Age | Commit message (Collapse) | Author | |
---|---|---|---|
2012-11-12 | fix a potential memory leak; OK martinh@ sthen@ | Gleydson Soares | |
2012-09-26 | last stage of rfc changes, using consistent Rs/Re blocks, and moving the | Jason McIntyre | |
references into a STANDARDS section; | |||
2012-06-16 | Protect against fd exhaustion when reopening database files. Only accept | Jonathan Matthew | |
client or control connections when there are at least 8 fds available, and close a connection before calling imsg_read if it would be unable to accept an fd from the parent process. ok gilles@ | |||
2012-04-24 | take a stab at documenting when arguments need quoted, and valid macro | Jason McIntyre | |
characters; prompted by a diff from robert peichaer org thanks gilles and henning for feedback ok deraadt zinke | |||
2012-04-11 | rate limiting of accept() in various cases. Testing by jmatthew. there | Theo de Raadt | |
maybe still be a corner case where it needs one more file descriptor beyond the limit.. | |||
2012-04-01 | use our umask() before AF_UNIX bind() semantics; ok pyr | Theo de Raadt | |
2011-06-23 | Use a common text explaining how the various configuration parsers using | Stuart Henderson | |
the standard OpenBSD-style parse.y handle continuing lines with backslashes, paying particular attention to how comments are handled (which can cause nasty side-effects if you're not expecting it). Most wording from jmc@, with suggestions from fgsch@, marc@, Richard Toohey, patrick keshishian and Florian Obser, ok jmc@. | |||
2011-01-28 | document available authentication types and formats. | Martin Hedenfal | |
with tweaks from jmc@ | |||
2011-01-08 | Change detection of indefinite BER lenghts (which is not allowed). Only a | Martin Hedenfal | |
length byte of 0x80 is now treated as meaning indefinite. This fixes empty sets sent by the winldap api. Makes authentication through pGina work. with william@ | |||
2010-12-17 | Unbreak simple passwords with SHA and salted SHA hashes. Revision 1.7 | Martin Hedenfal | |
introduced a bug that reversed the check. Found by MERIGHI Marcus. | |||
2010-11-26 | Unbreak re-indexing by checking if an index entry already exists. | Martin Hedenfal | |
2010-11-10 | Make -dvv flags produce debug traces of decoded BER messages on stderr. | Martin Hedenfal | |
Also shows a hexdump of the input buffer if BER decoding fails. Useful when debugging protocol issues. | |||
2010-11-10 | Prefix debug logging on stderr with time and pid, like syslog. | Martin Hedenfal | |
2010-11-05 | If the base DN in a search request doesn't exist, return early. | Martin Hedenfal | |
2010-11-05 | When draining the input buffer of more than two complete requests, an | Martin Hedenfal | |
additional incomplete request would be truncated. This fixes the number of bytes consumed from the input buffer. | |||
2010-11-05 | Change to read better after suggestion from jmc. | Martin Hedenfal | |
2010-11-04 | Only LDAP version 3 is implemented. | Martin Hedenfal | |
2010-11-04 | Document the syntax of schema files. Only a brief synopsis of the attribute | Martin Hedenfal | |
type and object class syntax is given, the rest is referred to the RFC. | |||
2010-11-04 | Publish matching rules in the cn=schema subentry as the matchingRules | Martin Hedenfal | |
attribute. This is an operational attribute and only returned if explicitly asked for. Required by RFC 4517. | |||
2010-11-03 | Update the internal btree documentation to reflect the current api. | Martin Hedenfal | |
2010-11-03 | Validate matching rules against attribute syntaxes. All matching rules from | Martin Hedenfal | |
RFC 4517 are recognized, except the optional wordMatch and keywordMatch. Requires a current core.schema file. | |||
2010-11-03 | caseExactIA5Match is not an appropriate matching rule for directory strings | Martin Hedenfal | |
(syntax oid 1.3.6.1.4.1.1466.115.121.1.15). Use caseExactMatch instead. Prepares for upcoming validation of matching rules. | |||
2010-11-03 | An index can now also be used for a presence filter. | Martin Hedenfal | |
2010-11-03 | Evaluate filters according to the three-valued logic of X.511, as required | Martin Hedenfal | |
by RFC 4511. A filter term can now be evaluated as undefined if the attribute description is not recognized, the attribute type doesn't define the appropriate matching rule, or the filtering is not implemented. This also implements the NOT filter in the query planner. | |||
2010-11-02 | Clarify the current state of ldapd as not fully LDAPv3 compliant. | Martin Hedenfal | |
2010-10-26 | Allow the userPassword attribute to specify a login class when using | william | |
simple binds with BSD Authentication, using '#' as the delimiter, such as: userPassword: {BSDAUTH}username#loginclass Useful for auth modules that require parameters such as login_radius. ok martinh | |||
2010-10-19 | Fix a segmentation fault when adding an attribute to an empty entry. | Martin Hedenfal | |
2010-10-19 | When checking if the input buffer is large enough to hold an LDAP request, | Martin Hedenfal | |
compare with available space, not the total space. This fixes rejection of messages when there are multiple requests queued in the input buffer. | |||
2010-10-19 | Remember the bind DN after BSD authentication. This makes access control | Martin Hedenfal | |
work for SASL and BSDAUTH binds as it does for simple binds. | |||
2010-10-18 | Missing ; to appease yyextract, ok martinh@ | Stuart Henderson | |
2010-10-07 | aginst -> against; from Luca Corti | Jason McIntyre | |
2010-09-24 | add missing .Ar; | Jason McIntyre | |
2010-09-24 | add -s option. ok martinh@ | lum | |
2010-09-21 | Warn if schema file can't be opened. | Martin Hedenfal | |
2010-09-20 | Implement support for bsdauth authentication via simple binds, not only | Martin Hedenfal | |
SASL. This works by prefixing the userPassword attribute with {BSDAUTH}, followed by the (bsd) username. For example: userPassword: {BSDAUTH}username Idea by william@. Tested by william@. | |||
2010-09-10 | RFC2247 -> RFC 2247; | Jason McIntyre | |
2010-09-03 | Resolve matching rules from superior attribute types at schema load time | Martin Hedenfal | |
instead of when each attribute is validated. | |||
2010-09-03 | Implement attribute syntaxes from RFC4517. This adds validation to the most | Martin Hedenfal | |
common attribute types. Specialized attribute types like Delivery Method or Teletex Terminal Identifier are recognized for completeness, but not validated. | |||
2010-09-01 | Add missing leading string quote character in attribute type description. | Martin Hedenfal | |
Caused syntax errors when parsing schema from the subschema. | |||
2010-09-01 | Move generic imsg/libevent glue to a separate file. | Martin Hedenfal | |
with eric@ at c2k10 | |||
2010-09-01 | Do not use FP arithmetic. Variation on a diff from Mike Belopuhov some time ago. | Martin Hedenfal | |
2010-08-03 | fix linecount bug with comments spanning multiple lines | Henning Brauer | |
problem reported with the obvious fix for bgpd by Sebastian Benoit <benoit-lists at fb12.de>, also PR 6432 applied to all the others by yours truly. ok theo isn't it amazing how far this parser (and more) spread? | |||
2010-07-28 | Revert parts of previous change leading to assertion failure for | Martin Hedenfal | |
certain modify operations. Also fix logic error when replacing an attribute with the empty set. | |||
2010-07-26 | Fix a sigbus due to unaligned memory access, found when compacting on | Martin Hedenfal | |
sparc64. reads ok to gilles@ | |||
2010-07-21 | Add a history section saying that ldapd/ldapctl first appeared in 4.8. | Martin Hedenfal | |
2010-07-18 | Fix an unaligned memory access. | Martin Hedenfal | |
2010-07-13 | Avoid double free in ldap modify requests. The values received in the | Martin Hedenfal | |
modify request is linked into the stored ber structure, and then both are freed. Fix this by unlinking the values from the request. | |||
2010-07-10 | Retry requests when the btree is busy. Without this, clients will just hang | Martin Hedenfal | |
waiting for a response if the btree was being reopened when the request was received. | |||
2010-07-06 | Send empty statistics rather than segfault if "ldapctl stats" is run when a | Martin Hedenfal | |
database is being reopened due to compaction. | |||
2010-07-06 | Plug another memory leak. Forgot to reset key returned from cursor, having | Martin Hedenfal | |
a reference to a cached page. |