summaryrefslogtreecommitdiff
path: root/usr.sbin/ldapd
AgeCommit message (Collapse)Author
2019-04-27Only apply sign extension when less than eight bytes have been consumed. Thisrob
fixes a problem when handling large negative integers. ok claudio@
2019-03-31Avoid calling dup2(oldd, newd) when oldd == newd. In that case theYASUOKA Masahiko
descriptor keeps CLOEXEC flag then it will be closed unexpectedly by exec(). ok tedu florian
2019-02-13(unsigned) means (unsigned int) which on ptrdiff_t or size_t or otherTheo de Raadt
larger types really is a range reduction... Almost any cast to (unsigned) is a bug. ok millert tb benno
2018-12-05key.data is a void *, on gcc archs doing a %s printf with such a pointerClaudio Jeker
results in a warning. Use either the original string value or use a cast. This makes both clang and gcc happy. OK guenther@
2018-11-27Sync with ldap(1)Martijn van Duren
2018-11-20Fix when ber_free_elements is called with a NULL-value.Martijn van Duren
Found via snmpctl snmp walk 127.0.0.1 oid 1 OK claudio@
2018-11-04some tweaks from raf czlonka, plus one more from me;Jason McIntyre
2018-11-01- odd condition/test in PF lexerAlexandr Nedvedicky
(and other lexers too) This commit rectifies earlier change: in the lex... even inside quotes, a \ followed by space or tab should expand to space or tab, and a \ followed by newline should be ignored (as a line continuation). compatible with the needs of hoststated (which has the most strict quoted string requirements), and ifstated (where one commonly does line continuations in strings). OK deraadt@, OK millert@
2018-09-07replace malloc()+strlcpy() with strndup() in cmdline_symset().miko
"looks good" gilles@ halex@
2018-08-27Undefined plans can never match. Check for that before trying to use the plan.Claudio Jeker
OK millert@ gsoares@
2018-08-27Wrap some overly long lines. No functional changeClaudio Jeker
2018-08-12Change ber_write_elements() to return ssize_t instead of int.rob
ok claudio@
2018-08-03Place a limit on the number of elements in a ber sequence/set. This preventsrob
possible stack overflow due to recursion in ber_free_elements(). ok claudio@
2018-07-31Relocate some public functions above the internal functions comment.rob
ok claudio@
2018-07-31Fix some debugging output now that ber type and encoding are unsigned int.rob
ok claudio@
2018-07-31Make ber type and encoding a unsigned int instead of unsigned long.Claudio Jeker
This way the size is the same on all archs and 32bit should be good enough. OK rob@
2018-07-13Fix some comments referencing sockets which are not used by the ber api. Therob
api uses read and write buffers (byte streams) that are utilized by calling applications which may or may not use sockets. ok claudio@ buffer byte streams that applications then use for
2018-07-13Fix loop condition in ber.c. Discussed with claudio.rob
ok claudio@, jca@
2018-07-11Do for most running out of memory err() what was done for most runningKenneth R Westerback
out of memory log_warn(). i.e. ("%s", __func__) instead of manual function names and redundant verbiage about which wrapper detected the out of memory condition. ok henning@
2018-07-09No need to mention which memory allocation entry point failed (malloc,Kenneth R Westerback
calloc or strdup), we just need to log that we ran out of memory in a particular function. Recommended by florian@ and deraadt@ ok benno@ henning@ tb@
2018-07-09Simplify ber_read()Jeremie Courreges-Anglas
After the removal of fd-based read/writes I could have trimmed the code further. - no socket-based reads so ber_read() doesn't need to loop until it gets the desired amount of data - return either the requested amount of data or -1/ECANCELED, the caller shouldn't have to handle partial reads itself - inline ber_readbuf() into ber_read() ok rob@ claudio@ tb@
2018-07-08Be consistent in warn() and log_warn() usage whenKenneth R Westerback
running out of memory. Next step, be correct *and* consistent. ok dennis@ tb@ benno@ schwarze@
2018-07-04More whitespace.rob
2018-07-04Cleanup some whitespace.rob
2018-07-04Relocate the update of br_offs from ber_read() to ber_readbuf() so ber_getc()rob
can call ber_readbuf() in all cases. This resolves a problem previously encountered with SNMPv3 authentication, simplifies the code, and completes a full synchronization of all ber instances. Proposed by claudio@. Problematic use case in snmpd tested by sthen@ and me. ldap(s) appear happy as well. looks good to claudio@
2018-07-04Avoid possible vfprintf NULL errors in ldap_unbind().rob
Ok benno@
2018-07-03Synchronize ber changes from the snmpd instance to ldap, ldapd, and ypldap.rob
See usr.sbin/snmpd/ber.c revision 1.24 commit log for a summary of these changes (e.g. SNMPv2 traps, User-based Security Model, callback for USM HMAC calculations). There is one final ber piece to copy from the snmpd instance related to ber_getc() which will be done in a separate diff. "looks good to me" deraadt@
2018-07-01s/constructive/constructed in DPRINTF output.rob
2018-06-29Consistent use of copyright notices.rob
Ok reyk@
2018-06-29Synchronize ber.c and ber.h across ldap, ldapd, and ypldap, and reduce diffrob
with snmpd. More tweaks to come once things are fully synchronized. Feedback from claudio and Robert Klein. Ok claudio@
2018-06-28avoid passing NULL to asprintf(3) when there's no parent dn entryGleydson Soares
OK jca@
2018-06-27Synchronize correct processing of BER_TYPE_EOC. Fixes support for empty LDAProb
passwords. A similar fix was applied to snmpd in 2010 (rev 1.23). Pointers from Reyk. Ok claudio@
2018-06-11Fix an off-by-one line count when using include statements.denis
Thanks to otto@ for the initial diff. OK benno@
2018-05-18Add support for attribute filter rules on search/read operations.Reyk Floeter
OK jmatthew@
2018-05-16Fix the client search request time and size limits.Reyk Floeter
ldapd failed when the specified limits were reached instead of exceeded. This fixes search queries that define such a limit, for example with "ldapsearch -z 1". Thanks to Christophe Simon for the bug report, analysis, and fix! OK jmatthew@
2018-05-15Fix format string errors in log messages and update ldapd to use relayd's log.cReyk Floeter
OK benno@ jmatthew@
2018-05-14Remove duplicated word ("scope scope").Reyk Floeter
Pointed out by jmc@
2018-05-14Add support to filter on attributes.Reyk Floeter
This can be used to allow users to change their password (and a few other things) but not their entire dn. For example: allow read access to any by self allow write access to any attribute userPassword by self This is currently only supported for "write" (modify, add, delete) and not "read" (search) filter rules. OK jmatthew@
2018-04-26Plug leak in error case of the common 'varset' implementations.Kenneth R Westerback
ok benno@
2018-04-26Use <fcntl.h> instead of <sys/file.h> for open() and friends.Philip Guenther
Delete a bunch of unnecessary #includes and sort to match style(9) while doing the above cleanup. ok deraadt@ krw@
2018-02-08Kill ber.c support for direct fd read/writesJeremie Courreges-Anglas
This mechanism is already unused and annotated with lots of XXX's, no need to keep it around. ok claudio@
2017-08-2865535 is a valid port to listen on.Florian Obser
Off-by-one pointed out by and diff from Kris Katterjohn katterjohn AT gmail, thanks! chris@ pointed out that more than httpd(8) is effected. OK gilles@
2017-07-28One negation is enough; pointed out by clang.Florian Obser
OK gsoares who says that he forgot about the same diff for months and that millert@ had OK'ed it.
2017-07-04It does not make sense to use ioctl(FIONREAD) with TLS as libtlsAlexander Bluhm
has already read the buffer from kernel to user land. I have blindly copied this code from libevent for syslogd(8) TLS, remove it together with the bug. It caused hangs in ldapd(8). report, analysis, testing, OK Seiya Kawashima, Robert Klein, gsoares@
2017-05-28Fix checks for seconds and timezones in generalized times.Jonathan Matthew
Fixing the CHECK_RANGE macro in r1.4 revealed that the seconds check accidentally relied on the macro being broken. While looking into this I noticed that the timezone check was also wrong, treating the timezone as optional for generalized times. investigation and diff mostly by Seiya Kawashima.
2017-05-26Don't overflow uint16 when the filesystem block size is >32K.Stuart Henderson
Reported and initial diagnosis from Allan Streib, help/ok millert deraadt
2017-04-13multi-statement CHECK_RANGE() macro isn't safe for all placements, andTheo de Raadt
needs to use "do {} while 0" idiom; all callers need repair also. Discovered by jsg
2017-04-06use memset() instead of bzero()Gleydson Soares
OK jmatthew
2017-03-21From a syslog perspective it does not make sense to log fatal andAlexander Bluhm
warn with the same severity. Switch log_warn() to LOG_ERR and keep fatal() at LOG_CRIT. OK reyk@ florian@
2017-03-03Internally libssl uses 16k buffer, the libevent TLS wrapper usesAlexander Bluhm
4k read buffer. This can hang ldapd(8). Setting both to 16k improves the situation. report Seiya Kawashima; feedback Robert Klein; test and OK gsoares@