summaryrefslogtreecommitdiffstats
path: root/usr.sbin/ldapd (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Fix ldapd datadir location.martijn2020-03-052-6/+10
| | | | | | Diff from roklein <at> roklein <dot> de OK claudio@
* briefly mention /etc/examples/ in the FILES section of all theschwarze2020-02-101-3/+5
| | | | | manual pages that document the corresponding configuration files; OK jmc@, and general direction discussed with many
* usr.sbin/ldapd: replace TAILQ concatenation loop with TAILQ_CONCATbket2020-01-281-10/+5
| | | | OK florian@
* The starttls command doesn't have a value with its extended request.martijn2019-10-261-4/+3
| | | | | | | | | The handling of this changed with libutil/ber.c r1.12 resulting in starttls failing. Found by several. Fix suggestion by roklein <at> roklein <dot> de OK claudio@
* The ber_* namespace is used by liblber since time immemorial,tb2019-10-2412-188/+188
| | | | | | | | | | | | so move our BER API to the unused ober_* prefix to avoid some breakage in ports. Problem diagnosed by jmatthew with ber_free() in samba, but there are many others as pointed out by sthen. tests & ok rob ok sthen (who had an almost identical diff for libutil) "go head hit it" deraadt
* snprintf/vsnprintf return < 0 on error, rather than -1.deraadt2019-07-031-2/+2
|
* When system calls indicate an error they return -1, not some arbitraryderaadt2019-06-281-2/+2
| | | | | | value < 0. errno is only updated in this case. Change all (most?) callers of syscalls to follow this better, and let's see if this strictness helps us in the future.
* Some asprintf() calls were checked < 0, rather than the precise == -1.deraadt2019-06-271-3/+3
| | | | ok millert nicm tb, etc
* Fix LDAP RFC reference in comment. Also noticed by martijn.rob2019-05-181-3/+3
| | | | ok guenther@, claudio@
* The BER API is currently used by ldap, ldapd, ldapctl, ypldap, snmpd, androb2019-05-114-1484/+4
| | | | | | | | | | | | snmpctl. Separate copies of ber.[ch] have existed and been maintained in sync in ldap, ldapd, ypldap and snmpd. This commit moves the BER API into /usr/lib/libutil. All current consumers already link libutil. ldapd and snmpd regress passes, and release builds. With help from tb@ and guenther@. ok deraadt@, tb@
* Only apply sign extension when less than eight bytes have been consumed. Thisrob2019-04-271-3/+4
| | | | | | fixes a problem when handling large negative integers. ok claudio@
* Avoid calling dup2(oldd, newd) when oldd == newd. In that case theyasuoka2019-03-311-2/+5
| | | | | | | descriptor keeps CLOEXEC flag then it will be closed unexpectedly by exec(). ok tedu florian
* (unsigned) means (unsigned int) which on ptrdiff_t or size_t or otherderaadt2019-02-132-5/+5
| | | | | | larger types really is a range reduction... Almost any cast to (unsigned) is a bug. ok millert tb benno
* key.data is a void *, on gcc archs doing a %s printf with such a pointerclaudio2018-12-051-4/+7
| | | | | | results in a warning. Use either the original string value or use a cast. This makes both clang and gcc happy. OK guenther@
* Sync with ldap(1)martijn2018-11-272-2/+33
|
* Fix when ber_free_elements is called with a NULL-value.martijn2018-11-201-1/+3
| | | | | | Found via snmpctl snmp walk 127.0.0.1 oid 1 OK claudio@
* some tweaks from raf czlonka, plus one more from me;jmc2018-11-041-4/+4
|
* - odd condition/test in PF lexersashan2018-11-011-2/+3
| | | | | | | | | | | | | | (and other lexers too) This commit rectifies earlier change: in the lex... even inside quotes, a \ followed by space or tab should expand to space or tab, and a \ followed by newline should be ignored (as a line continuation). compatible with the needs of hoststated (which has the most strict quoted string requirements), and ifstated (where one commonly does line continuations in strings). OK deraadt@, OK millert@
* replace malloc()+strlcpy() with strndup() in cmdline_symset().miko2018-09-071-9/+4
| | | | "looks good" gilles@ halex@
* Undefined plans can never match. Check for that before trying to use the plan.claudio2018-08-271-4/+10
| | | | OK millert@ gsoares@
* Wrap some overly long lines. No functional changeclaudio2018-08-271-4/+7
|
* Change ber_write_elements() to return ssize_t instead of int.rob2018-08-123-7/+7
| | | | ok claudio@
* Place a limit on the number of elements in a ber sequence/set. This preventsrob2018-08-032-5/+15
| | | | | | possible stack overflow due to recursion in ber_free_elements(). ok claudio@
* Relocate some public functions above the internal functions comment.rob2018-07-311-63/+63
| | | | ok claudio@
* Fix some debugging output now that ber type and encoding are unsigned int.rob2018-07-311-2/+2
| | | | ok claudio@
* Make ber type and encoding a unsigned int instead of unsigned long.claudio2018-07-318-50/+50
| | | | | This way the size is the same on all archs and 32bit should be good enough. OK rob@
* Fix some comments referencing sockets which are not used by the ber api. Therob2018-07-131-5/+5
| | | | | | | | | api uses read and write buffers (byte streams) that are utilized by calling applications which may or may not use sockets. ok claudio@ buffer byte streams that applications then use for
* Fix loop condition in ber.c. Discussed with claudio.rob2018-07-131-6/+5
| | | | ok claudio@, jca@
* Do for most running out of memory err() what was done for most runningkrw2018-07-111-2/+2
| | | | | | | | out of memory log_warn(). i.e. ("%s", __func__) instead of manual function names and redundant verbiage about which wrapper detected the out of memory condition. ok henning@
* No need to mention which memory allocation entry point failed (malloc,krw2018-07-091-5/+5
| | | | | | | | | calloc or strdup), we just need to log that we ran out of memory in a particular function. Recommended by florian@ and deraadt@ ok benno@ henning@ tb@
* Simplify ber_read()jca2018-07-091-36/+16
| | | | | | | | | | | | | After the removal of fd-based read/writes I could have trimmed the code further. - no socket-based reads so ber_read() doesn't need to loop until it gets the desired amount of data - return either the requested amount of data or -1/ECANCELED, the caller shouldn't have to handle partial reads itself - inline ber_readbuf() into ber_read() ok rob@ claudio@ tb@
* Be consistent in warn() and log_warn() usage whenkrw2018-07-081-3/+3
| | | | | | | | running out of memory. Next step, be correct *and* consistent. ok dennis@ tb@ benno@ schwarze@
* More whitespace.rob2018-07-041-4/+2
|
* Cleanup some whitespace.rob2018-07-041-2/+2
|
* Relocate the update of br_offs from ber_read() to ber_readbuf() so ber_getc()rob2018-07-041-8/+4
| | | | | | | | | | | can call ber_readbuf() in all cases. This resolves a problem previously encountered with SNMPv3 authentication, simplifies the code, and completes a full synchronization of all ber instances. Proposed by claudio@. Problematic use case in snmpd tested by sthen@ and me. ldap(s) appear happy as well. looks good to claudio@
* Avoid possible vfprintf NULL errors in ldap_unbind().rob2018-07-041-2/+3
| | | | Ok benno@
* Synchronize ber changes from the snmpd instance to ldap, ldapd, and ypldap.rob2018-07-032-4/+77
| | | | | | | | | | | See usr.sbin/snmpd/ber.c revision 1.24 commit log for a summary of these changes (e.g. SNMPv2 traps, User-based Security Model, callback for USM HMAC calculations). There is one final ber piece to copy from the snmpd instance related to ber_getc() which will be done in a separate diff. "looks good to me" deraadt@
* s/constructive/constructed in DPRINTF output.rob2018-07-011-2/+2
|
* Consistent use of copyright notices.rob2018-06-292-4/+4
| | | | Ok reyk@
* Synchronize ber.c and ber.h across ldap, ldapd, and ypldap, and reduce diffrob2018-06-291-2/+2
| | | | | | | | with snmpd. More tweaks to come once things are fully synchronized. Feedback from claudio and Robert Klein. Ok claudio@
* avoid passing NULL to asprintf(3) when there's no parent dn entrygsoares2018-06-281-1/+2
| | | | OK jca@
* Synchronize correct processing of BER_TYPE_EOC. Fixes support for empty LDAProb2018-06-271-2/+3
| | | | | | | | passwords. A similar fix was applied to snmpd in 2010 (rev 1.23). Pointers from Reyk. Ok claudio@
* Fix an off-by-one line count when using include statements.denis2018-06-111-47/+78
| | | | | | Thanks to otto@ for the initial diff. OK benno@
* Add support for attribute filter rules on search/read operations.reyk2018-05-183-13/+18
| | | | OK jmatthew@
* Fix the client search request time and size limits.reyk2018-05-161-5/+5
| | | | | | | | | | ldapd failed when the specified limits were reached instead of exceeded. This fixes search queries that define such a limit, for example with "ldapsearch -z 1". Thanks to Christophe Simon for the bug report, analysis, and fix! OK jmatthew@
* Fix format string errors in log messages and update ldapd to use relayd's log.creyk2018-05-1513-98/+169
| | | | OK benno@ jmatthew@
* Remove duplicated word ("scope scope").reyk2018-05-141-2/+2
| | | | Pointed out by jmc@
* Add support to filter on attributes.reyk2018-05-146-32/+97
| | | | | | | | | | | | | This can be used to allow users to change their password (and a few other things) but not their entire dn. For example: allow read access to any by self allow write access to any attribute userPassword by self This is currently only supported for "write" (modify, add, delete) and not "read" (search) filter rules. OK jmatthew@
* Plug leak in error case of the common 'varset' implementations.krw2018-04-261-1/+3
| | | | ok benno@
* Use <fcntl.h> instead of <sys/file.h> for open() and friends.guenther2018-04-261-2/+1
| | | | | | | Delete a bunch of unnecessary #includes and sort to match style(9) while doing the above cleanup. ok deraadt@ krw@
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.