upstream/openldap
1
0
Fork 0
mirror of https://git.openldap.org/openldap/openldap.git synced 2026-01-02 04:59:39 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions
20452 commits 38 branches 309 tags 68 MiB
Commit graph

3433 commits

Author SHA1 Message Date
Howard Chu
27ab75ef36 Re-use old pages 2011-09-01 15:53:33 -07:00
Howard Chu
8d74f717ff For test063 
add hex timestamp to lutil_debug() output
Fix LASTMOD race condition in accesslog.c
Set refreshInterval even if using refreshAndPersist, since
fallbacks will use refresh params
 2011-08-30 19:16:39 -07:00
Howard Chu
6546ecd39c ITS#7022 cleanup prev commit 2011-08-24 15:37:52 -07:00
Rich Megginson
a7aac14d2a ITS#7022 NSS_Init* functions are not thread safe 
The NSS_InitContext et. al, and their corresponding shutdown functions,
are not thread safe.  There can only be one thread at a time calling
these functions.  Protect the calls with a mutex.  Create the mutex
using a PR_CallOnce to ensure that the mutex is only created once and
not used before created.  Move the registration of the nss shutdown
callback to also use a PR_CallOnce.  Removed the call to
SSL_ClearSessionCache() because it is always called at shutdown, and we must
not call it more than once.
 2011-08-24 15:34:47 -07:00
Jan Vcelak
3dae953fd6 ITS#7014 TLS: don't check hostname if reqcert is 'allow' 
If server certificate hostname does not match the server hostname,
connection is closed even if client has set TLS_REQCERT to 'allow'. This
is wrong - the documentation says, that bad certificates are being
ignored when TLS_REQCERT is set to 'allow'.
 2011-08-24 15:27:29 -07:00
Rich Megginson
210b156ece ITS#7002 MozNSS: fix VerifyCert allow/try behavior 
If the olcTLSVerifyClient is set to a value other than "never", the server
should request that the client send a client certificate for possible use
with client cert auth (e.g. SASL/EXTERNAL).
If set to "allow", if the client sends a cert, and there are problems with
it, the server will warn about problems, but will allow the SSL session to
proceed without a client cert.
If set to "try", if the client sends a cert, and there are problems with
it, the server will warn about those problems, and shutdown the SSL session.
If set to "demand" or "hard", the client must send a cert, and the server
will shutdown the SSL session if there are problems.
I added a new member of the tlsm context structure - tc_warn_only - if this
is set, tlsm_verify_cert will only warn about errors, and only if TRACE
level debug is set.  This allows the server to warn but allow bad certs
if "allow" is set, and warn and fail if "try" is set.
 2011-07-28 14:09:55 -07:00
Rich Megginson
fb4b4f7445 ITS#7001 MozNSS: free the return of tlsm_find_and_verify_cert_key 
If tlsm_find_and_verify_cert_key finds the cert and/or key, and it fails
to verify them, it will leave them allocated for the caller to dispose of.
There were a couple of places that were not disposing of the cert and key
upon error.
 2011-07-28 14:00:15 -07:00
Jan Vcelak
e8ac17e17c ITS#6998 MozNSS: when cert not required, ignore issuer expiration 
When server certificate is not required in a TLS session (e.g.
TLS_REQCERT is set to 'never'), ignore expired issuer certificate error
and do not terminate the connection.
 2011-07-21 11:59:06 -07:00
Howard Chu
c02e681121 ITS#6982 fix md5 memset invocation 2011-07-01 22:55:06 -07:00
Howard Chu
661d4f80e3 Drop header page 
it's useless, just use meta pages instead
 2011-07-01 02:31:36 -07:00
Rich Megginson
d944920fd3 ITS#6980 free the result of SSL_PeerCertificate 
In tlsm_auth_cert_handler, we get the peer's cert from the socket using
SSL_PeerCertificate.  This value is allocated and/or cached.  We must
destroy it using CERT_DestroyCertificate.
 2011-06-29 16:56:26 -07:00
Hallvard B Furuseth
c98c14fef5 Private: make.sh 2011-06-29 22:29:24 +02:00
Hallvard B Furuseth
63370215dd #define _XOPEN_SOURCE for random() 2011-06-29 22:29:24 +02:00
Hallvard B Furuseth
f88d626ff1 Drop unused vars 2011-06-29 22:29:24 +02:00
Hallvard B Furuseth
95c88a57b1 Warning cleanup: Make parent index unsigned 2011-06-29 22:29:24 +02:00
Hallvard B Furuseth
7c1e5e9540 Warning cleanup: printf(%p, struct*) 2011-06-29 22:29:24 +02:00
Hallvard B Furuseth
5fdbc54d76 Warning cleanup: if(rc = mdb_<func>()) & co 2011-06-29 22:29:24 +02:00
Hallvard B Furuseth
160585b1bc Warning cleanup: Drop unneeded 'unsigned >= 0' 2011-06-29 22:29:24 +02:00
Hallvard B Furuseth
bd2ceeb74e Fix P_INVALID signedness 2011-06-29 22:29:24 +02:00
Hallvard B Furuseth
f42f7f3442 Fix formats, reduce PAGEHDRSZ size_t->unsigned. 
NUMKEYS was size_t due to PAGEHDRSZ; printing unsigned int is simpler.

Instead increase PAGEFILL to long, since it involves a multiply.
Possibly uint32_t or something would be sufficient.
 2011-06-29 22:29:24 +02:00
Hallvard B Furuseth
aed36f5780 Compact memnrcmp, just for fun 2011-06-29 22:26:32 +02:00
Hallvard B Furuseth
ab0d6fa05e Fix memncmp(): Do not memcmp twice 2011-06-29 22:26:32 +02:00
Hallvard B Furuseth
86b40907d4 DPRINTF(): Fix format, handle non-gcc, simplify. 
Add C99-required 1st parameter.  Disable for for non-gcc.  Simplify.
GNU extension #define DPRINTF(<no 1st arg>...) -> GNU ext ,##__VA_ARGS__.
Fix __LINE__ format %ld -> %d.
 2011-06-29 22:26:32 +02:00
Hallvard B Furuseth
84659a5bb6 Makefile 2011-06-29 22:26:32 +02:00
Hallvard B Furuseth
f73a992ac9 .gitignore 2011-06-29 22:26:32 +02:00
Howard Chu
2d4f522a73 More cursor tests, fail... 2011-06-29 01:55:53 -07:00
Howard Chu
bddc86c0ee Save a byte in nodesz 2011-06-29 01:55:07 -07:00
Howard Chu
3a62d59c45 meta init 2011-06-28 22:34:53 -07:00
Howard Chu
fe703b0ee0 Log txnID in msgs 2011-06-28 22:05:54 -07:00
Howard Chu
421ee6bb1d Use toggling meta page instead of always appending 2011-06-28 18:40:52 -07:00
Howard Chu
a37195f686 Use shmat for lock region instead of mmap 2011-06-28 14:22:22 -07:00
Howard Chu
f367441b69 Add locking support 2011-06-28 13:46:48 -07:00
Howard Chu
a4c3626267 Fix P_INVALID def 2011-06-28 02:57:02 -07:00
Howard Chu
7d678832a7 Cursor testing 2011-06-28 02:43:49 -07:00
Howard Chu
cd57e9741f Fix splits, cursor navigation, newpage flags 2011-06-28 02:40:46 -07:00
Howard Chu
11e80dae63 Return statistics for a DB 
Eventually this will have to grow up to be like BDB db_stat...
 2011-06-28 00:16:05 -07:00
Howard Chu
a2de260fb3 Use NOSYNC flag 2011-06-28 00:15:40 -07:00
Howard Chu
0c2610ebdd Use header when some fields are unspecified 2011-06-28 00:15:15 -07:00
Howard Chu
d620d4368a Checkpoint 2011-06-27 22:39:24 -07:00
Howard Chu
7ee3dee647 ITS#6828 set ld_errno on connect failures 2011-06-27 18:43:31 -07:00
Howard Chu
052ac2f64a ITS#6828 silence warning in prev commit 2011-06-24 18:03:11 -07:00
Howard Chu
d0973003f7 ITS#6978 bail out on invalid input 2011-06-23 13:17:08 -07:00
Rich Megginson
5e467e4899 ITS#6862 MozNSS - workaround PR_SetEnv bug 2011-06-21 15:58:49 -07:00
Rich Megginson
d78cf81648 ITS#6975 MozNSS - allow cacertdir in most cases 
OpenLDAP built with OpenSSL allows most any value of cacertdir - directory
is a file, directory does not contain any CA certs, directory does not
exist - users expect if they specify TLS_REQCERT=never, no matter what
the TLS_CACERTDIR setting is, TLS/SSL will just work.
TLS_CACERT, on the other hand, is a hard error.  Even if TLS_REQCERT=never,
if TLS_CACERT is specified and is not a valid CA cert file, TLS/SSL will
fail.  This patch makes CACERT errors hard errors, and makes CACERTDIR
errors "soft" errors.  The code checks CACERT first and, even though
the function will return an error, checks CACERTDIR anyway so that if the
user sets TRACE mode they will get CACERTDIR processing messages.
 2011-06-21 15:56:55 -07:00
Jan Vcelak
65e163d268 ITS#6947 Handle missing '\n' termination in LDIF input 2011-06-20 18:18:34 -07:00
Howard Chu
9f7d119ce3 Add LDAP_OPT_X_TLS_PACKAGE 
to return the name of the underlying TLS implementation
 2011-06-10 02:11:26 -07:00
Howard Chu
33f3de77f1 ITS#6828 fix TLS setup with async connect 2011-06-08 18:27:54 -07:00
Hallvard Furuseth
fac36dcba7 ITS#6932: Clean up strange asserts & nearby code. 
Mostly found by Klocwork: Issues #213,298-300,331,342-343,374,390,410.
 2011-05-05 15:55:29 +02:00
Hallvard Furuseth
06dca7858e ITS#6931 Catch NULL ld for LDAP_OPT_SESSION_REFCNT. 
Klocwork issue#111, ldap_get_option().
 2011-05-05 14:10:32 +02:00
Hallvard Furuseth
a1cb490d0c ITS#6930 Plug ldapi://too-long-path socket leak. 
Klocwork issue#117, ldap_connect_to_path().
 2011-05-05 13:52:08 +02:00
Hallvard Furuseth
375bc1ace7 ITS#6929 fclose(password file) on failure. 
lutil_get_filed_password() bug; klocwork issue#203.
 2011-05-05 13:40:15 +02:00
Howard Chu
9b463b59ec ITS#6898 fix regression from ITS#6625 
compound statements need brackets, duh.
 2011-04-09 16:55:00 -07:00
Hallvard Furuseth
76b7a83026 Merge missing files from cvs repo 2011-04-04 15:38:46 +02:00
Hallvard Furuseth
86dc9d8a4c ITS#6885: Fix lutil_get_now for !HAVE_GETTIMEOFDAY 2011-03-30 15:51:46 +02:00
Howard Chu
f8a5ce4a6e ITS#6870 move ldif.c and fetch.c from liblutil to libldap 2011-03-24 06:49:04 +00:00
Ralf Haferkamp
41654b51e1 ITS#6870 Revert r1.49 commit to make HEAD build again 2011-03-22 11:17:21 +00:00
Ralf Haferkamp
a6dce60b27 ITS#6870 Reverted last commit 2011-03-18 15:18:42 +00:00
Ralf Haferkamp
061786c8dc More for ITS#6870 2011-03-18 14:51:42 +00:00
Howard Chu
a9701ef5a0 ITS#6870 fix Makefile breakage due to ITS#6194 2011-03-17 16:55:26 +00:00
Howard Chu
31a8460417 ITS#6863, fix crashes in ITS#6714 patch. From Jan Vcelak @ Red Hat 2011-03-16 18:23:26 +00:00
Howard Chu
93da727d86 ITS#6848 Add -w option to wait for DB startup before parent exits 2011-03-01 01:19:37 +00:00
Howard Chu
6f1d218652 ITS#6832 #elif cleanup 2011-02-17 00:36:30 +00:00
Howard Chu
ba30a9ee62 Export pw_string64 as lutil_passwd_string64 2011-02-07 00:46:06 +00:00
Howard Chu
bbecfa740d ITS#6811, more for #6802 PKCS11 fork() handling from Rich Megginson @ Red Hat 2011-01-29 20:40:20 +00:00
Pierangelo Masarati
45d580e941 do not hijack loop counter (ITS#6813; blind fix) 2011-01-29 11:05:08 +00:00
Howard Chu
2d545befdd Cleanup version checking 2011-01-27 21:43:22 +00:00
Howard Chu
d27f458b37 ITS#6802 restart modules for fork() - from Rich Megginson @ Red Hat 2011-01-27 21:38:40 +00:00
Howard Chu
ba70ec8b2c ITS#6791 fix cert usage types/values - from Rich Megginson @ Red Hat 2011-01-27 21:34:35 +00:00
Howard Chu
5224536a8e ITS#6790 fix default cipher suites - from Rich Megginson @ Red Hat 2011-01-27 21:32:39 +00:00
Hallvard Furuseth
9eb5ecba15 ITS#5421 comment ldapoptions vs ldapoptions_prefix 2011-01-20 10:45:14 +00:00
Howard Chu
e542bd5498 ITS#5421 export ldap_debug define in <ldap_log.h> 2011-01-19 21:20:10 +00:00
Pierangelo Masarati
6d8e0d5b3e increment lconn_refcnt so connection does not get closed (ITS#6788) 2011-01-18 23:53:24 +00:00
Hallvard Furuseth
b9609cedf5 Catch ber errors in vc (Verify Credentials) 2011-01-17 13:15:27 +00:00
Hallvard Furuseth
8021cbd8f1 ITS#6738 Catch ber errors in libldap/ldap_sync.c. 
Also remove variable tag in ldap_sync_search_intermediate()
and reduce  ber_scanf("tm", &tag, foo)  to  tag=ber_scanf("m", foo).
 2011-01-17 12:20:56 +00:00
Hallvard Furuseth
dd640af54f Fix ITS#6672: Do not return LDAP_MUTEX_LOCK(). 
It has type void.
 2011-01-12 14:25:37 +00:00
Hallvard Furuseth
77f78f1d57 vc.c: ber_printf/flatten rc==LBER_ERROR -> rc<0 2011-01-12 14:23:07 +00:00
Howard Chu
6a544b7193 Silence stupid MUTEX_FIRSTCREATE warnings 2011-01-11 21:34:55 +00:00
Pierangelo Masarati
45205bdf70 don't leak reqdata 2011-01-08 12:51:43 +00:00
Kurt Zeilenga
be897b6679 Outline SASL interactive API (no meat) 2011-01-06 18:37:23 +00:00
Hallvard Furuseth
360066784c Re-fix ITS#6764 (check for ber == NULL _before_ using ber) 2011-01-05 13:57:31 +00:00
Kurt Zeilenga
966cef8c9a Happy New Year 2011-01-05 00:42:37 +00:00
Kurt Zeilenga
390ba8c84e VC adjust controls tag 2011-01-04 16:01:07 +00:00
Pierangelo Masarati
e2440ccb00 fix previous commit 2011-01-04 01:02:12 +00:00
Pierangelo Masarati
fdafc6384e fix error handling/arg checking 2011-01-03 23:40:02 +00:00
Kurt Zeilenga
37dcb1d791 Remove authzid parameter from verify credential response. 
If client wants authzid, it can ask by adding an Authorization Identity
Request inner control.
 2011-01-03 22:05:23 +00:00
Kurt Zeilenga
7f4c7ebc1c Extend Verify Credentials encode/decode per -devel post. 
(ldapvc doesn't yet request/handle inner password policy control.
 2011-01-03 21:49:26 +00:00
Kurt Zeilenga
e6fd8bfbb0 Remove version from encoding 
(previously removed from SASL choices, but should be always absent)
 2011-01-03 19:21:03 +00:00
Pierangelo Masarati
59b220506d more about ITS#6645 2011-01-01 20:50:00 +00:00
Pierangelo Masarati
6631d41c16 ber_flatten must return -1 on unmatched "{" "}" (ITS#6764) 2011-01-01 16:06:45 +00:00
Hallvard Furuseth
c9e85af35c ITS#6759: assert;Debug -> Debug;assert 2010-12-30 23:19:02 +00:00
Howard Chu
8018924efd ITS#6741 support Bitstring in ldap_X509dn2bv() 2010-12-30 19:38:57 +00:00
Kurt Zeilenga
46f4813632 Remove dead code. 2010-12-30 17:46:26 +00:00
Pierangelo Masarati
f3dd90a553 s/0/O/ 2010-12-30 15:58:48 +00:00
Pierangelo Masarati
538b582cdc fix perror; removed extra sequence opening (is it needed; if yes, it must also be closed, see #if 0) 2010-12-30 15:51:25 +00:00
Pierangelo Masarati
7dfc54378c s/VCRequest/VCResponse/ 2010-12-30 14:12:26 +00:00
Howard Chu
f697a3ffed ITS#6742 from Rich Megginson @ Red Hat 2010-12-24 00:29:31 +00:00
Howard Chu
1bb648841b ITS#6453 cleanup on LDAP_TIMEOUT 2010-12-23 23:18:41 +00:00
Kurt Zeilenga
6119ad7294 Misc vc updates 2010-12-15 00:59:42 +00:00
Kurt Zeilenga
8a692a0034 Add comment regarding ASN.1 syntax 
rm version field
 2010-12-14 22:09:50 +00:00
Kurt Zeilenga
25aa65f693 cleanup 2010-12-14 21:14:31 +00:00
Kurt Zeilenga
d3b51f2614 LDAP "Verify Credentials" operation 
Client library implementation only
 2010-12-14 20:58:02 +00:00
Hallvard Furuseth
5feeec67d7 ITS#6747 Fix LDAP_CONNECTIONLESS Debug(), warnings 2010-12-14 15:06:32 +00:00
Howard Chu
439030a16d ITS#6714 non-blocking support from Richard Megginson @ Red Hat 2010-12-11 04:57:10 +00:00
Howard Chu
0215833bcd Cleanup prev commit 2010-12-11 04:51:21 +00:00
Howard Chu
a2053729f0 ITS#6744 - plug leak 2010-12-11 04:35:01 +00:00
Howard Chu
75bb972859 Partial fix for non-string types in cert DNs. (Need to add explicit support 
for Bitstring, maybe a few others.)
 2010-12-10 02:05:18 +00:00
Pierangelo Masarati
dc156d7f6e allow to set LDIF max line width (ITS#6645) 2010-12-07 10:14:51 +00:00
Pierangelo Masarati
d5f101f836 typo in comment 2010-12-07 10:11:06 +00:00
Hallvard Furuseth
16b7df8397 ITS#6625 Remove some LDAP_R_COMPILEs 2010-12-06 11:31:58 +00:00
Hallvard Furuseth
5ecd624f50 Fix ITS#6625: mutex-protect ldap_free_connection() 2010-12-06 10:51:55 +00:00
Hallvard Furuseth
7cb9c496bf ITS#6625 concurrency patch cleanup 2010-12-06 10:41:41 +00:00
Hallvard Furuseth
5c186dff4d Silence valgrind's ptrcheck (no real change). 
Also removes a bit unnecessary code.
 2010-12-06 08:19:40 +00:00
Hallvard Furuseth
a55d333107 ITS#6733: Fix LDAP_MEMORY_DEBUG issues. 
ber_memcalloc_x overflow check.  Silence some compiler warnings.
 2010-12-03 11:44:22 +00:00
Hallvard Furuseth
a7771fc35a ITS#6732: Clean up ber_errno handling. 
Set it after ber_mem(c)alloc_x failure.  Don't set it when not needed.
 2010-12-02 13:18:32 +00:00
Pierangelo Masarati
603eec5758 remove #ifdef EAGAIN, EWOULDBLOCK (ITS#6603) 2010-11-24 14:47:46 +00:00
Hallvard Furuseth
bc38ec228b For ITS#5421: Remove unnecessary #include "ldap_log.h" 2010-11-23 15:25:49 +00:00
Hallvard Furuseth
7c29e2c7c5 ITS#6723: Handle EOF in test programs 2010-11-23 12:12:54 +00:00
Hallvard Furuseth
18e348a379 Fix last commit (ITS#6622): Remove non-C90 // comment 2010-11-22 12:28:34 +00:00
Hallvard Furuseth
b75b769471 Fix cyrus.c rev 1.159 for --without-cyrus-sasl: 
It modified ldap_int_sasl_bind()'s prototype with but not without SASL.
 2010-11-19 12:32:05 +00:00
Howard Chu
1ed2d0a485 ITS#6706 from Rich Megginson @ Red Hat - improve diagnostic messages 2010-11-15 20:47:24 +00:00
Howard Chu
750f7f895b ITS#6705 from Rich Megginson @ Red Hat - only use .0 files in cacertdir 2010-11-15 20:45:47 +00:00
Howard Chu
4c31652ee8 ITS#6704 from Rich Megginson @ Red Hat - use both cacert and cacertdir 2010-11-15 20:44:32 +00:00
Howard Chu
208308d4dd ITS#6703 from Rich Megginson @ Red Hat - reject non-files for cert/key pem files 2010-11-15 20:43:53 +00:00
Howard Chu
c7e19f9b62 ITS#6702 prompts should be on stderr 2010-11-12 04:15:23 +00:00
Howard Chu
f26b5b6692 ITS#6689 from Rich Megginson @ Red Hat 2010-10-29 10:30:30 +00:00
Howard Chu
0f30db1c46 ITS#6625 concurrency patch from Doug Leavitt @ Oracle .com 2010-10-22 21:45:48 +00:00
Howard Chu
abe4a5f83b ITS#6673 GnuTLS hangs if you tell it to shut the read direction. Just 
shut the write direction; it will all be irrelevant since the socket
will be closed immediately after.
 2010-10-16 12:11:11 +00:00
Howard Chu
845bf30c5b Fix prev commit 2010-10-15 13:53:12 +00:00
Howard Chu
f1a18f4e53 Cleanup prev commit 2010-10-14 03:11:26 +00:00
Howard Chu
120d2ce228 More for prev commit. What about ldap_pvt_sasl_getmechs() ? 2010-10-14 01:47:09 +00:00
Howard Chu
fca72f333b Add ldap_sasl_interactive_bind() 2010-10-14 01:29:32 +00:00
Howard Chu
0b660dc9f6 ITS#6672 mutex cleanup 2010-10-13 08:43:15 +00:00
Howard Chu
1c9853c674 ITS#6669 remove obsolete SunOS4 LWP support 2010-10-12 11:02:59 +00:00
Howard Chu
0890a89c37 ITS#6669 remove obsolete SunOS4 LWP support 2010-10-12 10:26:31 +00:00
Pierangelo Masarati
2b1b37cd4b do not use lutil_atoix() (ITS#6654) 2010-09-21 00:10:44 +00:00
Pierangelo Masarati
9d77d61314 don't use lud_host when NULL (ITS#6653, fixed differently) 2010-09-21 00:05:36 +00:00
Howard Chu
f32f1a45d4 ITS#6639 set sock err to EAGAIN on partial write 2010-09-12 10:09:45 +00:00
Pierangelo Masarati
4601107e4e fix format specifier (ITS#6644) 2010-09-09 16:05:26 +00:00
Pierangelo Masarati
0c0873803d add parsing support for [unsigned] long long (ITS#6622) 2010-08-12 23:32:37 +00:00
Pierangelo Masarati
6c6e187b98 do not alter ld_nextref_proc (ITS#6602) 2010-07-27 00:55:51 +00:00
Pierangelo Masarati
d27038f6b4 fix previous commit 2010-07-26 19:45:36 +00:00
Pierangelo Masarati
c2ab1778a0 check mutex ownership 2010-07-26 19:26:59 +00:00
Howard Chu
512c7ca273 ITS#6585 don't close invalid sockets 2010-07-21 23:41:17 +00:00
Howard Chu
71f062afee ITS#6595 remove unneeded token init code. From Rich Megginson @ RedHat. 2010-07-21 22:57:01 +00:00
Howard Chu
e0cac8a048 ITS#6589 allow self-signed server certs, from Rich Megginson @ RedHat.com 2010-07-14 23:11:34 +00:00
Howard Chu
ce1e201343 add ifdefs for SASL_GSS_CREDS to accomodate ancient Cyrus SASL 2010-06-12 22:10:16 +00:00
Howard Chu
33bfd730a1 ITS#6569 return server's error code on Disconnect 2010-06-02 03:30:19 +00:00
Howard Chu
d3a1be4e3f ITS#6568 plug cldap memleaks 2010-06-02 03:10:39 +00:00
Howard Chu
2dd75cf206 Support option SASL_GSS_CREDS 2010-05-13 06:08:21 +00:00
Howard Chu
73bb167e74 ITS#6541 off-by-one, account for 'Z' being replaced by sign of delta 2010-05-03 05:13:44 +00:00
Ralf Haferkamp
17d61f6e6a Different fix for make -j builds. The previous one caused recompiles 
of fetch.c and ldif.c with every make run.
 2010-04-29 11:28:13 +00:00
Ralf Haferkamp
df9f2d87a5 Fix parallel builds (make -j) 2010-04-23 16:30:55 +00:00
Pierangelo Masarati
de94fbbd26 fix libraries order to build with --enable-dynamic (more about ITS#6517) 2010-04-22 15:45:41 +00:00
Pierangelo Masarati
6cee32cb28 more about ITS#6194 2010-04-20 05:47:09 +00:00
Pierangelo Masarati
a94b978e9d (blind) fix off-by-one bug (ITS#6223; fixed differently) 2010-04-18 02:42:56 +00:00
Howard Chu
b8013e828c No longer used 2010-04-15 21:29:50 +00:00
Pierangelo Masarati
ee156cfd7a serial can be longer than ber_int_t (ITS#6460) 2010-04-14 20:26:24 +00:00
Kurt Zeilenga
3dadeb3efe happy belated New Year 2010-04-13 22:17:29 +00:00
Pierangelo Masarati
9331182a07 union of operation-specific data in LDIFRecord (ITS#6194, by Rich Megginson) 2010-04-13 07:37:59 +00:00
Howard Chu
68b292d869 Cleanup prev commit 2010-04-12 20:21:13 +00:00
Howard Chu
86c361cdb8 In tmp_rsa_cb, new API is in 0.9.8 inclusive, not exclusive 2010-04-12 03:21:05 +00:00
Howard Chu
1dbefa75be ITS#6432 updated MozNSS context and PEM support 2010-04-12 02:44:28 +00:00
Pierangelo Masarati
d033f680b5 (ITS#6194) Patch - Enhancement - provide LDIF support as libldif 2010-04-12 02:01:55 +00:00
Howard Chu
e5302c2431 ITS#6510 ignore referrals on Bind response 2010-04-09 18:30:29 +00:00
Kurt Zeilenga
abdb6c683f ldap_parse_result should always free result when freeit is true. 2010-03-26 14:05:47 +00:00
Kurt Zeilenga
f967ec3b4e Set res parameter to NULL upon ldap_search_ext_s entry. Likewise for friends. 
Note in manual that res parameter should be freed regardless of return value
of ldap_search_ext_s (or friends).
 2010-01-29 23:11:24 +00:00
Pierangelo Masarati
797387c4ef skip the serial, whatever its length (ITS#6460) 2010-01-24 19:16:57 +00:00
Howard Chu
127e504015 ITS#6405 in ldap_pvt_gettime, also check for microsecs going backward 2009-11-30 21:47:38 +00:00
Hallvard Furuseth
3aff1b0c0c ITS#6351,6390: s/memrchr/lutil_memrchr/, but try #define lutil_memrchr->memrchr 2009-11-20 20:43:50 +00:00
Howard Chu
61be1d55d3 More for prev commit - only set if URL was provided. 
(should URL be mandatory?)
 2009-11-18 22:37:02 +00:00
Howard Chu
a248701ed2 ITS#6386 Must init conn->lconn_server 2009-11-18 22:23:14 +00:00
Pierangelo Masarati
a95b8cd488 honor -1 timeout (ITS#6388) 2009-11-18 14:57:52 +00:00
Howard Chu
b99fdb6506 ITS#6283 add missing env options 2009-11-15 21:48:49 +00:00
Howard Chu
9a65f35f2e partially revert prev commit 2009-11-06 02:20:40 +00:00
Howard Chu
86d9e86afd Minor cleanup in strval2str 2009-11-06 01:37:09 +00:00
Hallvard Furuseth
48048c5348 More ITS#6353 - relent a bit: accept terminating NUL byte, which AD can send 2009-11-04 11:17:03 +00:00
Hallvard Furuseth
7b22b22202 ITS#6355: Fix uninitialiezed lso_tmp_rsa_cb() return value 2009-10-30 17:08:57 +00:00
Hallvard Furuseth
989bd54914 For ITS#6353: Catch embedded NULs in BerValues converted to char* strings 2009-10-28 23:00:27 +00:00
Howard Chu
585940984c Fix prev commit, s/errno/err/g 2009-10-27 01:55:45 +00:00
Howard Chu
405c68abf9 For prev commit, check for EINTR/EAGAIN/EWOULDBLOCK 2009-10-26 23:52:55 +00:00
Howard Chu
a05d7015e0 ITS#6327, #6334 take ret=-1/EINTR into account 2009-10-26 23:36:39 +00:00
Howard Chu
30c55952d3 Cleanup prev commit 2009-10-26 19:19:20 +00:00
Howard Chu
1155f5ff20 ITS#6327 fix sb_sasl_generic_write retval for partial writes 2009-10-26 18:49:42 +00:00
Hallvard Furuseth
3a688d8d59 ITS#6348: Fix inverted LBER_USE_DER test in ber_put_seqorset() since rev 1.73 2009-10-23 20:39:54 +00:00
Hallvard Furuseth
068cf1c701 ITS#6344: return failure on failure in ber_put_ostring()/ber_put_bitstring() 2009-10-21 12:41:34 +00:00
Hallvard Furuseth
7e107de4d9 Fix comment describing BerElement.ber_usertag 2009-10-21 11:41:44 +00:00
Hallvard Furuseth
47617b033c Cleanup - macroize magic constant (ITS#5909) 2009-10-21 11:31:59 +00:00
Ralf Haferkamp
8fcdc29405 In case of certificate verification failures include failure reason 
into the error message (openssl only)
 2009-09-30 16:25:23 +00:00
Howard Chu
e0431681ad On OpenSSL 0.9.8 and newer, use RSA_generate_key_ex since 
RSA_generate_key is deprecated
 2009-09-25 23:31:24 +00:00
Pierangelo Masarati
4b4db7b529 keep compatibility with slapd's gmtime_mutex (ITS#6262) 2009-09-08 23:21:21 +00:00
Howard Chu
d0a410b212 Tweak MozNSS include path 2009-08-29 03:56:25 +00:00
Howard Chu
2ba0e44ad1 ITS#6278 PEM support for MozNSS from rmeggins@redhat.com, with header cleanups 2009-08-29 03:41:53 +00:00
Pierangelo Masarati
0b44f1fbcf silence warnings 2009-08-21 17:06:22 +00:00
Pierangelo Masarati
ba2bddafbd copy username, much like other string-valued options (more about ITS#6257) 2009-08-19 21:46:07 +00:00
Pierangelo Masarati
a846dad6fb cleanup previous commit 2009-08-19 13:10:30 +00:00
Pierangelo Masarati
9abaf38d1f silence warnings 2009-08-19 12:23:27 +00:00
Pierangelo Masarati
8776630509 address signedness issue 2009-08-19 12:06:04 +00:00
Hallvard Furuseth
f0d775609b More ITS#6262: Also define ldap_pvt_gmtime_[un]lock if localtime_r is missing 2009-08-19 10:10:31 +00:00
Pierangelo Masarati
637182b8f4 fix previous commit 2009-08-19 00:12:39 +00:00
Pierangelo Masarati
f3cdcadf89 wrap gmtime for reentrancy (ITS#6262) 2009-08-18 23:48:15 +00:00
Pierangelo Masarati
5c916588b8 fix previous commit 2009-08-18 19:09:12 +00:00
Pierangelo Masarati
98a8b74d53 expose SASL_USERNAME when it makes sense (EXTERN needs work, much like SASL_SSL) (ITS#6257) 2009-08-18 18:47:56 +00:00
Howard Chu
b87553684a More for prev commit 2009-08-14 20:02:08 +00:00
Howard Chu
9b764c3f9e Fix prev commit again, IPPROTO_TCP is the documented correct approach 2009-08-13 21:35:38 +00:00
Howard Chu
f5bad5673b Fix prev commit, it was not Linux-only as it claimed to be. 2009-08-13 20:55:04 +00:00
Hallvard Furuseth
b0e6e73d1c ITS#6215 cleanup: Export ber_skip_element() to complement ber_peek_element() 2009-08-12 22:13:50 +00:00
Hallvard Furuseth
3e20bda971 Trying again: No need to maintain ber->ber_usertag except at ber_printf "!" 2009-08-12 22:12:15 +00:00
Hallvard Furuseth
791035d93f Fix last commit: cast strcasecmp unsigned char* to char* 2009-08-07 21:46:25 +00:00
Hallvard Furuseth
3802aa5483 More ITS#6215: Catch malformed elements in ber_get_stringbvl(). 
Do not use ber_<first/next>_element(), which have no error return.
 2009-08-07 19:26:11 +00:00
Hallvard Furuseth
bc20500e62 More ITS#6215: Define and use ber_tag_and_rest() and ber_<peek/skip>_element() 2009-08-07 19:15:26 +00:00
Hallvard Furuseth
95fbdcab4e More ITS#6215: Fix wrong fix in rev 1.121 2009-08-07 16:04:25 +00:00
Howard Chu
e229b7c398 In session_chkhost get the last CN, not the first. 2009-08-07 11:59:42 +00:00
Hallvard Furuseth
455c49ba3e Simplify struct bgbvr and ber_get_stringbvl(), preserving behavior. 2009-08-04 21:11:38 +00:00
Howard Chu
d479db53e0 Minor cleanup 2009-07-31 03:26:03 +00:00
Howard Chu
403ee0b62e Fix, reqcert == ALLOW should ignore cert verification failures 2009-07-31 01:51:34 +00:00
Howard Chu
3f2101198b ITS#6239 use our own hostname checking for MozNSS 2009-07-31 01:32:51 +00:00
Hallvard Furuseth
02e165258c Might help ITS#6145: change while to do-while, to make visible that the 
loop saving malloced data is run at least once.
 2009-07-31 00:05:32 +00:00
Howard Chu
d4f2a06887 Check for CN length match as well in chkhost 2009-07-30 21:52:09 +00:00
Hallvard Furuseth
19b8065922 More ITS#6215: Fix va_arg integer types for ber_scanf "bei" & ber_printf "BX" 2009-07-29 23:03:10 +00:00
Hallvard Furuseth
8b3bb91e93 More ITS#6215: Fix ber_scanf(,"mMvVW",) cleanup on error: 
Parse args correctly and free up memory.
Also set some lengths=0 and remove unneeded ptr==NULL tests before frees.
 2009-07-29 22:38:19 +00:00
Hallvard Furuseth
886520f193 More ITS#6215: Free data to the memory context used to allocate it 2009-07-29 22:10:45 +00:00
Hallvard Furuseth
b6bad3e995 More ITS#6215: 
Reject indefinite-length format in ber_skip_tag().  localize *len.
Reject broken and too large bitstrings in ber_get_bitstringa().
Simplify a number of functions somewhat - no functionality changes.
Remove unnecessary tests and ber_tag updates after ber_skip_tag().
 2009-07-29 21:47:54 +00:00
Hallvard Furuseth
29aa1d07c7 For ITS#6215: No need to maintain ber->ber_usertag except at ber_printf "!" 2009-07-29 17:21:54 +00:00
Hallvard Furuseth
4bed42ae5a For ITS#6215: Do not expose obsolete Seqorset. Note ber_write(,,,nonzero) is gone. 2009-07-29 17:07:52 +00:00
Hallvard Furuseth
36d2dc034d More ITS#6215 - 
Speedup & less memory allocation:
  Simplify the work to encode tag, length, integer/enum, sequence/set.
  Drop struct seqorset and allocations of it.  Replace BerElement.ber_sos.
  Drop ber_write(,,,nonzero) support. Callers, if any, need to be rewritten.
  Make ber_log_sos_dump() and ber_sos_dump() stubs, they could no longer work.
Fix ber_write() buffer overrun after ber_start_seqorset().
Check overflow and max sizes, e.g. for functions returning int size.
Some cleanup, and handwaves in the direction of supporting CHAR_BIT>8.
Add/fix comments and a few descriptive types/macros.
 2009-07-29 16:49:42 +00:00
Hallvard Furuseth
53f884ac1d Remove useless asserts that will be re-assert()ed before the variable is used 2009-07-29 15:06:28 +00:00
Hallvard Furuseth
12a6f3e055 ITS#6215: Fix buffer overrun and write through NULL pointer 2009-07-29 14:57:09 +00:00
Howard Chu
e0bcb7b571 ITS#4643 never use native getpass(), it's deprecated/unsafe 2009-07-22 06:34:37 +00:00
Howard Chu
91dc4501d4 Add VLV Error 2009-07-13 13:13:38 +00:00
Howard Chu
72e319bd02 ITS#5892 return -1 from ldif_read_record on error 2009-07-07 22:30:55 +00:00
Hallvard Furuseth
bbe015f65b ITS#6197 - normalize & speed up ldap_err2string/ldap_perror(): 
Use same result code -> string mapping for both, removing ldap_int_error():
- Classify unknown error codes as API/extension/etc like _err2string did.
- Pass all strings through _(), i.e. the optional gettext, as _perror did.

Also use a switch instead of linear search for the code->string mapping.
Hopefully the compiler will optimize that.  Though the extra gettext,
if anyone uses it, probably counters that speedup.
 2009-07-07 20:05:09 +00:00
Howard Chu
159461bfc8 ITS#5696 des_set_key -> des_set_key_and_parity 2009-07-03 22:19:52 +00:00
Howard Chu
8680c13c5f Cleanup ciphernum 2009-07-03 02:06:24 +00:00
Howard Chu
d95bc8d2d8 Acknowledge richm 2009-07-02 23:19:44 +00:00
Howard Chu
4b8485c47a ITS#5696 Additional MozNSS support from rmeggins@redhat.com 2009-07-02 23:10:23 +00:00
Howard Chu
de91bde800 ITS#6192 add all digests. Also stop using SSLeay-compatible function 
names, we're only concerned with OpenSSL these days.
 2009-07-01 23:46:36 +00:00
Howard Chu
093fed660d ITS#6188 add stub for ldap_pvt_thread_pool_retract() 2009-06-25 23:15:38 +00:00
Hallvard Furuseth
671bed5270 Cleanup & slight speedup (no real change): 
Remove '#if 0 / broken code / #endif.  Rearrange pool_wrapper() to avoid
decrement-increment(ltp_active_count) when more tasks available.
 2009-06-12 20:46:36 +00:00
Hallvard Furuseth
461cb6b7ca Update last commit: avoid LDAP_STAILQ_REMOVE in ldap_pvt_thread_pool_retract 2009-06-12 19:32:53 +00:00
Hallvard Furuseth
13cbd433bd Cast getpeername() arg from struct sockaddr_un* to struct sockaddr* 2009-06-11 16:21:52 +00:00
Howard Chu
39c9b1ab25 Fix prev commit, note *task* not *thread* ... 2009-06-11 05:02:58 +00:00
Howard Chu
23783a9164 Add ldap_pvt_thread_pool_retract() to cancel pending threads 2009-06-11 04:46:04 +00:00
Ralf Haferkamp
5725d5d6e9 Introduce options to configure tcp-keepalive settings per connection. These 
settings only work on Linux and are ignore when not supported (see
discussion on -devel)
 2009-05-06 13:14:36 +00:00
Hallvard Furuseth
4b01f4b23a ITS#6080 again: simplify ber_strnlen, don't use strnlen, revert _GNU_SOURCE 2009-05-01 03:10:25 +00:00
Hallvard Furuseth
4e3f04edc3 Fix previous fix: Don't #ifdef HAVE_STRNLEN before portable.h #defines that 2009-05-01 02:17:28 +00:00
Hallvard Furuseth
a59f93f32f Update previous commit: #define _GNU_SOURCE if needed for strnlen() 2009-05-01 02:11:42 +00:00
Pierangelo Masarati
85b47ab0e7 define and use ber_strnlen() (ITS#6080); please regenerate configure and include/portable.hin 2009-04-29 11:38:31 +00:00
Pierangelo Masarati
99fe30b326 (nearly blind) fix for NULL in TLS error message (ITS#6079) 2009-04-29 11:31:39 +00:00
Ralf Haferkamp
eec889f6d9 more warning fixes 2009-04-24 09:48:08 +00:00
Hallvard Furuseth
7434318a17 ITS#5464, #5666 Update last change: Conflicted with compiler flag -D_GNU_SOURCE 2009-04-16 18:02:01 +00:00
Howard Chu
9e7b5d8f19 ITS#5464, #5666 define _GNU_SOURCE 2009-04-15 07:36:56 +00:00
Howard Chu
44f91f1464 ITS#6041 Windows opendir/closedir issues (from ITS#5408...) 2009-04-11 04:22:27 +00:00
Howard Chu
e223d0b124 ITS#6053 must use gnutls_x509_privkey_init() 2009-04-11 03:53:26 +00:00
Howard Chu
94ab6a31b2 ITS#6038 revert prev commits, ITS rejected 2009-03-27 11:07:42 +00:00
Rein Tollevik
c8cf2fc47a ITS#6038: Write slapadd progress meter to stdout. 2009-03-26 22:50:54 +00:00
Howard Chu
d39bd12e9f Skip redundant PACKETS logging 2009-03-13 23:10:37 +00:00
Howard Chu
d8e3b4e83e ITS#6005 crypt salt_format must use ber_memfree 2009-03-09 01:28:00 +00:00
Howard Chu
02b71d58ec ITS#6005 strings returned to slapd must use ber_mem* 2009-03-08 00:11:25 +00:00
Howard Chu
5d74bea520 ITS#6005 librewrite must use the same mem allocators as slapd 2009-03-07 23:21:26 +00:00
Howard Chu
0ba084d8b0 More cleanup 2009-03-05 09:15:02 +00:00
Howard Chu
c3f8e67615 Tweak prev commit 2009-03-05 09:13:26 +00:00
Howard Chu
9bc829dbef ITS#5991 build cert chain, GnuTLS doesn't do it for us 2009-03-05 08:04:49 +00:00
Howard Chu
54ed3779d6 ITS#5992 trust X509v1 CA certs 2009-03-05 04:35:49 +00:00
Howard Chu
bd312123d6 ITS#5980 clear res_matched after successfully chasing referral 2009-03-03 17:57:24 +00:00
Howard Chu
ee5b6762ae ITS#5980 - find_connection should match URLs with empty hostname 2009-03-03 17:56:44 +00:00
Howard Chu
a1861fd162 ITS#5849 patch was wrong, don't X509_free session cert 2009-03-02 17:43:38 +00:00
Howard Chu
c3cff40c1c ITS#5981 fix GnuTLS TLSVerifyClient try 2009-03-02 03:01:41 +00:00
Howard Chu
e5e9191aeb ITS#5976 check for cert/DN 2009-02-25 21:48:10 +00:00
Howard Chu
64884e7c6c Don't call NSS_Shutdown if someone else init'd the library 2009-02-25 10:14:00 +00:00
Pierangelo Masarati
0d6e859846 fix ldap namespace (part of ITS#5974) 2009-02-24 21:09:41 +00:00
Pierangelo Masarati
ed97e96944 re-fix ITS#5916 2009-02-20 01:07:00 +00:00
Quanah Gibson-Mount
3b743a3b79 Revert part of last commit 
Remove erroneous comment
 2009-02-17 21:47:09 +00:00
Quanah Gibson-Mount
83cb8883a6 More for ITS#5955 
Also special case rand file bits that are OpenSSL only
 2009-02-17 21:39:50 +00:00
Quanah Gibson-Mount
331a57fa37 ITS#5955 2009-02-17 21:32:09 +00:00
Pierangelo Masarati
040f945d36 fix misc warnings 2009-02-15 21:59:16 +00:00
Howard Chu
f38d2df19b Add comments about ITS#3134, #5938, RFC4513 for posterity. This 
file will be moving to the Attic...
 2009-02-11 01:35:56 +00:00
Howard Chu
07e79f26a4 Revert prev commit 2009-02-10 21:29:56 +00:00
Howard Chu
b886c2ad8a ITS#5937 fix ancient IPv6 typo 2009-02-10 13:27:22 +00:00
Pierangelo Masarati
2b95e7d288 partially addresses an issue with ITS#5931 2009-02-10 12:44:12 +00:00
Howard Chu
80c6ea52ea ITS#5853 restructure wait4msg / try_read1msg again. Consolidate 
the two try_read1msg cases into one, bump refcnts to prevent
lconn's from being freed prematurely.
 2009-02-10 09:51:31 +00:00
Howard Chu
fbf42baefa ITS#5934 fix NULL pointer deref 2009-02-09 21:14:46 +00:00
Howard Chu
4bc8cb6336 ITS#5928 hide all ldap_pvt_tls APIs when !HAVE_TLS 2009-02-08 03:25:48 +00:00
Howard Chu
bc486f123d Fix spinner in prev commit 2009-02-05 10:07:20 +00:00
Howard Chu
d0515c4017 ITS#5922 with namespace changes 2009-02-05 09:38:07 +00:00
Howard Chu
ff8838aa28 ITS#5920 restore old HAS_TLS test 2009-02-04 08:56:04 +00:00
Howard Chu
2b08e96b53 ITS#5916 - externally callable functions are ldap_pvt, not ldap_int. 2009-02-02 21:14:34 +00:00
Pierangelo Masarati
0ded1f16d5 Allow alias dereferencing in search C API; use new API in proxy backends (ITS#5916) 2009-01-31 10:27:07 +00:00
Hallvard Furuseth
ff08c4194c Cleanup - macroize magic constant (ITS#5909) 2009-01-30 14:14:22 +00:00
Howard Chu
7aa5ae49ca Modular TLS 2009-01-27 01:01:41 +00:00
Howard Chu
08905d6792 ITS#5789 again 2009-01-26 21:08:55 +00:00
Howard Chu
f59ce2b9a1 ITS#5462 add randfile support for gcrypt 1.4 2009-01-26 03:41:27 +00:00
Howard Chu
2558951251 ITS#5887 add native support for cipher suites for GnuTLS >= 2.2.0 2009-01-26 03:21:16 +00:00
Howard Chu
f9fd0f0cc4 ITS#5655 for new structure 2009-01-26 02:16:46 +00:00
Howard Chu
4dff3e6807 Switch to using modular TLS code, single-implementation version 2009-01-26 02:06:45 +00:00
Howard Chu
988fb232d2 ITS#5896 don't return immediately on Intermediate responses 2009-01-24 07:18:35 +00:00
Howard Chu
cf1558659b ITS#5655 TLS_PROTOCOL_MIN from Philip Guenther 2009-01-24 03:34:49 +00:00
Kurt Zeilenga
4af9eb9715 Update copyright notices 2009-01-22 00:40:04 +00:00
Ralf Haferkamp
af79710c4d Fixed typo 2008-12-12 10:08:07 +00:00
Pierangelo Masarati
7681642bcf fix LDAP deref control response; fix tool response handling; add lutil_memcopy() for API uniformity (more about ITS#5768) 2008-12-11 23:17:08 +00:00
Ralf Haferkamp
5977f20127 Avoid locking up slapd when paused during shutdown (ITS#5841), reverting 
r1.81
 2008-12-09 10:57:15 +00:00
Howard Chu
187efdad6c ITS#5849 free peer cert after retrieving DN 2008-12-05 09:00:24 +00:00
Howard Chu
5a8954f9de ITS#5768 - add deref. 2008-11-25 04:43:38 +00:00
Howard Chu
a6933cae27 Fix prev commit 2008-11-21 05:15:20 +00:00
Howard Chu
86b5de38be ITS#5812 add SASL_NOCANON / -N option 2008-11-21 03:30:15 +00:00
Howard Chu
0bd6ce1062 ITS#4750 only read LDAP_CONF_FILE if geteuid() != getuid() 2008-11-21 02:15:47 +00:00
Pierangelo Masarati
2eeefd4985 check for bogus params to an LDAP routine (ITS#5817) 2008-11-18 16:27:50 +00:00
Hallvard Furuseth
c7002ffed5 ITS#5815: Fix typo "#elif defined( MAXHOSTNAMELEN". 2008-11-16 22:52:56 +00:00
Howard Chu
36124c715a ITS#5789 GNUtls - allow CN matches against IP addresses 2008-11-04 11:21:52 +00:00
Howard Chu
24078323e2 ITS#5739 fix for ITS#4879 was too eager about IPv6 detection 2008-11-03 15:44:49 +00:00
Hallvard Furuseth
8690650121 ITS#4467: Fix ptr += snprintf buffer overflow tests (made out-of-range ptr). 
Also avoid a buf[BUFSIZ] initialization.
 2008-10-24 13:11:10 +00:00
Pierangelo Masarati
6bedf74c41 tag optional stuff 2008-10-22 23:38:09 +00:00
Pierangelo Masarati
91e14ca638 add support for (experimental) dereference control (ITS#5768); need to re-run autoconf (and autoheader?) 2008-10-22 22:19:49 +00:00
Pierangelo Masarati
2b95616768 missing $OpenLDAP$ header 2008-10-22 21:57:28 +00:00
Hallvard Furuseth
677a11ad26 ITS#5748: tavl_find3(NULL,,,) returned undefined data 2008-10-22 19:39:42 +00:00
Ralf Haferkamp
e8c1147b77 reset ld->ld_errno to avoid returning error codes of previously API calls (ITS#5762) 2008-10-21 16:17:41 +00:00
Hallvard Furuseth
08852acb80 Warning cleanup: signed meets unsigned, remove assert(unsigned >= 0). 2008-10-17 23:24:48 +00:00
Hallvard Furuseth
b464a790b8 Fix Debug(%d, scred->bv_len or -1) -> Debug(%ld, (long) scred->bv_len or -1L). 
Cast sasl_encode() arg from unsigned char* to char*.
Warning cleanup: signed meets unsigned.
 2008-10-17 20:46:44 +00:00
Hallvard Furuseth
1c85cf3c88 Warning cleanup: signed meets unsigned. ber_flatten2() returns -1 on 
error, not LBER_ERROR.
 2008-10-13 08:44:54 +00:00
Hallvard Furuseth
03a729673c Warning cleanup: signed meets unsigned. 2008-10-13 08:13:27 +00:00
Howard Chu
9078381252 Cleanup unused defs 2008-10-09 11:33:49 +00:00
Howard Chu
4294664aad ITS#5369 SASL/GSSAPi refactoring from Stefan Metzmacher <metze@samba.org> 
and Rafal Szczeniak <mimir@samba.org>, with minor cleanups
 2008-10-09 11:10:28 +00:00
Howard Chu
f7484f78e6 ITS#5369 SASL/GSSAPi refactoring from Stefan Metzmacher <metze@samba.org> 
and Rafal Szczeniak <mimir@samba.org>, with minor cleanups
 2008-10-09 10:51:28 +00:00
Howard Chu
b2432fdbf2 Add SASL_MECHLIST option to retrieve list of known SASL mechs 2008-10-09 09:28:39 +00:00
Howard Chu
c51252633b Accept X-starttls for prev commit 2008-10-07 03:13:00 +00:00
Howard Chu
809548c88b Handle StartTLS in URL extensions 2008-10-07 03:06:44 +00:00
Howard Chu
99186a90e0 Fix prev commit 2008-09-30 22:22:31 +00:00
Howard Chu
721264db13 ITS#5720 fix ldap_utf8_strchr arguments 2008-09-30 05:05:53 +00:00
Ralf Haferkamp
0f4f9c9c13 Avoid "label at end of compound statement" error of newer gcc 2008-09-19 12:58:00 +00:00
Pierangelo Masarati
43ae03fc10 silence warnings 2008-09-16 14:10:02 +00:00
Pierangelo Masarati
548a9f39ba fix '<hex>'H conversion issue; did not look at decimal yet (ITS#5699) 2008-09-13 18:46:50 +00:00
Howard Chu
178141d7ec ITS#5668 avoid overflows in Windows microsecond computation 2008-09-11 01:51:02 +00:00
Pierangelo Masarati
4aa9edf03e cleanup round of memory handling (either check results or use ch_* calls; ITS#5691) 2008-09-09 19:58:47 +00:00
Howard Chu
cc94023c98 ITS#5677 s/TLS_CRL/TLS_CRLFILE/ 2008-09-02 22:10:44 +00:00
Howard Chu
0dbeb1d87b Pass LDAPURLDescs to connect functions instead of host/port 2008-08-15 22:53:47 +00:00
Howard Chu
46049f1d13 Fix prev commit 2008-08-15 10:53:11 +00:00
Howard Chu
baad2b249d Connect callbacks need error recovery checks 2008-08-15 10:23:29 +00:00
Howard Chu
80d1dba901 Add LDAP_OPT_CONNECT_CB connection callbacks 2008-08-14 04:54:32 +00:00
Howard Chu
a225b02f17 Modular TLS support, proof of concept. tls2.c would replace tls.c, 
but I'm leaving tls.c intact for now.
 2008-08-13 16:18:51 +00:00
Hallvard Furuseth
4028c83c67 ber_decode_oid(): Fix typo in comment 2008-08-06 13:36:53 +00:00
Hallvard Furuseth
4f935126c4 ITS#5604: Normalize lutil_progname(): strip .exe from Windows executable names 2008-07-22 10:16:11 +00:00
Howard Chu
7d479302c0 ITS#5615 return success on Solaris 10 2008-07-15 20:07:36 +00:00
Howard Chu
27fc008761 Protect errno values from Debug 2008-07-02 16:43:51 +00:00
Howard Chu
aebcd93721 ITS#5580: Revert prev commit, failed on byte-at-a-time input. Different 
approach used here.
 2008-07-02 01:33:15 +00:00
Howard Chu
7e4ba700f1 ITS#5585 GnuTLS key strength is in bytes, we expected bits 2008-06-30 23:32:35 +00:00
Howard Chu
14f1138ab5 ITS#5580 fix length decoding, verified with PROTOS 2008-06-27 02:36:41 +00:00
Howard Chu
9ef6cc3cd4 ITS#5577 GnuTLS CRL result >0 is success 2008-06-24 20:14:30 +00:00
Pierangelo Masarati
7e3c9a07e9 add client API for assertion control (ITS#5560) 2008-06-14 17:49:47 +00:00
Howard Chu
99160d7c20 ITS#5542 fix loop iterator 2008-05-30 17:29:47 +00:00
Howard Chu
19d7e565f0 ITS#5318 drop invalid msgids, cleanup msgid logging 2008-05-28 01:19:43 +00:00
Howard Chu
96550c885d ITS#5518,#5525 cleanup ld_defconn if it was freed 2008-05-23 09:53:42 +00:00
Howard Chu
ce27143ce7 ITS#5519 add missing stubs 2008-05-20 11:23:19 +00:00
Hallvard Furuseth
1fc3f1c130 ITS#5507: Set FD_CLOEXEC (close on exec) flag on LDAP file descriptors 2008-05-15 20:56:41 +00:00
Howard Chu
8810ef26b6 ITS#5458 fix error message for missing closing paren 2008-04-10 18:36:15 +00:00
Hallvard Furuseth
c55a06254f ITS#5436: make htons() port number unsigned 2008-03-18 21:12:00 +00:00
Hallvard Furuseth
00be565264 ITS#5407 cleanup (make pool_pause & pool_pausecheck wrappers for handle_pause) 2008-03-10 13:21:24 +00:00
Howard Chu
a287573d2d ITS#5407 more checks for pool pausing 2008-03-08 23:51:07 +00:00
Howard Chu
50cb332390 Use memctx more consistently 2008-03-04 07:24:05 +00:00
Hallvard Furuseth
7859063553 ITS#5364 cleanup 
Fix rev 1.91 patch: Reset ltp_pending_count when flushing ltp_pending_list.
Remove flush_pending_list() again and the now-unnecessary 2nd call to it.
Help the compiler a little.
Move ltp_work_list in case it makes a difference for caching.
Move mutex unlock in pool_destroy() to make concurrency debuggers happier.
 2008-02-11 15:49:52 +00:00
Hallvard Furuseth
650aaee3a5 ITS#5364, reduce work with ltp_mutex locked: 
Negate ltp_open_count when paused, avoids an ltp_pause test in pool_submit().
 2008-02-10 18:16:44 +00:00
Hallvard Furuseth
8afd0b05c1 ITS#5364: introduce ltp_work_list, drop 1st ltp_pause loop in pool_wrapper(). 2008-02-10 17:55:13 +00:00
Hallvard Furuseth
fe86a1cbe5 ITS#5364: maintain value ltp_vary_open_count 2008-02-10 17:38:32 +00:00
Hallvard Furuseth
ee73fca523 ITS#5364, reduce work with ltp_mutex locked: 
Replace ltp_state with ltp_finishing.  Drop state
LDAP_INT_THREAD_POOL_STOPPING, flush pending list instead.
ltp_max_pending = default value instead of 0, and negative when finishing.
 2008-02-10 17:28:20 +00:00
Hallvard Furuseth
6dd87bb83f ITS#5364, thread pool efficiency: 
Add ldap_pvt_thread_pool_pausing(): pause check for slapd without locking.
Make counters int instead of long; INT_MAX pending tasks is enough.
Nitpick cleanup: goto failure instead of if() to not-failure in _submit().
 2008-02-10 16:15:30 +00:00
Howard Chu
68316527c4 ITS#5341 GnuTLS ciphersuite parsing 2008-02-10 11:58:16 +00:00
Pierangelo Masarati
b0b387e9ed ITS#5338 2008-01-25 00:00:30 +00:00
Howard Chu
5cf0b5175b ITS#5324 don't use %n 2008-01-11 06:39:50 +00:00
Hallvard Furuseth
cd63a0c43b Warning cleanup: function ptr <=> void* at ldap_pvt_thread_pool_<set/get>key() 2008-01-11 06:07:43 +00:00
Hallvard Furuseth
2660518c5d ldap_int_bisect_find(): Silence harmless "may be used uninitialized" warning 2008-01-10 18:34:40 +00:00
Hallvard Furuseth
ac914f96a0 #include <signal.h> for pthread_kill() 2008-01-10 16:24:07 +00:00
Ralf Haferkamp
5a143df3ce Corrected memory allocation for cookie (ITS#5315) 2008-01-09 13:28:09 +00:00
Kurt Zeilenga
c890c96d13 Happy New Year (belated) 2008-01-08 00:19:56 +00:00
Pierangelo Masarati
30f401c628 rename ldap_pvt_thread_pool_setkey_x() to ldap_pvt_thread_pool_setkey() (as part of ITS#5309) 2008-01-07 21:35:03 +00:00
Hallvard Furuseth
4a2cda3cff ITS#5309: complete the addition of ldap_pvt_thread_pool_setkey_x() 2008-01-07 20:04:46 +00:00
Howard Chu
f41322d8ef Fix prev commit 2008-01-03 08:25:58 +00:00
Pierangelo Masarati
859c6d03c0 fix to ITS#5304 2008-01-02 17:30:40 +00:00
Pierangelo Masarati
622c4d3884 new ldap_pvt_thread_pool_setkey API 2007-12-29 18:14:54 +00:00
Howard Chu
cd673c2ff2 ITS#5300, reject substring filters with empty values 2007-12-29 02:32:22 +00:00
Quanah Gibson-Mount
afcc7d9e83 ITS#4982 libldap_r threaded library linking 2007-12-21 22:18:35 +00:00
Howard Chu
4c9af232d2 Cleanup spaces 2007-12-20 02:46:59 +00:00
Howard Chu
8ddc2dd773 ITS#5291, more for rev 1.79 search timeouts 2007-12-20 02:46:13 +00:00
Howard Chu
33c0301b25 Better fix to prev commit 2007-12-17 07:11:24 +00:00
Hallvard Furuseth
e4ffd33f1a Declare enough buffer space for out-of-range URL port numbers 2007-12-15 23:36:22 +00:00
Pierangelo Masarati
20f2548c82 fix declarations of buffers for numeric strings; other related cleanup 2007-12-15 15:23:23 +00:00
Howard Chu
da53cd0c40 uid/gid are unsigned 2007-12-15 02:28:45 +00:00
Howard Chu
f02d481426 ITS#5263 fix return code from parse_sasl_bind_result() 2007-12-15 02:06:12 +00:00
Hallvard Furuseth
24d9258888 Remove unused variables 2007-12-06 17:23:23 +00:00
Howard Chu
304520c113 Add memctx to lutil_str2bin() 2007-12-02 19:11:41 +00:00
Howard Chu
34a503960d Fix tmpbuf size 2007-12-01 20:28:18 +00:00
Howard Chu
6ffbb9b04d Fix dirsep chars before opening file 2007-12-01 19:19:20 +00:00
Howard Chu
3e05442795 Cleanups from Hallvard 2007-12-01 19:18:43 +00:00
Howard Chu
d4baa7dc87 Fix carries 2007-12-01 11:14:40 +00:00
Howard Chu
fab334d5f1 Fix prev. Once more, with feeling. 2007-11-30 22:26:23 +00:00
Howard Chu
88ea88feeb Fix prev cleanup. 2007-11-30 18:32:42 +00:00
Howard Chu
55f6387214 Cleanup prev commit 2007-11-30 18:25:45 +00:00
Howard Chu
14573820ec Fix rev 1.49 2007-11-30 18:10:22 +00:00
Kurt Zeilenga
ac7762996e Reverse last commit (made by mistake) 2007-11-27 20:49:47 +00:00
Kurt Zeilenga
9c970bdb21 OpenLDAP Devel README 
This software was obtained from the development branch (HEAD) of
	the OpenLDAP Software Repository.  This copy is likely already
	not current, the development branch changes frequently.  These
	changes include code implementing experimental features and
	unproven bug fixes.  Please do NOT redistribute copies of the
	development branch.

	The OpenLDAP Developer's FAQ is available at:
		<http://www.openldap.org/faq/index.cgi?file=4>

	Client developers seeking a suitable development platform
	should use "release" or "stable" versions.
		<http://www.openldap.org/software/>

Contributing
	See <http://www.openldap.org/devel/contributing.html> for how to
	contribute code or documentation to OpenLDAP.  Use the Issue Tracking
	System <http://www.openldap.org/its/> to submit contributions.
	While you are encouraged to coordinate and discuss the development
	activities on the openldap-devel@openldap.org mailing list prior
	to submission, it is noted that contributions must be submitted
	using the Issue Tracking System to be considered.

---
$OpenLDAP: pkg/ldap/README,v 1.45 2007/03/10 17:03:58 kurt Exp $

This work is part of OpenLDAP Software <http://www.openldap.org/>.

Copyright 1998-2007 The OpenLDAP Foundation.
All rights reserved.

Redistribution and use in source and binary forms, with or without
modification, are permitted only as authorized by the OpenLDAP
Public License.

A copy of this license is available in the file LICENSE in the
top-level directory of the distribution or, alternatively, at
<http://www.OpenLDAP.org/license.html>.

OpenLDAP is a registered trademark of the OpenLDAP Foundation.
 2007-11-27 20:48:38 +00:00
Pierangelo Masarati
7aeac21440 silence warnings 2007-11-23 12:47:53 +00:00
Howard Chu
b710993764 Fix dec to bin for zero value 2007-11-21 05:08:08 +00:00
Howard Chu
beff004e1e Fix dec to bin negative number handling 2007-11-21 01:49:09 +00:00
Howard Chu
9c8cf1bc04 Fix typo in dec to bin conversion 2007-11-20 18:14:17 +00:00
Howard Chu
2701782cba ITS#5224 add any necessary socket libraries 2007-11-12 07:59:54 +00:00
Howard Chu
a354d38fea Fix typo in prev commit 2007-10-25 06:50:43 +00:00
Howard Chu
183ff5120c Use thread-specific data in pool_context() 2007-10-25 06:48:44 +00:00
Howard Chu
20c4e016fa Added native thread-specific data support 2007-10-25 06:42:40 +00:00
Howard Chu
9bc4ebd12c ITS#5197 add stub for ldap_pvt_thread_pool_query() 2007-10-23 21:14:11 +00:00
Howard Chu
8713229bba Fix liblutil link order 2007-10-19 04:46:41 +00:00
Howard Chu
13c6ef95ce ITS#5194 zero out pool when destroying 2007-10-18 21:13:43 +00:00
Howard Chu
6775e25ba3 In pool_resume don't touch the condvar if the pool is tearing down. 2007-10-18 06:52:54 +00:00
Howard Chu
bdac543b3b Cleanup debug calls 2007-10-18 01:35:07 +00:00
Howard Chu
5418b51643 Quiet request logging 2007-10-10 05:17:49 +00:00
Howard Chu
cbb6f3bd50 ITS#5100 ldap_control_dup - OID must be non-NULL 2007-10-09 01:38:50 +00:00
Howard Chu
a1a63bead0 ITS#4188 check for pool pause every 64 entries. (probably should make 
this number tunable.)
 2007-10-08 01:15:49 +00:00
Pierangelo Masarati
6715f737b7 minor cleanup 2007-10-06 15:40:55 +00:00
Howard Chu
65db0bf8eb ITS#3864 use sasl_ssf_t where expected 2007-10-06 14:55:53 +00:00
Howard Chu
4d58197880 Add lutil_str2bin() for arbitrary length decimal-to-binary conversion 2007-10-01 06:50:19 +00:00
Pierangelo Masarati
d50645fc0a dispose of connection when server down (related to ITS#5127) 2007-09-29 11:24:39 +00:00
Pierangelo Masarati
27e747ad48 fix format 2007-09-29 11:22:31 +00:00
Pierangelo Masarati
3f9df357e8 don't leak file descriptors (coverity) 2007-09-03 16:18:17 +00:00
Howard Chu
8a532879cd More for ITS#5117 - only use libfetch for non-file: URLs 2007-09-02 03:43:58 +00:00
Howard Chu
ec78507682 ITS#5117 try to log a message if chasing an include: fails. Since 
ldif_read_record() doesn't distinguish errors from EOF, this is kind
of futile.
 2007-09-02 02:16:52 +00:00
Howard Chu
670febf7d5 ITS#5105 from Alexey Melnikov @ isode 2007-08-24 21:58:20 +00:00
Pierangelo Masarati
b9e2fd0dd6 ldap_control*_dup() is no longer private; add ldap_pvt_put_control 2007-08-24 12:29:33 +00:00
Pierangelo Masarati
25d46e7578 rework controls API 2007-08-22 22:35:14 +00:00
Pierangelo Masarati
95dd8de586 fix and cleanup 2007-08-22 20:55:54 +00:00
Kurt Zeilenga
0025d7fa1f Fix last commit. 2007-08-22 19:33:28 +00:00
Kurt Zeilenga
e6699ce023 Password policy request control should have no control value. 
Extend ldap_create_control() to supporting creating such.
 2007-08-22 19:26:55 +00:00
Pierangelo Masarati
b0d2063d92 client side of draft-wahl-ldap-session 2007-08-21 23:52:03 +00:00
Pierangelo Masarati
145e6fc1f8 fix or comment Calysto findings 2007-08-21 10:52:16 +00:00
Pierangelo Masarati
ca1aed557b make lutil_uuidstr_from_normalized() return the length of the string 2007-08-17 15:08:47 +00:00
Pierangelo Masarati
403704b7bc move uuid normalized to string to liblutil 2007-08-17 12:42:52 +00:00
Pierangelo Masarati
6df2df130b don't leak in case of error 2007-08-17 09:47:14 +00:00
Pierangelo Masarati
4bc19cbbb9 cleanup tools 2007-08-16 09:22:07 +00:00
Hallvard Furuseth
973a2b41b7 Make LDAP_MEMORY_DEBUG a bitmask. #define LDAP_MEMORY_DEBUG_ASSERT. ITS#4990. 2007-07-24 20:53:23 +00:00
Hallvard Furuseth
17afb33c19 ITS#5010: OID encode/decode fixes and paranoia. #define LBER_OID_COMPONENT_MAX. 2007-07-23 12:57:23 +00:00
Howard Chu
2b67f4face ITS#5056 fix chain_tail processing 2007-07-20 21:28:04 +00:00
Ralf Haferkamp
6ab46208bc Allow utf-8 in AD-Canonical Names 2007-07-13 10:12:27 +00:00
Hallvard Furuseth
e1d42189fa ITS#4990: Fix LDAP_MEMORY_DEBUG and LDAP_MEMORY_DEBUG=0 compilation. 
Declare ber_int_meminuse.  Fix '#if' -> '#ifdef' LDAP_MEMORY_DEBUG.
 2007-07-04 22:55:24 +00:00
Hallvard Furuseth
2ea3d3f621 Ensure ltp_max_pending >= 0; negative values confused pool_query(). 
Remove accidentally added #define LDAP_MAX_PENDING from last commit.
 2007-07-03 11:34:14 +00:00
Hallvard Furuseth
bc8631183c Remove bogus pause wait near end of pool_wrapper(). Add/fix comments. 2007-07-01 16:44:59 +00:00
Pierangelo Masarati
848ea293a3 cleanup 2007-06-19 22:59:53 +00:00
Pierangelo Masarati
7e12342b3b add sub-second result timeout accuracy (for which is which; ITS#4963 with changes) 2007-06-14 22:35:41 +00:00
Hallvard Furuseth
90fe4bd927 ITS#4983: Partly revert tls_thread_self() paranoia from rev 1.154: Only 
require that ldap_pvt_thread_t can be cast to u.long and is not wider.
ITS#5010: In ldap_X509dn2bv(), catch error return from ber_decode_oid().
 2007-06-12 23:57:08 +00:00
Hallvard Furuseth
ed0c9d223a Rename thread contexts to tasks, leaving user contexts the only context. 
Remove ldap_int_thread_ctx_t.ltc_next.al (active list) left over from rev 1.75.
 2007-06-10 23:58:38 +00:00
Hallvard Furuseth
c60f7c1fd2 For ITS#4943: Axe thread pool semaphore code 2007-06-10 23:37:49 +00:00
Hallvard Furuseth
25a7729a12 int -> ber_socklen_t for getsockname() 2007-06-10 20:35:30 +00:00
Hallvard Furuseth
5d083f3859 int -> ber_socklen_t for getsockopt() 2007-06-10 20:34:05 +00:00
Hallvard Furuseth
28da797a3a ITS#5007: Wrap code using MSG_WAITALL in #ifdef MSG_WAITALL. 2007-06-09 23:43:02 +00:00
Hallvard Furuseth
bfdb026fab ITS#5007: Remove void* pointer arithmetic, that's a gcc extension. 2007-06-09 23:41:36 +00:00
Hallvard Furuseth
3750520f6f Fix HP-UX crash: Replace socklen_t with ber_socklen_t from configure. ITS#4629. 2007-06-09 23:35:20 +00:00