summaryrefslogtreecommitdiffstats
path: root/usr.sbin/ldapd/auth.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
* The ber_* namespace is used by liblber since time immemorial,tb2019-10-241-5/+5
| | | | | | | | | | | | so move our BER API to the unused ober_* prefix to avoid some breakage in ports. Problem diagnosed by jmatthew with ber_free() in samba, but there are many others as pointed out by sthen. tests & ok rob ok sthen (who had an almost identical diff for libutil) "go head hit it" deraadt
* Add support to filter on attributes.reyk2018-05-141-9/+24
| | | | | | | | | | | | | This can be used to allow users to change their password (and a few other things) but not their entire dn. For example: allow read access to any by self allow write access to any attribute userPassword by self This is currently only supported for "write" (modify, add, delete) and not "read" (search) filter rules. OK jmatthew@
* work on making log.c similar in all daemons:benno2017-01-201-1/+2
| | | | | | | move daemon-local functions into new logmsg.c, and reduce the (mostly whitespace) differences so that log.c's can be diffed easily. ok krw@ jmatthew@
* bzero -> memset. No binary change.mmcc2015-12-241-3/+3
|
* eliminate the use of a gcc C extension (conditionals with omitteddaniel2014-09-211-7/+7
| | | | | | operands). ok deraadt@
* Unbreak simple passwords with SHA and salted SHA hashes. Revision 1.7martinh2010-12-171-11/+15
| | | | introduced a bug that reversed the check. Found by MERIGHI Marcus.
* Remember the bind DN after BSD authentication. This makes access controlmartinh2010-10-191-6/+20
| | | | work for SASL and BSDAUTH binds as it does for simple binds.
* Implement support for bsdauth authentication via simple binds, not onlymartinh2010-09-201-45/+60
| | | | | | | | SASL. This works by prefixing the userPassword attribute with {BSDAUTH}, followed by the (bsd) username. For example: userPassword: {BSDAUTH}username Idea by william@. Tested by william@.
* Move generic imsg/libevent glue to a separate file.martinh2010-09-011-3/+2
| | | | with eric@ at c2k10
* Add a global root user that is allowed to read/write entries in all localmartinh2010-06-301-6/+17
| | | | namespaces. Useful for dump/restore of all namespaces.
* Add support for referrals. Referrals are configured in the config file,martinh2010-06-291-2/+4
| | | | | | either in the global context or in a namespace. The latter can be used to delegate requests to different servers for specific parts of the DIT. The former is a global catch-all referral.
* Set errno to appropriate values when returning failure in btree. Make btreemartinh2010-06-231-4/+3
| | | | | functions only return success or failure (-1 or NULL). Update callers to check errno.
* Make modify and simple auth requests open their own transactions, as searchmartinh2010-06-151-3/+12
| | | | | | | | | already does. Trigger a reopen imsg request if either the data or index databases are compacted. Queue the failed request and try again when the file is reopened. Compaction can now be done by a separate process, and ldapd will pick up the change and reopen the file.
* Initial import of ldapd, a small LDAP daemon. Work in progress.martinh2010-05-311-0/+372
ok deraadt@ jacekm@ gilles@ back@ henning@ blambert@
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.