#
1.43 |
|
15-Oct-2021 |
naddy |
Don't declare variables as "unsigned char *" that are passed to functions that take "char *" arguments. Where such chars are assigned to int or passed to ctype functions, explicitly cast them to unsigned char.
For OpenBSD's clang, -Wpointer-sign has been disabled by default, but when the parse.y code was built elsewhere, the compiler would complain.
With help from millert@ ok benno@ deraadt@
|
#
1.42 |
|
07-Oct-2021 |
claudio |
Call normalize_dn() on the newly added namespace so that later compares with normalized basedns work. Seems all other DN attributes in parse.y pass through normalize_dn() so this seems to be the last one missing out. With this configs using capitalized namespace DN like o=OpenBSD,c=CA will actually work. OK kn@ gsoares@
|
#
1.41 |
|
07-Oct-2021 |
claudio |
Change host() error check to the more simple for of != 1. Host() return 1 on success and 0 or -1 on failure. OK kn@ gsoares@
|
Revision tags: OPENBSD_7_0_BASE
|
#
1.40 |
|
02-May-2021 |
martijn |
Fix having hostnames in the listen on statement. Regression introduced in r1.39. Issue originally reported by Anton Kasimov via rob@.
OK claudio@
|
Revision tags: OPENBSD_6_9_BASE
|
#
1.39 |
|
09-Jan-2021 |
rob |
Remove locally imposed limit on sockets.
Suggested by martijn@, ok claudio@
|
#
1.38 |
|
30-Dec-2020 |
benno |
getifaddrs() can return entries where ifa_addr is NULL. Check for this before accessing anything in ifa_addr. ok claudio@
|
#
1.37 |
|
29-Nov-2020 |
tb |
Fix cert and key path inference for absolute paths
ldapd infers certificate and key paths from the configured certificate string. It appends ".crt" and ".key", respectively, and in the case of a relative path it also prepends "/etc/ldap/certs/". A logic error results in prepending "/etc/ldap/certs/" also for absolute paths. Avoid this by making the whole thing readable at the cost of a bit of verbosity.
Problem reported by Maksim Rodin on misc@, thanks! Initial fix from me, committing an improved version on behalf of martijn.
ok jmatthew, tb
|
Revision tags: OPENBSD_6_8_BASE
|
#
1.36 |
|
24-Jun-2020 |
tb |
Using the "ldaps" or "tls" keywords in ldapd.conf currently enables all protocols and ciphers. So you get a TLS server speaking TLSv1.0 and supporting cipher suites with RC4 and 3DES encryption, all of which should be considered broken. There is no way of disabling TLSv1.0 and TLSv1.1 in ldapd. All this is also not very clearly called out in the documentation.
This commit switches the defaults to using the libtls defaults for both protocols and ciphers. If compatibility with the insecure legacy protocols and ciphers is needed, use the "legacy" keyword before "tls" or "ldaps" in ldapd.conf.
tested by abieber. inoguchi agrees with the direction.
ok beck
|
Revision tags: OPENBSD_6_5_BASE OPENBSD_6_6_BASE OPENBSD_6_7_BASE
|
#
1.35 |
|
13-Feb-2019 |
deraadt |
(unsigned) means (unsigned int) which on ptrdiff_t or size_t or other larger types really is a range reduction... Almost any cast to (unsigned) is a bug. ok millert tb benno
|
#
1.34 |
|
01-Nov-2018 |
sashan |
- odd condition/test in PF lexer (and other lexers too)
This commit rectifies earlier change:
in the lex... even inside quotes, a \ followed by space or tab should expand to space or tab, and a \ followed by newline should be ignored (as a line continuation). compatible with the needs of hoststated (which has the most strict quoted string requirements), and ifstated (where one commonly does line continuations in strings).
OK deraadt@, OK millert@
|
Revision tags: OPENBSD_6_4_BASE
|
#
1.33 |
|
07-Sep-2018 |
miko |
replace malloc()+strlcpy() with strndup() in cmdline_symset().
"looks good" gilles@ halex@
|
#
1.32 |
|
11-Jul-2018 |
krw |
Do for most running out of memory err() what was done for most running out of memory log_warn(). i.e. ("%s", __func__) instead of manual function names and redundant verbiage about which wrapper detected the out of memory condition.
ok henning@
|
#
1.31 |
|
09-Jul-2018 |
krw |
No need to mention which memory allocation entry point failed (malloc, calloc or strdup), we just need to log that we ran out of memory in a particular function.
Recommended by florian@ and deraadt@
ok benno@ henning@ tb@
|
#
1.30 |
|
08-Jul-2018 |
krw |
Be consistent in warn() and log_warn() usage when running out of memory.
Next step, be correct *and* consistent.
ok dennis@ tb@ benno@ schwarze@
|
#
1.29 |
|
11-Jun-2018 |
denis |
Fix an off-by-one line count when using include statements.
Thanks to otto@ for the initial diff.
OK benno@
|
#
1.28 |
|
18-May-2018 |
reyk |
Add support for attribute filter rules on search/read operations.
OK jmatthew@
|
#
1.27 |
|
14-May-2018 |
reyk |
Add support to filter on attributes.
This can be used to allow users to change their password (and a few other things) but not their entire dn. For example:
allow read access to any by self allow write access to any attribute userPassword by self
This is currently only supported for "write" (modify, add, delete) and not "read" (search) filter rules.
OK jmatthew@
|
#
1.26 |
|
26-Apr-2018 |
krw |
Plug leak in error case of the common 'varset' implementations.
ok benno@
|
Revision tags: OPENBSD_6_2_BASE OPENBSD_6_3_BASE
|
#
1.25 |
|
28-Aug-2017 |
florian |
65535 is a valid port to listen on. Off-by-one pointed out by and diff from Kris Katterjohn katterjohn AT gmail, thanks! chris@ pointed out that more than httpd(8) is effected. OK gilles@
|
#
1.24 |
|
06-Apr-2017 |
gsoares |
use memset() instead of bzero() OK jmatthew
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.23 |
|
20-Jan-2017 |
benno |
work on making log.c similar in all daemons:
move daemon-local functions into new logmsg.c, and reduce the (mostly whitespace) differences so that log.c's can be diffed easily.
ok krw@ jmatthew@
|
#
1.22 |
|
05-Jan-2017 |
krw |
Replace hand-rolled for(;;) emptying of 'symhead' TAILQ with more modern TAILQ_FOREACH_SAFE().
No intentional functional change.
ok millert@ bluhm@ gilles@
|
#
1.21 |
|
05-Jan-2017 |
krw |
Replace symset()'s hand-rolled for(;;) traversal of 'symhead' TAILQ with more modern TAILQ_FOREACH(). This what symget() was already doing.
Add paranoia '{}' around body of symget()'s TAILQ_FOREACH().
No intentional functional change.
ok bluhm@ otto@
|
#
1.20 |
|
30-Nov-2016 |
mestre |
Check return value of tls_config_set_protocols(3) and bail out in case of failure
Feedback and OK jsing@
|
Revision tags: OPENBSD_6_0_BASE
|
#
1.19 |
|
13-Jul-2016 |
jsing |
Adjust existing tls_config_set_cipher() callers for TLS cipher group changes - map the previous configuration to the equivalent in the new groups. This will be revisited post release.
Discussed with beck@
|
#
1.18 |
|
21-Jun-2016 |
benno |
do not allow whitespace in macro names, i.e. "this is" = "a variable". change this in all config parsers in our tree that support macros. problem reported by sven falempin.
feedback from henning@, stsp@, deraadt@ ok florian@ mikeb@
|
#
1.17 |
|
01-May-2016 |
jmatthew |
convert ldapd to use the libtls api, bringing in a copy of the evbuffer_tls code from syslogd.
ok beck@ benno@
|
Revision tags: OPENBSD_5_7_BASE OPENBSD_5_8_BASE OPENBSD_5_9_BASE
|
#
1.16 |
|
20-Nov-2014 |
jsg |
Don't allow embedded nul characters in strings. Fixes a pfctl crash with an anchor name containing an embedded nul found with the afl fuzzer.
pfctl parse.y patch from and ok deraadt@
|
#
1.15 |
|
14-Nov-2014 |
doug |
Add gcc printf format attributes to yyerror() in parse.y files. No yyerror() calls needed to be changed.
ok bluhm@
|
#
1.14 |
|
03-Nov-2014 |
bluhm |
Convert the logic in yyerror(). Instead of creating a temporary format string, create a temporary message. OK claudio@
|
#
1.13 |
|
21-Sep-2014 |
daniel |
eliminate the use of a gcc C extension (conditionals with omitted operands).
ok deraadt@
|
Revision tags: OPENBSD_5_5_BASE OPENBSD_5_6_BASE
|
#
1.12 |
|
22-Jan-2014 |
henning |
relax the cfg file secrecy check slightly to allow group readability default permissions and mtree NOT changed. prodded by benno, ok phessler benno jmatthew theo pelikan florian
|
#
1.11 |
|
25-Nov-2013 |
benno |
use u_char for buffers in yylex, for ctype calls found by millert@, ok deraadt@
|
Revision tags: OPENBSD_4_9_BASE OPENBSD_5_0_BASE OPENBSD_5_1_BASE OPENBSD_5_2_BASE OPENBSD_5_3_BASE OPENBSD_5_4_BASE
|
#
1.10 |
|
18-Oct-2010 |
sthen |
Missing ; to appease yyextract, ok martinh@
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.9 |
|
03-Aug-2010 |
henning |
fix linecount bug with comments spanning multiple lines problem reported with the obvious fix for bgpd by Sebastian Benoit <benoit-lists at fb12.de>, also PR 6432 applied to all the others by yours truly. ok theo isn't it amazing how far this parser (and more) spread?
|
#
1.8 |
|
30-Jun-2010 |
martinh |
Set a default btree cache size.
|
#
1.7 |
|
30-Jun-2010 |
martinh |
Add a global root user that is allowed to read/write entries in all local namespaces. Useful for dump/restore of all namespaces.
|
#
1.6 |
|
29-Jun-2010 |
martinh |
Add support for referrals. Referrals are configured in the config file, either in the global context or in a namespace. The latter can be used to delegate requests to different servers for specific parts of the DIT. The former is a global catch-all referral.
|
#
1.5 |
|
29-Jun-2010 |
martinh |
Rewrite the schema parser, as it's not a context-free grammar. This also brings the config parser more in line with other parse.y in the tree. The new schema parser also supports symbolic OID names.
You need to update your /etc/ldapd.conf. Schema files are no longer included with the 'include' keyword, you have to use 'schema' for that.
Moves schema-related structures to a separate include file to ease reuse.
|
#
1.4 |
|
15-Jun-2010 |
martinh |
Move around some functions to ease re-use from ldapctl.
|
#
1.3 |
|
02-Jun-2010 |
martinh |
remove c++ comments ok gilles@
|
#
1.2 |
|
31-May-2010 |
martinh |
Remove trailing whitespace and spaces before tabs.
ok gilles@
|
#
1.1 |
|
31-May-2010 |
martinh |
Initial import of ldapd, a small LDAP daemon. Work in progress.
ok deraadt@ jacekm@ gilles@ back@ henning@ blambert@
|
#
1.40 |
|
02-May-2021 |
martijn |
Fix having hostnames in the listen on statement. Regression introduced in r1.39. Issue originally reported by Anton Kasimov via rob@.
OK claudio@
|
Revision tags: OPENBSD_6_9_BASE
|
#
1.39 |
|
09-Jan-2021 |
rob |
Remove locally imposed limit on sockets.
Suggested by martijn@, ok claudio@
|
#
1.38 |
|
30-Dec-2020 |
benno |
getifaddrs() can return entries where ifa_addr is NULL. Check for this before accessing anything in ifa_addr. ok claudio@
|
#
1.37 |
|
29-Nov-2020 |
tb |
Fix cert and key path inference for absolute paths
ldapd infers certificate and key paths from the configured certificate string. It appends ".crt" and ".key", respectively, and in the case of a relative path it also prepends "/etc/ldap/certs/". A logic error results in prepending "/etc/ldap/certs/" also for absolute paths. Avoid this by making the whole thing readable at the cost of a bit of verbosity.
Problem reported by Maksim Rodin on misc@, thanks! Initial fix from me, committing an improved version on behalf of martijn.
ok jmatthew, tb
|
Revision tags: OPENBSD_6_8_BASE
|
#
1.36 |
|
24-Jun-2020 |
tb |
Using the "ldaps" or "tls" keywords in ldapd.conf currently enables all protocols and ciphers. So you get a TLS server speaking TLSv1.0 and supporting cipher suites with RC4 and 3DES encryption, all of which should be considered broken. There is no way of disabling TLSv1.0 and TLSv1.1 in ldapd. All this is also not very clearly called out in the documentation.
This commit switches the defaults to using the libtls defaults for both protocols and ciphers. If compatibility with the insecure legacy protocols and ciphers is needed, use the "legacy" keyword before "tls" or "ldaps" in ldapd.conf.
tested by abieber. inoguchi agrees with the direction.
ok beck
|
Revision tags: OPENBSD_6_5_BASE OPENBSD_6_6_BASE OPENBSD_6_7_BASE
|
#
1.35 |
|
13-Feb-2019 |
deraadt |
(unsigned) means (unsigned int) which on ptrdiff_t or size_t or other larger types really is a range reduction... Almost any cast to (unsigned) is a bug. ok millert tb benno
|
#
1.34 |
|
01-Nov-2018 |
sashan |
- odd condition/test in PF lexer (and other lexers too)
This commit rectifies earlier change:
in the lex... even inside quotes, a \ followed by space or tab should expand to space or tab, and a \ followed by newline should be ignored (as a line continuation). compatible with the needs of hoststated (which has the most strict quoted string requirements), and ifstated (where one commonly does line continuations in strings).
OK deraadt@, OK millert@
|
Revision tags: OPENBSD_6_4_BASE
|
#
1.33 |
|
07-Sep-2018 |
miko |
replace malloc()+strlcpy() with strndup() in cmdline_symset().
"looks good" gilles@ halex@
|
#
1.32 |
|
11-Jul-2018 |
krw |
Do for most running out of memory err() what was done for most running out of memory log_warn(). i.e. ("%s", __func__) instead of manual function names and redundant verbiage about which wrapper detected the out of memory condition.
ok henning@
|
#
1.31 |
|
09-Jul-2018 |
krw |
No need to mention which memory allocation entry point failed (malloc, calloc or strdup), we just need to log that we ran out of memory in a particular function.
Recommended by florian@ and deraadt@
ok benno@ henning@ tb@
|
#
1.30 |
|
08-Jul-2018 |
krw |
Be consistent in warn() and log_warn() usage when running out of memory.
Next step, be correct *and* consistent.
ok dennis@ tb@ benno@ schwarze@
|
#
1.29 |
|
11-Jun-2018 |
denis |
Fix an off-by-one line count when using include statements.
Thanks to otto@ for the initial diff.
OK benno@
|
#
1.28 |
|
18-May-2018 |
reyk |
Add support for attribute filter rules on search/read operations.
OK jmatthew@
|
#
1.27 |
|
14-May-2018 |
reyk |
Add support to filter on attributes.
This can be used to allow users to change their password (and a few other things) but not their entire dn. For example:
allow read access to any by self allow write access to any attribute userPassword by self
This is currently only supported for "write" (modify, add, delete) and not "read" (search) filter rules.
OK jmatthew@
|
#
1.26 |
|
26-Apr-2018 |
krw |
Plug leak in error case of the common 'varset' implementations.
ok benno@
|
Revision tags: OPENBSD_6_2_BASE OPENBSD_6_3_BASE
|
#
1.25 |
|
28-Aug-2017 |
florian |
65535 is a valid port to listen on. Off-by-one pointed out by and diff from Kris Katterjohn katterjohn AT gmail, thanks! chris@ pointed out that more than httpd(8) is effected. OK gilles@
|
#
1.24 |
|
06-Apr-2017 |
gsoares |
use memset() instead of bzero() OK jmatthew
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.23 |
|
20-Jan-2017 |
benno |
work on making log.c similar in all daemons:
move daemon-local functions into new logmsg.c, and reduce the (mostly whitespace) differences so that log.c's can be diffed easily.
ok krw@ jmatthew@
|
#
1.22 |
|
05-Jan-2017 |
krw |
Replace hand-rolled for(;;) emptying of 'symhead' TAILQ with more modern TAILQ_FOREACH_SAFE().
No intentional functional change.
ok millert@ bluhm@ gilles@
|
#
1.21 |
|
05-Jan-2017 |
krw |
Replace symset()'s hand-rolled for(;;) traversal of 'symhead' TAILQ with more modern TAILQ_FOREACH(). This what symget() was already doing.
Add paranoia '{}' around body of symget()'s TAILQ_FOREACH().
No intentional functional change.
ok bluhm@ otto@
|
#
1.20 |
|
30-Nov-2016 |
mestre |
Check return value of tls_config_set_protocols(3) and bail out in case of failure
Feedback and OK jsing@
|
Revision tags: OPENBSD_6_0_BASE
|
#
1.19 |
|
13-Jul-2016 |
jsing |
Adjust existing tls_config_set_cipher() callers for TLS cipher group changes - map the previous configuration to the equivalent in the new groups. This will be revisited post release.
Discussed with beck@
|
#
1.18 |
|
21-Jun-2016 |
benno |
do not allow whitespace in macro names, i.e. "this is" = "a variable". change this in all config parsers in our tree that support macros. problem reported by sven falempin.
feedback from henning@, stsp@, deraadt@ ok florian@ mikeb@
|
#
1.17 |
|
01-May-2016 |
jmatthew |
convert ldapd to use the libtls api, bringing in a copy of the evbuffer_tls code from syslogd.
ok beck@ benno@
|
Revision tags: OPENBSD_5_7_BASE OPENBSD_5_8_BASE OPENBSD_5_9_BASE
|
#
1.16 |
|
20-Nov-2014 |
jsg |
Don't allow embedded nul characters in strings. Fixes a pfctl crash with an anchor name containing an embedded nul found with the afl fuzzer.
pfctl parse.y patch from and ok deraadt@
|
#
1.15 |
|
14-Nov-2014 |
doug |
Add gcc printf format attributes to yyerror() in parse.y files. No yyerror() calls needed to be changed.
ok bluhm@
|
#
1.14 |
|
03-Nov-2014 |
bluhm |
Convert the logic in yyerror(). Instead of creating a temporary format string, create a temporary message. OK claudio@
|
#
1.13 |
|
21-Sep-2014 |
daniel |
eliminate the use of a gcc C extension (conditionals with omitted operands).
ok deraadt@
|
Revision tags: OPENBSD_5_5_BASE OPENBSD_5_6_BASE
|
#
1.12 |
|
22-Jan-2014 |
henning |
relax the cfg file secrecy check slightly to allow group readability default permissions and mtree NOT changed. prodded by benno, ok phessler benno jmatthew theo pelikan florian
|
#
1.11 |
|
25-Nov-2013 |
benno |
use u_char for buffers in yylex, for ctype calls found by millert@, ok deraadt@
|
Revision tags: OPENBSD_4_9_BASE OPENBSD_5_0_BASE OPENBSD_5_1_BASE OPENBSD_5_2_BASE OPENBSD_5_3_BASE OPENBSD_5_4_BASE
|
#
1.10 |
|
18-Oct-2010 |
sthen |
Missing ; to appease yyextract, ok martinh@
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.9 |
|
03-Aug-2010 |
henning |
fix linecount bug with comments spanning multiple lines problem reported with the obvious fix for bgpd by Sebastian Benoit <benoit-lists at fb12.de>, also PR 6432 applied to all the others by yours truly. ok theo isn't it amazing how far this parser (and more) spread?
|
#
1.8 |
|
30-Jun-2010 |
martinh |
Set a default btree cache size.
|
#
1.7 |
|
30-Jun-2010 |
martinh |
Add a global root user that is allowed to read/write entries in all local namespaces. Useful for dump/restore of all namespaces.
|
#
1.6 |
|
29-Jun-2010 |
martinh |
Add support for referrals. Referrals are configured in the config file, either in the global context or in a namespace. The latter can be used to delegate requests to different servers for specific parts of the DIT. The former is a global catch-all referral.
|
#
1.5 |
|
29-Jun-2010 |
martinh |
Rewrite the schema parser, as it's not a context-free grammar. This also brings the config parser more in line with other parse.y in the tree. The new schema parser also supports symbolic OID names.
You need to update your /etc/ldapd.conf. Schema files are no longer included with the 'include' keyword, you have to use 'schema' for that.
Moves schema-related structures to a separate include file to ease reuse.
|
#
1.4 |
|
15-Jun-2010 |
martinh |
Move around some functions to ease re-use from ldapctl.
|
#
1.3 |
|
02-Jun-2010 |
martinh |
remove c++ comments ok gilles@
|
#
1.2 |
|
31-May-2010 |
martinh |
Remove trailing whitespace and spaces before tabs.
ok gilles@
|
#
1.1 |
|
31-May-2010 |
martinh |
Initial import of ldapd, a small LDAP daemon. Work in progress.
ok deraadt@ jacekm@ gilles@ back@ henning@ blambert@
|
#
1.39 |
|
09-Jan-2021 |
rob |
Remove locally imposed limit on sockets.
Suggested by martijn@, ok claudio@
|
#
1.38 |
|
30-Dec-2020 |
benno |
getifaddrs() can return entries where ifa_addr is NULL. Check for this before accessing anything in ifa_addr. ok claudio@
|
#
1.37 |
|
29-Nov-2020 |
tb |
Fix cert and key path inference for absolute paths
ldapd infers certificate and key paths from the configured certificate string. It appends ".crt" and ".key", respectively, and in the case of a relative path it also prepends "/etc/ldap/certs/". A logic error results in prepending "/etc/ldap/certs/" also for absolute paths. Avoid this by making the whole thing readable at the cost of a bit of verbosity.
Problem reported by Maksim Rodin on misc@, thanks! Initial fix from me, committing an improved version on behalf of martijn.
ok jmatthew, tb
|
Revision tags: OPENBSD_6_8_BASE
|
#
1.36 |
|
24-Jun-2020 |
tb |
Using the "ldaps" or "tls" keywords in ldapd.conf currently enables all protocols and ciphers. So you get a TLS server speaking TLSv1.0 and supporting cipher suites with RC4 and 3DES encryption, all of which should be considered broken. There is no way of disabling TLSv1.0 and TLSv1.1 in ldapd. All this is also not very clearly called out in the documentation.
This commit switches the defaults to using the libtls defaults for both protocols and ciphers. If compatibility with the insecure legacy protocols and ciphers is needed, use the "legacy" keyword before "tls" or "ldaps" in ldapd.conf.
tested by abieber. inoguchi agrees with the direction.
ok beck
|
Revision tags: OPENBSD_6_5_BASE OPENBSD_6_6_BASE OPENBSD_6_7_BASE
|
#
1.35 |
|
13-Feb-2019 |
deraadt |
(unsigned) means (unsigned int) which on ptrdiff_t or size_t or other larger types really is a range reduction... Almost any cast to (unsigned) is a bug. ok millert tb benno
|
#
1.34 |
|
01-Nov-2018 |
sashan |
- odd condition/test in PF lexer (and other lexers too)
This commit rectifies earlier change:
in the lex... even inside quotes, a \ followed by space or tab should expand to space or tab, and a \ followed by newline should be ignored (as a line continuation). compatible with the needs of hoststated (which has the most strict quoted string requirements), and ifstated (where one commonly does line continuations in strings).
OK deraadt@, OK millert@
|
Revision tags: OPENBSD_6_4_BASE
|
#
1.33 |
|
07-Sep-2018 |
miko |
replace malloc()+strlcpy() with strndup() in cmdline_symset().
"looks good" gilles@ halex@
|
#
1.32 |
|
11-Jul-2018 |
krw |
Do for most running out of memory err() what was done for most running out of memory log_warn(). i.e. ("%s", __func__) instead of manual function names and redundant verbiage about which wrapper detected the out of memory condition.
ok henning@
|
#
1.31 |
|
09-Jul-2018 |
krw |
No need to mention which memory allocation entry point failed (malloc, calloc or strdup), we just need to log that we ran out of memory in a particular function.
Recommended by florian@ and deraadt@
ok benno@ henning@ tb@
|
#
1.30 |
|
08-Jul-2018 |
krw |
Be consistent in warn() and log_warn() usage when running out of memory.
Next step, be correct *and* consistent.
ok dennis@ tb@ benno@ schwarze@
|
#
1.29 |
|
11-Jun-2018 |
denis |
Fix an off-by-one line count when using include statements.
Thanks to otto@ for the initial diff.
OK benno@
|
#
1.28 |
|
18-May-2018 |
reyk |
Add support for attribute filter rules on search/read operations.
OK jmatthew@
|
#
1.27 |
|
14-May-2018 |
reyk |
Add support to filter on attributes.
This can be used to allow users to change their password (and a few other things) but not their entire dn. For example:
allow read access to any by self allow write access to any attribute userPassword by self
This is currently only supported for "write" (modify, add, delete) and not "read" (search) filter rules.
OK jmatthew@
|
#
1.26 |
|
26-Apr-2018 |
krw |
Plug leak in error case of the common 'varset' implementations.
ok benno@
|
Revision tags: OPENBSD_6_2_BASE OPENBSD_6_3_BASE
|
#
1.25 |
|
28-Aug-2017 |
florian |
65535 is a valid port to listen on. Off-by-one pointed out by and diff from Kris Katterjohn katterjohn AT gmail, thanks! chris@ pointed out that more than httpd(8) is effected. OK gilles@
|
#
1.24 |
|
06-Apr-2017 |
gsoares |
use memset() instead of bzero() OK jmatthew
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.23 |
|
20-Jan-2017 |
benno |
work on making log.c similar in all daemons:
move daemon-local functions into new logmsg.c, and reduce the (mostly whitespace) differences so that log.c's can be diffed easily.
ok krw@ jmatthew@
|
#
1.22 |
|
05-Jan-2017 |
krw |
Replace hand-rolled for(;;) emptying of 'symhead' TAILQ with more modern TAILQ_FOREACH_SAFE().
No intentional functional change.
ok millert@ bluhm@ gilles@
|
#
1.21 |
|
05-Jan-2017 |
krw |
Replace symset()'s hand-rolled for(;;) traversal of 'symhead' TAILQ with more modern TAILQ_FOREACH(). This what symget() was already doing.
Add paranoia '{}' around body of symget()'s TAILQ_FOREACH().
No intentional functional change.
ok bluhm@ otto@
|
#
1.20 |
|
30-Nov-2016 |
mestre |
Check return value of tls_config_set_protocols(3) and bail out in case of failure
Feedback and OK jsing@
|
Revision tags: OPENBSD_6_0_BASE
|
#
1.19 |
|
13-Jul-2016 |
jsing |
Adjust existing tls_config_set_cipher() callers for TLS cipher group changes - map the previous configuration to the equivalent in the new groups. This will be revisited post release.
Discussed with beck@
|
#
1.18 |
|
21-Jun-2016 |
benno |
do not allow whitespace in macro names, i.e. "this is" = "a variable". change this in all config parsers in our tree that support macros. problem reported by sven falempin.
feedback from henning@, stsp@, deraadt@ ok florian@ mikeb@
|
#
1.17 |
|
01-May-2016 |
jmatthew |
convert ldapd to use the libtls api, bringing in a copy of the evbuffer_tls code from syslogd.
ok beck@ benno@
|
Revision tags: OPENBSD_5_7_BASE OPENBSD_5_8_BASE OPENBSD_5_9_BASE
|
#
1.16 |
|
20-Nov-2014 |
jsg |
Don't allow embedded nul characters in strings. Fixes a pfctl crash with an anchor name containing an embedded nul found with the afl fuzzer.
pfctl parse.y patch from and ok deraadt@
|
#
1.15 |
|
14-Nov-2014 |
doug |
Add gcc printf format attributes to yyerror() in parse.y files. No yyerror() calls needed to be changed.
ok bluhm@
|
#
1.14 |
|
03-Nov-2014 |
bluhm |
Convert the logic in yyerror(). Instead of creating a temporary format string, create a temporary message. OK claudio@
|
#
1.13 |
|
21-Sep-2014 |
daniel |
eliminate the use of a gcc C extension (conditionals with omitted operands).
ok deraadt@
|
Revision tags: OPENBSD_5_5_BASE OPENBSD_5_6_BASE
|
#
1.12 |
|
22-Jan-2014 |
henning |
relax the cfg file secrecy check slightly to allow group readability default permissions and mtree NOT changed. prodded by benno, ok phessler benno jmatthew theo pelikan florian
|
#
1.11 |
|
25-Nov-2013 |
benno |
use u_char for buffers in yylex, for ctype calls found by millert@, ok deraadt@
|
Revision tags: OPENBSD_4_9_BASE OPENBSD_5_0_BASE OPENBSD_5_1_BASE OPENBSD_5_2_BASE OPENBSD_5_3_BASE OPENBSD_5_4_BASE
|
#
1.10 |
|
18-Oct-2010 |
sthen |
Missing ; to appease yyextract, ok martinh@
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.9 |
|
03-Aug-2010 |
henning |
fix linecount bug with comments spanning multiple lines problem reported with the obvious fix for bgpd by Sebastian Benoit <benoit-lists at fb12.de>, also PR 6432 applied to all the others by yours truly. ok theo isn't it amazing how far this parser (and more) spread?
|
#
1.8 |
|
30-Jun-2010 |
martinh |
Set a default btree cache size.
|
#
1.7 |
|
30-Jun-2010 |
martinh |
Add a global root user that is allowed to read/write entries in all local namespaces. Useful for dump/restore of all namespaces.
|
#
1.6 |
|
29-Jun-2010 |
martinh |
Add support for referrals. Referrals are configured in the config file, either in the global context or in a namespace. The latter can be used to delegate requests to different servers for specific parts of the DIT. The former is a global catch-all referral.
|
#
1.5 |
|
29-Jun-2010 |
martinh |
Rewrite the schema parser, as it's not a context-free grammar. This also brings the config parser more in line with other parse.y in the tree. The new schema parser also supports symbolic OID names.
You need to update your /etc/ldapd.conf. Schema files are no longer included with the 'include' keyword, you have to use 'schema' for that.
Moves schema-related structures to a separate include file to ease reuse.
|
#
1.4 |
|
15-Jun-2010 |
martinh |
Move around some functions to ease re-use from ldapctl.
|
#
1.3 |
|
02-Jun-2010 |
martinh |
remove c++ comments ok gilles@
|
#
1.2 |
|
31-May-2010 |
martinh |
Remove trailing whitespace and spaces before tabs.
ok gilles@
|
#
1.1 |
|
31-May-2010 |
martinh |
Initial import of ldapd, a small LDAP daemon. Work in progress.
ok deraadt@ jacekm@ gilles@ back@ henning@ blambert@
|
#
1.38 |
|
30-Dec-2020 |
benno |
getifaddrs() can return entries where ifa_addr is NULL. Check for this before accessing anything in ifa_addr. ok claudio@
|
#
1.37 |
|
29-Nov-2020 |
tb |
Fix cert and key path inference for absolute paths
ldapd infers certificate and key paths from the configured certificate string. It appends ".crt" and ".key", respectively, and in the case of a relative path it also prepends "/etc/ldap/certs/". A logic error results in prepending "/etc/ldap/certs/" also for absolute paths. Avoid this by making the whole thing readable at the cost of a bit of verbosity.
Problem reported by Maksim Rodin on misc@, thanks! Initial fix from me, committing an improved version on behalf of martijn.
ok jmatthew, tb
|
Revision tags: OPENBSD_6_8_BASE
|
#
1.36 |
|
24-Jun-2020 |
tb |
Using the "ldaps" or "tls" keywords in ldapd.conf currently enables all protocols and ciphers. So you get a TLS server speaking TLSv1.0 and supporting cipher suites with RC4 and 3DES encryption, all of which should be considered broken. There is no way of disabling TLSv1.0 and TLSv1.1 in ldapd. All this is also not very clearly called out in the documentation.
This commit switches the defaults to using the libtls defaults for both protocols and ciphers. If compatibility with the insecure legacy protocols and ciphers is needed, use the "legacy" keyword before "tls" or "ldaps" in ldapd.conf.
tested by abieber. inoguchi agrees with the direction.
ok beck
|
Revision tags: OPENBSD_6_5_BASE OPENBSD_6_6_BASE OPENBSD_6_7_BASE
|
#
1.35 |
|
13-Feb-2019 |
deraadt |
(unsigned) means (unsigned int) which on ptrdiff_t or size_t or other larger types really is a range reduction... Almost any cast to (unsigned) is a bug. ok millert tb benno
|
#
1.34 |
|
01-Nov-2018 |
sashan |
- odd condition/test in PF lexer (and other lexers too)
This commit rectifies earlier change:
in the lex... even inside quotes, a \ followed by space or tab should expand to space or tab, and a \ followed by newline should be ignored (as a line continuation). compatible with the needs of hoststated (which has the most strict quoted string requirements), and ifstated (where one commonly does line continuations in strings).
OK deraadt@, OK millert@
|
Revision tags: OPENBSD_6_4_BASE
|
#
1.33 |
|
07-Sep-2018 |
miko |
replace malloc()+strlcpy() with strndup() in cmdline_symset().
"looks good" gilles@ halex@
|
#
1.32 |
|
11-Jul-2018 |
krw |
Do for most running out of memory err() what was done for most running out of memory log_warn(). i.e. ("%s", __func__) instead of manual function names and redundant verbiage about which wrapper detected the out of memory condition.
ok henning@
|
#
1.31 |
|
09-Jul-2018 |
krw |
No need to mention which memory allocation entry point failed (malloc, calloc or strdup), we just need to log that we ran out of memory in a particular function.
Recommended by florian@ and deraadt@
ok benno@ henning@ tb@
|
#
1.30 |
|
08-Jul-2018 |
krw |
Be consistent in warn() and log_warn() usage when running out of memory.
Next step, be correct *and* consistent.
ok dennis@ tb@ benno@ schwarze@
|
#
1.29 |
|
11-Jun-2018 |
denis |
Fix an off-by-one line count when using include statements.
Thanks to otto@ for the initial diff.
OK benno@
|
#
1.28 |
|
18-May-2018 |
reyk |
Add support for attribute filter rules on search/read operations.
OK jmatthew@
|
#
1.27 |
|
14-May-2018 |
reyk |
Add support to filter on attributes.
This can be used to allow users to change their password (and a few other things) but not their entire dn. For example:
allow read access to any by self allow write access to any attribute userPassword by self
This is currently only supported for "write" (modify, add, delete) and not "read" (search) filter rules.
OK jmatthew@
|
#
1.26 |
|
26-Apr-2018 |
krw |
Plug leak in error case of the common 'varset' implementations.
ok benno@
|
Revision tags: OPENBSD_6_2_BASE OPENBSD_6_3_BASE
|
#
1.25 |
|
28-Aug-2017 |
florian |
65535 is a valid port to listen on. Off-by-one pointed out by and diff from Kris Katterjohn katterjohn AT gmail, thanks! chris@ pointed out that more than httpd(8) is effected. OK gilles@
|
#
1.24 |
|
06-Apr-2017 |
gsoares |
use memset() instead of bzero() OK jmatthew
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.23 |
|
20-Jan-2017 |
benno |
work on making log.c similar in all daemons:
move daemon-local functions into new logmsg.c, and reduce the (mostly whitespace) differences so that log.c's can be diffed easily.
ok krw@ jmatthew@
|
#
1.22 |
|
05-Jan-2017 |
krw |
Replace hand-rolled for(;;) emptying of 'symhead' TAILQ with more modern TAILQ_FOREACH_SAFE().
No intentional functional change.
ok millert@ bluhm@ gilles@
|
#
1.21 |
|
05-Jan-2017 |
krw |
Replace symset()'s hand-rolled for(;;) traversal of 'symhead' TAILQ with more modern TAILQ_FOREACH(). This what symget() was already doing.
Add paranoia '{}' around body of symget()'s TAILQ_FOREACH().
No intentional functional change.
ok bluhm@ otto@
|
#
1.20 |
|
30-Nov-2016 |
mestre |
Check return value of tls_config_set_protocols(3) and bail out in case of failure
Feedback and OK jsing@
|
Revision tags: OPENBSD_6_0_BASE
|
#
1.19 |
|
13-Jul-2016 |
jsing |
Adjust existing tls_config_set_cipher() callers for TLS cipher group changes - map the previous configuration to the equivalent in the new groups. This will be revisited post release.
Discussed with beck@
|
#
1.18 |
|
21-Jun-2016 |
benno |
do not allow whitespace in macro names, i.e. "this is" = "a variable". change this in all config parsers in our tree that support macros. problem reported by sven falempin.
feedback from henning@, stsp@, deraadt@ ok florian@ mikeb@
|
#
1.17 |
|
01-May-2016 |
jmatthew |
convert ldapd to use the libtls api, bringing in a copy of the evbuffer_tls code from syslogd.
ok beck@ benno@
|
Revision tags: OPENBSD_5_7_BASE OPENBSD_5_8_BASE OPENBSD_5_9_BASE
|
#
1.16 |
|
20-Nov-2014 |
jsg |
Don't allow embedded nul characters in strings. Fixes a pfctl crash with an anchor name containing an embedded nul found with the afl fuzzer.
pfctl parse.y patch from and ok deraadt@
|
#
1.15 |
|
14-Nov-2014 |
doug |
Add gcc printf format attributes to yyerror() in parse.y files. No yyerror() calls needed to be changed.
ok bluhm@
|
#
1.14 |
|
03-Nov-2014 |
bluhm |
Convert the logic in yyerror(). Instead of creating a temporary format string, create a temporary message. OK claudio@
|
#
1.13 |
|
21-Sep-2014 |
daniel |
eliminate the use of a gcc C extension (conditionals with omitted operands).
ok deraadt@
|
Revision tags: OPENBSD_5_5_BASE OPENBSD_5_6_BASE
|
#
1.12 |
|
22-Jan-2014 |
henning |
relax the cfg file secrecy check slightly to allow group readability default permissions and mtree NOT changed. prodded by benno, ok phessler benno jmatthew theo pelikan florian
|
#
1.11 |
|
25-Nov-2013 |
benno |
use u_char for buffers in yylex, for ctype calls found by millert@, ok deraadt@
|
Revision tags: OPENBSD_4_9_BASE OPENBSD_5_0_BASE OPENBSD_5_1_BASE OPENBSD_5_2_BASE OPENBSD_5_3_BASE OPENBSD_5_4_BASE
|
#
1.10 |
|
18-Oct-2010 |
sthen |
Missing ; to appease yyextract, ok martinh@
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.9 |
|
03-Aug-2010 |
henning |
fix linecount bug with comments spanning multiple lines problem reported with the obvious fix for bgpd by Sebastian Benoit <benoit-lists at fb12.de>, also PR 6432 applied to all the others by yours truly. ok theo isn't it amazing how far this parser (and more) spread?
|
#
1.8 |
|
30-Jun-2010 |
martinh |
Set a default btree cache size.
|
#
1.7 |
|
30-Jun-2010 |
martinh |
Add a global root user that is allowed to read/write entries in all local namespaces. Useful for dump/restore of all namespaces.
|
#
1.6 |
|
29-Jun-2010 |
martinh |
Add support for referrals. Referrals are configured in the config file, either in the global context or in a namespace. The latter can be used to delegate requests to different servers for specific parts of the DIT. The former is a global catch-all referral.
|
#
1.5 |
|
29-Jun-2010 |
martinh |
Rewrite the schema parser, as it's not a context-free grammar. This also brings the config parser more in line with other parse.y in the tree. The new schema parser also supports symbolic OID names.
You need to update your /etc/ldapd.conf. Schema files are no longer included with the 'include' keyword, you have to use 'schema' for that.
Moves schema-related structures to a separate include file to ease reuse.
|
#
1.4 |
|
15-Jun-2010 |
martinh |
Move around some functions to ease re-use from ldapctl.
|
#
1.3 |
|
02-Jun-2010 |
martinh |
remove c++ comments ok gilles@
|
#
1.2 |
|
31-May-2010 |
martinh |
Remove trailing whitespace and spaces before tabs.
ok gilles@
|
#
1.1 |
|
31-May-2010 |
martinh |
Initial import of ldapd, a small LDAP daemon. Work in progress.
ok deraadt@ jacekm@ gilles@ back@ henning@ blambert@
|
#
1.37 |
|
29-Nov-2020 |
tb |
Fix cert and key path inference for absolute paths
ldapd infers certificate and key paths from the configured certificate string. It appends ".crt" and ".key", respectively, and in the case of a relative path it also prepends "/etc/ldap/certs/". A logic error results in prepending "/etc/ldap/certs/" also for absolute paths. Avoid this by making the whole thing readable at the cost of a bit of verbosity.
Problem reported by Maksim Rodin on misc@, thanks! Initial fix from me, committing an improved version on behalf of martijn.
ok jmatthew, tb
|
Revision tags: OPENBSD_6_8_BASE
|
#
1.36 |
|
24-Jun-2020 |
tb |
Using the "ldaps" or "tls" keywords in ldapd.conf currently enables all protocols and ciphers. So you get a TLS server speaking TLSv1.0 and supporting cipher suites with RC4 and 3DES encryption, all of which should be considered broken. There is no way of disabling TLSv1.0 and TLSv1.1 in ldapd. All this is also not very clearly called out in the documentation.
This commit switches the defaults to using the libtls defaults for both protocols and ciphers. If compatibility with the insecure legacy protocols and ciphers is needed, use the "legacy" keyword before "tls" or "ldaps" in ldapd.conf.
tested by abieber. inoguchi agrees with the direction.
ok beck
|
Revision tags: OPENBSD_6_5_BASE OPENBSD_6_6_BASE OPENBSD_6_7_BASE
|
#
1.35 |
|
13-Feb-2019 |
deraadt |
(unsigned) means (unsigned int) which on ptrdiff_t or size_t or other larger types really is a range reduction... Almost any cast to (unsigned) is a bug. ok millert tb benno
|
#
1.34 |
|
01-Nov-2018 |
sashan |
- odd condition/test in PF lexer (and other lexers too)
This commit rectifies earlier change:
in the lex... even inside quotes, a \ followed by space or tab should expand to space or tab, and a \ followed by newline should be ignored (as a line continuation). compatible with the needs of hoststated (which has the most strict quoted string requirements), and ifstated (where one commonly does line continuations in strings).
OK deraadt@, OK millert@
|
Revision tags: OPENBSD_6_4_BASE
|
#
1.33 |
|
07-Sep-2018 |
miko |
replace malloc()+strlcpy() with strndup() in cmdline_symset().
"looks good" gilles@ halex@
|
#
1.32 |
|
11-Jul-2018 |
krw |
Do for most running out of memory err() what was done for most running out of memory log_warn(). i.e. ("%s", __func__) instead of manual function names and redundant verbiage about which wrapper detected the out of memory condition.
ok henning@
|
#
1.31 |
|
09-Jul-2018 |
krw |
No need to mention which memory allocation entry point failed (malloc, calloc or strdup), we just need to log that we ran out of memory in a particular function.
Recommended by florian@ and deraadt@
ok benno@ henning@ tb@
|
#
1.30 |
|
08-Jul-2018 |
krw |
Be consistent in warn() and log_warn() usage when running out of memory.
Next step, be correct *and* consistent.
ok dennis@ tb@ benno@ schwarze@
|
#
1.29 |
|
11-Jun-2018 |
denis |
Fix an off-by-one line count when using include statements.
Thanks to otto@ for the initial diff.
OK benno@
|
#
1.28 |
|
18-May-2018 |
reyk |
Add support for attribute filter rules on search/read operations.
OK jmatthew@
|
#
1.27 |
|
14-May-2018 |
reyk |
Add support to filter on attributes.
This can be used to allow users to change their password (and a few other things) but not their entire dn. For example:
allow read access to any by self allow write access to any attribute userPassword by self
This is currently only supported for "write" (modify, add, delete) and not "read" (search) filter rules.
OK jmatthew@
|
#
1.26 |
|
26-Apr-2018 |
krw |
Plug leak in error case of the common 'varset' implementations.
ok benno@
|
Revision tags: OPENBSD_6_2_BASE OPENBSD_6_3_BASE
|
#
1.25 |
|
28-Aug-2017 |
florian |
65535 is a valid port to listen on. Off-by-one pointed out by and diff from Kris Katterjohn katterjohn AT gmail, thanks! chris@ pointed out that more than httpd(8) is effected. OK gilles@
|
#
1.24 |
|
06-Apr-2017 |
gsoares |
use memset() instead of bzero() OK jmatthew
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.23 |
|
20-Jan-2017 |
benno |
work on making log.c similar in all daemons:
move daemon-local functions into new logmsg.c, and reduce the (mostly whitespace) differences so that log.c's can be diffed easily.
ok krw@ jmatthew@
|
#
1.22 |
|
05-Jan-2017 |
krw |
Replace hand-rolled for(;;) emptying of 'symhead' TAILQ with more modern TAILQ_FOREACH_SAFE().
No intentional functional change.
ok millert@ bluhm@ gilles@
|
#
1.21 |
|
05-Jan-2017 |
krw |
Replace symset()'s hand-rolled for(;;) traversal of 'symhead' TAILQ with more modern TAILQ_FOREACH(). This what symget() was already doing.
Add paranoia '{}' around body of symget()'s TAILQ_FOREACH().
No intentional functional change.
ok bluhm@ otto@
|
#
1.20 |
|
30-Nov-2016 |
mestre |
Check return value of tls_config_set_protocols(3) and bail out in case of failure
Feedback and OK jsing@
|
Revision tags: OPENBSD_6_0_BASE
|
#
1.19 |
|
13-Jul-2016 |
jsing |
Adjust existing tls_config_set_cipher() callers for TLS cipher group changes - map the previous configuration to the equivalent in the new groups. This will be revisited post release.
Discussed with beck@
|
#
1.18 |
|
21-Jun-2016 |
benno |
do not allow whitespace in macro names, i.e. "this is" = "a variable". change this in all config parsers in our tree that support macros. problem reported by sven falempin.
feedback from henning@, stsp@, deraadt@ ok florian@ mikeb@
|
#
1.17 |
|
01-May-2016 |
jmatthew |
convert ldapd to use the libtls api, bringing in a copy of the evbuffer_tls code from syslogd.
ok beck@ benno@
|
Revision tags: OPENBSD_5_7_BASE OPENBSD_5_8_BASE OPENBSD_5_9_BASE
|
#
1.16 |
|
20-Nov-2014 |
jsg |
Don't allow embedded nul characters in strings. Fixes a pfctl crash with an anchor name containing an embedded nul found with the afl fuzzer.
pfctl parse.y patch from and ok deraadt@
|
#
1.15 |
|
14-Nov-2014 |
doug |
Add gcc printf format attributes to yyerror() in parse.y files. No yyerror() calls needed to be changed.
ok bluhm@
|
#
1.14 |
|
03-Nov-2014 |
bluhm |
Convert the logic in yyerror(). Instead of creating a temporary format string, create a temporary message. OK claudio@
|
#
1.13 |
|
21-Sep-2014 |
daniel |
eliminate the use of a gcc C extension (conditionals with omitted operands).
ok deraadt@
|
Revision tags: OPENBSD_5_5_BASE OPENBSD_5_6_BASE
|
#
1.12 |
|
22-Jan-2014 |
henning |
relax the cfg file secrecy check slightly to allow group readability default permissions and mtree NOT changed. prodded by benno, ok phessler benno jmatthew theo pelikan florian
|
#
1.11 |
|
25-Nov-2013 |
benno |
use u_char for buffers in yylex, for ctype calls found by millert@, ok deraadt@
|
Revision tags: OPENBSD_4_9_BASE OPENBSD_5_0_BASE OPENBSD_5_1_BASE OPENBSD_5_2_BASE OPENBSD_5_3_BASE OPENBSD_5_4_BASE
|
#
1.10 |
|
18-Oct-2010 |
sthen |
Missing ; to appease yyextract, ok martinh@
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.9 |
|
03-Aug-2010 |
henning |
fix linecount bug with comments spanning multiple lines problem reported with the obvious fix for bgpd by Sebastian Benoit <benoit-lists at fb12.de>, also PR 6432 applied to all the others by yours truly. ok theo isn't it amazing how far this parser (and more) spread?
|
#
1.8 |
|
30-Jun-2010 |
martinh |
Set a default btree cache size.
|
#
1.7 |
|
30-Jun-2010 |
martinh |
Add a global root user that is allowed to read/write entries in all local namespaces. Useful for dump/restore of all namespaces.
|
#
1.6 |
|
29-Jun-2010 |
martinh |
Add support for referrals. Referrals are configured in the config file, either in the global context or in a namespace. The latter can be used to delegate requests to different servers for specific parts of the DIT. The former is a global catch-all referral.
|
#
1.5 |
|
29-Jun-2010 |
martinh |
Rewrite the schema parser, as it's not a context-free grammar. This also brings the config parser more in line with other parse.y in the tree. The new schema parser also supports symbolic OID names.
You need to update your /etc/ldapd.conf. Schema files are no longer included with the 'include' keyword, you have to use 'schema' for that.
Moves schema-related structures to a separate include file to ease reuse.
|
#
1.4 |
|
15-Jun-2010 |
martinh |
Move around some functions to ease re-use from ldapctl.
|
#
1.3 |
|
02-Jun-2010 |
martinh |
remove c++ comments ok gilles@
|
#
1.2 |
|
31-May-2010 |
martinh |
Remove trailing whitespace and spaces before tabs.
ok gilles@
|
#
1.1 |
|
31-May-2010 |
martinh |
Initial import of ldapd, a small LDAP daemon. Work in progress.
ok deraadt@ jacekm@ gilles@ back@ henning@ blambert@
|
#
1.36 |
|
24-Jun-2020 |
tb |
Using the "ldaps" or "tls" keywords in ldapd.conf currently enables all protocols and ciphers. So you get a TLS server speaking TLSv1.0 and supporting cipher suites with RC4 and 3DES encryption, all of which should be considered broken. There is no way of disabling TLSv1.0 and TLSv1.1 in ldapd. All this is also not very clearly called out in the documentation.
This commit switches the defaults to using the libtls defaults for both protocols and ciphers. If compatibility with the insecure legacy protocols and ciphers is needed, use the "legacy" keyword before "tls" or "ldaps" in ldapd.conf.
tested by abieber. inoguchi agrees with the direction.
ok beck
|
Revision tags: OPENBSD_6_5_BASE OPENBSD_6_6_BASE OPENBSD_6_7_BASE
|
#
1.35 |
|
13-Feb-2019 |
deraadt |
(unsigned) means (unsigned int) which on ptrdiff_t or size_t or other larger types really is a range reduction... Almost any cast to (unsigned) is a bug. ok millert tb benno
|
#
1.34 |
|
01-Nov-2018 |
sashan |
- odd condition/test in PF lexer (and other lexers too)
This commit rectifies earlier change:
in the lex... even inside quotes, a \ followed by space or tab should expand to space or tab, and a \ followed by newline should be ignored (as a line continuation). compatible with the needs of hoststated (which has the most strict quoted string requirements), and ifstated (where one commonly does line continuations in strings).
OK deraadt@, OK millert@
|
Revision tags: OPENBSD_6_4_BASE
|
#
1.33 |
|
07-Sep-2018 |
miko |
replace malloc()+strlcpy() with strndup() in cmdline_symset().
"looks good" gilles@ halex@
|
#
1.32 |
|
11-Jul-2018 |
krw |
Do for most running out of memory err() what was done for most running out of memory log_warn(). i.e. ("%s", __func__) instead of manual function names and redundant verbiage about which wrapper detected the out of memory condition.
ok henning@
|
#
1.31 |
|
09-Jul-2018 |
krw |
No need to mention which memory allocation entry point failed (malloc, calloc or strdup), we just need to log that we ran out of memory in a particular function.
Recommended by florian@ and deraadt@
ok benno@ henning@ tb@
|
#
1.30 |
|
08-Jul-2018 |
krw |
Be consistent in warn() and log_warn() usage when running out of memory.
Next step, be correct *and* consistent.
ok dennis@ tb@ benno@ schwarze@
|
#
1.29 |
|
11-Jun-2018 |
denis |
Fix an off-by-one line count when using include statements.
Thanks to otto@ for the initial diff.
OK benno@
|
#
1.28 |
|
18-May-2018 |
reyk |
Add support for attribute filter rules on search/read operations.
OK jmatthew@
|
#
1.27 |
|
14-May-2018 |
reyk |
Add support to filter on attributes.
This can be used to allow users to change their password (and a few other things) but not their entire dn. For example:
allow read access to any by self allow write access to any attribute userPassword by self
This is currently only supported for "write" (modify, add, delete) and not "read" (search) filter rules.
OK jmatthew@
|
#
1.26 |
|
26-Apr-2018 |
krw |
Plug leak in error case of the common 'varset' implementations.
ok benno@
|
Revision tags: OPENBSD_6_2_BASE OPENBSD_6_3_BASE
|
#
1.25 |
|
28-Aug-2017 |
florian |
65535 is a valid port to listen on. Off-by-one pointed out by and diff from Kris Katterjohn katterjohn AT gmail, thanks! chris@ pointed out that more than httpd(8) is effected. OK gilles@
|
#
1.24 |
|
06-Apr-2017 |
gsoares |
use memset() instead of bzero() OK jmatthew
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.23 |
|
20-Jan-2017 |
benno |
work on making log.c similar in all daemons:
move daemon-local functions into new logmsg.c, and reduce the (mostly whitespace) differences so that log.c's can be diffed easily.
ok krw@ jmatthew@
|
#
1.22 |
|
05-Jan-2017 |
krw |
Replace hand-rolled for(;;) emptying of 'symhead' TAILQ with more modern TAILQ_FOREACH_SAFE().
No intentional functional change.
ok millert@ bluhm@ gilles@
|
#
1.21 |
|
05-Jan-2017 |
krw |
Replace symset()'s hand-rolled for(;;) traversal of 'symhead' TAILQ with more modern TAILQ_FOREACH(). This what symget() was already doing.
Add paranoia '{}' around body of symget()'s TAILQ_FOREACH().
No intentional functional change.
ok bluhm@ otto@
|
#
1.20 |
|
30-Nov-2016 |
mestre |
Check return value of tls_config_set_protocols(3) and bail out in case of failure
Feedback and OK jsing@
|
Revision tags: OPENBSD_6_0_BASE
|
#
1.19 |
|
13-Jul-2016 |
jsing |
Adjust existing tls_config_set_cipher() callers for TLS cipher group changes - map the previous configuration to the equivalent in the new groups. This will be revisited post release.
Discussed with beck@
|
#
1.18 |
|
21-Jun-2016 |
benno |
do not allow whitespace in macro names, i.e. "this is" = "a variable". change this in all config parsers in our tree that support macros. problem reported by sven falempin.
feedback from henning@, stsp@, deraadt@ ok florian@ mikeb@
|
#
1.17 |
|
01-May-2016 |
jmatthew |
convert ldapd to use the libtls api, bringing in a copy of the evbuffer_tls code from syslogd.
ok beck@ benno@
|
Revision tags: OPENBSD_5_7_BASE OPENBSD_5_8_BASE OPENBSD_5_9_BASE
|
#
1.16 |
|
20-Nov-2014 |
jsg |
Don't allow embedded nul characters in strings. Fixes a pfctl crash with an anchor name containing an embedded nul found with the afl fuzzer.
pfctl parse.y patch from and ok deraadt@
|
#
1.15 |
|
14-Nov-2014 |
doug |
Add gcc printf format attributes to yyerror() in parse.y files. No yyerror() calls needed to be changed.
ok bluhm@
|
#
1.14 |
|
03-Nov-2014 |
bluhm |
Convert the logic in yyerror(). Instead of creating a temporary format string, create a temporary message. OK claudio@
|
#
1.13 |
|
21-Sep-2014 |
daniel |
eliminate the use of a gcc C extension (conditionals with omitted operands).
ok deraadt@
|
Revision tags: OPENBSD_5_5_BASE OPENBSD_5_6_BASE
|
#
1.12 |
|
22-Jan-2014 |
henning |
relax the cfg file secrecy check slightly to allow group readability default permissions and mtree NOT changed. prodded by benno, ok phessler benno jmatthew theo pelikan florian
|
#
1.11 |
|
25-Nov-2013 |
benno |
use u_char for buffers in yylex, for ctype calls found by millert@, ok deraadt@
|
Revision tags: OPENBSD_4_9_BASE OPENBSD_5_0_BASE OPENBSD_5_1_BASE OPENBSD_5_2_BASE OPENBSD_5_3_BASE OPENBSD_5_4_BASE
|
#
1.10 |
|
18-Oct-2010 |
sthen |
Missing ; to appease yyextract, ok martinh@
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.9 |
|
03-Aug-2010 |
henning |
fix linecount bug with comments spanning multiple lines problem reported with the obvious fix for bgpd by Sebastian Benoit <benoit-lists at fb12.de>, also PR 6432 applied to all the others by yours truly. ok theo isn't it amazing how far this parser (and more) spread?
|
#
1.8 |
|
30-Jun-2010 |
martinh |
Set a default btree cache size.
|
#
1.7 |
|
30-Jun-2010 |
martinh |
Add a global root user that is allowed to read/write entries in all local namespaces. Useful for dump/restore of all namespaces.
|
#
1.6 |
|
29-Jun-2010 |
martinh |
Add support for referrals. Referrals are configured in the config file, either in the global context or in a namespace. The latter can be used to delegate requests to different servers for specific parts of the DIT. The former is a global catch-all referral.
|
#
1.5 |
|
29-Jun-2010 |
martinh |
Rewrite the schema parser, as it's not a context-free grammar. This also brings the config parser more in line with other parse.y in the tree. The new schema parser also supports symbolic OID names.
You need to update your /etc/ldapd.conf. Schema files are no longer included with the 'include' keyword, you have to use 'schema' for that.
Moves schema-related structures to a separate include file to ease reuse.
|
#
1.4 |
|
15-Jun-2010 |
martinh |
Move around some functions to ease re-use from ldapctl.
|
#
1.3 |
|
02-Jun-2010 |
martinh |
remove c++ comments ok gilles@
|
#
1.2 |
|
31-May-2010 |
martinh |
Remove trailing whitespace and spaces before tabs.
ok gilles@
|
#
1.1 |
|
31-May-2010 |
martinh |
Initial import of ldapd, a small LDAP daemon. Work in progress.
ok deraadt@ jacekm@ gilles@ back@ henning@ blambert@
|
#
1.35 |
|
13-Feb-2019 |
deraadt |
(unsigned) means (unsigned int) which on ptrdiff_t or size_t or other larger types really is a range reduction... Almost any cast to (unsigned) is a bug. ok millert tb benno
|
#
1.34 |
|
01-Nov-2018 |
sashan |
- odd condition/test in PF lexer (and other lexers too)
This commit rectifies earlier change:
in the lex... even inside quotes, a \ followed by space or tab should expand to space or tab, and a \ followed by newline should be ignored (as a line continuation). compatible with the needs of hoststated (which has the most strict quoted string requirements), and ifstated (where one commonly does line continuations in strings).
OK deraadt@, OK millert@
|
Revision tags: OPENBSD_6_4_BASE
|
#
1.33 |
|
07-Sep-2018 |
miko |
replace malloc()+strlcpy() with strndup() in cmdline_symset().
"looks good" gilles@ halex@
|
#
1.32 |
|
11-Jul-2018 |
krw |
Do for most running out of memory err() what was done for most running out of memory log_warn(). i.e. ("%s", __func__) instead of manual function names and redundant verbiage about which wrapper detected the out of memory condition.
ok henning@
|
#
1.31 |
|
09-Jul-2018 |
krw |
No need to mention which memory allocation entry point failed (malloc, calloc or strdup), we just need to log that we ran out of memory in a particular function.
Recommended by florian@ and deraadt@
ok benno@ henning@ tb@
|
#
1.30 |
|
08-Jul-2018 |
krw |
Be consistent in warn() and log_warn() usage when running out of memory.
Next step, be correct *and* consistent.
ok dennis@ tb@ benno@ schwarze@
|
#
1.29 |
|
11-Jun-2018 |
denis |
Fix an off-by-one line count when using include statements.
Thanks to otto@ for the initial diff.
OK benno@
|
#
1.28 |
|
18-May-2018 |
reyk |
Add support for attribute filter rules on search/read operations.
OK jmatthew@
|
#
1.27 |
|
14-May-2018 |
reyk |
Add support to filter on attributes.
This can be used to allow users to change their password (and a few other things) but not their entire dn. For example:
allow read access to any by self allow write access to any attribute userPassword by self
This is currently only supported for "write" (modify, add, delete) and not "read" (search) filter rules.
OK jmatthew@
|
#
1.26 |
|
26-Apr-2018 |
krw |
Plug leak in error case of the common 'varset' implementations.
ok benno@
|
Revision tags: OPENBSD_6_2_BASE OPENBSD_6_3_BASE
|
#
1.25 |
|
28-Aug-2017 |
florian |
65535 is a valid port to listen on. Off-by-one pointed out by and diff from Kris Katterjohn katterjohn AT gmail, thanks! chris@ pointed out that more than httpd(8) is effected. OK gilles@
|
#
1.24 |
|
06-Apr-2017 |
gsoares |
use memset() instead of bzero() OK jmatthew
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.23 |
|
20-Jan-2017 |
benno |
work on making log.c similar in all daemons:
move daemon-local functions into new logmsg.c, and reduce the (mostly whitespace) differences so that log.c's can be diffed easily.
ok krw@ jmatthew@
|
#
1.22 |
|
05-Jan-2017 |
krw |
Replace hand-rolled for(;;) emptying of 'symhead' TAILQ with more modern TAILQ_FOREACH_SAFE().
No intentional functional change.
ok millert@ bluhm@ gilles@
|
#
1.21 |
|
05-Jan-2017 |
krw |
Replace symset()'s hand-rolled for(;;) traversal of 'symhead' TAILQ with more modern TAILQ_FOREACH(). This what symget() was already doing.
Add paranoia '{}' around body of symget()'s TAILQ_FOREACH().
No intentional functional change.
ok bluhm@ otto@
|
#
1.20 |
|
30-Nov-2016 |
mestre |
Check return value of tls_config_set_protocols(3) and bail out in case of failure
Feedback and OK jsing@
|
Revision tags: OPENBSD_6_0_BASE
|
#
1.19 |
|
13-Jul-2016 |
jsing |
Adjust existing tls_config_set_cipher() callers for TLS cipher group changes - map the previous configuration to the equivalent in the new groups. This will be revisited post release.
Discussed with beck@
|
#
1.18 |
|
21-Jun-2016 |
benno |
do not allow whitespace in macro names, i.e. "this is" = "a variable". change this in all config parsers in our tree that support macros. problem reported by sven falempin.
feedback from henning@, stsp@, deraadt@ ok florian@ mikeb@
|
#
1.17 |
|
01-May-2016 |
jmatthew |
convert ldapd to use the libtls api, bringing in a copy of the evbuffer_tls code from syslogd.
ok beck@ benno@
|
Revision tags: OPENBSD_5_7_BASE OPENBSD_5_8_BASE OPENBSD_5_9_BASE
|
#
1.16 |
|
20-Nov-2014 |
jsg |
Don't allow embedded nul characters in strings. Fixes a pfctl crash with an anchor name containing an embedded nul found with the afl fuzzer.
pfctl parse.y patch from and ok deraadt@
|
#
1.15 |
|
14-Nov-2014 |
doug |
Add gcc printf format attributes to yyerror() in parse.y files. No yyerror() calls needed to be changed.
ok bluhm@
|
#
1.14 |
|
03-Nov-2014 |
bluhm |
Convert the logic in yyerror(). Instead of creating a temporary format string, create a temporary message. OK claudio@
|
#
1.13 |
|
21-Sep-2014 |
daniel |
eliminate the use of a gcc C extension (conditionals with omitted operands).
ok deraadt@
|
Revision tags: OPENBSD_5_5_BASE OPENBSD_5_6_BASE
|
#
1.12 |
|
22-Jan-2014 |
henning |
relax the cfg file secrecy check slightly to allow group readability default permissions and mtree NOT changed. prodded by benno, ok phessler benno jmatthew theo pelikan florian
|
#
1.11 |
|
25-Nov-2013 |
benno |
use u_char for buffers in yylex, for ctype calls found by millert@, ok deraadt@
|
Revision tags: OPENBSD_4_9_BASE OPENBSD_5_0_BASE OPENBSD_5_1_BASE OPENBSD_5_2_BASE OPENBSD_5_3_BASE OPENBSD_5_4_BASE
|
#
1.10 |
|
18-Oct-2010 |
sthen |
Missing ; to appease yyextract, ok martinh@
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.9 |
|
03-Aug-2010 |
henning |
fix linecount bug with comments spanning multiple lines problem reported with the obvious fix for bgpd by Sebastian Benoit <benoit-lists at fb12.de>, also PR 6432 applied to all the others by yours truly. ok theo isn't it amazing how far this parser (and more) spread?
|
#
1.8 |
|
30-Jun-2010 |
martinh |
Set a default btree cache size.
|
#
1.7 |
|
30-Jun-2010 |
martinh |
Add a global root user that is allowed to read/write entries in all local namespaces. Useful for dump/restore of all namespaces.
|
#
1.6 |
|
29-Jun-2010 |
martinh |
Add support for referrals. Referrals are configured in the config file, either in the global context or in a namespace. The latter can be used to delegate requests to different servers for specific parts of the DIT. The former is a global catch-all referral.
|
#
1.5 |
|
29-Jun-2010 |
martinh |
Rewrite the schema parser, as it's not a context-free grammar. This also brings the config parser more in line with other parse.y in the tree. The new schema parser also supports symbolic OID names.
You need to update your /etc/ldapd.conf. Schema files are no longer included with the 'include' keyword, you have to use 'schema' for that.
Moves schema-related structures to a separate include file to ease reuse.
|
#
1.4 |
|
15-Jun-2010 |
martinh |
Move around some functions to ease re-use from ldapctl.
|
#
1.3 |
|
02-Jun-2010 |
martinh |
remove c++ comments ok gilles@
|
#
1.2 |
|
31-May-2010 |
martinh |
Remove trailing whitespace and spaces before tabs.
ok gilles@
|
#
1.1 |
|
31-May-2010 |
martinh |
Initial import of ldapd, a small LDAP daemon. Work in progress.
ok deraadt@ jacekm@ gilles@ back@ henning@ blambert@
|
#
1.34 |
|
01-Nov-2018 |
sashan |
- odd condition/test in PF lexer (and other lexers too)
This commit rectifies earlier change:
in the lex... even inside quotes, a \ followed by space or tab should expand to space or tab, and a \ followed by newline should be ignored (as a line continuation). compatible with the needs of hoststated (which has the most strict quoted string requirements), and ifstated (where one commonly does line continuations in strings).
OK deraadt@, OK millert@
|
Revision tags: OPENBSD_6_4_BASE
|
#
1.33 |
|
07-Sep-2018 |
miko |
replace malloc()+strlcpy() with strndup() in cmdline_symset().
"looks good" gilles@ halex@
|
#
1.32 |
|
11-Jul-2018 |
krw |
Do for most running out of memory err() what was done for most running out of memory log_warn(). i.e. ("%s", __func__) instead of manual function names and redundant verbiage about which wrapper detected the out of memory condition.
ok henning@
|
#
1.31 |
|
09-Jul-2018 |
krw |
No need to mention which memory allocation entry point failed (malloc, calloc or strdup), we just need to log that we ran out of memory in a particular function.
Recommended by florian@ and deraadt@
ok benno@ henning@ tb@
|
#
1.30 |
|
08-Jul-2018 |
krw |
Be consistent in warn() and log_warn() usage when running out of memory.
Next step, be correct *and* consistent.
ok dennis@ tb@ benno@ schwarze@
|
#
1.29 |
|
11-Jun-2018 |
denis |
Fix an off-by-one line count when using include statements.
Thanks to otto@ for the initial diff.
OK benno@
|
#
1.28 |
|
18-May-2018 |
reyk |
Add support for attribute filter rules on search/read operations.
OK jmatthew@
|
#
1.27 |
|
14-May-2018 |
reyk |
Add support to filter on attributes.
This can be used to allow users to change their password (and a few other things) but not their entire dn. For example:
allow read access to any by self allow write access to any attribute userPassword by self
This is currently only supported for "write" (modify, add, delete) and not "read" (search) filter rules.
OK jmatthew@
|
#
1.26 |
|
26-Apr-2018 |
krw |
Plug leak in error case of the common 'varset' implementations.
ok benno@
|
Revision tags: OPENBSD_6_2_BASE OPENBSD_6_3_BASE
|
#
1.25 |
|
28-Aug-2017 |
florian |
65535 is a valid port to listen on. Off-by-one pointed out by and diff from Kris Katterjohn katterjohn AT gmail, thanks! chris@ pointed out that more than httpd(8) is effected. OK gilles@
|
#
1.24 |
|
06-Apr-2017 |
gsoares |
use memset() instead of bzero() OK jmatthew
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.23 |
|
20-Jan-2017 |
benno |
work on making log.c similar in all daemons:
move daemon-local functions into new logmsg.c, and reduce the (mostly whitespace) differences so that log.c's can be diffed easily.
ok krw@ jmatthew@
|
#
1.22 |
|
05-Jan-2017 |
krw |
Replace hand-rolled for(;;) emptying of 'symhead' TAILQ with more modern TAILQ_FOREACH_SAFE().
No intentional functional change.
ok millert@ bluhm@ gilles@
|
#
1.21 |
|
05-Jan-2017 |
krw |
Replace symset()'s hand-rolled for(;;) traversal of 'symhead' TAILQ with more modern TAILQ_FOREACH(). This what symget() was already doing.
Add paranoia '{}' around body of symget()'s TAILQ_FOREACH().
No intentional functional change.
ok bluhm@ otto@
|
#
1.20 |
|
30-Nov-2016 |
mestre |
Check return value of tls_config_set_protocols(3) and bail out in case of failure
Feedback and OK jsing@
|
Revision tags: OPENBSD_6_0_BASE
|
#
1.19 |
|
13-Jul-2016 |
jsing |
Adjust existing tls_config_set_cipher() callers for TLS cipher group changes - map the previous configuration to the equivalent in the new groups. This will be revisited post release.
Discussed with beck@
|
#
1.18 |
|
21-Jun-2016 |
benno |
do not allow whitespace in macro names, i.e. "this is" = "a variable". change this in all config parsers in our tree that support macros. problem reported by sven falempin.
feedback from henning@, stsp@, deraadt@ ok florian@ mikeb@
|
#
1.17 |
|
01-May-2016 |
jmatthew |
convert ldapd to use the libtls api, bringing in a copy of the evbuffer_tls code from syslogd.
ok beck@ benno@
|
Revision tags: OPENBSD_5_7_BASE OPENBSD_5_8_BASE OPENBSD_5_9_BASE
|
#
1.16 |
|
20-Nov-2014 |
jsg |
Don't allow embedded nul characters in strings. Fixes a pfctl crash with an anchor name containing an embedded nul found with the afl fuzzer.
pfctl parse.y patch from and ok deraadt@
|
#
1.15 |
|
14-Nov-2014 |
doug |
Add gcc printf format attributes to yyerror() in parse.y files. No yyerror() calls needed to be changed.
ok bluhm@
|
#
1.14 |
|
03-Nov-2014 |
bluhm |
Convert the logic in yyerror(). Instead of creating a temporary format string, create a temporary message. OK claudio@
|
#
1.13 |
|
21-Sep-2014 |
daniel |
eliminate the use of a gcc C extension (conditionals with omitted operands).
ok deraadt@
|
Revision tags: OPENBSD_5_5_BASE OPENBSD_5_6_BASE
|
#
1.12 |
|
22-Jan-2014 |
henning |
relax the cfg file secrecy check slightly to allow group readability default permissions and mtree NOT changed. prodded by benno, ok phessler benno jmatthew theo pelikan florian
|
#
1.11 |
|
25-Nov-2013 |
benno |
use u_char for buffers in yylex, for ctype calls found by millert@, ok deraadt@
|
Revision tags: OPENBSD_4_9_BASE OPENBSD_5_0_BASE OPENBSD_5_1_BASE OPENBSD_5_2_BASE OPENBSD_5_3_BASE OPENBSD_5_4_BASE
|
#
1.10 |
|
18-Oct-2010 |
sthen |
Missing ; to appease yyextract, ok martinh@
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.9 |
|
03-Aug-2010 |
henning |
fix linecount bug with comments spanning multiple lines problem reported with the obvious fix for bgpd by Sebastian Benoit <benoit-lists at fb12.de>, also PR 6432 applied to all the others by yours truly. ok theo isn't it amazing how far this parser (and more) spread?
|
#
1.8 |
|
30-Jun-2010 |
martinh |
Set a default btree cache size.
|
#
1.7 |
|
30-Jun-2010 |
martinh |
Add a global root user that is allowed to read/write entries in all local namespaces. Useful for dump/restore of all namespaces.
|
#
1.6 |
|
29-Jun-2010 |
martinh |
Add support for referrals. Referrals are configured in the config file, either in the global context or in a namespace. The latter can be used to delegate requests to different servers for specific parts of the DIT. The former is a global catch-all referral.
|
#
1.5 |
|
29-Jun-2010 |
martinh |
Rewrite the schema parser, as it's not a context-free grammar. This also brings the config parser more in line with other parse.y in the tree. The new schema parser also supports symbolic OID names.
You need to update your /etc/ldapd.conf. Schema files are no longer included with the 'include' keyword, you have to use 'schema' for that.
Moves schema-related structures to a separate include file to ease reuse.
|
#
1.4 |
|
15-Jun-2010 |
martinh |
Move around some functions to ease re-use from ldapctl.
|
#
1.3 |
|
02-Jun-2010 |
martinh |
remove c++ comments ok gilles@
|
#
1.2 |
|
31-May-2010 |
martinh |
Remove trailing whitespace and spaces before tabs.
ok gilles@
|
#
1.1 |
|
31-May-2010 |
martinh |
Initial import of ldapd, a small LDAP daemon. Work in progress.
ok deraadt@ jacekm@ gilles@ back@ henning@ blambert@
|
#
1.33 |
|
07-Sep-2018 |
miko |
replace malloc()+strlcpy() with strndup() in cmdline_symset().
"looks good" gilles@ halex@
|
#
1.32 |
|
11-Jul-2018 |
krw |
Do for most running out of memory err() what was done for most running out of memory log_warn(). i.e. ("%s", __func__) instead of manual function names and redundant verbiage about which wrapper detected the out of memory condition.
ok henning@
|
#
1.31 |
|
09-Jul-2018 |
krw |
No need to mention which memory allocation entry point failed (malloc, calloc or strdup), we just need to log that we ran out of memory in a particular function.
Recommended by florian@ and deraadt@
ok benno@ henning@ tb@
|
#
1.30 |
|
08-Jul-2018 |
krw |
Be consistent in warn() and log_warn() usage when running out of memory.
Next step, be correct *and* consistent.
ok dennis@ tb@ benno@ schwarze@
|
#
1.29 |
|
11-Jun-2018 |
denis |
Fix an off-by-one line count when using include statements.
Thanks to otto@ for the initial diff.
OK benno@
|
#
1.28 |
|
18-May-2018 |
reyk |
Add support for attribute filter rules on search/read operations.
OK jmatthew@
|
#
1.27 |
|
14-May-2018 |
reyk |
Add support to filter on attributes.
This can be used to allow users to change their password (and a few other things) but not their entire dn. For example:
allow read access to any by self allow write access to any attribute userPassword by self
This is currently only supported for "write" (modify, add, delete) and not "read" (search) filter rules.
OK jmatthew@
|
#
1.26 |
|
26-Apr-2018 |
krw |
Plug leak in error case of the common 'varset' implementations.
ok benno@
|
Revision tags: OPENBSD_6_2_BASE OPENBSD_6_3_BASE
|
#
1.25 |
|
28-Aug-2017 |
florian |
65535 is a valid port to listen on. Off-by-one pointed out by and diff from Kris Katterjohn katterjohn AT gmail, thanks! chris@ pointed out that more than httpd(8) is effected. OK gilles@
|
#
1.24 |
|
06-Apr-2017 |
gsoares |
use memset() instead of bzero() OK jmatthew
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.23 |
|
20-Jan-2017 |
benno |
work on making log.c similar in all daemons:
move daemon-local functions into new logmsg.c, and reduce the (mostly whitespace) differences so that log.c's can be diffed easily.
ok krw@ jmatthew@
|
#
1.22 |
|
05-Jan-2017 |
krw |
Replace hand-rolled for(;;) emptying of 'symhead' TAILQ with more modern TAILQ_FOREACH_SAFE().
No intentional functional change.
ok millert@ bluhm@ gilles@
|
#
1.21 |
|
05-Jan-2017 |
krw |
Replace symset()'s hand-rolled for(;;) traversal of 'symhead' TAILQ with more modern TAILQ_FOREACH(). This what symget() was already doing.
Add paranoia '{}' around body of symget()'s TAILQ_FOREACH().
No intentional functional change.
ok bluhm@ otto@
|
#
1.20 |
|
30-Nov-2016 |
mestre |
Check return value of tls_config_set_protocols(3) and bail out in case of failure
Feedback and OK jsing@
|
Revision tags: OPENBSD_6_0_BASE
|
#
1.19 |
|
13-Jul-2016 |
jsing |
Adjust existing tls_config_set_cipher() callers for TLS cipher group changes - map the previous configuration to the equivalent in the new groups. This will be revisited post release.
Discussed with beck@
|
#
1.18 |
|
21-Jun-2016 |
benno |
do not allow whitespace in macro names, i.e. "this is" = "a variable". change this in all config parsers in our tree that support macros. problem reported by sven falempin.
feedback from henning@, stsp@, deraadt@ ok florian@ mikeb@
|
#
1.17 |
|
01-May-2016 |
jmatthew |
convert ldapd to use the libtls api, bringing in a copy of the evbuffer_tls code from syslogd.
ok beck@ benno@
|
Revision tags: OPENBSD_5_7_BASE OPENBSD_5_8_BASE OPENBSD_5_9_BASE
|
#
1.16 |
|
20-Nov-2014 |
jsg |
Don't allow embedded nul characters in strings. Fixes a pfctl crash with an anchor name containing an embedded nul found with the afl fuzzer.
pfctl parse.y patch from and ok deraadt@
|
#
1.15 |
|
14-Nov-2014 |
doug |
Add gcc printf format attributes to yyerror() in parse.y files. No yyerror() calls needed to be changed.
ok bluhm@
|
#
1.14 |
|
03-Nov-2014 |
bluhm |
Convert the logic in yyerror(). Instead of creating a temporary format string, create a temporary message. OK claudio@
|
#
1.13 |
|
21-Sep-2014 |
daniel |
eliminate the use of a gcc C extension (conditionals with omitted operands).
ok deraadt@
|
Revision tags: OPENBSD_5_5_BASE OPENBSD_5_6_BASE
|
#
1.12 |
|
22-Jan-2014 |
henning |
relax the cfg file secrecy check slightly to allow group readability default permissions and mtree NOT changed. prodded by benno, ok phessler benno jmatthew theo pelikan florian
|
#
1.11 |
|
25-Nov-2013 |
benno |
use u_char for buffers in yylex, for ctype calls found by millert@, ok deraadt@
|
Revision tags: OPENBSD_4_9_BASE OPENBSD_5_0_BASE OPENBSD_5_1_BASE OPENBSD_5_2_BASE OPENBSD_5_3_BASE OPENBSD_5_4_BASE
|
#
1.10 |
|
18-Oct-2010 |
sthen |
Missing ; to appease yyextract, ok martinh@
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.9 |
|
03-Aug-2010 |
henning |
fix linecount bug with comments spanning multiple lines problem reported with the obvious fix for bgpd by Sebastian Benoit <benoit-lists at fb12.de>, also PR 6432 applied to all the others by yours truly. ok theo isn't it amazing how far this parser (and more) spread?
|
#
1.8 |
|
30-Jun-2010 |
martinh |
Set a default btree cache size.
|
#
1.7 |
|
30-Jun-2010 |
martinh |
Add a global root user that is allowed to read/write entries in all local namespaces. Useful for dump/restore of all namespaces.
|
#
1.6 |
|
29-Jun-2010 |
martinh |
Add support for referrals. Referrals are configured in the config file, either in the global context or in a namespace. The latter can be used to delegate requests to different servers for specific parts of the DIT. The former is a global catch-all referral.
|
#
1.5 |
|
29-Jun-2010 |
martinh |
Rewrite the schema parser, as it's not a context-free grammar. This also brings the config parser more in line with other parse.y in the tree. The new schema parser also supports symbolic OID names.
You need to update your /etc/ldapd.conf. Schema files are no longer included with the 'include' keyword, you have to use 'schema' for that.
Moves schema-related structures to a separate include file to ease reuse.
|
#
1.4 |
|
15-Jun-2010 |
martinh |
Move around some functions to ease re-use from ldapctl.
|
#
1.3 |
|
02-Jun-2010 |
martinh |
remove c++ comments ok gilles@
|
#
1.2 |
|
31-May-2010 |
martinh |
Remove trailing whitespace and spaces before tabs.
ok gilles@
|
#
1.1 |
|
31-May-2010 |
martinh |
Initial import of ldapd, a small LDAP daemon. Work in progress.
ok deraadt@ jacekm@ gilles@ back@ henning@ blambert@
|
#
1.32 |
|
11-Jul-2018 |
krw |
Do for most running out of memory err() what was done for most running out of memory log_warn(). i.e. ("%s", __func__) instead of manual function names and redundant verbiage about which wrapper detected the out of memory condition.
ok henning@
|
#
1.31 |
|
09-Jul-2018 |
krw |
No need to mention which memory allocation entry point failed (malloc, calloc or strdup), we just need to log that we ran out of memory in a particular function.
Recommended by florian@ and deraadt@
ok benno@ henning@ tb@
|
#
1.30 |
|
08-Jul-2018 |
krw |
Be consistent in warn() and log_warn() usage when running out of memory.
Next step, be correct *and* consistent.
ok dennis@ tb@ benno@ schwarze@
|
#
1.29 |
|
11-Jun-2018 |
denis |
Fix an off-by-one line count when using include statements.
Thanks to otto@ for the initial diff.
OK benno@
|
#
1.28 |
|
18-May-2018 |
reyk |
Add support for attribute filter rules on search/read operations.
OK jmatthew@
|
#
1.27 |
|
14-May-2018 |
reyk |
Add support to filter on attributes.
This can be used to allow users to change their password (and a few other things) but not their entire dn. For example:
allow read access to any by self allow write access to any attribute userPassword by self
This is currently only supported for "write" (modify, add, delete) and not "read" (search) filter rules.
OK jmatthew@
|
#
1.26 |
|
26-Apr-2018 |
krw |
Plug leak in error case of the common 'varset' implementations.
ok benno@
|
Revision tags: OPENBSD_6_2_BASE OPENBSD_6_3_BASE
|
#
1.25 |
|
28-Aug-2017 |
florian |
65535 is a valid port to listen on. Off-by-one pointed out by and diff from Kris Katterjohn katterjohn AT gmail, thanks! chris@ pointed out that more than httpd(8) is effected. OK gilles@
|
#
1.24 |
|
06-Apr-2017 |
gsoares |
use memset() instead of bzero() OK jmatthew
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.23 |
|
20-Jan-2017 |
benno |
work on making log.c similar in all daemons:
move daemon-local functions into new logmsg.c, and reduce the (mostly whitespace) differences so that log.c's can be diffed easily.
ok krw@ jmatthew@
|
#
1.22 |
|
05-Jan-2017 |
krw |
Replace hand-rolled for(;;) emptying of 'symhead' TAILQ with more modern TAILQ_FOREACH_SAFE().
No intentional functional change.
ok millert@ bluhm@ gilles@
|
#
1.21 |
|
05-Jan-2017 |
krw |
Replace symset()'s hand-rolled for(;;) traversal of 'symhead' TAILQ with more modern TAILQ_FOREACH(). This what symget() was already doing.
Add paranoia '{}' around body of symget()'s TAILQ_FOREACH().
No intentional functional change.
ok bluhm@ otto@
|
#
1.20 |
|
30-Nov-2016 |
mestre |
Check return value of tls_config_set_protocols(3) and bail out in case of failure
Feedback and OK jsing@
|
Revision tags: OPENBSD_6_0_BASE
|
#
1.19 |
|
13-Jul-2016 |
jsing |
Adjust existing tls_config_set_cipher() callers for TLS cipher group changes - map the previous configuration to the equivalent in the new groups. This will be revisited post release.
Discussed with beck@
|
#
1.18 |
|
21-Jun-2016 |
benno |
do not allow whitespace in macro names, i.e. "this is" = "a variable". change this in all config parsers in our tree that support macros. problem reported by sven falempin.
feedback from henning@, stsp@, deraadt@ ok florian@ mikeb@
|
#
1.17 |
|
01-May-2016 |
jmatthew |
convert ldapd to use the libtls api, bringing in a copy of the evbuffer_tls code from syslogd.
ok beck@ benno@
|
Revision tags: OPENBSD_5_7_BASE OPENBSD_5_8_BASE OPENBSD_5_9_BASE
|
#
1.16 |
|
20-Nov-2014 |
jsg |
Don't allow embedded nul characters in strings. Fixes a pfctl crash with an anchor name containing an embedded nul found with the afl fuzzer.
pfctl parse.y patch from and ok deraadt@
|
#
1.15 |
|
14-Nov-2014 |
doug |
Add gcc printf format attributes to yyerror() in parse.y files. No yyerror() calls needed to be changed.
ok bluhm@
|
#
1.14 |
|
03-Nov-2014 |
bluhm |
Convert the logic in yyerror(). Instead of creating a temporary format string, create a temporary message. OK claudio@
|
#
1.13 |
|
21-Sep-2014 |
daniel |
eliminate the use of a gcc C extension (conditionals with omitted operands).
ok deraadt@
|
Revision tags: OPENBSD_5_5_BASE OPENBSD_5_6_BASE
|
#
1.12 |
|
22-Jan-2014 |
henning |
relax the cfg file secrecy check slightly to allow group readability default permissions and mtree NOT changed. prodded by benno, ok phessler benno jmatthew theo pelikan florian
|
#
1.11 |
|
25-Nov-2013 |
benno |
use u_char for buffers in yylex, for ctype calls found by millert@, ok deraadt@
|
Revision tags: OPENBSD_4_9_BASE OPENBSD_5_0_BASE OPENBSD_5_1_BASE OPENBSD_5_2_BASE OPENBSD_5_3_BASE OPENBSD_5_4_BASE
|
#
1.10 |
|
18-Oct-2010 |
sthen |
Missing ; to appease yyextract, ok martinh@
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.9 |
|
03-Aug-2010 |
henning |
fix linecount bug with comments spanning multiple lines problem reported with the obvious fix for bgpd by Sebastian Benoit <benoit-lists at fb12.de>, also PR 6432 applied to all the others by yours truly. ok theo isn't it amazing how far this parser (and more) spread?
|
#
1.8 |
|
30-Jun-2010 |
martinh |
Set a default btree cache size.
|
#
1.7 |
|
30-Jun-2010 |
martinh |
Add a global root user that is allowed to read/write entries in all local namespaces. Useful for dump/restore of all namespaces.
|
#
1.6 |
|
29-Jun-2010 |
martinh |
Add support for referrals. Referrals are configured in the config file, either in the global context or in a namespace. The latter can be used to delegate requests to different servers for specific parts of the DIT. The former is a global catch-all referral.
|
#
1.5 |
|
29-Jun-2010 |
martinh |
Rewrite the schema parser, as it's not a context-free grammar. This also brings the config parser more in line with other parse.y in the tree. The new schema parser also supports symbolic OID names.
You need to update your /etc/ldapd.conf. Schema files are no longer included with the 'include' keyword, you have to use 'schema' for that.
Moves schema-related structures to a separate include file to ease reuse.
|
#
1.4 |
|
15-Jun-2010 |
martinh |
Move around some functions to ease re-use from ldapctl.
|
#
1.3 |
|
02-Jun-2010 |
martinh |
remove c++ comments ok gilles@
|
#
1.2 |
|
31-May-2010 |
martinh |
Remove trailing whitespace and spaces before tabs.
ok gilles@
|
#
1.1 |
|
31-May-2010 |
martinh |
Initial import of ldapd, a small LDAP daemon. Work in progress.
ok deraadt@ jacekm@ gilles@ back@ henning@ blambert@
|
#
1.29 |
|
11-Jun-2018 |
denis |
Fix an off-by-one line count when using include statements.
Thanks to otto@ for the initial diff.
OK benno@
|
#
1.28 |
|
18-May-2018 |
reyk |
Add support for attribute filter rules on search/read operations.
OK jmatthew@
|
#
1.27 |
|
14-May-2018 |
reyk |
Add support to filter on attributes.
This can be used to allow users to change their password (and a few other things) but not their entire dn. For example:
allow read access to any by self allow write access to any attribute userPassword by self
This is currently only supported for "write" (modify, add, delete) and not "read" (search) filter rules.
OK jmatthew@
|
#
1.26 |
|
26-Apr-2018 |
krw |
Plug leak in error case of the common 'varset' implementations.
ok benno@
|
Revision tags: OPENBSD_6_2_BASE OPENBSD_6_3_BASE
|
#
1.25 |
|
28-Aug-2017 |
florian |
65535 is a valid port to listen on. Off-by-one pointed out by and diff from Kris Katterjohn katterjohn AT gmail, thanks! chris@ pointed out that more than httpd(8) is effected. OK gilles@
|
#
1.24 |
|
06-Apr-2017 |
gsoares |
use memset() instead of bzero() OK jmatthew
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.23 |
|
20-Jan-2017 |
benno |
work on making log.c similar in all daemons:
move daemon-local functions into new logmsg.c, and reduce the (mostly whitespace) differences so that log.c's can be diffed easily.
ok krw@ jmatthew@
|
#
1.22 |
|
05-Jan-2017 |
krw |
Replace hand-rolled for(;;) emptying of 'symhead' TAILQ with more modern TAILQ_FOREACH_SAFE().
No intentional functional change.
ok millert@ bluhm@ gilles@
|
#
1.21 |
|
05-Jan-2017 |
krw |
Replace symset()'s hand-rolled for(;;) traversal of 'symhead' TAILQ with more modern TAILQ_FOREACH(). This what symget() was already doing.
Add paranoia '{}' around body of symget()'s TAILQ_FOREACH().
No intentional functional change.
ok bluhm@ otto@
|
#
1.20 |
|
30-Nov-2016 |
mestre |
Check return value of tls_config_set_protocols(3) and bail out in case of failure
Feedback and OK jsing@
|
Revision tags: OPENBSD_6_0_BASE
|
#
1.19 |
|
13-Jul-2016 |
jsing |
Adjust existing tls_config_set_cipher() callers for TLS cipher group changes - map the previous configuration to the equivalent in the new groups. This will be revisited post release.
Discussed with beck@
|
#
1.18 |
|
21-Jun-2016 |
benno |
do not allow whitespace in macro names, i.e. "this is" = "a variable". change this in all config parsers in our tree that support macros. problem reported by sven falempin.
feedback from henning@, stsp@, deraadt@ ok florian@ mikeb@
|
#
1.17 |
|
01-May-2016 |
jmatthew |
convert ldapd to use the libtls api, bringing in a copy of the evbuffer_tls code from syslogd.
ok beck@ benno@
|
Revision tags: OPENBSD_5_7_BASE OPENBSD_5_8_BASE OPENBSD_5_9_BASE
|
#
1.16 |
|
20-Nov-2014 |
jsg |
Don't allow embedded nul characters in strings. Fixes a pfctl crash with an anchor name containing an embedded nul found with the afl fuzzer.
pfctl parse.y patch from and ok deraadt@
|
#
1.15 |
|
14-Nov-2014 |
doug |
Add gcc printf format attributes to yyerror() in parse.y files. No yyerror() calls needed to be changed.
ok bluhm@
|
#
1.14 |
|
03-Nov-2014 |
bluhm |
Convert the logic in yyerror(). Instead of creating a temporary format string, create a temporary message. OK claudio@
|
#
1.13 |
|
21-Sep-2014 |
daniel |
eliminate the use of a gcc C extension (conditionals with omitted operands).
ok deraadt@
|
Revision tags: OPENBSD_5_5_BASE OPENBSD_5_6_BASE
|
#
1.12 |
|
22-Jan-2014 |
henning |
relax the cfg file secrecy check slightly to allow group readability default permissions and mtree NOT changed. prodded by benno, ok phessler benno jmatthew theo pelikan florian
|
#
1.11 |
|
25-Nov-2013 |
benno |
use u_char for buffers in yylex, for ctype calls found by millert@, ok deraadt@
|
Revision tags: OPENBSD_4_9_BASE OPENBSD_5_0_BASE OPENBSD_5_1_BASE OPENBSD_5_2_BASE OPENBSD_5_3_BASE OPENBSD_5_4_BASE
|
#
1.10 |
|
18-Oct-2010 |
sthen |
Missing ; to appease yyextract, ok martinh@
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.9 |
|
03-Aug-2010 |
henning |
fix linecount bug with comments spanning multiple lines problem reported with the obvious fix for bgpd by Sebastian Benoit <benoit-lists at fb12.de>, also PR 6432 applied to all the others by yours truly. ok theo isn't it amazing how far this parser (and more) spread?
|
#
1.8 |
|
30-Jun-2010 |
martinh |
Set a default btree cache size.
|
#
1.7 |
|
30-Jun-2010 |
martinh |
Add a global root user that is allowed to read/write entries in all local namespaces. Useful for dump/restore of all namespaces.
|
#
1.6 |
|
29-Jun-2010 |
martinh |
Add support for referrals. Referrals are configured in the config file, either in the global context or in a namespace. The latter can be used to delegate requests to different servers for specific parts of the DIT. The former is a global catch-all referral.
|
#
1.5 |
|
29-Jun-2010 |
martinh |
Rewrite the schema parser, as it's not a context-free grammar. This also brings the config parser more in line with other parse.y in the tree. The new schema parser also supports symbolic OID names.
You need to update your /etc/ldapd.conf. Schema files are no longer included with the 'include' keyword, you have to use 'schema' for that.
Moves schema-related structures to a separate include file to ease reuse.
|
#
1.4 |
|
15-Jun-2010 |
martinh |
Move around some functions to ease re-use from ldapctl.
|
#
1.3 |
|
02-Jun-2010 |
martinh |
remove c++ comments ok gilles@
|
#
1.2 |
|
31-May-2010 |
martinh |
Remove trailing whitespace and spaces before tabs.
ok gilles@
|
#
1.1 |
|
31-May-2010 |
martinh |
Initial import of ldapd, a small LDAP daemon. Work in progress.
ok deraadt@ jacekm@ gilles@ back@ henning@ blambert@
|
#
1.26 |
|
26-Apr-2018 |
krw |
Plug leak in error case of the common 'varset' implementations.
ok benno@
|
Revision tags: OPENBSD_6_2_BASE OPENBSD_6_3_BASE
|
#
1.25 |
|
28-Aug-2017 |
florian |
65535 is a valid port to listen on. Off-by-one pointed out by and diff from Kris Katterjohn katterjohn AT gmail, thanks! chris@ pointed out that more than httpd(8) is effected. OK gilles@
|
#
1.24 |
|
06-Apr-2017 |
gsoares |
use memset() instead of bzero() OK jmatthew
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.23 |
|
20-Jan-2017 |
benno |
work on making log.c similar in all daemons:
move daemon-local functions into new logmsg.c, and reduce the (mostly whitespace) differences so that log.c's can be diffed easily.
ok krw@ jmatthew@
|
#
1.22 |
|
05-Jan-2017 |
krw |
Replace hand-rolled for(;;) emptying of 'symhead' TAILQ with more modern TAILQ_FOREACH_SAFE().
No intentional functional change.
ok millert@ bluhm@ gilles@
|
#
1.21 |
|
05-Jan-2017 |
krw |
Replace symset()'s hand-rolled for(;;) traversal of 'symhead' TAILQ with more modern TAILQ_FOREACH(). This what symget() was already doing.
Add paranoia '{}' around body of symget()'s TAILQ_FOREACH().
No intentional functional change.
ok bluhm@ otto@
|
#
1.20 |
|
30-Nov-2016 |
mestre |
Check return value of tls_config_set_protocols(3) and bail out in case of failure
Feedback and OK jsing@
|
Revision tags: OPENBSD_6_0_BASE
|
#
1.19 |
|
13-Jul-2016 |
jsing |
Adjust existing tls_config_set_cipher() callers for TLS cipher group changes - map the previous configuration to the equivalent in the new groups. This will be revisited post release.
Discussed with beck@
|
#
1.18 |
|
21-Jun-2016 |
benno |
do not allow whitespace in macro names, i.e. "this is" = "a variable". change this in all config parsers in our tree that support macros. problem reported by sven falempin.
feedback from henning@, stsp@, deraadt@ ok florian@ mikeb@
|
#
1.17 |
|
01-May-2016 |
jmatthew |
convert ldapd to use the libtls api, bringing in a copy of the evbuffer_tls code from syslogd.
ok beck@ benno@
|
Revision tags: OPENBSD_5_7_BASE OPENBSD_5_8_BASE OPENBSD_5_9_BASE
|
#
1.16 |
|
20-Nov-2014 |
jsg |
Don't allow embedded nul characters in strings. Fixes a pfctl crash with an anchor name containing an embedded nul found with the afl fuzzer.
pfctl parse.y patch from and ok deraadt@
|
#
1.15 |
|
14-Nov-2014 |
doug |
Add gcc printf format attributes to yyerror() in parse.y files. No yyerror() calls needed to be changed.
ok bluhm@
|
#
1.14 |
|
03-Nov-2014 |
bluhm |
Convert the logic in yyerror(). Instead of creating a temporary format string, create a temporary message. OK claudio@
|
#
1.13 |
|
21-Sep-2014 |
daniel |
eliminate the use of a gcc C extension (conditionals with omitted operands).
ok deraadt@
|
Revision tags: OPENBSD_5_5_BASE OPENBSD_5_6_BASE
|
#
1.12 |
|
22-Jan-2014 |
henning |
relax the cfg file secrecy check slightly to allow group readability default permissions and mtree NOT changed. prodded by benno, ok phessler benno jmatthew theo pelikan florian
|
#
1.11 |
|
25-Nov-2013 |
benno |
use u_char for buffers in yylex, for ctype calls found by millert@, ok deraadt@
|
Revision tags: OPENBSD_4_9_BASE OPENBSD_5_0_BASE OPENBSD_5_1_BASE OPENBSD_5_2_BASE OPENBSD_5_3_BASE OPENBSD_5_4_BASE
|
#
1.10 |
|
18-Oct-2010 |
sthen |
Missing ; to appease yyextract, ok martinh@
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.9 |
|
03-Aug-2010 |
henning |
fix linecount bug with comments spanning multiple lines problem reported with the obvious fix for bgpd by Sebastian Benoit <benoit-lists at fb12.de>, also PR 6432 applied to all the others by yours truly. ok theo isn't it amazing how far this parser (and more) spread?
|
#
1.8 |
|
30-Jun-2010 |
martinh |
Set a default btree cache size.
|
#
1.7 |
|
30-Jun-2010 |
martinh |
Add a global root user that is allowed to read/write entries in all local namespaces. Useful for dump/restore of all namespaces.
|
#
1.6 |
|
29-Jun-2010 |
martinh |
Add support for referrals. Referrals are configured in the config file, either in the global context or in a namespace. The latter can be used to delegate requests to different servers for specific parts of the DIT. The former is a global catch-all referral.
|
#
1.5 |
|
29-Jun-2010 |
martinh |
Rewrite the schema parser, as it's not a context-free grammar. This also brings the config parser more in line with other parse.y in the tree. The new schema parser also supports symbolic OID names.
You need to update your /etc/ldapd.conf. Schema files are no longer included with the 'include' keyword, you have to use 'schema' for that.
Moves schema-related structures to a separate include file to ease reuse.
|
#
1.4 |
|
15-Jun-2010 |
martinh |
Move around some functions to ease re-use from ldapctl.
|
#
1.3 |
|
02-Jun-2010 |
martinh |
remove c++ comments ok gilles@
|
#
1.2 |
|
31-May-2010 |
martinh |
Remove trailing whitespace and spaces before tabs.
ok gilles@
|
#
1.1 |
|
31-May-2010 |
martinh |
Initial import of ldapd, a small LDAP daemon. Work in progress.
ok deraadt@ jacekm@ gilles@ back@ henning@ blambert@
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.25 |
|
28-Aug-2017 |
florian |
65535 is a valid port to listen on. Off-by-one pointed out by and diff from Kris Katterjohn katterjohn AT gmail, thanks! chris@ pointed out that more than httpd(8) is effected. OK gilles@
|
#
1.24 |
|
06-Apr-2017 |
gsoares |
use memset() instead of bzero() OK jmatthew
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.23 |
|
20-Jan-2017 |
benno |
work on making log.c similar in all daemons:
move daemon-local functions into new logmsg.c, and reduce the (mostly whitespace) differences so that log.c's can be diffed easily.
ok krw@ jmatthew@
|
#
1.22 |
|
05-Jan-2017 |
krw |
Replace hand-rolled for(;;) emptying of 'symhead' TAILQ with more modern TAILQ_FOREACH_SAFE().
No intentional functional change.
ok millert@ bluhm@ gilles@
|
#
1.21 |
|
05-Jan-2017 |
krw |
Replace symset()'s hand-rolled for(;;) traversal of 'symhead' TAILQ with more modern TAILQ_FOREACH(). This what symget() was already doing.
Add paranoia '{}' around body of symget()'s TAILQ_FOREACH().
No intentional functional change.
ok bluhm@ otto@
|
#
1.20 |
|
30-Nov-2016 |
mestre |
Check return value of tls_config_set_protocols(3) and bail out in case of failure
Feedback and OK jsing@
|
Revision tags: OPENBSD_6_0_BASE
|
#
1.19 |
|
13-Jul-2016 |
jsing |
Adjust existing tls_config_set_cipher() callers for TLS cipher group changes - map the previous configuration to the equivalent in the new groups. This will be revisited post release.
Discussed with beck@
|
#
1.18 |
|
21-Jun-2016 |
benno |
do not allow whitespace in macro names, i.e. "this is" = "a variable". change this in all config parsers in our tree that support macros. problem reported by sven falempin.
feedback from henning@, stsp@, deraadt@ ok florian@ mikeb@
|
#
1.17 |
|
01-May-2016 |
jmatthew |
convert ldapd to use the libtls api, bringing in a copy of the evbuffer_tls code from syslogd.
ok beck@ benno@
|
Revision tags: OPENBSD_5_7_BASE OPENBSD_5_8_BASE OPENBSD_5_9_BASE
|
#
1.16 |
|
20-Nov-2014 |
jsg |
Don't allow embedded nul characters in strings. Fixes a pfctl crash with an anchor name containing an embedded nul found with the afl fuzzer.
pfctl parse.y patch from and ok deraadt@
|
#
1.15 |
|
14-Nov-2014 |
doug |
Add gcc printf format attributes to yyerror() in parse.y files. No yyerror() calls needed to be changed.
ok bluhm@
|
#
1.14 |
|
03-Nov-2014 |
bluhm |
Convert the logic in yyerror(). Instead of creating a temporary format string, create a temporary message. OK claudio@
|
#
1.13 |
|
21-Sep-2014 |
daniel |
eliminate the use of a gcc C extension (conditionals with omitted operands).
ok deraadt@
|
Revision tags: OPENBSD_5_5_BASE OPENBSD_5_6_BASE
|
#
1.12 |
|
22-Jan-2014 |
henning |
relax the cfg file secrecy check slightly to allow group readability default permissions and mtree NOT changed. prodded by benno, ok phessler benno jmatthew theo pelikan florian
|
#
1.11 |
|
25-Nov-2013 |
benno |
use u_char for buffers in yylex, for ctype calls found by millert@, ok deraadt@
|
Revision tags: OPENBSD_4_9_BASE OPENBSD_5_0_BASE OPENBSD_5_1_BASE OPENBSD_5_2_BASE OPENBSD_5_3_BASE OPENBSD_5_4_BASE
|
#
1.10 |
|
18-Oct-2010 |
sthen |
Missing ; to appease yyextract, ok martinh@
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.9 |
|
03-Aug-2010 |
henning |
fix linecount bug with comments spanning multiple lines problem reported with the obvious fix for bgpd by Sebastian Benoit <benoit-lists at fb12.de>, also PR 6432 applied to all the others by yours truly. ok theo isn't it amazing how far this parser (and more) spread?
|
#
1.8 |
|
30-Jun-2010 |
martinh |
Set a default btree cache size.
|
#
1.7 |
|
30-Jun-2010 |
martinh |
Add a global root user that is allowed to read/write entries in all local namespaces. Useful for dump/restore of all namespaces.
|
#
1.6 |
|
29-Jun-2010 |
martinh |
Add support for referrals. Referrals are configured in the config file, either in the global context or in a namespace. The latter can be used to delegate requests to different servers for specific parts of the DIT. The former is a global catch-all referral.
|
#
1.5 |
|
29-Jun-2010 |
martinh |
Rewrite the schema parser, as it's not a context-free grammar. This also brings the config parser more in line with other parse.y in the tree. The new schema parser also supports symbolic OID names.
You need to update your /etc/ldapd.conf. Schema files are no longer included with the 'include' keyword, you have to use 'schema' for that.
Moves schema-related structures to a separate include file to ease reuse.
|
#
1.4 |
|
15-Jun-2010 |
martinh |
Move around some functions to ease re-use from ldapctl.
|
#
1.3 |
|
02-Jun-2010 |
martinh |
remove c++ comments ok gilles@
|
#
1.2 |
|
31-May-2010 |
martinh |
Remove trailing whitespace and spaces before tabs.
ok gilles@
|
#
1.1 |
|
31-May-2010 |
martinh |
Initial import of ldapd, a small LDAP daemon. Work in progress.
ok deraadt@ jacekm@ gilles@ back@ henning@ blambert@
|