Age | Commit message (Collapse) | Author | |
---|---|---|---|
2016-08-27 | Pull in <sys/time.h> for gettimeofday() | Philip Guenther | |
ok deraadt@ | |||
2016-07-13 | Adjust existing tls_config_set_cipher() callers for TLS cipher group | Joel Sing | |
changes - map the previous configuration to the equivalent in the new groups. This will be revisited post release. Discussed with beck@ | |||
2016-06-21 | do not allow whitespace in macro names, i.e. "this is" = "a variable". | Sebastian Benoit | |
change this in all config parsers in our tree that support macros. problem reported by sven falempin. feedback from henning@, stsp@, deraadt@ ok florian@ mikeb@ | |||
2016-05-01 | convert ldapd to use the libtls api, bringing in a copy of the evbuffer_tls | Jonathan Matthew | |
code from syslogd. ok beck@ benno@ | |||
2016-03-20 | Currently we have about a 50/50 split over fcntl(n, F_GETFL [,0]) | Kenneth R Westerback | |
idioms. Adopt the more concise fcntl(n, F_GETFL) over fcntl(n, F_GETFL, 0) where it is obvious further investigation will not yield and even better way. Obviousness evaluation and ok guenther@ | |||
2016-02-04 | Minor ldapd -r tweaks | Jeremie Courreges-Anglas | |
- fix style - the string pointed to by datadir shouldn't be modified, use const - initialize datadir at compile time - in namespace.c, move the extern datadir decl above local decls | |||
2016-02-02 | use stat(2) instead of chdir(2) to check if given the directory is valid. | Gleydson Soares | |
OK landry@ jca@ | |||
2016-02-01 | some -r fixes; | Jason McIntyre | |
2016-02-01 | Add -r argument to ldapd, to specify an alternative directory to | Landry Breuil | |
store/read the database, still defaulting to /var/db/ldap. This will allow running totally separate instances, to be used by an upcoming regress suite for example. With a tweak from gsoares@ to check that the directory exists. ok dlg@ semarie@ jca@ | |||
2016-01-17 | Properly remove unix sockets (control & listening) upon exit of the | Landry Breuil | |
parent process. Child process was killed by pledge because it tried to remove the control socket and didnt have cpath - anyway it couldnt remove it since it had chrooted.. ok jmatthew@ deraadt@ | |||
2015-12-30 | SSL_CTX_free() and SSL_free() check for null so dont do it in ldapd | Sebastian Benoit | |
ok jung@ tedu@ deraadt@ | |||
2015-12-24 | bzero -> memset. No binary change. | mmcc | |
2015-12-24 | use strndup instead of malloc/strncpy/nul | mmcc | |
ok krw@ | |||
2015-12-22 | commiting -> committing | mmcc | |
2015-12-10 | Remove NULL-checks before free(). ok tb@ | mmcc | |
2015-12-05 | #include <string.h> not strings.h | Claudio Jeker | |
2015-11-02 | use SOCK_NONBLOCK instead of fcntl | Jonathan Matthew | |
ok dlg@ | |||
2015-11-02 | Both ldapd processes need "stdio" to talk to clients and each other. | Jonathan Matthew | |
The parent process opens database files ("rpath wpath cpath"), sends fds to the child ("sendfd"), and does bsd auth on behalf of the child ("getpw proc exec"). The child process accepts client connections ("inet unix"), receives fds from the parent ("recvfd") and locks database files ("flock"). ok deraadt@ | |||
2015-10-11 | The <ctype.h> is*() interfaces expect EOF or an unsigned char; cast to | Philip Guenther | |
(unsigned char) as required found by Michael McConville (mmcconv1 (at) sccs.swarthmore.edu) w/Coccinelle | |||
2015-06-03 | Do not assume that asprintf() clears the pointer on failure, which | Todd C. Miller | |
is non-portable. Also add missing asprintf() return value checks. OK deraadt@ guenther@ doug@ | |||
2015-02-12 | ber_printf_elements should return NULL if any of its parts fail. | Martin Pelikan | |
Leave the error handling up to its callers. ok reyk | |||
2015-02-11 | initialize a variable in case "goto done" makes us compare it | Martin Pelikan | |
found by clang, ok henning | |||
2015-01-28 | Remove ssl_by_mem_ctrl() and x509_mem_lookup to unbreak the build. It | Reyk Floeter | |
caused a conflict with a new function in LibreSSL but wasn't even used by ldapd. No functional change. OK deraadt@ | |||
2015-01-16 | change to <limits.h> universe. The only changes in the binary are due | Theo de Raadt | |
to the heavy use of assert. ok millert | |||
2014-11-20 | Don't allow embedded nul characters in strings. | Jonathan Gray | |
Fixes a pfctl crash with an anchor name containing an embedded nul found with the afl fuzzer. pfctl parse.y patch from and ok deraadt@ | |||
2014-11-16 | Convert the logic in the error function of the ldap schema parser. | Alexander Bluhm | |
Instead of creating a temporary format string, create a temporary message. OK doug@ | |||
2014-11-14 | Add gcc printf format attributes to yyerror() in parse.y files. | Doug Hogan | |
No yyerror() calls needed to be changed. ok bluhm@ | |||
2014-11-03 | Convert the logic in yyerror(). Instead of creating a temporary | Alexander Bluhm | |
format string, create a temporary message. OK claudio@ | |||
2014-09-21 | eliminate the use of a gcc C extension (conditionals with omitted | Daniel Dickman | |
operands). ok deraadt@ | |||
2014-09-13 | Replace all queue *_END macro calls except CIRCLEQ_END with NULL. | Doug Hogan | |
CIRCLEQ_* is deprecated and not called in the tree. The other queue types have *_END macros which were added for symmetry with CIRCLEQ_END. They are defined as NULL. There's no reason to keep the other *_END macro calls. ok millert@ | |||
2014-08-25 | Delete secret or secret-derived data with explicit_bzero. | Doug Hogan | |
concept ok deraadt@ diff looks ok tedu@ | |||
2014-08-11 | add a caveat about databases; | Jason McIntyre | |
From: Matthew Weigel ok gilles | |||
2014-07-16 | zap trailing newlines; "go for it" deraadt | Okan Demirmen | |
2014-07-13 | When the three possible return values are -1, 0, and 1, != 1 is the same | Kenneth R Westerback | |
as <= 0. And the latter is the normal idiom so use that. ok claudio@ henning@ | |||
2014-07-11 | add additional includes required to build with -DOPENSSL_NO_DEPRECATED | Jonathan Gray | |
2014-06-11 | rfc 4512, not 4712; | Jason McIntyre | |
From: route dylanharris org | |||
2014-04-15 | Remove workarounds for ld reaching MAXDSIZ on vax, now that MAXDSIZ is | Miod Vallat | |
more comfortable. Reminded by brad@ | |||
2014-01-22 | relax the cfg file secrecy check slightly to allow group readability | Henning Brauer | |
default permissions and mtree NOT changed. prodded by benno, ok phessler benno jmatthew theo pelikan florian | |||
2013-11-26 | deal with msgbuf_write EAGAIN, ok gilles benno | Henning Brauer | |
2013-11-25 | use u_char for buffers in yylex, for ctype calls | Sebastian Benoit | |
found by millert@, ok deraadt@ | |||
2013-11-23 | unsigned char casts for ctype | Theo de Raadt | |
ok jca | |||
2013-11-02 | bunch of format string cleanups, removing %i, signed vs unsigned, and even | Theo de Raadt | |
a few long long's ok jmatthew | |||
2013-09-07 | Change default ciphers to HIGH:!aNULL. | Federico G. Schwindt | |
reyk@ ok | |||
2013-08-20 | replace a predefined string with a mdoc macro; ok jmc, schwarze, sobrado | Mike Belopuhov | |
2013-08-14 | some Bx/Ox conversion; | Jason McIntyre | |
From: Jan Stary | |||
2013-08-06 | Switch vax to gcc 3.3.6. | Miod Vallat | |
2013-07-16 | use .Mt for email addresses; from Jan Stary <hans at stare dot cz>; ok jmc@ | Ingo Schwarze | |
2013-06-29 | do not use Sx for sections outwith the page; | Jason McIntyre | |
man4 still to go... | |||
2013-01-28 | ssl.c is a very old copy of smtpd's and didn't catch up the bump of the | Gilles Chehade | |
DH prime parameter. bring the update from smtpd... openldap client now accepts to connect to a ssl-enabled ldapd server, issue reported by Joel Carnat and Vadim Agarkov diff ok mikeb@ and martinh@ | |||
2012-11-12 | fix a potential memory leak; OK martinh@ sthen@ | Gleydson Soares | |