summaryrefslogtreecommitdiffstats
path: root/usr.sbin/ldapd (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Protect against fd exhaustion when reopening database files. Only acceptjmatthew2012-06-169-18/+135
| | | | | | | | client or control connections when there are at least 8 fds available, and close a connection before calling imsg_read if it would be unable to accept an fd from the parent process. ok gilles@
* take a stab at documenting when arguments need quoted, and valid macrojmc2012-04-241-4/+7
| | | | | | | | | characters; prompted by a diff from robert peichaer org thanks gilles and henning for feedback ok deraadt zinke
* rate limiting of accept() in various cases. Testing by jmatthew. therederaadt2012-04-114-19/+72
| | | | | maybe still be a corner case where it needs one more file descriptor beyond the limit..
* use our umask() before AF_UNIX bind() semantics; ok pyrderaadt2012-04-011-3/+11
|
* Use a common text explaining how the various configuration parsers usingsthen2011-06-231-3/+8
| | | | | | | | | the standard OpenBSD-style parse.y handle continuing lines with backslashes, paying particular attention to how comments are handled (which can cause nasty side-effects if you're not expecting it). Most wording from jmc@, with suggestions from fgsch@, marc@, Richard Toohey, patrick keshishian and Florian Obser, ok jmc@.
* document available authentication types and formats.martinh2011-01-282-4/+56
| | | | with tweaks from jmc@
* Change detection of indefinite BER lenghts (which is not allowed). Only amartinh2011-01-081-7/+7
| | | | | | | length byte of 0x80 is now treated as meaning indefinite. This fixes empty sets sent by the winldap api. Makes authentication through pGina work. with william@
* Unbreak simple passwords with SHA and salted SHA hashes. Revision 1.7martinh2010-12-171-11/+15
| | | | introduced a bug that reversed the check. Found by MERIGHI Marcus.
* Unbreak re-indexing by checking if an index entry already exists.martinh2010-11-261-3/+3
|
* Make -dvv flags produce debug traces of decoded BER messages on stderr.martinh2010-11-107-9/+309
| | | | | Also shows a hexdump of the input buffer if BER decoding fails. Useful when debugging protocol issues.
* Prefix debug logging on stderr with time and pid, like syslog.martinh2010-11-101-2/+17
|
* If the base DN in a search request doesn't exist, return early.martinh2010-11-051-2/+7
|
* When draining the input buffer of more than two complete requests, anmartinh2010-11-051-2/+2
| | | | | additional incomplete request would be truncated. This fixes the number of bytes consumed from the input buffer.
* Change to read better after suggestion from jmc.martinh2010-11-051-3/+3
|
* Only LDAP version 3 is implemented.martinh2010-11-041-3/+3
|
* Document the syntax of schema files. Only a brief synopsis of the attributemartinh2010-11-041-2/+68
| | | | type and object class syntax is given, the rest is referred to the RFC.
* Publish matching rules in the cn=schema subentry as the matchingRulesmartinh2010-11-044-6/+42
| | | | | attribute. This is an operational attribute and only returned if explicitly asked for. Required by RFC 4517.
* Update the internal btree documentation to reflect the current api.martinh2010-11-031-20/+38
|
* Validate matching rules against attribute syntaxes. All matching rules frommartinh2010-11-034-13/+228
| | | | | | RFC 4517 are recognized, except the optional wordMatch and keywordMatch. Requires a current core.schema file.
* caseExactIA5Match is not an appropriate matching rule for directory stringsmartinh2010-11-031-2/+2
| | | | | (syntax oid 1.3.6.1.4.1.1466.115.121.1.15). Use caseExactMatch instead. Prepares for upcoming validation of matching rules.
* An index can now also be used for a presence filter.martinh2010-11-031-3/+3
|
* Evaluate filters according to the three-valued logic of X.511, as requiredmartinh2010-11-033-101/+162
| | | | | | | | by RFC 4511. A filter term can now be evaluated as undefined if the attribute description is not recognized, the attribute type doesn't define the appropriate matching rule, or the filtering is not implemented. This also implements the NOT filter in the query planner.
* Clarify the current state of ldapd as not fully LDAPv3 compliant.martinh2010-11-021-3/+3
|
* Allow the userPassword attribute to specify a login class when usingwilliam2010-10-261-2/+42
| | | | | | | | | | | simple binds with BSD Authentication, using '#' as the delimiter, such as: userPassword: {BSDAUTH}username#loginclass Useful for auth modules that require parameters such as login_radius. ok martinh
* Fix a segmentation fault when adding an attribute to an empty entry.martinh2010-10-191-2/+4
|
* When checking if the input buffer is large enough to hold an LDAP request,martinh2010-10-191-2/+2
| | | | | compare with available space, not the total space. This fixes rejection of messages when there are multiple requests queued in the input buffer.
* Remember the bind DN after BSD authentication. This makes access controlmartinh2010-10-193-8/+24
| | | | work for SASL and BSDAUTH binds as it does for simple binds.
* Missing ; to appease yyextract, ok martinh@sthen2010-10-181-7/+7
|
* aginst -> against; from Luca Cortijmc2010-10-071-3/+3
|
* add missing .Ar;jmc2010-09-241-2/+2
|
* add -s option. ok martinh@lum2010-09-241-2/+5
|
* Warn if schema file can't be opened.martinh2010-09-211-2/+4
|
* Implement support for bsdauth authentication via simple binds, not onlymartinh2010-09-201-45/+60
| | | | | | | | SASL. This works by prefixing the userPassword attribute with {BSDAUTH}, followed by the (bsd) username. For example: userPassword: {BSDAUTH}username Idea by william@. Tested by william@.
* RFC2247 -> RFC 2247;jmc2010-09-101-3/+3
|
* Resolve matching rules from superior attribute types at schema load timemartinh2010-09-032-13/+24
| | | | instead of when each attribute is validated.
* Implement attribute syntaxes from RFC4517. This adds validation to the mostmartinh2010-09-035-16/+410
| | | | | | common attribute types. Specialized attribute types like Delivery Method or Teletex Terminal Identifier are recognized for completeness, but not validated.
* Add missing leading string quote character in attribute type description.martinh2010-09-011-2/+2
| | | | Caused syntax errors when parsing schema from the subschema.
* Move generic imsg/libevent glue to a separate file.martinh2010-09-019-216/+303
| | | | with eric@ at c2k10
* Do not use FP arithmetic. Variation on a diff from Mike Belopuhov some time ago.martinh2010-09-011-6/+6
|
* fix linecount bug with comments spanning multiple lineshenning2010-08-031-3/+4
| | | | | | | problem reported with the obvious fix for bgpd by Sebastian Benoit <benoit-lists at fb12.de>, also PR 6432 applied to all the others by yours truly. ok theo isn't it amazing how far this parser (and more) spread?
* Revert parts of previous change leading to assertion failure formartinh2010-07-281-6/+7
| | | | | certain modify operations. Also fix logic error when replacing an attribute with the empty set.
* Fix a sigbus due to unaligned memory access, found when compacting onmartinh2010-07-261-5/+6
| | | | | | sparc64. reads ok to gilles@
* Add a history section saying that ldapd/ldapctl first appeared in 4.8.martinh2010-07-212-4/+14
|
* Fix an unaligned memory access.martinh2010-07-181-2/+2
|
* Avoid double free in ldap modify requests. The values received in themartinh2010-07-132-13/+35
| | | | | modify request is linked into the stored ber structure, and then both are freed. Fix this by unlinking the values from the request.
* Retry requests when the btree is busy. Without this, clients will just hangmartinh2010-07-103-11/+17
| | | | | waiting for a response if the btree was being reopened when the request was received.
* Send empty statistics rather than segfault if "ldapctl stats" is run when amartinh2010-07-062-6/+10
| | | | database is being reopened due to compaction.
* Plug another memory leak. Forgot to reset key returned from cursor, havingmartinh2010-07-061-1/+3
| | | | a reference to a cached page.
* Clarify differences between the 'include' and 'schema' keyword. And stressmartinh2010-07-061-3/+12
| | | | the 'secure' keyword. Looks fine to jmc@, gilles@
* When moving a node between pages during rebalance, find the source pagemartinh2010-07-061-1/+3
| | | | | prefix before finding any child page prefix. This fixes an inconsistency during rebalance.
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.