upstream/openldap
1
0
Fork 0
mirror of https://git.openldap.org/openldap/openldap.git synced 2025-12-20 22:59:34 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions
24515 commits 38 branches 309 tags 68 MiB
Commit graph

13220 commits

Author SHA1 Message Date
Andrew Elble
9b03791108 ITS#10270 slapo-pcache: ttr was not being applied to negatively cached entries 2025-03-27 14:59:15 +00:00
Ondřej Kuzník
82cee8f57a ITS#10312 Explicitly allow FALSE in 'subordinate' 2025-03-12 15:44:57 +00:00
Howard Chu
b8f32ec2fc ITS#9367 back-mdb: add encryption support 
Enabled if MDB_ENCRYPT is defined, which is currently only in mdb.master3.
 2025-03-04 20:31:21 +00:00
Ondřej Kuzník
37edfeceaa ITS#10266 Linked clients should also be tagged for closing 2025-02-19 19:59:42 +00:00
Ondřej Kuzník
e101d0ecc1 ITS#10266 Adopt broader RFC4511 NoD interpretation, receiving side 2025-02-19 19:59:42 +00:00
Ondřej Kuzník
89e34fded3 ITS#10265 Allow runtime reconfig of olcBkLloadListen 2025-02-19 18:39:09 +00:00
Ondřej Kuzník
f2cba910d8 ITS#7249 Disallow memberof-addcheck when memberof is global 2025-02-19 17:29:04 +00:00
Ondřej Kuzník
993f488e7b ITS#7249 Let backend_attribute know who's calling it 2025-02-19 17:29:04 +00:00
Ondřej Kuzník
8ed07d0b93 ITS#10307 Initialise last if we use it later 2025-02-18 19:42:58 +00:00
Alexandre Jousset
068881efb4 ITS#10160 - Add "neguri" and "negset" constraint types to slapo-constraint 2025-02-12 17:46:55 +00:00
Howard Chu
429556c5f6 ITS#10302 slapd-mdb: fix idcursor double-free in slapadd shutdown 
Caused when calling tool_entry_modify to update ctxcsn after all adds are done.
 2025-02-04 17:00:36 +00:00
Nadezhda Ivanova
002214cc38 ITS#9186 Add deferred ops statistics counters 2025-01-06 16:24:24 +02:00
Ondřej Kuzník
62892d090c ITS#10290 Move syncrepl_modify_cb to the end of the list 
The way op->orm_modlist is allocated by syncrepl_op_modify is not
compatible with slap_mods_free() and so callbacks from any overlays that
touch op->orm_modlist on the way down need a chance to undo their state
first as we go back up.
 2024-12-16 20:00:25 +00:00
Nadezhda Ivanova
e2b04c434e ITS#9186 Add a counter to cn=Listener to track total number of established connections since startup 2024-12-16 18:31:23 +00:00
Ondřej Kuzník
70d8e22db7 ITS#7080 Do not reuse back-ldif's stack for controls 2024-12-16 17:01:26 +00:00
Ondřej Kuzník
e58266229f ITS#7080 Implement pre/postread for modrdn 2024-12-16 17:01:26 +00:00
Ondřej Kuzník
86d23423ac ITS#7080 Do not munge path twice 2024-12-16 17:01:26 +00:00
Howard Chu
c843b4ec93 ITS#10288 autoca: fix olcAutoCAserverClass config 2024-11-29 14:46:10 +00:00
Ondřej Kuzník
64021967b5 ITS#10272 Request all attributes from remote 
Fixes a regression introduced in fc1bcaf9de
leaving us unable to check the full filter after we recreate the entry.
 2024-10-29 12:43:37 +00:00
Ondřej Kuzník
4b8e60f843 ITS#9042 Log modify values under STATS2 2024-10-25 20:02:19 +00:00
Nadezhda Ivanova
223a755783 ITS#9914 Add OS pagesize to the back-mdb monitor information 
Page size is now provided with the olmMDBPageSize attribute.
 2024-10-25 18:53:32 +00:00
Ondřej Kuzník
2af486cf00 ITS#10234 Reinit retry state on refreshDone 2024-10-01 16:12:50 +00:00
Ondřej Kuzník
4448049955 ITS#10232 Reset cs_refreshing on config delete 2024-10-01 16:12:50 +00:00
Ondřej Kuzník
f8caf85d9b ITS#10248 Always generate a result on the original op 2024-09-26 17:56:59 +00:00
Ondřej Kuzník
8bad3eb380 ITS#10249 slapo-nestgroup: plug leak in nestgroup_memberFilter 2024-09-25 17:10:09 +01:00
Howard Chu
5e9d550c2e ITS#10256 cn=config: reject modify requests on cn=schema,cn=config 
Add requests already handled it specially; corresponding treatment
for modify requests was missing. The docs have always stated that
cn=schema,cn=config is only for slapd's hardcoded schema so this
only affects users who don't read docs.
 2024-09-10 17:41:39 +01:00
Ondřej Kuzník
d8b5bfddb7 ITS#10242 Record rid in operation related logs 2024-07-22 17:17:29 +01:00
HAMANO Tsukasa
554e754b3f fix idl intersection ITS#10233 
The `mdb_idl_intersection()` and `wt_idl_intersection()` functions derived from back-bdb return wrong results.

expect:
[1, 3] ∩ [2] = []

actual:
[1, 3] ∩ [2] = [2]

also
- Add scope checking for back-wt
- fix compiler warning
 2024-07-08 13:06:53 +00:00
Howard Chu
3327a6b693 ITS#10237 fix prev commit 2024-07-04 18:52:44 +01:00
Howard Chu
a323284c06 ITS#10237 back-ldap: fix usage of multi-precision add for op counters 2024-07-04 18:35:45 +01:00
Howard Chu
b490437a66 ITS#10235 slapo-nestgroup: silence extraneous register_at message 2024-06-27 00:49:21 +01:00
Howard Chu
aa31963e44 ITS#10231 slapadd: check for NULL suffix in error message 2024-06-18 17:14:12 +01:00
Howard Chu
f1b921783b ITS#10230 slapo-memberof: fix addcheck search to omit dynamic values 2024-06-17 21:40:48 +01:00
Nadezhda Ivanova
0f521e636b ITS#10227 Asyncmeta will not reset a connection if a bind operation fails with LDAP_OTHER, leaving the connection in invalid state 2024-06-13 21:23:27 +00:00
Nadezhda Ivanova
6b4b68b13a ITS#10219 Modify of olcDisabled by removing and adding a value invokes db_open twice 
Do not invoke db_open if the database is not actually disabled
 2024-06-13 18:41:25 +00:00
Nadezhda Ivanova
5740d1747d ITS#10218 Disabling and re-enabling an asyncmeta database via cn=config leaks memory 
Make sure asyncmeta frees the pending operations structures, resets all connections, frees connection structures and stops the timeout-loop.
 2024-06-13 17:38:06 +00:00
Quanah Gibson-Mount
f0ab743db4 ITS#9827 - Use 7MB memory/5 iterations as default 
This has the same protections as 19MB/2 iterations, but requires less system memory
 2024-06-11 17:06:33 +00:00
HAMANO Tsukasa
c14e3329c0 ITS#10214 Reduce library dependencies 
Currently, slapd links libsystemd to notify service state to systemd.
However, libsystemd link several unnecessary libraries, which increases security risks.
The systemd documentation provides a method to send state notifications to systemd using a simple protocol without the need to link against libsystemd.

https://www.freedesktop.org/software/systemd/man/devel/sd_notify.html
 2024-05-08 09:50:10 +09:00
Nick Porter
bf01750381 ITS#10211 slapd: Fix peercred uid and gid format 
uid and gid are unsigned int and so should be formatted as such when
creating the authid string.
 2024-05-03 20:28:36 +01:00
Howard Chu
6d5400a2c7 ITS#10204 slapo-constraint: fix double-free on invalid attr 2024-04-30 15:55:01 +01:00
Nadezhda Ivanova
bd6dc46ad0 ITS#10197 Back-meta and back-asyncmeta add a new target structure and increase the number of targets even if uri parsing fails 
Reproducible when adding a new target via cn=config
 2024-04-29 19:23:35 +00:00
Nadezhda Ivanova
729a604192 ITS#10193 Asyncmeta starts more than one timeout loop per database and slaptest crashes 2024-04-11 15:26:15 +03:00
Howard Chu
a7007b7f64 ITS#10163 More configure munging 
Streamline configuration of slapd modules. Just use the
appropriate OL_ARG_ENABLE_xx, then almost no other edits
will be needed in configure.ac when adding new modules.

Backends will still have to add their Makefile to the
AC_CONFIG_FILES() list.
 2024-04-05 15:42:04 +00:00
Quanah Gibson-Mount
073232bbc7 Happy New Year! 2024-03-26 19:45:07 +00:00
Howard Chu
ddd42a2af3 ITS#10161 Add nestgroup overlay 2024-03-21 17:12:53 +00:00
Howard Chu
7015ad6568 ITS#10186 overlay response callbacks should ignore op->o_abandon 2024-03-06 14:57:15 +00:00
Howard Chu
ce524021f6 ITS#10044 dynlist: check for abandon in search2resp 2024-02-22 19:54:30 +00:00
Howard Chu
6ecc28b7c8 ITS#10172 logging: report errors when rotation fails 2024-02-22 17:40:35 +00:00
Nadezhda Ivanova
1bb795ad7a ITS#10164 back-meta hangs when used with dynlist overlay 
Make sure every proxied operation has a separate candidates structure.
 2024-02-15 16:39:49 +00:00
Ondřej Kuzník
af7575fabd ITS#10173 Populate li_minCSN on conversion 2024-02-12 18:50:10 +00:00
Stephen Gallagher
fb9e6a81bb ITS#10171 - Explicitly cast private values 
Fixes issues with -Werror=incompatible-pointer-types

Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
 2024-02-07 12:29:37 -05:00
Howard Chu
af877238e9 ITS#10170 accesslog: skip response if not fully initialized yet 2024-02-07 17:02:52 +00:00
Howard Chu
b3bbbb39cd ITS#10167 slapo-memberof: add addcheck option 
Check memberships of newly added entries.
 2024-02-06 01:22:58 +00:00
Ondřej Kuzník
7ade966cf3 ITS#9823 Move to a place that is better associated with accesslog 2024-02-05 22:57:17 +00:00
Nadezhda Ivanova
6cb3063bad ITS#10165 back-meta fails to bind to target when proxying an internal operation 2024-01-31 16:50:45 +00:00
Howard Chu
c7a4bd27f5 ITS#10166 slapi: fix plugin.c plugin_pblock_new() usage 
Broken in 9142da8eaf
 2024-01-31 16:00:30 +00:00
Ondřej Kuzník
f5fcbb428c ITS#10139 back-config: Honour disclose in matchedDN handling 2024-01-29 18:43:56 +00:00
Howard Chu
d56dcccb6f ITS#7420 clarify prev commit 2024-01-28 04:43:44 +00:00
Howard Chu
03338946b3 ITS#7420 more for prev commit 
On naming error, don't free modvals
 2024-01-28 04:00:34 +00:00
Howard Chu
7debe76f6c ITS#7420 re-fix slapcommon.c 
bconfig requires RDN to pass schema check
 2024-01-15 16:43:56 +00:00
Ondřej Kuzník
9cdd2c4af7 ITS#10110 Do not skip backover for result entries 2024-01-11 17:32:21 +00:00
Ondřej Kuzník
b8999d165c ITS#10151 Make sure we release scratch objects on "error" 2024-01-11 16:22:49 +00:00
Hiroyuki Homma
5cbb29cfcf ITS#10080 Fix refreshAndPersist synchronization problem with glue + rwm 2024-01-11 04:45:08 +00:00
Howard Chu
b3eab2ce94 ITS#10135 dynlist: fix search2resp callback context 2024-01-10 19:33:38 +00:00
Stacey Marshall
8139458b39 ITS#10130 Several callers of getpassphrase() ignore NULL returns 2024-01-10 18:47:36 +00:00
Howard Chu
f5c96f4469 ITS#7420 move entry_naming_check earlier in Add 
Make sure RDN is present in e_attrs before passing entry to overlays
 2024-01-10 17:05:13 +00:00
Howard Chu
314800db23 ITS#10143 only slapd should use the logfile 2023-12-19 15:49:03 +00:00
Ondřej Kuzník
f141416f32 ITS#10142 Link tiers in on cn=config startup 2023-12-19 14:47:34 +00:00
Howard Chu
a692941092 ITS#10092 fix prev commit for non-Windows 2023-12-08 03:41:40 +00:00
Howard Chu
595d177473 ITS#10092 logging: fix EOL when logfile-format is explicitly set 2023-12-08 03:25:22 +00:00
Ondřej Kuzník
860b61f41d ITS#10013 Make freeing controls the job of whoever added it 2023-11-21 17:21:52 +00:00
Ondřej Kuzník
c1f00a8af6 ITS#10013 Introduce slap_add_ctrl, changing slap_add_ctrls signature 2023-11-21 17:21:52 +00:00
Howard Chu
2494ade786 ITS#10025 slapo-dynlist: add option to disable filter support 2023-11-21 16:41:02 +00:00
Howard Chu
0b10f4a5b8 ITS#10092 logging: fix strftime for Windows 
Although %T is standard and documented in M$ docs, it actually doesn't work in MSVCRT.
 2023-11-16 18:47:34 +00:00
Howard Chu
247e5bcdfb ITS#10092 fix local logger for Windows 
Don't use writev, just copy the message to insert prefix
 2023-11-16 18:47:34 +00:00
Ondřej Kuzník
9b9469e251 ITS#10080 Fix slapcat when gluing is on 2023-11-16 16:45:26 +00:00
Ondřej Kuzník
8986f99d33 ITS#8852 Optimise attr_cmp for sortval attributes 2023-11-14 18:09:10 +00:00
Howard Chu
66edd34594 ITS#8677 back-sock: return error for CONTINUE 
instead of asserting
 2023-11-14 17:02:18 +00:00
Howard Chu
64789dd2c7 ITS#8180 back-sock: return error when str2entry fails 2023-11-14 17:02:18 +00:00
Howard Chu
f0c7427ba3 ITS#9660 back-mdb: make startup fail msg less specific 2023-11-09 17:10:31 +00:00
Howard Chu
2939df1a1d ITS#8498 slapadd: silence warning for NULL entry 2023-11-02 16:53:26 +00:00
Ondřej Kuzník
543230c9e7 ITS#10089 Fix acl logging 2023-11-02 14:02:15 +00:00
Ondřej Kuzník
92cca70426 ITS#10123 Add a missing include 2023-11-02 13:42:07 +00:00
Howard Chu
11b3e5946b ITS#10117 build: fix slap-config.h decls for Windows DLLs 2023-10-19 18:46:54 +01:00
Ondřej Kuzník
3cf5db1610 ITS#10080 Preserve original choice of backend for entry_release 2023-10-09 20:22:42 +00:00
Ondřej Kuzník
b13132f2ce ITS#9959 Expose connection endpoints in cn=monitor 2023-09-27 14:44:52 +00:00
Ondřej Kuzník
923483ccea ITS#9959 Track actual connection local/peername 2023-09-27 14:44:52 +00:00
hyc
a7bd0416c8 More windows cleanup for slapi 
Fix link dependencies.
Fix file locking in printmsg.c.
 2023-09-07 21:13:35 +01:00
Howard Chu
3489931553 Cleanup Windows build 
Fix make depend errors in slapi
 2023-09-07 20:03:07 +01:00
Ondřej Kuzník
de89b06b03 ITS#10074 Fix type mismatches in lloadd 2023-08-23 01:21:15 +00:00
Ondřej Kuzník
242d1e6d62 ITS#7226 Make olcAuditlogFile SINGLE-VALUE 2023-08-21 12:19:16 +01:00
Ondřej Kuzník
02975a3dc7 ITS#10091 Do not allow dynlist being configured as global 2023-08-15 13:07:46 +01:00
François Kooman
61e4832110 ITS#9827 update Argon2 defaults 
- switch to argon2id by default (from argon2i)
- use OWASP recommended parameters as defaults

This only affects builds that use libargon2, e.g. Debian, and
not builds that use libsodium as argon2id is already the
default there, and better parameters are used

References: https://bugs.openldap.org/show_bug.cgi?id=9827
Signed-off-by: François Kooman <fkooman@tuxed.net>
 2023-08-11 20:58:56 +00:00
Ondřej Kuzník
39403c9db2 ITS#10073 back-ldap: Make sure we have a suffix configured 2023-08-11 20:00:50 +00:00
Greg Burd
ba90df4dc3
convert Debug to use config args 2023-08-10 15:29:47 -04:00
Howard Chu
2086008a79
Use ConfigArgs in ACL parsing 
For better error propagation back to config clients, also
remove unconditional use of stderr.

parse_acl() was only partially converted, the rest remains to be done.
 2023-08-08 14:18:33 -04:00
Howard Chu
9142da8eaf
Use ConfigArgs in slapi config parsing 2023-08-08 14:18:21 -04:00
Greg Burd
7a4812d2fa
Allow caller to determine if the process should exit or not when the regex is found to be problematic. 2023-08-08 11:08:22 -04:00
Ondřej Kuzník
2738a32de3 ITS#10045 Make sure we only unpause when paused 2023-07-31 16:46:12 +00:00
Ondřej Kuzník
5677a410e6 ITS#10083 Do not mess with a connection that's dying already 2023-07-20 16:21:54 +00:00