summaryrefslogtreecommitdiffstats
path: root/usr.bin/ldap (follow)
Commit message (Collapse)AuthorAgeFilesLines
* some spacing/grammar fixes from dave voutila;jmc2021-02-101-7/+5
|
* The ber_* namespace is used by liblber since time immemorial,tb2019-10-241-85/+85
| | | | | | | | | | | | so move our BER API to the unused ober_* prefix to avoid some breakage in ports. Problem diagnosed by jmatthew with ber_free() in samba, but there are many others as pointed out by sthen. tests & ok rob ok sthen (who had an almost identical diff for libutil) "go head hit it" deraadt
* During libutil/ber.c r1.12 I made sure that every element that's requestedmartijn2019-09-101-4/+6
| | | | | | | | | | | by ber_scanf_elements must exist. aldap.c apparently abused the old behaviour by always trying to retrieve the referral element, which according to RFC4511 section 4.1.9 is optional. This diff only requests the referral element if we get a referral response. OK rob@
* The BER API is currently used by ldap, ldapd, ldapctl, ypldap, snmpd, androb2019-05-114-1485/+3
| | | | | | | | | | | | snmpctl. Separate copies of ber.[ch] have existed and been maintained in sync in ldap, ldapd, ypldap and snmpd. This commit moves the BER API into /usr/lib/libutil. All current consumers already link libutil. ldapd and snmpd regress passes, and release builds. With help from tb@ and guenther@. ok deraadt@, tb@
* Only apply sign extension when less than eight bytes have been consumed. Thisrob2019-04-271-3/+4
| | | | | | fixes a problem when handling large negative integers. ok claudio@
* avoid double free, instead flowing through a free(NULL)deraadt2019-01-261-2/+1
| | | | from Ville Valkonen
* rm a few more $Id which cannot be usefultedu2019-01-172-4/+2
|
* update for libtls default cert changes.tedu2018-11-291-3/+3
| | | | bonus: this exposed a few missing const qualifiers.
* LDAP returns values as OCTET STRINGs, which can be LDAPStrings, but isn'tmartijn2018-11-275-58/+104
| | | | | | | | | | | | | always the case. This caused some malformed output when querying databases returning data containing NUL-bytes. Fix this by also returning the actual size. With this diff we should produce basically identical output to openldap's ldapsearch. Lots of back and forths with claudio@ OK claudio@
* Fix when ber_free_elements is called with a NULL-value.martijn2018-11-201-1/+3
| | | | | | Found via snmpctl snmp walk 127.0.0.1 oid 1 OK claudio@
* RFC2849 requires us to have 2 colons after the value-spec.martijn2018-11-071-2/+2
| | | | OK claudio@
* Use TLS_CA_CERT_FILE instead of a separate define.jsing2018-11-061-3/+2
| | | | ok beck@ bluhm@ tb@
* Fix base64 outlen calculation.martijn2018-11-061-2/+2
| | | | OK claudio@
* Implement SAFE-INIT-CHAR.martijn2018-11-061-3/+8
| | | | OK claudio@
* *** empty log message ***martijn2018-10-231-1/+3
|
* Fix off by one when wrapping long LDIF lines.martijn2018-10-231-2/+4
| | | | OK reyk@
* Change ber_write_elements() to return ssize_t instead of int.rob2018-08-123-8/+8
| | | | ok claudio@
* Place a limit on the number of elements in a ber sequence/set. This preventsrob2018-08-032-5/+15
| | | | | | possible stack overflow due to recursion in ber_free_elements(). ok claudio@
* Remove midsentence period.rob2018-08-011-3/+3
|
* Relocate some public functions above the internal functions comment.rob2018-07-311-63/+63
| | | | ok claudio@
* Fix some debugging output now that ber type and encoding are unsigned int.rob2018-07-312-6/+6
| | | | ok claudio@
* Make ber type and encoding a unsigned int instead of unsigned long.claudio2018-07-313-34/+33
| | | | | This way the size is the same on all archs and 32bit should be good enough. OK rob@
* Fix some comments referencing sockets which are not used by the ber api. Therob2018-07-131-5/+5
| | | | | | | | | api uses read and write buffers (byte streams) that are utilized by calling applications which may or may not use sockets. ok claudio@ buffer byte streams that applications then use for
* Fix loop condition in ber.c. Discussed with claudio.rob2018-07-131-6/+5
| | | | ok claudio@, jca@
* Simplify ber_read()jca2018-07-091-36/+16
| | | | | | | | | | | | | After the removal of fd-based read/writes I could have trimmed the code further. - no socket-based reads so ber_read() doesn't need to loop until it gets the desired amount of data - return either the requested amount of data or -1/ECANCELED, the caller shouldn't have to handle partial reads itself - inline ber_readbuf() into ber_read() ok rob@ claudio@ tb@
* More whitespace.rob2018-07-041-4/+2
|
* Cleanup some whitespace.rob2018-07-041-2/+2
|
* Relocate the update of br_offs from ber_read() to ber_readbuf() so ber_getc()rob2018-07-041-8/+4
| | | | | | | | | | | can call ber_readbuf() in all cases. This resolves a problem previously encountered with SNMPv3 authentication, simplifies the code, and completes a full synchronization of all ber instances. Proposed by claudio@. Problematic use case in snmpd tested by sthen@ and me. ldap(s) appear happy as well. looks good to claudio@
* minor tweaks to improve readability;jmc2018-07-041-7/+5
| | | | ok rob reyk
* Add HISTORY to ldap.1rob2018-07-041-2/+7
| | | | Ok reyk@
* Synchronize ber changes from the snmpd instance to ldap, ldapd, and ypldap.rob2018-07-032-4/+77
| | | | | | | | | | | See usr.sbin/snmpd/ber.c revision 1.24 commit log for a summary of these changes (e.g. SNMPv2 traps, User-based Security Model, callback for USM HMAC calculations). There is one final ber piece to copy from the snmpd instance related to ber_getc() which will be done in a separate diff. "looks good to me" deraadt@
* - instead of trying to show a 100% accurate synopsis for -H, simplify itjmc2018-07-032-20/+28
| | | | | | | and add some explanatory text: originally from a diff proposed by matthew martin, with an adjusted text by him - while here, sync synopsis and usage(), and some other minor tweaks
* s/constructive/constructed in DPRINTF output.rob2018-07-011-2/+2
|
* Consistent use of copyright notices.rob2018-06-292-4/+4
| | | | Ok reyk@
* Synchronize ber.c and ber.h across ldap, ldapd, and ypldap, and reduce diffrob2018-06-292-9/+23
| | | | | | | | with snmpd. More tweaks to come once things are fully synchronized. Feedback from claudio and Robert Klein. Ok claudio@
* Synchronize some comments.rob2018-06-271-3/+3
|
* Consistent use of calloc in ber.c.rob2018-06-271-2/+2
| | | | Ok claudio@, "looks right" gsoares@
* Synchronize correct processing of BER_TYPE_EOC. Fixes support for empty LDAProb2018-06-271-2/+3
| | | | | | | | passwords. A similar fix was applied to snmpd in 2010 (rev 1.23). Pointers from Reyk. Ok claudio@
* Allow to read the password from a file with -yreyk2018-06-262-11/+50
| | | | | | Pointed out by Tim Chase OK rob@ gsoares@ jmc@
* Fix DEBUG messagereyk2018-06-211-3/+3
|
* "filter" is optional; from matthew martinjmc2018-06-171-3/+3
|
* fix some formatting which groff was complaining about;jmc2018-06-131-5/+5
| | | | ok reyk
* various tweaks;jmc2018-06-131-16/+14
|
* Update AuthorizedKeysCommand example: only match ^sshPublicKey: lines.reyk2018-06-131-2/+2
|
* Import ldap(1), a simple ldap search client.reyk2018-06-139-0/+4272
We have an ldapd(8) server and ypldap in base, so it makes sense to have a simple LDAP client without depending on the OpenLDAP package. This tool can be used in an ssh(1) AuthorizedKeysCommand script. With feedback from many including millert@ schwarze@ gilles@ dlg@ jsing@ OK deraadt@
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.