src - OpenBSD base system

Age	Commit message (Collapse)	Author
2014-01-22	relax the cfg file secrecy check slightly to allow group readability	Henning Brauer
	default permissions and mtree NOT changed. prodded by benno, ok phessler benno jmatthew theo pelikan florian
2013-11-26	deal with msgbuf_write EAGAIN, ok gilles benno	Henning Brauer

2013-11-25	use u_char for buffers in yylex, for ctype calls	Sebastian Benoit
	found by millert@, ok deraadt@
2013-11-23	unsigned char casts for ctype	Theo de Raadt
	ok jca
2013-11-02	bunch of format string cleanups, removing %i, signed vs unsigned, and even	Theo de Raadt
	a few long long's ok jmatthew
2013-09-07	Change default ciphers to HIGH:!aNULL.	Federico G. Schwindt
	reyk@ ok
2013-08-20	replace a predefined string with a mdoc macro; ok jmc, schwarze, sobrado	Mike Belopuhov

2013-08-14	some Bx/Ox conversion;	Jason McIntyre
	From: Jan Stary
2013-08-06	Switch vax to gcc 3.3.6.	Miod Vallat

2013-07-16	use .Mt for email addresses; from Jan Stary <hans at stare dot cz>; ok jmc@	Ingo Schwarze

2013-06-29	do not use Sx for sections outwith the page;	Jason McIntyre
	man4 still to go...
2013-01-28	ssl.c is a very old copy of smtpd's and didn't catch up the bump of the	Gilles Chehade
	DH prime parameter. bring the update from smtpd... openldap client now accepts to connect to a ssl-enabled ldapd server, issue reported by Joel Carnat and Vadim Agarkov diff ok mikeb@ and martinh@
2012-11-12	fix a potential memory leak; OK martinh@ sthen@	Gleydson Soares

2012-09-26	last stage of rfc changes, using consistent Rs/Re blocks, and moving the	Jason McIntyre
	references into a STANDARDS section;
2012-06-16	Protect against fd exhaustion when reopening database files. Only accept	Jonathan Matthew
	client or control connections when there are at least 8 fds available, and close a connection before calling imsg_read if it would be unable to accept an fd from the parent process. ok gilles@
2012-04-24	take a stab at documenting when arguments need quoted, and valid macro	Jason McIntyre
	characters; prompted by a diff from robert peichaer org thanks gilles and henning for feedback ok deraadt zinke
2012-04-11	rate limiting of accept() in various cases. Testing by jmatthew. there	Theo de Raadt
	maybe still be a corner case where it needs one more file descriptor beyond the limit..
2012-04-01	use our umask() before AF_UNIX bind() semantics; ok pyr	Theo de Raadt

2011-06-23	Use a common text explaining how the various configuration parsers using	Stuart Henderson
	the standard OpenBSD-style parse.y handle continuing lines with backslashes, paying particular attention to how comments are handled (which can cause nasty side-effects if you're not expecting it). Most wording from jmc@, with suggestions from fgsch@, marc@, Richard Toohey, patrick keshishian and Florian Obser, ok jmc@.
2011-01-28	document available authentication types and formats.	Martin Hedenfal
	with tweaks from jmc@
2011-01-08	Change detection of indefinite BER lenghts (which is not allowed). Only a	Martin Hedenfal
	length byte of 0x80 is now treated as meaning indefinite. This fixes empty sets sent by the winldap api. Makes authentication through pGina work. with william@
2010-12-17	Unbreak simple passwords with SHA and salted SHA hashes. Revision 1.7	Martin Hedenfal
	introduced a bug that reversed the check. Found by MERIGHI Marcus.
2010-11-26	Unbreak re-indexing by checking if an index entry already exists.	Martin Hedenfal

2010-11-10	Make -dvv flags produce debug traces of decoded BER messages on stderr.	Martin Hedenfal
	Also shows a hexdump of the input buffer if BER decoding fails. Useful when debugging protocol issues.
2010-11-10	Prefix debug logging on stderr with time and pid, like syslog.	Martin Hedenfal

2010-11-05	If the base DN in a search request doesn't exist, return early.	Martin Hedenfal

2010-11-05	When draining the input buffer of more than two complete requests, an	Martin Hedenfal
	additional incomplete request would be truncated. This fixes the number of bytes consumed from the input buffer.
2010-11-05	Change to read better after suggestion from jmc.	Martin Hedenfal

2010-11-04	Only LDAP version 3 is implemented.	Martin Hedenfal

2010-11-04	Document the syntax of schema files. Only a brief synopsis of the attribute	Martin Hedenfal
	type and object class syntax is given, the rest is referred to the RFC.
2010-11-04	Publish matching rules in the cn=schema subentry as the matchingRules	Martin Hedenfal
	attribute. This is an operational attribute and only returned if explicitly asked for. Required by RFC 4517.
2010-11-03	Update the internal btree documentation to reflect the current api.	Martin Hedenfal

2010-11-03	Validate matching rules against attribute syntaxes. All matching rules from	Martin Hedenfal
	RFC 4517 are recognized, except the optional wordMatch and keywordMatch. Requires a current core.schema file.
2010-11-03	caseExactIA5Match is not an appropriate matching rule for directory strings	Martin Hedenfal
	(syntax oid 1.3.6.1.4.1.1466.115.121.1.15). Use caseExactMatch instead. Prepares for upcoming validation of matching rules.
2010-11-03	An index can now also be used for a presence filter.	Martin Hedenfal

2010-11-03	Evaluate filters according to the three-valued logic of X.511, as required	Martin Hedenfal
	by RFC 4511. A filter term can now be evaluated as undefined if the attribute description is not recognized, the attribute type doesn't define the appropriate matching rule, or the filtering is not implemented. This also implements the NOT filter in the query planner.
2010-11-02	Clarify the current state of ldapd as not fully LDAPv3 compliant.	Martin Hedenfal

2010-10-26	Allow the userPassword attribute to specify a login class when using	william
	simple binds with BSD Authentication, using '#' as the delimiter, such as: userPassword: {BSDAUTH}username#loginclass Useful for auth modules that require parameters such as login_radius. ok martinh
2010-10-19	Fix a segmentation fault when adding an attribute to an empty entry.	Martin Hedenfal

2010-10-19	When checking if the input buffer is large enough to hold an LDAP request,	Martin Hedenfal
	compare with available space, not the total space. This fixes rejection of messages when there are multiple requests queued in the input buffer.
2010-10-19	Remember the bind DN after BSD authentication. This makes access control	Martin Hedenfal
	work for SASL and BSDAUTH binds as it does for simple binds.
2010-10-18	Missing ; to appease yyextract, ok martinh@	Stuart Henderson

2010-10-07	aginst -> against; from Luca Corti	Jason McIntyre

2010-09-24	add missing .Ar;	Jason McIntyre

2010-09-24	add -s option. ok martinh@	lum

2010-09-21	Warn if schema file can't be opened.	Martin Hedenfal

2010-09-20	Implement support for bsdauth authentication via simple binds, not only	Martin Hedenfal
	SASL. This works by prefixing the userPassword attribute with {BSDAUTH}, followed by the (bsd) username. For example: userPassword: {BSDAUTH}username Idea by william@. Tested by william@.
2010-09-10	RFC2247 -> RFC 2247;	Jason McIntyre

2010-09-03	Resolve matching rules from superior attribute types at schema load time	Martin Hedenfal
	instead of when each attribute is validated.
2010-09-03	Implement attribute syntaxes from RFC4517. This adds validation to the most	Martin Hedenfal
	common attribute types. Specialized attribute types like Delivery Method or Teletex Terminal Identifier are recognized for completeness, but not validated.