in last commit 2004-06-18 19:12:00 +00:00
Pierangelo Masarati
42f3b3d87b improve parsing - first step 2004-06-18 09:11:53 +00:00
Pierangelo Masarati
f109f1eb6d fix ITS#3140 2004-05-12 23:29:42 +00:00
Pierangelo Masarati
d40e5a365a fix DN_SEPARATOR() and clarify its use 2004-05-07 09:03:05 +00:00
Pierangelo Masarati
b34cf02488 more on fixing escaped semicolon in normalized DN 2004-05-07 02:18:08 +00:00
Pierangelo Masarati
dd0e285b12 experimental ACL scope correctness test 2004-04-20 19:16:21 +00:00
Kurt Zeilenga
44725e7303 use BER_BVNULL 2004-04-07 04:11:43 +00:00
Pierangelo Masarati
006745430e allow "expand" style in peername, sockname, sockurl as well; more sanity checks 2004-03-09 19:44:14 +00:00
Pierangelo Masarati
042869366d use "expand" instead of "regex" for group ACLs that allow substring expansion, preserving backwards compatibility; add sanity checks 2004-03-09 16:33:05 +00:00
Pierangelo Masarati
a4e062ca36 apply advanced peername ACL (ITS#2907) 2004-03-08 18:49:12 +00:00
Pierangelo Masarati
ac0d45179f log set in ACL (ITS#2949) 2004-03-08 11:09:49 +00:00
Kurt Zeilenga
3c598e89fb Happy new year 2004-01-01 19:15:16 +00:00
Pierangelo Masarati
79bc396ed8 in the <what> clause of ACLs, only 'attr=' or 'attrs=' are allowed; the former for backwards compatibility, while slapd.access(5) correctly uses only the latter form 2003-12-20 15:31:54 +00:00
Pierangelo Masarati
39574bcb5f for consistency, always allow 'onelevel' as an alias for 'one' in dnstyle 2003-12-20 15:18:21 +00:00
Kurt Zeilenga
aabcce3e58 Document +0 2003-12-19 05:06:51 +00:00
Pierangelo Masarati
4e83a282d0 improve error handling for attr val ACL syntax 2003-12-16 10:56:21 +00:00
Kurt Zeilenga
a736f237f8 Deprecate +objectClass in favor of @objectClass per IETF discussions 2003-12-16 05:55:52 +00:00
Pierangelo Masarati
ee34f3fb64 add to 'val[.<style>=<value>' ACLs special match styles for DN-valued attributes; add negated objectClass to attribute name lists for ACLs and partial replication 2003-12-16 00:49:10 +00:00
Kurt Zeilenga
4e15a84452 Updated notices 2003-11-27 01:17:14 +00:00
Kurt Zeilenga
81ed052186 Improve printing of ACLs 2003-10-15 07:48:01 +00:00
Howard Chu
6da0f1e48e ITS#2573 dynamic group support 
moved labeledURI into system schema
  attribute types that inherit from labeledURI may be used in dynamic
    groups e.g. access to * by group/groupOfURLs/memberURL=foo
 2003-09-20 08:16:04 +00:00
Howard Chu
1240c70ff4 ITS#2497, implement value-level ACLs: 
access to attr=foo val.regex=bar.*
 2003-09-20 03:23:10 +00:00
Kurt Zeilenga
6f39517929 ITS#2707: fix 'access to dn.subtree="" by ...' directives 2003-09-10 02:33:36 +00:00
Hallvard Furuseth
642c8b1627 Break up too long string literals (>509 characters, ISO C's minimum max size). 2003-06-03 18:01:37 +00:00
Kurt Zeilenga
0954351565 Change ACL default style to exact (from regex) 2003-05-30 05:24:39 +00:00
Kurt Zeilenga
5cd994ed21 remove dnNormalize2 
replace calls to dnNormalize2 with calls to dnNormalize
 2003-04-29 18:28:14 +00:00
Howard Chu
ece7452b05 More memory context tweaks 2003-04-11 01:29:28 +00:00
Pierangelo Masarati
eed2d5db4d only document 'subtree', but also allow 'sub' 2003-02-05 20:38:42 +00:00
Pierangelo Masarati
381e293b41 allow 'sub' and 'subtree' in acl (fix ITS#2300) 2003-02-05 19:39:34 +00:00
Kurt Zeilenga
6939c53170 Happy new year 2003-01-03 20:20:47 +00:00
Pierangelo Masarati
a62aa61544 much better fix for ITS#2196 (dnattr without sat_equality is bounced at config) 2002-11-25 18:37:04 +00:00
Howard Chu
e14f471a27 Add #include "lutil.h" for lutil_str* functions 2002-08-06 02:36:34 +00:00
Howard Chu
5a01db28e3 Moved slap_strcopy, slap_strncopy to lutil_strcopy, lutil_strncopy 2002-07-27 00:24:02 +00:00
Kurt Zeilenga
8a3d02bf6b misc cleanup 2002-07-23 18:35:12 +00:00
Kurt Zeilenga
ef3d895cb8 More ACL to dn="" bug fixing... and add test006-acl check 2002-07-11 01:45:22 +00:00
Kurt Zeilenga
8354160f8b Patch: aclparse.c bugs (ITS#1752) 
================
Written by Hallvard B. Furuseth and placed into the public domain.
This software is not subject to any license of the University of Oslo.
			================

Bug fixes:
- acl_regex_normalized_dn(pattern):
  * used pattern->bv_len even though it claimed not to,
  * would walk past the end of strings that ended (incorrectly)
    with a single '\'.
- style=regex checked for "^.*$$" twice but not for "^.*$".
- the code did not notice if dnNormalize2() failed, and would
  (at least in one case) treat a bad DN as '*'.
Some cleanup:
- changed regtest() to return void, since the return value was unused.
- changed acl_regex_normalized_dn() to take a string input argument
  instead of a half-filled berval, it looks saner that way.

Hallvard B. Furuseth <h.b.furuseth@usit.uio.no>, April 2002.
 2002-04-15 20:44:05 +00:00
Kurt Zeilenga
709ce4fa6c Re: Patch: ctype functions require 'unsigned char' args (ITS#1678) 
================
Written by Hallvard B. Furuseth and placed into the public domain.
This software is not subject to any license of the University of Oslo.
			================

Here are fixes for more places where the argument to ctype.h functions
should be in the range of `unsigned char'.

Explanation of the last patch (to schema_init.c:bvcasechr()):
TOLOWER() and TOUPPER() return values in the range of `unsigned char',
but bvcasechr() then compares those values with a plain `char'.  So I
convert the return values from TOLOWER()/TOUPPER() to `char' first.

Hallvard B. Furuseth <h.b.furuseth@usit.uio.no>, April 2002.
 2002-04-15 20:42:42 +00:00
Pierangelo Masarati
440637dde7 various acl improvements/cleanups/speedups (need to be documented, though) 2002-04-03 15:42:19 +00:00
Pierangelo Masarati
ab6ad34692 the logic of this check was completely reversed; in case '*' is used, on't test the regula expression 2002-04-02 08:18:30 +00:00
Kurt Zeilenga
c9c3a68496 Deprecate filter_print in favor of filter2bv. 2002-03-10 17:41:14 +00:00
Kurt Zeilenga
2b71d70f2f Reverse arguments of is_object_subclass and reverse backwards calls 2002-02-09 23:55:37 +00:00
Kurt Zeilenga
59857824ff Treat access to dn="" as access to dn.base="". Avoid empty regex. 
Note: by dn="" already treated as anonymous.
 2002-02-08 18:32:12 +00:00
Howard Chu
5e522ca882 Changed Access.a_sockurl_pat, Connection.c_listener_url etc. 
to struct bervals
 2002-01-28 11:41:07 +00:00
Kurt Zeilenga
ce2d8ebc7e Misc cleanup, lint removal, and minor optimizations 2002-01-13 05:00:59 +00:00
Howard Chu
8067107ed2 Added an_oc to AttributeName for caching ObjectClass lookups. 
Added error checking to str2anlist; if the attr name doesn't match
any attribute or objectclass the offending attr name is displayed.
 2002-01-10 09:54:14 +00:00