#
1.26 |
|
28-Jan-2020 |
bket |
usr.sbin/ldapd: replace TAILQ concatenation loop with TAILQ_CONCAT
OK florian@
|
#
1.25 |
|
24-Oct-2019 |
tb |
The ber_* namespace is used by liblber since time immemorial, so move our BER API to the unused ober_* prefix to avoid some breakage in ports.
Problem diagnosed by jmatthew with ber_free() in samba, but there are many others as pointed out by sthen.
tests & ok rob ok sthen (who had an almost identical diff for libutil) "go head hit it" deraadt
|
Revision tags: OPENBSD_6_5_BASE OPENBSD_6_6_BASE
|
#
1.24 |
|
05-Dec-2018 |
claudio |
branches: 1.24.4; key.data is a void *, on gcc archs doing a %s printf with such a pointer results in a warning. Use either the original string value or use a cast. This makes both clang and gcc happy. OK guenther@
|
Revision tags: OPENBSD_6_4_BASE
|
#
1.23 |
|
31-Jul-2018 |
claudio |
Make ber type and encoding a unsigned int instead of unsigned long. This way the size is the same on all archs and 32bit should be good enough. OK rob@
|
#
1.22 |
|
18-May-2018 |
reyk |
Add support for attribute filter rules on search/read operations.
OK jmatthew@
|
#
1.21 |
|
16-May-2018 |
reyk |
Fix the client search request time and size limits.
ldapd failed when the specified limits were reached instead of exceeded. This fixes search queries that define such a limit, for example with "ldapsearch -z 1".
Thanks to Christophe Simon for the bug report, analysis, and fix!
OK jmatthew@
|
#
1.20 |
|
15-May-2018 |
reyk |
Fix format string errors in log messages and update ldapd to use relayd's log.c
OK benno@ jmatthew@
|
#
1.19 |
|
14-May-2018 |
reyk |
Add support to filter on attributes.
This can be used to allow users to change their password (and a few other things) but not their entire dn. For example:
allow read access to any by self allow write access to any attribute userPassword by self
This is currently only supported for "write" (modify, add, delete) and not "read" (search) filter rules.
OK jmatthew@
|
Revision tags: OPENBSD_6_1_BASE OPENBSD_6_2_BASE OPENBSD_6_3_BASE
|
#
1.18 |
|
20-Jan-2017 |
benno |
work on making log.c similar in all daemons:
move daemon-local functions into new logmsg.c, and reduce the (mostly whitespace) differences so that log.c's can be diffed easily.
ok krw@ jmatthew@
|
Revision tags: OPENBSD_5_9_BASE OPENBSD_6_0_BASE
|
#
1.17 |
|
24-Dec-2015 |
mmcc |
bzero -> memset. No binary change.
|
#
1.16 |
|
24-Dec-2015 |
mmcc |
use strndup instead of malloc/strncpy/nul
ok krw@
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.15 |
|
03-Jun-2015 |
millert |
Do not assume that asprintf() clears the pointer on failure, which is non-portable. Also add missing asprintf() return value checks. OK deraadt@ guenther@ doug@
|
Revision tags: OPENBSD_4_9_BASE OPENBSD_5_0_BASE OPENBSD_5_1_BASE OPENBSD_5_2_BASE OPENBSD_5_3_BASE OPENBSD_5_4_BASE OPENBSD_5_5_BASE OPENBSD_5_6_BASE OPENBSD_5_7_BASE
|
#
1.14 |
|
10-Nov-2010 |
martinh |
Make -dvv flags produce debug traces of decoded BER messages on stderr. Also shows a hexdump of the input buffer if BER decoding fails. Useful when debugging protocol issues.
|
#
1.13 |
|
05-Nov-2010 |
martinh |
If the base DN in a search request doesn't exist, return early.
|
#
1.12 |
|
04-Nov-2010 |
martinh |
Publish matching rules in the cn=schema subentry as the matchingRules attribute. This is an operational attribute and only returned if explicitly asked for. Required by RFC 4517.
|
#
1.11 |
|
03-Nov-2010 |
martinh |
Evaluate filters according to the three-valued logic of X.511, as required by RFC 4511. A filter term can now be evaluated as undefined if the attribute description is not recognized, the attribute type doesn't define the appropriate matching rule, or the filtering is not implemented.
This also implements the NOT filter in the query planner.
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.10 |
|
02-Jul-2010 |
martinh |
Dump parsed schema to buffer and send in requests for the cn=schema subschema namespace. Only do this if 'objectClasses' and 'attributeTypes' are expicitly requested. This allows clients to for example present custom editing forms.
|
#
1.9 |
|
01-Jul-2010 |
martinh |
Remove dead assignments. Found by clang static analyzer.
|
#
1.8 |
|
29-Jun-2010 |
martinh |
Add support for referrals. Referrals are configured in the config file, either in the global context or in a namespace. The latter can be used to delegate requests to different servers for specific parts of the DIT. The former is a global catch-all referral.
|
#
1.7 |
|
29-Jun-2010 |
martinh |
Rewrite the schema parser, as it's not a context-free grammar. This also brings the config parser more in line with other parse.y in the tree. The new schema parser also supports symbolic OID names.
You need to update your /etc/ldapd.conf. Schema files are no longer included with the 'include' keyword, you have to use 'schema' for that.
Moves schema-related structures to a separate include file to ease reuse.
|
#
1.6 |
|
23-Jun-2010 |
martinh |
Set errno to appropriate values when returning failure in btree. Make btree functions only return success or failure (-1 or NULL). Update callers to check errno.
|
#
1.5 |
|
15-Jun-2010 |
martinh |
Make modify and simple auth requests open their own transactions, as search already does. Trigger a reopen imsg request if either the data or index databases are compacted. Queue the failed request and try again when the file is reopened.
Compaction can now be done by a separate process, and ldapd will pick up the change and reopen the file.
|
#
1.4 |
|
11-Jun-2010 |
martinh |
Wrap searches in a read-only transaction so it is guaranteed to see a consistent snapshot of the database.
Also fixes a couple of format string errors for long long ints.
|
#
1.3 |
|
03-Jun-2010 |
martinh |
Fix compilation on gcc2. Check a return value from malloc while at it.
"that compiles!" deraadt@
|
#
1.2 |
|
31-May-2010 |
martinh |
Remove trailing whitespace and spaces before tabs.
ok gilles@
|
#
1.1 |
|
31-May-2010 |
martinh |
Initial import of ldapd, a small LDAP daemon. Work in progress.
ok deraadt@ jacekm@ gilles@ back@ henning@ blambert@
|
#
1.25 |
|
24-Oct-2019 |
tb |
The ber_* namespace is used by liblber since time immemorial, so move our BER API to the unused ober_* prefix to avoid some breakage in ports.
Problem diagnosed by jmatthew with ber_free() in samba, but there are many others as pointed out by sthen.
tests & ok rob ok sthen (who had an almost identical diff for libutil) "go head hit it" deraadt
|
Revision tags: OPENBSD_6_5_BASE OPENBSD_6_6_BASE
|
#
1.24 |
|
05-Dec-2018 |
claudio |
key.data is a void *, on gcc archs doing a %s printf with such a pointer results in a warning. Use either the original string value or use a cast. This makes both clang and gcc happy. OK guenther@
|
Revision tags: OPENBSD_6_4_BASE
|
#
1.23 |
|
31-Jul-2018 |
claudio |
Make ber type and encoding a unsigned int instead of unsigned long. This way the size is the same on all archs and 32bit should be good enough. OK rob@
|
#
1.22 |
|
18-May-2018 |
reyk |
Add support for attribute filter rules on search/read operations.
OK jmatthew@
|
#
1.21 |
|
16-May-2018 |
reyk |
Fix the client search request time and size limits.
ldapd failed when the specified limits were reached instead of exceeded. This fixes search queries that define such a limit, for example with "ldapsearch -z 1".
Thanks to Christophe Simon for the bug report, analysis, and fix!
OK jmatthew@
|
#
1.20 |
|
15-May-2018 |
reyk |
Fix format string errors in log messages and update ldapd to use relayd's log.c
OK benno@ jmatthew@
|
#
1.19 |
|
14-May-2018 |
reyk |
Add support to filter on attributes.
This can be used to allow users to change their password (and a few other things) but not their entire dn. For example:
allow read access to any by self allow write access to any attribute userPassword by self
This is currently only supported for "write" (modify, add, delete) and not "read" (search) filter rules.
OK jmatthew@
|
Revision tags: OPENBSD_6_1_BASE OPENBSD_6_2_BASE OPENBSD_6_3_BASE
|
#
1.18 |
|
20-Jan-2017 |
benno |
work on making log.c similar in all daemons:
move daemon-local functions into new logmsg.c, and reduce the (mostly whitespace) differences so that log.c's can be diffed easily.
ok krw@ jmatthew@
|
Revision tags: OPENBSD_5_9_BASE OPENBSD_6_0_BASE
|
#
1.17 |
|
24-Dec-2015 |
mmcc |
bzero -> memset. No binary change.
|
#
1.16 |
|
24-Dec-2015 |
mmcc |
use strndup instead of malloc/strncpy/nul
ok krw@
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.15 |
|
03-Jun-2015 |
millert |
Do not assume that asprintf() clears the pointer on failure, which is non-portable. Also add missing asprintf() return value checks. OK deraadt@ guenther@ doug@
|
Revision tags: OPENBSD_4_9_BASE OPENBSD_5_0_BASE OPENBSD_5_1_BASE OPENBSD_5_2_BASE OPENBSD_5_3_BASE OPENBSD_5_4_BASE OPENBSD_5_5_BASE OPENBSD_5_6_BASE OPENBSD_5_7_BASE
|
#
1.14 |
|
10-Nov-2010 |
martinh |
Make -dvv flags produce debug traces of decoded BER messages on stderr. Also shows a hexdump of the input buffer if BER decoding fails. Useful when debugging protocol issues.
|
#
1.13 |
|
05-Nov-2010 |
martinh |
If the base DN in a search request doesn't exist, return early.
|
#
1.12 |
|
04-Nov-2010 |
martinh |
Publish matching rules in the cn=schema subentry as the matchingRules attribute. This is an operational attribute and only returned if explicitly asked for. Required by RFC 4517.
|
#
1.11 |
|
03-Nov-2010 |
martinh |
Evaluate filters according to the three-valued logic of X.511, as required by RFC 4511. A filter term can now be evaluated as undefined if the attribute description is not recognized, the attribute type doesn't define the appropriate matching rule, or the filtering is not implemented.
This also implements the NOT filter in the query planner.
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.10 |
|
02-Jul-2010 |
martinh |
Dump parsed schema to buffer and send in requests for the cn=schema subschema namespace. Only do this if 'objectClasses' and 'attributeTypes' are expicitly requested. This allows clients to for example present custom editing forms.
|
#
1.9 |
|
01-Jul-2010 |
martinh |
Remove dead assignments. Found by clang static analyzer.
|
#
1.8 |
|
29-Jun-2010 |
martinh |
Add support for referrals. Referrals are configured in the config file, either in the global context or in a namespace. The latter can be used to delegate requests to different servers for specific parts of the DIT. The former is a global catch-all referral.
|
#
1.7 |
|
29-Jun-2010 |
martinh |
Rewrite the schema parser, as it's not a context-free grammar. This also brings the config parser more in line with other parse.y in the tree. The new schema parser also supports symbolic OID names.
You need to update your /etc/ldapd.conf. Schema files are no longer included with the 'include' keyword, you have to use 'schema' for that.
Moves schema-related structures to a separate include file to ease reuse.
|
#
1.6 |
|
23-Jun-2010 |
martinh |
Set errno to appropriate values when returning failure in btree. Make btree functions only return success or failure (-1 or NULL). Update callers to check errno.
|
#
1.5 |
|
15-Jun-2010 |
martinh |
Make modify and simple auth requests open their own transactions, as search already does. Trigger a reopen imsg request if either the data or index databases are compacted. Queue the failed request and try again when the file is reopened.
Compaction can now be done by a separate process, and ldapd will pick up the change and reopen the file.
|
#
1.4 |
|
11-Jun-2010 |
martinh |
Wrap searches in a read-only transaction so it is guaranteed to see a consistent snapshot of the database.
Also fixes a couple of format string errors for long long ints.
|
#
1.3 |
|
03-Jun-2010 |
martinh |
Fix compilation on gcc2. Check a return value from malloc while at it.
"that compiles!" deraadt@
|
#
1.2 |
|
31-May-2010 |
martinh |
Remove trailing whitespace and spaces before tabs.
ok gilles@
|
#
1.1 |
|
31-May-2010 |
martinh |
Initial import of ldapd, a small LDAP daemon. Work in progress.
ok deraadt@ jacekm@ gilles@ back@ henning@ blambert@
|
#
1.24 |
|
05-Dec-2018 |
claudio |
key.data is a void *, on gcc archs doing a %s printf with such a pointer results in a warning. Use either the original string value or use a cast. This makes both clang and gcc happy. OK guenther@
|
Revision tags: OPENBSD_6_4_BASE
|
#
1.23 |
|
31-Jul-2018 |
claudio |
Make ber type and encoding a unsigned int instead of unsigned long. This way the size is the same on all archs and 32bit should be good enough. OK rob@
|
#
1.22 |
|
18-May-2018 |
reyk |
Add support for attribute filter rules on search/read operations.
OK jmatthew@
|
#
1.21 |
|
16-May-2018 |
reyk |
Fix the client search request time and size limits.
ldapd failed when the specified limits were reached instead of exceeded. This fixes search queries that define such a limit, for example with "ldapsearch -z 1".
Thanks to Christophe Simon for the bug report, analysis, and fix!
OK jmatthew@
|
#
1.20 |
|
15-May-2018 |
reyk |
Fix format string errors in log messages and update ldapd to use relayd's log.c
OK benno@ jmatthew@
|
#
1.19 |
|
14-May-2018 |
reyk |
Add support to filter on attributes.
This can be used to allow users to change their password (and a few other things) but not their entire dn. For example:
allow read access to any by self allow write access to any attribute userPassword by self
This is currently only supported for "write" (modify, add, delete) and not "read" (search) filter rules.
OK jmatthew@
|
Revision tags: OPENBSD_6_1_BASE OPENBSD_6_2_BASE OPENBSD_6_3_BASE
|
#
1.18 |
|
20-Jan-2017 |
benno |
work on making log.c similar in all daemons:
move daemon-local functions into new logmsg.c, and reduce the (mostly whitespace) differences so that log.c's can be diffed easily.
ok krw@ jmatthew@
|
Revision tags: OPENBSD_5_9_BASE OPENBSD_6_0_BASE
|
#
1.17 |
|
24-Dec-2015 |
mmcc |
bzero -> memset. No binary change.
|
#
1.16 |
|
24-Dec-2015 |
mmcc |
use strndup instead of malloc/strncpy/nul
ok krw@
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.15 |
|
03-Jun-2015 |
millert |
Do not assume that asprintf() clears the pointer on failure, which is non-portable. Also add missing asprintf() return value checks. OK deraadt@ guenther@ doug@
|
Revision tags: OPENBSD_4_9_BASE OPENBSD_5_0_BASE OPENBSD_5_1_BASE OPENBSD_5_2_BASE OPENBSD_5_3_BASE OPENBSD_5_4_BASE OPENBSD_5_5_BASE OPENBSD_5_6_BASE OPENBSD_5_7_BASE
|
#
1.14 |
|
10-Nov-2010 |
martinh |
Make -dvv flags produce debug traces of decoded BER messages on stderr. Also shows a hexdump of the input buffer if BER decoding fails. Useful when debugging protocol issues.
|
#
1.13 |
|
05-Nov-2010 |
martinh |
If the base DN in a search request doesn't exist, return early.
|
#
1.12 |
|
04-Nov-2010 |
martinh |
Publish matching rules in the cn=schema subentry as the matchingRules attribute. This is an operational attribute and only returned if explicitly asked for. Required by RFC 4517.
|
#
1.11 |
|
03-Nov-2010 |
martinh |
Evaluate filters according to the three-valued logic of X.511, as required by RFC 4511. A filter term can now be evaluated as undefined if the attribute description is not recognized, the attribute type doesn't define the appropriate matching rule, or the filtering is not implemented.
This also implements the NOT filter in the query planner.
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.10 |
|
02-Jul-2010 |
martinh |
Dump parsed schema to buffer and send in requests for the cn=schema subschema namespace. Only do this if 'objectClasses' and 'attributeTypes' are expicitly requested. This allows clients to for example present custom editing forms.
|
#
1.9 |
|
01-Jul-2010 |
martinh |
Remove dead assignments. Found by clang static analyzer.
|
#
1.8 |
|
29-Jun-2010 |
martinh |
Add support for referrals. Referrals are configured in the config file, either in the global context or in a namespace. The latter can be used to delegate requests to different servers for specific parts of the DIT. The former is a global catch-all referral.
|
#
1.7 |
|
29-Jun-2010 |
martinh |
Rewrite the schema parser, as it's not a context-free grammar. This also brings the config parser more in line with other parse.y in the tree. The new schema parser also supports symbolic OID names.
You need to update your /etc/ldapd.conf. Schema files are no longer included with the 'include' keyword, you have to use 'schema' for that.
Moves schema-related structures to a separate include file to ease reuse.
|
#
1.6 |
|
23-Jun-2010 |
martinh |
Set errno to appropriate values when returning failure in btree. Make btree functions only return success or failure (-1 or NULL). Update callers to check errno.
|
#
1.5 |
|
15-Jun-2010 |
martinh |
Make modify and simple auth requests open their own transactions, as search already does. Trigger a reopen imsg request if either the data or index databases are compacted. Queue the failed request and try again when the file is reopened.
Compaction can now be done by a separate process, and ldapd will pick up the change and reopen the file.
|
#
1.4 |
|
11-Jun-2010 |
martinh |
Wrap searches in a read-only transaction so it is guaranteed to see a consistent snapshot of the database.
Also fixes a couple of format string errors for long long ints.
|
#
1.3 |
|
03-Jun-2010 |
martinh |
Fix compilation on gcc2. Check a return value from malloc while at it.
"that compiles!" deraadt@
|
#
1.2 |
|
31-May-2010 |
martinh |
Remove trailing whitespace and spaces before tabs.
ok gilles@
|
#
1.1 |
|
31-May-2010 |
martinh |
Initial import of ldapd, a small LDAP daemon. Work in progress.
ok deraadt@ jacekm@ gilles@ back@ henning@ blambert@
|
#
1.23 |
|
31-Jul-2018 |
claudio |
Make ber type and encoding a unsigned int instead of unsigned long. This way the size is the same on all archs and 32bit should be good enough. OK rob@
|
#
1.22 |
|
18-May-2018 |
reyk |
Add support for attribute filter rules on search/read operations.
OK jmatthew@
|
#
1.21 |
|
16-May-2018 |
reyk |
Fix the client search request time and size limits.
ldapd failed when the specified limits were reached instead of exceeded. This fixes search queries that define such a limit, for example with "ldapsearch -z 1".
Thanks to Christophe Simon for the bug report, analysis, and fix!
OK jmatthew@
|
#
1.20 |
|
15-May-2018 |
reyk |
Fix format string errors in log messages and update ldapd to use relayd's log.c
OK benno@ jmatthew@
|
#
1.19 |
|
14-May-2018 |
reyk |
Add support to filter on attributes.
This can be used to allow users to change their password (and a few other things) but not their entire dn. For example:
allow read access to any by self allow write access to any attribute userPassword by self
This is currently only supported for "write" (modify, add, delete) and not "read" (search) filter rules.
OK jmatthew@
|
Revision tags: OPENBSD_6_1_BASE OPENBSD_6_2_BASE OPENBSD_6_3_BASE
|
#
1.18 |
|
20-Jan-2017 |
benno |
work on making log.c similar in all daemons:
move daemon-local functions into new logmsg.c, and reduce the (mostly whitespace) differences so that log.c's can be diffed easily.
ok krw@ jmatthew@
|
Revision tags: OPENBSD_5_9_BASE OPENBSD_6_0_BASE
|
#
1.17 |
|
24-Dec-2015 |
mmcc |
bzero -> memset. No binary change.
|
#
1.16 |
|
24-Dec-2015 |
mmcc |
use strndup instead of malloc/strncpy/nul
ok krw@
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.15 |
|
03-Jun-2015 |
millert |
Do not assume that asprintf() clears the pointer on failure, which is non-portable. Also add missing asprintf() return value checks. OK deraadt@ guenther@ doug@
|
Revision tags: OPENBSD_4_9_BASE OPENBSD_5_0_BASE OPENBSD_5_1_BASE OPENBSD_5_2_BASE OPENBSD_5_3_BASE OPENBSD_5_4_BASE OPENBSD_5_5_BASE OPENBSD_5_6_BASE OPENBSD_5_7_BASE
|
#
1.14 |
|
10-Nov-2010 |
martinh |
Make -dvv flags produce debug traces of decoded BER messages on stderr. Also shows a hexdump of the input buffer if BER decoding fails. Useful when debugging protocol issues.
|
#
1.13 |
|
05-Nov-2010 |
martinh |
If the base DN in a search request doesn't exist, return early.
|
#
1.12 |
|
04-Nov-2010 |
martinh |
Publish matching rules in the cn=schema subentry as the matchingRules attribute. This is an operational attribute and only returned if explicitly asked for. Required by RFC 4517.
|
#
1.11 |
|
03-Nov-2010 |
martinh |
Evaluate filters according to the three-valued logic of X.511, as required by RFC 4511. A filter term can now be evaluated as undefined if the attribute description is not recognized, the attribute type doesn't define the appropriate matching rule, or the filtering is not implemented.
This also implements the NOT filter in the query planner.
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.10 |
|
02-Jul-2010 |
martinh |
Dump parsed schema to buffer and send in requests for the cn=schema subschema namespace. Only do this if 'objectClasses' and 'attributeTypes' are expicitly requested. This allows clients to for example present custom editing forms.
|
#
1.9 |
|
01-Jul-2010 |
martinh |
Remove dead assignments. Found by clang static analyzer.
|
#
1.8 |
|
29-Jun-2010 |
martinh |
Add support for referrals. Referrals are configured in the config file, either in the global context or in a namespace. The latter can be used to delegate requests to different servers for specific parts of the DIT. The former is a global catch-all referral.
|
#
1.7 |
|
29-Jun-2010 |
martinh |
Rewrite the schema parser, as it's not a context-free grammar. This also brings the config parser more in line with other parse.y in the tree. The new schema parser also supports symbolic OID names.
You need to update your /etc/ldapd.conf. Schema files are no longer included with the 'include' keyword, you have to use 'schema' for that.
Moves schema-related structures to a separate include file to ease reuse.
|
#
1.6 |
|
23-Jun-2010 |
martinh |
Set errno to appropriate values when returning failure in btree. Make btree functions only return success or failure (-1 or NULL). Update callers to check errno.
|
#
1.5 |
|
15-Jun-2010 |
martinh |
Make modify and simple auth requests open their own transactions, as search already does. Trigger a reopen imsg request if either the data or index databases are compacted. Queue the failed request and try again when the file is reopened.
Compaction can now be done by a separate process, and ldapd will pick up the change and reopen the file.
|
#
1.4 |
|
11-Jun-2010 |
martinh |
Wrap searches in a read-only transaction so it is guaranteed to see a consistent snapshot of the database.
Also fixes a couple of format string errors for long long ints.
|
#
1.3 |
|
03-Jun-2010 |
martinh |
Fix compilation on gcc2. Check a return value from malloc while at it.
"that compiles!" deraadt@
|
#
1.2 |
|
31-May-2010 |
martinh |
Remove trailing whitespace and spaces before tabs.
ok gilles@
|
#
1.1 |
|
31-May-2010 |
martinh |
Initial import of ldapd, a small LDAP daemon. Work in progress.
ok deraadt@ jacekm@ gilles@ back@ henning@ blambert@
|
#
1.22 |
|
18-May-2018 |
reyk |
Add support for attribute filter rules on search/read operations.
OK jmatthew@
|
#
1.21 |
|
16-May-2018 |
reyk |
Fix the client search request time and size limits.
ldapd failed when the specified limits were reached instead of exceeded. This fixes search queries that define such a limit, for example with "ldapsearch -z 1".
Thanks to Christophe Simon for the bug report, analysis, and fix!
OK jmatthew@
|
#
1.20 |
|
15-May-2018 |
reyk |
Fix format string errors in log messages and update ldapd to use relayd's log.c
OK benno@ jmatthew@
|
#
1.19 |
|
14-May-2018 |
reyk |
Add support to filter on attributes.
This can be used to allow users to change their password (and a few other things) but not their entire dn. For example:
allow read access to any by self allow write access to any attribute userPassword by self
This is currently only supported for "write" (modify, add, delete) and not "read" (search) filter rules.
OK jmatthew@
|
Revision tags: OPENBSD_6_1_BASE OPENBSD_6_2_BASE OPENBSD_6_3_BASE
|
#
1.18 |
|
20-Jan-2017 |
benno |
work on making log.c similar in all daemons:
move daemon-local functions into new logmsg.c, and reduce the (mostly whitespace) differences so that log.c's can be diffed easily.
ok krw@ jmatthew@
|
Revision tags: OPENBSD_5_9_BASE OPENBSD_6_0_BASE
|
#
1.17 |
|
24-Dec-2015 |
mmcc |
bzero -> memset. No binary change.
|
#
1.16 |
|
24-Dec-2015 |
mmcc |
use strndup instead of malloc/strncpy/nul
ok krw@
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.15 |
|
03-Jun-2015 |
millert |
Do not assume that asprintf() clears the pointer on failure, which is non-portable. Also add missing asprintf() return value checks. OK deraadt@ guenther@ doug@
|
Revision tags: OPENBSD_4_9_BASE OPENBSD_5_0_BASE OPENBSD_5_1_BASE OPENBSD_5_2_BASE OPENBSD_5_3_BASE OPENBSD_5_4_BASE OPENBSD_5_5_BASE OPENBSD_5_6_BASE OPENBSD_5_7_BASE
|
#
1.14 |
|
10-Nov-2010 |
martinh |
Make -dvv flags produce debug traces of decoded BER messages on stderr. Also shows a hexdump of the input buffer if BER decoding fails. Useful when debugging protocol issues.
|
#
1.13 |
|
05-Nov-2010 |
martinh |
If the base DN in a search request doesn't exist, return early.
|
#
1.12 |
|
04-Nov-2010 |
martinh |
Publish matching rules in the cn=schema subentry as the matchingRules attribute. This is an operational attribute and only returned if explicitly asked for. Required by RFC 4517.
|
#
1.11 |
|
03-Nov-2010 |
martinh |
Evaluate filters according to the three-valued logic of X.511, as required by RFC 4511. A filter term can now be evaluated as undefined if the attribute description is not recognized, the attribute type doesn't define the appropriate matching rule, or the filtering is not implemented.
This also implements the NOT filter in the query planner.
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.10 |
|
02-Jul-2010 |
martinh |
Dump parsed schema to buffer and send in requests for the cn=schema subschema namespace. Only do this if 'objectClasses' and 'attributeTypes' are expicitly requested. This allows clients to for example present custom editing forms.
|
#
1.9 |
|
01-Jul-2010 |
martinh |
Remove dead assignments. Found by clang static analyzer.
|
#
1.8 |
|
29-Jun-2010 |
martinh |
Add support for referrals. Referrals are configured in the config file, either in the global context or in a namespace. The latter can be used to delegate requests to different servers for specific parts of the DIT. The former is a global catch-all referral.
|
#
1.7 |
|
29-Jun-2010 |
martinh |
Rewrite the schema parser, as it's not a context-free grammar. This also brings the config parser more in line with other parse.y in the tree. The new schema parser also supports symbolic OID names.
You need to update your /etc/ldapd.conf. Schema files are no longer included with the 'include' keyword, you have to use 'schema' for that.
Moves schema-related structures to a separate include file to ease reuse.
|
#
1.6 |
|
23-Jun-2010 |
martinh |
Set errno to appropriate values when returning failure in btree. Make btree functions only return success or failure (-1 or NULL). Update callers to check errno.
|
#
1.5 |
|
15-Jun-2010 |
martinh |
Make modify and simple auth requests open their own transactions, as search already does. Trigger a reopen imsg request if either the data or index databases are compacted. Queue the failed request and try again when the file is reopened.
Compaction can now be done by a separate process, and ldapd will pick up the change and reopen the file.
|
#
1.4 |
|
11-Jun-2010 |
martinh |
Wrap searches in a read-only transaction so it is guaranteed to see a consistent snapshot of the database.
Also fixes a couple of format string errors for long long ints.
|
#
1.3 |
|
03-Jun-2010 |
martinh |
Fix compilation on gcc2. Check a return value from malloc while at it.
"that compiles!" deraadt@
|
#
1.2 |
|
31-May-2010 |
martinh |
Remove trailing whitespace and spaces before tabs.
ok gilles@
|
#
1.1 |
|
31-May-2010 |
martinh |
Initial import of ldapd, a small LDAP daemon. Work in progress.
ok deraadt@ jacekm@ gilles@ back@ henning@ blambert@
|
Revision tags: OPENBSD_6_1_BASE OPENBSD_6_2_BASE
|
#
1.18 |
|
20-Jan-2017 |
benno |
work on making log.c similar in all daemons:
move daemon-local functions into new logmsg.c, and reduce the (mostly whitespace) differences so that log.c's can be diffed easily.
ok krw@ jmatthew@
|
Revision tags: OPENBSD_5_9_BASE OPENBSD_6_0_BASE
|
#
1.17 |
|
24-Dec-2015 |
mmcc |
bzero -> memset. No binary change.
|
#
1.16 |
|
24-Dec-2015 |
mmcc |
use strndup instead of malloc/strncpy/nul
ok krw@
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.15 |
|
03-Jun-2015 |
millert |
Do not assume that asprintf() clears the pointer on failure, which is non-portable. Also add missing asprintf() return value checks. OK deraadt@ guenther@ doug@
|
Revision tags: OPENBSD_4_9_BASE OPENBSD_5_0_BASE OPENBSD_5_1_BASE OPENBSD_5_2_BASE OPENBSD_5_3_BASE OPENBSD_5_4_BASE OPENBSD_5_5_BASE OPENBSD_5_6_BASE OPENBSD_5_7_BASE
|
#
1.14 |
|
10-Nov-2010 |
martinh |
Make -dvv flags produce debug traces of decoded BER messages on stderr. Also shows a hexdump of the input buffer if BER decoding fails. Useful when debugging protocol issues.
|
#
1.13 |
|
05-Nov-2010 |
martinh |
If the base DN in a search request doesn't exist, return early.
|
#
1.12 |
|
04-Nov-2010 |
martinh |
Publish matching rules in the cn=schema subentry as the matchingRules attribute. This is an operational attribute and only returned if explicitly asked for. Required by RFC 4517.
|
#
1.11 |
|
03-Nov-2010 |
martinh |
Evaluate filters according to the three-valued logic of X.511, as required by RFC 4511. A filter term can now be evaluated as undefined if the attribute description is not recognized, the attribute type doesn't define the appropriate matching rule, or the filtering is not implemented.
This also implements the NOT filter in the query planner.
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.10 |
|
02-Jul-2010 |
martinh |
Dump parsed schema to buffer and send in requests for the cn=schema subschema namespace. Only do this if 'objectClasses' and 'attributeTypes' are expicitly requested. This allows clients to for example present custom editing forms.
|
#
1.9 |
|
01-Jul-2010 |
martinh |
Remove dead assignments. Found by clang static analyzer.
|
#
1.8 |
|
29-Jun-2010 |
martinh |
Add support for referrals. Referrals are configured in the config file, either in the global context or in a namespace. The latter can be used to delegate requests to different servers for specific parts of the DIT. The former is a global catch-all referral.
|
#
1.7 |
|
29-Jun-2010 |
martinh |
Rewrite the schema parser, as it's not a context-free grammar. This also brings the config parser more in line with other parse.y in the tree. The new schema parser also supports symbolic OID names.
You need to update your /etc/ldapd.conf. Schema files are no longer included with the 'include' keyword, you have to use 'schema' for that.
Moves schema-related structures to a separate include file to ease reuse.
|
#
1.6 |
|
23-Jun-2010 |
martinh |
Set errno to appropriate values when returning failure in btree. Make btree functions only return success or failure (-1 or NULL). Update callers to check errno.
|
#
1.5 |
|
15-Jun-2010 |
martinh |
Make modify and simple auth requests open their own transactions, as search already does. Trigger a reopen imsg request if either the data or index databases are compacted. Queue the failed request and try again when the file is reopened.
Compaction can now be done by a separate process, and ldapd will pick up the change and reopen the file.
|
#
1.4 |
|
11-Jun-2010 |
martinh |
Wrap searches in a read-only transaction so it is guaranteed to see a consistent snapshot of the database.
Also fixes a couple of format string errors for long long ints.
|
#
1.3 |
|
03-Jun-2010 |
martinh |
Fix compilation on gcc2. Check a return value from malloc while at it.
"that compiles!" deraadt@
|
#
1.2 |
|
31-May-2010 |
martinh |
Remove trailing whitespace and spaces before tabs.
ok gilles@
|
#
1.1 |
|
31-May-2010 |
martinh |
Initial import of ldapd, a small LDAP daemon. Work in progress.
ok deraadt@ jacekm@ gilles@ back@ henning@ blambert@
|