upstream/openldap
1
0
Fork 0
mirror of https://git.openldap.org/openldap/openldap.git synced 2025-12-24 00:29:35 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions
23286 commits 38 branches 309 tags 68 MiB
Commit graph

1975 commits

Author SHA1 Message Date
Quanah Gibson-Mount
4ccd139355 Revert "use AI_ADDRCONFIG if defined in the environment" 
This reverts commit ebf0ef5cb1.

Depends on custom glibc from RedHat
 2019-07-19 16:24:45 +00:00
Quanah Gibson-Mount
403c01b5e6 Fix previous commit. It broke builds where --with-cyrus-sasl=no is set. 2019-06-27 17:44:18 +00:00
Howard Chu
b02807ea2f Cleanup limits in cyrus.c 2019-06-25 15:31:31 +01:00
Ondřej Kuzník
b2f4cacd47 ITS#7996 Use a separate mutex in ldap_int_initialize 2019-06-21 12:19:38 +02:00
Ondřej Kuzník
60754d77c8 ITS#8755 Do not close the default SockBuf a second time 2019-06-20 16:58:25 +02:00
Jame Gerwe
6c177e6629 ITS#8794 - Fix implicit declaration for ldap_is_ldapc_url 
Fix building OpenLDAP with -DLDAP_CONNECTIONLESS so that ldap_is_ldapc_url function is defined
 2019-06-17 17:25:29 +00:00
Ondřej Kuzník
5e8aa3f6d1 ITS#8754 Don't try IPv6 addresses unless configured to 2019-06-13 10:24:43 +02:00
Côme Chilliet
2cac3ceb03 ITS#8674 Return correct result from ldap_create_assertion_control_value 
ldap_create_assertion_control_value was returning ld->ld_errno
 upon success without reseting it to LDAP_SUCCESS first
 2019-06-12 16:57:13 +02:00
Ondřej Kuzník
db40120a27 ITS#7996 Tighten race in ldap_int_initialize 2019-06-12 11:53:38 +02:00
Ondřej Kuzník
860daa0989 ITS#7042 More to unsetting opts with an empty string 2019-06-12 11:50:14 +02:00
Patrick Monnerat
0f9afae02d ITS#7042 Allow unsetting of tls_* syncrepl options. 
This can be done by setting them to an empty string value.
 2019-06-11 15:36:03 +02:00
Jan Vcelak
ebf0ef5cb1 use AI_ADDRCONFIG if defined in the environment 2019-05-13 15:33:55 +00:00
Sumit Bose
6c5a79be98 ITS#7585 fix ldapi with SASL_NOCANON 
Was using the ldapi socket path as a hostname
 2019-04-18 21:57:04 +01:00
Ondřej Kuzník
5b55054544 Do not allocate a new cbinding if we have one already. 2019-03-27 10:54:42 +00:00
Ondřej Kuzník
aba073e171 ITS#8980 Actually return the computed status 2019-03-19 16:46:03 +00:00
Nadezhda Ivanova
f239bbd3c6 Add LDAP_OPT_KEEPCONN option 
This option instructs try_read1msg to not free the connection on read error
or on Notice of disconnections, but leave it to the caller. It is needed,
for example, by back-asyncmeta, who expects to have control on when
its target connections are freed. Must be used with caution.
 2019-02-28 17:27:54 +00:00
Vernon Smith
8158888085 ITS#8980 fix async connections with non-blocking TLS 2019-02-28 17:02:40 +00:00
Howard Chu
06d289f985 ITS#8983 Add draft Persistent Search 2019-02-25 15:19:33 +00:00
Ondřej Kuzník
e6ae7d5136 ITS#8731 Make loading ldap-int.h possible from server code again 2019-02-19 17:14:26 +00:00
Ondřej Kuzník
cd914149a6 Make prototypes available where needed 2019-02-19 10:26:39 +00:00
Ondřej Kuzník
09cec1f1b4 ITS#8731 Apply doc/devel/variadic_debug/03-libldap_Debug.cocci 2019-02-15 16:51:53 +00:00
Ondřej Kuzník
254d2adab0 ITS#8731 Rework logging 2019-02-15 16:51:53 +00:00
Quanah Gibson-Mount
09ff530036 ITS#8957 - Fix ASYNC TLS 
Fix ASYNC TLS by correctly handling a return code of -2 in addition to 0
 2019-01-31 23:28:36 +00:00
Quanah Gibson-Mount
50b33cc6b8 ITS#8968 - Fix ASYNC connection on Solaris 10 
Fixes ASYNC connections to handle a return code of ENOTCONN as this is
what Solaris 10 does.
 2019-01-31 23:28:28 +00:00
Howard Chu
e8c62bf8b4 ITS#8966 add changelog support to syncrepl consumer 
Tested against DSEE7. The DSEE binaries must be in your path to run the test script.
 2019-01-29 18:51:43 -08:00
Quanah Gibson-Mount
b45a6a7dc7 Happy New Year! 2019-01-14 18:46:16 +00:00
Howard Chu
d3b1558dcb ITS#8353 CRYPTO_set_id_callback deprecated in OpenSSL 0.9.9 2019-01-02 10:16:40 +00:00
Howard Chu
18e0bcb7de Add MS AD persistent search ctrl 2018-12-13 05:44:46 -08:00
Howard Chu
de998c3518 DirSync ctrl requires critical 2018-11-18 02:47:21 +00:00
Howard Chu
a9bfce1292 Add some MS AD controls 2018-11-17 18:33:41 -08:00
Ondřej Kuzník
10a6ffa3e9 Expose ldap_int_tls_connect as ldap_pvt_tls_connect 2018-10-22 11:35:31 +01:00
Howard Chu
d7a778004b ITS#8809 add missing includes 2018-09-21 18:42:34 +01:00
Ryan Tandy
4c1ab16ade Revert "ITS#8650 retry gnutls_handshake after GNUTLS_E_AGAIN" 
This reverts commit 7b5181da8c.
 2018-09-18 19:16:31 -07:00
Ondřej Kuzník
b0244fc869 ITS#8842 Do some printability checks on the dc RDN 2018-07-02 16:18:26 +01:00
Ondřej Kuzník
8a259e3df1 ITS#8573 allow all libldap options in tools -o option 2018-06-14 16:19:10 +01:00
Quanah Gibson-Mount
59e9ff6243 Happy New Year 2018-03-22 15:35:24 +00:00
Howard Chu
650b4822ce Avoid unnecessary C99 initializers 2018-01-25 15:40:26 +00:00
Howard Chu
f09ffffcbd Cleanup warnings 2018-01-25 15:36:00 +00:00
Bradley Baetz
e5ee07785e ITS#8791 fix OpenSSL 1.1.1 BIO_method compat 
Use the new methods unconditionally, define helper functions for older versions.
 2018-01-25 15:28:51 +00:00
Soohoon Lee
1863245f49 ITS#8484 - Fix MozNSS initialization 2017-12-08 07:00:02 -08:00
Howard Chu
f82ca15a18 ITS#8782 plug memleaks in cancel 2017-12-04 16:00:33 +00:00
Quanah Gibson-Mount
f5da6638ec ITS#8753, ITS#8774 - Fix compilation with older versions of OpenSSL 2017-11-17 14:30:45 -08:00
Ondřej Kuzník
8e34ed8c78 ITS#8753 Public key pinning support in libldap 2017-11-13 17:24:49 +00:00
Ondřej Kuzník
91ebfc82ea ITS#8753 Move base64 decoding to separate file 2017-11-13 16:51:01 +00:00
Josh Soref
10566c8be3 ITS#8605 - spelling fixes 
* javascript
* kernel
* ldap
* length
* macros
* maintained
* manager
* matching
* maximum
* mechanism
* memory
* method
* mimic
* minimum
* modifiable
* modifiers
* modifying
* multiple
* necessary
* normalized
* objectclass
* occurrence
* occurring
* offered
* operation
* original
* overridden
* parameter
* permanent
* preemptively
* printable
* protocol
* provider
* really
* redistribution
* referenced
* refresh
* regardless
* registered
* request
* reserved
* resource
* response
* sanity
* separated
* setconcurrency
* should
* specially
* specifies
* structure
* structures
* subordinates
* substitution
* succeed
* successful
* successfully
* sudoers
* sufficient
* superiors
* supported
* synchronization
* terminated
* they're
* through
* traffic
* transparent
* unsigned
* unsupported
* version
* absence
* achieves
* adamson
* additional
* address
* against
* appropriate
* architecture
* associated
* async
* attribute
* authentication
* authorized
* auxiliary
* available
* begin
* beginning
* buffered
* canonical
* certificate
* charray
* check
* class
* compatibility
* compilation
* component
* configurable
* configuration
* configure
* conjunction
* constraints
* constructor
* contained
* containing
* continued
* control
* convenience
* correspond
* credentials
* cyrillic
* database
* definitions
* deloldrdn
* dereferencing
* destroy
* distinguish
* documentation
* emmanuel
* enabled
* entry
* enumerated
* everything
* exhaustive
* existence
* existing
* explicitly
* extract
* fallthru
* fashion
* february
* finally
* function
* generically
* groupname
* happened
* implementation
* including
* initialization
* initializes
* insensitive
* instantiated
* instantiation
* integral
* internal
* iterate
 2017-10-11 14:39:38 -07:00
Nathaniel McCallum
29f6260364 ITS#7532 - Add new function ldap_connect(). 
This function is used to manually establish a connection after
a call to ldap_initialize(). This is primarily so that a file
descriptor can be obtained before any requests are sent for the
purposes of polling for writability.
 2017-10-11 14:31:22 -07:00
Jan Vcelak
cbf5f03476 ITS#7389 - MozNSS: load certificates from certdb, fallback to PEM 
If TLS_CACERT pointed to a PEM file and TLS_CACERTDIR was set to NSS
certificate database, the backend assumed that the certificate is always
located in the certificate database. This assumption might be wrong.

This patch makes the library to try to load the certificate from NSS
database and fallback to PEM file if unsuccessfull.
 2017-10-06 13:59:07 -07:00
Ian Puleston
46c93e41f4 ITS#8167 Fix non-blocking TLS with referrals 2017-10-06 13:57:13 -07:00
Quanah Gibson-Mount
35a880c53e ITS#8687 - EGD is disabled by default in OpenSSL 1.1. We need to comment out this block if it is not detected. Particularly affects cross compilation. 2017-10-06 13:48:40 -07:00
sca+openldap@andreasschulze.de
90835da72f ITS#8578 - remove unused-variables in RE24 testing call (2.4.45) 2017-10-06 10:45:08 -07:00
Jan Vcelak
19fd969d21 ITS#7374 - MozNSS: better file name matching for hashed CA certificate directory 
CA certificate files in OpenSSL compatible CACERTDIR were loaded if the
file extension was '.0'. However the file name should be 8 letters long
certificate hash of the certificate subject name, followed by a numeric
suffix which is used to differentiate between two certificates with the
same subject name.

Wit this patch, certificate file names are matched correctly (using
regular expressions).
 2017-10-06 10:44:13 -07:00
Jan Vcelak
acc5b88661 ITS#7373 - TLS: do not reuse tls_session if hostname check fails 
If multiple servers are specified, the connection to the first one
succeeds, and the hostname verification fails, *tls_session is not
dropped, but reused when connecting to the second server.

This is a problem with Mozilla NSS backend because another handshake
cannot be performed on the same file descriptor. From this reason,
hostname checking was moved into ldap_int_tls_connect() before
connection error handling.
 2017-10-06 10:44:07 -07:00
Quanah Gibson-Mount
43a039eba4 ITS#7428 - Non-blocking TLS is not compatible with MOZNSS 2017-09-26 10:59:08 -07:00
Quanah Gibson-Mount
c1512eea58 Fix typo "errror" -> "error" 2017-09-08 12:03:02 -07:00
Howard Chu
01a5eeac1d ITS#8727 plug ber leaks 2017-09-08 16:35:32 +01:00
Howard Chu
738723866e ITS#8717 call connection delete callbacks 
When TLS fails to start
 2017-09-06 21:46:09 +01:00
Ryan Tandy
431c4af526 ITS#8648 init SASL library in global init 2017-05-07 21:29:44 +00:00
Ryan Tandy
e437b12277 ITS#8648 check result of ldap_int_initialize in ldap_{get,set}_option 2017-05-07 20:16:25 +00:00
Ryan Tandy
7b5181da8c ITS#8650 retry gnutls_handshake after GNUTLS_E_AGAIN 2017-05-06 22:50:13 +00:00
Howard Chu
9e051001d4 Add GnuTLS support for direct DER config of cacert/cert/key 
Followon to b402a2805f
 2017-04-10 00:21:08 +01:00
Howard Chu
2e011eeb67 Fixup cacert option 2017-04-09 15:39:13 +01:00
Howard Chu
83fb515555 Fixup cacert/cert/key options 
Add get_option support, allow delete by setting a NULL arg.
 2017-04-09 14:49:48 +01:00
Howard Chu
b402a2805f Add options to use DER format cert+keys directly 
Instead of loading from files.
 2017-04-09 00:13:42 +01:00
Quanah Gibson-Mount
eb8f1a7247 ITS#8353, ITS#8533 - Cleanup for libldap_r 2017-04-07 13:39:11 -07:00
Quanah Gibson-Mount
6ced84af79 ITS#8353, ITS#8533 - Fix libldap_r compilation 2017-04-06 15:12:02 -07:00
Quanah Gibson-Mount
01cbb7f4c6 ITS#8353, ITS#8533 - Ensure that the deprecated API is not used when using OpenSSL 1.1 or later 2017-04-06 11:47:06 -07:00
Howard Guo
4962dd6083 ITS#8529 Avoid hiding the error if user specified CA does not load 
The TLS configuration deliberately hid the error in case that
user specified CA locations cannot be read, by loading CAs from default
locations; and when user does not specify CA locations, the CAs from default
locations are not read at all.

This patch corrects the behaviour so that CAs from default location are used
if user does not specify a CA location, and user is informed of the error if
CAs cannot be loaded from the user specified location.
 2017-02-22 09:56:17 -08:00
Howard Chu
9773f43b11 ITS#8585 Fail ldap_result if handle is already bad 2017-02-07 13:00:05 +00:00
Howard Chu
2bf650d95e ITS#8533 OpenSSL 1.1.0c compat 2017-01-11 14:12:45 +00:00
Quanah Gibson-Mount
1df85d3427 Happy New Year! 2017-01-03 12:36:47 -08:00
Howard Chu
283f3ae171 ITS#8385 Fix use-after-free with GnuTLS 2016-03-12 11:03:29 +00:00
Howard Chu
6bb6d5e3c6 ITS#8353 more for OpenSSL 1.1 compat 
tmp_rsa callback has been removed from OpenSSL 1.1
Use new X509_NAME accessor function to retrieve DER bytes
 2016-01-31 03:29:28 +00:00
Quanah Gibson-Mount
6c4d6c880b Happy New Year! 2016-01-29 13:32:05 -06:00
Howard Chu
f3a7bf79db ITS#8353 partial fix 
Use newly added SSL_CTX_up_ref()
Still waiting for X509_NAME accessor
 2016-01-26 18:06:46 +00:00
Howard Chu
f2d0aa7d22 ITS#8353 partial fixes 
ERR_remove_state() is deprecated since OpenSSL 1.0.0
Use X509_NAME_ENTRY_get_object() instead of direct access.
 2016-01-21 18:05:42 +00:00
Howard Chu
597ce61000 ITS#8295 fix Windows microsecond timer 
Also add ldap_pvt_gettimeofday() to
emulate gettimeofday on Windows
 2015-10-28 13:49:25 +00:00
Howard Chu
28a02271f0 ITS#8273 Windows file:// URL fixup 2015-10-19 08:52:28 +01:00
Howard Chu
db3175eaba ITS#8262 more 
extended ops
 2015-10-02 05:14:53 +01:00
Howard Chu
34ccd14f3e ITS#8262 add ldap_build_*_req functions 
Basic ops except abandon and unbind; since they get no reply
it's not important for the caller to know their msgID.
 2015-10-02 05:02:15 +01:00
Howard Chu
e75fbc953f ITS#8201 LDAPSTACKGUARD feature 2015-07-16 18:58:23 +01:00
Howard Chu
4796f01209 ITS#8195 fix ITS#7027 regression, port number sign bit overflow 
Another bug from 5de85b922a
 2015-07-12 11:14:33 +01:00
Hallvard Furuseth
17853783df Silence warnings 2015-05-04 21:07:02 +02:00
Mikko Auvinen
de76b8d1ce ITS#8093 add LDAP_X_CONNECTING error string 2015-04-01 20:54:54 +01:00
Howard Chu
7aefa46b37 ITS#8090 fix for async connect 2015-04-01 20:54:12 +01:00
Quanah Gibson-Mount
1705fa7e55 Happy New Year 2015-02-11 15:36:57 -06:00
Howard Chu
79d90c3935 ITS#8050 fix ldap_get_option(LDAP_OPT_SESSION_REFCNT) 2015-02-04 03:16:20 +00:00
Howard Chu
e2b4366044 ITS#8028 fix ldap_new_connection 2015-01-21 01:02:12 +00:00
Howard Chu
fccca0ead9 Minor cleanup (coverity) 2015-01-14 16:59:54 +00:00
Howard Chu
bf4ed09c5e Plug leak (coverity) 2015-01-14 14:16:24 +00:00
Howard Chu
ae6347bac1 ITS#8022 an async connect may still succeed immediately 2015-01-12 22:27:58 +00:00
Howard Chu
234931acb0 ITS#8001 fix ldap_sync_initialize 2014-12-10 22:58:33 +00:00
Mark Reynolds
7a7d941943 ITS#7979 MozNSS fix for TLS_PROTOCOL_MIN 
Fix NSS code to check for TLS_PROCOTOL_MIN, and then set the SSL
version range(min and max). Also updated SSL version string map
table to support up to TLSv1.3
 2014-11-13 15:11:40 +00:00
Howard Chu
d06073d0d6 Fix a1e3b1cf3c 
copy/paste error
 2014-10-15 11:11:08 +01:00
Howard Chu
b36bd703d7 ITS#7967 fix abandon regression 
From ITS#7712, avoid double-free of request
 2014-10-15 11:08:29 +01:00
Kurt Zeilenga
a1e3b1cf3c Fix pointer incompatibility issue on some platforms 
Don't assume tv_sec is a time_t.
 2014-10-10 11:56:31 -07:00
Howard Chu
eef1ca007f ITS#7027 actually implement RFC 2782 shuffle 2014-07-21 22:17:21 -07:00
Howard Chu
31995b535e ITS#7027 fix bugs in prev commit 2014-07-21 22:12:22 -07:00
James M Leddy
5de85b922a ITS#7027 Implement priority/weight for DNS SRV records 
From RFC 2782:

  A client MUST attempt to contact the target host with the
  lowest-numbered priority it can reach.

This patch sorts the DNS SRV records by their priority, and
additionally gives records with a larger weight a higher probability
of appearing earlier. This way, the DNS SRV records are tried in the
order of their priority.
 2014-07-21 19:31:59 -07:00
Howard Chu
3102cbbd55 ITS#7859 more for revert 2014-07-11 12:38:16 -07:00
Howard Chu
189f312d64 ITS#7859 refix 
This was actually broken by 65e163d2, ITS#6947. Reverting both
of those changes and fixing #6947 again.
 2014-07-11 12:29:15 -07:00