upstream/openldap
1
0
Fork 0
mirror of https://git.openldap.org/openldap/openldap.git synced 2025-12-20 22:59:34 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions
24515 commits 38 branches 309 tags 68 MiB
Commit graph

4978 commits

Author SHA1 Message Date
Quanah Gibson-Mount
56609fb5a6 ITS#9469 - Typo fixes 2021-02-18 20:32:28 +00:00
Quanah Gibson-Mount
ce2c5173bd ITS#9161 - Fix various typos 
Fix a number of different typos across the code base
 2021-02-17 18:42:46 +00:00
Howard Chu
00a5815c2c ITS#9465 remove assert in ldap_get_option() 
Since it's already checked for error
 2021-02-11 17:03:32 +00:00
Howard Chu
f9c5b46651 ITS#9461 fix typo 2021-02-11 11:34:57 +00:00
Howard Chu
257847ab71 Return to Engineering, ITS#9461 2021-02-09 23:42:03 +00:00
Howard Chu
40585b4839 ITS#9461 refix ITS#9376 
Was setting C_DEL flag gratuitously
 2021-02-09 23:41:11 +00:00
Quanah Gibson-Mount
62b7ba7862 Merge remote-tracking branch 'origin/mdb.RE/0.9' 2021-02-04 20:48:51 +00:00
Quanah Gibson-Mount
51a29155e1 Prepare for release (0.9.28) 2021-02-04 20:46:33 +00:00
Ondřej Kuzník
08f07b2ac1 Fix typo in MS AD persistent search ctrl 2021-02-04 15:55:57 +00:00
Quanah Gibson-Mount
61f619043e ITS#8580 - Explicitly honor the server side cipher suite preference 2021-01-28 20:22:50 +00:00
Howard Chu
bedc82a249 ITS#8662 2021-01-28 18:28:32 +00:00
Howard Chu
7796aaebcd ITS#8662 Add -a append option to mdb_load 
To allow reloading of custom-sorted DBs from mdb_dump
 2021-01-28 18:26:41 +00:00
Quanah Gibson-Mount
efaf9a4a17 Happy New Year! 2021-01-11 19:25:53 +00:00
Quanah Gibson-Mount
cf81bfb2e4 Merge remote-tracking branch 'origin/mdb.RE/0.9' 2021-01-11 19:22:25 +00:00
Quanah Gibson-Mount
b4e1e00e9e Happy New Year! 2021-01-11 19:21:58 +00:00
Howard Chu
d2936fb1d5 ITS#9425 add more checks to ldap_X509dn2bv 2020-12-14 20:05:44 +00:00
Howard Chu
c944dc55b7 ITS#9423 ldap_X509dn2bv: check for invalid BER after RDN count 2020-12-13 21:52:00 +00:00
Ondřej Kuzník
50a021a387 Do not enforce a valid ld in lutil_sasl_interact 2020-11-17 17:58:15 +00:00
Quanah Gibson-Mount
ef893fffad ITS#9381 - Remove unused variables, fix rc usage 2020-10-29 20:09:36 +00:00
Quanah Gibson-Mount
cbcc15f561 Return to RE 2020-10-26 19:03:01 +00:00
Quanah Gibson-Mount
3c9aa9df84 Prepare for release (0.9.27) 2020-10-26 19:00:40 +00:00
Howard Chu
37a48f4e89 ITS#9376 2020-10-23 20:38:14 +01:00
Howard Chu
c131c853f0 ITS#9376 Fixes for repeated deletes with xcursor 
On DUPSORT DBs, must initialize xcursor regardless of whether
caller requested its data. Also in cursor_prev must check whether
cursor index is still within range before using it.
 2020-10-23 20:37:30 +01:00
Ondřej Kuzník
3f5293e145 ITS#5422 Save errno before passing it to Debug() 2020-09-24 23:34:36 +00:00
Howard Chu
c3131eb5a3 ITS#9348 replace all uses of STRERROR with AC_STRERROR_R 
Avoid using sys_errlist unless there's no other choice
 2020-09-24 23:34:36 +00:00
Howard Chu
6d7c2511b4 ITS#9201 partial revert 2020-09-03 21:08:17 +01:00
Howard Chu
ccfbb74c62 ITS#9201 additional fixes 2020-09-03 21:01:07 +01:00
Howard Chu
b24ca75993 ITS#9201 fix LDAP_THREAD_DEBUG 
Add missing defs to ldap_thr_debug.h.
slap tools must init libldap so internal mutexes get inited.
 2020-09-03 12:37:32 +01:00
Howard Chu
4c74bd0a41 ITS#9332 add placeholder in LDAP_LDO_TLS_NULLARG 2020-09-01 20:25:00 +01:00
Howard Chu
536767798b ITS#9054 fix typo 2020-08-27 11:22:58 +01:00
Howard Chu
e3faae939c ITS#9328 cldap: check for error on connected socket 
libldap doesn't use a connected socket for UDP sessions, but 3rd
parties can, passed in with ldap_init_fd().
 2020-08-26 20:53:38 +00:00
Quanah Gibson-Mount
c1411b8199 ITS#9323 - Limit to OpenSSL 1.0.2 or later 2020-08-25 21:52:04 +00:00
Howard Chu
88e569d857 ITS#9249 librewrite: fix malloc/free corruption 
If substitution parsing fails, would attempt to free a mapping
that hadn't been allocated yet.

Also, on failure, caller in saslauthz would attempt to free a
rwinfo struct that hadn't been allocated.
 2020-08-23 19:32:51 +00:00
Howard Chu
608a822349 ITS#9318 add TLS_REQSAN option 
Add an option to specify how subjectAlternativeNames should be
handled when validating the names in a server certificate.
 2020-08-21 18:05:08 +00:00
Howard Chu
2386a11649 ITS#9054 Add support for multiple EECDH curves 
Requires OpenSSL 1.0.2 or newer
 2020-08-21 07:58:07 +01:00
Howard Chu
9d2f15307d ITS#7926 dynamic changes to olcListenerThreads 
Reallocates sockets from old to new listener threads
 2020-08-18 22:37:50 +01:00
Quanah Gibson-Mount
01db7a099e Return to engineering 2020-08-12 05:03:38 +00:00
Quanah Gibson-Mount
9c78a81d05 Merge remote-tracking branch 'origin/mdb.RE/0.9' into master 2020-08-11 18:28:02 +00:00
Quanah Gibson-Mount
20403b7b38 Release 0.9.26 2020-08-11 18:24:07 +00:00
Ondřej Kuzník
917fcc03ee ITS#9279 Send Netscape expired control as a bare string 2020-07-27 14:22:24 +02:00
Quanah Gibson-Mount
c444578743 Merge remote-tracking branch 'origin/mdb.RE/0.9' 2020-07-23 21:59:13 +00:00
Quanah Gibson-Mount
37ebb6b46b ITS#9278 2020-07-23 21:35:36 +00:00
Quanah Gibson-Mount
0ce23640b6 Merge remote-tracking branch 'origin/mdb.RE/0.9' 2020-07-23 21:32:44 +00:00
Ondřej Kuzník
fd921e7121 ITS#9279 Expose Netscape password policy controls in libldap 2020-07-22 18:57:38 +00:00
Quanah Gibson-Mount
21eef84a49 ITS#9275 -- Update wording to remove slave and master terms, consolidate on provider/consumer 2020-07-18 16:27:04 +00:00
Howard Chu
24b45f57f2 ITS#9287 use getaddrinfo for ldap_pvt_get_fqdn 
If getaddrinfo is available, should use it here
 2020-07-16 21:08:36 +01:00
Ondřej Kuzník
1129df533d ITS#8701 Expose account usability in libldap 2020-07-07 16:43:35 +01:00
Ryan Tandy
a4474d3584 ITS#9235 Delete LDAP_THREAD_SAFE 2020-07-03 17:24:16 -07:00
Ryan Tandy
1f39b05f37 ITS#9235 Fix librewrite compile without threads 2020-07-03 17:23:14 -07:00
Ryan Tandy
c4b6aad6cb ITS#9235 Link test progs with thread libs 2020-07-03 17:23:14 -07:00
Ryan Tandy
a10210db84 ITS#9235 Only compile libldap_r sources when LDAP_R_COMPILE 2020-07-03 17:23:14 -07:00
Ryan Tandy
a5c0b59398 ITS#9235 Define LDAP_R_COMPILE iff building with threads 2020-07-03 17:23:14 -07:00
Quanah Gibson-Mount
c06ac436e2 ITS#9235 Merge libldap_r into libldap 2020-07-03 17:23:14 -07:00
Brett Sheffield
42d7238925 ITS#8603 Add ldif_open_mem() 
ldif_open_mem() is the fmemopen(3) equivalent of ldif_open() which opens
an ldif steam from memory, rather than from a file.
 2020-06-23 10:31:08 +01:00
Sergio Gelato
8006ee58b8 ITS#8204 Improved RFC2782 shuffle when several, but not all, records have weight 0. 
The fallback to a straight Fisher-Yates shuffle needs to occur whenever the
sum of the *remaining* weights is zero, or else the remaining records will
not be reordered. Testing only once at the beginning covers the case when
all weights are zero, and obviously no shuffling is needed when only one
weight is zero; but other weight combinations are possible, such as (1, 0, 0).
 2020-06-22 17:27:30 +00:00
Sergio Gelato
ee7502accd ITS#8204 Remove bias towards the first record in RFC2782 shuffle implementation. 
Prior to this change, given two records of weight 1 the algorithm would
return them in the order (0,1) with 100% probability instead of the
desired 50%. This was due to an off-by-one error in the range test.

srv_rand() returns a float in the range [0.0, 1.0[, so r is an integer in the
range [0, total[. The correct probability for record 0 to be chosen is
a[0].weight/total, not (a[0].weight+1)/total.
 2020-06-22 17:27:30 +00:00
Howard Chu
f681a07634 Silence stupid fallthru warning 2020-06-16 19:57:41 +01:00
Howard Chu
f683ffdc81 ITS#9278 fix robust mutex cleanup for FreeBSD 
FreeBSD 11 supports robust process-shared POSIX mutexes,
but requires them to be explicitly destroyed before munmap
 2020-06-16 19:56:16 +01:00
Quanah Gibson-Mount
fb1933f567 Issue#7530 - Test for ERANGE when using 6 form gethostbyname_r 2020-05-26 19:18:02 +00:00
Ryan Tandy
9282e6edea ITS#8155 Support cacertdir with GnuTLS 2020-05-14 07:56:28 -07:00
Howard Chu
fd23680a44 ITS#9215 fix for glibc again 2020-04-28 16:33:41 +01:00
Ryan Tandy
4a50fa745d ITS#9215 Fix previous commit 2020-04-27 20:06:52 +00:00
Ryan Tandy
e96f90e212 ITS#9176 Implement SNI for GnuTLS 2020-04-27 11:01:01 -07:00
Howard Chu
4265849b0f ITS#9176 check for failure setting SNI 2020-04-27 18:54:02 +01:00
Howard Chu
b8f34888c3 ITS#9176 check for numeric addrs before passing SNI 2020-04-27 18:25:49 +01:00
Howard Chu
5c0efb9ce8 ITS#9176 Add TLS SNI support to libldap 
Implemented for OpenSSL, GnuTLS just stubbed
 2020-04-27 03:41:12 +01:00
Isaac Boukris
4c545ee078 ITS#9242 - ifdef tls-endpoint code in openssl pre 0.9.8 2020-04-25 22:50:52 +02:00
Isaac Boukris
4cac398b19 ITS#9189 - initialize ldo_sasl_cbinding in LDAP_LDO_SASL_NULLARG 
Reported-by: Ryan Tandy @ryan
 2020-04-23 22:28:51 +00:00
Ryan Tandy
e9543da971 ITS#9215 Define _XOPEN_SOURCE for glibc only 2020-04-23 13:19:33 -07:00
Isaac Boukris
3cd50fa8b3 ITS#9189 rework sasl-cbinding support 
Add LDAP_OPT_X_SASL_CBINDING option to define the binding type to use,
defaults to "none".

Add "tls-endpoint" binding type implementing "tls-server-end-point" from
RCF 5929, which is compatible with Windows.

Fix "tls-unique" to include the prefix in the bindings as per RFC 5056.
 2020-04-23 21:00:39 +02:00
Quanah Gibson-Mount
8505f774a5 Update to drop NON_BLOCKING ifdefs that were only really for moznss 2020-04-20 21:38:01 +00:00
Quanah Gibson-Mount
a019e7fe1a ITS#9207 - Remove MozNSS code and documentation 2020-04-20 21:38:01 +00:00
Ryan Tandy
84ab23f37f ITS#9087 Let configure detect cross windres tool 2020-04-17 21:39:52 +00:00
Chris Zagar
7985626fae ITS#9087 - Change hard-coded windres to $(RC) to support mingw cross-compiling 2020-04-17 21:01:05 +00:00
Ryan Tandy
db404baf15 ITS#9226 Fix link order for rewrite program on MinGW 2020-04-16 19:35:53 -07:00
Ryan Tandy
d5e133f459 ITS#9181 fix ldap_pvt_thread_mutex_t used before its definition 2020-04-16 19:15:31 +00:00
Quanah Gibson-Mount
a97eed06f0 ITS#6937 - Remove unused proctitle bits 2020-04-15 19:32:28 +00:00
Quanah Gibson-Mount
e50741e459 ITS#6567 - More cleanup 2020-04-13 17:19:35 +00:00
Howard Chu
735e1ab14b ITS#8650 loop on incomplete TLS handshake 
Always retry ldap_int_tls_connect() if it didn't complete,
regardless of blocking or non-blocking socket. Code from
ITS#7428 was wrong to only retry for async.
 2020-04-12 23:51:09 +01:00
Quanah Gibson-Mount
c6493c45b5 ITS#6567 - Remove non-cyrus-sasl GSSAPI bits 2020-04-10 18:19:33 +00:00
Quanah Gibson-Mount
0668877847 ITS#9191 - Avoid div 0 error 2020-04-06 15:42:00 +00:00
Ryan Tandy
7732cb2794 ITS#9086 Add debug logging for more GnuTLS errors 2020-04-02 15:52:31 +00:00
Sergei Trofimovich
57b7003a64 thr_posix.c: fix implicit function declaration for 'pthread_setconcurrency' 
thr_posix.c: In function 'ldap_pvt_thread_set_concurrency':
thr_posix.c:96:9: error: implicit declaration of function 'pthread_setconcurrency'
  return pthread_setconcurrency( n );
         ^~~~~~~~~~~~~~~~~~~~~~
         pthread_setcanceltype

Signed-off-by: Sergei Trofimovich <slyfox@gentoo.org>
 2020-03-26 22:06:41 +00:00
Howard Chu
4f7ea78c95 ITS#9181 Fix race on Windows mutex init 2020-03-16 17:07:43 +00:00
Andrew Lawrence
6f5cc45f93 ITS#8639 remove LANMAN hashed passwords 2020-03-07 16:55:35 +00:00
Quanah Gibson-Mount
6bd2a3721d ITS#9175 - Fix argument cast 
Fixes potential segfault in ldapsearch
 2020-02-21 21:10:49 +00:00
Ondřej Kuzník
b1170bc035 Revert "ITS#9160 OOM handling in mdb tools", wrong branch. 
This reverts commit be61a967e6.
 2020-02-07 11:34:20 +00:00
Ondřej Kuzník
4bb239bd76 ITS#9160 OOM handling in libldap 2020-02-07 09:46:52 +00:00
Ondřej Kuzník
be61a967e6 ITS#9160 OOM handling in mdb tools 2020-02-07 09:46:52 +00:00
Quanah Gibson-Mount
1ce8c2bcea Return to engineering 2020-01-30 18:14:31 +00:00
Quanah Gibson-Mount
bc30f083d6 Merge remote-tracking branch 'origin/mdb.RE/0.9' 2020-01-30 18:13:03 +00:00
Quanah Gibson-Mount
6a1af27ff2 Release 0.9.25 2020-01-30 17:57:13 +00:00
Ondřej Kuzník
76c43165ea Remove LDAP_X_TXN and rename accordingly 2020-01-28 12:09:09 +00:00
Ondřej Kuzník
9ce2d2f9d2 ITS#9156 Implement pwdMaxLength 2020-01-23 23:46:43 +00:00
Quanah Gibson-Mount
a2be9ff491 Merge remote-tracking branch 'origin/mdb.RE/0.9' 2020-01-23 16:10:20 +00:00
Howard Chu
dc021fe9ec ITS#9155 2020-01-23 14:52:50 +00:00
Howard Chu
87a94cbf9b ITS#9155 lmdb: free mt_spill_pgs in non-nested txn on end 2020-01-23 14:52:13 +00:00
Howard Chu
c06807ec45 ITS#9120 fix tm2time compat breakage 
Add lutil_tm2gtime for Proleptic Gregorian calendar,
revert lutil_tm2time to previous behavior using Unix epoch
 2020-01-19 19:05:04 +00:00
Howard Chu
e2e17dd2f1 ITS#9147 plug descriptor leak if ldaps connect fails 2020-01-11 04:18:37 +00:00
Quanah Gibson-Mount
f6ad222e41 Happy New Year! 2020-01-09 16:50:21 +00:00
Quanah Gibson-Mount
cc93098132 Merge remote-tracking branch 'origin/mdb.RE/0.9' 2020-01-09 16:47:22 +00:00
Quanah Gibson-Mount
ed0b29b3fe Happy New Year! 2020-01-09 16:46:43 +00:00
Howard Chu
97c145919d ITS#9120 change reference year from 1970 to 0000 
Now handles +/-8740 years centered around year 0000 (1BCE)
 2019-11-28 21:33:48 +00:00
Quanah Gibson-Mount
a4af93f16b Merge remote-tracking branch 'origin/mdb.RE/0.9' 2019-11-23 15:31:12 +00:00
Quanah Gibson-Mount
8bf3fdcd6d ITS#9118 - Fix typo in prev commit 2019-11-22 14:36:38 +00:00
Howard Chu
7d0c4b4c30 ITS#9118 2019-11-21 20:45:11 +00:00
Howard Chu
34f572e7a5 ITS#9118 add MAP_NOSYNC for FreeBSD 2019-11-21 20:44:37 +00:00
Ondřej Kuzník
639e5f15fd ITS#9081 Do not leak sb (ITS#8755 regression) 2019-09-23 17:27:18 +01:00
Ryan Tandy
63c82c0ed7 ITS#9069 Do not call gnutls_global_set_mutex() 
Since GnuTLS moved to implicit initialization on library load, calling
this function deinitializes GnuTLS and then re-initializes it.

When GnuTLS uses /dev/urandom as an entropy source (getrandom() not
available, or older versions of GnuTLS), and the application closed all
file descriptors at startup, this could result in GnuTLS opening
/dev/urandom over one of the application's file descriptors when
re-initialized.

Additionally, the custom mutex functions are never reset, so if libldap
is unloaded (for example via dlclose()) after calling this, its code may
be unmapped and the application could crash when GnuTLS calls the mutex
functions.

On typical systems, GnuTLS system mutexes are probably the same as what
libldap uses anyway.
 2019-09-12 13:16:30 -07:00
Howard Chu
5db7e9baaa return to release engineering, ITS#9068 2019-08-26 17:56:17 +01:00
Howard Chu
239d5cd82b ITS#9068 fix backslash escaping 
mdb_load wasn't properly inserting escaped backslashes into the data.
mdb_dump wasn't escaping backslashes when generating printable output.
 2019-08-26 17:55:23 +01:00
Quanah Gibson-Mount
0eed0ccefc ITS#7585 - Windows doesn't support LDAPI 
Adjust patch for ITS#7585 as Windows does not have LDAPI support.
 2019-07-23 14:45:16 +00:00
Howard Chu
0c357cc88a Release 0.9.24 2019-07-19 17:41:12 +01:00
Quanah Gibson-Mount
4ccd139355 Revert "use AI_ADDRCONFIG if defined in the environment" 
This reverts commit ebf0ef5cb1.

Depends on custom glibc from RedHat
 2019-07-19 16:24:45 +00:00
Quanah Gibson-Mount
403c01b5e6 Fix previous commit. It broke builds where --with-cyrus-sasl=no is set. 2019-06-27 17:44:18 +00:00
Howard Chu
b02807ea2f Cleanup limits in cyrus.c 2019-06-25 15:31:31 +01:00
Ondřej Kuzník
b2f4cacd47 ITS#7996 Use a separate mutex in ldap_int_initialize 2019-06-21 12:19:38 +02:00
Ondřej Kuzník
60754d77c8 ITS#8755 Do not close the default SockBuf a second time 2019-06-20 16:58:25 +02:00
Jame Gerwe
6c177e6629 ITS#8794 - Fix implicit declaration for ldap_is_ldapc_url 
Fix building OpenLDAP with -DLDAP_CONNECTIONLESS so that ldap_is_ldapc_url function is defined
 2019-06-17 17:25:29 +00:00
Ondřej Kuzník
5e8aa3f6d1 ITS#8754 Don't try IPv6 addresses unless configured to 2019-06-13 10:24:43 +02:00
Côme Chilliet
2cac3ceb03 ITS#8674 Return correct result from ldap_create_assertion_control_value 
ldap_create_assertion_control_value was returning ld->ld_errno
 upon success without reseting it to LDAP_SUCCESS first
 2019-06-12 16:57:13 +02:00
Ondřej Kuzník
db40120a27 ITS#7996 Tighten race in ldap_int_initialize 2019-06-12 11:53:38 +02:00
Ondřej Kuzník
860daa0989 ITS#7042 More to unsetting opts with an empty string 2019-06-12 11:50:14 +02:00
Patrick Monnerat
0f9afae02d ITS#7042 Allow unsetting of tls_* syncrepl options. 
This can be done by setting them to an empty string value.
 2019-06-11 15:36:03 +02:00
Jan Vcelak
ebf0ef5cb1 use AI_ADDRCONFIG if defined in the environment 2019-05-13 15:33:55 +00:00
Sumit Bose
6c5a79be98 ITS#7585 fix ldapi with SASL_NOCANON 
Was using the ldapi socket path as a hostname
 2019-04-18 21:57:04 +01:00
Quanah Gibson-Mount
b227ea50e0 Merge remote-tracking branch 'origin/mdb.RE/0.9' 2019-04-18 00:09:09 +00:00
Howard Chu
4da8e78fc5 ITS#9007 2019-04-16 10:35:50 +01:00
Kris Zyp
8d93fe0718 ITS#9007 don't free loose writemap pages 
Broken in ITS#8756
 2019-04-16 10:35:04 +01:00
Ondřej Kuzník
5b55054544 Do not allocate a new cbinding if we have one already. 2019-03-27 10:54:42 +00:00
Ondřej Kuzník
aba073e171 ITS#8980 Actually return the computed status 2019-03-19 16:46:03 +00:00
Nadezhda Ivanova
f239bbd3c6 Add LDAP_OPT_KEEPCONN option 
This option instructs try_read1msg to not free the connection on read error
or on Notice of disconnections, but leave it to the caller. It is needed,
for example, by back-asyncmeta, who expects to have control on when
its target connections are freed. Must be used with caution.
 2019-02-28 17:27:54 +00:00
Vernon Smith
8158888085 ITS#8980 fix async connections with non-blocking TLS 2019-02-28 17:02:40 +00:00
Howard Chu
06d289f985 ITS#8983 Add draft Persistent Search 2019-02-25 15:19:33 +00:00
Ondřej Kuzník
e6ae7d5136 ITS#8731 Make loading ldap-int.h possible from server code again 2019-02-19 17:14:26 +00:00
Ondřej Kuzník
117dcbc54d Silence compiler warnings 2019-02-19 10:28:08 +00:00
Ondřej Kuzník
cd914149a6 Make prototypes available where needed 2019-02-19 10:26:39 +00:00
Ondřej Kuzník
97a310b312 ITS#8731 Apply doc/devel/variadic_debug/04-variadic.cocci 2019-02-15 16:51:53 +00:00
Ondřej Kuzník
09cec1f1b4 ITS#8731 Apply doc/devel/variadic_debug/03-libldap_Debug.cocci 2019-02-15 16:51:53 +00:00
Ondřej Kuzník
e1e643ea41 ITS#8731 Manual adjustments 2019-02-15 16:51:53 +00:00
Ondřej Kuzník
254d2adab0 ITS#8731 Rework logging 2019-02-15 16:51:53 +00:00
Ondřej Kuzník
129dcfbd86 ITS#8731 General Debug() related fixes 2019-02-15 16:51:53 +00:00
Quanah Gibson-Mount
6c5b7f7583 Merge remote-tracking branch 'origin/mdb.RE/0.9' 2019-02-13 16:58:49 +00:00
Howard Chu
f8505b10ed ITS#8975 2019-02-10 10:13:10 +00:00
Kris Zyp
ea30be6109 ITS#8975 WIN32: Skip setting file pointer for write maps 
CreateFileMapping already takes care of it.
 2019-02-10 10:11:53 +00:00
Quanah Gibson-Mount
09ff530036 ITS#8957 - Fix ASYNC TLS 
Fix ASYNC TLS by correctly handling a return code of -2 in addition to 0
 2019-01-31 23:28:36 +00:00
Quanah Gibson-Mount
50b33cc6b8 ITS#8968 - Fix ASYNC connection on Solaris 10 
Fixes ASYNC connections to handle a return code of ENOTCONN as this is
what Solaris 10 does.
 2019-01-31 23:28:28 +00:00
Howard Chu
8c39ba1077 ITS#8969 2019-01-31 00:22:50 +00:00
Howard Chu
7375ffc0d4 ITS#8969 tweak mdb_page_split 
Bump up number of keys for which we use fine-grained splitpoint search
 2019-01-31 00:22:28 +00:00
Howard Chu
e8c62bf8b4 ITS#8966 add changelog support to syncrepl consumer 
Tested against DSEE7. The DSEE binaries must be in your path to run the test script.
 2019-01-29 18:51:43 -08:00
Howard Chu
b15149a56b Happy New Year 2019-01-14 19:06:40 +00:00
Quanah Gibson-Mount
b45a6a7dc7 Happy New Year! 2019-01-14 18:46:16 +00:00
Quanah Gibson-Mount
497f385587 Merge remote-tracking branch 'origin/mdb.RE/0.9' 2019-01-14 18:40:58 +00:00
Quanah Gibson-Mount
f9acf68207 Happy New Year! 2019-01-14 18:40:15 +00:00
Howard Chu
d3b1558dcb ITS#8353 CRYPTO_set_id_callback deprecated in OpenSSL 0.9.9 2019-01-02 10:16:40 +00:00
Quanah Gibson-Mount
6a47588fd6 Return to engineering 2018-12-19 16:52:12 +00:00
Quanah Gibson-Mount
868750c74b Merge remote-tracking branch 'origin/mdb.RE/0.9' 2018-12-19 15:53:50 +00:00
Quanah Gibson-Mount
2a5eaad691 Release 0.9.23 2018-12-19 15:51:03 +00:00
Howard Chu
8ccb3d4e1b Add msctrl to libldap_r 
Overlooked this in a9bfce1292
 2018-12-18 17:11:54 +00:00
Howard Chu
18e0bcb7de Add MS AD persistent search ctrl 2018-12-13 05:44:46 -08:00
Howard Chu
7e5c9c1345 ITS#8752 (maybe related) 
Avoid incremental access to user-supplied bv in dupbv
 2018-12-05 10:41:47 +00:00
Ondřej Kuzník
c65cf6e6d7 ITS#8858 Fix use after free 2018-11-29 14:41:58 +00:00
Howard Chu
de998c3518 DirSync ctrl requires critical 2018-11-18 02:47:21 +00:00
Howard Chu
a9bfce1292 Add some MS AD controls 2018-11-17 18:33:41 -08:00
Ondřej Kuzník
10a6ffa3e9 Expose ldap_int_tls_connect as ldap_pvt_tls_connect 2018-10-22 11:35:31 +01:00
Ondřej Kuzník
0f44671c51 ITS#8772 Remove the local rmutex implementation 2018-10-19 13:08:10 +01:00
Ondřej Kuzník
7fa5eb4242 ITS#8772 Remove type distinction for recursive mutexes 2018-10-19 13:08:10 +01:00
Ondřej Kuzník
5c0b820c4a ITS#8772 Remove cthread support 2018-10-19 13:08:10 +01:00
Ondřej Kuzník
d4df939b95 ITS#8858 Introduce ldap_pvt_thread_pool_walk 2018-10-19 13:08:09 +01:00
Ondřej Kuzník
33aa4405e5 ITS#8850 Split ldap_pvt_thread_pool_destroy logic 2018-10-19 13:08:09 +01:00
Howard Chu
d7a778004b ITS#8809 add missing includes 2018-09-21 18:42:34 +01:00
Ryan Tandy
4c1ab16ade Revert "ITS#8650 retry gnutls_handshake after GNUTLS_E_AGAIN" 
This reverts commit 7b5181da8c.
 2018-09-18 19:16:31 -07:00
Howard Chu
ea4c969a24 ITS#8857 mdb_cursor_del 2018-09-10 19:06:45 +01:00
moneromooo-monero
246e7e77c8 ITS#8857 document mdb_cursor_del does not invalidate the cursor 2018-09-10 19:06:11 +01:00
Howard Chu
3bec2a8228 Fix ITS#8756, 8831, 8844, 8908 2018-09-10 16:24:51 +01:00
Howard Chu
1105d2043e ITS#8908 DOC: GET_MULTIPLE etc don't return the key 
Unnecessary since these are DUPs, the key will always be the same
 2018-09-10 16:20:26 +01:00
Howard Chu
1f33a6d910 ITS#8756 remove loose pg from dirty list in freelist_save 2018-09-10 16:20:07 +01:00
Howard Chu
9e859dd1ca ITS#8831 move flag init into readhdr 
Avoid stomping on flags from 1st readhr invocation
 2018-09-10 16:19:28 +01:00
Ondřej Kuzník
b0244fc869 ITS#8842 Do some printability checks on the dc RDN 2018-07-02 16:18:26 +01:00
Ondřej Kuzník
fb49d486a3 ITS#8864 Fix ber_realloc after a partial ber_flush 2018-06-14 17:07:19 +01:00
Ondřej Kuzník
8a259e3df1 ITS#8573 allow all libldap options in tools -o option 2018-06-14 16:19:10 +01:00
Howard Chu
3b01bbbc67 ITS#8844 use getpid() in mdb_env_close0() 2018-05-02 17:06:15 +01:00
Quanah Gibson-Mount
b0a6dbcc70 Return to engineering 2018-03-22 19:13:11 +00:00
Quanah Gibson-Mount
59e9ff6243 Happy New Year 2018-03-22 15:35:24 +00:00
Quanah Gibson-Mount
762d7b075e Merge remote-tracking branch 'origin/mdb.RE/0.9' 2018-03-22 15:28:21 +00:00
Quanah Gibson-Mount
5033a08c86 Update release date 2018-03-22 15:23:05 +00:00
Quanah Gibson-Mount
385193cd52 Happy New Year 2018-03-22 15:22:03 +00:00
Howard Chu
2f4948f1e4 Release 0.9.22 2018-03-21 22:50:02 +00:00
Howard Chu
e77918a903 ITS#8819 can't use fakepage mp_ptrs directly 2018-03-21 22:48:04 +00:00
Quanah Gibson-Mount
6f9a9ca825 Merge remote-tracking branch 'origin/mdb.RE/0.9' 2018-02-11 21:02:26 +00:00
Quanah Gibson-Mount
a351fe0b64 ITS#8722 2018-02-11 21:02:05 +00:00
Hallvard Furuseth
f6514da360 Tweak ITS#8722 fix: Use XCURSOR_REFRESH() 
This checks XCURSOR_INITED() and fixes the mn_flags check.
 2018-02-11 20:59:44 +00:00
Hallvard Furuseth
40daa8e73f XCURSOR_REFRESH() fixups/cleanup 
* Check NUMKEYS(), similar to f34b61f947
  "ITS#8722 fix FIRST_DUP/LAST_DUP cursor bounds check".
* Move XCURSOR_INITED() into XCURSOR_REFRESH().  This adds a check in
  mdb_cursor_put, below /* converted, write the original data first */.
* Factor mc_ki[] out to XCURSOR_REFRESH().
* Replace an mc_pg[] with mp which is equal (mdb_cursor_del0).
 2018-02-11 20:59:37 +00:00
Howard Chu
98b2910ee8 ITS#8722 fix FIRST_DUP/LAST_DUP cursor bounds check 2018-02-11 20:59:28 +00:00
Quanah Gibson-Mount
264263484b ITS#8622 2018-02-11 20:58:54 +00:00
Howard Chu
35251f6847 ITS#8699 more for cursor_del ITS#8622 
Set C_DEL flag on reinit'd subcursor
 2018-02-11 20:57:50 +00:00
Quanah Gibson-Mount
3b1acd40cd Fix ITS location 2018-02-09 19:00:38 +00:00
Quanah Gibson-Mount
735b6c995e Merge remote-tracking branch 'origin/mdb.RE/0.9' 2018-02-09 18:49:21 +00:00
Quanah Gibson-Mount
e20e307929 ITS#8760 2018-02-09 18:47:21 +00:00
Howard Chu
a4d9a75a1e ITS#8760 fix regression in 0.9.19 2018-02-09 18:46:40 +00:00
Quanah Gibson-Mount
4ac16b128c ITS#8612 2018-02-09 18:46:06 +00:00
Quanah Gibson-Mount
b2426af3d1 ITS#8612 Fix Solaris builds with liblmdb 
This patch fixes liblmdb builds on Solaris and derivatives by defining
_POSIX_PTHREAD_SEMANTICS
 2018-02-09 18:45:37 +00:00
Quanah Gibson-Mount
3d8fc321d5 0.9.22 engineering 2018-02-09 18:45:20 +00:00
Howard Chu
650b4822ce Avoid unnecessary C99 initializers 2018-01-25 15:40:26 +00:00
Howard Chu
f09ffffcbd Cleanup warnings 2018-01-25 15:36:00 +00:00
Bradley Baetz
e5ee07785e ITS#8791 fix OpenSSL 1.1.1 BIO_method compat 
Use the new methods unconditionally, define helper functions for older versions.
 2018-01-25 15:28:51 +00:00
Soohoon Lee
1863245f49 ITS#8484 - Fix MozNSS initialization 2017-12-08 07:00:02 -08:00
Howard Chu
f82ca15a18 ITS#8782 plug memleaks in cancel 2017-12-04 16:00:33 +00:00
Quanah Gibson-Mount
f5da6638ec ITS#8753, ITS#8774 - Fix compilation with older versions of OpenSSL 2017-11-17 14:30:45 -08:00
Ondřej Kuzník
36da75830f ITS#8753 Remove extraneous file 2017-11-14 09:28:18 +00:00
Ondřej Kuzník
8e34ed8c78 ITS#8753 Public key pinning support in libldap 2017-11-13 17:24:49 +00:00
Ondřej Kuzník
91ebfc82ea ITS#8753 Move base64 decoding to separate file 2017-11-13 16:51:01 +00:00
Ondřej Kuzník
3d5a7545b9 Build internal avl testing tools correctly 2017-10-26 11:53:50 +01:00
Josh Soref
10566c8be3 ITS#8605 - spelling fixes 
* javascript
* kernel
* ldap
* length
* macros
* maintained
* manager
* matching
* maximum
* mechanism
* memory
* method
* mimic
* minimum
* modifiable
* modifiers
* modifying
* multiple
* necessary
* normalized
* objectclass
* occurrence
* occurring
* offered
* operation
* original
* overridden
* parameter
* permanent
* preemptively
* printable
* protocol
* provider
* really
* redistribution
* referenced
* refresh
* regardless
* registered
* request
* reserved
* resource
* response
* sanity
* separated
* setconcurrency
* should
* specially
* specifies
* structure
* structures
* subordinates
* substitution
* succeed
* successful
* successfully
* sudoers
* sufficient
* superiors
* supported
* synchronization
* terminated
* they're
* through
* traffic
* transparent
* unsigned
* unsupported
* version
* absence
* achieves
* adamson
* additional
* address
* against
* appropriate
* architecture
* associated
* async
* attribute
* authentication
* authorized
* auxiliary
* available
* begin
* beginning
* buffered
* canonical
* certificate
* charray
* check
* class
* compatibility
* compilation
* component
* configurable
* configuration
* configure
* conjunction
* constraints
* constructor
* contained
* containing
* continued
* control
* convenience
* correspond
* credentials
* cyrillic
* database
* definitions
* deloldrdn
* dereferencing
* destroy
* distinguish
* documentation
* emmanuel
* enabled
* entry
* enumerated
* everything
* exhaustive
* existence
* existing
* explicitly
* extract
* fallthru
* fashion
* february
* finally
* function
* generically
* groupname
* happened
* implementation
* including
* initialization
* initializes
* insensitive
* instantiated
* instantiation
* integral
* internal
* iterate
 2017-10-11 14:39:38 -07:00
Zebediah Figura
cc99da182f ITS#8508 - Allow ucgendat.c to recognize title-case characters even if they do not have lower-case equivalents 
I, Zebediah Figura, hereby place the following modifications to OpenLDAP Software (and only these modifications) into the public domain. Hence, these modifications may be freely used and/or redistributed for any purpose with or without attribution and/or other notice.
 2017-10-11 14:32:16 -07:00
Nathaniel McCallum
29f6260364 ITS#7532 - Add new function ldap_connect(). 
This function is used to manually establish a connection after
a call to ldap_initialize(). This is primarily so that a file
descriptor can be obtained before any requests are sent for the
purposes of polling for writability.
 2017-10-11 14:31:22 -07:00
Jan Vcelak
cbf5f03476 ITS#7389 - MozNSS: load certificates from certdb, fallback to PEM 
If TLS_CACERT pointed to a PEM file and TLS_CACERTDIR was set to NSS
certificate database, the backend assumed that the certificate is always
located in the certificate database. This assumption might be wrong.

This patch makes the library to try to load the certificate from NSS
database and fallback to PEM file if unsuccessfull.
 2017-10-06 13:59:07 -07:00
Ian Puleston
46c93e41f4 ITS#8167 Fix non-blocking TLS with referrals 2017-10-06 13:57:13 -07:00
Quanah Gibson-Mount
35a880c53e ITS#8687 - EGD is disabled by default in OpenSSL 1.1. We need to comment out this block if it is not detected. Particularly affects cross compilation. 2017-10-06 13:48:40 -07:00
sca+openldap@andreasschulze.de
90835da72f ITS#8578 - remove unused-variables in RE24 testing call (2.4.45) 2017-10-06 10:45:08 -07:00
Jan Vcelak
19fd969d21 ITS#7374 - MozNSS: better file name matching for hashed CA certificate directory 
CA certificate files in OpenSSL compatible CACERTDIR were loaded if the
file extension was '.0'. However the file name should be 8 letters long
certificate hash of the certificate subject name, followed by a numeric
suffix which is used to differentiate between two certificates with the
same subject name.

Wit this patch, certificate file names are matched correctly (using
regular expressions).
 2017-10-06 10:44:13 -07:00
Jan Vcelak
acc5b88661 ITS#7373 - TLS: do not reuse tls_session if hostname check fails 
If multiple servers are specified, the connection to the first one
succeeds, and the hostname verification fails, *tls_session is not
dropped, but reused when connecting to the second server.

This is a problem with Mozilla NSS backend because another handshake
cannot be performed on the same file descriptor. From this reason,
hostname checking was moved into ldap_int_tls_connect() before
connection error handling.
 2017-10-06 10:44:07 -07:00
Hallvard Furuseth
ff2d7cc798 ITS#8733 Allow a raw integer to be decoded from a berval 2017-09-28 14:15:06 +01:00
Hallvard Furuseth
62811e8f65 ITS#8733 Allow extraction of the complete ber element 2017-09-28 14:14:55 +01:00
Quanah Gibson-Mount
43a039eba4 ITS#7428 - Non-blocking TLS is not compatible with MOZNSS 2017-09-26 10:59:08 -07:00
Ondřej Kuzník
a8f01cc885 ITS#8638 Add a recursive mutex to libldap_r for libevent 
Most thread implementations suppport a native recursive mutex, use that
where possible (especially when a regular mutex is recursive already).

Also provide a macro for applications to test whether they can use the
lock functions interchangeably.
 2017-09-26 16:26:33 +01:00
Quanah Gibson-Mount
c1512eea58 Fix typo "errror" -> "error" 2017-09-08 12:03:02 -07:00
Howard Chu
01a5eeac1d ITS#8727 plug ber leaks 2017-09-08 16:35:32 +01:00
Howard Chu
738723866e ITS#8717 call connection delete callbacks 
When TLS fails to start
 2017-09-06 21:46:09 +01:00
Howard Chu
af92b8d2ca ITS#8705 fix service pathname 
Strip trailing space of last pathname component, if any. Not first.
 2017-08-03 12:42:21 +01:00
Howard Chu
a58c01317c Merge remote-tracking branch 'origin/mdb.RE/0.9' 2017-06-01 17:52:15 +01:00
Howard Chu
60d500206a Release 0.9.21 2017-06-01 17:51:10 +01:00
Ryan Tandy
431c4af526 ITS#8648 init SASL library in global init 2017-05-07 21:29:44 +00:00
Ryan Tandy
e437b12277 ITS#8648 check result of ldap_int_initialize in ldap_{get,set}_option 2017-05-07 20:16:25 +00:00
Ryan Tandy
7b5181da8c ITS#8650 retry gnutls_handshake after GNUTLS_E_AGAIN 2017-05-06 22:50:13 +00:00
Howard Chu
38ac129e3a Fix pool_retract signature 
Omitted from e12ca8b6fe
 2017-04-21 14:39:17 +01:00
Quanah Gibson-Mount
42bc6ed991 ITS#8634 - Fix DES API function calls to current DES API 2017-04-14 12:27:14 -07:00
Howard Chu
9e051001d4 Add GnuTLS support for direct DER config of cacert/cert/key 
Followon to b402a2805f
 2017-04-10 00:21:08 +01:00
Howard Chu
13c39b98b5 Fixup handle_pause() 
Return -1 if running on the main thread - which means there
are no worker threads to pause.
 2017-04-09 15:39:44 +01:00
Howard Chu
2e011eeb67 Fixup cacert option 2017-04-09 15:39:13 +01:00
Howard Chu
83fb515555 Fixup cacert/cert/key options 
Add get_option support, allow delete by setting a NULL arg.
 2017-04-09 14:49:48 +01:00
Howard Chu
b402a2805f Add options to use DER format cert+keys directly 
Instead of loading from files.
 2017-04-09 00:13:42 +01:00
Quanah Gibson-Mount
eb8f1a7247 ITS#8353, ITS#8533 - Cleanup for libldap_r 2017-04-07 13:39:11 -07:00
Quanah Gibson-Mount
6ced84af79 ITS#8353, ITS#8533 - Fix libldap_r compilation 2017-04-06 15:12:02 -07:00
Quanah Gibson-Mount
01cbb7f4c6 ITS#8353, ITS#8533 - Ensure that the deprecated API is not used when using OpenSSL 1.1 or later 2017-04-06 11:47:06 -07:00
Ondřej Kuzník
e56a849e5d ITS#8625 Separate Avlnode and TAvlnode types 
Switch AVL_CHILD/AVL_THREAD values and set Avlnode bits to AVL_CHILD for
better compatibility between avl and tavl as suggested by Howard.
 2017-03-29 14:52:44 +01:00
Howard Chu
8b780915d9 ITS#8622 fix xcursor after cursor_del 
Re-fix 6b1df0e4c7 from ITS#8406
 2017-03-23 21:11:07 +00:00
Howard Chu
e12ca8b6fe Fixes for multiple threadpool queues 
Remove poolq_hash, it wasn't distributing work evenly to the queues.
Just walk through all queues and use the one with smallest
active+pending count. Since pool_retract also relied on the hash,
a different means of locating the thread to retract was needed.
Add pool_submit2 which returns the threadpool task structure,
and record which poolq this task lives on.
 2017-03-15 11:13:09 +00:00
Howard Guo
4962dd6083 ITS#8529 Avoid hiding the error if user specified CA does not load 
The TLS configuration deliberately hid the error in case that
user specified CA locations cannot be read, by loading CAs from default
locations; and when user does not specify CA locations, the CAs from default
locations are not read at all.

This patch corrects the behaviour so that CAs from default location are used
if user does not specify a CA location, and user is informed of the error if
CAs cannot be loaded from the user specified location.
 2017-02-22 09:56:17 -08:00
Howard Chu
9773f43b11 ITS#8585 Fail ldap_result if handle is already bad 2017-02-07 13:00:05 +00:00