summaryrefslogtreecommitdiffstats
path: root/usr.sbin/ldapd (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Tweak /etc/ldap/certs/ FILES entry.jca2016-10-171-2/+2
|
* In FILES mention /etc/ldapd.conf first, then /etc/ldap/ entriesjca2016-10-171-3/+3
|
* Fix a few mistakes and add a FILES entry for /etc/ldap/certsjca2016-10-171-5/+7
| | | | From Rob Pierce, help & ok jmc@
* Pull in <sys/time.h> for gettimeofday()guenther2016-08-271-1/+2
| | | | ok deraadt@
* Adjust existing tls_config_set_cipher() callers for TLS cipher groupjsing2016-07-131-2/+2
| | | | | | | changes - map the previous configuration to the equivalent in the new groups. This will be revisited post release. Discussed with beck@
* do not allow whitespace in macro names, i.e. "this is" = "a variable".benno2016-06-211-1/+9
| | | | | | | | change this in all config parsers in our tree that support macros. problem reported by sven falempin. feedback from henning@, stsp@, deraadt@ ok florian@ mikeb@
* convert ldapd to use the libtls api, bringing in a copy of the evbuffer_tlsjmatthew2016-05-0110-792/+559
| | | | | | code from syslogd. ok beck@ benno@
* Currently we have about a 50/50 split over fcntl(n, F_GETFL [,0])krw2016-03-201-2/+2
| | | | | | | | | | idioms. Adopt the more concise fcntl(n, F_GETFL) over fcntl(n, F_GETFL, 0) where it is obvious further investigation will not yield and even better way. Obviousness evaluation and ok guenther@
* Minor ldapd -r tweaksjca2016-02-042-5/+5
| | | | | | | - fix style - the string pointed to by datadir shouldn't be modified, use const - initialize datadir at compile time - in namespace.c, move the extern datadir decl above local decls
* use stat(2) instead of chdir(2) to check if given the directory is valid.gsoares2016-02-021-3/+7
| | | | OK landry@ jca@
* some -r fixes;jmc2016-02-011-6/+7
|
* Add -r argument to ldapd, to specify an alternative directory tolandry2016-02-013-9/+23
| | | | | | | | | | store/read the database, still defaulting to /var/db/ldap. This will allow running totally separate instances, to be used by an upcoming regress suite for example. With a tweak from gsoares@ to check that the directory exists. ok dlg@ semarie@ jca@
* Properly remove unix sockets (control & listening) upon exit of thelandry2016-01-172-3/+25
| | | | | | | | | | parent process. Child process was killed by pledge because it tried to remove the control socket and didnt have cpath - anyway it couldnt remove it since it had chrooted.. ok jmatthew@ deraadt@
* SSL_CTX_free() and SSL_free() check for null so dont do it in ldapdbenno2015-12-301-5/+3
| | | | ok jung@ tedu@ deraadt@
* bzero -> memset. No binary change.mmcc2015-12-2412-50/+50
|
* use strndup instead of malloc/strncpy/nulmmcc2015-12-241-4/+3
| | | | ok krw@
* commiting -> committingmmcc2015-12-221-3/+3
|
* Remove NULL-checks before free(). ok tb@mmcc2015-12-102-6/+4
|
* #include <string.h> not strings.hclaudio2015-12-051-2/+2
|
* use SOCK_NONBLOCK instead of fcntljmatthew2015-11-026-33/+12
| | | | ok dlg@
* Both ldapd processes need "stdio" to talk to clients and each other.jmatthew2015-11-022-2/+9
| | | | | | | | | | | The parent process opens database files ("rpath wpath cpath"), sends fds to the child ("sendfd"), and does bsd auth on behalf of the child ("getpw proc exec"). The child process accepts client connections ("inet unix"), receives fds from the parent ("recvfd") and locks database files ("flock"). ok deraadt@
* The <ctype.h> is*() interfaces expect EOF or an unsigned char; cast toguenther2015-10-111-2/+2
| | | | | | (unsigned char) as required found by Michael McConville (mmcconv1 (at) sccs.swarthmore.edu) w/Coccinelle
* Do not assume that asprintf() clears the pointer on failure, whichmillert2015-06-034-10/+22
| | | | | is non-portable. Also add missing asprintf() return value checks. OK deraadt@ guenther@ doug@
* ber_printf_elements should return NULL if any of its parts fail.pelikan2015-02-121-14/+31
| | | | | | Leave the error handling up to its callers. ok reyk
* initialize a variable in case "goto done" makes us compare itpelikan2015-02-111-2/+3
| | | | found by clang, ok henning
* Remove ssl_by_mem_ctrl() and x509_mem_lookup to unbreak the build. Itreyk2015-01-281-60/+1
| | | | | | | caused a conflict with a new function in LibreSSL but wasn't even used by ldapd. No functional change. OK deraadt@
* change to <limits.h> universe. The only changes in the binary are duederaadt2015-01-168-18/+15
| | | | | to the heavy use of assert. ok millert
* Don't allow embedded nul characters in strings.jsg2014-11-201-1/+4
| | | | | | | Fixes a pfctl crash with an anchor name containing an embedded nul found with the afl fuzzer. pfctl parse.y patch from and ok deraadt@
* Convert the logic in the error function of the ldap schema parser.bluhm2014-11-161-7/+6
| | | | | | Instead of creating a temporary format string, create a temporary message. OK doug@
* Add gcc printf format attributes to yyerror() in parse.y files.doug2014-11-141-2/+4
| | | | | | No yyerror() calls needed to be changed. ok bluhm@
* Convert the logic in yyerror(). Instead of creating a temporarybluhm2014-11-031-6/+6
| | | | | format string, create a temporary message. OK claudio@
* eliminate the use of a gcc C extension (conditionals with omitteddaniel2014-09-214-17/+17
| | | | | | operands). ok deraadt@
* Replace all queue *_END macro calls except CIRCLEQ_END with NULL.doug2014-09-131-3/+3
| | | | | | | | CIRCLEQ_* is deprecated and not called in the tree. The other queue types have *_END macros which were added for symmetry with CIRCLEQ_END. They are defined as NULL. There's no reason to keep the other *_END macro calls. ok millert@
* Delete secret or secret-derived data with explicit_bzero.doug2014-08-251-2/+2
| | | | | concept ok deraadt@ diff looks ok tedu@
* add a caveat about databases;jmc2014-08-111-2/+5
| | | | | | From: Matthew Weigel ok gilles
* zap trailing newlines; "go for it" deraadtokan2014-07-161-2/+1
|
* When the three possible return values are -1, 0, and 1, != 1 is the samekrw2014-07-131-1/+1
| | | | | | as <= 0. And the latter is the normal idiom so use that. ok claudio@ henning@
* add additional includes required to build with -DOPENSSL_NO_DEPRECATEDjsg2014-07-111-1/+3
|
* rfc 4512, not 4712;jmc2014-06-111-4/+4
| | | | From: route dylanharris org
* Remove workarounds for ld reaching MAXDSIZ on vax, now that MAXDSIZ ismiod2014-04-151-5/+1
| | | | | more comfortable. Reminded by brad@
* relax the cfg file secrecy check slightly to allow group readabilityhenning2014-01-221-3/+3
| | | | | default permissions and mtree NOT changed. prodded by benno, ok phessler benno jmatthew theo pelikan florian
* deal with msgbuf_write EAGAIN, ok gilles bennohenning2013-11-261-1/+1
|
* use u_char for buffers in yylex, for ctype callsbenno2013-11-251-7/+7
| | | | found by millert@, ok deraadt@
* unsigned char casts for ctypederaadt2013-11-232-10/+12
| | | | ok jca
* bunch of format string cleanups, removing %i, signed vs unsigned, and evenderaadt2013-11-027-28/+30
| | | | | a few long long's ok jmatthew
* Change default ciphers to HIGH:!aNULL.fgsch2013-09-071-2/+2
| | | | reyk@ ok
* replace a predefined string with a mdoc macro; ok jmc, schwarze, sobradomikeb2013-08-201-6/+6
|
* some Bx/Ox conversion;jmc2013-08-141-4/+8
| | | | From: Jan Stary
* Switch vax to gcc 3.3.6.miod2013-08-061-1/+5
|
* use .Mt for email addresses; from Jan Stary <hans at stare dot cz>; ok jmc@schwarze2013-07-161-3/+3
|
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.