upstream/openldap
1
0
Fork 0
mirror of https://git.openldap.org/openldap/openldap.git synced 2025-12-24 00:29:35 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions
24151 commits 38 branches 309 tags 68 MiB
Commit graph

2048 commits

Author SHA1 Message Date
Ondřej Kuzník
3bd1b0909a ITS#9001 Use a TAvl for request tracking in libldap 2021-03-30 15:46:40 +01:00
Ondřej Kuzník
e36d1e31c5 ITS#9001 manual changes 2021-03-30 15:46:40 +01:00
Quanah Gibson-Mount
38d1ac0449 ITS#5365 - Add support for symbol versioning libldap and lilber 2021-03-29 18:11:00 +00:00
Howard Chu
bc0d62db23 Revert "ITS#8847 more fallout from ldap_pvt_sockaddrstr move" 
This reverts commit f2ddf89e3c.

Move Sockaddr def to ac/socket.h instead.
 2021-03-27 10:38:59 +00:00
Howard Chu
f2ddf89e3c ITS#8847 more fallout from ldap_pvt_sockaddrstr move 2021-03-26 14:12:47 +00:00
Howard Chu
829263c454 ITS#8847 move lutil_sockaddrstr() to ldap_pvt_sockaddrstr() 2021-03-26 13:45:26 +00:00
HoweverAT
9d594a118e ITS#8847 Add SOCKET_BIND_ADDRESSES Option 2021-03-25 18:47:11 +00:00
HoweverAT
8ebd065048 ITS#8847 Print local address in connection dump 2021-03-25 17:37:26 +00:00
Howard Chu
bb6844e296 ITS#7295 don't init TLS threads by default 
Do it explicitly in servers
 2021-03-21 15:26:57 +00:00
Hugh McMaster
baee6c47e7 ITS#8996 - Generate and install a pkg-config file for the libldap library 2021-03-15 21:39:55 +00:00
Tero Saarni
5f9352986d ITS#9419 fix comparison 2021-03-15 19:03:59 +00:00
Quanah Gibson-Mount
5d5f431868 ITS#9490 - Add keepalive settings to ldap.conf 2021-03-04 17:11:35 +00:00
Ondřej Kuzník
568239731f ITS#8345 Remove LDIF_KLUDGE and defer defaults to _wrap() 2021-03-03 10:37:19 +00:00
Matus Honek
1cb4d2f0c9 ITS#8904 - Ensure SSLv3 is enabled when necessary 
Either at compilation time, or as a system-wide configuration, OpenSSL
may have disabled SSLv3 protocol by default. This change ensures the
protocol NO flag is cleared when necessary, hence allowing for the
protocol to be used.
 2021-02-26 18:30:38 +00:00
Quanah Gibson-Mount
a84d11dcce ITS#9422 - Update for TLS v1.3 2021-02-25 21:32:58 +00:00
Paul B. Henson
146889f205 ITS#9419 Add support for HAProxy proxy protocol v2 2021-02-24 18:11:09 +00:00
Quanah Gibson-Mount
ce2c5173bd ITS#9161 - Fix various typos 
Fix a number of different typos across the code base
 2021-02-17 18:42:46 +00:00
Howard Chu
00a5815c2c ITS#9465 remove assert in ldap_get_option() 
Since it's already checked for error
 2021-02-11 17:03:32 +00:00
Ondřej Kuzník
08f07b2ac1 Fix typo in MS AD persistent search ctrl 2021-02-04 15:55:57 +00:00
Quanah Gibson-Mount
61f619043e ITS#8580 - Explicitly honor the server side cipher suite preference 2021-01-28 20:22:50 +00:00
Quanah Gibson-Mount
efaf9a4a17 Happy New Year! 2021-01-11 19:25:53 +00:00
Howard Chu
d2936fb1d5 ITS#9425 add more checks to ldap_X509dn2bv 2020-12-14 20:05:44 +00:00
Howard Chu
c944dc55b7 ITS#9423 ldap_X509dn2bv: check for invalid BER after RDN count 2020-12-13 21:52:00 +00:00
Ondřej Kuzník
3f5293e145 ITS#5422 Save errno before passing it to Debug() 2020-09-24 23:34:36 +00:00
Howard Chu
c3131eb5a3 ITS#9348 replace all uses of STRERROR with AC_STRERROR_R 
Avoid using sys_errlist unless there's no other choice
 2020-09-24 23:34:36 +00:00
Howard Chu
6d7c2511b4 ITS#9201 partial revert 2020-09-03 21:08:17 +01:00
Howard Chu
ccfbb74c62 ITS#9201 additional fixes 2020-09-03 21:01:07 +01:00
Howard Chu
b24ca75993 ITS#9201 fix LDAP_THREAD_DEBUG 
Add missing defs to ldap_thr_debug.h.
slap tools must init libldap so internal mutexes get inited.
 2020-09-03 12:37:32 +01:00
Howard Chu
4c74bd0a41 ITS#9332 add placeholder in LDAP_LDO_TLS_NULLARG 2020-09-01 20:25:00 +01:00
Howard Chu
536767798b ITS#9054 fix typo 2020-08-27 11:22:58 +01:00
Howard Chu
e3faae939c ITS#9328 cldap: check for error on connected socket 
libldap doesn't use a connected socket for UDP sessions, but 3rd
parties can, passed in with ldap_init_fd().
 2020-08-26 20:53:38 +00:00
Quanah Gibson-Mount
c1411b8199 ITS#9323 - Limit to OpenSSL 1.0.2 or later 2020-08-25 21:52:04 +00:00
Howard Chu
608a822349 ITS#9318 add TLS_REQSAN option 
Add an option to specify how subjectAlternativeNames should be
handled when validating the names in a server certificate.
 2020-08-21 18:05:08 +00:00
Howard Chu
2386a11649 ITS#9054 Add support for multiple EECDH curves 
Requires OpenSSL 1.0.2 or newer
 2020-08-21 07:58:07 +01:00
Howard Chu
9d2f15307d ITS#7926 dynamic changes to olcListenerThreads 
Reallocates sockets from old to new listener threads
 2020-08-18 22:37:50 +01:00
Ondřej Kuzník
917fcc03ee ITS#9279 Send Netscape expired control as a bare string 2020-07-27 14:22:24 +02:00
Ondřej Kuzník
fd921e7121 ITS#9279 Expose Netscape password policy controls in libldap 2020-07-22 18:57:38 +00:00
Quanah Gibson-Mount
21eef84a49 ITS#9275 -- Update wording to remove slave and master terms, consolidate on provider/consumer 2020-07-18 16:27:04 +00:00
Howard Chu
24b45f57f2 ITS#9287 use getaddrinfo for ldap_pvt_get_fqdn 
If getaddrinfo is available, should use it here
 2020-07-16 21:08:36 +01:00
Ondřej Kuzník
1129df533d ITS#8701 Expose account usability in libldap 2020-07-07 16:43:35 +01:00
Ryan Tandy
a4474d3584 ITS#9235 Delete LDAP_THREAD_SAFE 2020-07-03 17:24:16 -07:00
Ryan Tandy
c4b6aad6cb ITS#9235 Link test progs with thread libs 2020-07-03 17:23:14 -07:00
Ryan Tandy
a10210db84 ITS#9235 Only compile libldap_r sources when LDAP_R_COMPILE 2020-07-03 17:23:14 -07:00
Ryan Tandy
a5c0b59398 ITS#9235 Define LDAP_R_COMPILE iff building with threads 2020-07-03 17:23:14 -07:00
Quanah Gibson-Mount
c06ac436e2 ITS#9235 Merge libldap_r into libldap 2020-07-03 17:23:14 -07:00
Brett Sheffield
42d7238925 ITS#8603 Add ldif_open_mem() 
ldif_open_mem() is the fmemopen(3) equivalent of ldif_open() which opens
an ldif steam from memory, rather than from a file.
 2020-06-23 10:31:08 +01:00
Sergio Gelato
8006ee58b8 ITS#8204 Improved RFC2782 shuffle when several, but not all, records have weight 0. 
The fallback to a straight Fisher-Yates shuffle needs to occur whenever the
sum of the *remaining* weights is zero, or else the remaining records will
not be reordered. Testing only once at the beginning covers the case when
all weights are zero, and obviously no shuffling is needed when only one
weight is zero; but other weight combinations are possible, such as (1, 0, 0).
 2020-06-22 17:27:30 +00:00
Sergio Gelato
ee7502accd ITS#8204 Remove bias towards the first record in RFC2782 shuffle implementation. 
Prior to this change, given two records of weight 1 the algorithm would
return them in the order (0,1) with 100% probability instead of the
desired 50%. This was due to an off-by-one error in the range test.

srv_rand() returns a float in the range [0.0, 1.0[, so r is an integer in the
range [0, total[. The correct probability for record 0 to be chosen is
a[0].weight/total, not (a[0].weight+1)/total.
 2020-06-22 17:27:30 +00:00
Quanah Gibson-Mount
fb1933f567 Issue#7530 - Test for ERANGE when using 6 form gethostbyname_r 2020-05-26 19:18:02 +00:00
Ryan Tandy
9282e6edea ITS#8155 Support cacertdir with GnuTLS 2020-05-14 07:56:28 -07:00
Ryan Tandy
e96f90e212 ITS#9176 Implement SNI for GnuTLS 2020-04-27 11:01:01 -07:00
Howard Chu
4265849b0f ITS#9176 check for failure setting SNI 2020-04-27 18:54:02 +01:00
Howard Chu
b8f34888c3 ITS#9176 check for numeric addrs before passing SNI 2020-04-27 18:25:49 +01:00
Howard Chu
5c0efb9ce8 ITS#9176 Add TLS SNI support to libldap 
Implemented for OpenSSL, GnuTLS just stubbed
 2020-04-27 03:41:12 +01:00
Isaac Boukris
4c545ee078 ITS#9242 - ifdef tls-endpoint code in openssl pre 0.9.8 2020-04-25 22:50:52 +02:00
Isaac Boukris
4cac398b19 ITS#9189 - initialize ldo_sasl_cbinding in LDAP_LDO_SASL_NULLARG 
Reported-by: Ryan Tandy @ryan
 2020-04-23 22:28:51 +00:00
Isaac Boukris
3cd50fa8b3 ITS#9189 rework sasl-cbinding support 
Add LDAP_OPT_X_SASL_CBINDING option to define the binding type to use,
defaults to "none".

Add "tls-endpoint" binding type implementing "tls-server-end-point" from
RCF 5929, which is compatible with Windows.

Fix "tls-unique" to include the prefix in the bindings as per RFC 5056.
 2020-04-23 21:00:39 +02:00
Quanah Gibson-Mount
8505f774a5 Update to drop NON_BLOCKING ifdefs that were only really for moznss 2020-04-20 21:38:01 +00:00
Quanah Gibson-Mount
a019e7fe1a ITS#9207 - Remove MozNSS code and documentation 2020-04-20 21:38:01 +00:00
Quanah Gibson-Mount
a97eed06f0 ITS#6937 - Remove unused proctitle bits 2020-04-15 19:32:28 +00:00
Quanah Gibson-Mount
e50741e459 ITS#6567 - More cleanup 2020-04-13 17:19:35 +00:00
Howard Chu
735e1ab14b ITS#8650 loop on incomplete TLS handshake 
Always retry ldap_int_tls_connect() if it didn't complete,
regardless of blocking or non-blocking socket. Code from
ITS#7428 was wrong to only retry for async.
 2020-04-12 23:51:09 +01:00
Quanah Gibson-Mount
c6493c45b5 ITS#6567 - Remove non-cyrus-sasl GSSAPI bits 2020-04-10 18:19:33 +00:00
Ryan Tandy
7732cb2794 ITS#9086 Add debug logging for more GnuTLS errors 2020-04-02 15:52:31 +00:00
Quanah Gibson-Mount
6bd2a3721d ITS#9175 - Fix argument cast 
Fixes potential segfault in ldapsearch
 2020-02-21 21:10:49 +00:00
Ondřej Kuzník
4bb239bd76 ITS#9160 OOM handling in libldap 2020-02-07 09:46:52 +00:00
Ondřej Kuzník
76c43165ea Remove LDAP_X_TXN and rename accordingly 2020-01-28 12:09:09 +00:00
Ondřej Kuzník
9ce2d2f9d2 ITS#9156 Implement pwdMaxLength 2020-01-23 23:46:43 +00:00
Howard Chu
e2e17dd2f1 ITS#9147 plug descriptor leak if ldaps connect fails 2020-01-11 04:18:37 +00:00
Quanah Gibson-Mount
f6ad222e41 Happy New Year! 2020-01-09 16:50:21 +00:00
Ondřej Kuzník
639e5f15fd ITS#9081 Do not leak sb (ITS#8755 regression) 2019-09-23 17:27:18 +01:00
Ryan Tandy
63c82c0ed7 ITS#9069 Do not call gnutls_global_set_mutex() 
Since GnuTLS moved to implicit initialization on library load, calling
this function deinitializes GnuTLS and then re-initializes it.

When GnuTLS uses /dev/urandom as an entropy source (getrandom() not
available, or older versions of GnuTLS), and the application closed all
file descriptors at startup, this could result in GnuTLS opening
/dev/urandom over one of the application's file descriptors when
re-initialized.

Additionally, the custom mutex functions are never reset, so if libldap
is unloaded (for example via dlclose()) after calling this, its code may
be unmapped and the application could crash when GnuTLS calls the mutex
functions.

On typical systems, GnuTLS system mutexes are probably the same as what
libldap uses anyway.
 2019-09-12 13:16:30 -07:00
Quanah Gibson-Mount
0eed0ccefc ITS#7585 - Windows doesn't support LDAPI 
Adjust patch for ITS#7585 as Windows does not have LDAPI support.
 2019-07-23 14:45:16 +00:00
Quanah Gibson-Mount
4ccd139355 Revert "use AI_ADDRCONFIG if defined in the environment" 
This reverts commit ebf0ef5cb1.

Depends on custom glibc from RedHat
 2019-07-19 16:24:45 +00:00
Quanah Gibson-Mount
403c01b5e6 Fix previous commit. It broke builds where --with-cyrus-sasl=no is set. 2019-06-27 17:44:18 +00:00
Howard Chu
b02807ea2f Cleanup limits in cyrus.c 2019-06-25 15:31:31 +01:00
Ondřej Kuzník
b2f4cacd47 ITS#7996 Use a separate mutex in ldap_int_initialize 2019-06-21 12:19:38 +02:00
Ondřej Kuzník
60754d77c8 ITS#8755 Do not close the default SockBuf a second time 2019-06-20 16:58:25 +02:00
Jame Gerwe
6c177e6629 ITS#8794 - Fix implicit declaration for ldap_is_ldapc_url 
Fix building OpenLDAP with -DLDAP_CONNECTIONLESS so that ldap_is_ldapc_url function is defined
 2019-06-17 17:25:29 +00:00
Ondřej Kuzník
5e8aa3f6d1 ITS#8754 Don't try IPv6 addresses unless configured to 2019-06-13 10:24:43 +02:00
Côme Chilliet
2cac3ceb03 ITS#8674 Return correct result from ldap_create_assertion_control_value 
ldap_create_assertion_control_value was returning ld->ld_errno
 upon success without reseting it to LDAP_SUCCESS first
 2019-06-12 16:57:13 +02:00
Ondřej Kuzník
db40120a27 ITS#7996 Tighten race in ldap_int_initialize 2019-06-12 11:53:38 +02:00
Ondřej Kuzník
860daa0989 ITS#7042 More to unsetting opts with an empty string 2019-06-12 11:50:14 +02:00
Patrick Monnerat
0f9afae02d ITS#7042 Allow unsetting of tls_* syncrepl options. 
This can be done by setting them to an empty string value.
 2019-06-11 15:36:03 +02:00
Jan Vcelak
ebf0ef5cb1 use AI_ADDRCONFIG if defined in the environment 2019-05-13 15:33:55 +00:00
Sumit Bose
6c5a79be98 ITS#7585 fix ldapi with SASL_NOCANON 
Was using the ldapi socket path as a hostname
 2019-04-18 21:57:04 +01:00
Ondřej Kuzník
5b55054544 Do not allocate a new cbinding if we have one already. 2019-03-27 10:54:42 +00:00
Ondřej Kuzník
aba073e171 ITS#8980 Actually return the computed status 2019-03-19 16:46:03 +00:00
Nadezhda Ivanova
f239bbd3c6 Add LDAP_OPT_KEEPCONN option 
This option instructs try_read1msg to not free the connection on read error
or on Notice of disconnections, but leave it to the caller. It is needed,
for example, by back-asyncmeta, who expects to have control on when
its target connections are freed. Must be used with caution.
 2019-02-28 17:27:54 +00:00
Vernon Smith
8158888085 ITS#8980 fix async connections with non-blocking TLS 2019-02-28 17:02:40 +00:00
Howard Chu
06d289f985 ITS#8983 Add draft Persistent Search 2019-02-25 15:19:33 +00:00
Ondřej Kuzník
e6ae7d5136 ITS#8731 Make loading ldap-int.h possible from server code again 2019-02-19 17:14:26 +00:00
Ondřej Kuzník
cd914149a6 Make prototypes available where needed 2019-02-19 10:26:39 +00:00
Ondřej Kuzník
09cec1f1b4 ITS#8731 Apply doc/devel/variadic_debug/03-libldap_Debug.cocci 2019-02-15 16:51:53 +00:00
Ondřej Kuzník
254d2adab0 ITS#8731 Rework logging 2019-02-15 16:51:53 +00:00
Quanah Gibson-Mount
09ff530036 ITS#8957 - Fix ASYNC TLS 
Fix ASYNC TLS by correctly handling a return code of -2 in addition to 0
 2019-01-31 23:28:36 +00:00
Quanah Gibson-Mount
50b33cc6b8 ITS#8968 - Fix ASYNC connection on Solaris 10 
Fixes ASYNC connections to handle a return code of ENOTCONN as this is
what Solaris 10 does.
 2019-01-31 23:28:28 +00:00
Howard Chu
e8c62bf8b4 ITS#8966 add changelog support to syncrepl consumer 
Tested against DSEE7. The DSEE binaries must be in your path to run the test script.
 2019-01-29 18:51:43 -08:00
Quanah Gibson-Mount
b45a6a7dc7 Happy New Year! 2019-01-14 18:46:16 +00:00
Howard Chu
d3b1558dcb ITS#8353 CRYPTO_set_id_callback deprecated in OpenSSL 0.9.9 2019-01-02 10:16:40 +00:00