Age | Commit message (Collapse) | Author |
|
of MIN(), as done elsewhere
|
|
|
|
so move our BER API to the unused ober_* prefix to avoid some
breakage in ports.
Problem diagnosed by jmatthew with ber_free() in samba, but
there are many others as pointed out by sthen.
tests & ok rob
ok sthen (who had an almost identical diff for libutil)
"go head hit it" deraadt
|
|
by ber_scanf_elements must exist.
aldap.c apparently abused the old behaviour by always trying to retrieve
the referral element, which according to RFC4511 section 4.1.9 is optional.
This diff only requests the referral element if we get a referral response.
OK rob@
|
|
snmpctl. Separate copies of ber.[ch] have existed and been maintained in sync
in ldap, ldapd, ypldap and snmpd.
This commit moves the BER API into /usr/lib/libutil. All current consumers
already link libutil. ldapd and snmpd regress passes, and release builds.
With help from tb@ and guenther@.
ok deraadt@, tb@
|
|
fixes a problem when handling large negative integers.
ok claudio@
|
|
from Ville Valkonen
|
|
|
|
bonus: this exposed a few missing const qualifiers.
|
|
always the case. This caused some malformed output when querying databases
returning data containing NUL-bytes. Fix this by also returning the
actual size.
With this diff we should produce basically identical output to openldap's
ldapsearch.
Lots of back and forths with claudio@
OK claudio@
|
|
We have an ldapd(8) server and ypldap in base, so it makes sense to
have a simple LDAP client without depending on the OpenLDAP package.
This tool can be used in an ssh(1) AuthorizedKeysCommand script.
With feedback from many including millert@ schwarze@ gilles@ dlg@ jsing@
OK deraadt@
|
|
Found via snmpctl snmp walk 127.0.0.1 oid 1
OK claudio@
|
|
OK claudio@
|
|
ok beck@ bluhm@ tb@
|
|
OK claudio@
|
|
OK claudio@
|
|
|
|
OK reyk@
|
|
ok claudio@
|
|
possible stack overflow due to recursion in ber_free_elements().
ok claudio@
|
|
|
|
ok claudio@
|
|
ok claudio@
|
|
This way the size is the same on all archs and 32bit should be good enough.
OK rob@
|
|
api uses read and write buffers (byte streams) that are utilized by calling
applications which may or may not use sockets.
ok claudio@
buffer byte streams that applications then use for
|
|
ok claudio@, jca@
|
|
After the removal of fd-based read/writes I could have trimmed the code
further.
- no socket-based reads so ber_read() doesn't need to loop until it gets
the desired amount of data
- return either the requested amount of data or -1/ECANCELED, the caller
shouldn't have to handle partial reads itself
- inline ber_readbuf() into ber_read()
ok rob@ claudio@ tb@
|
|
|
|
|
|
can call ber_readbuf() in all cases. This resolves a problem previously
encountered with SNMPv3 authentication, simplifies the code, and completes a
full synchronization of all ber instances.
Proposed by claudio@. Problematic use case in snmpd tested by sthen@ and me.
ldap(s) appear happy as well.
looks good to claudio@
|
|
ok rob reyk
|
|
Ok reyk@
|
|
See usr.sbin/snmpd/ber.c revision 1.24 commit log for a summary of these
changes (e.g. SNMPv2 traps, User-based Security Model, callback for USM HMAC
calculations).
There is one final ber piece to copy from the snmpd instance related to
ber_getc() which will be done in a separate diff.
"looks good to me" deraadt@
|
|
and add some explanatory text: originally from a diff proposed by
matthew martin, with an adjusted text by him
- while here, sync synopsis and usage(), and some other minor tweaks
|
|
|
|
Ok reyk@
|
|
with snmpd. More tweaks to come once things are fully synchronized.
Feedback from claudio and Robert Klein.
Ok claudio@
|
|
We have an ldapd(8) server and ypldap in base, so it makes sense to
have a simple LDAP client without depending on the OpenLDAP package.
This tool can be used in an ssh(1) AuthorizedKeysCommand script.
With feedback from many including millert@ schwarze@ gilles@ dlg@ jsing@
OK deraadt@
|
|
|
|
Ok claudio@, "looks right" gsoares@
|
|
passwords. A similar fix was applied to snmpd in 2010 (rev 1.23).
Pointers from Reyk.
Ok claudio@
|
|
We have an ldapd(8) server and ypldap in base, so it makes sense to
have a simple LDAP client without depending on the OpenLDAP package.
This tool can be used in an ssh(1) AuthorizedKeysCommand script.
With feedback from many including millert@ schwarze@ gilles@ dlg@ jsing@
OK deraadt@
|
|
Pointed out by Tim Chase
OK rob@ gsoares@ jmc@
|
|
We have an ldapd(8) server and ypldap in base, so it makes sense to
have a simple LDAP client without depending on the OpenLDAP package.
This tool can be used in an ssh(1) AuthorizedKeysCommand script.
With feedback from many including millert@ schwarze@ gilles@ dlg@ jsing@
OK deraadt@
|
|
|
|
We have an ldapd(8) server and ypldap in base, so it makes sense to
have a simple LDAP client without depending on the OpenLDAP package.
This tool can be used in an ssh(1) AuthorizedKeysCommand script.
With feedback from many including millert@ schwarze@ gilles@ dlg@ jsing@
OK deraadt@
|
|
|
|
ok reyk
|
|
|
|
|