Kurt Zeilenga [Thu, 11 May 2000 20:16:26 +0000 (20:16 +0000)]
Change negotiated mechanism:
If application provide one, use it. If application doesn't
provide one, use best of server advertised.
Fix SASL/ANONYMOUS (not normally used, but should work)
PLAIN is not currently working... might be local to me as my
Cyrus installation is a bit hosted.
Howard Chu [Thu, 11 May 2000 10:10:53 +0000 (10:10 +0000)]
Added support for AIX security database:
configure.in: check for AIX security library, set in AUTH_LIBS macro
top.mk: add AUTH_LIBS macro to SECURITY_LIBS
portable.h.in: added HAVE_AIX_SECURITY macro (via autoheader)
passwd.c: use AIX getuserpw in chk_unix. Also fix logic in chk_unix:
getpwnam must always succeed for the given user. It is not a
fatal error if getspnam returns no result for the user: On
systems that support /etc/shadow, its usage is optional. The
same logic applies for AIX, SCO/HP SecureWare, etc.
Howard Chu [Thu, 11 May 2000 09:35:29 +0000 (09:35 +0000)]
LDAP_F macro is obsolete. Redeclare perl_ack_xs_init static, since it
is, and declare boot_DynaLoader as EXT since it actually comes from
perl, not from this module.
Howard Chu [Wed, 10 May 2000 22:57:13 +0000 (22:57 +0000)]
Added new support for NT and AIX dynamic linking - generate export tables
for executable files, not just libraries/modules. Also, the AIX linker
hardcodes -L paths by default; override this to prevent build paths from
appearing in distributed binaries.
mkdep.aix - a wrapper for AIX cc that sends dependency info to stdout so
that the standard mkdep script can operate.
Howard Chu [Wed, 10 May 2000 17:07:09 +0000 (17:07 +0000)]
libldap/tls.c: change tls_verify_cb to no longer ignore verification errors.
This means a ldaps connection may drop before any LDAP protocol exchange
occurs (due to expired cert, unrecognized CAs, etc.).
Change ldap_pvt_tls_connect to copy any TLS error string to ld_error upon
connection failure, otherwise client just sees "can't contact LDAP server."
slapd/connection.c: add flush/delay when SSL_accept fails, to allow any
TLS alerts we generated to propagate back to the client. (Which will then
be picked up by ldap_pvt_tls_connect on the client...)
Howard Chu [Wed, 10 May 2000 16:36:46 +0000 (16:36 +0000)]
Undo slapd/add.c rev 1.54; back-bdb2 and back-ldbm were the only backends
that called entry_free() on failure. This change would cause a memory leak
from all the other backends. Instead, remove the entry_free calls in these
two backends and let the frontend take care of it for everyone.
Howard Chu [Wed, 10 May 2000 16:09:26 +0000 (16:09 +0000)]
Fix pthread_create test for AIX. AIX deviates from POSIX in that threads
are created detached by default. We need to set the thread attributes in
advance, otherwise pthread_detach will fail.
Kurt Zeilenga [Tue, 25 Apr 2000 16:03:17 +0000 (16:03 +0000)]
SASL code without backend support. Should work with
external store, but not yet tested. [Intent is to support
both in same server... may not be doable]
Kurt Zeilenga [Tue, 25 Apr 2000 10:38:03 +0000 (10:38 +0000)]
replace ldap_dnssrv_init() with lower level calls
ldap_domain2dn()
ldap_domain2hostlist()
and provide prototype to soon-to-be-implemented
ldap_dn2domain().
ldap_dnssrv_init(), if needed, can easily be implemented
using ldap_create(), ldap_set_option() and the above
commands.
Ben Collins [Mon, 24 Apr 2000 17:03:45 +0000 (17:03 +0000)]
for slurpd's replica directory (slurpd.status, and rej file) use a subdir of what the user specifies (add replica/ to it) to avoid /tmp races. A lot of the files that slurpd uses cannot be opened with O_EXCL, nor can we safely determine if there are any hardlinks from another file to it, so we create our own subdirectory so we can control the perms, even in /tmp