remove prototypes with no matching function and externs with no var
partly checked by millert@

PATH_MAX+1 rarely makes sense, and abort if this happens in the imsg.
ok jmatthew millert

Move TAILQ initialization to files where they are used.

These priv-sep daemons all follow a similar design and use TAILQs
for tracking control process connections. In most cases, the TAILQs
are initialized separate from where they are used. Since the scope
of use is generally confined to a specific control process file,
this commit also removes any extern definitions and exposing the
TAILQ structures to other compilation units.

ok bluhm@, tb@

these programs (with common ancestry) had a -fno-common problem related
to privsep_procid.
ok mortimer

Remove locally imposed limit on sockets.

Suggested by martijn@, ok claudio@

Using the "ldaps" or "tls" keywords in ldapd.conf currently enables all
protocols and ciphers. So you get a TLS server speaking TLSv1.0 and
supporting cipher suites with RC4 and 3DES encryption, all of which should
be considered broken. There is no way of disabling TLSv1.0 and TLSv1.1 in
ldapd. All this is also not very clearly called out in the documentation.

This commit switches the defaults to using the libtls defaults for both
protocols and ciphers. If compatibility with the insecure legacy protocols
and ciphers is needed, use the "legacy" keyword before "tls" or "ldaps" in
ldapd.conf.

tested by abieber.
inoguchi agrees with the direction.

ok beck

Make ber type and encoding a unsigned int instead of unsigned long.
This way the size is the same on all archs and 32bit should be good enough.
OK rob@

Fix format string errors in log messages and update ldapd to use relayd's log.c

OK benno@ jmatthew@

Add support to filter on attributes.

This can be used to allow users to change their password (and a few
other things) but not their entire dn. For example:

allow read access to any by self
allow write access to any attribute userPassword by self

This is currently only supported for "write" (modify, add, delete) and
not "read" (search) filter rules.

OK jmatthew@

Implement fork+exec model

OK jmatthew@

work on making log.c similar in all daemons:

move daemon-local functions into new logmsg.c, and reduce
the (mostly whitespace) differences so that log.c's can be diffed easily.

ok krw@ jmatthew@

convert ldapd to use the libtls api, bringing in a copy of the evbuffer_tls
code from syslogd.

ok beck@ benno@

use SOCK_NONBLOCK instead of fcntl

ok dlg@

change to <limits.h> universe. The only changes in the binary are due
to the heavy use of assert.
ok millert

Protect against fd exhaustion when reopening database files. Only accept
client or control connections when there are at least 8 fds available,
and close a connection before calling imsg_read if it would be unable to
accept an fd from the parent process.

ok gilles@

rate limiting of accept() in various cases. Testing by jmatthew. there
maybe still be a corner case where it needs one more file descriptor
beyond the limit..

Make -dvv flags produce debug traces of decoded BER messages on stderr.
Also shows a hexdump of the input buffer if BER decoding fails.
Useful when debugging protocol issues.

Evaluate filters according to the three-valued logic of X.511, as required
by RFC 4511. A filter term can now be evaluated as undefined if the
attribute description is not recognized, the attribute type doesn't define
the appropriate matching rule, or the filtering is not implemented.

This also implements the NOT filter in the query planner.

Remember the bind DN after BSD authentication. This makes access control
work for SASL and BSDAUTH binds as it does for simple binds.

Move generic imsg/libevent glue to a separate file.

with eric@ at c2k10

Retry requests when the btree is busy. Without this, clients will just hang
waiting for a response if the btree was being reopened when the request was
received.

Implement the LDAP compare operation.

Add a global root user that is allowed to read/write entries in all local
namespaces. Useful for dump/restore of all namespaces.

Add support for referrals. Referrals are configured in the config file,
either in the global context or in a namespace. The latter can be used to
delegate requests to different servers for specific parts of the DIT. The
former is a global catch-all referral.

Remember on what listener a connection got from, and return protocol error
if trying to use starttls without a configured certificate, instead of just
blocking the client.

Rewrite the schema parser, as it's not a context-free grammar.
This also brings the config parser more in line with other parse.y in the
tree. The new schema parser also supports symbolic OID names.

You need to update your /etc/ldapd.conf. Schema files are no longer
included with the 'include' keyword, you have to use 'schema' for that.

Moves schema-related structures to a separate include file to ease reuse.

return value unused, found by lint

Remove unused code.

remove an unused typedef

remove leftovers from old compaction code

Remove compaction and indexing from ldapd. It is better done by a separate
process now that the btree can pick up the changes automatically.

Move around some functions to ease re-use from ldapctl.

Make modify and simple auth requests open their own transactions, as search
already does. Trigger a reopen imsg request if either the data or index
databases are compacted. Queue the failed request and try again when the
file is reopened.

Compaction can now be done by a separate process, and ldapd will pick up
the change and reopen the file.

Implement support in the parent to (re-)open database files on behalf of
the unprivileged child over imsg. Part of a larger change that will fix
database compaction.

Wrap searches in a read-only transaction so it is guaranteed to see a
consistent snapshot of the database.

Also fixes a couple of format string errors for long long ints.

Open database files before chrooting, and use an absolute path to
the database files, instead of relying on the chrooted-to path.

This breaks compaction as the ldape process can't re-open the
database files. This is being worked on.

ok gilles@

Initial import of ldapd, a small LDAP daemon. Work in progress.

ok deraadt@ jacekm@ gilles@ back@ henning@ blambert@

PATH_MAX+1 rarely makes sense, and abort if this happens in the imsg.
ok jmatthew millert

Move TAILQ initialization to files where they are used.

These priv-sep daemons all follow a similar design and use TAILQs
for tracking control process connections. In most cases, the TAILQs
are initialized separate from where they are used. Since the scope
of use is generally confined to a specific control process file,
this commit also removes any extern definitions and exposing the
TAILQ structures to other compilation units.

ok bluhm@, tb@

these programs (with common ancestry) had a -fno-common problem related
to privsep_procid.
ok mortimer

Remove locally imposed limit on sockets.

Suggested by martijn@, ok claudio@

Using the "ldaps" or "tls" keywords in ldapd.conf currently enables all
protocols and ciphers. So you get a TLS server speaking TLSv1.0 and
supporting cipher suites with RC4 and 3DES encryption, all of which should
be considered broken. There is no way of disabling TLSv1.0 and TLSv1.1 in
ldapd. All this is also not very clearly called out in the documentation.

This commit switches the defaults to using the libtls defaults for both
protocols and ciphers. If compatibility with the insecure legacy protocols
and ciphers is needed, use the "legacy" keyword before "tls" or "ldaps" in
ldapd.conf.

tested by abieber.
inoguchi agrees with the direction.

ok beck

Make ber type and encoding a unsigned int instead of unsigned long.
This way the size is the same on all archs and 32bit should be good enough.
OK rob@

Fix format string errors in log messages and update ldapd to use relayd's log.c

OK benno@ jmatthew@

Add support to filter on attributes.

This can be used to allow users to change their password (and a few
other things) but not their entire dn. For example:

allow read access to any by self
allow write access to any attribute userPassword by self

This is currently only supported for "write" (modify, add, delete) and
not "read" (search) filter rules.

OK jmatthew@

Implement fork+exec model

OK jmatthew@

work on making log.c similar in all daemons:

move daemon-local functions into new logmsg.c, and reduce
the (mostly whitespace) differences so that log.c's can be diffed easily.

ok krw@ jmatthew@

convert ldapd to use the libtls api, bringing in a copy of the evbuffer_tls
code from syslogd.

ok beck@ benno@

use SOCK_NONBLOCK instead of fcntl

ok dlg@

change to <limits.h> universe. The only changes in the binary are due
to the heavy use of assert.
ok millert

Protect against fd exhaustion when reopening database files. Only accept
client or control connections when there are at least 8 fds available,
and close a connection before calling imsg_read if it would be unable to
accept an fd from the parent process.

ok gilles@

rate limiting of accept() in various cases. Testing by jmatthew. there
maybe still be a corner case where it needs one more file descriptor
beyond the limit..

Make -dvv flags produce debug traces of decoded BER messages on stderr.
Also shows a hexdump of the input buffer if BER decoding fails.
Useful when debugging protocol issues.

Evaluate filters according to the three-valued logic of X.511, as required
by RFC 4511. A filter term can now be evaluated as undefined if the
attribute description is not recognized, the attribute type doesn't define
the appropriate matching rule, or the filtering is not implemented.

This also implements the NOT filter in the query planner.

Remember the bind DN after BSD authentication. This makes access control
work for SASL and BSDAUTH binds as it does for simple binds.

Move generic imsg/libevent glue to a separate file.

with eric@ at c2k10

Retry requests when the btree is busy. Without this, clients will just hang
waiting for a response if the btree was being reopened when the request was
received.

Implement the LDAP compare operation.

Add a global root user that is allowed to read/write entries in all local
namespaces. Useful for dump/restore of all namespaces.

Add support for referrals. Referrals are configured in the config file,
either in the global context or in a namespace. The latter can be used to
delegate requests to different servers for specific parts of the DIT. The
former is a global catch-all referral.

Remember on what listener a connection got from, and return protocol error
if trying to use starttls without a configured certificate, instead of just
blocking the client.

Rewrite the schema parser, as it's not a context-free grammar.
This also brings the config parser more in line with other parse.y in the
tree. The new schema parser also supports symbolic OID names.

You need to update your /etc/ldapd.conf. Schema files are no longer
included with the 'include' keyword, you have to use 'schema' for that.

Moves schema-related structures to a separate include file to ease reuse.

return value unused, found by lint

Remove unused code.

remove an unused typedef

remove leftovers from old compaction code

Remove compaction and indexing from ldapd. It is better done by a separate
process now that the btree can pick up the changes automatically.

Move around some functions to ease re-use from ldapctl.

Make modify and simple auth requests open their own transactions, as search
already does. Trigger a reopen imsg request if either the data or index
databases are compacted. Queue the failed request and try again when the
file is reopened.

Compaction can now be done by a separate process, and ldapd will pick up
the change and reopen the file.

Implement support in the parent to (re-)open database files on behalf of
the unprivileged child over imsg. Part of a larger change that will fix
database compaction.

Wrap searches in a read-only transaction so it is guaranteed to see a
consistent snapshot of the database.

Also fixes a couple of format string errors for long long ints.

Open database files before chrooting, and use an absolute path to
the database files, instead of relying on the chrooted-to path.

This breaks compaction as the ldape process can't re-open the
database files. This is being worked on.

ok gilles@

Initial import of ldapd, a small LDAP daemon. Work in progress.

ok deraadt@ jacekm@ gilles@ back@ henning@ blambert@

Move TAILQ initialization to files where they are used.

These priv-sep daemons all follow a similar design and use TAILQs
for tracking control process connections. In most cases, the TAILQs
are initialized separate from where they are used. Since the scope
of use is generally confined to a specific control process file,
this commit also removes any extern definitions and exposing the
TAILQ structures to other compilation units.

ok bluhm@, tb@

these programs (with common ancestry) had a -fno-common problem related
to privsep_procid.
ok mortimer

Remove locally imposed limit on sockets.

Suggested by martijn@, ok claudio@

Using the "ldaps" or "tls" keywords in ldapd.conf currently enables all
protocols and ciphers. So you get a TLS server speaking TLSv1.0 and
supporting cipher suites with RC4 and 3DES encryption, all of which should
be considered broken. There is no way of disabling TLSv1.0 and TLSv1.1 in
ldapd. All this is also not very clearly called out in the documentation.

This commit switches the defaults to using the libtls defaults for both
protocols and ciphers. If compatibility with the insecure legacy protocols
and ciphers is needed, use the "legacy" keyword before "tls" or "ldaps" in
ldapd.conf.

tested by abieber.
inoguchi agrees with the direction.

ok beck

Make ber type and encoding a unsigned int instead of unsigned long.
This way the size is the same on all archs and 32bit should be good enough.
OK rob@

Fix format string errors in log messages and update ldapd to use relayd's log.c

OK benno@ jmatthew@

Add support to filter on attributes.

This can be used to allow users to change their password (and a few
other things) but not their entire dn. For example:

allow read access to any by self
allow write access to any attribute userPassword by self

This is currently only supported for "write" (modify, add, delete) and
not "read" (search) filter rules.

OK jmatthew@

Implement fork+exec model

OK jmatthew@

work on making log.c similar in all daemons:

move daemon-local functions into new logmsg.c, and reduce
the (mostly whitespace) differences so that log.c's can be diffed easily.

ok krw@ jmatthew@

convert ldapd to use the libtls api, bringing in a copy of the evbuffer_tls
code from syslogd.

ok beck@ benno@

use SOCK_NONBLOCK instead of fcntl

ok dlg@

change to <limits.h> universe. The only changes in the binary are due
to the heavy use of assert.
ok millert

Protect against fd exhaustion when reopening database files. Only accept
client or control connections when there are at least 8 fds available,
and close a connection before calling imsg_read if it would be unable to
accept an fd from the parent process.

ok gilles@

rate limiting of accept() in various cases. Testing by jmatthew. there
maybe still be a corner case where it needs one more file descriptor
beyond the limit..

Make -dvv flags produce debug traces of decoded BER messages on stderr.
Also shows a hexdump of the input buffer if BER decoding fails.
Useful when debugging protocol issues.

Evaluate filters according to the three-valued logic of X.511, as required
by RFC 4511. A filter term can now be evaluated as undefined if the
attribute description is not recognized, the attribute type doesn't define
the appropriate matching rule, or the filtering is not implemented.

This also implements the NOT filter in the query planner.

Remember the bind DN after BSD authentication. This makes access control
work for SASL and BSDAUTH binds as it does for simple binds.

Move generic imsg/libevent glue to a separate file.

with eric@ at c2k10

Retry requests when the btree is busy. Without this, clients will just hang
waiting for a response if the btree was being reopened when the request was
received.

Implement the LDAP compare operation.

Add a global root user that is allowed to read/write entries in all local
namespaces. Useful for dump/restore of all namespaces.

Add support for referrals. Referrals are configured in the config file,
either in the global context or in a namespace. The latter can be used to
delegate requests to different servers for specific parts of the DIT. The
former is a global catch-all referral.

Remember on what listener a connection got from, and return protocol error
if trying to use starttls without a configured certificate, instead of just
blocking the client.

Rewrite the schema parser, as it's not a context-free grammar.
This also brings the config parser more in line with other parse.y in the
tree. The new schema parser also supports symbolic OID names.

You need to update your /etc/ldapd.conf. Schema files are no longer
included with the 'include' keyword, you have to use 'schema' for that.

Moves schema-related structures to a separate include file to ease reuse.

return value unused, found by lint

Remove unused code.

remove an unused typedef

remove leftovers from old compaction code

Remove compaction and indexing from ldapd. It is better done by a separate
process now that the btree can pick up the changes automatically.

Move around some functions to ease re-use from ldapctl.

Make modify and simple auth requests open their own transactions, as search
already does. Trigger a reopen imsg request if either the data or index
databases are compacted. Queue the failed request and try again when the
file is reopened.

Compaction can now be done by a separate process, and ldapd will pick up
the change and reopen the file.

Implement support in the parent to (re-)open database files on behalf of
the unprivileged child over imsg. Part of a larger change that will fix
database compaction.

Wrap searches in a read-only transaction so it is guaranteed to see a
consistent snapshot of the database.

Also fixes a couple of format string errors for long long ints.

Open database files before chrooting, and use an absolute path to
the database files, instead of relying on the chrooted-to path.

This breaks compaction as the ldape process can't re-open the
database files. This is being worked on.

ok gilles@

Initial import of ldapd, a small LDAP daemon. Work in progress.

ok deraadt@ jacekm@ gilles@ back@ henning@ blambert@

these programs (with common ancestry) had a -fno-common problem related
to privsep_procid.
ok mortimer

Remove locally imposed limit on sockets.

Suggested by martijn@, ok claudio@

Using the "ldaps" or "tls" keywords in ldapd.conf currently enables all
protocols and ciphers. So you get a TLS server speaking TLSv1.0 and
supporting cipher suites with RC4 and 3DES encryption, all of which should
be considered broken. There is no way of disabling TLSv1.0 and TLSv1.1 in
ldapd. All this is also not very clearly called out in the documentation.

This commit switches the defaults to using the libtls defaults for both
protocols and ciphers. If compatibility with the insecure legacy protocols
and ciphers is needed, use the "legacy" keyword before "tls" or "ldaps" in
ldapd.conf.

tested by abieber.
inoguchi agrees with the direction.

ok beck

Make ber type and encoding a unsigned int instead of unsigned long.
This way the size is the same on all archs and 32bit should be good enough.
OK rob@

Fix format string errors in log messages and update ldapd to use relayd's log.c

OK benno@ jmatthew@

Add support to filter on attributes.

This can be used to allow users to change their password (and a few
other things) but not their entire dn. For example:

allow read access to any by self
allow write access to any attribute userPassword by self

This is currently only supported for "write" (modify, add, delete) and
not "read" (search) filter rules.

OK jmatthew@

Implement fork+exec model

OK jmatthew@

work on making log.c similar in all daemons:

move daemon-local functions into new logmsg.c, and reduce
the (mostly whitespace) differences so that log.c's can be diffed easily.

ok krw@ jmatthew@

convert ldapd to use the libtls api, bringing in a copy of the evbuffer_tls
code from syslogd.

ok beck@ benno@

use SOCK_NONBLOCK instead of fcntl

ok dlg@

change to <limits.h> universe. The only changes in the binary are due
to the heavy use of assert.
ok millert

Protect against fd exhaustion when reopening database files. Only accept
client or control connections when there are at least 8 fds available,
and close a connection before calling imsg_read if it would be unable to
accept an fd from the parent process.

ok gilles@

rate limiting of accept() in various cases. Testing by jmatthew. there
maybe still be a corner case where it needs one more file descriptor
beyond the limit..

Make -dvv flags produce debug traces of decoded BER messages on stderr.
Also shows a hexdump of the input buffer if BER decoding fails.
Useful when debugging protocol issues.

Evaluate filters according to the three-valued logic of X.511, as required
by RFC 4511. A filter term can now be evaluated as undefined if the
attribute description is not recognized, the attribute type doesn't define
the appropriate matching rule, or the filtering is not implemented.

This also implements the NOT filter in the query planner.

Remember the bind DN after BSD authentication. This makes access control
work for SASL and BSDAUTH binds as it does for simple binds.

Move generic imsg/libevent glue to a separate file.

with eric@ at c2k10

Retry requests when the btree is busy. Without this, clients will just hang
waiting for a response if the btree was being reopened when the request was
received.

Implement the LDAP compare operation.

Add a global root user that is allowed to read/write entries in all local
namespaces. Useful for dump/restore of all namespaces.

Add support for referrals. Referrals are configured in the config file,
either in the global context or in a namespace. The latter can be used to
delegate requests to different servers for specific parts of the DIT. The
former is a global catch-all referral.

Remember on what listener a connection got from, and return protocol error
if trying to use starttls without a configured certificate, instead of just
blocking the client.

Rewrite the schema parser, as it's not a context-free grammar.
This also brings the config parser more in line with other parse.y in the
tree. The new schema parser also supports symbolic OID names.

You need to update your /etc/ldapd.conf. Schema files are no longer
included with the 'include' keyword, you have to use 'schema' for that.

Moves schema-related structures to a separate include file to ease reuse.

return value unused, found by lint

Remove unused code.

remove an unused typedef

remove leftovers from old compaction code

Remove compaction and indexing from ldapd. It is better done by a separate
process now that the btree can pick up the changes automatically.

Move around some functions to ease re-use from ldapctl.

Make modify and simple auth requests open their own transactions, as search
already does. Trigger a reopen imsg request if either the data or index
databases are compacted. Queue the failed request and try again when the
file is reopened.

Compaction can now be done by a separate process, and ldapd will pick up
the change and reopen the file.

Implement support in the parent to (re-)open database files on behalf of
the unprivileged child over imsg. Part of a larger change that will fix
database compaction.

Wrap searches in a read-only transaction so it is guaranteed to see a
consistent snapshot of the database.

Also fixes a couple of format string errors for long long ints.

Open database files before chrooting, and use an absolute path to
the database files, instead of relying on the chrooted-to path.

This breaks compaction as the ldape process can't re-open the
database files. This is being worked on.

ok gilles@

Initial import of ldapd, a small LDAP daemon. Work in progress.

ok deraadt@ jacekm@ gilles@ back@ henning@ blambert@

Remove locally imposed limit on sockets.

Suggested by martijn@, ok claudio@

Using the "ldaps" or "tls" keywords in ldapd.conf currently enables all
protocols and ciphers. So you get a TLS server speaking TLSv1.0 and
supporting cipher suites with RC4 and 3DES encryption, all of which should
be considered broken. There is no way of disabling TLSv1.0 and TLSv1.1 in
ldapd. All this is also not very clearly called out in the documentation.

This commit switches the defaults to using the libtls defaults for both
protocols and ciphers. If compatibility with the insecure legacy protocols
and ciphers is needed, use the "legacy" keyword before "tls" or "ldaps" in
ldapd.conf.

tested by abieber.
inoguchi agrees with the direction.

ok beck

Make ber type and encoding a unsigned int instead of unsigned long.
This way the size is the same on all archs and 32bit should be good enough.
OK rob@

Fix format string errors in log messages and update ldapd to use relayd's log.c

OK benno@ jmatthew@

Add support to filter on attributes.

This can be used to allow users to change their password (and a few
other things) but not their entire dn. For example:

allow read access to any by self
allow write access to any attribute userPassword by self

This is currently only supported for "write" (modify, add, delete) and
not "read" (search) filter rules.

OK jmatthew@

Implement fork+exec model

OK jmatthew@

work on making log.c similar in all daemons:

move daemon-local functions into new logmsg.c, and reduce
the (mostly whitespace) differences so that log.c's can be diffed easily.

ok krw@ jmatthew@

convert ldapd to use the libtls api, bringing in a copy of the evbuffer_tls
code from syslogd.

ok beck@ benno@

use SOCK_NONBLOCK instead of fcntl

ok dlg@

change to <limits.h> universe. The only changes in the binary are due
to the heavy use of assert.
ok millert

Protect against fd exhaustion when reopening database files. Only accept
client or control connections when there are at least 8 fds available,
and close a connection before calling imsg_read if it would be unable to
accept an fd from the parent process.

ok gilles@

rate limiting of accept() in various cases. Testing by jmatthew. there
maybe still be a corner case where it needs one more file descriptor
beyond the limit..

Make -dvv flags produce debug traces of decoded BER messages on stderr.
Also shows a hexdump of the input buffer if BER decoding fails.
Useful when debugging protocol issues.

Evaluate filters according to the three-valued logic of X.511, as required
by RFC 4511. A filter term can now be evaluated as undefined if the
attribute description is not recognized, the attribute type doesn't define
the appropriate matching rule, or the filtering is not implemented.

This also implements the NOT filter in the query planner.

Remember the bind DN after BSD authentication. This makes access control
work for SASL and BSDAUTH binds as it does for simple binds.

Move generic imsg/libevent glue to a separate file.

with eric@ at c2k10

Retry requests when the btree is busy. Without this, clients will just hang
waiting for a response if the btree was being reopened when the request was
received.

Implement the LDAP compare operation.

Add a global root user that is allowed to read/write entries in all local
namespaces. Useful for dump/restore of all namespaces.

Add support for referrals. Referrals are configured in the config file,
either in the global context or in a namespace. The latter can be used to
delegate requests to different servers for specific parts of the DIT. The
former is a global catch-all referral.

Remember on what listener a connection got from, and return protocol error
if trying to use starttls without a configured certificate, instead of just
blocking the client.

Rewrite the schema parser, as it's not a context-free grammar.
This also brings the config parser more in line with other parse.y in the
tree. The new schema parser also supports symbolic OID names.

You need to update your /etc/ldapd.conf. Schema files are no longer
included with the 'include' keyword, you have to use 'schema' for that.

Moves schema-related structures to a separate include file to ease reuse.

return value unused, found by lint

Remove unused code.

remove an unused typedef

remove leftovers from old compaction code

Remove compaction and indexing from ldapd. It is better done by a separate
process now that the btree can pick up the changes automatically.

Move around some functions to ease re-use from ldapctl.

Make modify and simple auth requests open their own transactions, as search
already does. Trigger a reopen imsg request if either the data or index
databases are compacted. Queue the failed request and try again when the
file is reopened.

Compaction can now be done by a separate process, and ldapd will pick up
the change and reopen the file.

Implement support in the parent to (re-)open database files on behalf of
the unprivileged child over imsg. Part of a larger change that will fix
database compaction.

Wrap searches in a read-only transaction so it is guaranteed to see a
consistent snapshot of the database.

Also fixes a couple of format string errors for long long ints.

Open database files before chrooting, and use an absolute path to
the database files, instead of relying on the chrooted-to path.

This breaks compaction as the ldape process can't re-open the
database files. This is being worked on.

ok gilles@

Initial import of ldapd, a small LDAP daemon. Work in progress.

ok deraadt@ jacekm@ gilles@ back@ henning@ blambert@

Using the "ldaps" or "tls" keywords in ldapd.conf currently enables all
protocols and ciphers. So you get a TLS server speaking TLSv1.0 and
supporting cipher suites with RC4 and 3DES encryption, all of which should
be considered broken. There is no way of disabling TLSv1.0 and TLSv1.1 in
ldapd. All this is also not very clearly called out in the documentation.

This commit switches the defaults to using the libtls defaults for both
protocols and ciphers. If compatibility with the insecure legacy protocols
and ciphers is needed, use the "legacy" keyword before "tls" or "ldaps" in
ldapd.conf.

tested by abieber.
inoguchi agrees with the direction.

ok beck

Make ber type and encoding a unsigned int instead of unsigned long.
This way the size is the same on all archs and 32bit should be good enough.
OK rob@

Fix format string errors in log messages and update ldapd to use relayd's log.c

OK benno@ jmatthew@

Add support to filter on attributes.

This can be used to allow users to change their password (and a few
other things) but not their entire dn. For example:

allow read access to any by self
allow write access to any attribute userPassword by self

This is currently only supported for "write" (modify, add, delete) and
not "read" (search) filter rules.

OK jmatthew@

Implement fork+exec model

OK jmatthew@

work on making log.c similar in all daemons:

move daemon-local functions into new logmsg.c, and reduce
the (mostly whitespace) differences so that log.c's can be diffed easily.

ok krw@ jmatthew@

convert ldapd to use the libtls api, bringing in a copy of the evbuffer_tls
code from syslogd.

ok beck@ benno@

use SOCK_NONBLOCK instead of fcntl

ok dlg@

change to <limits.h> universe. The only changes in the binary are due
to the heavy use of assert.
ok millert

Protect against fd exhaustion when reopening database files. Only accept
client or control connections when there are at least 8 fds available,
and close a connection before calling imsg_read if it would be unable to
accept an fd from the parent process.

ok gilles@

rate limiting of accept() in various cases. Testing by jmatthew. there
maybe still be a corner case where it needs one more file descriptor
beyond the limit..

Make -dvv flags produce debug traces of decoded BER messages on stderr.
Also shows a hexdump of the input buffer if BER decoding fails.
Useful when debugging protocol issues.

Evaluate filters according to the three-valued logic of X.511, as required
by RFC 4511. A filter term can now be evaluated as undefined if the
attribute description is not recognized, the attribute type doesn't define
the appropriate matching rule, or the filtering is not implemented.

This also implements the NOT filter in the query planner.

Remember the bind DN after BSD authentication. This makes access control
work for SASL and BSDAUTH binds as it does for simple binds.

Move generic imsg/libevent glue to a separate file.

with eric@ at c2k10

Retry requests when the btree is busy. Without this, clients will just hang
waiting for a response if the btree was being reopened when the request was
received.

Implement the LDAP compare operation.

Add a global root user that is allowed to read/write entries in all local
namespaces. Useful for dump/restore of all namespaces.

Add support for referrals. Referrals are configured in the config file,
either in the global context or in a namespace. The latter can be used to
delegate requests to different servers for specific parts of the DIT. The
former is a global catch-all referral.

Remember on what listener a connection got from, and return protocol error
if trying to use starttls without a configured certificate, instead of just
blocking the client.

Rewrite the schema parser, as it's not a context-free grammar.
This also brings the config parser more in line with other parse.y in the
tree. The new schema parser also supports symbolic OID names.

You need to update your /etc/ldapd.conf. Schema files are no longer
included with the 'include' keyword, you have to use 'schema' for that.

Moves schema-related structures to a separate include file to ease reuse.

return value unused, found by lint

Remove unused code.

remove an unused typedef

remove leftovers from old compaction code

Remove compaction and indexing from ldapd. It is better done by a separate
process now that the btree can pick up the changes automatically.

Move around some functions to ease re-use from ldapctl.

Make modify and simple auth requests open their own transactions, as search
already does. Trigger a reopen imsg request if either the data or index
databases are compacted. Queue the failed request and try again when the
file is reopened.

Compaction can now be done by a separate process, and ldapd will pick up
the change and reopen the file.

Implement support in the parent to (re-)open database files on behalf of
the unprivileged child over imsg. Part of a larger change that will fix
database compaction.

Wrap searches in a read-only transaction so it is guaranteed to see a
consistent snapshot of the database.

Also fixes a couple of format string errors for long long ints.

Open database files before chrooting, and use an absolute path to
the database files, instead of relying on the chrooted-to path.

This breaks compaction as the ldape process can't re-open the
database files. This is being worked on.

ok gilles@

Initial import of ldapd, a small LDAP daemon. Work in progress.

ok deraadt@ jacekm@ gilles@ back@ henning@ blambert@

Make ber type and encoding a unsigned int instead of unsigned long.
This way the size is the same on all archs and 32bit should be good enough.
OK rob@

Fix format string errors in log messages and update ldapd to use relayd's log.c

OK benno@ jmatthew@

Add support to filter on attributes.

This can be used to allow users to change their password (and a few
other things) but not their entire dn. For example:

allow read access to any by self
allow write access to any attribute userPassword by self

This is currently only supported for "write" (modify, add, delete) and
not "read" (search) filter rules.

OK jmatthew@

Implement fork+exec model

OK jmatthew@

work on making log.c similar in all daemons:

move daemon-local functions into new logmsg.c, and reduce
the (mostly whitespace) differences so that log.c's can be diffed easily.

ok krw@ jmatthew@

convert ldapd to use the libtls api, bringing in a copy of the evbuffer_tls
code from syslogd.

ok beck@ benno@

use SOCK_NONBLOCK instead of fcntl

ok dlg@

change to <limits.h> universe. The only changes in the binary are due
to the heavy use of assert.
ok millert

Protect against fd exhaustion when reopening database files. Only accept
client or control connections when there are at least 8 fds available,
and close a connection before calling imsg_read if it would be unable to
accept an fd from the parent process.

ok gilles@

rate limiting of accept() in various cases. Testing by jmatthew. there
maybe still be a corner case where it needs one more file descriptor
beyond the limit..

Make -dvv flags produce debug traces of decoded BER messages on stderr.
Also shows a hexdump of the input buffer if BER decoding fails.
Useful when debugging protocol issues.

Evaluate filters according to the three-valued logic of X.511, as required
by RFC 4511. A filter term can now be evaluated as undefined if the
attribute description is not recognized, the attribute type doesn't define
the appropriate matching rule, or the filtering is not implemented.

This also implements the NOT filter in the query planner.

Remember the bind DN after BSD authentication. This makes access control
work for SASL and BSDAUTH binds as it does for simple binds.

Move generic imsg/libevent glue to a separate file.

with eric@ at c2k10

Retry requests when the btree is busy. Without this, clients will just hang
waiting for a response if the btree was being reopened when the request was
received.

Implement the LDAP compare operation.

Add a global root user that is allowed to read/write entries in all local
namespaces. Useful for dump/restore of all namespaces.

Add support for referrals. Referrals are configured in the config file,
either in the global context or in a namespace. The latter can be used to
delegate requests to different servers for specific parts of the DIT. The
former is a global catch-all referral.

Remember on what listener a connection got from, and return protocol error
if trying to use starttls without a configured certificate, instead of just
blocking the client.

Rewrite the schema parser, as it's not a context-free grammar.
This also brings the config parser more in line with other parse.y in the
tree. The new schema parser also supports symbolic OID names.

You need to update your /etc/ldapd.conf. Schema files are no longer
included with the 'include' keyword, you have to use 'schema' for that.

Moves schema-related structures to a separate include file to ease reuse.

return value unused, found by lint

Remove unused code.

remove an unused typedef

remove leftovers from old compaction code

Remove compaction and indexing from ldapd. It is better done by a separate
process now that the btree can pick up the changes automatically.

Move around some functions to ease re-use from ldapctl.

Make modify and simple auth requests open their own transactions, as search
already does. Trigger a reopen imsg request if either the data or index
databases are compacted. Queue the failed request and try again when the
file is reopened.

Compaction can now be done by a separate process, and ldapd will pick up
the change and reopen the file.

Implement support in the parent to (re-)open database files on behalf of
the unprivileged child over imsg. Part of a larger change that will fix
database compaction.

Wrap searches in a read-only transaction so it is guaranteed to see a
consistent snapshot of the database.

Also fixes a couple of format string errors for long long ints.

Open database files before chrooting, and use an absolute path to
the database files, instead of relying on the chrooted-to path.

This breaks compaction as the ldape process can't re-open the
database files. This is being worked on.

ok gilles@

Initial import of ldapd, a small LDAP daemon. Work in progress.

ok deraadt@ jacekm@ gilles@ back@ henning@ blambert@

Fix format string errors in log messages and update ldapd to use relayd's log.c

OK benno@ jmatthew@

Add support to filter on attributes.

This can be used to allow users to change their password (and a few
other things) but not their entire dn. For example:

allow read access to any by self
allow write access to any attribute userPassword by self

This is currently only supported for "write" (modify, add, delete) and
not "read" (search) filter rules.

OK jmatthew@

Implement fork+exec model

OK jmatthew@

work on making log.c similar in all daemons:

move daemon-local functions into new logmsg.c, and reduce
the (mostly whitespace) differences so that log.c's can be diffed easily.

ok krw@ jmatthew@

convert ldapd to use the libtls api, bringing in a copy of the evbuffer_tls
code from syslogd.

ok beck@ benno@

use SOCK_NONBLOCK instead of fcntl

ok dlg@

change to <limits.h> universe. The only changes in the binary are due
to the heavy use of assert.
ok millert

Protect against fd exhaustion when reopening database files. Only accept
client or control connections when there are at least 8 fds available,
and close a connection before calling imsg_read if it would be unable to
accept an fd from the parent process.

ok gilles@

rate limiting of accept() in various cases. Testing by jmatthew. there
maybe still be a corner case where it needs one more file descriptor
beyond the limit..

Make -dvv flags produce debug traces of decoded BER messages on stderr.
Also shows a hexdump of the input buffer if BER decoding fails.
Useful when debugging protocol issues.

Evaluate filters according to the three-valued logic of X.511, as required
by RFC 4511. A filter term can now be evaluated as undefined if the
attribute description is not recognized, the attribute type doesn't define
the appropriate matching rule, or the filtering is not implemented.

This also implements the NOT filter in the query planner.

Remember the bind DN after BSD authentication. This makes access control
work for SASL and BSDAUTH binds as it does for simple binds.

Move generic imsg/libevent glue to a separate file.

with eric@ at c2k10

Retry requests when the btree is busy. Without this, clients will just hang
waiting for a response if the btree was being reopened when the request was
received.

Implement the LDAP compare operation.

Add a global root user that is allowed to read/write entries in all local
namespaces. Useful for dump/restore of all namespaces.

Add support for referrals. Referrals are configured in the config file,
either in the global context or in a namespace. The latter can be used to
delegate requests to different servers for specific parts of the DIT. The
former is a global catch-all referral.

Remember on what listener a connection got from, and return protocol error
if trying to use starttls without a configured certificate, instead of just
blocking the client.

Rewrite the schema parser, as it's not a context-free grammar.
This also brings the config parser more in line with other parse.y in the
tree. The new schema parser also supports symbolic OID names.

You need to update your /etc/ldapd.conf. Schema files are no longer
included with the 'include' keyword, you have to use 'schema' for that.

Moves schema-related structures to a separate include file to ease reuse.

return value unused, found by lint

Remove unused code.

remove an unused typedef

remove leftovers from old compaction code

Remove compaction and indexing from ldapd. It is better done by a separate
process now that the btree can pick up the changes automatically.

Move around some functions to ease re-use from ldapctl.

Make modify and simple auth requests open their own transactions, as search
already does. Trigger a reopen imsg request if either the data or index
databases are compacted. Queue the failed request and try again when the
file is reopened.

Compaction can now be done by a separate process, and ldapd will pick up
the change and reopen the file.

Implement support in the parent to (re-)open database files on behalf of
the unprivileged child over imsg. Part of a larger change that will fix
database compaction.

Wrap searches in a read-only transaction so it is guaranteed to see a
consistent snapshot of the database.

Also fixes a couple of format string errors for long long ints.

Open database files before chrooting, and use an absolute path to
the database files, instead of relying on the chrooted-to path.

This breaks compaction as the ldape process can't re-open the
database files. This is being worked on.

ok gilles@

Initial import of ldapd, a small LDAP daemon. Work in progress.

ok deraadt@ jacekm@ gilles@ back@ henning@ blambert@

Implement fork+exec model

OK jmatthew@

work on making log.c similar in all daemons:

move daemon-local functions into new logmsg.c, and reduce
the (mostly whitespace) differences so that log.c's can be diffed easily.

ok krw@ jmatthew@

convert ldapd to use the libtls api, bringing in a copy of the evbuffer_tls
code from syslogd.

ok beck@ benno@

use SOCK_NONBLOCK instead of fcntl

ok dlg@

change to <limits.h> universe. The only changes in the binary are due
to the heavy use of assert.
ok millert

Protect against fd exhaustion when reopening database files. Only accept
client or control connections when there are at least 8 fds available,
and close a connection before calling imsg_read if it would be unable to
accept an fd from the parent process.

ok gilles@

rate limiting of accept() in various cases. Testing by jmatthew. there
maybe still be a corner case where it needs one more file descriptor
beyond the limit..

Make -dvv flags produce debug traces of decoded BER messages on stderr.
Also shows a hexdump of the input buffer if BER decoding fails.
Useful when debugging protocol issues.

Evaluate filters according to the three-valued logic of X.511, as required
by RFC 4511. A filter term can now be evaluated as undefined if the
attribute description is not recognized, the attribute type doesn't define
the appropriate matching rule, or the filtering is not implemented.

This also implements the NOT filter in the query planner.

Remember the bind DN after BSD authentication. This makes access control
work for SASL and BSDAUTH binds as it does for simple binds.

Move generic imsg/libevent glue to a separate file.

with eric@ at c2k10

Retry requests when the btree is busy. Without this, clients will just hang
waiting for a response if the btree was being reopened when the request was
received.

Implement the LDAP compare operation.

Add a global root user that is allowed to read/write entries in all local
namespaces. Useful for dump/restore of all namespaces.

Add support for referrals. Referrals are configured in the config file,
either in the global context or in a namespace. The latter can be used to
delegate requests to different servers for specific parts of the DIT. The
former is a global catch-all referral.

Remember on what listener a connection got from, and return protocol error
if trying to use starttls without a configured certificate, instead of just
blocking the client.

Rewrite the schema parser, as it's not a context-free grammar.
This also brings the config parser more in line with other parse.y in the
tree. The new schema parser also supports symbolic OID names.

You need to update your /etc/ldapd.conf. Schema files are no longer
included with the 'include' keyword, you have to use 'schema' for that.

Moves schema-related structures to a separate include file to ease reuse.

return value unused, found by lint

Remove unused code.

remove an unused typedef

remove leftovers from old compaction code

Remove compaction and indexing from ldapd. It is better done by a separate
process now that the btree can pick up the changes automatically.

Move around some functions to ease re-use from ldapctl.

Make modify and simple auth requests open their own transactions, as search
already does. Trigger a reopen imsg request if either the data or index
databases are compacted. Queue the failed request and try again when the
file is reopened.

Compaction can now be done by a separate process, and ldapd will pick up
the change and reopen the file.

Implement support in the parent to (re-)open database files on behalf of
the unprivileged child over imsg. Part of a larger change that will fix
database compaction.

Wrap searches in a read-only transaction so it is guaranteed to see a
consistent snapshot of the database.

Also fixes a couple of format string errors for long long ints.

Open database files before chrooting, and use an absolute path to
the database files, instead of relying on the chrooted-to path.

This breaks compaction as the ldape process can't re-open the
database files. This is being worked on.

ok gilles@

Initial import of ldapd, a small LDAP daemon. Work in progress.

ok deraadt@ jacekm@ gilles@ back@ henning@ blambert@