| Age | Commit message (Collapse) | Author |
|---|
|
Diff from roklein <at> roklein <dot> de
OK claudio@
|
|
manual pages that document the corresponding configuration files;
OK jmc@, and general direction discussed with many
|
|
OK florian@
|
|
The handling of this changed with libutil/ber.c r1.12 resulting in starttls
failing.
Found by several.
Fix suggestion by roklein <at> roklein <dot> de
OK claudio@
|
|
so move our BER API to the unused ober_* prefix to avoid some
breakage in ports.
Problem diagnosed by jmatthew with ber_free() in samba, but
there are many others as pointed out by sthen.
tests & ok rob
ok sthen (who had an almost identical diff for libutil)
"go head hit it" deraadt
|
|
|
|
value < 0. errno is only updated in this case. Change all (most?)
callers of syscalls to follow this better, and let's see if this strictness
helps us in the future.
|
|
ok millert nicm tb, etc
|
|
ok guenther@, claudio@
|
|
snmpctl. Separate copies of ber.[ch] have existed and been maintained in sync
in ldap, ldapd, ypldap and snmpd.
This commit moves the BER API into /usr/lib/libutil. All current consumers
already link libutil. ldapd and snmpd regress passes, and release builds.
With help from tb@ and guenther@.
ok deraadt@, tb@
|
|
fixes a problem when handling large negative integers.
ok claudio@
|
|
descriptor keeps CLOEXEC flag then it will be closed unexpectedly by
exec().
ok tedu florian
|
|
larger types really is a range reduction...
Almost any cast to (unsigned) is a bug.
ok millert tb benno
|
|
results in a warning. Use either the original string value or use a cast.
This makes both clang and gcc happy.
OK guenther@
|
|
|
|
Found via snmpctl snmp walk 127.0.0.1 oid 1
OK claudio@
|
|
|
|
(and other lexers too)
This commit rectifies earlier change:
in the lex... even inside quotes, a \ followed by space or tab should
expand to space or tab, and a \ followed by newline should be ignored
(as a line continuation). compatible with the needs of hoststated
(which has the most strict quoted string requirements), and ifstated
(where one commonly does line continuations in strings).
OK deraadt@, OK millert@
|
|
"looks good" gilles@ halex@
|
|
OK millert@ gsoares@
|
|
|
|
ok claudio@
|
|
possible stack overflow due to recursion in ber_free_elements().
ok claudio@
|
|
ok claudio@
|
|
ok claudio@
|
|
This way the size is the same on all archs and 32bit should be good enough.
OK rob@
|
|
api uses read and write buffers (byte streams) that are utilized by calling
applications which may or may not use sockets.
ok claudio@
buffer byte streams that applications then use for
|
|
ok claudio@, jca@
|
|
out of memory log_warn(). i.e. ("%s", __func__) instead of manual
function names and redundant verbiage about which wrapper detected the
out of memory condition.
ok henning@
|
|
calloc or strdup), we just need to log that we ran out of memory in a
particular function.
Recommended by florian@ and deraadt@
ok benno@ henning@ tb@
|
|
After the removal of fd-based read/writes I could have trimmed the code
further.
- no socket-based reads so ber_read() doesn't need to loop until it gets
the desired amount of data
- return either the requested amount of data or -1/ECANCELED, the caller
shouldn't have to handle partial reads itself
- inline ber_readbuf() into ber_read()
ok rob@ claudio@ tb@
|
|
running out of memory.
Next step, be correct *and* consistent.
ok dennis@ tb@ benno@ schwarze@
|
|
|
|
|
|
can call ber_readbuf() in all cases. This resolves a problem previously
encountered with SNMPv3 authentication, simplifies the code, and completes a
full synchronization of all ber instances.
Proposed by claudio@. Problematic use case in snmpd tested by sthen@ and me.
ldap(s) appear happy as well.
looks good to claudio@
|
|
Ok benno@
|
|
See usr.sbin/snmpd/ber.c revision 1.24 commit log for a summary of these
changes (e.g. SNMPv2 traps, User-based Security Model, callback for USM HMAC
calculations).
There is one final ber piece to copy from the snmpd instance related to
ber_getc() which will be done in a separate diff.
"looks good to me" deraadt@
|
|
|
|
Ok reyk@
|
|
with snmpd. More tweaks to come once things are fully synchronized.
Feedback from claudio and Robert Klein.
Ok claudio@
|
|
OK jca@
|
|
passwords. A similar fix was applied to snmpd in 2010 (rev 1.23).
Pointers from Reyk.
Ok claudio@
|
|
Thanks to otto@ for the initial diff.
OK benno@
|
|
OK jmatthew@
|
|
ldapd failed when the specified limits were reached instead of
exceeded. This fixes search queries that define such a limit, for
example with "ldapsearch -z 1".
Thanks to Christophe Simon for the bug report, analysis, and fix!
OK jmatthew@
|
|
OK benno@ jmatthew@
|
|
Pointed out by jmc@
|
|
This can be used to allow users to change their password (and a few
other things) but not their entire dn. For example:
allow read access to any by self
allow write access to any attribute userPassword by self
This is currently only supported for "write" (modify, add, delete) and
not "read" (search) filter rules.
OK jmatthew@
|
|
ok benno@
|
|
Delete a bunch of unnecessary #includes and sort to match style(9)
while doing the above cleanup.
ok deraadt@ krw@
|
