upstream/openldap
1
0
Fork 0
mirror of https://git.openldap.org/openldap/openldap.git synced 2026-02-18 18:18:06 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions
24574 commits 38 branches 313 tags 89 MiB
Commit graph

13093 commits

Author SHA1 Message Date
Ondřej Kuzník
99f672b564 ITS#10272 Request all attributes from remote 
Fixes a regression introduced in fc1bcaf9de
leaving us unable to check the full filter after we recreate the entry.
 2024-11-13 17:11:10 +00:00
Ondřej Kuzník
67bef41c3c ITS#10234 Reinit retry state on refreshDone 2024-10-04 22:08:03 +00:00
Ondřej Kuzník
c451a39fe4 ITS#10232 Reset cs_refreshing on config delete 2024-10-04 22:06:18 +00:00
Ondřej Kuzník
a6f6c2f8bf ITS#10248 Always generate a result on the original op 2024-10-04 22:03:39 +00:00
Ondřej Kuzník
99327d316e ITS#10249 slapo-nestgroup: plug leak in nestgroup_memberFilter 2024-10-04 22:02:24 +00:00
Howard Chu
bec0946cca ITS#10256 cn=config: reject modify requests on cn=schema,cn=config 
Add requests already handled it specially; corresponding treatment
for modify requests was missing. The docs have always stated that
cn=schema,cn=config is only for slapd's hardcoded schema so this
only affects users who don't read docs.
 2024-10-04 22:00:01 +00:00
HAMANO Tsukasa
efa9f173d2 ITS#10233 - fix idl intersection 
The `mdb_idl_intersection()` and `wt_idl_intersection()` functions derived from back-bdb return wrong results.

expect:
[1, 3] ∩ [2] = []

actual:
[1, 3] ∩ [2] = [2]

also
- Add scope checking for back-wt
- fix compiler warning
 2024-10-04 21:49:50 +00:00
Howard Chu
84a64fe354 ITS#10237 back-ldap: fix usage of multi-precision add for op counters 2024-10-04 21:41:34 +00:00
Howard Chu
0f984dd354 ITS#10230 slapo-memberof: fix addcheck search to omit dynamic values 2024-06-28 17:14:45 +00:00
Howard Chu
74f0e83eb4 ITS#10235 slapo-nestgroup: silence extraneous register_at message 2024-06-28 17:03:29 +00:00
Howard Chu
8350e24c8f ITS#10231 slapadd: check for NULL suffix in error message 2024-06-28 17:01:55 +00:00
Nadezhda Ivanova
1ea9880ad0 ITS#10227 Asyncmeta will not reset a connection if a bind operation fails with LDAP_OTHER, leaving the connection in invalid state 2024-06-28 16:59:06 +00:00
Nadezhda Ivanova
532b2e60da ITS#10219 Modify of olcDisabled by removing and adding a value invokes db_open twice 
Do not invoke db_open if the database is not actually disabled
 2024-06-28 16:58:12 +00:00
Nadezhda Ivanova
dc358cbc8e ITS#10218 Disabling and re-enabling an asyncmeta database via cn=config leaks memory 
Make sure asyncmeta frees the pending operations structures, resets all connections, frees connection structures and stops the timeout-loop.
 2024-06-28 16:56:38 +00:00
Quanah Gibson-Mount
3516e19bc7 ITS#9827 - Use 7MB memory/5 iterations as default 
This has the same protections as 19MB/2 iterations, but requires less system memory
 2024-06-28 16:49:04 +00:00
François Kooman
d13a07bf94 ITS#9827 update Argon2 defaults 
- switch to argon2id by default (from argon2i)
- use OWASP recommended parameters as defaults

This only affects builds that use libargon2, e.g. Debian, and
not builds that use libsodium as argon2id is already the
default there, and better parameters are used

References: https://bugs.openldap.org/show_bug.cgi?id=9827
Signed-off-by: François Kooman <fkooman@tuxed.net>
 2024-06-28 16:48:57 +00:00
HAMANO Tsukasa
71f8894a9c ITS#10214 Reduce library dependencies 
Currently, slapd links libsystemd to notify service state to systemd.
However, libsystemd link several unnecessary libraries, which increases security risks.
The systemd documentation provides a method to send state notifications to systemd using a simple protocol without the need to link against libsystemd.

https://www.freedesktop.org/software/systemd/man/devel/sd_notify.html
 2024-05-09 17:08:46 +00:00
Nick Porter
0938316f3f ITS#10211 slapd: Fix peercred uid and gid format 
uid and gid are unsigned int and so should be formatted as such when
creating the authid string.
 2024-05-07 16:37:12 +00:00
Howard Chu
3f752740b1 ITS#10204 slapo-constraint: fix double-free on invalid attr 2024-05-07 16:32:51 +00:00
Nadezhda Ivanova
5a0fb54284 ITS#10197 Back-meta and back-asyncmeta add a new target structure and increase the number of targets even if uri parsing fails 
Reproducible when adding a new target via cn=config
 2024-05-07 16:31:45 +00:00
Howard Chu
fbef77d42d ITS#10161 Add nestgroup overlay 2024-04-16 16:08:15 +00:00
Nadezhda Ivanova
e9c93fac09 ITS#10193 Asyncmeta starts more than one timeout loop per database and slaptest crashes 2024-04-16 15:45:51 +00:00
Quanah Gibson-Mount
fa5cf1252f Happy New Year! 2024-03-26 19:45:35 +00:00
Howard Chu
9fd8cd2066 ITS#10186 overlay response callbacks should ignore op->o_abandon 2024-03-26 17:02:34 +00:00
Howard Chu
97474d966b ITS#10044 dynlist: check for abandon in search2resp 2024-03-26 16:42:34 +00:00
Howard Chu
513da65360 ITS#10172 logging: report errors when rotation fails 2024-03-26 16:41:34 +00:00
Nadezhda Ivanova
493e991ebc ITS#10164 back-meta hangs when used with dynlist overlay 
Make sure every proxied operation has a separate candidates structure.
 2024-02-15 18:13:20 +00:00
Ondřej Kuzník
70e72e5889 ITS#10173 Populate li_minCSN on conversion 2024-02-15 18:10:53 +00:00
Stephen Gallagher
d019472211 ITS#10171 - Explicitly cast private values 
Fixes issues with -Werror=incompatible-pointer-types

Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
 2024-02-15 18:07:02 +00:00
Howard Chu
68cba1f476 ITS#10170 accesslog: skip response if not fully initialized yet 2024-02-15 18:05:37 +00:00
Howard Chu
e992b8972d ITS#10167 slapo-memberof: add addcheck option 
Check memberships of newly added entries.
 2024-02-15 17:56:16 +00:00
Ondřej Kuzník
fe7ee15016 ITS#9823 Move to a place that is better associated with accesslog 2024-02-15 17:55:09 +00:00
Nadezhda Ivanova
01e32028fc ITS#10165 back-meta fails to bind to target when proxying an internal operation 2024-02-15 17:51:42 +00:00
Howard Chu
ce1d833c54 ITS#10166 slapi: fix plugin.c plugin_pblock_new() usage 
Broken in 9142da8eaf
 2024-02-15 17:48:20 +00:00
Ondřej Kuzník
131a42c4f8 ITS#10139 back-config: Honour disclose in matchedDN handling 2024-01-29 18:44:23 +00:00
Howard Chu
3e25c6d908 ITS#10025 slapo-dynlist: add option to disable filter support 2024-01-23 18:44:37 +00:00
Ondřej Kuzník
705ebb995a ITS#10110 Do not skip backover for result entries 2024-01-16 20:40:39 +00:00
Howard Chu
ffdd12f069 ITS#10135 dynlist: fix search2resp callback context 2024-01-16 20:38:57 +00:00
Stacey Marshall
8cb36ebc49 ITS#10130 Several callers of getpassphrase() ignore NULL returns 2024-01-16 20:36:57 +00:00
Howard Chu
efae4b1288 ITS#10143 only slapd should use the logfile 2024-01-16 19:19:24 +00:00
Ondřej Kuzník
88d0404d7b ITS#10142 Link tiers in on cn=config startup 2024-01-16 19:17:56 +00:00
Howard Chu
e820a79fc7 ITS#10092 fix local logger for Windows 
Don't use writev, just copy the message to insert prefix
 2024-01-16 19:04:44 +00:00
Ondřej Kuzník
c1307e56fc ITS#10089 Fix acl logging 2024-01-11 22:04:00 +00:00
Ondřej Kuzník
d24a968bce ITS#10123 Add a missing include 2024-01-11 22:02:01 +00:00
Howard Chu
0431b01bdd ITS#10117 build: fix slap-config.h decls for Windows DLLs 2024-01-11 18:55:15 +00:00
Hiroyuki Homma
8074a30beb ITS#10080 Fix refreshAndPersist synchronization problem with glue + rwm 2024-01-11 18:02:07 +00:00
Ondřej Kuzník
db3d964ee8 ITS#10080 Fix slapcat when gluing is on 2024-01-11 18:02:01 +00:00
Ondřej Kuzník
94cc4f3441 ITS#10080 Preserve original choice of backend for entry_release 2024-01-11 18:00:09 +00:00
Howard Chu
95c5d0b045 Cleanup Windows build 
Fix make depend errors in slapi
 2024-01-11 17:53:08 +00:00
Ondřej Kuzník
7a6475215a ITS#10074 Fix type mismatches in lloadd 2023-10-23 19:18:23 +00:00