upstream/openldap
1
0
Fork 0
mirror of https://git.openldap.org/openldap/openldap.git synced 2026-02-18 18:18:06 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions
24601 commits 38 branches 313 tags 89 MiB
Commit graph

13104 commits

Author SHA1 Message Date
Ondřej Kuzník
795a896ea9 ITS#10312 Explicitly allow FALSE in 'subordinate' 2025-05-06 15:15:03 +00:00
Quanah Gibson-Mount
56bb1c3d3d ITS#7080 - Fix call to slap_add_ctrls 2025-02-19 18:53:15 +00:00
Ondřej Kuzník
5c734d2bb7 ITS#7249 Disallow memberof-addcheck when memberof is global 2025-02-19 18:37:53 +00:00
Ondřej Kuzník
d66062dc8e ITS#7249 Let backend_attribute know who's calling it 2025-02-19 18:37:48 +00:00
Ondřej Kuzník
a9ff4f1e34 ITS#10307 Initialise last if we use it later 2025-02-19 18:24:52 +00:00
Howard Chu
44306d7094 ITS#10302 slapd-mdb: fix idcursor double-free in slapadd shutdown 
Caused when calling tool_entry_modify to update ctxcsn after all adds are done.
 2025-02-19 18:22:38 +00:00
Ondřej Kuzník
0cad3da809 ITS#10290 Move syncrepl_modify_cb to the end of the list 
The way op->orm_modlist is allocated by syncrepl_op_modify is not
compatible with slap_mods_free() and so callbacks from any overlays that
touch op->orm_modlist on the way down need a chance to undo their state
first as we go back up.
 2025-02-19 18:20:15 +00:00
Ondřej Kuzník
c667f2ea5c ITS#7080 Do not reuse back-ldif's stack for controls 2025-02-19 18:15:58 +00:00
Ondřej Kuzník
f328965d4a ITS#7080 Implement pre/postread for modrdn 2025-02-19 18:06:33 +00:00
Ondřej Kuzník
8d19c20525 ITS#7080 Do not munge path twice 2025-02-19 18:06:29 +00:00
Howard Chu
c1d61434d7 ITS#10288 autoca: fix olcAutoCAserverClass config 2025-02-19 17:02:04 +00:00
Ondřej Kuzník
99f672b564 ITS#10272 Request all attributes from remote 
Fixes a regression introduced in fc1bcaf9de
leaving us unable to check the full filter after we recreate the entry.
 2024-11-13 17:11:10 +00:00
Ondřej Kuzník
67bef41c3c ITS#10234 Reinit retry state on refreshDone 2024-10-04 22:08:03 +00:00
Ondřej Kuzník
c451a39fe4 ITS#10232 Reset cs_refreshing on config delete 2024-10-04 22:06:18 +00:00
Ondřej Kuzník
a6f6c2f8bf ITS#10248 Always generate a result on the original op 2024-10-04 22:03:39 +00:00
Ondřej Kuzník
99327d316e ITS#10249 slapo-nestgroup: plug leak in nestgroup_memberFilter 2024-10-04 22:02:24 +00:00
Howard Chu
bec0946cca ITS#10256 cn=config: reject modify requests on cn=schema,cn=config 
Add requests already handled it specially; corresponding treatment
for modify requests was missing. The docs have always stated that
cn=schema,cn=config is only for slapd's hardcoded schema so this
only affects users who don't read docs.
 2024-10-04 22:00:01 +00:00
HAMANO Tsukasa
efa9f173d2 ITS#10233 - fix idl intersection 
The `mdb_idl_intersection()` and `wt_idl_intersection()` functions derived from back-bdb return wrong results.

expect:
[1, 3] ∩ [2] = []

actual:
[1, 3] ∩ [2] = [2]

also
- Add scope checking for back-wt
- fix compiler warning
 2024-10-04 21:49:50 +00:00
Howard Chu
84a64fe354 ITS#10237 back-ldap: fix usage of multi-precision add for op counters 2024-10-04 21:41:34 +00:00
Howard Chu
0f984dd354 ITS#10230 slapo-memberof: fix addcheck search to omit dynamic values 2024-06-28 17:14:45 +00:00
Howard Chu
74f0e83eb4 ITS#10235 slapo-nestgroup: silence extraneous register_at message 2024-06-28 17:03:29 +00:00
Howard Chu
8350e24c8f ITS#10231 slapadd: check for NULL suffix in error message 2024-06-28 17:01:55 +00:00
Nadezhda Ivanova
1ea9880ad0 ITS#10227 Asyncmeta will not reset a connection if a bind operation fails with LDAP_OTHER, leaving the connection in invalid state 2024-06-28 16:59:06 +00:00
Nadezhda Ivanova
532b2e60da ITS#10219 Modify of olcDisabled by removing and adding a value invokes db_open twice 
Do not invoke db_open if the database is not actually disabled
 2024-06-28 16:58:12 +00:00
Nadezhda Ivanova
dc358cbc8e ITS#10218 Disabling and re-enabling an asyncmeta database via cn=config leaks memory 
Make sure asyncmeta frees the pending operations structures, resets all connections, frees connection structures and stops the timeout-loop.
 2024-06-28 16:56:38 +00:00
Quanah Gibson-Mount
3516e19bc7 ITS#9827 - Use 7MB memory/5 iterations as default 
This has the same protections as 19MB/2 iterations, but requires less system memory
 2024-06-28 16:49:04 +00:00
François Kooman
d13a07bf94 ITS#9827 update Argon2 defaults 
- switch to argon2id by default (from argon2i)
- use OWASP recommended parameters as defaults

This only affects builds that use libargon2, e.g. Debian, and
not builds that use libsodium as argon2id is already the
default there, and better parameters are used

References: https://bugs.openldap.org/show_bug.cgi?id=9827
Signed-off-by: François Kooman <fkooman@tuxed.net>
 2024-06-28 16:48:57 +00:00
HAMANO Tsukasa
71f8894a9c ITS#10214 Reduce library dependencies 
Currently, slapd links libsystemd to notify service state to systemd.
However, libsystemd link several unnecessary libraries, which increases security risks.
The systemd documentation provides a method to send state notifications to systemd using a simple protocol without the need to link against libsystemd.

https://www.freedesktop.org/software/systemd/man/devel/sd_notify.html
 2024-05-09 17:08:46 +00:00
Nick Porter
0938316f3f ITS#10211 slapd: Fix peercred uid and gid format 
uid and gid are unsigned int and so should be formatted as such when
creating the authid string.
 2024-05-07 16:37:12 +00:00
Howard Chu
3f752740b1 ITS#10204 slapo-constraint: fix double-free on invalid attr 2024-05-07 16:32:51 +00:00
Nadezhda Ivanova
5a0fb54284 ITS#10197 Back-meta and back-asyncmeta add a new target structure and increase the number of targets even if uri parsing fails 
Reproducible when adding a new target via cn=config
 2024-05-07 16:31:45 +00:00
Howard Chu
fbef77d42d ITS#10161 Add nestgroup overlay 2024-04-16 16:08:15 +00:00
Nadezhda Ivanova
e9c93fac09 ITS#10193 Asyncmeta starts more than one timeout loop per database and slaptest crashes 2024-04-16 15:45:51 +00:00
Quanah Gibson-Mount
fa5cf1252f Happy New Year! 2024-03-26 19:45:35 +00:00
Howard Chu
9fd8cd2066 ITS#10186 overlay response callbacks should ignore op->o_abandon 2024-03-26 17:02:34 +00:00
Howard Chu
97474d966b ITS#10044 dynlist: check for abandon in search2resp 2024-03-26 16:42:34 +00:00
Howard Chu
513da65360 ITS#10172 logging: report errors when rotation fails 2024-03-26 16:41:34 +00:00
Nadezhda Ivanova
493e991ebc ITS#10164 back-meta hangs when used with dynlist overlay 
Make sure every proxied operation has a separate candidates structure.
 2024-02-15 18:13:20 +00:00
Ondřej Kuzník
70e72e5889 ITS#10173 Populate li_minCSN on conversion 2024-02-15 18:10:53 +00:00
Stephen Gallagher
d019472211 ITS#10171 - Explicitly cast private values 
Fixes issues with -Werror=incompatible-pointer-types

Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
 2024-02-15 18:07:02 +00:00
Howard Chu
68cba1f476 ITS#10170 accesslog: skip response if not fully initialized yet 2024-02-15 18:05:37 +00:00
Howard Chu
e992b8972d ITS#10167 slapo-memberof: add addcheck option 
Check memberships of newly added entries.
 2024-02-15 17:56:16 +00:00
Ondřej Kuzník
fe7ee15016 ITS#9823 Move to a place that is better associated with accesslog 2024-02-15 17:55:09 +00:00
Nadezhda Ivanova
01e32028fc ITS#10165 back-meta fails to bind to target when proxying an internal operation 2024-02-15 17:51:42 +00:00
Howard Chu
ce1d833c54 ITS#10166 slapi: fix plugin.c plugin_pblock_new() usage 
Broken in 9142da8eaf
 2024-02-15 17:48:20 +00:00
Ondřej Kuzník
131a42c4f8 ITS#10139 back-config: Honour disclose in matchedDN handling 2024-01-29 18:44:23 +00:00
Howard Chu
3e25c6d908 ITS#10025 slapo-dynlist: add option to disable filter support 2024-01-23 18:44:37 +00:00
Ondřej Kuzník
705ebb995a ITS#10110 Do not skip backover for result entries 2024-01-16 20:40:39 +00:00
Howard Chu
ffdd12f069 ITS#10135 dynlist: fix search2resp callback context 2024-01-16 20:38:57 +00:00
Stacey Marshall
8cb36ebc49 ITS#10130 Several callers of getpassphrase() ignore NULL returns 2024-01-16 20:36:57 +00:00