summaryrefslogtreecommitdiff
path: root/usr.sbin/ldapd
AgeCommit message (Collapse)Author
2012-11-12fix a potential memory leak; OK martinh@ sthen@Gleydson Soares
2012-09-26last stage of rfc changes, using consistent Rs/Re blocks, and moving theJason McIntyre
references into a STANDARDS section;
2012-06-16Protect against fd exhaustion when reopening database files. Only acceptJonathan Matthew
client or control connections when there are at least 8 fds available, and close a connection before calling imsg_read if it would be unable to accept an fd from the parent process. ok gilles@
2012-04-24take a stab at documenting when arguments need quoted, and valid macroJason McIntyre
characters; prompted by a diff from robert peichaer org thanks gilles and henning for feedback ok deraadt zinke
2012-04-11rate limiting of accept() in various cases. Testing by jmatthew. thereTheo de Raadt
maybe still be a corner case where it needs one more file descriptor beyond the limit..
2012-04-01use our umask() before AF_UNIX bind() semantics; ok pyrTheo de Raadt
2011-06-23Use a common text explaining how the various configuration parsers usingStuart Henderson
the standard OpenBSD-style parse.y handle continuing lines with backslashes, paying particular attention to how comments are handled (which can cause nasty side-effects if you're not expecting it). Most wording from jmc@, with suggestions from fgsch@, marc@, Richard Toohey, patrick keshishian and Florian Obser, ok jmc@.
2011-01-28document available authentication types and formats.Martin Hedenfal
with tweaks from jmc@
2011-01-08Change detection of indefinite BER lenghts (which is not allowed). Only aMartin Hedenfal
length byte of 0x80 is now treated as meaning indefinite. This fixes empty sets sent by the winldap api. Makes authentication through pGina work. with william@
2010-12-17Unbreak simple passwords with SHA and salted SHA hashes. Revision 1.7Martin Hedenfal
introduced a bug that reversed the check. Found by MERIGHI Marcus.
2010-11-26Unbreak re-indexing by checking if an index entry already exists.Martin Hedenfal
2010-11-10Make -dvv flags produce debug traces of decoded BER messages on stderr.Martin Hedenfal
Also shows a hexdump of the input buffer if BER decoding fails. Useful when debugging protocol issues.
2010-11-10Prefix debug logging on stderr with time and pid, like syslog.Martin Hedenfal
2010-11-05If the base DN in a search request doesn't exist, return early.Martin Hedenfal
2010-11-05When draining the input buffer of more than two complete requests, anMartin Hedenfal
additional incomplete request would be truncated. This fixes the number of bytes consumed from the input buffer.
2010-11-05Change to read better after suggestion from jmc.Martin Hedenfal
2010-11-04Only LDAP version 3 is implemented.Martin Hedenfal
2010-11-04Document the syntax of schema files. Only a brief synopsis of the attributeMartin Hedenfal
type and object class syntax is given, the rest is referred to the RFC.
2010-11-04Publish matching rules in the cn=schema subentry as the matchingRulesMartin Hedenfal
attribute. This is an operational attribute and only returned if explicitly asked for. Required by RFC 4517.
2010-11-03Update the internal btree documentation to reflect the current api.Martin Hedenfal
2010-11-03Validate matching rules against attribute syntaxes. All matching rules fromMartin Hedenfal
RFC 4517 are recognized, except the optional wordMatch and keywordMatch. Requires a current core.schema file.
2010-11-03caseExactIA5Match is not an appropriate matching rule for directory stringsMartin Hedenfal
(syntax oid 1.3.6.1.4.1.1466.115.121.1.15). Use caseExactMatch instead. Prepares for upcoming validation of matching rules.
2010-11-03An index can now also be used for a presence filter.Martin Hedenfal
2010-11-03Evaluate filters according to the three-valued logic of X.511, as requiredMartin Hedenfal
by RFC 4511. A filter term can now be evaluated as undefined if the attribute description is not recognized, the attribute type doesn't define the appropriate matching rule, or the filtering is not implemented. This also implements the NOT filter in the query planner.
2010-11-02Clarify the current state of ldapd as not fully LDAPv3 compliant.Martin Hedenfal
2010-10-26Allow the userPassword attribute to specify a login class when usingwilliam
simple binds with BSD Authentication, using '#' as the delimiter, such as: userPassword: {BSDAUTH}username#loginclass Useful for auth modules that require parameters such as login_radius. ok martinh
2010-10-19Fix a segmentation fault when adding an attribute to an empty entry.Martin Hedenfal
2010-10-19When checking if the input buffer is large enough to hold an LDAP request,Martin Hedenfal
compare with available space, not the total space. This fixes rejection of messages when there are multiple requests queued in the input buffer.
2010-10-19Remember the bind DN after BSD authentication. This makes access controlMartin Hedenfal
work for SASL and BSDAUTH binds as it does for simple binds.
2010-10-18Missing ; to appease yyextract, ok martinh@Stuart Henderson
2010-10-07aginst -> against; from Luca CortiJason McIntyre
2010-09-24add missing .Ar;Jason McIntyre
2010-09-24add -s option. ok martinh@lum
2010-09-21Warn if schema file can't be opened.Martin Hedenfal
2010-09-20Implement support for bsdauth authentication via simple binds, not onlyMartin Hedenfal
SASL. This works by prefixing the userPassword attribute with {BSDAUTH}, followed by the (bsd) username. For example: userPassword: {BSDAUTH}username Idea by william@. Tested by william@.
2010-09-10RFC2247 -> RFC 2247;Jason McIntyre
2010-09-03Resolve matching rules from superior attribute types at schema load timeMartin Hedenfal
instead of when each attribute is validated.
2010-09-03Implement attribute syntaxes from RFC4517. This adds validation to the mostMartin Hedenfal
common attribute types. Specialized attribute types like Delivery Method or Teletex Terminal Identifier are recognized for completeness, but not validated.
2010-09-01Add missing leading string quote character in attribute type description.Martin Hedenfal
Caused syntax errors when parsing schema from the subschema.
2010-09-01Move generic imsg/libevent glue to a separate file.Martin Hedenfal
with eric@ at c2k10
2010-09-01Do not use FP arithmetic. Variation on a diff from Mike Belopuhov some time ago.Martin Hedenfal
2010-08-03fix linecount bug with comments spanning multiple linesHenning Brauer
problem reported with the obvious fix for bgpd by Sebastian Benoit <benoit-lists at fb12.de>, also PR 6432 applied to all the others by yours truly. ok theo isn't it amazing how far this parser (and more) spread?
2010-07-28Revert parts of previous change leading to assertion failure forMartin Hedenfal
certain modify operations. Also fix logic error when replacing an attribute with the empty set.
2010-07-26Fix a sigbus due to unaligned memory access, found when compacting onMartin Hedenfal
sparc64. reads ok to gilles@
2010-07-21Add a history section saying that ldapd/ldapctl first appeared in 4.8.Martin Hedenfal
2010-07-18Fix an unaligned memory access.Martin Hedenfal
2010-07-13Avoid double free in ldap modify requests. The values received in theMartin Hedenfal
modify request is linked into the stored ber structure, and then both are freed. Fix this by unlinking the values from the request.
2010-07-10Retry requests when the btree is busy. Without this, clients will just hangMartin Hedenfal
waiting for a response if the btree was being reopened when the request was received.
2010-07-06Send empty statistics rather than segfault if "ldapctl stats" is run when aMartin Hedenfal
database is being reopened due to compaction.
2010-07-06Plug another memory leak. Forgot to reset key returned from cursor, havingMartin Hedenfal
a reference to a cached page.