Howard Chu [Sat, 4 May 2002 00:05:48 +0000 (00:05 +0000)]
Changed default tls_opt_require_cert value to LDAP_OPT_X_TLS_DEMAND; force
a fatal error when TLS server cert verification fails.
Changed ldap_pvt_tls_check_hostname to return LDAP_SUCCESS when no cert is
found: this can now only occur if tls_opt_require_cert was explicitly set
to NEVER or ALLOW.
In tls_verify_cb, added a text translation of the verification error code
to the debug message.
Howard Chu [Fri, 3 May 2002 12:10:47 +0000 (12:10 +0000)]
For Cyrus 2, cannot free session_callbacks in ldap_int_sasl_open, must
wait until ldap_int_sasl_close because SASL doesn't copy our structure,
it uses it directly.
Kurt Zeilenga [Thu, 2 May 2002 18:56:56 +0000 (18:56 +0000)]
Matched Values implementation (ITS#1776) based upon submission
form Mikhail Sahalaev <M.Sahalayev@pgr.salford.ac.uk>.
Further work needed:
add testxxx-matchedvalues
rework ldapsearch(1) portion of patch to generalize use of options
---
Copyright 2001, Mikhail Sahalaev, All rights reserved.
This software is not subject to any license of University Of
Salford.
Redistribution and use in source and binary forms are permitted
without restriction or fee of any kind as long as this notice
is preserved.
Fixes ITS#1786: dynamically growing number of tokens in config line
for both slapd and slurpd
Copyright 2002, John Morrissey (jwm at horde dot net), All rights reserved.
This is free software; you can redistribute and use it under the same terms
as OpenLDAP itself.
Kurt Zeilenga [Wed, 1 May 2002 18:10:14 +0000 (18:10 +0000)]
Patch: Perl backend sends bind result twice (ITS#1783)
================
Written by Hallvard B. Furuseth and placed into the public domain.
This software is not subject to any license of the University of Oslo.
================
perl_back_bind() should not send LDAP_SUCCESS, the frontend does that.
Hallvard B. Furuseth <h.b.furuseth@usit.uio.no>, April 2002.
- trim check for real naming context already defined as suffix
- improve automatic massaging (prettify once)
- add (optimistic) automatic filter massaging
- cleanup of massaging stuff
First commit of Hallvard's backend documentation effort
Backend documentation patch, version 1
================
Most of this text is taken from OpenLDAP. The work of rewriting it
to manual pages is done by by Hallvard B. Furuseth and placed into
the public domain. This software is not subject to any license of
the University of Oslo.
================
Hallvard B. Furuseth <h.b.furuseth@usit.uio.no>, April 2002.
Kurt Zeilenga [Mon, 22 Apr 2002 17:31:16 +0000 (17:31 +0000)]
Re: PRIVATE: Patch: Passwords (ITS#1740)
================
Written by Hallvard B. Furuseth and placed into the public domain.
This software is not subject to any license of the University of Oslo.
Howard Chu [Sat, 20 Apr 2002 10:06:23 +0000 (10:06 +0000)]
ITS#1749 added maxderefdepth, suffiaxalias, TLSCACertificatePath,
ucdata-path, moduleload, modulepath. sasl-external-x509dn-convert has
been deleted from the code.
Kurt Zeilenga [Thu, 18 Apr 2002 19:28:26 +0000 (19:28 +0000)]
Blind commit:
Re: Untested patch: back-tcl used wrong types (ITS#1719)
================
Written by Hallvard B. Furuseth and placed into the public domain.
This software is not subject to any license of the University of Oslo.
================
> I turned it into an automatic variable.
...and used a variable-length array. That's a gcc extension, it is not
in ANSI C89. (It is in C99 though.) You seem to be compiling without
-pedantic:-) Anyway, here is a patch to turn it back into ch_malloc(),
plus some README fixes
Howard Chu [Tue, 16 Apr 2002 12:53:13 +0000 (12:53 +0000)]
ITS#818, ITS#980, ITS#1234 ldapsearch/referral hang - set refer_cnt to 0
after v3refs have been chased. They are fully processed by the time we get
back, so we should just return the current result message to the caller.
Howard Chu [Tue, 16 Apr 2002 08:46:25 +0000 (08:46 +0000)]
ITS#1712, rewritten dn_openssl2ldap(). Added dnDCEnormalize(), used by
dn_openssl2ldap() and sasl_external_x509dn_convert. Fixed realm handling
for foreign Kerberos realms embedded in usernames.
Kurt Zeilenga [Mon, 15 Apr 2002 20:44:05 +0000 (20:44 +0000)]
Patch: aclparse.c bugs (ITS#1752)
================
Written by Hallvard B. Furuseth and placed into the public domain.
This software is not subject to any license of the University of Oslo.
================
Bug fixes:
- acl_regex_normalized_dn(pattern):
* used pattern->bv_len even though it claimed not to,
* would walk past the end of strings that ended (incorrectly)
with a single '\'.
- style=regex checked for "^.*$$" twice but not for "^.*$".
- the code did not notice if dnNormalize2() failed, and would
(at least in one case) treat a bad DN as '*'.
Some cleanup:
- changed regtest() to return void, since the return value was unused.
- changed acl_regex_normalized_dn() to take a string input argument
instead of a half-filled berval, it looks saner that way.
Hallvard B. Furuseth <h.b.furuseth@usit.uio.no>, April 2002.