#
1.38 |
|
17-Jan-2024 |
claudio |
Use imsg_get_fd() and a local variable. OK florian@
|
Revision tags: OPENBSD_7_3_BASE OPENBSD_7_4_BASE
|
#
1.37 |
|
01-Mar-2023 |
claudio |
Change fatal() to fatalx() since the errno has no meaning here. OK tb@
|
Revision tags: OPENBSD_7_1_BASE OPENBSD_7_2_BASE
|
#
1.36 |
|
19-Dec-2021 |
claudio |
log_warn -> log_warnx since the warning printed uses tls_error() and therefor printing the errno as well makes no sense.
|
#
1.35 |
|
15-Dec-2021 |
deraadt |
PATH_MAX+1 rarely makes sense, and abort if this happens in the imsg. ok jmatthew millert
|
Revision tags: OPENBSD_7_0_BASE
|
#
1.34 |
|
20-Apr-2021 |
dv |
Move TAILQ initialization to files where they are used.
These priv-sep daemons all follow a similar design and use TAILQs for tracking control process connections. In most cases, the TAILQs are initialized separate from where they are used. Since the scope of use is generally confined to a specific control process file, this commit also removes any extern definitions and exposing the TAILQ structures to other compilation units.
ok bluhm@, tb@
|
Revision tags: OPENBSD_6_7_BASE OPENBSD_6_8_BASE OPENBSD_6_9_BASE
|
#
1.33 |
|
26-Oct-2019 |
martijn |
The starttls command doesn't have a value with its extended request. The handling of this changed with libutil/ber.c r1.12 resulting in starttls failing.
Found by several. Fix suggestion by roklein <at> roklein <dot> de OK claudio@
|
#
1.32 |
|
24-Oct-2019 |
tb |
The ber_* namespace is used by liblber since time immemorial, so move our BER API to the unused ober_* prefix to avoid some breakage in ports.
Problem diagnosed by jmatthew with ber_free() in samba, but there are many others as pointed out by sthen.
tests & ok rob ok sthen (who had an almost identical diff for libutil) "go head hit it" deraadt
|
Revision tags: OPENBSD_6_6_BASE
|
#
1.31 |
|
28-Jun-2019 |
deraadt |
branches: 1.31.2; When system calls indicate an error they return -1, not some arbitrary value < 0. errno is only updated in this case. Change all (most?) callers of syscalls to follow this better, and let's see if this strictness helps us in the future.
|
Revision tags: OPENBSD_6_4_BASE OPENBSD_6_5_BASE
|
#
1.30 |
|
12-Aug-2018 |
rob |
Change ber_write_elements() to return ssize_t instead of int.
ok claudio@
|
#
1.29 |
|
31-Jul-2018 |
claudio |
Make ber type and encoding a unsigned int instead of unsigned long. This way the size is the same on all archs and 32bit should be good enough. OK rob@
|
#
1.28 |
|
04-Jul-2018 |
rob |
Avoid possible vfprintf NULL errors in ldap_unbind().
Ok benno@
|
#
1.27 |
|
15-May-2018 |
reyk |
Fix format string errors in log messages and update ldapd to use relayd's log.c
OK benno@ jmatthew@
|
Revision tags: OPENBSD_6_1_BASE OPENBSD_6_2_BASE OPENBSD_6_3_BASE
|
#
1.26 |
|
24-Feb-2017 |
gsoares |
Implement fork+exec model
OK jmatthew@
|
#
1.25 |
|
20-Jan-2017 |
benno |
work on making log.c similar in all daemons:
move daemon-local functions into new logmsg.c, and reduce the (mostly whitespace) differences so that log.c's can be diffed easily.
ok krw@ jmatthew@
|
Revision tags: OPENBSD_6_0_BASE
|
#
1.24 |
|
01-May-2016 |
jmatthew |
convert ldapd to use the libtls api, bringing in a copy of the evbuffer_tls code from syslogd.
ok beck@ benno@
|
Revision tags: OPENBSD_5_9_BASE
|
#
1.23 |
|
24-Dec-2015 |
mmcc |
bzero -> memset. No binary change.
|
#
1.22 |
|
02-Nov-2015 |
jmatthew |
use SOCK_NONBLOCK instead of fcntl
ok dlg@
|
#
1.21 |
|
02-Nov-2015 |
jmatthew |
Both ldapd processes need "stdio" to talk to clients and each other. The parent process opens database files ("rpath wpath cpath"), sends fds to the child ("sendfd"), and does bsd auth on behalf of the child ("getpw proc exec").
The child process accepts client connections ("inet unix"), receives fds from the parent ("recvfd") and locks database files ("flock").
ok deraadt@
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.20 |
|
03-Jun-2015 |
millert |
Do not assume that asprintf() clears the pointer on failure, which is non-portable. Also add missing asprintf() return value checks. OK deraadt@ guenther@ doug@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.19 |
|
16-Jan-2015 |
deraadt |
change to <limits.h> universe. The only changes in the binary are due to the heavy use of assert. ok millert
|
Revision tags: OPENBSD_5_5_BASE OPENBSD_5_6_BASE
|
#
1.18 |
|
02-Nov-2013 |
deraadt |
bunch of format string cleanups, removing %i, signed vs unsigned, and even a few long long's ok jmatthew
|
Revision tags: OPENBSD_5_2_BASE OPENBSD_5_3_BASE OPENBSD_5_4_BASE
|
#
1.17 |
|
16-Jun-2012 |
jmatthew |
Protect against fd exhaustion when reopening database files. Only accept client or control connections when there are at least 8 fds available, and close a connection before calling imsg_read if it would be unable to accept an fd from the parent process.
ok gilles@
|
#
1.16 |
|
11-Apr-2012 |
deraadt |
rate limiting of accept() in various cases. Testing by jmatthew. there maybe still be a corner case where it needs one more file descriptor beyond the limit..
|
#
1.15 |
|
01-Apr-2012 |
deraadt |
use our umask() before AF_UNIX bind() semantics; ok pyr
|
Revision tags: OPENBSD_4_9_BASE OPENBSD_5_0_BASE OPENBSD_5_1_BASE
|
#
1.14 |
|
10-Nov-2010 |
martinh |
Make -dvv flags produce debug traces of decoded BER messages on stderr. Also shows a hexdump of the input buffer if BER decoding fails. Useful when debugging protocol issues.
|
#
1.13 |
|
01-Sep-2010 |
martinh |
Move generic imsg/libevent glue to a separate file.
with eric@ at c2k10
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.12 |
|
10-Jul-2010 |
martinh |
Retry requests when the btree is busy. Without this, clients will just hang waiting for a response if the btree was being reopened when the request was received.
|
#
1.11 |
|
01-Jul-2010 |
martinh |
Implement the LDAP compare operation.
|
#
1.10 |
|
01-Jul-2010 |
martinh |
Remove dead assignments. Found by clang static analyzer.
|
#
1.9 |
|
30-Jun-2010 |
martinh |
Don't send statistics for referral namespaces. This unbreaks ldapctl stats. Avoid null pointer dereference when reopening a namespace.
|
#
1.8 |
|
29-Jun-2010 |
martinh |
Add support for referrals. Referrals are configured in the config file, either in the global context or in a namespace. The latter can be used to delegate requests to different servers for specific parts of the DIT. The former is a global catch-all referral.
|
#
1.7 |
|
29-Jun-2010 |
martinh |
Remember on what listener a connection got from, and return protocol error if trying to use starttls without a configured certificate, instead of just blocking the client.
|
#
1.6 |
|
23-Jun-2010 |
martinh |
Remove compaction and indexing from ldapd. It is better done by a separate process now that the btree can pick up the changes automatically.
|
#
1.5 |
|
15-Jun-2010 |
martinh |
Implement support in the parent to (re-)open database files on behalf of the unprivileged child over imsg. Part of a larger change that will fix database compaction.
|
#
1.4 |
|
11-Jun-2010 |
martinh |
print long long int as %lld
|
#
1.3 |
|
03-Jun-2010 |
martinh |
Open database files before chrooting, and use an absolute path to the database files, instead of relying on the chrooted-to path.
This breaks compaction as the ldape process can't re-open the database files. This is being worked on.
ok gilles@
|
#
1.2 |
|
31-May-2010 |
martinh |
Remove trailing whitespace and spaces before tabs.
ok gilles@
|
#
1.1 |
|
31-May-2010 |
martinh |
Initial import of ldapd, a small LDAP daemon. Work in progress.
ok deraadt@ jacekm@ gilles@ back@ henning@ blambert@
|
#
1.37 |
|
01-Mar-2023 |
claudio |
Change fatal() to fatalx() since the errno has no meaning here. OK tb@
|
Revision tags: OPENBSD_7_1_BASE OPENBSD_7_2_BASE
|
#
1.36 |
|
19-Dec-2021 |
claudio |
log_warn -> log_warnx since the warning printed uses tls_error() and therefor printing the errno as well makes no sense.
|
#
1.35 |
|
15-Dec-2021 |
deraadt |
PATH_MAX+1 rarely makes sense, and abort if this happens in the imsg. ok jmatthew millert
|
Revision tags: OPENBSD_7_0_BASE
|
#
1.34 |
|
20-Apr-2021 |
dv |
Move TAILQ initialization to files where they are used.
These priv-sep daemons all follow a similar design and use TAILQs for tracking control process connections. In most cases, the TAILQs are initialized separate from where they are used. Since the scope of use is generally confined to a specific control process file, this commit also removes any extern definitions and exposing the TAILQ structures to other compilation units.
ok bluhm@, tb@
|
Revision tags: OPENBSD_6_7_BASE OPENBSD_6_8_BASE OPENBSD_6_9_BASE
|
#
1.33 |
|
26-Oct-2019 |
martijn |
The starttls command doesn't have a value with its extended request. The handling of this changed with libutil/ber.c r1.12 resulting in starttls failing.
Found by several. Fix suggestion by roklein <at> roklein <dot> de OK claudio@
|
#
1.32 |
|
24-Oct-2019 |
tb |
The ber_* namespace is used by liblber since time immemorial, so move our BER API to the unused ober_* prefix to avoid some breakage in ports.
Problem diagnosed by jmatthew with ber_free() in samba, but there are many others as pointed out by sthen.
tests & ok rob ok sthen (who had an almost identical diff for libutil) "go head hit it" deraadt
|
Revision tags: OPENBSD_6_6_BASE
|
#
1.31 |
|
28-Jun-2019 |
deraadt |
branches: 1.31.2; When system calls indicate an error they return -1, not some arbitrary value < 0. errno is only updated in this case. Change all (most?) callers of syscalls to follow this better, and let's see if this strictness helps us in the future.
|
Revision tags: OPENBSD_6_4_BASE OPENBSD_6_5_BASE
|
#
1.30 |
|
12-Aug-2018 |
rob |
Change ber_write_elements() to return ssize_t instead of int.
ok claudio@
|
#
1.29 |
|
31-Jul-2018 |
claudio |
Make ber type and encoding a unsigned int instead of unsigned long. This way the size is the same on all archs and 32bit should be good enough. OK rob@
|
#
1.28 |
|
04-Jul-2018 |
rob |
Avoid possible vfprintf NULL errors in ldap_unbind().
Ok benno@
|
#
1.27 |
|
15-May-2018 |
reyk |
Fix format string errors in log messages and update ldapd to use relayd's log.c
OK benno@ jmatthew@
|
Revision tags: OPENBSD_6_1_BASE OPENBSD_6_2_BASE OPENBSD_6_3_BASE
|
#
1.26 |
|
24-Feb-2017 |
gsoares |
Implement fork+exec model
OK jmatthew@
|
#
1.25 |
|
20-Jan-2017 |
benno |
work on making log.c similar in all daemons:
move daemon-local functions into new logmsg.c, and reduce the (mostly whitespace) differences so that log.c's can be diffed easily.
ok krw@ jmatthew@
|
Revision tags: OPENBSD_6_0_BASE
|
#
1.24 |
|
01-May-2016 |
jmatthew |
convert ldapd to use the libtls api, bringing in a copy of the evbuffer_tls code from syslogd.
ok beck@ benno@
|
Revision tags: OPENBSD_5_9_BASE
|
#
1.23 |
|
24-Dec-2015 |
mmcc |
bzero -> memset. No binary change.
|
#
1.22 |
|
02-Nov-2015 |
jmatthew |
use SOCK_NONBLOCK instead of fcntl
ok dlg@
|
#
1.21 |
|
02-Nov-2015 |
jmatthew |
Both ldapd processes need "stdio" to talk to clients and each other. The parent process opens database files ("rpath wpath cpath"), sends fds to the child ("sendfd"), and does bsd auth on behalf of the child ("getpw proc exec").
The child process accepts client connections ("inet unix"), receives fds from the parent ("recvfd") and locks database files ("flock").
ok deraadt@
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.20 |
|
03-Jun-2015 |
millert |
Do not assume that asprintf() clears the pointer on failure, which is non-portable. Also add missing asprintf() return value checks. OK deraadt@ guenther@ doug@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.19 |
|
16-Jan-2015 |
deraadt |
change to <limits.h> universe. The only changes in the binary are due to the heavy use of assert. ok millert
|
Revision tags: OPENBSD_5_5_BASE OPENBSD_5_6_BASE
|
#
1.18 |
|
02-Nov-2013 |
deraadt |
bunch of format string cleanups, removing %i, signed vs unsigned, and even a few long long's ok jmatthew
|
Revision tags: OPENBSD_5_2_BASE OPENBSD_5_3_BASE OPENBSD_5_4_BASE
|
#
1.17 |
|
16-Jun-2012 |
jmatthew |
Protect against fd exhaustion when reopening database files. Only accept client or control connections when there are at least 8 fds available, and close a connection before calling imsg_read if it would be unable to accept an fd from the parent process.
ok gilles@
|
#
1.16 |
|
11-Apr-2012 |
deraadt |
rate limiting of accept() in various cases. Testing by jmatthew. there maybe still be a corner case where it needs one more file descriptor beyond the limit..
|
#
1.15 |
|
01-Apr-2012 |
deraadt |
use our umask() before AF_UNIX bind() semantics; ok pyr
|
Revision tags: OPENBSD_4_9_BASE OPENBSD_5_0_BASE OPENBSD_5_1_BASE
|
#
1.14 |
|
10-Nov-2010 |
martinh |
Make -dvv flags produce debug traces of decoded BER messages on stderr. Also shows a hexdump of the input buffer if BER decoding fails. Useful when debugging protocol issues.
|
#
1.13 |
|
01-Sep-2010 |
martinh |
Move generic imsg/libevent glue to a separate file.
with eric@ at c2k10
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.12 |
|
10-Jul-2010 |
martinh |
Retry requests when the btree is busy. Without this, clients will just hang waiting for a response if the btree was being reopened when the request was received.
|
#
1.11 |
|
01-Jul-2010 |
martinh |
Implement the LDAP compare operation.
|
#
1.10 |
|
01-Jul-2010 |
martinh |
Remove dead assignments. Found by clang static analyzer.
|
#
1.9 |
|
30-Jun-2010 |
martinh |
Don't send statistics for referral namespaces. This unbreaks ldapctl stats. Avoid null pointer dereference when reopening a namespace.
|
#
1.8 |
|
29-Jun-2010 |
martinh |
Add support for referrals. Referrals are configured in the config file, either in the global context or in a namespace. The latter can be used to delegate requests to different servers for specific parts of the DIT. The former is a global catch-all referral.
|
#
1.7 |
|
29-Jun-2010 |
martinh |
Remember on what listener a connection got from, and return protocol error if trying to use starttls without a configured certificate, instead of just blocking the client.
|
#
1.6 |
|
23-Jun-2010 |
martinh |
Remove compaction and indexing from ldapd. It is better done by a separate process now that the btree can pick up the changes automatically.
|
#
1.5 |
|
15-Jun-2010 |
martinh |
Implement support in the parent to (re-)open database files on behalf of the unprivileged child over imsg. Part of a larger change that will fix database compaction.
|
#
1.4 |
|
11-Jun-2010 |
martinh |
print long long int as %lld
|
#
1.3 |
|
03-Jun-2010 |
martinh |
Open database files before chrooting, and use an absolute path to the database files, instead of relying on the chrooted-to path.
This breaks compaction as the ldape process can't re-open the database files. This is being worked on.
ok gilles@
|
#
1.2 |
|
31-May-2010 |
martinh |
Remove trailing whitespace and spaces before tabs.
ok gilles@
|
#
1.1 |
|
31-May-2010 |
martinh |
Initial import of ldapd, a small LDAP daemon. Work in progress.
ok deraadt@ jacekm@ gilles@ back@ henning@ blambert@
|
#
1.36 |
|
19-Dec-2021 |
claudio |
log_warn -> log_warnx since the warning printed uses tls_error() and therefor printing the errno as well makes no sense.
|
#
1.35 |
|
15-Dec-2021 |
deraadt |
PATH_MAX+1 rarely makes sense, and abort if this happens in the imsg. ok jmatthew millert
|
Revision tags: OPENBSD_7_0_BASE
|
#
1.34 |
|
20-Apr-2021 |
dv |
Move TAILQ initialization to files where they are used.
These priv-sep daemons all follow a similar design and use TAILQs for tracking control process connections. In most cases, the TAILQs are initialized separate from where they are used. Since the scope of use is generally confined to a specific control process file, this commit also removes any extern definitions and exposing the TAILQ structures to other compilation units.
ok bluhm@, tb@
|
Revision tags: OPENBSD_6_7_BASE OPENBSD_6_8_BASE OPENBSD_6_9_BASE
|
#
1.33 |
|
26-Oct-2019 |
martijn |
The starttls command doesn't have a value with its extended request. The handling of this changed with libutil/ber.c r1.12 resulting in starttls failing.
Found by several. Fix suggestion by roklein <at> roklein <dot> de OK claudio@
|
#
1.32 |
|
24-Oct-2019 |
tb |
The ber_* namespace is used by liblber since time immemorial, so move our BER API to the unused ober_* prefix to avoid some breakage in ports.
Problem diagnosed by jmatthew with ber_free() in samba, but there are many others as pointed out by sthen.
tests & ok rob ok sthen (who had an almost identical diff for libutil) "go head hit it" deraadt
|
Revision tags: OPENBSD_6_6_BASE
|
#
1.31 |
|
28-Jun-2019 |
deraadt |
branches: 1.31.2; When system calls indicate an error they return -1, not some arbitrary value < 0. errno is only updated in this case. Change all (most?) callers of syscalls to follow this better, and let's see if this strictness helps us in the future.
|
Revision tags: OPENBSD_6_4_BASE OPENBSD_6_5_BASE
|
#
1.30 |
|
12-Aug-2018 |
rob |
Change ber_write_elements() to return ssize_t instead of int.
ok claudio@
|
#
1.29 |
|
31-Jul-2018 |
claudio |
Make ber type and encoding a unsigned int instead of unsigned long. This way the size is the same on all archs and 32bit should be good enough. OK rob@
|
#
1.28 |
|
04-Jul-2018 |
rob |
Avoid possible vfprintf NULL errors in ldap_unbind().
Ok benno@
|
#
1.27 |
|
15-May-2018 |
reyk |
Fix format string errors in log messages and update ldapd to use relayd's log.c
OK benno@ jmatthew@
|
Revision tags: OPENBSD_6_1_BASE OPENBSD_6_2_BASE OPENBSD_6_3_BASE
|
#
1.26 |
|
24-Feb-2017 |
gsoares |
Implement fork+exec model
OK jmatthew@
|
#
1.25 |
|
20-Jan-2017 |
benno |
work on making log.c similar in all daemons:
move daemon-local functions into new logmsg.c, and reduce the (mostly whitespace) differences so that log.c's can be diffed easily.
ok krw@ jmatthew@
|
Revision tags: OPENBSD_6_0_BASE
|
#
1.24 |
|
01-May-2016 |
jmatthew |
convert ldapd to use the libtls api, bringing in a copy of the evbuffer_tls code from syslogd.
ok beck@ benno@
|
Revision tags: OPENBSD_5_9_BASE
|
#
1.23 |
|
24-Dec-2015 |
mmcc |
bzero -> memset. No binary change.
|
#
1.22 |
|
02-Nov-2015 |
jmatthew |
use SOCK_NONBLOCK instead of fcntl
ok dlg@
|
#
1.21 |
|
02-Nov-2015 |
jmatthew |
Both ldapd processes need "stdio" to talk to clients and each other. The parent process opens database files ("rpath wpath cpath"), sends fds to the child ("sendfd"), and does bsd auth on behalf of the child ("getpw proc exec").
The child process accepts client connections ("inet unix"), receives fds from the parent ("recvfd") and locks database files ("flock").
ok deraadt@
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.20 |
|
03-Jun-2015 |
millert |
Do not assume that asprintf() clears the pointer on failure, which is non-portable. Also add missing asprintf() return value checks. OK deraadt@ guenther@ doug@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.19 |
|
16-Jan-2015 |
deraadt |
change to <limits.h> universe. The only changes in the binary are due to the heavy use of assert. ok millert
|
Revision tags: OPENBSD_5_5_BASE OPENBSD_5_6_BASE
|
#
1.18 |
|
02-Nov-2013 |
deraadt |
bunch of format string cleanups, removing %i, signed vs unsigned, and even a few long long's ok jmatthew
|
Revision tags: OPENBSD_5_2_BASE OPENBSD_5_3_BASE OPENBSD_5_4_BASE
|
#
1.17 |
|
16-Jun-2012 |
jmatthew |
Protect against fd exhaustion when reopening database files. Only accept client or control connections when there are at least 8 fds available, and close a connection before calling imsg_read if it would be unable to accept an fd from the parent process.
ok gilles@
|
#
1.16 |
|
11-Apr-2012 |
deraadt |
rate limiting of accept() in various cases. Testing by jmatthew. there maybe still be a corner case where it needs one more file descriptor beyond the limit..
|
#
1.15 |
|
01-Apr-2012 |
deraadt |
use our umask() before AF_UNIX bind() semantics; ok pyr
|
Revision tags: OPENBSD_4_9_BASE OPENBSD_5_0_BASE OPENBSD_5_1_BASE
|
#
1.14 |
|
10-Nov-2010 |
martinh |
Make -dvv flags produce debug traces of decoded BER messages on stderr. Also shows a hexdump of the input buffer if BER decoding fails. Useful when debugging protocol issues.
|
#
1.13 |
|
01-Sep-2010 |
martinh |
Move generic imsg/libevent glue to a separate file.
with eric@ at c2k10
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.12 |
|
10-Jul-2010 |
martinh |
Retry requests when the btree is busy. Without this, clients will just hang waiting for a response if the btree was being reopened when the request was received.
|
#
1.11 |
|
01-Jul-2010 |
martinh |
Implement the LDAP compare operation.
|
#
1.10 |
|
01-Jul-2010 |
martinh |
Remove dead assignments. Found by clang static analyzer.
|
#
1.9 |
|
30-Jun-2010 |
martinh |
Don't send statistics for referral namespaces. This unbreaks ldapctl stats. Avoid null pointer dereference when reopening a namespace.
|
#
1.8 |
|
29-Jun-2010 |
martinh |
Add support for referrals. Referrals are configured in the config file, either in the global context or in a namespace. The latter can be used to delegate requests to different servers for specific parts of the DIT. The former is a global catch-all referral.
|
#
1.7 |
|
29-Jun-2010 |
martinh |
Remember on what listener a connection got from, and return protocol error if trying to use starttls without a configured certificate, instead of just blocking the client.
|
#
1.6 |
|
23-Jun-2010 |
martinh |
Remove compaction and indexing from ldapd. It is better done by a separate process now that the btree can pick up the changes automatically.
|
#
1.5 |
|
15-Jun-2010 |
martinh |
Implement support in the parent to (re-)open database files on behalf of the unprivileged child over imsg. Part of a larger change that will fix database compaction.
|
#
1.4 |
|
11-Jun-2010 |
martinh |
print long long int as %lld
|
#
1.3 |
|
03-Jun-2010 |
martinh |
Open database files before chrooting, and use an absolute path to the database files, instead of relying on the chrooted-to path.
This breaks compaction as the ldape process can't re-open the database files. This is being worked on.
ok gilles@
|
#
1.2 |
|
31-May-2010 |
martinh |
Remove trailing whitespace and spaces before tabs.
ok gilles@
|
#
1.1 |
|
31-May-2010 |
martinh |
Initial import of ldapd, a small LDAP daemon. Work in progress.
ok deraadt@ jacekm@ gilles@ back@ henning@ blambert@
|
#
1.35 |
|
15-Dec-2021 |
deraadt |
PATH_MAX+1 rarely makes sense, and abort if this happens in the imsg. ok jmatthew millert
|
Revision tags: OPENBSD_7_0_BASE
|
#
1.34 |
|
20-Apr-2021 |
dv |
Move TAILQ initialization to files where they are used.
These priv-sep daemons all follow a similar design and use TAILQs for tracking control process connections. In most cases, the TAILQs are initialized separate from where they are used. Since the scope of use is generally confined to a specific control process file, this commit also removes any extern definitions and exposing the TAILQ structures to other compilation units.
ok bluhm@, tb@
|
Revision tags: OPENBSD_6_7_BASE OPENBSD_6_8_BASE OPENBSD_6_9_BASE
|
#
1.33 |
|
26-Oct-2019 |
martijn |
The starttls command doesn't have a value with its extended request. The handling of this changed with libutil/ber.c r1.12 resulting in starttls failing.
Found by several. Fix suggestion by roklein <at> roklein <dot> de OK claudio@
|
#
1.32 |
|
24-Oct-2019 |
tb |
The ber_* namespace is used by liblber since time immemorial, so move our BER API to the unused ober_* prefix to avoid some breakage in ports.
Problem diagnosed by jmatthew with ber_free() in samba, but there are many others as pointed out by sthen.
tests & ok rob ok sthen (who had an almost identical diff for libutil) "go head hit it" deraadt
|
Revision tags: OPENBSD_6_6_BASE
|
#
1.31 |
|
28-Jun-2019 |
deraadt |
branches: 1.31.2; When system calls indicate an error they return -1, not some arbitrary value < 0. errno is only updated in this case. Change all (most?) callers of syscalls to follow this better, and let's see if this strictness helps us in the future.
|
Revision tags: OPENBSD_6_4_BASE OPENBSD_6_5_BASE
|
#
1.30 |
|
12-Aug-2018 |
rob |
Change ber_write_elements() to return ssize_t instead of int.
ok claudio@
|
#
1.29 |
|
31-Jul-2018 |
claudio |
Make ber type and encoding a unsigned int instead of unsigned long. This way the size is the same on all archs and 32bit should be good enough. OK rob@
|
#
1.28 |
|
04-Jul-2018 |
rob |
Avoid possible vfprintf NULL errors in ldap_unbind().
Ok benno@
|
#
1.27 |
|
15-May-2018 |
reyk |
Fix format string errors in log messages and update ldapd to use relayd's log.c
OK benno@ jmatthew@
|
Revision tags: OPENBSD_6_1_BASE OPENBSD_6_2_BASE OPENBSD_6_3_BASE
|
#
1.26 |
|
24-Feb-2017 |
gsoares |
Implement fork+exec model
OK jmatthew@
|
#
1.25 |
|
20-Jan-2017 |
benno |
work on making log.c similar in all daemons:
move daemon-local functions into new logmsg.c, and reduce the (mostly whitespace) differences so that log.c's can be diffed easily.
ok krw@ jmatthew@
|
Revision tags: OPENBSD_6_0_BASE
|
#
1.24 |
|
01-May-2016 |
jmatthew |
convert ldapd to use the libtls api, bringing in a copy of the evbuffer_tls code from syslogd.
ok beck@ benno@
|
Revision tags: OPENBSD_5_9_BASE
|
#
1.23 |
|
24-Dec-2015 |
mmcc |
bzero -> memset. No binary change.
|
#
1.22 |
|
02-Nov-2015 |
jmatthew |
use SOCK_NONBLOCK instead of fcntl
ok dlg@
|
#
1.21 |
|
02-Nov-2015 |
jmatthew |
Both ldapd processes need "stdio" to talk to clients and each other. The parent process opens database files ("rpath wpath cpath"), sends fds to the child ("sendfd"), and does bsd auth on behalf of the child ("getpw proc exec").
The child process accepts client connections ("inet unix"), receives fds from the parent ("recvfd") and locks database files ("flock").
ok deraadt@
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.20 |
|
03-Jun-2015 |
millert |
Do not assume that asprintf() clears the pointer on failure, which is non-portable. Also add missing asprintf() return value checks. OK deraadt@ guenther@ doug@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.19 |
|
16-Jan-2015 |
deraadt |
change to <limits.h> universe. The only changes in the binary are due to the heavy use of assert. ok millert
|
Revision tags: OPENBSD_5_5_BASE OPENBSD_5_6_BASE
|
#
1.18 |
|
02-Nov-2013 |
deraadt |
bunch of format string cleanups, removing %i, signed vs unsigned, and even a few long long's ok jmatthew
|
Revision tags: OPENBSD_5_2_BASE OPENBSD_5_3_BASE OPENBSD_5_4_BASE
|
#
1.17 |
|
16-Jun-2012 |
jmatthew |
Protect against fd exhaustion when reopening database files. Only accept client or control connections when there are at least 8 fds available, and close a connection before calling imsg_read if it would be unable to accept an fd from the parent process.
ok gilles@
|
#
1.16 |
|
11-Apr-2012 |
deraadt |
rate limiting of accept() in various cases. Testing by jmatthew. there maybe still be a corner case where it needs one more file descriptor beyond the limit..
|
#
1.15 |
|
01-Apr-2012 |
deraadt |
use our umask() before AF_UNIX bind() semantics; ok pyr
|
Revision tags: OPENBSD_4_9_BASE OPENBSD_5_0_BASE OPENBSD_5_1_BASE
|
#
1.14 |
|
10-Nov-2010 |
martinh |
Make -dvv flags produce debug traces of decoded BER messages on stderr. Also shows a hexdump of the input buffer if BER decoding fails. Useful when debugging protocol issues.
|
#
1.13 |
|
01-Sep-2010 |
martinh |
Move generic imsg/libevent glue to a separate file.
with eric@ at c2k10
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.12 |
|
10-Jul-2010 |
martinh |
Retry requests when the btree is busy. Without this, clients will just hang waiting for a response if the btree was being reopened when the request was received.
|
#
1.11 |
|
01-Jul-2010 |
martinh |
Implement the LDAP compare operation.
|
#
1.10 |
|
01-Jul-2010 |
martinh |
Remove dead assignments. Found by clang static analyzer.
|
#
1.9 |
|
30-Jun-2010 |
martinh |
Don't send statistics for referral namespaces. This unbreaks ldapctl stats. Avoid null pointer dereference when reopening a namespace.
|
#
1.8 |
|
29-Jun-2010 |
martinh |
Add support for referrals. Referrals are configured in the config file, either in the global context or in a namespace. The latter can be used to delegate requests to different servers for specific parts of the DIT. The former is a global catch-all referral.
|
#
1.7 |
|
29-Jun-2010 |
martinh |
Remember on what listener a connection got from, and return protocol error if trying to use starttls without a configured certificate, instead of just blocking the client.
|
#
1.6 |
|
23-Jun-2010 |
martinh |
Remove compaction and indexing from ldapd. It is better done by a separate process now that the btree can pick up the changes automatically.
|
#
1.5 |
|
15-Jun-2010 |
martinh |
Implement support in the parent to (re-)open database files on behalf of the unprivileged child over imsg. Part of a larger change that will fix database compaction.
|
#
1.4 |
|
11-Jun-2010 |
martinh |
print long long int as %lld
|
#
1.3 |
|
03-Jun-2010 |
martinh |
Open database files before chrooting, and use an absolute path to the database files, instead of relying on the chrooted-to path.
This breaks compaction as the ldape process can't re-open the database files. This is being worked on.
ok gilles@
|
#
1.2 |
|
31-May-2010 |
martinh |
Remove trailing whitespace and spaces before tabs.
ok gilles@
|
#
1.1 |
|
31-May-2010 |
martinh |
Initial import of ldapd, a small LDAP daemon. Work in progress.
ok deraadt@ jacekm@ gilles@ back@ henning@ blambert@
|
#
1.34 |
|
20-Apr-2021 |
dv |
Move TAILQ initialization to files where they are used.
These priv-sep daemons all follow a similar design and use TAILQs for tracking control process connections. In most cases, the TAILQs are initialized separate from where they are used. Since the scope of use is generally confined to a specific control process file, this commit also removes any extern definitions and exposing the TAILQ structures to other compilation units.
ok bluhm@, tb@
|
Revision tags: OPENBSD_6_7_BASE OPENBSD_6_8_BASE OPENBSD_6_9_BASE
|
#
1.33 |
|
26-Oct-2019 |
martijn |
The starttls command doesn't have a value with its extended request. The handling of this changed with libutil/ber.c r1.12 resulting in starttls failing.
Found by several. Fix suggestion by roklein <at> roklein <dot> de OK claudio@
|
#
1.32 |
|
24-Oct-2019 |
tb |
The ber_* namespace is used by liblber since time immemorial, so move our BER API to the unused ober_* prefix to avoid some breakage in ports.
Problem diagnosed by jmatthew with ber_free() in samba, but there are many others as pointed out by sthen.
tests & ok rob ok sthen (who had an almost identical diff for libutil) "go head hit it" deraadt
|
Revision tags: OPENBSD_6_6_BASE
|
#
1.31 |
|
28-Jun-2019 |
deraadt |
branches: 1.31.2; When system calls indicate an error they return -1, not some arbitrary value < 0. errno is only updated in this case. Change all (most?) callers of syscalls to follow this better, and let's see if this strictness helps us in the future.
|
Revision tags: OPENBSD_6_4_BASE OPENBSD_6_5_BASE
|
#
1.30 |
|
12-Aug-2018 |
rob |
Change ber_write_elements() to return ssize_t instead of int.
ok claudio@
|
#
1.29 |
|
31-Jul-2018 |
claudio |
Make ber type and encoding a unsigned int instead of unsigned long. This way the size is the same on all archs and 32bit should be good enough. OK rob@
|
#
1.28 |
|
04-Jul-2018 |
rob |
Avoid possible vfprintf NULL errors in ldap_unbind().
Ok benno@
|
#
1.27 |
|
15-May-2018 |
reyk |
Fix format string errors in log messages and update ldapd to use relayd's log.c
OK benno@ jmatthew@
|
Revision tags: OPENBSD_6_1_BASE OPENBSD_6_2_BASE OPENBSD_6_3_BASE
|
#
1.26 |
|
24-Feb-2017 |
gsoares |
Implement fork+exec model
OK jmatthew@
|
#
1.25 |
|
20-Jan-2017 |
benno |
work on making log.c similar in all daemons:
move daemon-local functions into new logmsg.c, and reduce the (mostly whitespace) differences so that log.c's can be diffed easily.
ok krw@ jmatthew@
|
Revision tags: OPENBSD_6_0_BASE
|
#
1.24 |
|
01-May-2016 |
jmatthew |
convert ldapd to use the libtls api, bringing in a copy of the evbuffer_tls code from syslogd.
ok beck@ benno@
|
Revision tags: OPENBSD_5_9_BASE
|
#
1.23 |
|
24-Dec-2015 |
mmcc |
bzero -> memset. No binary change.
|
#
1.22 |
|
02-Nov-2015 |
jmatthew |
use SOCK_NONBLOCK instead of fcntl
ok dlg@
|
#
1.21 |
|
02-Nov-2015 |
jmatthew |
Both ldapd processes need "stdio" to talk to clients and each other. The parent process opens database files ("rpath wpath cpath"), sends fds to the child ("sendfd"), and does bsd auth on behalf of the child ("getpw proc exec").
The child process accepts client connections ("inet unix"), receives fds from the parent ("recvfd") and locks database files ("flock").
ok deraadt@
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.20 |
|
03-Jun-2015 |
millert |
Do not assume that asprintf() clears the pointer on failure, which is non-portable. Also add missing asprintf() return value checks. OK deraadt@ guenther@ doug@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.19 |
|
16-Jan-2015 |
deraadt |
change to <limits.h> universe. The only changes in the binary are due to the heavy use of assert. ok millert
|
Revision tags: OPENBSD_5_5_BASE OPENBSD_5_6_BASE
|
#
1.18 |
|
02-Nov-2013 |
deraadt |
bunch of format string cleanups, removing %i, signed vs unsigned, and even a few long long's ok jmatthew
|
Revision tags: OPENBSD_5_2_BASE OPENBSD_5_3_BASE OPENBSD_5_4_BASE
|
#
1.17 |
|
16-Jun-2012 |
jmatthew |
Protect against fd exhaustion when reopening database files. Only accept client or control connections when there are at least 8 fds available, and close a connection before calling imsg_read if it would be unable to accept an fd from the parent process.
ok gilles@
|
#
1.16 |
|
11-Apr-2012 |
deraadt |
rate limiting of accept() in various cases. Testing by jmatthew. there maybe still be a corner case where it needs one more file descriptor beyond the limit..
|
#
1.15 |
|
01-Apr-2012 |
deraadt |
use our umask() before AF_UNIX bind() semantics; ok pyr
|
Revision tags: OPENBSD_4_9_BASE OPENBSD_5_0_BASE OPENBSD_5_1_BASE
|
#
1.14 |
|
10-Nov-2010 |
martinh |
Make -dvv flags produce debug traces of decoded BER messages on stderr. Also shows a hexdump of the input buffer if BER decoding fails. Useful when debugging protocol issues.
|
#
1.13 |
|
01-Sep-2010 |
martinh |
Move generic imsg/libevent glue to a separate file.
with eric@ at c2k10
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.12 |
|
10-Jul-2010 |
martinh |
Retry requests when the btree is busy. Without this, clients will just hang waiting for a response if the btree was being reopened when the request was received.
|
#
1.11 |
|
01-Jul-2010 |
martinh |
Implement the LDAP compare operation.
|
#
1.10 |
|
01-Jul-2010 |
martinh |
Remove dead assignments. Found by clang static analyzer.
|
#
1.9 |
|
30-Jun-2010 |
martinh |
Don't send statistics for referral namespaces. This unbreaks ldapctl stats. Avoid null pointer dereference when reopening a namespace.
|
#
1.8 |
|
29-Jun-2010 |
martinh |
Add support for referrals. Referrals are configured in the config file, either in the global context or in a namespace. The latter can be used to delegate requests to different servers for specific parts of the DIT. The former is a global catch-all referral.
|
#
1.7 |
|
29-Jun-2010 |
martinh |
Remember on what listener a connection got from, and return protocol error if trying to use starttls without a configured certificate, instead of just blocking the client.
|
#
1.6 |
|
23-Jun-2010 |
martinh |
Remove compaction and indexing from ldapd. It is better done by a separate process now that the btree can pick up the changes automatically.
|
#
1.5 |
|
15-Jun-2010 |
martinh |
Implement support in the parent to (re-)open database files on behalf of the unprivileged child over imsg. Part of a larger change that will fix database compaction.
|
#
1.4 |
|
11-Jun-2010 |
martinh |
print long long int as %lld
|
#
1.3 |
|
03-Jun-2010 |
martinh |
Open database files before chrooting, and use an absolute path to the database files, instead of relying on the chrooted-to path.
This breaks compaction as the ldape process can't re-open the database files. This is being worked on.
ok gilles@
|
#
1.2 |
|
31-May-2010 |
martinh |
Remove trailing whitespace and spaces before tabs.
ok gilles@
|
#
1.1 |
|
31-May-2010 |
martinh |
Initial import of ldapd, a small LDAP daemon. Work in progress.
ok deraadt@ jacekm@ gilles@ back@ henning@ blambert@
|
#
1.33 |
|
26-Oct-2019 |
martijn |
The starttls command doesn't have a value with its extended request. The handling of this changed with libutil/ber.c r1.12 resulting in starttls failing.
Found by several. Fix suggestion by roklein <at> roklein <dot> de OK claudio@
|
#
1.32 |
|
24-Oct-2019 |
tb |
The ber_* namespace is used by liblber since time immemorial, so move our BER API to the unused ober_* prefix to avoid some breakage in ports.
Problem diagnosed by jmatthew with ber_free() in samba, but there are many others as pointed out by sthen.
tests & ok rob ok sthen (who had an almost identical diff for libutil) "go head hit it" deraadt
|
Revision tags: OPENBSD_6_6_BASE
|
#
1.31 |
|
28-Jun-2019 |
deraadt |
When system calls indicate an error they return -1, not some arbitrary value < 0. errno is only updated in this case. Change all (most?) callers of syscalls to follow this better, and let's see if this strictness helps us in the future.
|
Revision tags: OPENBSD_6_4_BASE OPENBSD_6_5_BASE
|
#
1.30 |
|
12-Aug-2018 |
rob |
Change ber_write_elements() to return ssize_t instead of int.
ok claudio@
|
#
1.29 |
|
31-Jul-2018 |
claudio |
Make ber type and encoding a unsigned int instead of unsigned long. This way the size is the same on all archs and 32bit should be good enough. OK rob@
|
#
1.28 |
|
04-Jul-2018 |
rob |
Avoid possible vfprintf NULL errors in ldap_unbind().
Ok benno@
|
#
1.27 |
|
15-May-2018 |
reyk |
Fix format string errors in log messages and update ldapd to use relayd's log.c
OK benno@ jmatthew@
|
Revision tags: OPENBSD_6_1_BASE OPENBSD_6_2_BASE OPENBSD_6_3_BASE
|
#
1.26 |
|
24-Feb-2017 |
gsoares |
Implement fork+exec model
OK jmatthew@
|
#
1.25 |
|
20-Jan-2017 |
benno |
work on making log.c similar in all daemons:
move daemon-local functions into new logmsg.c, and reduce the (mostly whitespace) differences so that log.c's can be diffed easily.
ok krw@ jmatthew@
|
Revision tags: OPENBSD_6_0_BASE
|
#
1.24 |
|
01-May-2016 |
jmatthew |
convert ldapd to use the libtls api, bringing in a copy of the evbuffer_tls code from syslogd.
ok beck@ benno@
|
Revision tags: OPENBSD_5_9_BASE
|
#
1.23 |
|
24-Dec-2015 |
mmcc |
bzero -> memset. No binary change.
|
#
1.22 |
|
02-Nov-2015 |
jmatthew |
use SOCK_NONBLOCK instead of fcntl
ok dlg@
|
#
1.21 |
|
02-Nov-2015 |
jmatthew |
Both ldapd processes need "stdio" to talk to clients and each other. The parent process opens database files ("rpath wpath cpath"), sends fds to the child ("sendfd"), and does bsd auth on behalf of the child ("getpw proc exec").
The child process accepts client connections ("inet unix"), receives fds from the parent ("recvfd") and locks database files ("flock").
ok deraadt@
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.20 |
|
03-Jun-2015 |
millert |
Do not assume that asprintf() clears the pointer on failure, which is non-portable. Also add missing asprintf() return value checks. OK deraadt@ guenther@ doug@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.19 |
|
16-Jan-2015 |
deraadt |
change to <limits.h> universe. The only changes in the binary are due to the heavy use of assert. ok millert
|
Revision tags: OPENBSD_5_5_BASE OPENBSD_5_6_BASE
|
#
1.18 |
|
02-Nov-2013 |
deraadt |
bunch of format string cleanups, removing %i, signed vs unsigned, and even a few long long's ok jmatthew
|
Revision tags: OPENBSD_5_2_BASE OPENBSD_5_3_BASE OPENBSD_5_4_BASE
|
#
1.17 |
|
16-Jun-2012 |
jmatthew |
Protect against fd exhaustion when reopening database files. Only accept client or control connections when there are at least 8 fds available, and close a connection before calling imsg_read if it would be unable to accept an fd from the parent process.
ok gilles@
|
#
1.16 |
|
11-Apr-2012 |
deraadt |
rate limiting of accept() in various cases. Testing by jmatthew. there maybe still be a corner case where it needs one more file descriptor beyond the limit..
|
#
1.15 |
|
01-Apr-2012 |
deraadt |
use our umask() before AF_UNIX bind() semantics; ok pyr
|
Revision tags: OPENBSD_4_9_BASE OPENBSD_5_0_BASE OPENBSD_5_1_BASE
|
#
1.14 |
|
10-Nov-2010 |
martinh |
Make -dvv flags produce debug traces of decoded BER messages on stderr. Also shows a hexdump of the input buffer if BER decoding fails. Useful when debugging protocol issues.
|
#
1.13 |
|
01-Sep-2010 |
martinh |
Move generic imsg/libevent glue to a separate file.
with eric@ at c2k10
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.12 |
|
10-Jul-2010 |
martinh |
Retry requests when the btree is busy. Without this, clients will just hang waiting for a response if the btree was being reopened when the request was received.
|
#
1.11 |
|
01-Jul-2010 |
martinh |
Implement the LDAP compare operation.
|
#
1.10 |
|
01-Jul-2010 |
martinh |
Remove dead assignments. Found by clang static analyzer.
|
#
1.9 |
|
30-Jun-2010 |
martinh |
Don't send statistics for referral namespaces. This unbreaks ldapctl stats. Avoid null pointer dereference when reopening a namespace.
|
#
1.8 |
|
29-Jun-2010 |
martinh |
Add support for referrals. Referrals are configured in the config file, either in the global context or in a namespace. The latter can be used to delegate requests to different servers for specific parts of the DIT. The former is a global catch-all referral.
|
#
1.7 |
|
29-Jun-2010 |
martinh |
Remember on what listener a connection got from, and return protocol error if trying to use starttls without a configured certificate, instead of just blocking the client.
|
#
1.6 |
|
23-Jun-2010 |
martinh |
Remove compaction and indexing from ldapd. It is better done by a separate process now that the btree can pick up the changes automatically.
|
#
1.5 |
|
15-Jun-2010 |
martinh |
Implement support in the parent to (re-)open database files on behalf of the unprivileged child over imsg. Part of a larger change that will fix database compaction.
|
#
1.4 |
|
11-Jun-2010 |
martinh |
print long long int as %lld
|
#
1.3 |
|
03-Jun-2010 |
martinh |
Open database files before chrooting, and use an absolute path to the database files, instead of relying on the chrooted-to path.
This breaks compaction as the ldape process can't re-open the database files. This is being worked on.
ok gilles@
|
#
1.2 |
|
31-May-2010 |
martinh |
Remove trailing whitespace and spaces before tabs.
ok gilles@
|
#
1.1 |
|
31-May-2010 |
martinh |
Initial import of ldapd, a small LDAP daemon. Work in progress.
ok deraadt@ jacekm@ gilles@ back@ henning@ blambert@
|
#
1.32 |
|
24-Oct-2019 |
tb |
The ber_* namespace is used by liblber since time immemorial, so move our BER API to the unused ober_* prefix to avoid some breakage in ports.
Problem diagnosed by jmatthew with ber_free() in samba, but there are many others as pointed out by sthen.
tests & ok rob ok sthen (who had an almost identical diff for libutil) "go head hit it" deraadt
|
Revision tags: OPENBSD_6_6_BASE
|
#
1.31 |
|
28-Jun-2019 |
deraadt |
When system calls indicate an error they return -1, not some arbitrary value < 0. errno is only updated in this case. Change all (most?) callers of syscalls to follow this better, and let's see if this strictness helps us in the future.
|
Revision tags: OPENBSD_6_4_BASE OPENBSD_6_5_BASE
|
#
1.30 |
|
12-Aug-2018 |
rob |
Change ber_write_elements() to return ssize_t instead of int.
ok claudio@
|
#
1.29 |
|
31-Jul-2018 |
claudio |
Make ber type and encoding a unsigned int instead of unsigned long. This way the size is the same on all archs and 32bit should be good enough. OK rob@
|
#
1.28 |
|
04-Jul-2018 |
rob |
Avoid possible vfprintf NULL errors in ldap_unbind().
Ok benno@
|
#
1.27 |
|
15-May-2018 |
reyk |
Fix format string errors in log messages and update ldapd to use relayd's log.c
OK benno@ jmatthew@
|
Revision tags: OPENBSD_6_1_BASE OPENBSD_6_2_BASE OPENBSD_6_3_BASE
|
#
1.26 |
|
24-Feb-2017 |
gsoares |
Implement fork+exec model
OK jmatthew@
|
#
1.25 |
|
20-Jan-2017 |
benno |
work on making log.c similar in all daemons:
move daemon-local functions into new logmsg.c, and reduce the (mostly whitespace) differences so that log.c's can be diffed easily.
ok krw@ jmatthew@
|
Revision tags: OPENBSD_6_0_BASE
|
#
1.24 |
|
01-May-2016 |
jmatthew |
convert ldapd to use the libtls api, bringing in a copy of the evbuffer_tls code from syslogd.
ok beck@ benno@
|
Revision tags: OPENBSD_5_9_BASE
|
#
1.23 |
|
24-Dec-2015 |
mmcc |
bzero -> memset. No binary change.
|
#
1.22 |
|
02-Nov-2015 |
jmatthew |
use SOCK_NONBLOCK instead of fcntl
ok dlg@
|
#
1.21 |
|
02-Nov-2015 |
jmatthew |
Both ldapd processes need "stdio" to talk to clients and each other. The parent process opens database files ("rpath wpath cpath"), sends fds to the child ("sendfd"), and does bsd auth on behalf of the child ("getpw proc exec").
The child process accepts client connections ("inet unix"), receives fds from the parent ("recvfd") and locks database files ("flock").
ok deraadt@
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.20 |
|
03-Jun-2015 |
millert |
Do not assume that asprintf() clears the pointer on failure, which is non-portable. Also add missing asprintf() return value checks. OK deraadt@ guenther@ doug@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.19 |
|
16-Jan-2015 |
deraadt |
change to <limits.h> universe. The only changes in the binary are due to the heavy use of assert. ok millert
|
Revision tags: OPENBSD_5_5_BASE OPENBSD_5_6_BASE
|
#
1.18 |
|
02-Nov-2013 |
deraadt |
bunch of format string cleanups, removing %i, signed vs unsigned, and even a few long long's ok jmatthew
|
Revision tags: OPENBSD_5_2_BASE OPENBSD_5_3_BASE OPENBSD_5_4_BASE
|
#
1.17 |
|
16-Jun-2012 |
jmatthew |
Protect against fd exhaustion when reopening database files. Only accept client or control connections when there are at least 8 fds available, and close a connection before calling imsg_read if it would be unable to accept an fd from the parent process.
ok gilles@
|
#
1.16 |
|
11-Apr-2012 |
deraadt |
rate limiting of accept() in various cases. Testing by jmatthew. there maybe still be a corner case where it needs one more file descriptor beyond the limit..
|
#
1.15 |
|
01-Apr-2012 |
deraadt |
use our umask() before AF_UNIX bind() semantics; ok pyr
|
Revision tags: OPENBSD_4_9_BASE OPENBSD_5_0_BASE OPENBSD_5_1_BASE
|
#
1.14 |
|
10-Nov-2010 |
martinh |
Make -dvv flags produce debug traces of decoded BER messages on stderr. Also shows a hexdump of the input buffer if BER decoding fails. Useful when debugging protocol issues.
|
#
1.13 |
|
01-Sep-2010 |
martinh |
Move generic imsg/libevent glue to a separate file.
with eric@ at c2k10
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.12 |
|
10-Jul-2010 |
martinh |
Retry requests when the btree is busy. Without this, clients will just hang waiting for a response if the btree was being reopened when the request was received.
|
#
1.11 |
|
01-Jul-2010 |
martinh |
Implement the LDAP compare operation.
|
#
1.10 |
|
01-Jul-2010 |
martinh |
Remove dead assignments. Found by clang static analyzer.
|
#
1.9 |
|
30-Jun-2010 |
martinh |
Don't send statistics for referral namespaces. This unbreaks ldapctl stats. Avoid null pointer dereference when reopening a namespace.
|
#
1.8 |
|
29-Jun-2010 |
martinh |
Add support for referrals. Referrals are configured in the config file, either in the global context or in a namespace. The latter can be used to delegate requests to different servers for specific parts of the DIT. The former is a global catch-all referral.
|
#
1.7 |
|
29-Jun-2010 |
martinh |
Remember on what listener a connection got from, and return protocol error if trying to use starttls without a configured certificate, instead of just blocking the client.
|
#
1.6 |
|
23-Jun-2010 |
martinh |
Remove compaction and indexing from ldapd. It is better done by a separate process now that the btree can pick up the changes automatically.
|
#
1.5 |
|
15-Jun-2010 |
martinh |
Implement support in the parent to (re-)open database files on behalf of the unprivileged child over imsg. Part of a larger change that will fix database compaction.
|
#
1.4 |
|
11-Jun-2010 |
martinh |
print long long int as %lld
|
#
1.3 |
|
03-Jun-2010 |
martinh |
Open database files before chrooting, and use an absolute path to the database files, instead of relying on the chrooted-to path.
This breaks compaction as the ldape process can't re-open the database files. This is being worked on.
ok gilles@
|
#
1.2 |
|
31-May-2010 |
martinh |
Remove trailing whitespace and spaces before tabs.
ok gilles@
|
#
1.1 |
|
31-May-2010 |
martinh |
Initial import of ldapd, a small LDAP daemon. Work in progress.
ok deraadt@ jacekm@ gilles@ back@ henning@ blambert@
|
#
1.31 |
|
28-Jun-2019 |
deraadt |
When system calls indicate an error they return -1, not some arbitrary value < 0. errno is only updated in this case. Change all (most?) callers of syscalls to follow this better, and let's see if this strictness helps us in the future.
|
Revision tags: OPENBSD_6_4_BASE OPENBSD_6_5_BASE
|
#
1.30 |
|
12-Aug-2018 |
rob |
Change ber_write_elements() to return ssize_t instead of int.
ok claudio@
|
#
1.29 |
|
31-Jul-2018 |
claudio |
Make ber type and encoding a unsigned int instead of unsigned long. This way the size is the same on all archs and 32bit should be good enough. OK rob@
|
#
1.28 |
|
04-Jul-2018 |
rob |
Avoid possible vfprintf NULL errors in ldap_unbind().
Ok benno@
|
#
1.27 |
|
15-May-2018 |
reyk |
Fix format string errors in log messages and update ldapd to use relayd's log.c
OK benno@ jmatthew@
|
Revision tags: OPENBSD_6_1_BASE OPENBSD_6_2_BASE OPENBSD_6_3_BASE
|
#
1.26 |
|
24-Feb-2017 |
gsoares |
Implement fork+exec model
OK jmatthew@
|
#
1.25 |
|
20-Jan-2017 |
benno |
work on making log.c similar in all daemons:
move daemon-local functions into new logmsg.c, and reduce the (mostly whitespace) differences so that log.c's can be diffed easily.
ok krw@ jmatthew@
|
Revision tags: OPENBSD_6_0_BASE
|
#
1.24 |
|
01-May-2016 |
jmatthew |
convert ldapd to use the libtls api, bringing in a copy of the evbuffer_tls code from syslogd.
ok beck@ benno@
|
Revision tags: OPENBSD_5_9_BASE
|
#
1.23 |
|
24-Dec-2015 |
mmcc |
bzero -> memset. No binary change.
|
#
1.22 |
|
02-Nov-2015 |
jmatthew |
use SOCK_NONBLOCK instead of fcntl
ok dlg@
|
#
1.21 |
|
02-Nov-2015 |
jmatthew |
Both ldapd processes need "stdio" to talk to clients and each other. The parent process opens database files ("rpath wpath cpath"), sends fds to the child ("sendfd"), and does bsd auth on behalf of the child ("getpw proc exec").
The child process accepts client connections ("inet unix"), receives fds from the parent ("recvfd") and locks database files ("flock").
ok deraadt@
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.20 |
|
03-Jun-2015 |
millert |
Do not assume that asprintf() clears the pointer on failure, which is non-portable. Also add missing asprintf() return value checks. OK deraadt@ guenther@ doug@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.19 |
|
16-Jan-2015 |
deraadt |
change to <limits.h> universe. The only changes in the binary are due to the heavy use of assert. ok millert
|
Revision tags: OPENBSD_5_5_BASE OPENBSD_5_6_BASE
|
#
1.18 |
|
02-Nov-2013 |
deraadt |
bunch of format string cleanups, removing %i, signed vs unsigned, and even a few long long's ok jmatthew
|
Revision tags: OPENBSD_5_2_BASE OPENBSD_5_3_BASE OPENBSD_5_4_BASE
|
#
1.17 |
|
16-Jun-2012 |
jmatthew |
Protect against fd exhaustion when reopening database files. Only accept client or control connections when there are at least 8 fds available, and close a connection before calling imsg_read if it would be unable to accept an fd from the parent process.
ok gilles@
|
#
1.16 |
|
11-Apr-2012 |
deraadt |
rate limiting of accept() in various cases. Testing by jmatthew. there maybe still be a corner case where it needs one more file descriptor beyond the limit..
|
#
1.15 |
|
01-Apr-2012 |
deraadt |
use our umask() before AF_UNIX bind() semantics; ok pyr
|
Revision tags: OPENBSD_4_9_BASE OPENBSD_5_0_BASE OPENBSD_5_1_BASE
|
#
1.14 |
|
10-Nov-2010 |
martinh |
Make -dvv flags produce debug traces of decoded BER messages on stderr. Also shows a hexdump of the input buffer if BER decoding fails. Useful when debugging protocol issues.
|
#
1.13 |
|
01-Sep-2010 |
martinh |
Move generic imsg/libevent glue to a separate file.
with eric@ at c2k10
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.12 |
|
10-Jul-2010 |
martinh |
Retry requests when the btree is busy. Without this, clients will just hang waiting for a response if the btree was being reopened when the request was received.
|
#
1.11 |
|
01-Jul-2010 |
martinh |
Implement the LDAP compare operation.
|
#
1.10 |
|
01-Jul-2010 |
martinh |
Remove dead assignments. Found by clang static analyzer.
|
#
1.9 |
|
30-Jun-2010 |
martinh |
Don't send statistics for referral namespaces. This unbreaks ldapctl stats. Avoid null pointer dereference when reopening a namespace.
|
#
1.8 |
|
29-Jun-2010 |
martinh |
Add support for referrals. Referrals are configured in the config file, either in the global context or in a namespace. The latter can be used to delegate requests to different servers for specific parts of the DIT. The former is a global catch-all referral.
|
#
1.7 |
|
29-Jun-2010 |
martinh |
Remember on what listener a connection got from, and return protocol error if trying to use starttls without a configured certificate, instead of just blocking the client.
|
#
1.6 |
|
23-Jun-2010 |
martinh |
Remove compaction and indexing from ldapd. It is better done by a separate process now that the btree can pick up the changes automatically.
|
#
1.5 |
|
15-Jun-2010 |
martinh |
Implement support in the parent to (re-)open database files on behalf of the unprivileged child over imsg. Part of a larger change that will fix database compaction.
|
#
1.4 |
|
11-Jun-2010 |
martinh |
print long long int as %lld
|
#
1.3 |
|
03-Jun-2010 |
martinh |
Open database files before chrooting, and use an absolute path to the database files, instead of relying on the chrooted-to path.
This breaks compaction as the ldape process can't re-open the database files. This is being worked on.
ok gilles@
|
#
1.2 |
|
31-May-2010 |
martinh |
Remove trailing whitespace and spaces before tabs.
ok gilles@
|
#
1.1 |
|
31-May-2010 |
martinh |
Initial import of ldapd, a small LDAP daemon. Work in progress.
ok deraadt@ jacekm@ gilles@ back@ henning@ blambert@
|
#
1.30 |
|
12-Aug-2018 |
rob |
Change ber_write_elements() to return ssize_t instead of int.
ok claudio@
|
#
1.29 |
|
31-Jul-2018 |
claudio |
Make ber type and encoding a unsigned int instead of unsigned long. This way the size is the same on all archs and 32bit should be good enough. OK rob@
|
#
1.28 |
|
04-Jul-2018 |
rob |
Avoid possible vfprintf NULL errors in ldap_unbind().
Ok benno@
|
#
1.27 |
|
15-May-2018 |
reyk |
Fix format string errors in log messages and update ldapd to use relayd's log.c
OK benno@ jmatthew@
|
Revision tags: OPENBSD_6_1_BASE OPENBSD_6_2_BASE OPENBSD_6_3_BASE
|
#
1.26 |
|
24-Feb-2017 |
gsoares |
Implement fork+exec model
OK jmatthew@
|
#
1.25 |
|
20-Jan-2017 |
benno |
work on making log.c similar in all daemons:
move daemon-local functions into new logmsg.c, and reduce the (mostly whitespace) differences so that log.c's can be diffed easily.
ok krw@ jmatthew@
|
Revision tags: OPENBSD_6_0_BASE
|
#
1.24 |
|
01-May-2016 |
jmatthew |
convert ldapd to use the libtls api, bringing in a copy of the evbuffer_tls code from syslogd.
ok beck@ benno@
|
Revision tags: OPENBSD_5_9_BASE
|
#
1.23 |
|
24-Dec-2015 |
mmcc |
bzero -> memset. No binary change.
|
#
1.22 |
|
02-Nov-2015 |
jmatthew |
use SOCK_NONBLOCK instead of fcntl
ok dlg@
|
#
1.21 |
|
02-Nov-2015 |
jmatthew |
Both ldapd processes need "stdio" to talk to clients and each other. The parent process opens database files ("rpath wpath cpath"), sends fds to the child ("sendfd"), and does bsd auth on behalf of the child ("getpw proc exec").
The child process accepts client connections ("inet unix"), receives fds from the parent ("recvfd") and locks database files ("flock").
ok deraadt@
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.20 |
|
03-Jun-2015 |
millert |
Do not assume that asprintf() clears the pointer on failure, which is non-portable. Also add missing asprintf() return value checks. OK deraadt@ guenther@ doug@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.19 |
|
16-Jan-2015 |
deraadt |
change to <limits.h> universe. The only changes in the binary are due to the heavy use of assert. ok millert
|
Revision tags: OPENBSD_5_5_BASE OPENBSD_5_6_BASE
|
#
1.18 |
|
02-Nov-2013 |
deraadt |
bunch of format string cleanups, removing %i, signed vs unsigned, and even a few long long's ok jmatthew
|
Revision tags: OPENBSD_5_2_BASE OPENBSD_5_3_BASE OPENBSD_5_4_BASE
|
#
1.17 |
|
16-Jun-2012 |
jmatthew |
Protect against fd exhaustion when reopening database files. Only accept client or control connections when there are at least 8 fds available, and close a connection before calling imsg_read if it would be unable to accept an fd from the parent process.
ok gilles@
|
#
1.16 |
|
11-Apr-2012 |
deraadt |
rate limiting of accept() in various cases. Testing by jmatthew. there maybe still be a corner case where it needs one more file descriptor beyond the limit..
|
#
1.15 |
|
01-Apr-2012 |
deraadt |
use our umask() before AF_UNIX bind() semantics; ok pyr
|
Revision tags: OPENBSD_4_9_BASE OPENBSD_5_0_BASE OPENBSD_5_1_BASE
|
#
1.14 |
|
10-Nov-2010 |
martinh |
Make -dvv flags produce debug traces of decoded BER messages on stderr. Also shows a hexdump of the input buffer if BER decoding fails. Useful when debugging protocol issues.
|
#
1.13 |
|
01-Sep-2010 |
martinh |
Move generic imsg/libevent glue to a separate file.
with eric@ at c2k10
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.12 |
|
10-Jul-2010 |
martinh |
Retry requests when the btree is busy. Without this, clients will just hang waiting for a response if the btree was being reopened when the request was received.
|
#
1.11 |
|
01-Jul-2010 |
martinh |
Implement the LDAP compare operation.
|
#
1.10 |
|
01-Jul-2010 |
martinh |
Remove dead assignments. Found by clang static analyzer.
|
#
1.9 |
|
30-Jun-2010 |
martinh |
Don't send statistics for referral namespaces. This unbreaks ldapctl stats. Avoid null pointer dereference when reopening a namespace.
|
#
1.8 |
|
29-Jun-2010 |
martinh |
Add support for referrals. Referrals are configured in the config file, either in the global context or in a namespace. The latter can be used to delegate requests to different servers for specific parts of the DIT. The former is a global catch-all referral.
|
#
1.7 |
|
29-Jun-2010 |
martinh |
Remember on what listener a connection got from, and return protocol error if trying to use starttls without a configured certificate, instead of just blocking the client.
|
#
1.6 |
|
23-Jun-2010 |
martinh |
Remove compaction and indexing from ldapd. It is better done by a separate process now that the btree can pick up the changes automatically.
|
#
1.5 |
|
15-Jun-2010 |
martinh |
Implement support in the parent to (re-)open database files on behalf of the unprivileged child over imsg. Part of a larger change that will fix database compaction.
|
#
1.4 |
|
11-Jun-2010 |
martinh |
print long long int as %lld
|
#
1.3 |
|
03-Jun-2010 |
martinh |
Open database files before chrooting, and use an absolute path to the database files, instead of relying on the chrooted-to path.
This breaks compaction as the ldape process can't re-open the database files. This is being worked on.
ok gilles@
|
#
1.2 |
|
31-May-2010 |
martinh |
Remove trailing whitespace and spaces before tabs.
ok gilles@
|
#
1.1 |
|
31-May-2010 |
martinh |
Initial import of ldapd, a small LDAP daemon. Work in progress.
ok deraadt@ jacekm@ gilles@ back@ henning@ blambert@
|
#
1.28 |
|
04-Jul-2018 |
rob |
Avoid possible vfprintf NULL errors in ldap_unbind().
Ok benno@
|
#
1.27 |
|
15-May-2018 |
reyk |
Fix format string errors in log messages and update ldapd to use relayd's log.c
OK benno@ jmatthew@
|
Revision tags: OPENBSD_6_1_BASE OPENBSD_6_2_BASE OPENBSD_6_3_BASE
|
#
1.26 |
|
24-Feb-2017 |
gsoares |
Implement fork+exec model
OK jmatthew@
|
#
1.25 |
|
20-Jan-2017 |
benno |
work on making log.c similar in all daemons:
move daemon-local functions into new logmsg.c, and reduce the (mostly whitespace) differences so that log.c's can be diffed easily.
ok krw@ jmatthew@
|
Revision tags: OPENBSD_6_0_BASE
|
#
1.24 |
|
01-May-2016 |
jmatthew |
convert ldapd to use the libtls api, bringing in a copy of the evbuffer_tls code from syslogd.
ok beck@ benno@
|
Revision tags: OPENBSD_5_9_BASE
|
#
1.23 |
|
24-Dec-2015 |
mmcc |
bzero -> memset. No binary change.
|
#
1.22 |
|
02-Nov-2015 |
jmatthew |
use SOCK_NONBLOCK instead of fcntl
ok dlg@
|
#
1.21 |
|
02-Nov-2015 |
jmatthew |
Both ldapd processes need "stdio" to talk to clients and each other. The parent process opens database files ("rpath wpath cpath"), sends fds to the child ("sendfd"), and does bsd auth on behalf of the child ("getpw proc exec").
The child process accepts client connections ("inet unix"), receives fds from the parent ("recvfd") and locks database files ("flock").
ok deraadt@
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.20 |
|
03-Jun-2015 |
millert |
Do not assume that asprintf() clears the pointer on failure, which is non-portable. Also add missing asprintf() return value checks. OK deraadt@ guenther@ doug@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.19 |
|
16-Jan-2015 |
deraadt |
change to <limits.h> universe. The only changes in the binary are due to the heavy use of assert. ok millert
|
Revision tags: OPENBSD_5_5_BASE OPENBSD_5_6_BASE
|
#
1.18 |
|
02-Nov-2013 |
deraadt |
bunch of format string cleanups, removing %i, signed vs unsigned, and even a few long long's ok jmatthew
|
Revision tags: OPENBSD_5_2_BASE OPENBSD_5_3_BASE OPENBSD_5_4_BASE
|
#
1.17 |
|
16-Jun-2012 |
jmatthew |
Protect against fd exhaustion when reopening database files. Only accept client or control connections when there are at least 8 fds available, and close a connection before calling imsg_read if it would be unable to accept an fd from the parent process.
ok gilles@
|
#
1.16 |
|
11-Apr-2012 |
deraadt |
rate limiting of accept() in various cases. Testing by jmatthew. there maybe still be a corner case where it needs one more file descriptor beyond the limit..
|
#
1.15 |
|
01-Apr-2012 |
deraadt |
use our umask() before AF_UNIX bind() semantics; ok pyr
|
Revision tags: OPENBSD_4_9_BASE OPENBSD_5_0_BASE OPENBSD_5_1_BASE
|
#
1.14 |
|
10-Nov-2010 |
martinh |
Make -dvv flags produce debug traces of decoded BER messages on stderr. Also shows a hexdump of the input buffer if BER decoding fails. Useful when debugging protocol issues.
|
#
1.13 |
|
01-Sep-2010 |
martinh |
Move generic imsg/libevent glue to a separate file.
with eric@ at c2k10
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.12 |
|
10-Jul-2010 |
martinh |
Retry requests when the btree is busy. Without this, clients will just hang waiting for a response if the btree was being reopened when the request was received.
|
#
1.11 |
|
01-Jul-2010 |
martinh |
Implement the LDAP compare operation.
|
#
1.10 |
|
01-Jul-2010 |
martinh |
Remove dead assignments. Found by clang static analyzer.
|
#
1.9 |
|
30-Jun-2010 |
martinh |
Don't send statistics for referral namespaces. This unbreaks ldapctl stats. Avoid null pointer dereference when reopening a namespace.
|
#
1.8 |
|
29-Jun-2010 |
martinh |
Add support for referrals. Referrals are configured in the config file, either in the global context or in a namespace. The latter can be used to delegate requests to different servers for specific parts of the DIT. The former is a global catch-all referral.
|
#
1.7 |
|
29-Jun-2010 |
martinh |
Remember on what listener a connection got from, and return protocol error if trying to use starttls without a configured certificate, instead of just blocking the client.
|
#
1.6 |
|
23-Jun-2010 |
martinh |
Remove compaction and indexing from ldapd. It is better done by a separate process now that the btree can pick up the changes automatically.
|
#
1.5 |
|
15-Jun-2010 |
martinh |
Implement support in the parent to (re-)open database files on behalf of the unprivileged child over imsg. Part of a larger change that will fix database compaction.
|
#
1.4 |
|
11-Jun-2010 |
martinh |
print long long int as %lld
|
#
1.3 |
|
03-Jun-2010 |
martinh |
Open database files before chrooting, and use an absolute path to the database files, instead of relying on the chrooted-to path.
This breaks compaction as the ldape process can't re-open the database files. This is being worked on.
ok gilles@
|
#
1.2 |
|
31-May-2010 |
martinh |
Remove trailing whitespace and spaces before tabs.
ok gilles@
|
#
1.1 |
|
31-May-2010 |
martinh |
Initial import of ldapd, a small LDAP daemon. Work in progress.
ok deraadt@ jacekm@ gilles@ back@ henning@ blambert@
|
#
1.27 |
|
15-May-2018 |
reyk |
Fix format string errors in log messages and update ldapd to use relayd's log.c
OK benno@ jmatthew@
|
Revision tags: OPENBSD_6_1_BASE OPENBSD_6_2_BASE OPENBSD_6_3_BASE
|
#
1.26 |
|
24-Feb-2017 |
gsoares |
Implement fork+exec model
OK jmatthew@
|
#
1.25 |
|
20-Jan-2017 |
benno |
work on making log.c similar in all daemons:
move daemon-local functions into new logmsg.c, and reduce the (mostly whitespace) differences so that log.c's can be diffed easily.
ok krw@ jmatthew@
|
Revision tags: OPENBSD_6_0_BASE
|
#
1.24 |
|
01-May-2016 |
jmatthew |
convert ldapd to use the libtls api, bringing in a copy of the evbuffer_tls code from syslogd.
ok beck@ benno@
|
Revision tags: OPENBSD_5_9_BASE
|
#
1.23 |
|
24-Dec-2015 |
mmcc |
bzero -> memset. No binary change.
|
#
1.22 |
|
02-Nov-2015 |
jmatthew |
use SOCK_NONBLOCK instead of fcntl
ok dlg@
|
#
1.21 |
|
02-Nov-2015 |
jmatthew |
Both ldapd processes need "stdio" to talk to clients and each other. The parent process opens database files ("rpath wpath cpath"), sends fds to the child ("sendfd"), and does bsd auth on behalf of the child ("getpw proc exec").
The child process accepts client connections ("inet unix"), receives fds from the parent ("recvfd") and locks database files ("flock").
ok deraadt@
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.20 |
|
03-Jun-2015 |
millert |
Do not assume that asprintf() clears the pointer on failure, which is non-portable. Also add missing asprintf() return value checks. OK deraadt@ guenther@ doug@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.19 |
|
16-Jan-2015 |
deraadt |
change to <limits.h> universe. The only changes in the binary are due to the heavy use of assert. ok millert
|
Revision tags: OPENBSD_5_5_BASE OPENBSD_5_6_BASE
|
#
1.18 |
|
02-Nov-2013 |
deraadt |
bunch of format string cleanups, removing %i, signed vs unsigned, and even a few long long's ok jmatthew
|
Revision tags: OPENBSD_5_2_BASE OPENBSD_5_3_BASE OPENBSD_5_4_BASE
|
#
1.17 |
|
16-Jun-2012 |
jmatthew |
Protect against fd exhaustion when reopening database files. Only accept client or control connections when there are at least 8 fds available, and close a connection before calling imsg_read if it would be unable to accept an fd from the parent process.
ok gilles@
|
#
1.16 |
|
11-Apr-2012 |
deraadt |
rate limiting of accept() in various cases. Testing by jmatthew. there maybe still be a corner case where it needs one more file descriptor beyond the limit..
|
#
1.15 |
|
01-Apr-2012 |
deraadt |
use our umask() before AF_UNIX bind() semantics; ok pyr
|
Revision tags: OPENBSD_4_9_BASE OPENBSD_5_0_BASE OPENBSD_5_1_BASE
|
#
1.14 |
|
10-Nov-2010 |
martinh |
Make -dvv flags produce debug traces of decoded BER messages on stderr. Also shows a hexdump of the input buffer if BER decoding fails. Useful when debugging protocol issues.
|
#
1.13 |
|
01-Sep-2010 |
martinh |
Move generic imsg/libevent glue to a separate file.
with eric@ at c2k10
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.12 |
|
10-Jul-2010 |
martinh |
Retry requests when the btree is busy. Without this, clients will just hang waiting for a response if the btree was being reopened when the request was received.
|
#
1.11 |
|
01-Jul-2010 |
martinh |
Implement the LDAP compare operation.
|
#
1.10 |
|
01-Jul-2010 |
martinh |
Remove dead assignments. Found by clang static analyzer.
|
#
1.9 |
|
30-Jun-2010 |
martinh |
Don't send statistics for referral namespaces. This unbreaks ldapctl stats. Avoid null pointer dereference when reopening a namespace.
|
#
1.8 |
|
29-Jun-2010 |
martinh |
Add support for referrals. Referrals are configured in the config file, either in the global context or in a namespace. The latter can be used to delegate requests to different servers for specific parts of the DIT. The former is a global catch-all referral.
|
#
1.7 |
|
29-Jun-2010 |
martinh |
Remember on what listener a connection got from, and return protocol error if trying to use starttls without a configured certificate, instead of just blocking the client.
|
#
1.6 |
|
23-Jun-2010 |
martinh |
Remove compaction and indexing from ldapd. It is better done by a separate process now that the btree can pick up the changes automatically.
|
#
1.5 |
|
15-Jun-2010 |
martinh |
Implement support in the parent to (re-)open database files on behalf of the unprivileged child over imsg. Part of a larger change that will fix database compaction.
|
#
1.4 |
|
11-Jun-2010 |
martinh |
print long long int as %lld
|
#
1.3 |
|
03-Jun-2010 |
martinh |
Open database files before chrooting, and use an absolute path to the database files, instead of relying on the chrooted-to path.
This breaks compaction as the ldape process can't re-open the database files. This is being worked on.
ok gilles@
|
#
1.2 |
|
31-May-2010 |
martinh |
Remove trailing whitespace and spaces before tabs.
ok gilles@
|
#
1.1 |
|
31-May-2010 |
martinh |
Initial import of ldapd, a small LDAP daemon. Work in progress.
ok deraadt@ jacekm@ gilles@ back@ henning@ blambert@
|
Revision tags: OPENBSD_6_1_BASE OPENBSD_6_2_BASE
|
#
1.26 |
|
24-Feb-2017 |
gsoares |
Implement fork+exec model
OK jmatthew@
|
#
1.25 |
|
20-Jan-2017 |
benno |
work on making log.c similar in all daemons:
move daemon-local functions into new logmsg.c, and reduce the (mostly whitespace) differences so that log.c's can be diffed easily.
ok krw@ jmatthew@
|
Revision tags: OPENBSD_6_0_BASE
|
#
1.24 |
|
01-May-2016 |
jmatthew |
convert ldapd to use the libtls api, bringing in a copy of the evbuffer_tls code from syslogd.
ok beck@ benno@
|
Revision tags: OPENBSD_5_9_BASE
|
#
1.23 |
|
24-Dec-2015 |
mmcc |
bzero -> memset. No binary change.
|
#
1.22 |
|
02-Nov-2015 |
jmatthew |
use SOCK_NONBLOCK instead of fcntl
ok dlg@
|
#
1.21 |
|
02-Nov-2015 |
jmatthew |
Both ldapd processes need "stdio" to talk to clients and each other. The parent process opens database files ("rpath wpath cpath"), sends fds to the child ("sendfd"), and does bsd auth on behalf of the child ("getpw proc exec").
The child process accepts client connections ("inet unix"), receives fds from the parent ("recvfd") and locks database files ("flock").
ok deraadt@
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.20 |
|
03-Jun-2015 |
millert |
Do not assume that asprintf() clears the pointer on failure, which is non-portable. Also add missing asprintf() return value checks. OK deraadt@ guenther@ doug@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.19 |
|
16-Jan-2015 |
deraadt |
change to <limits.h> universe. The only changes in the binary are due to the heavy use of assert. ok millert
|
Revision tags: OPENBSD_5_5_BASE OPENBSD_5_6_BASE
|
#
1.18 |
|
02-Nov-2013 |
deraadt |
bunch of format string cleanups, removing %i, signed vs unsigned, and even a few long long's ok jmatthew
|
Revision tags: OPENBSD_5_2_BASE OPENBSD_5_3_BASE OPENBSD_5_4_BASE
|
#
1.17 |
|
16-Jun-2012 |
jmatthew |
Protect against fd exhaustion when reopening database files. Only accept client or control connections when there are at least 8 fds available, and close a connection before calling imsg_read if it would be unable to accept an fd from the parent process.
ok gilles@
|
#
1.16 |
|
11-Apr-2012 |
deraadt |
rate limiting of accept() in various cases. Testing by jmatthew. there maybe still be a corner case where it needs one more file descriptor beyond the limit..
|
#
1.15 |
|
01-Apr-2012 |
deraadt |
use our umask() before AF_UNIX bind() semantics; ok pyr
|
Revision tags: OPENBSD_4_9_BASE OPENBSD_5_0_BASE OPENBSD_5_1_BASE
|
#
1.14 |
|
10-Nov-2010 |
martinh |
Make -dvv flags produce debug traces of decoded BER messages on stderr. Also shows a hexdump of the input buffer if BER decoding fails. Useful when debugging protocol issues.
|
#
1.13 |
|
01-Sep-2010 |
martinh |
Move generic imsg/libevent glue to a separate file.
with eric@ at c2k10
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.12 |
|
10-Jul-2010 |
martinh |
Retry requests when the btree is busy. Without this, clients will just hang waiting for a response if the btree was being reopened when the request was received.
|
#
1.11 |
|
01-Jul-2010 |
martinh |
Implement the LDAP compare operation.
|
#
1.10 |
|
01-Jul-2010 |
martinh |
Remove dead assignments. Found by clang static analyzer.
|
#
1.9 |
|
30-Jun-2010 |
martinh |
Don't send statistics for referral namespaces. This unbreaks ldapctl stats. Avoid null pointer dereference when reopening a namespace.
|
#
1.8 |
|
29-Jun-2010 |
martinh |
Add support for referrals. Referrals are configured in the config file, either in the global context or in a namespace. The latter can be used to delegate requests to different servers for specific parts of the DIT. The former is a global catch-all referral.
|
#
1.7 |
|
29-Jun-2010 |
martinh |
Remember on what listener a connection got from, and return protocol error if trying to use starttls without a configured certificate, instead of just blocking the client.
|
#
1.6 |
|
23-Jun-2010 |
martinh |
Remove compaction and indexing from ldapd. It is better done by a separate process now that the btree can pick up the changes automatically.
|
#
1.5 |
|
15-Jun-2010 |
martinh |
Implement support in the parent to (re-)open database files on behalf of the unprivileged child over imsg. Part of a larger change that will fix database compaction.
|
#
1.4 |
|
11-Jun-2010 |
martinh |
print long long int as %lld
|
#
1.3 |
|
03-Jun-2010 |
martinh |
Open database files before chrooting, and use an absolute path to the database files, instead of relying on the chrooted-to path.
This breaks compaction as the ldape process can't re-open the database files. This is being worked on.
ok gilles@
|
#
1.2 |
|
31-May-2010 |
martinh |
Remove trailing whitespace and spaces before tabs.
ok gilles@
|
#
1.1 |
|
31-May-2010 |
martinh |
Initial import of ldapd, a small LDAP daemon. Work in progress.
ok deraadt@ jacekm@ gilles@ back@ henning@ blambert@
|