![[BACK]](/icons/back.gif){kind=icon}
Up to [local] / src / usr.sbin / ldapd
Request diff between arbitrary revisions
Default branch: MAIN
Revision 1.43 / (download) - annotate - [select for diffs], Fri Oct 15 15:01:28 2021 UTC (2 years, 7 months ago) by naddy
Branch: MAIN
CVS Tags: OPENBSD_7_5_BASE,
OPENBSD_7_5,
OPENBSD_7_4_BASE,
OPENBSD_7_4,
OPENBSD_7_3_BASE,
OPENBSD_7_3,
OPENBSD_7_2_BASE,
OPENBSD_7_2,
OPENBSD_7_1_BASE,
OPENBSD_7_1,
HEAD
Changes since 1.42: +6 -6 lines
Diff to previous 1.42 (colored)
Don't declare variables as "unsigned char *" that are passed to functions that take "char *" arguments. Where such chars are assigned to int or passed to ctype functions, explicitly cast them to unsigned char. For OpenBSD's clang, -Wpointer-sign has been disabled by default, but when the parse.y code was built elsewhere, the compiler would complain. With help from millert@ ok benno@ deraadt@
Revision 1.42 / (download) - annotate - [select for diffs], Thu Oct 7 11:35:30 2021 UTC (2 years, 7 months ago) by claudio
Branch: MAIN
Changes since 1.41: +3 -2 lines
Diff to previous 1.41 (colored)
Call normalize_dn() on the newly added namespace so that later compares with normalized basedns work. Seems all other DN attributes in parse.y pass through normalize_dn() so this seems to be the last one missing out. With this configs using capitalized namespace DN like o=OpenBSD,c=CA will actually work. OK kn@ gsoares@
Revision 1.41 / (download) - annotate - [select for diffs], Thu Oct 7 11:32:36 2021 UTC (2 years, 7 months ago) by claudio
Branch: MAIN
Changes since 1.40: +2 -2 lines
Diff to previous 1.40 (colored)
Change host() error check to the more simple for of != 1. Host() return 1 on success and 0 or -1 on failure. OK kn@ gsoares@
Revision 1.40 / (download) - annotate - [select for diffs], Sun May 2 14:39:05 2021 UTC (3 years, 1 month ago) by martijn
Branch: MAIN
CVS Tags: OPENBSD_7_0_BASE,
OPENBSD_7_0
Changes since 1.39: +2 -2 lines
Diff to previous 1.39 (colored)
Fix having hostnames in the listen on statement. Regression introduced in r1.39. Issue originally reported by Anton Kasimov via rob@. OK claudio@
Revision 1.39 / (download) - annotate - [select for diffs], Sat Jan 9 14:51:45 2021 UTC (3 years, 4 months ago) by rob
Branch: MAIN
CVS Tags: OPENBSD_6_9_BASE,
OPENBSD_6_9
Changes since 1.38: +13 -18 lines
Diff to previous 1.38 (colored)
Remove locally imposed limit on sockets. Suggested by martijn@, ok claudio@
Revision 1.38 / (download) - annotate - [select for diffs], Wed Dec 30 18:41:33 2020 UTC (3 years, 5 months ago) by benno
Branch: MAIN
Changes since 1.37: +3 -1 lines
Diff to previous 1.37 (colored)
getifaddrs() can return entries where ifa_addr is NULL. Check for this before accessing anything in ifa_addr. ok claudio@
Revision 1.37 / (download) - annotate - [select for diffs], Sun Nov 29 19:48:35 2020 UTC (3 years, 6 months ago) by tb
Branch: MAIN
Changes since 1.36: +23 -13 lines
Diff to previous 1.36 (colored)
Fix cert and key path inference for absolute paths ldapd infers certificate and key paths from the configured certificate string. It appends ".crt" and ".key", respectively, and in the case of a relative path it also prepends "/etc/ldap/certs/". A logic error results in prepending "/etc/ldap/certs/" also for absolute paths. Avoid this by making the whole thing readable at the cost of a bit of verbosity. Problem reported by Maksim Rodin on misc@, thanks! Initial fix from me, committing an improved version on behalf of martijn. ok jmatthew, tb
Revision 1.36 / (download) - annotate - [select for diffs], Wed Jun 24 07:20:47 2020 UTC (3 years, 11 months ago) by tb
Branch: MAIN
CVS Tags: OPENBSD_6_8_BASE,
OPENBSD_6_8
Changes since 1.35: +26 -11 lines
Diff to previous 1.35 (colored)
Using the "ldaps" or "tls" keywords in ldapd.conf currently enables all protocols and ciphers. So you get a TLS server speaking TLSv1.0 and supporting cipher suites with RC4 and 3DES encryption, all of which should be considered broken. There is no way of disabling TLSv1.0 and TLSv1.1 in ldapd. All this is also not very clearly called out in the documentation. This commit switches the defaults to using the libtls defaults for both protocols and ciphers. If compatibility with the insecure legacy protocols and ciphers is needed, use the "legacy" keyword before "tls" or "ldaps" in ldapd.conf. tested by abieber. inoguchi agrees with the direction. ok beck
Revision 1.35 / (download) - annotate - [select for diffs], Wed Feb 13 22:57:08 2019 UTC (5 years, 3 months ago) by deraadt
Branch: MAIN
CVS Tags: OPENBSD_6_7_BASE,
OPENBSD_6_7,
OPENBSD_6_6_BASE,
OPENBSD_6_6,
OPENBSD_6_5_BASE,
OPENBSD_6_5
Changes since 1.34: +3 -3 lines
Diff to previous 1.34 (colored)
(unsigned) means (unsigned int) which on ptrdiff_t or size_t or other larger types really is a range reduction... Almost any cast to (unsigned) is a bug. ok millert tb benno
Revision 1.34 / (download) - annotate - [select for diffs], Thu Nov 1 00:18:44 2018 UTC (5 years, 7 months ago) by sashan
Branch: MAIN
Changes since 1.33: +3 -2 lines
Diff to previous 1.33 (colored)
- odd condition/test in PF lexer
(and other lexers too)
This commit rectifies earlier change:
in the lex... even inside quotes, a \ followed by space or tab should
expand to space or tab, and a \ followed by newline should be ignored
(as a line continuation). compatible with the needs of hoststated
(which has the most strict quoted string requirements), and ifstated
(where one commonly does line continuations in strings).
OK deraadt@, OK millert@
Revision 1.33 / (download) - annotate - [select for diffs], Fri Sep 7 07:35:31 2018 UTC (5 years, 8 months ago) by miko
Branch: MAIN
CVS Tags: OPENBSD_6_4_BASE,
OPENBSD_6_4
Changes since 1.32: +4 -9 lines
Diff to previous 1.32 (colored)
replace malloc()+strlcpy() with strndup() in cmdline_symset(). "looks good" gilles@ halex@
Revision 1.32 / (download) - annotate - [select for diffs], Wed Jul 11 07:39:22 2018 UTC (5 years, 10 months ago) by krw
Branch: MAIN
Changes since 1.31: +2 -2 lines
Diff to previous 1.31 (colored)
Do for most running out of memory err() what was done for most running
out of memory log_warn(). i.e. ("%s", __func__) instead of manual
function names and redundant verbiage about which wrapper detected the
out of memory condition.
ok henning@
Revision 1.31 / (download) - annotate - [select for diffs], Mon Jul 9 12:05:11 2018 UTC (5 years, 10 months ago) by krw
Branch: MAIN
Changes since 1.30: +5 -5 lines
Diff to previous 1.30 (colored)
No need to mention which memory allocation entry point failed (malloc, calloc or strdup), we just need to log that we ran out of memory in a particular function. Recommended by florian@ and deraadt@ ok benno@ henning@ tb@
Revision 1.30 / (download) - annotate - [select for diffs], Sun Jul 8 17:15:07 2018 UTC (5 years, 10 months ago) by krw
Branch: MAIN
Changes since 1.29: +3 -3 lines
Diff to previous 1.29 (colored)
Be consistent in warn() and log_warn() usage when running out of memory. Next step, be correct *and* consistent. ok dennis@ tb@ benno@ schwarze@
Revision 1.29 / (download) - annotate - [select for diffs], Mon Jun 11 18:19:03 2018 UTC (5 years, 11 months ago) by denis
Branch: MAIN
Changes since 1.28: +78 -47 lines
Diff to previous 1.28 (colored)
Fix an off-by-one line count when using include statements. Thanks to otto@ for the initial diff. OK benno@
Revision 1.28 / (download) - annotate - [select for diffs], Fri May 18 12:36:30 2018 UTC (6 years ago) by reyk
Branch: MAIN
Changes since 1.27: +1 -7 lines
Diff to previous 1.27 (colored)
Add support for attribute filter rules on search/read operations. OK jmatthew@
Revision 1.27 / (download) - annotate - [select for diffs], Mon May 14 07:53:47 2018 UTC (6 years ago) by reyk
Branch: MAIN
Changes since 1.26: +23 -8 lines
Diff to previous 1.26 (colored)
Add support to filter on attributes.
This can be used to allow users to change their password (and a few
other things) but not their entire dn. For example:
allow read access to any by self
allow write access to any attribute userPassword by self
This is currently only supported for "write" (modify, add, delete) and
not "read" (search) filter rules.
OK jmatthew@
Revision 1.26 / (download) - annotate - [select for diffs], Thu Apr 26 14:12:19 2018 UTC (6 years, 1 month ago) by krw
Branch: MAIN
Changes since 1.25: +3 -1 lines
Diff to previous 1.25 (colored)
Plug leak in error case of the common 'varset' implementations. ok benno@
Revision 1.25 / (download) - annotate - [select for diffs], Mon Aug 28 06:00:05 2017 UTC (6 years, 9 months ago) by florian
Branch: MAIN
CVS Tags: OPENBSD_6_3_BASE,
OPENBSD_6_3,
OPENBSD_6_2_BASE,
OPENBSD_6_2
Changes since 1.24: +2 -2 lines
Diff to previous 1.24 (colored)
65535 is a valid port to listen on. Off-by-one pointed out by and diff from Kris Katterjohn katterjohn AT gmail, thanks! chris@ pointed out that more than httpd(8) is effected. OK gilles@
Revision 1.24 / (download) - annotate - [select for diffs], Thu Apr 6 12:22:32 2017 UTC (7 years, 1 month ago) by gsoares
Branch: MAIN
Changes since 1.23: +4 -4 lines
Diff to previous 1.23 (colored)
use memset() instead of bzero() OK jmatthew
Revision 1.23 / (download) - annotate - [select for diffs], Fri Jan 20 11:55:08 2017 UTC (7 years, 4 months ago) by benno
Branch: MAIN
CVS Tags: OPENBSD_6_1_BASE,
OPENBSD_6_1
Changes since 1.22: +2 -1 lines
Diff to previous 1.22 (colored)
work on making log.c similar in all daemons: move daemon-local functions into new logmsg.c, and reduce the (mostly whitespace) differences so that log.c's can be diffed easily. ok krw@ jmatthew@
Revision 1.22 / (download) - annotate - [select for diffs], Thu Jan 5 13:53:09 2017 UTC (7 years, 4 months ago) by krw
Branch: MAIN
Changes since 1.21: +2 -3 lines
Diff to previous 1.21 (colored)
Replace hand-rolled for(;;) emptying of 'symhead' TAILQ with more modern TAILQ_FOREACH_SAFE(). No intentional functional change. ok millert@ bluhm@ gilles@
Revision 1.21 / (download) - annotate - [select for diffs], Thu Jan 5 12:42:18 2017 UTC (7 years, 4 months ago) by krw
Branch: MAIN
Changes since 1.20: +7 -5 lines
Diff to previous 1.20 (colored)
Replace symset()'s hand-rolled for(;;) traversal of 'symhead' TAILQ
with more modern TAILQ_FOREACH(). This what symget() was already
doing.
Add paranoia '{}' around body of symget()'s TAILQ_FOREACH().
No intentional functional change.
ok bluhm@ otto@
Revision 1.20 / (download) - annotate - [select for diffs], Wed Nov 30 07:57:21 2016 UTC (7 years, 6 months ago) by mestre
Branch: MAIN
Changes since 1.19: +6 -2 lines
Diff to previous 1.19 (colored)
Check return value of tls_config_set_protocols(3) and bail out in case of failure Feedback and OK jsing@
Revision 1.19 / (download) - annotate - [select for diffs], Wed Jul 13 16:35:47 2016 UTC (7 years, 10 months ago) by jsing
Branch: MAIN
CVS Tags: OPENBSD_6_0_BASE,
OPENBSD_6_0
Changes since 1.18: +2 -2 lines
Diff to previous 1.18 (colored)
Adjust existing tls_config_set_cipher() callers for TLS cipher group changes - map the previous configuration to the equivalent in the new groups. This will be revisited post release. Discussed with beck@
Revision 1.18 / (download) - annotate - [select for diffs], Tue Jun 21 21:35:24 2016 UTC (7 years, 11 months ago) by benno
Branch: MAIN
Changes since 1.17: +9 -1 lines
Diff to previous 1.17 (colored)
do not allow whitespace in macro names, i.e. "this is" = "a variable". change this in all config parsers in our tree that support macros. problem reported by sven falempin. feedback from henning@, stsp@, deraadt@ ok florian@ mikeb@
Revision 1.17 / (download) - annotate - [select for diffs], Sun May 1 00:32:37 2016 UTC (8 years, 1 month ago) by jmatthew
Branch: MAIN
Changes since 1.16: +95 -2 lines
Diff to previous 1.16 (colored)
convert ldapd to use the libtls api, bringing in a copy of the evbuffer_tls code from syslogd. ok beck@ benno@
Revision 1.16 / (download) - annotate - [select for diffs], Thu Nov 20 05:51:20 2014 UTC (9 years, 6 months ago) by jsg
Branch: MAIN
CVS Tags: OPENBSD_5_9_BASE,
OPENBSD_5_9,
OPENBSD_5_8_BASE,
OPENBSD_5_8,
OPENBSD_5_7_BASE,
OPENBSD_5_7
Changes since 1.15: +4 -1 lines
Diff to previous 1.15 (colored)
Don't allow embedded nul characters in strings. Fixes a pfctl crash with an anchor name containing an embedded nul found with the afl fuzzer. pfctl parse.y patch from and ok deraadt@
Revision 1.15 / (download) - annotate - [select for diffs], Fri Nov 14 03:20:36 2014 UTC (9 years, 6 months ago) by doug
Branch: MAIN
Changes since 1.14: +4 -2 lines
Diff to previous 1.14 (colored)
Add gcc printf format attributes to yyerror() in parse.y files. No yyerror() calls needed to be changed. ok bluhm@
Revision 1.14 / (download) - annotate - [select for diffs], Mon Nov 3 18:44:36 2014 UTC (9 years, 7 months ago) by bluhm
Branch: MAIN
Changes since 1.13: +6 -6 lines
Diff to previous 1.13 (colored)
Convert the logic in yyerror(). Instead of creating a temporary format string, create a temporary message. OK claudio@
Revision 1.13 / (download) - annotate - [select for diffs], Sun Sep 21 05:33:49 2014 UTC (9 years, 8 months ago) by daniel
Branch: MAIN
Changes since 1.12: +3 -3 lines
Diff to previous 1.12 (colored)
eliminate the use of a gcc C extension (conditionals with omitted operands). ok deraadt@
Revision 1.12 / (download) - annotate - [select for diffs], Wed Jan 22 00:21:16 2014 UTC (10 years, 4 months ago) by henning
Branch: MAIN
CVS Tags: OPENBSD_5_6_BASE,
OPENBSD_5_6,
OPENBSD_5_5_BASE,
OPENBSD_5_5
Changes since 1.11: +2 -2 lines
Diff to previous 1.11 (colored)
relax the cfg file secrecy check slightly to allow group readability default permissions and mtree NOT changed. prodded by benno, ok phessler benno jmatthew theo pelikan florian
Revision 1.11 / (download) - annotate - [select for diffs], Mon Nov 25 12:56:41 2013 UTC (10 years, 6 months ago) by benno
Branch: MAIN
Changes since 1.10: +7 -7 lines
Diff to previous 1.10 (colored)
use u_char for buffers in yylex, for ctype calls found by millert@, ok deraadt@
Revision 1.10 / (download) - annotate - [select for diffs], Mon Oct 18 13:29:49 2010 UTC (13 years, 7 months ago) by sthen
Branch: MAIN
CVS Tags: OPENBSD_5_4_BASE,
OPENBSD_5_4,
OPENBSD_5_3_BASE,
OPENBSD_5_3,
OPENBSD_5_2_BASE,
OPENBSD_5_2,
OPENBSD_5_1_BASE,
OPENBSD_5_1,
OPENBSD_5_0_BASE,
OPENBSD_5_0,
OPENBSD_4_9_BASE,
OPENBSD_4_9
Changes since 1.9: +7 -7 lines
Diff to previous 1.9 (colored)
Missing ; to appease yyextract, ok martinh@
Revision 1.9 / (download) - annotate - [select for diffs], Tue Aug 3 18:42:40 2010 UTC (13 years, 10 months ago) by henning
Branch: MAIN
CVS Tags: OPENBSD_4_8_BASE,
OPENBSD_4_8
Changes since 1.8: +4 -3 lines
Diff to previous 1.8 (colored)
fix linecount bug with comments spanning multiple lines problem reported with the obvious fix for bgpd by Sebastian Benoit <benoit-lists at fb12.de>, also PR 6432 applied to all the others by yours truly. ok theo isn't it amazing how far this parser (and more) spread?
Revision 1.8 / (download) - annotate - [select for diffs], Wed Jun 30 22:16:53 2010 UTC (13 years, 11 months ago) by martinh
Branch: MAIN
Changes since 1.7: +3 -1 lines
Diff to previous 1.7 (colored)
Set a default btree cache size.
Revision 1.7 / (download) - annotate - [select for diffs], Wed Jun 30 19:26:39 2010 UTC (13 years, 11 months ago) by martinh
Branch: MAIN
Changes since 1.6: +6 -1 lines
Diff to previous 1.6 (colored)
Add a global root user that is allowed to read/write entries in all local namespaces. Useful for dump/restore of all namespaces.
Revision 1.6 / (download) - annotate - [select for diffs], Tue Jun 29 21:54:38 2010 UTC (13 years, 11 months ago) by martinh
Branch: MAIN
Changes since 1.5: +25 -3 lines
Diff to previous 1.5 (colored)
Add support for referrals. Referrals are configured in the config file, either in the global context or in a namespace. The latter can be used to delegate requests to different servers for specific parts of the DIT. The former is a global catch-all referral.
Revision 1.5 / (download) - annotate - [select for diffs], Tue Jun 29 02:45:46 2010 UTC (13 years, 11 months ago) by martinh
Branch: MAIN
Changes since 1.4: +63 -478 lines
Diff to previous 1.4 (colored)
Rewrite the schema parser, as it's not a context-free grammar. This also brings the config parser more in line with other parse.y in the tree. The new schema parser also supports symbolic OID names. You need to update your /etc/ldapd.conf. Schema files are no longer included with the 'include' keyword, you have to use 'schema' for that. Moves schema-related structures to a separate include file to ease reuse.
Revision 1.4 / (download) - annotate - [select for diffs], Tue Jun 15 19:30:26 2010 UTC (13 years, 11 months ago) by martinh
Branch: MAIN
Changes since 1.3: +22 -1 lines
Diff to previous 1.3 (colored)
Move around some functions to ease re-use from ldapctl.
Revision 1.3 / (download) - annotate - [select for diffs], Wed Jun 2 09:12:13 2010 UTC (14 years ago) by martinh
Branch: MAIN
Changes since 1.2: +1 -2 lines
Diff to previous 1.2 (colored)
remove c++ comments ok gilles@
Revision 1.2 / (download) - annotate - [select for diffs], Mon May 31 18:29:04 2010 UTC (14 years ago) by martinh
Branch: MAIN
Changes since 1.1: +3 -3 lines
Diff to previous 1.1 (colored)
Remove trailing whitespace and spaces before tabs. ok gilles@
Revision 1.1 / (download) - annotate - [select for diffs], Mon May 31 17:36:31 2010 UTC (14 years ago) by martinh
Branch: MAIN
Initial import of ldapd, a small LDAP daemon. Work in progress. ok deraadt@ jacekm@ gilles@ back@ henning@ blambert@