openbsd-src/usr.sbin/ldapd/ at master · jcs.org/openbsd-src

jcs.org / openbsd-src

jcs's openbsd hax

openbsd

openbsd-src / usr.sbin / ldapd /

at master 1 folder 36 files

Add a bsd.schema including a shadowPassword and an sshPublicKey attribute that can be used to extend existing LDAP users with the additional bsdAccount objectclass. The former is useful for ypldap+ldapd setups without login_ldap and the latter makes it easier to use sshd's AuthorizedKeysCommand.

5 years ago

Add a bsd.schema including a shadowPassword and an sshPublicKey attribute that can be used to extend existing LDAP users with the additional bsdAccount objectclass. The former is useful for ypldap+ldapd setups without login_ldap and the latter makes it easier to use sshd's AuthorizedKeysCommand.

5 years ago

The BER API is currently used by ldap, ldapd, ldapctl, ypldap, snmpd, and snmpctl. Separate copies of ber.[ch] have existed and been maintained in sync in ldap, ldapd, ypldap and snmpd.

7 years ago

When removing the last value from an attribute in ldap_del_values() the actuall attribute needs to removed instead of leaving back an empty attribute. Empty attributes are not valid and fail later on in ldap_modify(). By calling ldap_del_attribute() in this case properly removes the attribute and with that validate_entry() no longer fails later on. OK jmatthew@

4 years ago

Use strncasecmp instead of strncmp when comparing the password scheme. This change could theoretically affect some people who actually have one of the scheme's in lower case in their password, but this is extremely unlikely in the real world.

3 years ago

print a formatted errx() string instead of segfault, by checking argc correctly.

9 years ago

some tweaks from raf czlonka, plus one more from me;

7 years ago

Don't overflow uint16 when the filesystem block size is >32K. Reported and initial diagnosis from Allan Streib, help/ok millert deraadt

9 years ago

Add a BT_CURSOR_EXACT operation to btree_cursor_get. It behaves like BT_CURSOR, but fails if the key is not found.

16 years ago

Add void to conn_close_any()

3 years ago

Delete obsolete /* ARGSUSED */ lint comments.

3 years ago

It does not make sense to use ioctl(FIONREAD) with TLS as libtls has already read the buffer from kernel to user land. I have blindly copied this code from libevent for syslogd(8) TLS, remove it together with the bug. It caused hangs in ldapd(8). report, analysis, testing, OK Seiya Kawashima, Robert Klein, gsoares@

8 years ago

convert ldapd to use the libtls api, bringing in a copy of the evbuffer_tls code from syslogd.

10 years ago

The ber_* namespace is used by liblber since time immemorial, so move our BER API to the unused ober_* prefix to avoid some breakage in ports.

6 years ago

add missing rcsid

9 years ago

add missing rcsid

9 years ago

The ber_* namespace is used by liblber since time immemorial, so move our BER API to the unused ober_* prefix to avoid some breakage in ports.

6 years ago

improve the Nd lines such that the format is consistent for the various *d, *conf, *ctl files (where relevant) and simple;

3 years ago

unveil _PATH_LOGIN_CONF_D

4 years ago

improve the Nd lines such that the format is consistent for the various *d, *conf, *ctl files (where relevant) and simple;

3 years ago

PATH_MAX+1 rarely makes sense, and abort if this happens in the imsg. ok jmatthew millert

4 years ago

Change fatal() to fatalx() since the errno has no meaning here. OK tb@

3 years ago

Fix format string errors in log messages and update ldapd to use relayd's log.c

8 years ago

including sys/cdefs.h manually started as a result of netbsd trying to macro-build a replacement for sccsid, and was done without any concern for namespace damage. Unfortunately this practice started infecting other code as others were unaware they didn't need the file. ok millert guenther

4 years ago

Comply with man page intent of -dvv enabling BER level logging.

5 years ago

Publish matching rules in the cn=schema subentry as the matchingRules attribute. This is an operational attribute and only returned if explicitly asked for. Required by RFC 4517.

15 years ago

When removing the last value from an attribute in ldap_del_values() the actuall attribute needs to removed instead of leaving back an empty attribute. Empty attributes are not valid and fail later on in ldap_modify(). By calling ldap_del_attribute() in this case properly removes the attribute and with that validate_entry() no longer fails later on. OK jmatthew@

4 years ago

Fix ldapd datadir location.

6 years ago

Don't declare variables as "unsigned char *" that are passed to functions that take "char *" arguments. Where such chars are assigned to int or passed to ctype functions, explicitly cast them to unsigned char.

4 years ago

avoid use after free in error paths ok miod@ martijn@

3 years ago

Publish matching rules in the cn=schema subentry as the matchingRules attribute. This is an operational attribute and only returned if explicitly asked for. Required by RFC 4517.

15 years ago

usr.sbin/ldapd: replace TAILQ concatenation loop with TAILQ_CONCAT

6 years ago

Fix checks for seconds and timezones in generalized times. Fixing the CHECK_RANGE macro in r1.4 revealed that the seconds check accidentally relied on the macro being broken. While looking into this I noticed that the timezone check was also wrong, treating the timezone as optional for generalized times.

9 years ago

include unistd.h directly rather than pulling it in via zlib's zconf.h (needed for getdtablecount).

4 years ago

Use <fcntl.h> instead of <sys/file.h> for open() and friends. Delete a bunch of unnecessary #includes and sort to match style(9) while doing the above cleanup.

8 years ago

Remove unused functions and variables, found by lint.

16 years ago

Add some debug messages in validate_entry() that explain why LDAP_INVALID_SYNTAX is returned. OK jmatthew@

4 years ago