upstream/openldap
1
0
Fork 0
mirror of https://git.openldap.org/openldap/openldap.git synced 2026-02-18 18:18:06 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions
24953 commits 38 branches 313 tags 89 MiB
Commit graph

12990 commits

Author SHA1 Message Date
Howard Chu
b5bc6d69af ITS#10237 back-ldap: fix usage of multi-precision add for op counters 2024-10-04 21:46:37 +00:00
Howard Chu
12d105b17b ITS#10231 slapadd: check for NULL suffix in error message 2024-06-28 17:02:46 +00:00
Nadezhda Ivanova
5baa87235d ITS#10227 Asyncmeta will not reset a connection if a bind operation fails with LDAP_OTHER, leaving the connection in invalid state 2024-06-28 16:59:11 +00:00
Nadezhda Ivanova
230bd39c07 ITS#10219 Modify of olcDisabled by removing and adding a value invokes db_open twice 
Do not invoke db_open if the database is not actually disabled
 2024-06-28 16:58:05 +00:00
Quanah Gibson-Mount
412d897c17 ITS#9827 - Use 7MB memory/5 iterations as default 
This has the same protections as 19MB/2 iterations, but requires less system memory
 2024-06-28 16:53:05 +00:00
François Kooman
08a78a0224 ITS#9827 update Argon2 defaults 
- switch to argon2id by default (from argon2i)
- use OWASP recommended parameters as defaults

This only affects builds that use libargon2, e.g. Debian, and
not builds that use libsodium as argon2id is already the
default there, and better parameters are used

References: https://bugs.openldap.org/show_bug.cgi?id=9827
Signed-off-by: François Kooman <fkooman@tuxed.net>
 2024-06-28 16:52:53 +00:00
HAMANO Tsukasa
f7c76e2daf ITS#10214 Reduce library dependencies 
Currently, slapd links libsystemd to notify service state to systemd.
However, libsystemd link several unnecessary libraries, which increases security risks.
The systemd documentation provides a method to send state notifications to systemd using a simple protocol without the need to link against libsystemd.

https://www.freedesktop.org/software/systemd/man/devel/sd_notify.html
 2024-05-09 17:10:49 +00:00
Nick Porter
9898594888 ITS#10211 slapd: Fix peercred uid and gid format 
uid and gid are unsigned int and so should be formatted as such when
creating the authid string.
 2024-05-07 16:36:46 +00:00
Quanah Gibson-Mount
2eadd1524a Happy New Year! 2024-03-26 19:46:02 +00:00
Howard Chu
8deecaf30e ITS#10186 overlay response callbacks should ignore op->o_abandon 2024-03-26 17:03:48 +00:00
Howard Chu
abd8706e3f ITS#10044 dynlist: check for abandon in search2resp 2024-03-26 16:43:13 +00:00
Howard Chu
321a6b337f ITS#10170 accesslog: skip response if not fully initialized yet 2024-02-15 19:37:49 +00:00
Nadezhda Ivanova
0ce2afd8ed ITS#10164 back-meta hangs when used with dynlist overlay 
Make sure every proxied operation has a separate candidates structure.
 2024-02-15 18:12:46 +00:00
Ondřej Kuzník
b870fbffb7 ITS#10173 Populate li_minCSN on conversion 2024-02-15 18:08:00 +00:00
Stephen Gallagher
166a010e30 ITS#10171 - Explicitly cast private values 
Fixes issues with -Werror=incompatible-pointer-types

Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
 2024-02-15 18:07:05 +00:00
Ondřej Kuzník
c4a8fce751 ITS#9823 Move to a place that is better associated with accesslog 2024-02-15 17:55:05 +00:00
Nadezhda Ivanova
97e2034b90 ITS#10165 back-meta fails to bind to target when proxying an internal operation 2024-02-15 17:49:13 +00:00
Howard Chu
0f326100cd ITS#10166 slapi: fix plugin.c plugin_pblock_new() usage 
Broken in 9142da8eaf
 2024-02-15 17:47:13 +00:00
Ondřej Kuzník
c79abb6039 ITS#10139 back-config: Honour disclose in matchedDN handling 2024-01-29 18:44:44 +00:00
Howard Chu
41beafbd45 ITS#10025 slapo-dynlist: add option to disable filter support 2024-01-23 18:46:21 +00:00
Ondřej Kuzník
a30379311b ITS#10110 Do not skip backover for result entries 2024-01-16 20:41:27 +00:00
Howard Chu
a4026502f9 ITS#10135 dynlist: fix search2resp callback context 2024-01-16 20:39:11 +00:00
Stacey Marshall
43798262ce ITS#10130 Several callers of getpassphrase() ignore NULL returns 2024-01-16 20:37:56 +00:00
Ondřej Kuzník
f0a2a42aa1 ITS#10089 Fix acl logging 2024-01-11 22:04:05 +00:00
Ondřej Kuzník
4b33584e4a ITS#10123 Add a missing include 2024-01-11 22:02:53 +00:00
Howard Chu
b003ae8417 ITS#10117 build: fix slap-config.h decls for Windows DLLs 2024-01-11 18:55:19 +00:00
Howard Chu
5d7a9205e8 Cleanup Windows build 
Fix make depend errors in slapi
 2024-01-11 17:53:43 +00:00
Ondřej Kuzník
b3c5439360 ITS#10074 Fix type mismatches in lloadd 2023-10-23 19:18:27 +00:00
Ondřej Kuzník
4d9424cbcb ITS#10091 Do not allow dynlist being configured as global 2023-10-23 19:16:01 +00:00
Greg Burd
7b693aadc1 ITS#10089 - convert Debug to use config args 2023-10-23 19:13:15 +00:00
Howard Chu
f58a44f63e ITS#10089 - Use ConfigArgs in ACL parsing 
For better error propagation back to config clients, also
remove unconditional use of stderr.

parse_acl() was only partially converted, the rest remains to be done.
 2023-10-23 19:13:05 +00:00
Howard Chu
b857c53829 ITS#10089 - Use ConfigArgs in slapi config parsing 2023-10-23 19:12:56 +00:00
Greg Burd
760406ee29 ITS#10089 - Allow caller to determine if the process should exit or not when the regex is found to be problematic. 2023-10-23 19:12:47 +00:00
Ondřej Kuzník
399eac4191 ITS#10083 Do not mess with a connection that's dying already 2023-10-09 20:29:15 +00:00
Nadezhda Ivanova
423be855ee ITS#10076 suffixmassage in back-asyncmeta does not handle empty remote suffix correctly 2023-10-09 20:26:59 +00:00
Ondřej Kuzník
255e66b432 ITS#10070 Allow running without a valid resolv.conf file 2023-10-09 20:24:17 +00:00
Ondřej Kuzník
17a805c35b ITS#10068 keep our own copy of the DN 2023-09-26 17:28:15 +00:00
Ondřej Kuzník
2816cb80b4 ITS#10067 Account for mods being optional 2023-07-31 18:07:17 +00:00
Ondřej Kuzník
2de4a9539e ITS#10045 Make sure we only unpause when paused 2023-07-31 18:06:12 +00:00
Ondřej Kuzník
c5b0998324 ITS#10041 Restrict group searching 2023-05-15 17:57:46 +00:00
Ondřej Kuzník
58dd1467ca ITS#10045 Also check for abandon when things have settled 2023-05-15 17:31:36 +00:00
Ondřej Kuzník
53151ac918 ITS#10037 Update argon2 README 2023-04-27 15:48:05 +00:00
Ondřej Kuzník
5fedf31421 ITS#10032 Use the correct ocs field 2023-04-27 15:43:55 +00:00
Ondřej Kuzník
c3cc9289f2 ITS#10031 Adjust *err if we free it 2023-04-27 15:14:02 +00:00
HAMANO Tsukasa
e765972f07 ITS#10028 - crash with pwdMinDelay 2023-04-27 15:12:11 +00:00
Howard Chu
a4ec923fd6 ITS#10016: slapo-syncprov: fix Abandon with active qtask 2023-04-27 15:10:27 +00:00
Ondřej Kuzník
a25124dcc6 ITS#9953 Check for push replication 2023-04-26 20:10:16 +00:00
Howard Chu
4fadc96824 ITS#9997 syncrepl: plug potential leak in changelog search 
Note this is only used with changelog, which is nonstandard and obsolete.
 2023-04-26 16:44:21 +00:00
Sam James
139effd7e6 ITS#10011 servers: fix -Wstrict-prototypes 
For more information, see LWN.net [0] or LLVM's Discourse [1], the Gentoo wiki [2],
or the (new) c-std-porting mailing list [3].

[0] https://lwn.net/Articles/913505/
[1] https://discourse.llvm.org/t/configure-script-breakage-with-the-new-werror-implicit-function-declaration/65213
[2] https://wiki.gentoo.org/wiki/Modern_C_porting
[3] hosted at lists.linux.dev.

Signed-off-by: Sam James <sam@gentoo.org>
 2023-04-17 18:48:49 +00:00
Ondřej Kuzník
2e79e2d098 ITS#9990 Preserve callbacks added already 2023-04-17 18:43:26 +00:00