summaryrefslogtreecommitdiff
path: root/usr.sbin/ypldap
AgeCommit message (Collapse)Author
2019-02-13(unsigned) means (unsigned int) which on ptrdiff_t or size_t or otherTheo de Raadt
larger types really is a range reduction... Almost any cast to (unsigned) is a bug. ok millert tb benno
2019-01-17use $OpenBSD markers onlyTed Unangst
2018-11-29update for libtls default cert changes.Ted Unangst
bonus: this exposed a few missing const qualifiers.
2018-11-27Sync aldap and ber with ldap(1).Martijn van Duren
OK claudio@
2018-11-20Fix when ber_free_elements is called with a NULL-value.Martijn van Duren
Found via snmpctl snmp walk 127.0.0.1 oid 1 OK claudio@
2018-11-06Use TLS_CA_CERT_FILE instead of a separate define.Joel Sing
ok beck@ bluhm@ tb@
2018-11-01- odd condition/test in PF lexerAlexandr Nedvedicky
(and other lexers too) This commit rectifies earlier change: in the lex... even inside quotes, a \ followed by space or tab should expand to space or tab, and a \ followed by newline should be ignored (as a line continuation). compatible with the needs of hoststated (which has the most strict quoted string requirements), and ifstated (where one commonly does line continuations in strings). OK deraadt@, OK millert@
2018-09-07replace malloc()+strlcpy() with strndup() in cmdline_symset().miko
"looks good" gilles@ halex@
2018-08-12Change ber_write_elements() to return ssize_t instead of int.rob
ok claudio@
2018-08-03Place a limit on the number of elements in a ber sequence/set. This preventsrob
possible stack overflow due to recursion in ber_free_elements(). ok claudio@
2018-07-31Relocate some public functions above the internal functions comment.rob
ok claudio@
2018-07-31Fix some debugging output now that ber type and encoding are unsigned int.rob
ok claudio@
2018-07-31Make ber type and encoding a unsigned int instead of unsigned long.Claudio Jeker
This way the size is the same on all archs and 32bit should be good enough. OK rob@
2018-07-13Fix some comments referencing sockets which are not used by the ber api. Therob
api uses read and write buffers (byte streams) that are utilized by calling applications which may or may not use sockets. ok claudio@ buffer byte streams that applications then use for
2018-07-13Fix loop condition in ber.c. Discussed with claudio.rob
ok claudio@, jca@
2018-07-11Do for most running out of memory err() what was done for most runningKenneth R Westerback
out of memory log_warn(). i.e. ("%s", __func__) instead of manual function names and redundant verbiage about which wrapper detected the out of memory condition. ok henning@
2018-07-09No need to mention which memory allocation entry point failed (malloc,Kenneth R Westerback
calloc or strdup), we just need to log that we ran out of memory in a particular function. Recommended by florian@ and deraadt@ ok benno@ henning@ tb@
2018-07-09Simplify ber_read()Jeremie Courreges-Anglas
After the removal of fd-based read/writes I could have trimmed the code further. - no socket-based reads so ber_read() doesn't need to loop until it gets the desired amount of data - return either the requested amount of data or -1/ECANCELED, the caller shouldn't have to handle partial reads itself - inline ber_readbuf() into ber_read() ok rob@ claudio@ tb@
2018-07-08Be consistent in warn() and log_warn() usage whenKenneth R Westerback
running out of memory. Next step, be correct *and* consistent. ok dennis@ tb@ benno@ schwarze@
2018-07-04More whitespace.rob
2018-07-04Cleanup some whitespace.rob
2018-07-04Relocate the update of br_offs from ber_read() to ber_readbuf() so ber_getc()rob
can call ber_readbuf() in all cases. This resolves a problem previously encountered with SNMPv3 authentication, simplifies the code, and completes a full synchronization of all ber instances. Proposed by claudio@. Problematic use case in snmpd tested by sthen@ and me. ldap(s) appear happy as well. looks good to claudio@
2018-07-03Synchronize ber changes from the snmpd instance to ldap, ldapd, and ypldap.rob
See usr.sbin/snmpd/ber.c revision 1.24 commit log for a summary of these changes (e.g. SNMPv2 traps, User-based Security Model, callback for USM HMAC calculations). There is one final ber piece to copy from the snmpd instance related to ber_getc() which will be done in a separate diff. "looks good to me" deraadt@
2018-07-01s/constructive/constructed in DPRINTF output.rob
2018-06-29Consistent use of copyright notices.rob
Ok reyk@
2018-06-29Synchronize ber.c and ber.h across ldap, ldapd, and ypldap, and reduce diffrob
with snmpd. More tweaks to come once things are fully synchronized. Feedback from claudio and Robert Klein. Ok claudio@
2018-06-27Synchronize some comments.rob
2018-06-27Consistent use of calloc in ber.c.rob
Ok claudio@, "looks right" gsoares@
2018-06-27Synchronize correct processing of BER_TYPE_EOC. Fixes support for empty LDAProb
passwords. A similar fix was applied to snmpd in 2010 (rev 1.23). Pointers from Reyk. Ok claudio@
2018-06-21Sync aldap from ldap(1).Reyk Floeter
This also fixes the _url functions that was previously #ifdef'ed out. OK claudio@
2018-06-18remove the SECTIONS header, since a one line DESCRIPTION is a bit silly;Jason McIntyre
use a more general text for the sections, and avoid the catchup issue that was trying to document how many there were; ok benno rob
2018-06-11Fix an off-by-one line count when using include statements.denis
Thanks to otto@ for the initial diff. OK benno@
2018-04-26Plug leak in error case of the common 'varset' implementations.Kenneth R Westerback
ok benno@
2018-02-08Kill ber.c support for direct fd read/writesJeremie Courreges-Anglas
This mechanism is already unused and annotated with lots of XXX's, no need to keep it around. ok claudio@
2017-12-21Close the right file descriptor and clean up the tls context in aldap_close().Jonathan Matthew
ok zhuk@ deraadt@
2017-12-07Now that we have RB_NFIND, the canacar's trick with RB_INSERT+RB_NEXTVadim Zhukov
is not needed anymore. okay jmatthew@
2017-12-07client_addr_init() never fails and its return value is never checked,Vadim Zhukov
so just make it void. okay jmatthew@
2017-12-07Fix a potential fd leak in client_aldap_open().Vadim Zhukov
okay jmatthew@
2017-08-29missing word; from raf czlonkaJason McIntyre
2017-08-2865535 is a valid port to listen on.Florian Obser
Off-by-one pointed out by and diff from Kris Katterjohn katterjohn AT gmail, thanks! chris@ pointed out that more than httpd(8) is effected. OK gilles@
2017-07-12Log when we have finished pushing users and groupsJeremie Courreges-Anglas
Helps people testing new configurations. From Kurt Mosiejczuk
2017-07-03no need to generate y.tab.h if nothing uses it, set YFLAGS to nothingMarc Espie
instead of CLEANFILES += y.tab.h okay millert@
2017-05-30remove an extra .Ed;Jason McIntyre
2017-05-30Teach ypldap to use tls when connecting to ldap servers.Jonathan Matthew
libtls help from jsing@, linker help from deraadt@
2017-04-17don't manipulate hdr.len, it's used internally by libutil now; ok florian@Otto Moerbeek
2017-03-27simplify parseval() by allocating a buffer the size of the input string,Jonathan Matthew
which will always be big enough to hold the output string. ok dlg@
2017-03-21From a syslog perspective it does not make sense to log fatal andAlexander Bluhm
warn with the same severity. Switch log_warn() to LOG_ERR and keep fatal() at LOG_CRIT. OK reyk@ florian@
2017-02-03Stop assuming that in_{addr,port}_t are typedefed in <sys/types.h> andPhilip Guenther
instead pull in <netinet/in.h> or <arpa/inet.h> when those are needed. ok florian@ beck@ millert@
2017-01-20work on making log.c similar in all daemons:Sebastian Benoit
reduce the (mostly whitespace) differences so that log.c's can be diffed easily. disclaimer change ok henning@. ok krw@ jmatthew@
2017-01-05Replace hand-rolled for(;;) emptying of 'symhead' TAILQ with moreKenneth R Westerback
modern TAILQ_FOREACH_SAFE(). No intentional functional change. ok millert@ bluhm@ gilles@