Use imsg_get_fd() and a local variable.
OK florian@

Change fatal() to fatalx() since the errno has no meaning here.
OK tb@

log_warn -> log_warnx since the warning printed uses tls_error()
and therefor printing the errno as well makes no sense.

PATH_MAX+1 rarely makes sense, and abort if this happens in the imsg.
ok jmatthew millert

Move TAILQ initialization to files where they are used.

These priv-sep daemons all follow a similar design and use TAILQs
for tracking control process connections. In most cases, the TAILQs
are initialized separate from where they are used. Since the scope
of use is generally confined to a specific control process file,
this commit also removes any extern definitions and exposing the
TAILQ structures to other compilation units.

ok bluhm@, tb@

The starttls command doesn't have a value with its extended request.
The handling of this changed with libutil/ber.c r1.12 resulting in starttls
failing.

Found by several.
Fix suggestion by roklein <at> roklein <dot> de
OK claudio@

The ber_* namespace is used by liblber since time immemorial,
so move our BER API to the unused ober_* prefix to avoid some
breakage in ports.

Problem diagnosed by jmatthew with ber_free() in samba, but
there are many others as pointed out by sthen.

tests & ok rob
ok sthen (who had an almost identical diff for libutil)
"go head hit it" deraadt

branches: 1.31.2;
When system calls indicate an error they return -1, not some arbitrary
value < 0. errno is only updated in this case. Change all (most?)
callers of syscalls to follow this better, and let's see if this strictness
helps us in the future.

Change ber_write_elements() to return ssize_t instead of int.

ok claudio@

Make ber type and encoding a unsigned int instead of unsigned long.
This way the size is the same on all archs and 32bit should be good enough.
OK rob@

Avoid possible vfprintf NULL errors in ldap_unbind().

Ok benno@

Fix format string errors in log messages and update ldapd to use relayd's log.c

OK benno@ jmatthew@

Implement fork+exec model

OK jmatthew@

work on making log.c similar in all daemons:

move daemon-local functions into new logmsg.c, and reduce
the (mostly whitespace) differences so that log.c's can be diffed easily.

ok krw@ jmatthew@

convert ldapd to use the libtls api, bringing in a copy of the evbuffer_tls
code from syslogd.

ok beck@ benno@

bzero -> memset. No binary change.

use SOCK_NONBLOCK instead of fcntl

ok dlg@

Both ldapd processes need "stdio" to talk to clients and each other.
The parent process opens database files ("rpath wpath cpath"), sends fds to
the child ("sendfd"), and does bsd auth on behalf of the child ("getpw proc
exec").

The child process accepts client connections ("inet unix"), receives fds from
the parent ("recvfd") and locks database files ("flock").

ok deraadt@

Do not assume that asprintf() clears the pointer on failure, which
is non-portable. Also add missing asprintf() return value checks.
OK deraadt@ guenther@ doug@

change to <limits.h> universe. The only changes in the binary are due
to the heavy use of assert.
ok millert

bunch of format string cleanups, removing %i, signed vs unsigned, and even
a few long long's
ok jmatthew

Protect against fd exhaustion when reopening database files. Only accept
client or control connections when there are at least 8 fds available,
and close a connection before calling imsg_read if it would be unable to
accept an fd from the parent process.

ok gilles@

rate limiting of accept() in various cases. Testing by jmatthew. there
maybe still be a corner case where it needs one more file descriptor
beyond the limit..

use our umask() before AF_UNIX bind() semantics; ok pyr

Make -dvv flags produce debug traces of decoded BER messages on stderr.
Also shows a hexdump of the input buffer if BER decoding fails.
Useful when debugging protocol issues.

Move generic imsg/libevent glue to a separate file.

with eric@ at c2k10

Retry requests when the btree is busy. Without this, clients will just hang
waiting for a response if the btree was being reopened when the request was
received.

Implement the LDAP compare operation.

Remove dead assignments. Found by clang static analyzer.

Don't send statistics for referral namespaces. This unbreaks ldapctl stats.
Avoid null pointer dereference when reopening a namespace.

Add support for referrals. Referrals are configured in the config file,
either in the global context or in a namespace. The latter can be used to
delegate requests to different servers for specific parts of the DIT. The
former is a global catch-all referral.

Remember on what listener a connection got from, and return protocol error
if trying to use starttls without a configured certificate, instead of just
blocking the client.

Remove compaction and indexing from ldapd. It is better done by a separate
process now that the btree can pick up the changes automatically.

Implement support in the parent to (re-)open database files on behalf of
the unprivileged child over imsg. Part of a larger change that will fix
database compaction.

print long long int as %lld

Open database files before chrooting, and use an absolute path to
the database files, instead of relying on the chrooted-to path.

This breaks compaction as the ldape process can't re-open the
database files. This is being worked on.

ok gilles@

Remove trailing whitespace and spaces before tabs.

ok gilles@

Initial import of ldapd, a small LDAP daemon. Work in progress.

ok deraadt@ jacekm@ gilles@ back@ henning@ blambert@

Change fatal() to fatalx() since the errno has no meaning here.
OK tb@

log_warn -> log_warnx since the warning printed uses tls_error()
and therefor printing the errno as well makes no sense.

PATH_MAX+1 rarely makes sense, and abort if this happens in the imsg.
ok jmatthew millert

Move TAILQ initialization to files where they are used.

These priv-sep daemons all follow a similar design and use TAILQs
for tracking control process connections. In most cases, the TAILQs
are initialized separate from where they are used. Since the scope
of use is generally confined to a specific control process file,
this commit also removes any extern definitions and exposing the
TAILQ structures to other compilation units.

ok bluhm@, tb@

The starttls command doesn't have a value with its extended request.
The handling of this changed with libutil/ber.c r1.12 resulting in starttls
failing.

Found by several.
Fix suggestion by roklein <at> roklein <dot> de
OK claudio@

The ber_* namespace is used by liblber since time immemorial,
so move our BER API to the unused ober_* prefix to avoid some
breakage in ports.

Problem diagnosed by jmatthew with ber_free() in samba, but
there are many others as pointed out by sthen.

tests & ok rob
ok sthen (who had an almost identical diff for libutil)
"go head hit it" deraadt

branches: 1.31.2;
When system calls indicate an error they return -1, not some arbitrary
value < 0. errno is only updated in this case. Change all (most?)
callers of syscalls to follow this better, and let's see if this strictness
helps us in the future.

Change ber_write_elements() to return ssize_t instead of int.

ok claudio@

Make ber type and encoding a unsigned int instead of unsigned long.
This way the size is the same on all archs and 32bit should be good enough.
OK rob@

Avoid possible vfprintf NULL errors in ldap_unbind().

Ok benno@

Fix format string errors in log messages and update ldapd to use relayd's log.c

OK benno@ jmatthew@

Implement fork+exec model

OK jmatthew@

work on making log.c similar in all daemons:

move daemon-local functions into new logmsg.c, and reduce
the (mostly whitespace) differences so that log.c's can be diffed easily.

ok krw@ jmatthew@

convert ldapd to use the libtls api, bringing in a copy of the evbuffer_tls
code from syslogd.

ok beck@ benno@

bzero -> memset. No binary change.

use SOCK_NONBLOCK instead of fcntl

ok dlg@

Both ldapd processes need "stdio" to talk to clients and each other.
The parent process opens database files ("rpath wpath cpath"), sends fds to
the child ("sendfd"), and does bsd auth on behalf of the child ("getpw proc
exec").

The child process accepts client connections ("inet unix"), receives fds from
the parent ("recvfd") and locks database files ("flock").

ok deraadt@

Do not assume that asprintf() clears the pointer on failure, which
is non-portable. Also add missing asprintf() return value checks.
OK deraadt@ guenther@ doug@

change to <limits.h> universe. The only changes in the binary are due
to the heavy use of assert.
ok millert

bunch of format string cleanups, removing %i, signed vs unsigned, and even
a few long long's
ok jmatthew

Protect against fd exhaustion when reopening database files. Only accept
client or control connections when there are at least 8 fds available,
and close a connection before calling imsg_read if it would be unable to
accept an fd from the parent process.

ok gilles@

rate limiting of accept() in various cases. Testing by jmatthew. there
maybe still be a corner case where it needs one more file descriptor
beyond the limit..

use our umask() before AF_UNIX bind() semantics; ok pyr

Make -dvv flags produce debug traces of decoded BER messages on stderr.
Also shows a hexdump of the input buffer if BER decoding fails.
Useful when debugging protocol issues.

Move generic imsg/libevent glue to a separate file.

with eric@ at c2k10

Retry requests when the btree is busy. Without this, clients will just hang
waiting for a response if the btree was being reopened when the request was
received.

Implement the LDAP compare operation.

Remove dead assignments. Found by clang static analyzer.

Don't send statistics for referral namespaces. This unbreaks ldapctl stats.
Avoid null pointer dereference when reopening a namespace.

Add support for referrals. Referrals are configured in the config file,
either in the global context or in a namespace. The latter can be used to
delegate requests to different servers for specific parts of the DIT. The
former is a global catch-all referral.

Remember on what listener a connection got from, and return protocol error
if trying to use starttls without a configured certificate, instead of just
blocking the client.

Remove compaction and indexing from ldapd. It is better done by a separate
process now that the btree can pick up the changes automatically.

Implement support in the parent to (re-)open database files on behalf of
the unprivileged child over imsg. Part of a larger change that will fix
database compaction.

print long long int as %lld

Open database files before chrooting, and use an absolute path to
the database files, instead of relying on the chrooted-to path.

This breaks compaction as the ldape process can't re-open the
database files. This is being worked on.

ok gilles@

Remove trailing whitespace and spaces before tabs.

ok gilles@

Initial import of ldapd, a small LDAP daemon. Work in progress.

ok deraadt@ jacekm@ gilles@ back@ henning@ blambert@

log_warn -> log_warnx since the warning printed uses tls_error()
and therefor printing the errno as well makes no sense.

PATH_MAX+1 rarely makes sense, and abort if this happens in the imsg.
ok jmatthew millert

Move TAILQ initialization to files where they are used.

These priv-sep daemons all follow a similar design and use TAILQs
for tracking control process connections. In most cases, the TAILQs
are initialized separate from where they are used. Since the scope
of use is generally confined to a specific control process file,
this commit also removes any extern definitions and exposing the
TAILQ structures to other compilation units.

ok bluhm@, tb@

The starttls command doesn't have a value with its extended request.
The handling of this changed with libutil/ber.c r1.12 resulting in starttls
failing.

Found by several.
Fix suggestion by roklein <at> roklein <dot> de
OK claudio@

The ber_* namespace is used by liblber since time immemorial,
so move our BER API to the unused ober_* prefix to avoid some
breakage in ports.

Problem diagnosed by jmatthew with ber_free() in samba, but
there are many others as pointed out by sthen.

tests & ok rob
ok sthen (who had an almost identical diff for libutil)
"go head hit it" deraadt

branches: 1.31.2;
When system calls indicate an error they return -1, not some arbitrary
value < 0. errno is only updated in this case. Change all (most?)
callers of syscalls to follow this better, and let's see if this strictness
helps us in the future.

Change ber_write_elements() to return ssize_t instead of int.

ok claudio@

Make ber type and encoding a unsigned int instead of unsigned long.
This way the size is the same on all archs and 32bit should be good enough.
OK rob@

Avoid possible vfprintf NULL errors in ldap_unbind().

Ok benno@

Fix format string errors in log messages and update ldapd to use relayd's log.c

OK benno@ jmatthew@

Implement fork+exec model

OK jmatthew@

work on making log.c similar in all daemons:

move daemon-local functions into new logmsg.c, and reduce
the (mostly whitespace) differences so that log.c's can be diffed easily.

ok krw@ jmatthew@

convert ldapd to use the libtls api, bringing in a copy of the evbuffer_tls
code from syslogd.

ok beck@ benno@

bzero -> memset. No binary change.

use SOCK_NONBLOCK instead of fcntl

ok dlg@

Both ldapd processes need "stdio" to talk to clients and each other.
The parent process opens database files ("rpath wpath cpath"), sends fds to
the child ("sendfd"), and does bsd auth on behalf of the child ("getpw proc
exec").

The child process accepts client connections ("inet unix"), receives fds from
the parent ("recvfd") and locks database files ("flock").

ok deraadt@

Do not assume that asprintf() clears the pointer on failure, which
is non-portable. Also add missing asprintf() return value checks.
OK deraadt@ guenther@ doug@

change to <limits.h> universe. The only changes in the binary are due
to the heavy use of assert.
ok millert

bunch of format string cleanups, removing %i, signed vs unsigned, and even
a few long long's
ok jmatthew

Protect against fd exhaustion when reopening database files. Only accept
client or control connections when there are at least 8 fds available,
and close a connection before calling imsg_read if it would be unable to
accept an fd from the parent process.

ok gilles@

rate limiting of accept() in various cases. Testing by jmatthew. there
maybe still be a corner case where it needs one more file descriptor
beyond the limit..

use our umask() before AF_UNIX bind() semantics; ok pyr

Make -dvv flags produce debug traces of decoded BER messages on stderr.
Also shows a hexdump of the input buffer if BER decoding fails.
Useful when debugging protocol issues.

Move generic imsg/libevent glue to a separate file.

with eric@ at c2k10

Retry requests when the btree is busy. Without this, clients will just hang
waiting for a response if the btree was being reopened when the request was
received.

Implement the LDAP compare operation.

Remove dead assignments. Found by clang static analyzer.

Don't send statistics for referral namespaces. This unbreaks ldapctl stats.
Avoid null pointer dereference when reopening a namespace.

Add support for referrals. Referrals are configured in the config file,
either in the global context or in a namespace. The latter can be used to
delegate requests to different servers for specific parts of the DIT. The
former is a global catch-all referral.

Remember on what listener a connection got from, and return protocol error
if trying to use starttls without a configured certificate, instead of just
blocking the client.

Remove compaction and indexing from ldapd. It is better done by a separate
process now that the btree can pick up the changes automatically.

Implement support in the parent to (re-)open database files on behalf of
the unprivileged child over imsg. Part of a larger change that will fix
database compaction.

print long long int as %lld

Open database files before chrooting, and use an absolute path to
the database files, instead of relying on the chrooted-to path.

This breaks compaction as the ldape process can't re-open the
database files. This is being worked on.

ok gilles@

Remove trailing whitespace and spaces before tabs.

ok gilles@

Initial import of ldapd, a small LDAP daemon. Work in progress.

ok deraadt@ jacekm@ gilles@ back@ henning@ blambert@

PATH_MAX+1 rarely makes sense, and abort if this happens in the imsg.
ok jmatthew millert

Move TAILQ initialization to files where they are used.

These priv-sep daemons all follow a similar design and use TAILQs
for tracking control process connections. In most cases, the TAILQs
are initialized separate from where they are used. Since the scope
of use is generally confined to a specific control process file,
this commit also removes any extern definitions and exposing the
TAILQ structures to other compilation units.

ok bluhm@, tb@

The starttls command doesn't have a value with its extended request.
The handling of this changed with libutil/ber.c r1.12 resulting in starttls
failing.

Found by several.
Fix suggestion by roklein <at> roklein <dot> de
OK claudio@

The ber_* namespace is used by liblber since time immemorial,
so move our BER API to the unused ober_* prefix to avoid some
breakage in ports.

Problem diagnosed by jmatthew with ber_free() in samba, but
there are many others as pointed out by sthen.

tests & ok rob
ok sthen (who had an almost identical diff for libutil)
"go head hit it" deraadt

branches: 1.31.2;
When system calls indicate an error they return -1, not some arbitrary
value < 0. errno is only updated in this case. Change all (most?)
callers of syscalls to follow this better, and let's see if this strictness
helps us in the future.

Change ber_write_elements() to return ssize_t instead of int.

ok claudio@

Make ber type and encoding a unsigned int instead of unsigned long.
This way the size is the same on all archs and 32bit should be good enough.
OK rob@

Avoid possible vfprintf NULL errors in ldap_unbind().

Ok benno@

Fix format string errors in log messages and update ldapd to use relayd's log.c

OK benno@ jmatthew@

Implement fork+exec model

OK jmatthew@

work on making log.c similar in all daemons:

move daemon-local functions into new logmsg.c, and reduce
the (mostly whitespace) differences so that log.c's can be diffed easily.

ok krw@ jmatthew@

convert ldapd to use the libtls api, bringing in a copy of the evbuffer_tls
code from syslogd.

ok beck@ benno@

bzero -> memset. No binary change.

use SOCK_NONBLOCK instead of fcntl

ok dlg@

Both ldapd processes need "stdio" to talk to clients and each other.
The parent process opens database files ("rpath wpath cpath"), sends fds to
the child ("sendfd"), and does bsd auth on behalf of the child ("getpw proc
exec").

The child process accepts client connections ("inet unix"), receives fds from
the parent ("recvfd") and locks database files ("flock").

ok deraadt@

Do not assume that asprintf() clears the pointer on failure, which
is non-portable. Also add missing asprintf() return value checks.
OK deraadt@ guenther@ doug@

change to <limits.h> universe. The only changes in the binary are due
to the heavy use of assert.
ok millert

bunch of format string cleanups, removing %i, signed vs unsigned, and even
a few long long's
ok jmatthew

Protect against fd exhaustion when reopening database files. Only accept
client or control connections when there are at least 8 fds available,
and close a connection before calling imsg_read if it would be unable to
accept an fd from the parent process.

ok gilles@

rate limiting of accept() in various cases. Testing by jmatthew. there
maybe still be a corner case where it needs one more file descriptor
beyond the limit..

use our umask() before AF_UNIX bind() semantics; ok pyr

Make -dvv flags produce debug traces of decoded BER messages on stderr.
Also shows a hexdump of the input buffer if BER decoding fails.
Useful when debugging protocol issues.

Move generic imsg/libevent glue to a separate file.

with eric@ at c2k10

Retry requests when the btree is busy. Without this, clients will just hang
waiting for a response if the btree was being reopened when the request was
received.

Implement the LDAP compare operation.

Remove dead assignments. Found by clang static analyzer.

Don't send statistics for referral namespaces. This unbreaks ldapctl stats.
Avoid null pointer dereference when reopening a namespace.

Add support for referrals. Referrals are configured in the config file,
either in the global context or in a namespace. The latter can be used to
delegate requests to different servers for specific parts of the DIT. The
former is a global catch-all referral.

Remember on what listener a connection got from, and return protocol error
if trying to use starttls without a configured certificate, instead of just
blocking the client.

Remove compaction and indexing from ldapd. It is better done by a separate
process now that the btree can pick up the changes automatically.

Implement support in the parent to (re-)open database files on behalf of
the unprivileged child over imsg. Part of a larger change that will fix
database compaction.

print long long int as %lld

Open database files before chrooting, and use an absolute path to
the database files, instead of relying on the chrooted-to path.

This breaks compaction as the ldape process can't re-open the
database files. This is being worked on.

ok gilles@

Remove trailing whitespace and spaces before tabs.

ok gilles@

Initial import of ldapd, a small LDAP daemon. Work in progress.

ok deraadt@ jacekm@ gilles@ back@ henning@ blambert@

Move TAILQ initialization to files where they are used.

These priv-sep daemons all follow a similar design and use TAILQs
for tracking control process connections. In most cases, the TAILQs
are initialized separate from where they are used. Since the scope
of use is generally confined to a specific control process file,
this commit also removes any extern definitions and exposing the
TAILQ structures to other compilation units.

ok bluhm@, tb@

The starttls command doesn't have a value with its extended request.
The handling of this changed with libutil/ber.c r1.12 resulting in starttls
failing.

Found by several.
Fix suggestion by roklein <at> roklein <dot> de
OK claudio@

The ber_* namespace is used by liblber since time immemorial,
so move our BER API to the unused ober_* prefix to avoid some
breakage in ports.

Problem diagnosed by jmatthew with ber_free() in samba, but
there are many others as pointed out by sthen.

tests & ok rob
ok sthen (who had an almost identical diff for libutil)
"go head hit it" deraadt

branches: 1.31.2;
When system calls indicate an error they return -1, not some arbitrary
value < 0. errno is only updated in this case. Change all (most?)
callers of syscalls to follow this better, and let's see if this strictness
helps us in the future.

Change ber_write_elements() to return ssize_t instead of int.

ok claudio@

Make ber type and encoding a unsigned int instead of unsigned long.
This way the size is the same on all archs and 32bit should be good enough.
OK rob@

Avoid possible vfprintf NULL errors in ldap_unbind().

Ok benno@

Fix format string errors in log messages and update ldapd to use relayd's log.c

OK benno@ jmatthew@

Implement fork+exec model

OK jmatthew@

work on making log.c similar in all daemons:

move daemon-local functions into new logmsg.c, and reduce
the (mostly whitespace) differences so that log.c's can be diffed easily.

ok krw@ jmatthew@

convert ldapd to use the libtls api, bringing in a copy of the evbuffer_tls
code from syslogd.

ok beck@ benno@

bzero -> memset. No binary change.

use SOCK_NONBLOCK instead of fcntl

ok dlg@

Both ldapd processes need "stdio" to talk to clients and each other.
The parent process opens database files ("rpath wpath cpath"), sends fds to
the child ("sendfd"), and does bsd auth on behalf of the child ("getpw proc
exec").

The child process accepts client connections ("inet unix"), receives fds from
the parent ("recvfd") and locks database files ("flock").

ok deraadt@

Do not assume that asprintf() clears the pointer on failure, which
is non-portable. Also add missing asprintf() return value checks.
OK deraadt@ guenther@ doug@

change to <limits.h> universe. The only changes in the binary are due
to the heavy use of assert.
ok millert

bunch of format string cleanups, removing %i, signed vs unsigned, and even
a few long long's
ok jmatthew

Protect against fd exhaustion when reopening database files. Only accept
client or control connections when there are at least 8 fds available,
and close a connection before calling imsg_read if it would be unable to
accept an fd from the parent process.

ok gilles@

rate limiting of accept() in various cases. Testing by jmatthew. there
maybe still be a corner case where it needs one more file descriptor
beyond the limit..

use our umask() before AF_UNIX bind() semantics; ok pyr

Make -dvv flags produce debug traces of decoded BER messages on stderr.
Also shows a hexdump of the input buffer if BER decoding fails.
Useful when debugging protocol issues.

Move generic imsg/libevent glue to a separate file.

with eric@ at c2k10

Retry requests when the btree is busy. Without this, clients will just hang
waiting for a response if the btree was being reopened when the request was
received.

Implement the LDAP compare operation.

Remove dead assignments. Found by clang static analyzer.

Don't send statistics for referral namespaces. This unbreaks ldapctl stats.
Avoid null pointer dereference when reopening a namespace.

Add support for referrals. Referrals are configured in the config file,
either in the global context or in a namespace. The latter can be used to
delegate requests to different servers for specific parts of the DIT. The
former is a global catch-all referral.

Remember on what listener a connection got from, and return protocol error
if trying to use starttls without a configured certificate, instead of just
blocking the client.

Remove compaction and indexing from ldapd. It is better done by a separate
process now that the btree can pick up the changes automatically.

Implement support in the parent to (re-)open database files on behalf of
the unprivileged child over imsg. Part of a larger change that will fix
database compaction.

print long long int as %lld

Open database files before chrooting, and use an absolute path to
the database files, instead of relying on the chrooted-to path.

This breaks compaction as the ldape process can't re-open the
database files. This is being worked on.

ok gilles@

Remove trailing whitespace and spaces before tabs.

ok gilles@

Initial import of ldapd, a small LDAP daemon. Work in progress.

ok deraadt@ jacekm@ gilles@ back@ henning@ blambert@

The starttls command doesn't have a value with its extended request.
The handling of this changed with libutil/ber.c r1.12 resulting in starttls
failing.

Found by several.
Fix suggestion by roklein <at> roklein <dot> de
OK claudio@

The ber_* namespace is used by liblber since time immemorial,
so move our BER API to the unused ober_* prefix to avoid some
breakage in ports.

Problem diagnosed by jmatthew with ber_free() in samba, but
there are many others as pointed out by sthen.

tests & ok rob
ok sthen (who had an almost identical diff for libutil)
"go head hit it" deraadt

When system calls indicate an error they return -1, not some arbitrary
value < 0. errno is only updated in this case. Change all (most?)
callers of syscalls to follow this better, and let's see if this strictness
helps us in the future.

Change ber_write_elements() to return ssize_t instead of int.

ok claudio@

Make ber type and encoding a unsigned int instead of unsigned long.
This way the size is the same on all archs and 32bit should be good enough.
OK rob@

Avoid possible vfprintf NULL errors in ldap_unbind().

Ok benno@

Fix format string errors in log messages and update ldapd to use relayd's log.c

OK benno@ jmatthew@

Implement fork+exec model

OK jmatthew@

work on making log.c similar in all daemons:

move daemon-local functions into new logmsg.c, and reduce
the (mostly whitespace) differences so that log.c's can be diffed easily.

ok krw@ jmatthew@

convert ldapd to use the libtls api, bringing in a copy of the evbuffer_tls
code from syslogd.

ok beck@ benno@

bzero -> memset. No binary change.

use SOCK_NONBLOCK instead of fcntl

ok dlg@

Both ldapd processes need "stdio" to talk to clients and each other.
The parent process opens database files ("rpath wpath cpath"), sends fds to
the child ("sendfd"), and does bsd auth on behalf of the child ("getpw proc
exec").

The child process accepts client connections ("inet unix"), receives fds from
the parent ("recvfd") and locks database files ("flock").

ok deraadt@

Do not assume that asprintf() clears the pointer on failure, which
is non-portable. Also add missing asprintf() return value checks.
OK deraadt@ guenther@ doug@

change to <limits.h> universe. The only changes in the binary are due
to the heavy use of assert.
ok millert

bunch of format string cleanups, removing %i, signed vs unsigned, and even
a few long long's
ok jmatthew

Protect against fd exhaustion when reopening database files. Only accept
client or control connections when there are at least 8 fds available,
and close a connection before calling imsg_read if it would be unable to
accept an fd from the parent process.

ok gilles@

rate limiting of accept() in various cases. Testing by jmatthew. there
maybe still be a corner case where it needs one more file descriptor
beyond the limit..

use our umask() before AF_UNIX bind() semantics; ok pyr

Make -dvv flags produce debug traces of decoded BER messages on stderr.
Also shows a hexdump of the input buffer if BER decoding fails.
Useful when debugging protocol issues.

Move generic imsg/libevent glue to a separate file.

with eric@ at c2k10

Retry requests when the btree is busy. Without this, clients will just hang
waiting for a response if the btree was being reopened when the request was
received.

Implement the LDAP compare operation.

Remove dead assignments. Found by clang static analyzer.

Don't send statistics for referral namespaces. This unbreaks ldapctl stats.
Avoid null pointer dereference when reopening a namespace.

Add support for referrals. Referrals are configured in the config file,
either in the global context or in a namespace. The latter can be used to
delegate requests to different servers for specific parts of the DIT. The
former is a global catch-all referral.

Remember on what listener a connection got from, and return protocol error
if trying to use starttls without a configured certificate, instead of just
blocking the client.

Remove compaction and indexing from ldapd. It is better done by a separate
process now that the btree can pick up the changes automatically.

Implement support in the parent to (re-)open database files on behalf of
the unprivileged child over imsg. Part of a larger change that will fix
database compaction.

print long long int as %lld

Open database files before chrooting, and use an absolute path to
the database files, instead of relying on the chrooted-to path.

This breaks compaction as the ldape process can't re-open the
database files. This is being worked on.

ok gilles@

Remove trailing whitespace and spaces before tabs.

ok gilles@

Initial import of ldapd, a small LDAP daemon. Work in progress.

ok deraadt@ jacekm@ gilles@ back@ henning@ blambert@

The ber_* namespace is used by liblber since time immemorial,
so move our BER API to the unused ober_* prefix to avoid some
breakage in ports.

Problem diagnosed by jmatthew with ber_free() in samba, but
there are many others as pointed out by sthen.

tests & ok rob
ok sthen (who had an almost identical diff for libutil)
"go head hit it" deraadt

When system calls indicate an error they return -1, not some arbitrary
value < 0. errno is only updated in this case. Change all (most?)
callers of syscalls to follow this better, and let's see if this strictness
helps us in the future.

Change ber_write_elements() to return ssize_t instead of int.

ok claudio@

Make ber type and encoding a unsigned int instead of unsigned long.
This way the size is the same on all archs and 32bit should be good enough.
OK rob@

Avoid possible vfprintf NULL errors in ldap_unbind().

Ok benno@

Fix format string errors in log messages and update ldapd to use relayd's log.c

OK benno@ jmatthew@

Implement fork+exec model

OK jmatthew@

work on making log.c similar in all daemons:

move daemon-local functions into new logmsg.c, and reduce
the (mostly whitespace) differences so that log.c's can be diffed easily.

ok krw@ jmatthew@

convert ldapd to use the libtls api, bringing in a copy of the evbuffer_tls
code from syslogd.

ok beck@ benno@

bzero -> memset. No binary change.

use SOCK_NONBLOCK instead of fcntl

ok dlg@

Both ldapd processes need "stdio" to talk to clients and each other.
The parent process opens database files ("rpath wpath cpath"), sends fds to
the child ("sendfd"), and does bsd auth on behalf of the child ("getpw proc
exec").

The child process accepts client connections ("inet unix"), receives fds from
the parent ("recvfd") and locks database files ("flock").

ok deraadt@

Do not assume that asprintf() clears the pointer on failure, which
is non-portable. Also add missing asprintf() return value checks.
OK deraadt@ guenther@ doug@

change to <limits.h> universe. The only changes in the binary are due
to the heavy use of assert.
ok millert

bunch of format string cleanups, removing %i, signed vs unsigned, and even
a few long long's
ok jmatthew

Protect against fd exhaustion when reopening database files. Only accept
client or control connections when there are at least 8 fds available,
and close a connection before calling imsg_read if it would be unable to
accept an fd from the parent process.

ok gilles@

rate limiting of accept() in various cases. Testing by jmatthew. there
maybe still be a corner case where it needs one more file descriptor
beyond the limit..

use our umask() before AF_UNIX bind() semantics; ok pyr

Make -dvv flags produce debug traces of decoded BER messages on stderr.
Also shows a hexdump of the input buffer if BER decoding fails.
Useful when debugging protocol issues.

Move generic imsg/libevent glue to a separate file.

with eric@ at c2k10

Retry requests when the btree is busy. Without this, clients will just hang
waiting for a response if the btree was being reopened when the request was
received.

Implement the LDAP compare operation.

Remove dead assignments. Found by clang static analyzer.

Don't send statistics for referral namespaces. This unbreaks ldapctl stats.
Avoid null pointer dereference when reopening a namespace.

Add support for referrals. Referrals are configured in the config file,
either in the global context or in a namespace. The latter can be used to
delegate requests to different servers for specific parts of the DIT. The
former is a global catch-all referral.

Remember on what listener a connection got from, and return protocol error
if trying to use starttls without a configured certificate, instead of just
blocking the client.

Remove compaction and indexing from ldapd. It is better done by a separate
process now that the btree can pick up the changes automatically.

Implement support in the parent to (re-)open database files on behalf of
the unprivileged child over imsg. Part of a larger change that will fix
database compaction.

print long long int as %lld

Open database files before chrooting, and use an absolute path to
the database files, instead of relying on the chrooted-to path.

This breaks compaction as the ldape process can't re-open the
database files. This is being worked on.

ok gilles@

Remove trailing whitespace and spaces before tabs.

ok gilles@

Initial import of ldapd, a small LDAP daemon. Work in progress.

ok deraadt@ jacekm@ gilles@ back@ henning@ blambert@

When system calls indicate an error they return -1, not some arbitrary
value < 0. errno is only updated in this case. Change all (most?)
callers of syscalls to follow this better, and let's see if this strictness
helps us in the future.

Change ber_write_elements() to return ssize_t instead of int.

ok claudio@

Make ber type and encoding a unsigned int instead of unsigned long.
This way the size is the same on all archs and 32bit should be good enough.
OK rob@

Avoid possible vfprintf NULL errors in ldap_unbind().

Ok benno@

Fix format string errors in log messages and update ldapd to use relayd's log.c

OK benno@ jmatthew@

Implement fork+exec model

OK jmatthew@

work on making log.c similar in all daemons:

move daemon-local functions into new logmsg.c, and reduce
the (mostly whitespace) differences so that log.c's can be diffed easily.

ok krw@ jmatthew@

convert ldapd to use the libtls api, bringing in a copy of the evbuffer_tls
code from syslogd.

ok beck@ benno@

bzero -> memset. No binary change.

use SOCK_NONBLOCK instead of fcntl

ok dlg@

Both ldapd processes need "stdio" to talk to clients and each other.
The parent process opens database files ("rpath wpath cpath"), sends fds to
the child ("sendfd"), and does bsd auth on behalf of the child ("getpw proc
exec").

The child process accepts client connections ("inet unix"), receives fds from
the parent ("recvfd") and locks database files ("flock").

ok deraadt@

Do not assume that asprintf() clears the pointer on failure, which
is non-portable. Also add missing asprintf() return value checks.
OK deraadt@ guenther@ doug@

change to <limits.h> universe. The only changes in the binary are due
to the heavy use of assert.
ok millert

bunch of format string cleanups, removing %i, signed vs unsigned, and even
a few long long's
ok jmatthew

Protect against fd exhaustion when reopening database files. Only accept
client or control connections when there are at least 8 fds available,
and close a connection before calling imsg_read if it would be unable to
accept an fd from the parent process.

ok gilles@

rate limiting of accept() in various cases. Testing by jmatthew. there
maybe still be a corner case where it needs one more file descriptor
beyond the limit..

use our umask() before AF_UNIX bind() semantics; ok pyr

Make -dvv flags produce debug traces of decoded BER messages on stderr.
Also shows a hexdump of the input buffer if BER decoding fails.
Useful when debugging protocol issues.

Move generic imsg/libevent glue to a separate file.

with eric@ at c2k10

Retry requests when the btree is busy. Without this, clients will just hang
waiting for a response if the btree was being reopened when the request was
received.

Implement the LDAP compare operation.

Remove dead assignments. Found by clang static analyzer.

Don't send statistics for referral namespaces. This unbreaks ldapctl stats.
Avoid null pointer dereference when reopening a namespace.

Add support for referrals. Referrals are configured in the config file,
either in the global context or in a namespace. The latter can be used to
delegate requests to different servers for specific parts of the DIT. The
former is a global catch-all referral.

Remember on what listener a connection got from, and return protocol error
if trying to use starttls without a configured certificate, instead of just
blocking the client.

Remove compaction and indexing from ldapd. It is better done by a separate
process now that the btree can pick up the changes automatically.

Implement support in the parent to (re-)open database files on behalf of
the unprivileged child over imsg. Part of a larger change that will fix
database compaction.

print long long int as %lld

Open database files before chrooting, and use an absolute path to
the database files, instead of relying on the chrooted-to path.

This breaks compaction as the ldape process can't re-open the
database files. This is being worked on.

ok gilles@

Remove trailing whitespace and spaces before tabs.

ok gilles@

Initial import of ldapd, a small LDAP daemon. Work in progress.

ok deraadt@ jacekm@ gilles@ back@ henning@ blambert@

Change ber_write_elements() to return ssize_t instead of int.

ok claudio@

Make ber type and encoding a unsigned int instead of unsigned long.
This way the size is the same on all archs and 32bit should be good enough.
OK rob@

Avoid possible vfprintf NULL errors in ldap_unbind().

Ok benno@

Fix format string errors in log messages and update ldapd to use relayd's log.c

OK benno@ jmatthew@

Implement fork+exec model

OK jmatthew@

work on making log.c similar in all daemons:

move daemon-local functions into new logmsg.c, and reduce
the (mostly whitespace) differences so that log.c's can be diffed easily.

ok krw@ jmatthew@

convert ldapd to use the libtls api, bringing in a copy of the evbuffer_tls
code from syslogd.

ok beck@ benno@

bzero -> memset. No binary change.

use SOCK_NONBLOCK instead of fcntl

ok dlg@

Both ldapd processes need "stdio" to talk to clients and each other.
The parent process opens database files ("rpath wpath cpath"), sends fds to
the child ("sendfd"), and does bsd auth on behalf of the child ("getpw proc
exec").

The child process accepts client connections ("inet unix"), receives fds from
the parent ("recvfd") and locks database files ("flock").

ok deraadt@

Do not assume that asprintf() clears the pointer on failure, which
is non-portable. Also add missing asprintf() return value checks.
OK deraadt@ guenther@ doug@

change to <limits.h> universe. The only changes in the binary are due
to the heavy use of assert.
ok millert

bunch of format string cleanups, removing %i, signed vs unsigned, and even
a few long long's
ok jmatthew

Protect against fd exhaustion when reopening database files. Only accept
client or control connections when there are at least 8 fds available,
and close a connection before calling imsg_read if it would be unable to
accept an fd from the parent process.

ok gilles@

rate limiting of accept() in various cases. Testing by jmatthew. there
maybe still be a corner case where it needs one more file descriptor
beyond the limit..

use our umask() before AF_UNIX bind() semantics; ok pyr

Make -dvv flags produce debug traces of decoded BER messages on stderr.
Also shows a hexdump of the input buffer if BER decoding fails.
Useful when debugging protocol issues.

Move generic imsg/libevent glue to a separate file.

with eric@ at c2k10

Retry requests when the btree is busy. Without this, clients will just hang
waiting for a response if the btree was being reopened when the request was
received.

Implement the LDAP compare operation.

Remove dead assignments. Found by clang static analyzer.

Don't send statistics for referral namespaces. This unbreaks ldapctl stats.
Avoid null pointer dereference when reopening a namespace.

Add support for referrals. Referrals are configured in the config file,
either in the global context or in a namespace. The latter can be used to
delegate requests to different servers for specific parts of the DIT. The
former is a global catch-all referral.

Remember on what listener a connection got from, and return protocol error
if trying to use starttls without a configured certificate, instead of just
blocking the client.

Remove compaction and indexing from ldapd. It is better done by a separate
process now that the btree can pick up the changes automatically.

Implement support in the parent to (re-)open database files on behalf of
the unprivileged child over imsg. Part of a larger change that will fix
database compaction.

print long long int as %lld

Open database files before chrooting, and use an absolute path to
the database files, instead of relying on the chrooted-to path.

This breaks compaction as the ldape process can't re-open the
database files. This is being worked on.

ok gilles@

Remove trailing whitespace and spaces before tabs.

ok gilles@

Initial import of ldapd, a small LDAP daemon. Work in progress.

ok deraadt@ jacekm@ gilles@ back@ henning@ blambert@

Avoid possible vfprintf NULL errors in ldap_unbind().

Ok benno@

Fix format string errors in log messages and update ldapd to use relayd's log.c

OK benno@ jmatthew@

Implement fork+exec model

OK jmatthew@

work on making log.c similar in all daemons:

move daemon-local functions into new logmsg.c, and reduce
the (mostly whitespace) differences so that log.c's can be diffed easily.

ok krw@ jmatthew@

convert ldapd to use the libtls api, bringing in a copy of the evbuffer_tls
code from syslogd.

ok beck@ benno@

bzero -> memset. No binary change.

use SOCK_NONBLOCK instead of fcntl

ok dlg@

Both ldapd processes need "stdio" to talk to clients and each other.
The parent process opens database files ("rpath wpath cpath"), sends fds to
the child ("sendfd"), and does bsd auth on behalf of the child ("getpw proc
exec").

The child process accepts client connections ("inet unix"), receives fds from
the parent ("recvfd") and locks database files ("flock").

ok deraadt@

Do not assume that asprintf() clears the pointer on failure, which
is non-portable. Also add missing asprintf() return value checks.
OK deraadt@ guenther@ doug@

change to <limits.h> universe. The only changes in the binary are due
to the heavy use of assert.
ok millert

bunch of format string cleanups, removing %i, signed vs unsigned, and even
a few long long's
ok jmatthew

Protect against fd exhaustion when reopening database files. Only accept
client or control connections when there are at least 8 fds available,
and close a connection before calling imsg_read if it would be unable to
accept an fd from the parent process.

ok gilles@

rate limiting of accept() in various cases. Testing by jmatthew. there
maybe still be a corner case where it needs one more file descriptor
beyond the limit..

use our umask() before AF_UNIX bind() semantics; ok pyr

Make -dvv flags produce debug traces of decoded BER messages on stderr.
Also shows a hexdump of the input buffer if BER decoding fails.
Useful when debugging protocol issues.

Move generic imsg/libevent glue to a separate file.

with eric@ at c2k10

Retry requests when the btree is busy. Without this, clients will just hang
waiting for a response if the btree was being reopened when the request was
received.

Implement the LDAP compare operation.

Remove dead assignments. Found by clang static analyzer.

Don't send statistics for referral namespaces. This unbreaks ldapctl stats.
Avoid null pointer dereference when reopening a namespace.

Add support for referrals. Referrals are configured in the config file,
either in the global context or in a namespace. The latter can be used to
delegate requests to different servers for specific parts of the DIT. The
former is a global catch-all referral.

Remember on what listener a connection got from, and return protocol error
if trying to use starttls without a configured certificate, instead of just
blocking the client.

Remove compaction and indexing from ldapd. It is better done by a separate
process now that the btree can pick up the changes automatically.

Implement support in the parent to (re-)open database files on behalf of
the unprivileged child over imsg. Part of a larger change that will fix
database compaction.

print long long int as %lld

Open database files before chrooting, and use an absolute path to
the database files, instead of relying on the chrooted-to path.

This breaks compaction as the ldape process can't re-open the
database files. This is being worked on.

ok gilles@

Remove trailing whitespace and spaces before tabs.

ok gilles@

Initial import of ldapd, a small LDAP daemon. Work in progress.

ok deraadt@ jacekm@ gilles@ back@ henning@ blambert@

Fix format string errors in log messages and update ldapd to use relayd's log.c

OK benno@ jmatthew@

Implement fork+exec model

OK jmatthew@

work on making log.c similar in all daemons:

move daemon-local functions into new logmsg.c, and reduce
the (mostly whitespace) differences so that log.c's can be diffed easily.

ok krw@ jmatthew@

convert ldapd to use the libtls api, bringing in a copy of the evbuffer_tls
code from syslogd.

ok beck@ benno@

bzero -> memset. No binary change.

use SOCK_NONBLOCK instead of fcntl

ok dlg@

Both ldapd processes need "stdio" to talk to clients and each other.
The parent process opens database files ("rpath wpath cpath"), sends fds to
the child ("sendfd"), and does bsd auth on behalf of the child ("getpw proc
exec").

The child process accepts client connections ("inet unix"), receives fds from
the parent ("recvfd") and locks database files ("flock").

ok deraadt@

Do not assume that asprintf() clears the pointer on failure, which
is non-portable. Also add missing asprintf() return value checks.
OK deraadt@ guenther@ doug@

change to <limits.h> universe. The only changes in the binary are due
to the heavy use of assert.
ok millert

bunch of format string cleanups, removing %i, signed vs unsigned, and even
a few long long's
ok jmatthew

Protect against fd exhaustion when reopening database files. Only accept
client or control connections when there are at least 8 fds available,
and close a connection before calling imsg_read if it would be unable to
accept an fd from the parent process.

ok gilles@

rate limiting of accept() in various cases. Testing by jmatthew. there
maybe still be a corner case where it needs one more file descriptor
beyond the limit..

use our umask() before AF_UNIX bind() semantics; ok pyr

Make -dvv flags produce debug traces of decoded BER messages on stderr.
Also shows a hexdump of the input buffer if BER decoding fails.
Useful when debugging protocol issues.

Move generic imsg/libevent glue to a separate file.

with eric@ at c2k10

Retry requests when the btree is busy. Without this, clients will just hang
waiting for a response if the btree was being reopened when the request was
received.

Implement the LDAP compare operation.

Remove dead assignments. Found by clang static analyzer.

Don't send statistics for referral namespaces. This unbreaks ldapctl stats.
Avoid null pointer dereference when reopening a namespace.

Add support for referrals. Referrals are configured in the config file,
either in the global context or in a namespace. The latter can be used to
delegate requests to different servers for specific parts of the DIT. The
former is a global catch-all referral.

Remember on what listener a connection got from, and return protocol error
if trying to use starttls without a configured certificate, instead of just
blocking the client.

Remove compaction and indexing from ldapd. It is better done by a separate
process now that the btree can pick up the changes automatically.

Implement support in the parent to (re-)open database files on behalf of
the unprivileged child over imsg. Part of a larger change that will fix
database compaction.

print long long int as %lld

Open database files before chrooting, and use an absolute path to
the database files, instead of relying on the chrooted-to path.

This breaks compaction as the ldape process can't re-open the
database files. This is being worked on.

ok gilles@

Remove trailing whitespace and spaces before tabs.

ok gilles@

Initial import of ldapd, a small LDAP daemon. Work in progress.

ok deraadt@ jacekm@ gilles@ back@ henning@ blambert@

Implement fork+exec model

OK jmatthew@

work on making log.c similar in all daemons:

move daemon-local functions into new logmsg.c, and reduce
the (mostly whitespace) differences so that log.c's can be diffed easily.

ok krw@ jmatthew@

convert ldapd to use the libtls api, bringing in a copy of the evbuffer_tls
code from syslogd.

ok beck@ benno@

bzero -> memset. No binary change.

use SOCK_NONBLOCK instead of fcntl

ok dlg@

Both ldapd processes need "stdio" to talk to clients and each other.
The parent process opens database files ("rpath wpath cpath"), sends fds to
the child ("sendfd"), and does bsd auth on behalf of the child ("getpw proc
exec").

The child process accepts client connections ("inet unix"), receives fds from
the parent ("recvfd") and locks database files ("flock").

ok deraadt@

Do not assume that asprintf() clears the pointer on failure, which
is non-portable. Also add missing asprintf() return value checks.
OK deraadt@ guenther@ doug@

change to <limits.h> universe. The only changes in the binary are due
to the heavy use of assert.
ok millert

bunch of format string cleanups, removing %i, signed vs unsigned, and even
a few long long's
ok jmatthew

Protect against fd exhaustion when reopening database files. Only accept
client or control connections when there are at least 8 fds available,
and close a connection before calling imsg_read if it would be unable to
accept an fd from the parent process.

ok gilles@

rate limiting of accept() in various cases. Testing by jmatthew. there
maybe still be a corner case where it needs one more file descriptor
beyond the limit..

use our umask() before AF_UNIX bind() semantics; ok pyr

Make -dvv flags produce debug traces of decoded BER messages on stderr.
Also shows a hexdump of the input buffer if BER decoding fails.
Useful when debugging protocol issues.

Move generic imsg/libevent glue to a separate file.

with eric@ at c2k10

Retry requests when the btree is busy. Without this, clients will just hang
waiting for a response if the btree was being reopened when the request was
received.

Implement the LDAP compare operation.

Remove dead assignments. Found by clang static analyzer.

Don't send statistics for referral namespaces. This unbreaks ldapctl stats.
Avoid null pointer dereference when reopening a namespace.

Add support for referrals. Referrals are configured in the config file,
either in the global context or in a namespace. The latter can be used to
delegate requests to different servers for specific parts of the DIT. The
former is a global catch-all referral.

Remember on what listener a connection got from, and return protocol error
if trying to use starttls without a configured certificate, instead of just
blocking the client.

Remove compaction and indexing from ldapd. It is better done by a separate
process now that the btree can pick up the changes automatically.

Implement support in the parent to (re-)open database files on behalf of
the unprivileged child over imsg. Part of a larger change that will fix
database compaction.

print long long int as %lld

Open database files before chrooting, and use an absolute path to
the database files, instead of relying on the chrooted-to path.

This breaks compaction as the ldape process can't re-open the
database files. This is being worked on.

ok gilles@

Remove trailing whitespace and spaces before tabs.

ok gilles@

Initial import of ldapd, a small LDAP daemon. Work in progress.

ok deraadt@ jacekm@ gilles@ back@ henning@ blambert@