upstream/openldap
1
0
Fork 0
mirror of https://git.openldap.org/openldap/openldap.git synced 2025-12-20 22:59:34 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions
24515 commits 38 branches 309 tags 68 MiB
Commit graph

4978 commits

Author SHA1 Message Date
Quanah Gibson-Mount
10d4461634 Merge remote-tracking branch 'origin/mdb.RE/0.9' 2022-12-05 16:21:51 +00:00
Howard Chu
31e6efeb07 ITS#9955 liblunicode: fix buffer size in UTF8bvnormalize 
output buffer may overrun 1 byte for specially crafted approxMatch search filters.
Not exploitable, no operational or security impact.
 2022-12-01 14:58:37 +00:00
Howard Chu
f16ef18fc9 ITS#9916 2022-11-28 23:41:00 +00:00
Howard Chu
139831a5c0 ITS#9916 liblmdb: use alternate MDB_page2 struct for some accesses 
fakepage pointers are only guaranteed to be 2-byte aligned. Use a
2-byte aligned struct definition when referencing 2-byte page members
if a page pointer possibly points to a fakepage.
 2022-11-28 23:18:56 +00:00
Quanah Gibson-Mount
0c2168993b ITS#9806 2022-11-28 17:51:38 +00:00
Howard Chu
d2fa5806d8 ITS#9806 LMDB page_split: key threshold depends on page size 
32 was chosen for page size of 4KB. Not large nough for 16KB pages.
 2022-11-28 14:32:33 +00:00
Howard Chu
e85a624663 ITS#9899 fix use of non-standard u_char/u_int types 2022-10-26 16:33:30 +01:00
Howard Chu
41f87c53ec ITS#9937 libldap: fix put_simple_filter() with invalid filter 
Add check for trivial input string.
 2022-10-20 12:38:02 +01:00
Connor Smith
6489b6a857 ITS#9925 Fix some ancient #ifdef checks 
Use #elif defined(...) for HAVE_WINSOCK and MACOS. All other instances
of these macros use #ifdef or similar. A compiler may warn about them
not being defined.

In libraries/liblber/sockbuf.c, (DOS && PCNFS) and (DOS && NCSA) were
replaced with HAVE_PCNFS and HAVE_NCSA, respectively. It seems logical
to do the same at the only remaining occurrence of DOS, PCNFS, and NCSA.

Use #if HARDCODE_DATA consistently, replacing two instances of #ifdef.
HARDCODE_DATA is always defined, and this way you can set HARDCODE_DATA
to 0 and have it work, rather than it going down the wrong branch and
failing in these two cases.
 2022-10-13 03:37:47 +00:00
Quanah Gibson-Mount
9de1273a63 Merge remote-tracking branch 'origin/mdb.RE/0.9' 2022-10-04 15:50:15 +00:00
Quanah Gibson-Mount
d87d682b6d Prepare for release (0.9.30) 2022-10-04 14:23:03 +00:00
Quanah Gibson-Mount
ca7128ad35 ITS#9919 2022-10-03 16:40:10 +00:00
Mike Hommey
abe36745d2 ITS#9919 - Mark infrequently used functions as cold rather than manually putting them in a separate section 2022-09-27 17:30:48 +01:00
Quanah Gibson-Mount
b181666eec ITS#9030 2022-09-26 16:52:55 +00:00
Mike Hommey
4bb20ed082 ITS#9030 - Use sys/cachectl.h rather than asm/cachectl.h on mips 
It also contains the cacheflush function declaration.
 2022-09-23 02:39:27 +01:00
Ondřej Kuzník
1220282dd5 ITS#8196/ITS#9714 Switch to xorshift 2022-09-19 16:32:39 +00:00
Ondřej Kuzník
9d528c111d ITS#9817 One more leak plugged 2022-09-02 16:49:45 +01:00
Ondřej Kuzník
4697f4b3e0 ITS#9817 Fix leaks and nul-terminate string passed to ldap_bv2dn 2022-09-01 10:09:27 +01:00
Howard Chu
3f2abd0b2e ITS#9904 ldap_url_parsehosts: check for strdup failure 
Avoid unnecessary strdup in IPv6 addr parsing, check for strdup
failure when dup'ing scheme.

Code present since 2000, 8da110a9e7
 2022-08-25 17:01:13 +01:00
Howard Chu
ea8dd2d279 ITS#9904 ldif_open_url: check for ber_strdup failure 
Code present since 1999, df8f7cbb9b
 2022-08-24 14:40:51 +01:00
moneromooo-monero
8a76450336 lmdb: catch non-LMDB negative errors before strerror 
That should hopefully shut coverity up
 2022-08-22 18:51:32 +00:00
Michael Osipov
519e0c94c9 ITS#9901 libldap: fix non-std printf %p arguments 2022-08-22 16:44:05 +00:00
Howard Chu
6c9eea7306 ITS#9899 libldap: fix non-std syntax in cyrus.c 
Broken in 3cd50fa8b3 for ITS#9189
 2022-08-22 16:44:05 +00:00
Howard Chu
aef1c05089 ITS#9894 don't use gmake-specific features 2022-08-15 20:53:03 +00:00
Howard Chu
d47f212679 Add nonstd cbind SASL secprop 
For Cyrus SASL 2.2, 8735185e9d
 2022-07-28 15:46:07 +00:00
Ondřej Kuzník
c07e961d40 ITS#9876 Some more leaks plugged 2022-07-08 15:45:55 +00:00
Howard Chu
78618653c2 ITS#9876 Coverity fixes: plug memleaks 2022-07-05 03:49:34 +01:00
Howard Chu
e2028b0d01 Fix spurious fallthru warning 2022-06-09 23:00:48 +01:00
Ondřej Kuzník
56877e333b ITS#9817 Introduce DN and filter manipulation tools 2022-06-07 09:47:41 +01:00
Howard Chu
0b78166a47 ITS#9157: check for NULL ld 2022-05-21 16:39:29 +01:00
Yi Zhao
d75de4d6e9 ITS#9840 - libraries/Makefile.in: ignore the mkdir errors 
Ignore the mkdir errors to fix the parallel build failure:

../../build/shtool mkdir -p TOPDIR/tmp-glibc/work/cortexa15t2hf-neon-wrs-linux-gnueabi/openldap/2.5.9-r0/image/usr/lib
mkdir: cannot create directory 'TOPDIR/tmp-glibc/work/cortexa15t2hf-neon-wrs-linux-gnueabi/openldap/2.5.9-r0/image/usr/lib': File exists

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
 2022-05-09 16:48:43 +00:00
Helmut Grohne
f5f5231d29 ITS#9841 fix librewrite declaration of calloc 2022-05-05 20:29:40 +01:00
Howard Chu
1c197bbef9 Revert "ITS#9828 Fix ldap_count_values_len pointer confusion" 
This reverts commit 7e7fad5e03.
 2022-04-25 17:26:37 +01:00
Ondřej Kuzník
7e7fad5e03 ITS#9828 Fix ldap_count_values_len pointer confusion 2022-04-21 12:14:06 +01:00
Ondřej Kuzník
0dae0704c0 ITS#9811 Allow newlines at end of included file 2022-03-21 17:48:34 +00:00
Ondřej Kuzník
e8813b12b6 ITS#9803 Drop connection when receiving non-LDAP data 2022-03-08 17:28:05 +00:00
Howard Chu
e62d05d26c ITS#9436 libldap: OpenSSL 3.0 compat 2022-02-03 16:42:44 +00:00
Orgad Shaneh
04093763f9 ITS#9791 Fix compilation with openssl exclusions 2022-01-25 15:41:07 +00:00
Ondřej Kuzník
f4e74d51f5 ITS#9781 Relax refcount assertion for referrals 2022-01-19 10:35:01 +00:00
Quanah Gibson-Mount
788e9592ba Happy New Year! 2022-01-07 18:40:00 +00:00
Ondřej Kuzník
19d4a69882 ITS#9642 Notify runner of any changes to the runqueue 2021-12-15 20:40:53 +00:00
Ondřej Kuzník
e3905c9898 ITS#9596 Let libldap keep explicit port 0 as that 2021-12-14 16:30:54 +00:00
Howard Chu
69727ebbc8 ITS#9743 init client socket port 
also silence meaningless warning
 2021-11-09 18:06:18 +00:00
Quanah Gibson-Mount
f5138f290f ITS#9723 2021-10-26 16:34:16 +00:00
Howard Chu
c4085fdfe6 ITS#9723 clear C_EOF on cursor with MDB_FIRST_DUP 2021-10-26 16:40:38 +01:00
Quanah Gibson-Mount
4a87d7aad2 ITS#9673 - Start fully tracking symbols for versioning 2021-10-18 17:56:13 +00:00
Quanah Gibson-Mount
783fcbe8ed ITS#9673 - Fix library symbol versioning 2021-09-20 18:00:36 +00:00
Howard Chu
d285c05106 ITS#9686 plug peercert memleak 2021-09-15 13:03:13 +01:00
Howard Chu
6c0dc99389 ITS#9668 ldap_int_tls_connect: isdigit() requires unsigned char 2021-09-06 21:14:21 +01:00
Quanah Gibson-Mount
617e6974f7 ITS#9648 - Fix request.c for MAXPATHLEN not result.c Fixes 0412814c55 2021-08-31 16:33:57 +00:00
Quanah Gibson-Mount
0412814c55 ITS#9648 - Include ac/param.h for MAXPATHLEN 2021-08-26 17:55:54 +00:00
Howard Chu
5ad6ab3568 ITS#8958 rename ldap_pvt_thread_pool_pausecheck() 
to ..._pausewait() since that's what it really does.
Add ..._pausequery() that only checks and doesn't wait.
 2021-08-12 18:59:06 +00:00
Howard Chu
ff0defdc13 ITS#6248 fix prev commit tlso_ca_list 
Don't quit on first dir failure, try them all before giving up.
 2021-07-22 23:54:25 +01:00
Howard Chu
dfcaa3f01e ITS#6248 support multiple CAcert dirs 2021-07-22 21:07:21 +01:00
Howard Chu
2c0707cf13 ITS#9157 save TLS errmsg in ld->ld_error 2021-07-22 15:27:31 +01:00
Bin Lan
457f5bd4a9 ITS#9602 Silence warnings in libldap/tls_o.c 2021-06-29 13:16:37 +01:00
Bin Lan
3be2447dfc ITS#9601 Silence warning in libldap/tpool.c 2021-06-29 13:16:26 +01:00
Konstantin Andreev
7bd1fac58c ITS#9590 libldap: fix missing unlock on connection alloc failure 2021-06-24 13:40:44 +01:00
Konstantin Andreev
00529facbe ITS#9578 ldif: terminate buf after truncating \r 2021-06-12 15:08:11 +01:00
Howard Chu
cd3567d750 ITS#9521 additional ciphersuite fixes 
Actually check version of matched ciphersuite names.
Also, don't change existing TLS1.3 suites if none are specified
in the new suite string. Avoids ITS#9546.
 2021-05-06 20:16:40 +01:00
Howard Chu
16fcba1e98 ITS#9541 fix typo in util-int.c 
From 94fbd96826
 2021-04-30 09:25:13 +01:00
Howard Chu
9624bb5af0 ITS#9513 fix prev commit 
01e5664c7c removed an include that is needed
 2021-04-23 17:10:02 +01:00
Nadezhda Ivanova
db389d38ce ITS#9502 Implement LDAP_OPT_TCP_USER_TIMEOUT 2021-04-22 21:52:12 +00:00
Howard Chu
edfc4e7ffe ITS#9530 ldo_defbase now must be freed in ldap_ld_free() 2021-04-21 18:06:26 +01:00
Norm Green
87397b345b ITS#9530 fix double-free of LDAP_OPT_DEFBASE 2021-04-21 18:03:43 +01:00
Ondřej Kuzník
7df2a0f394 ITS#8847 Allocate a large enough buffer 2021-04-15 15:16:19 +01:00
Andreas Schulze
680091b5b4 ITS#8586 load cert+chain from TLSCertificateFile 
For OpenSSL
 2021-04-12 20:32:09 +01:00
Howard Chu
e0dcf4c4d7 ITS#9518 fix prev commit 2021-04-09 19:29:11 +01:00
Howard Chu
fe6a740381 ITS#9521 clarify - affects OpenSSL 1.1.1, not 1.1.0 2021-04-09 18:23:53 +01:00
Howard Chu
2a3b64f4e6 ITS#9518 add LDAP_OPT_X_TLS_PROTOCOL_MAX option 
OpenSSL only
 2021-04-09 18:12:40 +01:00
Howard Chu
b72bce2400 ITS#9521 Set TLSv1.3 cipher suites for OpenSSL 1.1 2021-04-09 15:59:22 +01:00
Howard Chu
94fbd96826 ITS#9513 Change all lutil time structs to use nanoseconds 
Instead of microseconds
 2021-03-31 18:53:50 +00:00
Howard Chu
9ac3909ead ITS#9513 Intercept liblber error printer 
And add time and thread ID prefix to all debug output
 2021-03-31 18:53:50 +00:00
Howard Chu
01e5664c7c ITS#9513 Cleanup debug output 
Avoid splitting single lines across multiple Debug invocations
 2021-03-31 18:53:50 +00:00
Ondřej Kuzník
3bd1b0909a ITS#9001 Use a TAvl for request tracking in libldap 2021-03-30 15:46:40 +01:00
Ondřej Kuzník
e36d1e31c5 ITS#9001 manual changes 2021-03-30 15:46:40 +01:00
Quanah Gibson-Mount
38d1ac0449 ITS#5365 - Add support for symbol versioning libldap and lilber 2021-03-29 18:11:00 +00:00
Howard Chu
bc0d62db23 Revert "ITS#8847 more fallout from ldap_pvt_sockaddrstr move" 
This reverts commit f2ddf89e3c.

Move Sockaddr def to ac/socket.h instead.
 2021-03-27 10:38:59 +00:00
Howard Chu
f2ddf89e3c ITS#8847 more fallout from ldap_pvt_sockaddrstr move 2021-03-26 14:12:47 +00:00
Howard Chu
829263c454 ITS#8847 move lutil_sockaddrstr() to ldap_pvt_sockaddrstr() 2021-03-26 13:45:26 +00:00
HoweverAT
9d594a118e ITS#8847 Add SOCKET_BIND_ADDRESSES Option 2021-03-25 18:47:11 +00:00
HoweverAT
8ebd065048 ITS#8847 Print local address in connection dump 2021-03-25 17:37:26 +00:00
Howard Chu
bb6844e296 ITS#7295 don't init TLS threads by default 
Do it explicitly in servers
 2021-03-21 15:26:57 +00:00
Quanah Gibson-Mount
f9d01f4722 Return to engineering 2021-03-16 16:49:20 +00:00
Quanah Gibson-Mount
7bc9c29005 Merge remote-tracking branch 'origin/mdb.RE/0.9' 2021-03-16 16:45:15 +00:00
Quanah Gibson-Mount
8ad7be2510 Prepare for release (0.9.29) 2021-03-16 16:41:19 +00:00
Hugh McMaster
baee6c47e7 ITS#8996 - Generate and install a pkg-config file for the libldap library 2021-03-15 21:39:55 +00:00
Hugh McMaster
3eea13bdd4 ITS#8996 - Generate and install a pkg-config file for the liblber library 2021-03-15 21:39:55 +00:00
Tero Saarni
5f9352986d ITS#9419 fix comparison 2021-03-15 19:03:59 +00:00
Quanah Gibson-Mount
267fe028b5 Merge remote-tracking branch 'origin/mdb.RE/0.9' 2021-03-15 19:02:27 +00:00
Quanah Gibson-Mount
b807a63f2c ITS#9500 2021-03-15 16:14:56 +00:00
Howard Chu
b167701f86 ITS#9500 fix regression from ITS#8662 2021-03-14 17:51:52 +00:00
Howard Chu
f8891d510b ITS#9376 simplify 2021-03-14 17:51:38 +00:00
Howard Chu
d67f5cea49 ITS#9500 fix regression from ITS#8662 2021-03-14 14:28:38 +00:00
Quanah Gibson-Mount
5d5f431868 ITS#9490 - Add keepalive settings to ldap.conf 2021-03-04 17:11:35 +00:00
Ondřej Kuzník
568239731f ITS#8345 Remove LDIF_KLUDGE and defer defaults to _wrap() 2021-03-03 10:37:19 +00:00
Matus Honek
1cb4d2f0c9 ITS#8904 - Ensure SSLv3 is enabled when necessary 
Either at compilation time, or as a system-wide configuration, OpenSSL
may have disabled SSLv3 protocol by default. This change ensures the
protocol NO flag is cleared when necessary, hence allowing for the
protocol to be used.
 2021-02-26 18:30:38 +00:00
Quanah Gibson-Mount
a84d11dcce ITS#9422 - Update for TLS v1.3 2021-02-25 21:32:58 +00:00
Paul B. Henson
146889f205 ITS#9419 Add support for HAProxy proxy protocol v2 2021-02-24 18:11:09 +00:00
Paul B. Henson
dcca73370b Move slap_sockaddrstr into liblutil 2021-02-24 18:11:09 +00:00
Quanah Gibson-Mount
56609fb5a6 ITS#9469 - Typo fixes 2021-02-18 20:32:28 +00:00
Quanah Gibson-Mount
ce2c5173bd ITS#9161 - Fix various typos 
Fix a number of different typos across the code base
 2021-02-17 18:42:46 +00:00
Howard Chu
00a5815c2c ITS#9465 remove assert in ldap_get_option() 
Since it's already checked for error
 2021-02-11 17:03:32 +00:00
Howard Chu
f9c5b46651 ITS#9461 fix typo 2021-02-11 11:34:57 +00:00
Howard Chu
257847ab71 Return to Engineering, ITS#9461 2021-02-09 23:42:03 +00:00
Howard Chu
40585b4839 ITS#9461 refix ITS#9376 
Was setting C_DEL flag gratuitously
 2021-02-09 23:41:11 +00:00
Quanah Gibson-Mount
62b7ba7862 Merge remote-tracking branch 'origin/mdb.RE/0.9' 2021-02-04 20:48:51 +00:00
Quanah Gibson-Mount
51a29155e1 Prepare for release (0.9.28) 2021-02-04 20:46:33 +00:00
Ondřej Kuzník
08f07b2ac1 Fix typo in MS AD persistent search ctrl 2021-02-04 15:55:57 +00:00
Quanah Gibson-Mount
61f619043e ITS#8580 - Explicitly honor the server side cipher suite preference 2021-01-28 20:22:50 +00:00
Howard Chu
bedc82a249 ITS#8662 2021-01-28 18:28:32 +00:00
Howard Chu
7796aaebcd ITS#8662 Add -a append option to mdb_load 
To allow reloading of custom-sorted DBs from mdb_dump
 2021-01-28 18:26:41 +00:00
Quanah Gibson-Mount
efaf9a4a17 Happy New Year! 2021-01-11 19:25:53 +00:00
Quanah Gibson-Mount
cf81bfb2e4 Merge remote-tracking branch 'origin/mdb.RE/0.9' 2021-01-11 19:22:25 +00:00
Quanah Gibson-Mount
b4e1e00e9e Happy New Year! 2021-01-11 19:21:58 +00:00
Howard Chu
d2936fb1d5 ITS#9425 add more checks to ldap_X509dn2bv 2020-12-14 20:05:44 +00:00
Howard Chu
c944dc55b7 ITS#9423 ldap_X509dn2bv: check for invalid BER after RDN count 2020-12-13 21:52:00 +00:00
Ondřej Kuzník
50a021a387 Do not enforce a valid ld in lutil_sasl_interact 2020-11-17 17:58:15 +00:00
Quanah Gibson-Mount
ef893fffad ITS#9381 - Remove unused variables, fix rc usage 2020-10-29 20:09:36 +00:00
Quanah Gibson-Mount
cbcc15f561 Return to RE 2020-10-26 19:03:01 +00:00
Quanah Gibson-Mount
3c9aa9df84 Prepare for release (0.9.27) 2020-10-26 19:00:40 +00:00
Howard Chu
37a48f4e89 ITS#9376 2020-10-23 20:38:14 +01:00
Howard Chu
c131c853f0 ITS#9376 Fixes for repeated deletes with xcursor 
On DUPSORT DBs, must initialize xcursor regardless of whether
caller requested its data. Also in cursor_prev must check whether
cursor index is still within range before using it.
 2020-10-23 20:37:30 +01:00
Ondřej Kuzník
3f5293e145 ITS#5422 Save errno before passing it to Debug() 2020-09-24 23:34:36 +00:00
Howard Chu
c3131eb5a3 ITS#9348 replace all uses of STRERROR with AC_STRERROR_R 
Avoid using sys_errlist unless there's no other choice
 2020-09-24 23:34:36 +00:00
Howard Chu
6d7c2511b4 ITS#9201 partial revert 2020-09-03 21:08:17 +01:00
Howard Chu
ccfbb74c62 ITS#9201 additional fixes 2020-09-03 21:01:07 +01:00
Howard Chu
b24ca75993 ITS#9201 fix LDAP_THREAD_DEBUG 
Add missing defs to ldap_thr_debug.h.
slap tools must init libldap so internal mutexes get inited.
 2020-09-03 12:37:32 +01:00
Howard Chu
4c74bd0a41 ITS#9332 add placeholder in LDAP_LDO_TLS_NULLARG 2020-09-01 20:25:00 +01:00
Howard Chu
536767798b ITS#9054 fix typo 2020-08-27 11:22:58 +01:00
Howard Chu
e3faae939c ITS#9328 cldap: check for error on connected socket 
libldap doesn't use a connected socket for UDP sessions, but 3rd
parties can, passed in with ldap_init_fd().
 2020-08-26 20:53:38 +00:00
Quanah Gibson-Mount
c1411b8199 ITS#9323 - Limit to OpenSSL 1.0.2 or later 2020-08-25 21:52:04 +00:00
Howard Chu
88e569d857 ITS#9249 librewrite: fix malloc/free corruption 
If substitution parsing fails, would attempt to free a mapping
that hadn't been allocated yet.

Also, on failure, caller in saslauthz would attempt to free a
rwinfo struct that hadn't been allocated.
 2020-08-23 19:32:51 +00:00
Howard Chu
608a822349 ITS#9318 add TLS_REQSAN option 
Add an option to specify how subjectAlternativeNames should be
handled when validating the names in a server certificate.
 2020-08-21 18:05:08 +00:00
Howard Chu
2386a11649 ITS#9054 Add support for multiple EECDH curves 
Requires OpenSSL 1.0.2 or newer
 2020-08-21 07:58:07 +01:00
Howard Chu
9d2f15307d ITS#7926 dynamic changes to olcListenerThreads 
Reallocates sockets from old to new listener threads
 2020-08-18 22:37:50 +01:00
Quanah Gibson-Mount
01db7a099e Return to engineering 2020-08-12 05:03:38 +00:00
Quanah Gibson-Mount
9c78a81d05 Merge remote-tracking branch 'origin/mdb.RE/0.9' into master 2020-08-11 18:28:02 +00:00
Quanah Gibson-Mount
20403b7b38 Release 0.9.26 2020-08-11 18:24:07 +00:00
Ondřej Kuzník
917fcc03ee ITS#9279 Send Netscape expired control as a bare string 2020-07-27 14:22:24 +02:00
Quanah Gibson-Mount
c444578743 Merge remote-tracking branch 'origin/mdb.RE/0.9' 2020-07-23 21:59:13 +00:00
Quanah Gibson-Mount
37ebb6b46b ITS#9278 2020-07-23 21:35:36 +00:00
Quanah Gibson-Mount
0ce23640b6 Merge remote-tracking branch 'origin/mdb.RE/0.9' 2020-07-23 21:32:44 +00:00
Ondřej Kuzník
fd921e7121 ITS#9279 Expose Netscape password policy controls in libldap 2020-07-22 18:57:38 +00:00
Quanah Gibson-Mount
21eef84a49 ITS#9275 -- Update wording to remove slave and master terms, consolidate on provider/consumer 2020-07-18 16:27:04 +00:00
Howard Chu
24b45f57f2 ITS#9287 use getaddrinfo for ldap_pvt_get_fqdn 
If getaddrinfo is available, should use it here
 2020-07-16 21:08:36 +01:00
Ondřej Kuzník
1129df533d ITS#8701 Expose account usability in libldap 2020-07-07 16:43:35 +01:00
Ryan Tandy
a4474d3584 ITS#9235 Delete LDAP_THREAD_SAFE 2020-07-03 17:24:16 -07:00
Ryan Tandy
1f39b05f37 ITS#9235 Fix librewrite compile without threads 2020-07-03 17:23:14 -07:00
Ryan Tandy
c4b6aad6cb ITS#9235 Link test progs with thread libs 2020-07-03 17:23:14 -07:00