]>
git.sur5r.net Git - openldap/log
Pierangelo Masarati [Fri, 25 Oct 2002 16:43:44 +0000 (16:43 +0000)]
add restrictions related to listeners in form of file permissions
(see in slapd(8) the description on how to enforce file permissions
on sockets in ldapi schema); at present, only user permissions are
used as follows: the url extension x-mod=-rwxrwxrwx is used; only
the user permisisons are considered, e.g. the first set of rwx;
"r" means read is allowed from that listener
"w" means write is allowed on that listener
"x" means bind is not required on that listener
these restrictions ADD to those already present, and are actually
checked AFTER the other restrictions, but BEFORE ACLs, so they can
be used to apply gross restrictions but should not be viewed as
a replacement of ACLs. To compile this, #define SLAP_X_LISTENER_MOD
Kurt Zeilenga [Fri, 25 Oct 2002 05:47:08 +0000 (05:47 +0000)]
ber_write error message cleanup
Kurt Zeilenga [Fri, 25 Oct 2002 05:46:56 +0000 (05:46 +0000)]
SHTOOL cleanup
Kurt Zeilenga [Fri, 25 Oct 2002 01:09:50 +0000 (01:09 +0000)]
Make sure that newSuperior isn't old superior
Howard Chu [Thu, 24 Oct 2002 23:51:34 +0000 (23:51 +0000)]
Plug memleak in previous commit
Howard Chu [Thu, 24 Oct 2002 11:40:37 +0000 (11:40 +0000)]
Forced commit, undo previous accidental checkin.
Howard Chu [Thu, 24 Oct 2002 11:39:06 +0000 (11:39 +0000)]
ITS#2153, make sure sockbuf buffer is empty before returning (-2) from
try_read1msg. Blind fix, problem was not duplicated/tested.
Pierangelo Masarati [Thu, 24 Oct 2002 10:03:52 +0000 (10:03 +0000)]
listener:
- use bervals for url and sockname
- pass connection_init() the listener struct pointer instead of each value
- don't copy them in the Connection struct 'cause they're not going to change
- define macros for legacy usage of c_listener_url and c_sockname
Kurt Zeilenga [Wed, 23 Oct 2002 18:34:54 +0000 (18:34 +0000)]
Add more LDIF comments
Pierangelo Masarati [Wed, 23 Oct 2002 14:22:21 +0000 (14:22 +0000)]
document socket permission extension to ldapi://
Pierangelo Masarati [Wed, 23 Oct 2002 14:12:01 +0000 (14:12 +0000)]
change socket permission syntax (to reuse function for other purposes)
Pierangelo Masarati [Wed, 23 Oct 2002 14:11:02 +0000 (14:11 +0000)]
prevent use of uninitialized var
Pierangelo Masarati [Wed, 23 Oct 2002 14:10:21 +0000 (14:10 +0000)]
fix typo
Howard Chu [Wed, 23 Oct 2002 02:45:44 +0000 (02:45 +0000)]
Fix comment garbled in 2.1.6. (Very weird, how did this happen?)
Kurt Zeilenga [Tue, 22 Oct 2002 04:52:57 +0000 (04:52 +0000)]
Add comment attributing origin of the Metaphone algorithm
Kurt Zeilenga [Tue, 22 Oct 2002 04:11:28 +0000 (04:11 +0000)]
Rename
Kurt Zeilenga [Mon, 21 Oct 2002 21:24:21 +0000 (21:24 +0000)]
Add implicit DN check
Kurt Zeilenga [Mon, 21 Oct 2002 19:11:27 +0000 (19:11 +0000)]
Add a referrals/manageDsaIT test (depends on order of reference return)
Kurt Zeilenga [Fri, 18 Oct 2002 21:33:30 +0000 (21:33 +0000)]
Hide shtool echo bold warnings
Kurt Zeilenga [Fri, 18 Oct 2002 21:09:46 +0000 (21:09 +0000)]
Fix stupid bug
Kurt Zeilenga [Fri, 18 Oct 2002 19:10:25 +0000 (19:10 +0000)]
Update
Kurt Zeilenga [Fri, 18 Oct 2002 18:53:07 +0000 (18:53 +0000)]
Add back-shell --with-threads warning
Kurt Zeilenga [Thu, 17 Oct 2002 17:45:44 +0000 (17:45 +0000)]
blind fix for NULL pointer in Debug() bug (ITS#2143)
Kurt Zeilenga [Thu, 17 Oct 2002 16:55:42 +0000 (16:55 +0000)]
Fix ITS#2142
Kurt Zeilenga [Thu, 17 Oct 2002 05:59:57 +0000 (05:59 +0000)]
Misc updates
Kurt Zeilenga [Thu, 17 Oct 2002 04:35:55 +0000 (04:35 +0000)]
Fix comment
Kurt Zeilenga [Wed, 16 Oct 2002 16:54:27 +0000 (16:54 +0000)]
Note --without-threads limitation
Kurt Zeilenga [Tue, 15 Oct 2002 23:22:20 +0000 (23:22 +0000)]
Add copy of OPL 2.0.1 and note in files which specifically refer
to 2.0.1 as to the location to the copy.
Kurt Zeilenga [Sun, 13 Oct 2002 03:07:08 +0000 (03:07 +0000)]
tweak {thr,sched,pthread}_yield() detection
Kurt Zeilenga [Sun, 13 Oct 2002 01:36:58 +0000 (01:36 +0000)]
first cut at ditStructureRule and nameForm routines
Kurt Zeilenga [Sat, 12 Oct 2002 05:10:41 +0000 (05:10 +0000)]
correct security sample
Kurt Zeilenga [Sat, 12 Oct 2002 04:35:42 +0000 (04:35 +0000)]
Patch: 'ldapmodify -c' should return error on failure (ITS#2133)
Written by Hallvard B. Furuseth and placed into the public domain.
This software is not subject to any license of the University of Oslo.
'ldapmodify -c' returned the error status from the _last_ LDIF entry,
so a bad entry followed by a good entry returns success.
This patch makes it return the status of the last _failed_ entry,
or 0 if all entries succeeded.
Howard Chu [Sat, 12 Oct 2002 01:26:59 +0000 (01:26 +0000)]
Prefer thr_yield over sched_yield for Solaris
Howard Chu [Sat, 12 Oct 2002 01:21:21 +0000 (01:21 +0000)]
Prefer thr_yield over sched_yield for Solaris
Howard Chu [Fri, 11 Oct 2002 17:12:56 +0000 (17:12 +0000)]
More fixes for ITS#2136, make sure all error returns set *text.
Howard Chu [Fri, 11 Oct 2002 06:22:24 +0000 (06:22 +0000)]
In sb_tls_bio_read/write, check for EAGAIN in addition to EWOULDBLOCK.
According to read(2)/write(2) EAGAIN is the only one we're interested in.
Fixes HP-UX 11.
http://www.openldap.org/lists/openldap-software/200105/msg00564.html
Kurt Zeilenga [Fri, 11 Oct 2002 02:51:09 +0000 (02:51 +0000)]
better check of snprintf result
Kurt Zeilenga [Thu, 10 Oct 2002 20:28:36 +0000 (20:28 +0000)]
Patch: Delete the buggy surrogate parent code (ITS#1815)
Written by Hallvard B. Furuseth and placed into the public domain.
This software is not subject to any license of the University of Oslo.
Luke Howard [Thu, 10 Oct 2002 08:59:19 +0000 (08:59 +0000)]
Fix crasher in ldap_domain2dn()
Kurt Zeilenga [Thu, 10 Oct 2002 04:27:23 +0000 (04:27 +0000)]
Clarify new "entry" ACLs
Kurt Zeilenga [Thu, 10 Oct 2002 04:19:46 +0000 (04:19 +0000)]
Add DIT Structure Rules and Name Forms
Kurt Zeilenga [Thu, 10 Oct 2002 02:38:32 +0000 (02:38 +0000)]
More OBSOLETE checks
Kurt Zeilenga [Thu, 10 Oct 2002 02:07:24 +0000 (02:07 +0000)]
Add some OBSOLETE schema checks
Kurt Zeilenga [Thu, 10 Oct 2002 01:34:55 +0000 (01:34 +0000)]
Fix multiple NAME example
Kurt Zeilenga [Wed, 9 Oct 2002 23:36:28 +0000 (23:36 +0000)]
Don't mask error text variables
Kurt Zeilenga [Wed, 9 Oct 2002 23:35:45 +0000 (23:35 +0000)]
Remove lint
Kurt Zeilenga [Wed, 9 Oct 2002 23:02:01 +0000 (23:02 +0000)]
Implement content rule checks
w/ implicit default rules allowing any auxiliary class to be mixed in
Howard Chu [Wed, 9 Oct 2002 21:18:51 +0000 (21:18 +0000)]
Revert previous commit. More thought needed re: IPV4 vs IPv6 failures
Kurt Zeilenga [Wed, 9 Oct 2002 21:16:56 +0000 (21:16 +0000)]
Update to 1.6.1
Howard Chu [Wed, 9 Oct 2002 20:45:13 +0000 (20:45 +0000)]
ITS#2132, give up at first bind failure
Kurt Zeilenga [Wed, 9 Oct 2002 19:24:02 +0000 (19:24 +0000)]
Fix bad sup error
Kurt Zeilenga [Wed, 9 Oct 2002 19:11:12 +0000 (19:11 +0000)]
Need ../cr.o
Howard Chu [Wed, 9 Oct 2002 18:57:50 +0000 (18:57 +0000)]
Fix ITS#2132, give up if listener fails to open
Kurt Zeilenga [Wed, 9 Oct 2002 07:11:50 +0000 (07:11 +0000)]
Basic framework for DIT Content Rules (not yet enforced)
Kurt Zeilenga [Wed, 9 Oct 2002 02:56:46 +0000 (02:56 +0000)]
Add ditContentRule routines
Kurt Zeilenga [Tue, 8 Oct 2002 20:56:03 +0000 (20:56 +0000)]
Bump EXBUFSIZ up a bit
Kurt Zeilenga [Tue, 8 Oct 2002 20:37:30 +0000 (20:37 +0000)]
Fix realloc() bugs
Kurt Zeilenga [Tue, 8 Oct 2002 19:47:17 +0000 (19:47 +0000)]
Fix AC_CACHE_CHECK bug in DB_THREAD detection.
Kurt Zeilenga [Tue, 8 Oct 2002 19:45:01 +0000 (19:45 +0000)]
Plug memory leak (ITS#2126)
Kurt Zeilenga [Tue, 8 Oct 2002 19:03:18 +0000 (19:03 +0000)]
Rework unprotected simple bind checks
Kurt Zeilenga [Tue, 8 Oct 2002 01:15:20 +0000 (01:15 +0000)]
Add security restrictions examples
Kurt Zeilenga [Tue, 8 Oct 2002 01:07:12 +0000 (01:07 +0000)]
Clarify unprotected simple bind settings
Kurt Zeilenga [Tue, 8 Oct 2002 01:06:49 +0000 (01:06 +0000)]
if "disallow bind_simple_unprotected", require at least SSF of 2
Kurt Zeilenga [Tue, 8 Oct 2002 00:51:19 +0000 (00:51 +0000)]
Clarify that "security ssf=n" applies to "disallow bind_simple_unprotected".
Kurt Zeilenga [Mon, 7 Oct 2002 21:56:43 +0000 (21:56 +0000)]
More entry level access control for back-shell
(should be applied to back-perl and other programmable backends)
Kurt Zeilenga [Mon, 7 Oct 2002 21:01:47 +0000 (21:01 +0000)]
s/256/LBER_ELEMENT_SIZEOF/
set LBER_ELEMENT_SIZEOF to 256
maybe this should be set to N*sizeof(size_t) or something
Howard Chu [Mon, 7 Oct 2002 19:58:10 +0000 (19:58 +0000)]
Fix ldap_int_get_controls for optional values
Kurt Zeilenga [Mon, 7 Oct 2002 19:19:29 +0000 (19:19 +0000)]
More "entry" level ACLs for entry add, delete, and rename.
Kurt Zeilenga [Sun, 6 Oct 2002 03:32:43 +0000 (03:32 +0000)]
Clarify that v2 is disabled by default
Kurt Zeilenga [Fri, 4 Oct 2002 23:42:27 +0000 (23:42 +0000)]
Fix up last commits
Kurt Zeilenga [Fri, 4 Oct 2002 23:26:28 +0000 (23:26 +0000)]
Add "entry" ACL checks for add/delete/rename ops
Kurt Zeilenga [Fri, 4 Oct 2002 20:58:20 +0000 (20:58 +0000)]
s/umich.edu/example.com/
Kurt Zeilenga [Fri, 4 Oct 2002 19:08:10 +0000 (19:08 +0000)]
Misc. cleanup
Kurt Zeilenga [Fri, 4 Oct 2002 18:36:44 +0000 (18:36 +0000)]
Clean up some #else #if 'ing
Kurt Zeilenga [Fri, 4 Oct 2002 02:44:47 +0000 (02:44 +0000)]
If OpenSSL provides crypt(3), no need to check -lcrypt
Kurt Zeilenga [Wed, 2 Oct 2002 20:57:05 +0000 (20:57 +0000)]
Include <ac/bytes.h> after <ac/stdlib.h> to avoid problems
Linux on Alpha problems
Kurt Zeilenga [Wed, 2 Oct 2002 20:10:55 +0000 (20:10 +0000)]
MacOS 10.1 pthread_kill() workaround
Kurt Zeilenga [Wed, 2 Oct 2002 19:14:02 +0000 (19:14 +0000)]
ITS #2121 submitted by Dave Steck <dsteck@novell.com> with minor changes.
Patch to allow referrals to be read on synchronous non-search operations.
Treat referrals the same way as MatchDN or ErrorString values.
Store them in the ld structure and provide an option for ldap_get_option
to retrieve them
Kurt Zeilenga [Wed, 2 Oct 2002 01:18:46 +0000 (01:18 +0000)]
Fix subentry OIDs
Kurt Zeilenga [Tue, 1 Oct 2002 04:07:55 +0000 (04:07 +0000)]
Code cleanup (no functional changes)
Kurt Zeilenga [Mon, 30 Sep 2002 18:43:18 +0000 (18:43 +0000)]
Alter a few DNs to ensure normalization works in groups
Kurt Zeilenga [Sun, 29 Sep 2002 04:30:38 +0000 (04:30 +0000)]
#unifdef -DSCHEMA_DN
Kurt Zeilenga [Thu, 26 Sep 2002 21:37:05 +0000 (21:37 +0000)]
Add portability note and reference to the platform hints FAQ answer
Kurt Zeilenga [Thu, 26 Sep 2002 16:12:39 +0000 (16:12 +0000)]
Return default referral if DN maps to empty domain.
Kurt Zeilenga [Wed, 25 Sep 2002 04:34:33 +0000 (04:34 +0000)]
benign buffer overflow fix (ITS#1964)
Kurt Zeilenga [Tue, 24 Sep 2002 21:21:35 +0000 (21:21 +0000)]
ITS#1502: fix NS-MTA-MD5 typo
Kurt Zeilenga [Tue, 24 Sep 2002 18:20:59 +0000 (18:20 +0000)]
Fix handling of non-critical controls for backends which
support no controls.
Kurt Zeilenga [Mon, 23 Sep 2002 22:27:19 +0000 (22:27 +0000)]
Change one search to use oneLevel scope
Kurt Zeilenga [Mon, 23 Sep 2002 21:33:26 +0000 (21:33 +0000)]
Undocument -C (chase referrals)
(already removed from usage statements)
Kurt Zeilenga [Mon, 23 Sep 2002 04:35:05 +0000 (04:35 +0000)]
Add Steven's I-Ds on LDAP/X.500 admin models
Correct naming of older drafts
Kurt Zeilenga [Sun, 22 Sep 2002 19:09:47 +0000 (19:09 +0000)]
Minor updates
Kurt Zeilenga [Sun, 22 Sep 2002 18:21:23 +0000 (18:21 +0000)]
-05
Kurt Zeilenga [Sat, 21 Sep 2002 04:33:19 +0000 (04:33 +0000)]
fix possible uninit bug
Howard Chu [Sat, 21 Sep 2002 03:52:16 +0000 (03:52 +0000)]
Fix ITS#1033 slapd hangs with GNU Pth - don't write to the wakefd
more than once at any given time.
Howard Chu [Sat, 21 Sep 2002 01:41:45 +0000 (01:41 +0000)]
Fix return values, set stack size. (Default is only 64K, far too small.)
Fixes the SEGVs from stack overrun, but slapd tends to get hung in select.
Kurt Zeilenga [Sat, 21 Sep 2002 00:11:43 +0000 (00:11 +0000)]
Add experimental +/- AttributeName support.
Kurt Zeilenga [Fri, 20 Sep 2002 20:50:53 +0000 (20:50 +0000)]
Add "IANA Considerations for LDAP" (rfc3383)
Kurt Zeilenga [Fri, 20 Sep 2002 19:58:25 +0000 (19:58 +0000)]
Save "-" for no subtypes
Kurt Zeilenga [Fri, 20 Sep 2002 17:27:08 +0000 (17:27 +0000)]
Clean up hash password scheme stuff
Kurt Zeilenga [Fri, 20 Sep 2002 17:12:58 +0000 (17:12 +0000)]
Add some clarification as to what hash algorithms are used
with each password-hash scheme.