Kurt Zeilenga [Wed, 15 Mar 2000 19:47:22 +0000 (19:47 +0000)]
ITS#479 fix: ber_put_seqorset() writes a few bytes beyond an allocated buffer
Commit based upon patch and comments provided by Alan Clark <aclark@novell.com>.
> Kudos to Dave Steck for the find and fix
Kurt Zeilenga [Wed, 15 Mar 2000 19:42:03 +0000 (19:42 +0000)]
Add additional be_isroot() checks to protect against empty
root and client ndns. (the existing backend protections
*should* be good enough, but one cannot be too safe)
Kurt Zeilenga [Tue, 14 Mar 2000 02:54:08 +0000 (02:54 +0000)]
work args of ldap_negotiated_sasl_bind_s() and provide examples
with authentication id and authorization ids. Note: this routine
doesn't actually negotiate anything. It likely should be renamed
ldap_sasl_auth_s() or ldap_sasl_bind_multistep() or something.
Fixed an irritating problem with nss_ldap and pam_ldap. Since these
modules are dynamically loaded, they summon libldap when needed.
However, depending on the security libraries available when the
shared libldap was built, the latter brings up other dependencies.
On some platforms, it seems that no solution is available: no
indirect dynamic dependencies. But for some platforms where this
is supported (in particular, Linux), the shared libldap must
contain info on what other dynamic libraries it needs. We were
failing to put this info into the shared library. This patch
seems to fix it.
Kurt Zeilenga [Fri, 3 Mar 2000 22:37:06 +0000 (22:37 +0000)]
Rework error handling. Add error descriptions.
Don't use LDAP_OPERATIONS_ERROR for internal errors. Use LDAP_OTHER
instead. (more changes needed in this area)
Kurt Zeilenga [Thu, 2 Mar 2000 20:36:53 +0000 (20:36 +0000)]
StartTLS now grabs conn->c_mutex before mucking with connection.
Add comment concerning sequencing issues which need to be resolved
by reworking of connection state machine. Add note that a race
condition exists until this rework is complete.
Rework extended operations to return pointer to static error text.
Kurt Zeilenga [Thu, 2 Mar 2000 00:59:10 +0000 (00:59 +0000)]
Move handling of operations errors due to submission of
non-bind requests while a multi-step SASL bind process
is under to connection.c. Return LDAP_OPERATIONS_ERROR,
not LDAP_SASL_BIND_IN_PROGRESS.
Kurt Zeilenga [Wed, 1 Mar 2000 23:18:07 +0000 (23:18 +0000)]
Add permission to make verbatim copies of license document. Move
notice to bottom of document. Reformat paragraph. Separate
trademark statement from terms. This edit do not change the
licensing terms.
Kurt Zeilenga [Tue, 29 Feb 2000 23:48:01 +0000 (23:48 +0000)]
Replace do_*() return -1 with return SLAPD_DISCONNECT.
Only return SLAPD_DISCONNECT with a send_ldap_disconnect()
was called.
Add initial code for support predetermined filter results
when filter is undefined (or known to be true or false).
Kurt Zeilenga [Mon, 14 Feb 2000 20:57:34 +0000 (20:57 +0000)]
Another round of changes behind -DSLAPD_SCHEMA_NOT_COMPAT
plus these changes unhidden changes:
remove now meaning --enable-discreteaci configure option
fix ITS#451, slapd filters
Add ber_bvecadd() to support above
constify ldap_pvt_find_wildcard() and misc slapd routines
renamed some slap.h macros
likely broken something
Kurt Zeilenga [Sat, 5 Feb 2000 05:01:41 +0000 (05:01 +0000)]
Another round of SLAPD_SCHEMA_NOT_COMPAT changes including
basic structures for handing language tags and binary option
(but less actual code to actually support them). Provided
for reference only. Will not even compile.
Kurt Zeilenga [Mon, 31 Jan 2000 17:59:10 +0000 (17:59 +0000)]
Put type;option trimming codes behind SLAPD_SCHEMA_COMPAT.
Attribute subtyping, especially that using attribute description
options, will have to reengineered.
Kurt Zeilenga [Mon, 31 Jan 2000 01:49:44 +0000 (01:49 +0000)]
Add SLAP_SYNTAX_BINARY flag to indicate binary storage is used for
attributes of the syntax. Such attribute values be transferred
using binary syntax unless ber2str/str2ber routines are provided.
Used in conjunction with ";binary" attribute description option
and/or the Binary syntax.
Kurt Zeilenga [Thu, 27 Jan 2000 18:35:36 +0000 (18:35 +0000)]
Don't exclude no-user-modification attributes from ACL checks
unless access requested is WRITE. This allows you to apply
an ACL to limit search/reading of no-user-modification attributes.
Writes, of course, are always prohibited (by do_add, do_modify).
Kurt Zeilenga [Thu, 27 Jan 2000 01:43:12 +0000 (01:43 +0000)]
Last commit was a bit premature. This fixes up compiler
bugs and adds temporary code to glue things until we sort
out unicode UTF-8 vs UCS-4 vs UCS-2 issues.