summaryrefslogtreecommitdiff
path: root/usr.sbin/ldapd
AgeCommit message (Collapse)Author
2016-08-27Pull in <sys/time.h> for gettimeofday()Philip Guenther
ok deraadt@
2016-07-13Adjust existing tls_config_set_cipher() callers for TLS cipher groupJoel Sing
changes - map the previous configuration to the equivalent in the new groups. This will be revisited post release. Discussed with beck@
2016-06-21do not allow whitespace in macro names, i.e. "this is" = "a variable".Sebastian Benoit
change this in all config parsers in our tree that support macros. problem reported by sven falempin. feedback from henning@, stsp@, deraadt@ ok florian@ mikeb@
2016-05-01convert ldapd to use the libtls api, bringing in a copy of the evbuffer_tlsJonathan Matthew
code from syslogd. ok beck@ benno@
2016-03-20Currently we have about a 50/50 split over fcntl(n, F_GETFL [,0])Kenneth R Westerback
idioms. Adopt the more concise fcntl(n, F_GETFL) over fcntl(n, F_GETFL, 0) where it is obvious further investigation will not yield and even better way. Obviousness evaluation and ok guenther@
2016-02-04Minor ldapd -r tweaksJeremie Courreges-Anglas
- fix style - the string pointed to by datadir shouldn't be modified, use const - initialize datadir at compile time - in namespace.c, move the extern datadir decl above local decls
2016-02-02use stat(2) instead of chdir(2) to check if given the directory is valid.Gleydson Soares
OK landry@ jca@
2016-02-01some -r fixes;Jason McIntyre
2016-02-01Add -r argument to ldapd, to specify an alternative directory toLandry Breuil
store/read the database, still defaulting to /var/db/ldap. This will allow running totally separate instances, to be used by an upcoming regress suite for example. With a tweak from gsoares@ to check that the directory exists. ok dlg@ semarie@ jca@
2016-01-17Properly remove unix sockets (control & listening) upon exit of theLandry Breuil
parent process. Child process was killed by pledge because it tried to remove the control socket and didnt have cpath - anyway it couldnt remove it since it had chrooted.. ok jmatthew@ deraadt@
2015-12-30SSL_CTX_free() and SSL_free() check for null so dont do it in ldapdSebastian Benoit
ok jung@ tedu@ deraadt@
2015-12-24bzero -> memset. No binary change.mmcc
2015-12-24use strndup instead of malloc/strncpy/nulmmcc
ok krw@
2015-12-22commiting -> committingmmcc
2015-12-10Remove NULL-checks before free(). ok tb@mmcc
2015-12-05#include <string.h> not strings.hClaudio Jeker
2015-11-02use SOCK_NONBLOCK instead of fcntlJonathan Matthew
ok dlg@
2015-11-02Both ldapd processes need "stdio" to talk to clients and each other.Jonathan Matthew
The parent process opens database files ("rpath wpath cpath"), sends fds to the child ("sendfd"), and does bsd auth on behalf of the child ("getpw proc exec"). The child process accepts client connections ("inet unix"), receives fds from the parent ("recvfd") and locks database files ("flock"). ok deraadt@
2015-10-11The <ctype.h> is*() interfaces expect EOF or an unsigned char; cast toPhilip Guenther
(unsigned char) as required found by Michael McConville (mmcconv1 (at) sccs.swarthmore.edu) w/Coccinelle
2015-06-03Do not assume that asprintf() clears the pointer on failure, whichTodd C. Miller
is non-portable. Also add missing asprintf() return value checks. OK deraadt@ guenther@ doug@
2015-02-12ber_printf_elements should return NULL if any of its parts fail.Martin Pelikan
Leave the error handling up to its callers. ok reyk
2015-02-11initialize a variable in case "goto done" makes us compare itMartin Pelikan
found by clang, ok henning
2015-01-28Remove ssl_by_mem_ctrl() and x509_mem_lookup to unbreak the build. ItReyk Floeter
caused a conflict with a new function in LibreSSL but wasn't even used by ldapd. No functional change. OK deraadt@
2015-01-16change to <limits.h> universe. The only changes in the binary are dueTheo de Raadt
to the heavy use of assert. ok millert
2014-11-20Don't allow embedded nul characters in strings.Jonathan Gray
Fixes a pfctl crash with an anchor name containing an embedded nul found with the afl fuzzer. pfctl parse.y patch from and ok deraadt@
2014-11-16Convert the logic in the error function of the ldap schema parser.Alexander Bluhm
Instead of creating a temporary format string, create a temporary message. OK doug@
2014-11-14Add gcc printf format attributes to yyerror() in parse.y files.Doug Hogan
No yyerror() calls needed to be changed. ok bluhm@
2014-11-03Convert the logic in yyerror(). Instead of creating a temporaryAlexander Bluhm
format string, create a temporary message. OK claudio@
2014-09-21eliminate the use of a gcc C extension (conditionals with omittedDaniel Dickman
operands). ok deraadt@
2014-09-13Replace all queue *_END macro calls except CIRCLEQ_END with NULL.Doug Hogan
CIRCLEQ_* is deprecated and not called in the tree. The other queue types have *_END macros which were added for symmetry with CIRCLEQ_END. They are defined as NULL. There's no reason to keep the other *_END macro calls. ok millert@
2014-08-25Delete secret or secret-derived data with explicit_bzero.Doug Hogan
concept ok deraadt@ diff looks ok tedu@
2014-08-11add a caveat about databases;Jason McIntyre
From: Matthew Weigel ok gilles
2014-07-16zap trailing newlines; "go for it" deraadtOkan Demirmen
2014-07-13When the three possible return values are -1, 0, and 1, != 1 is the sameKenneth R Westerback
as <= 0. And the latter is the normal idiom so use that. ok claudio@ henning@
2014-07-11add additional includes required to build with -DOPENSSL_NO_DEPRECATEDJonathan Gray
2014-06-11rfc 4512, not 4712;Jason McIntyre
From: route dylanharris org
2014-04-15Remove workarounds for ld reaching MAXDSIZ on vax, now that MAXDSIZ isMiod Vallat
more comfortable. Reminded by brad@
2014-01-22relax the cfg file secrecy check slightly to allow group readabilityHenning Brauer
default permissions and mtree NOT changed. prodded by benno, ok phessler benno jmatthew theo pelikan florian
2013-11-26deal with msgbuf_write EAGAIN, ok gilles bennoHenning Brauer
2013-11-25use u_char for buffers in yylex, for ctype callsSebastian Benoit
found by millert@, ok deraadt@
2013-11-23unsigned char casts for ctypeTheo de Raadt
ok jca
2013-11-02bunch of format string cleanups, removing %i, signed vs unsigned, and evenTheo de Raadt
a few long long's ok jmatthew
2013-09-07Change default ciphers to HIGH:!aNULL.Federico G. Schwindt
reyk@ ok
2013-08-20replace a predefined string with a mdoc macro; ok jmc, schwarze, sobradoMike Belopuhov
2013-08-14some Bx/Ox conversion;Jason McIntyre
From: Jan Stary
2013-08-06Switch vax to gcc 3.3.6.Miod Vallat
2013-07-16use .Mt for email addresses; from Jan Stary <hans at stare dot cz>; ok jmc@Ingo Schwarze
2013-06-29do not use Sx for sections outwith the page;Jason McIntyre
man4 still to go...
2013-01-28ssl.c is a very old copy of smtpd's and didn't catch up the bump of theGilles Chehade
DH prime parameter. bring the update from smtpd... openldap client now accepts to connect to a ssl-enabled ldapd server, issue reported by Joel Carnat and Vadim Agarkov diff ok mikeb@ and martinh@
2012-11-12fix a potential memory leak; OK martinh@ sthen@Gleydson Soares