Improve the conn_err() bufferevent error callback. To better report errors.
OK kn@

avoid use after free
ok jmatthew@

Add void to conn_close_any()

This makes the function definition match the prototype and silences a
clang-15 warning.

The ber_* namespace is used by liblber since time immemorial,
so move our BER API to the unused ober_* prefix to avoid some
breakage in ports.

Problem diagnosed by jmatthew with ber_free() in samba, but
there are many others as pointed out by sthen.

tests & ok rob
ok sthen (who had an almost identical diff for libutil)
"go head hit it" deraadt

branches: 1.17.6;
Make ber type and encoding a unsigned int instead of unsigned long.
This way the size is the same on all archs and 32bit should be good enough.
OK rob@

Fix format string errors in log messages and update ldapd to use relayd's log.c

OK benno@ jmatthew@

Kill ber.c support for direct fd read/writes

This mechanism is already unused and annotated with lots of XXX's, no
need to keep it around. ok claudio@

work on making log.c similar in all daemons:

move daemon-local functions into new logmsg.c, and reduce
the (mostly whitespace) differences so that log.c's can be diffed easily.

ok krw@ jmatthew@

convert ldapd to use the libtls api, bringing in a copy of the evbuffer_tls
code from syslogd.

ok beck@ benno@

use SOCK_NONBLOCK instead of fcntl

ok dlg@

bunch of format string cleanups, removing %i, signed vs unsigned, and even
a few long long's
ok jmatthew

Protect against fd exhaustion when reopening database files. Only accept
client or control connections when there are at least 8 fds available,
and close a connection before calling imsg_read if it would be unable to
accept an fd from the parent process.

ok gilles@

rate limiting of accept() in various cases. Testing by jmatthew. there
maybe still be a corner case where it needs one more file descriptor
beyond the limit..

Make -dvv flags produce debug traces of decoded BER messages on stderr.
Also shows a hexdump of the input buffer if BER decoding fails.
Useful when debugging protocol issues.

When draining the input buffer of more than two complete requests, an
additional incomplete request would be truncated. This fixes the number of
bytes consumed from the input buffer.

Remember the bind DN after BSD authentication. This makes access control
work for SASL and BSDAUTH binds as it does for simple binds.

Implement the LDAP compare operation.

Remember on what listener a connection got from, and return protocol error
if trying to use starttls without a configured certificate, instead of just
blocking the client.

return value unused, found by lint

Remove trailing whitespace and spaces before tabs.

ok gilles@

Initial import of ldapd, a small LDAP daemon. Work in progress.

ok deraadt@ jacekm@ gilles@ back@ henning@ blambert@

avoid use after free
ok jmatthew@

Add void to conn_close_any()

This makes the function definition match the prototype and silences a
clang-15 warning.

The ber_* namespace is used by liblber since time immemorial,
so move our BER API to the unused ober_* prefix to avoid some
breakage in ports.

Problem diagnosed by jmatthew with ber_free() in samba, but
there are many others as pointed out by sthen.

tests & ok rob
ok sthen (who had an almost identical diff for libutil)
"go head hit it" deraadt

branches: 1.17.6;
Make ber type and encoding a unsigned int instead of unsigned long.
This way the size is the same on all archs and 32bit should be good enough.
OK rob@

Fix format string errors in log messages and update ldapd to use relayd's log.c

OK benno@ jmatthew@

Kill ber.c support for direct fd read/writes

This mechanism is already unused and annotated with lots of XXX's, no
need to keep it around. ok claudio@

work on making log.c similar in all daemons:

move daemon-local functions into new logmsg.c, and reduce
the (mostly whitespace) differences so that log.c's can be diffed easily.

ok krw@ jmatthew@

convert ldapd to use the libtls api, bringing in a copy of the evbuffer_tls
code from syslogd.

ok beck@ benno@

use SOCK_NONBLOCK instead of fcntl

ok dlg@

bunch of format string cleanups, removing %i, signed vs unsigned, and even
a few long long's
ok jmatthew

Protect against fd exhaustion when reopening database files. Only accept
client or control connections when there are at least 8 fds available,
and close a connection before calling imsg_read if it would be unable to
accept an fd from the parent process.

ok gilles@

rate limiting of accept() in various cases. Testing by jmatthew. there
maybe still be a corner case where it needs one more file descriptor
beyond the limit..

Make -dvv flags produce debug traces of decoded BER messages on stderr.
Also shows a hexdump of the input buffer if BER decoding fails.
Useful when debugging protocol issues.

When draining the input buffer of more than two complete requests, an
additional incomplete request would be truncated. This fixes the number of
bytes consumed from the input buffer.

Remember the bind DN after BSD authentication. This makes access control
work for SASL and BSDAUTH binds as it does for simple binds.

Implement the LDAP compare operation.

Remember on what listener a connection got from, and return protocol error
if trying to use starttls without a configured certificate, instead of just
blocking the client.

return value unused, found by lint

Remove trailing whitespace and spaces before tabs.

ok gilles@

Initial import of ldapd, a small LDAP daemon. Work in progress.

ok deraadt@ jacekm@ gilles@ back@ henning@ blambert@

Add void to conn_close_any()

This makes the function definition match the prototype and silences a
clang-15 warning.

The ber_* namespace is used by liblber since time immemorial,
so move our BER API to the unused ober_* prefix to avoid some
breakage in ports.

Problem diagnosed by jmatthew with ber_free() in samba, but
there are many others as pointed out by sthen.

tests & ok rob
ok sthen (who had an almost identical diff for libutil)
"go head hit it" deraadt

branches: 1.17.6;
Make ber type and encoding a unsigned int instead of unsigned long.
This way the size is the same on all archs and 32bit should be good enough.
OK rob@

Fix format string errors in log messages and update ldapd to use relayd's log.c

OK benno@ jmatthew@

Kill ber.c support for direct fd read/writes

This mechanism is already unused and annotated with lots of XXX's, no
need to keep it around. ok claudio@

work on making log.c similar in all daemons:

move daemon-local functions into new logmsg.c, and reduce
the (mostly whitespace) differences so that log.c's can be diffed easily.

ok krw@ jmatthew@

convert ldapd to use the libtls api, bringing in a copy of the evbuffer_tls
code from syslogd.

ok beck@ benno@

use SOCK_NONBLOCK instead of fcntl

ok dlg@

bunch of format string cleanups, removing %i, signed vs unsigned, and even
a few long long's
ok jmatthew

Protect against fd exhaustion when reopening database files. Only accept
client or control connections when there are at least 8 fds available,
and close a connection before calling imsg_read if it would be unable to
accept an fd from the parent process.

ok gilles@

rate limiting of accept() in various cases. Testing by jmatthew. there
maybe still be a corner case where it needs one more file descriptor
beyond the limit..

Make -dvv flags produce debug traces of decoded BER messages on stderr.
Also shows a hexdump of the input buffer if BER decoding fails.
Useful when debugging protocol issues.

When draining the input buffer of more than two complete requests, an
additional incomplete request would be truncated. This fixes the number of
bytes consumed from the input buffer.

Remember the bind DN after BSD authentication. This makes access control
work for SASL and BSDAUTH binds as it does for simple binds.

Implement the LDAP compare operation.

Remember on what listener a connection got from, and return protocol error
if trying to use starttls without a configured certificate, instead of just
blocking the client.

return value unused, found by lint

Remove trailing whitespace and spaces before tabs.

ok gilles@

Initial import of ldapd, a small LDAP daemon. Work in progress.

ok deraadt@ jacekm@ gilles@ back@ henning@ blambert@

The ber_* namespace is used by liblber since time immemorial,
so move our BER API to the unused ober_* prefix to avoid some
breakage in ports.

Problem diagnosed by jmatthew with ber_free() in samba, but
there are many others as pointed out by sthen.

tests & ok rob
ok sthen (who had an almost identical diff for libutil)
"go head hit it" deraadt

Make ber type and encoding a unsigned int instead of unsigned long.
This way the size is the same on all archs and 32bit should be good enough.
OK rob@

Fix format string errors in log messages and update ldapd to use relayd's log.c

OK benno@ jmatthew@

Kill ber.c support for direct fd read/writes

This mechanism is already unused and annotated with lots of XXX's, no
need to keep it around. ok claudio@

work on making log.c similar in all daemons:

move daemon-local functions into new logmsg.c, and reduce
the (mostly whitespace) differences so that log.c's can be diffed easily.

ok krw@ jmatthew@

convert ldapd to use the libtls api, bringing in a copy of the evbuffer_tls
code from syslogd.

ok beck@ benno@

use SOCK_NONBLOCK instead of fcntl

ok dlg@

bunch of format string cleanups, removing %i, signed vs unsigned, and even
a few long long's
ok jmatthew

Protect against fd exhaustion when reopening database files. Only accept
client or control connections when there are at least 8 fds available,
and close a connection before calling imsg_read if it would be unable to
accept an fd from the parent process.

ok gilles@

rate limiting of accept() in various cases. Testing by jmatthew. there
maybe still be a corner case where it needs one more file descriptor
beyond the limit..

Make -dvv flags produce debug traces of decoded BER messages on stderr.
Also shows a hexdump of the input buffer if BER decoding fails.
Useful when debugging protocol issues.

When draining the input buffer of more than two complete requests, an
additional incomplete request would be truncated. This fixes the number of
bytes consumed from the input buffer.

Remember the bind DN after BSD authentication. This makes access control
work for SASL and BSDAUTH binds as it does for simple binds.

Implement the LDAP compare operation.

Remember on what listener a connection got from, and return protocol error
if trying to use starttls without a configured certificate, instead of just
blocking the client.

return value unused, found by lint

Remove trailing whitespace and spaces before tabs.

ok gilles@

Initial import of ldapd, a small LDAP daemon. Work in progress.

ok deraadt@ jacekm@ gilles@ back@ henning@ blambert@

Make ber type and encoding a unsigned int instead of unsigned long.
This way the size is the same on all archs and 32bit should be good enough.
OK rob@

Fix format string errors in log messages and update ldapd to use relayd's log.c

OK benno@ jmatthew@

Kill ber.c support for direct fd read/writes

This mechanism is already unused and annotated with lots of XXX's, no
need to keep it around. ok claudio@

work on making log.c similar in all daemons:

move daemon-local functions into new logmsg.c, and reduce
the (mostly whitespace) differences so that log.c's can be diffed easily.

ok krw@ jmatthew@

convert ldapd to use the libtls api, bringing in a copy of the evbuffer_tls
code from syslogd.

ok beck@ benno@

use SOCK_NONBLOCK instead of fcntl

ok dlg@

bunch of format string cleanups, removing %i, signed vs unsigned, and even
a few long long's
ok jmatthew

Protect against fd exhaustion when reopening database files. Only accept
client or control connections when there are at least 8 fds available,
and close a connection before calling imsg_read if it would be unable to
accept an fd from the parent process.

ok gilles@

rate limiting of accept() in various cases. Testing by jmatthew. there
maybe still be a corner case where it needs one more file descriptor
beyond the limit..

Make -dvv flags produce debug traces of decoded BER messages on stderr.
Also shows a hexdump of the input buffer if BER decoding fails.
Useful when debugging protocol issues.

When draining the input buffer of more than two complete requests, an
additional incomplete request would be truncated. This fixes the number of
bytes consumed from the input buffer.

Remember the bind DN after BSD authentication. This makes access control
work for SASL and BSDAUTH binds as it does for simple binds.

Implement the LDAP compare operation.

Remember on what listener a connection got from, and return protocol error
if trying to use starttls without a configured certificate, instead of just
blocking the client.

return value unused, found by lint

Remove trailing whitespace and spaces before tabs.

ok gilles@

Initial import of ldapd, a small LDAP daemon. Work in progress.

ok deraadt@ jacekm@ gilles@ back@ henning@ blambert@

Fix format string errors in log messages and update ldapd to use relayd's log.c

OK benno@ jmatthew@

Kill ber.c support for direct fd read/writes

This mechanism is already unused and annotated with lots of XXX's, no
need to keep it around. ok claudio@

work on making log.c similar in all daemons:

move daemon-local functions into new logmsg.c, and reduce
the (mostly whitespace) differences so that log.c's can be diffed easily.

ok krw@ jmatthew@

convert ldapd to use the libtls api, bringing in a copy of the evbuffer_tls
code from syslogd.

ok beck@ benno@

use SOCK_NONBLOCK instead of fcntl

ok dlg@

bunch of format string cleanups, removing %i, signed vs unsigned, and even
a few long long's
ok jmatthew

Protect against fd exhaustion when reopening database files. Only accept
client or control connections when there are at least 8 fds available,
and close a connection before calling imsg_read if it would be unable to
accept an fd from the parent process.

ok gilles@

rate limiting of accept() in various cases. Testing by jmatthew. there
maybe still be a corner case where it needs one more file descriptor
beyond the limit..

Make -dvv flags produce debug traces of decoded BER messages on stderr.
Also shows a hexdump of the input buffer if BER decoding fails.
Useful when debugging protocol issues.

When draining the input buffer of more than two complete requests, an
additional incomplete request would be truncated. This fixes the number of
bytes consumed from the input buffer.

Remember the bind DN after BSD authentication. This makes access control
work for SASL and BSDAUTH binds as it does for simple binds.

Implement the LDAP compare operation.

Remember on what listener a connection got from, and return protocol error
if trying to use starttls without a configured certificate, instead of just
blocking the client.

return value unused, found by lint

Remove trailing whitespace and spaces before tabs.

ok gilles@

Initial import of ldapd, a small LDAP daemon. Work in progress.

ok deraadt@ jacekm@ gilles@ back@ henning@ blambert@

Kill ber.c support for direct fd read/writes

This mechanism is already unused and annotated with lots of XXX's, no
need to keep it around. ok claudio@

work on making log.c similar in all daemons:

move daemon-local functions into new logmsg.c, and reduce
the (mostly whitespace) differences so that log.c's can be diffed easily.

ok krw@ jmatthew@

convert ldapd to use the libtls api, bringing in a copy of the evbuffer_tls
code from syslogd.

ok beck@ benno@

use SOCK_NONBLOCK instead of fcntl

ok dlg@

bunch of format string cleanups, removing %i, signed vs unsigned, and even
a few long long's
ok jmatthew

Protect against fd exhaustion when reopening database files. Only accept
client or control connections when there are at least 8 fds available,
and close a connection before calling imsg_read if it would be unable to
accept an fd from the parent process.

ok gilles@

rate limiting of accept() in various cases. Testing by jmatthew. there
maybe still be a corner case where it needs one more file descriptor
beyond the limit..

Make -dvv flags produce debug traces of decoded BER messages on stderr.
Also shows a hexdump of the input buffer if BER decoding fails.
Useful when debugging protocol issues.

When draining the input buffer of more than two complete requests, an
additional incomplete request would be truncated. This fixes the number of
bytes consumed from the input buffer.

Remember the bind DN after BSD authentication. This makes access control
work for SASL and BSDAUTH binds as it does for simple binds.

Implement the LDAP compare operation.

Remember on what listener a connection got from, and return protocol error
if trying to use starttls without a configured certificate, instead of just
blocking the client.

return value unused, found by lint

Remove trailing whitespace and spaces before tabs.

ok gilles@

Initial import of ldapd, a small LDAP daemon. Work in progress.

ok deraadt@ jacekm@ gilles@ back@ henning@ blambert@

work on making log.c similar in all daemons:

move daemon-local functions into new logmsg.c, and reduce
the (mostly whitespace) differences so that log.c's can be diffed easily.

ok krw@ jmatthew@

convert ldapd to use the libtls api, bringing in a copy of the evbuffer_tls
code from syslogd.

ok beck@ benno@

use SOCK_NONBLOCK instead of fcntl

ok dlg@

bunch of format string cleanups, removing %i, signed vs unsigned, and even
a few long long's
ok jmatthew

Protect against fd exhaustion when reopening database files. Only accept
client or control connections when there are at least 8 fds available,
and close a connection before calling imsg_read if it would be unable to
accept an fd from the parent process.

ok gilles@

rate limiting of accept() in various cases. Testing by jmatthew. there
maybe still be a corner case where it needs one more file descriptor
beyond the limit..

Make -dvv flags produce debug traces of decoded BER messages on stderr.
Also shows a hexdump of the input buffer if BER decoding fails.
Useful when debugging protocol issues.

When draining the input buffer of more than two complete requests, an
additional incomplete request would be truncated. This fixes the number of
bytes consumed from the input buffer.

Remember the bind DN after BSD authentication. This makes access control
work for SASL and BSDAUTH binds as it does for simple binds.

Implement the LDAP compare operation.

Remember on what listener a connection got from, and return protocol error
if trying to use starttls without a configured certificate, instead of just
blocking the client.

return value unused, found by lint

Remove trailing whitespace and spaces before tabs.

ok gilles@

Initial import of ldapd, a small LDAP daemon. Work in progress.

ok deraadt@ jacekm@ gilles@ back@ henning@ blambert@