upstream/openldap
1
0
Fork 0
mirror of https://git.openldap.org/openldap/openldap.git synced 2026-02-17 17:48:20 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions
23599 commits 38 branches 313 tags 89 MiB
Commit graph

12735 commits

Author SHA1 Message Date
Quanah Gibson-Mount
c7763538de ITS#9453 - Make pw argon2 official 2021-03-10 23:21:08 +00:00
Howard Chu
28a04795f6 ITS#9479 asyncmeta: fix hanging ops 
Two separate problems
  1) ops that never got sent because of a pending Bind
  2) errors that never got returned because of an active op
 2021-03-10 00:18:59 +00:00
Quanah Gibson-Mount
180f5b62cb ITS#9482 - Fix possiblity of uninitialized data being returned in slapi plugin 2021-03-09 20:49:42 +00:00
Quanah Gibson-Mount
891fc1e117 ITS#9481 - Fix cases when IPv6 support is disabled 2021-03-08 18:10:41 +00:00
Paul B. Henson
b91491a8ee ITS#9481 - fix proxyp when IPv6 disabled 2021-03-08 18:10:41 +00:00
Konstantin Andreev
f2481c8d88 ITS#9446 - Correctly parse gecos field 2021-03-04 19:05:23 +00:00
Howard Chu
17abe7e710 ITS#9491 plug memctx leak - frontend already clears it 2021-03-04 17:03:20 +00:00
Ondřej Kuzník
99efeda06f ITS#9288 Do no change tainted status on failed retry 
It seems refcnt == 0 connections are tainted only if they were just
removed from cache.
 2021-03-02 20:00:55 +00:00
Ondřej Kuzník
6bfdb0342d ITS#8215 Some more slapmodify manpage tweaks 2021-03-02 19:08:50 +00:00
Quanah Gibson-Mount
05b1b4688c ITS#9480 - Update example configurations to include monitor db 2021-03-02 16:12:05 +00:00
Ondřej Kuzník
34b95c520e ITS#9438 Add remoteauth overlay 2021-02-25 22:11:39 +00:00
Ondřej Kuzník
38ea26b35f ITS#7262 Retrieve the policy from the correct backend 2021-02-24 22:15:48 +00:00
Tero Saarni
0eacc4a793 ITS#9197 back-ldap: added task that prunes expired connections 2021-02-24 22:07:48 +00:00
Howard Chu
22fd5a8924 ITS#9477 fix regression from #9339 
Must provide plain IP address for TCP wrapper
 2021-02-24 19:59:51 +00:00
Paul B. Henson
146889f205 ITS#9419 Add support for HAProxy proxy protocol v2 2021-02-24 18:11:09 +00:00
Paul B. Henson
dcca73370b Move slap_sockaddrstr into liblutil 2021-02-24 18:11:09 +00:00
Ondřej Kuzník
5fa0a651f5 revert: libevent 2.0 support 2021-02-24 18:11:09 +00:00
Ondřej Kuzník
a3c49b8709 ITS#9293 Store microseconds in pwdGraceUseTime 2021-02-24 17:03:22 +00:00
Ondřej Kuzník
d1799a5023 ITS#7596 Report correct number of grace authentications left 2021-02-24 17:03:22 +00:00
Ondřej Kuzník
ee564399df ITS#9282 Check all csns 2021-02-18 17:31:32 +00:00
Quanah Gibson-Mount
5b2988ca54 ITS#9327 - Use STRIP_OPTS for lloadd 2021-02-17 19:55:25 +00:00
Quanah Gibson-Mount
ce2c5173bd ITS#9161 - Fix various typos 
Fix a number of different typos across the code base
 2021-02-17 18:42:46 +00:00
Howard Chu
e5bd309fb2 ITS#9458 must alloc new conn->c_sb after freeing old one 2021-02-08 00:46:58 +00:00
Howard Chu
3539fc3321 ITS#9454 fix issuerAndThisUpdateCheck 2021-02-06 20:52:06 +00:00
Howard Chu
c0c1bd319e ITS#9456 fix prev commit 
No need to reschedule the task inside asyncmeta_timeout_loop.
Frontend already does it if task was init'd with a valid interval.
 2021-02-06 15:45:22 +00:00
Howard Chu
7c129c8d62 ITS#9456 fix asyncmeta_timeout_loop() 2021-02-06 13:47:55 +00:00
Howard Chu
e3fd030aef Fixup debug msgs 2021-02-05 23:55:27 +00:00
Ondřej Kuzník
e030e5eadd Do not redefine lload_change everywhere 2021-02-04 18:07:25 +00:00
Quanah Gibson-Mount
6c469f0793 ITS#7790 - Rename config.h 
Rename slapd/config.h to slap-config.h and update accordingly
Rename lloadd/config.h to lload-config.h and update accordingly
 2021-02-02 21:26:39 +00:00
Ondřej Kuzník
1aecfe0b8f ITS#6518 Only remove proxyauthz control if we generated one ourselves 2021-02-01 17:22:35 +00:00
Ondřej Kuzník
4da575d451 ITS#7766 Fix previous commit 2021-02-01 16:51:56 +00:00
Ondřej Kuzník
ac70b01bc4 ITS#6518 When using proxyauthz, replace existing control - (async)meta 2021-02-01 16:43:06 +00:00
Ondřej Kuzník
4a02ae132d ITS#6518 When using proxyauthz, replace existing control 2021-02-01 16:04:52 +00:00
Ondřej Kuzník
20ec128916 ITS#9179 Always use effective identity when proxying 2021-02-01 14:22:45 +00:00
Howard Chu
0da38889e1 ITS#8541 fix data race in syncprov removal 2021-01-31 15:23:22 +00:00
Ondřej Kuzník
84db7cb21f ITS#7766 Include all relevant attributes in diff 2021-01-28 20:59:17 +00:00
David Barchiesi
0799f58533 ITS#9442 Add negregex constraint type for not allowing values based on a regex. 2021-01-28 18:54:03 +00:00
Howard Chu
b979b57dcf ITS#7468 slapd-relay: set real op->o_bd on successful bind 2021-01-21 13:23:34 +00:00
Ondřej Kuzník
58dfef012c ITS#7439 Do not free parts of original filter 2021-01-20 11:39:17 +00:00
Ondřej Kuzník
a99e435200 Return success in glue destroy 2021-01-20 11:37:01 +00:00
Ondřej Kuzník
fc1bcaf9de ITS#5941 manage callbacks to coexist with other overlays 2021-01-18 14:36:16 +00:00
Howard Chu
9d440e3d28 ITS#8307 slapo-accesslog additional check 2021-01-13 16:58:42 +00:00
Howard Chu
85b68aa5e2 ITS#8307 slapo-dds: mark internal searches as do_not_cache 2021-01-13 16:39:24 +00:00
Howard Chu
eefe12366c ITS#8307 fix slapo-accesslog: noop if logDB isn't open yet 
Add be_flag for DB OPEN status
 2021-01-13 16:35:43 +00:00
Quanah Gibson-Mount
efaf9a4a17 Happy New Year! 2021-01-11 19:25:53 +00:00
Howard Chu
dfe1f6494d ITS#9428 fix cancel exop 2020-12-20 21:31:15 +00:00
Howard Chu
27428b96f5 ITS#9427 fix issuerAndThisUpdateCheck 2020-12-16 18:52:42 +00:00
Howard Chu
354e678ce9 ITS#9426 dynlist: don't add unexpanded groups at end of search 
if pagedResults is in use
 2020-12-15 22:55:47 +00:00
Howard Chu
777098aa9d ITS#9424 fix serialNumberAndIssuerSerialCheck 2020-12-14 19:03:27 +00:00
Ondřej Kuzník
d9f20cc09e ITS#9363 Set appropriate defaults where needed 2020-12-08 19:11:22 +00:00
Ondřej Kuzník
0c3b8a3524 ITS#9363 Store defaults in ArgConf 2020-12-08 19:11:22 +00:00
Ondřej Kuzník
356715fd08 ITS#9363 Zero out values on config delete 2020-12-08 19:11:22 +00:00
Ondřej Kuzník
a44ba27410 ITS#9363 Unset readonly on delete 2020-12-08 19:11:22 +00:00
Quanah Gibson-Mount
d28e231a69 ITS#9420 - Fix memory leak in modrdn 
Fix provided by grapvar@gmail.com
 2020-12-08 16:05:35 +00:00
Howard Chu
4e801a9aaf ITS#9416 more componentFilterMatch garbage 2020-12-03 19:30:53 +00:00
Howard Chu
6ae9bf167d ITS#9014 fix component match parsing errors 2020-12-01 21:29:19 +00:00
Howard Chu
e394bcfa76 ITS#9413 fix slap_parse_user 2020-12-01 19:05:06 +00:00
Howard Chu
42d42421a8 ITS#9412 fix AVA_Sort on invalid RDN 2020-12-01 19:04:54 +00:00
Howard Chu
2aef56cd24 ITS#9411 fix thisUpdate check 2020-12-01 19:04:46 +00:00
Howard Chu
0c856f1b64 ITS#9410 remove assert in csnValidate 2020-11-30 16:42:17 +00:00
Howard Chu
b1c1a5eb51 ITS#9409 saslauthz: use slap_sl_free in prev commit 2020-11-30 16:20:18 +00:00
Howard Chu
0e09c857b6 ITS#9409 saslauthz: use ch_free on normalized DN 2020-11-30 11:45:46 +00:00
Howard Chu
a11b719c96 ITS#9408 fix vrfilter double-free 2020-11-28 15:54:17 +00:00
Howard Chu
5c27f9569f ITS#9406 fix debug msg 2020-11-27 14:48:26 +00:00
Howard Chu
fa0f97545c ITS#9406, #9407 remove saslauthz asserts 2020-11-27 14:37:10 +00:00
Howard Chu
12523b0f29 ITS#9400 back-ldap: fix prev commit 2020-11-24 16:08:29 +00:00
Howard Chu
dbe69684a1 ITS#9404 fix serialNumberAndIssuerCheck 
Tighten validity checks
 2020-11-23 17:14:00 +00:00
Howard Chu
1ea12260d5 ITS#9400 back-ldap: fix retry binds 
Regression from fix for ITS#7403
 2020-11-23 05:14:30 +00:00
Ondřej Kuzník
323bb1d9a4 Handle upstream rejecting a StartTLS exop 2020-11-17 17:58:15 +00:00
Ondřej Kuzník
0abf3f5bc9 Flush cache before calling dispose() 
This needs to be confirmed:
Location based atomics do not imply a full fence of the same level. So
to get the code in dispose() read the actual data, it seems we need to
initiate a fence.
 2020-11-17 17:58:15 +00:00
Ondřej Kuzník
dfbed44b3e Do not accept requests with msgid == 0 
It is used internally to identify pinned operations and should not be
encountered over the wire.
 2020-11-17 17:58:15 +00:00
Ondřej Kuzník
dfbf25d579 Honour keepalive settings for upstreams 2020-11-17 17:58:15 +00:00
Ondřej Kuzník
25fff30e39 Let the last thread dispose of pending references 
If we're idle, there might be objects pending cleanup for the last two
epochs. Unless another thread comes in and checks into a new epoch or we
shut down, they will linger forever.

If one of the objects was a connection, it wouldn't get closed and be
stuck in CLOSE_WAIT state, potentially refusing another ligitimate
connection if its socket address were to match the one we're yet to
close.
 2020-11-17 17:58:15 +00:00
Ondřej Kuzník
41a74b4689 Introduce the notion of experimental features 2020-11-17 17:58:15 +00:00
Ondřej Kuzník
1f6d8611a3 Implement read throttling when writes backlog 
Reject operations in such a case with LDAP_BUSY. If read_event feature
is on, just stop reading from the connection. However this could still
result in deadlocks in reasonable situations. Need to figure out better
ways to make it safe and still protect ourselves.
 2020-11-17 17:58:15 +00:00
Ondřej Kuzník
68b163fca9 Introduce mutex checks 
Switched off unless thread debugging is on, but still useful for static
analysis.
 2020-11-17 17:58:15 +00:00
Ondřej Kuzník
62a806b243 Thread error checking 2020-11-17 17:58:15 +00:00
Ondřej Kuzník
1328777a85 Fix a SASL channel-binding leak 2020-11-17 17:58:15 +00:00
Ondřej Kuzník
58d66a3946 Fix race between unlinking a client and processing incoming data 2020-11-17 17:58:15 +00:00
Ondřej Kuzník
959ff07911 Make sure read event is not enabled while upstream_bind is scheduled 2020-11-17 17:58:15 +00:00
Ondřej Kuzník
b2e57148fa Shorten to one epoch per PDU 
A full read cycle can take a very long time if the limits are set too
high.
 2020-11-17 17:58:15 +00:00
Ondřej Kuzník
b49f51879f Implement client pending operation limits 2020-11-17 17:58:15 +00:00
Ondřej Kuzník
f832024e90 Straighten up client pending op tracking 2020-11-17 17:58:15 +00:00
Ondřej Kuzník
dc1961cb15 Epoch based memory reclamation 
Similar to the algorithm presented in
https://www.cl.cam.ac.uk/techreports/UCAM-CL-TR-579.pdf

Not completely lock-free at the moment. Also the problems with epoch
based memory reclamation are still present - a thread actively observing
an epoch getting stuck will prevent LloadConnections and LloadOperations
being freed, potentially running out of memory.
 2020-11-17 17:58:15 +00:00
Ondřej Kuzník
aab6af1c4e Switch to LDAP_OTHER when handling a lost upstream. 
LDAP_UNAVAILABLE signals "the server is shutting down or a subsystem
necessary to complete the operation is offline", so intelligent clients
tend to infer the connection will not be usable any more, which is not
the case here.
 2020-11-17 17:58:15 +00:00
Ondřej Kuzník
81ead4a5f4 Fix races with backend_retry 2020-11-17 17:58:15 +00:00
Ondřej Kuzník
78f25a3c91 A failed cn=config ADD needs to be handled 2020-11-17 17:58:15 +00:00
Ondřej Kuzník
4b3d21146b Introduce SASL support for upstream connections 2020-11-17 17:58:15 +00:00
Ondřej Kuzník
05e0906f8b Fix backend starttls= setting being ignored 2020-11-17 17:58:15 +00:00
Ondřej Kuzník
9444dfc991 Simplify pause handling 
Gets rid of a race where unpause+pause fired in a quick succession would
miss the event_base_loopbreak() call.
 2020-11-17 17:58:15 +00:00
Ondřej Kuzník
25a4d684fc Permit lloadd to share slapd TLS context 2020-11-17 17:58:15 +00:00
Ondřej Kuzník
63efcd63eb Reuse connection walking in monitor for upstreams too 2020-11-17 17:58:15 +00:00
Ondřej Kuzník
3bd2d7483e Reuse connection_walk for client matters 2020-11-17 17:58:15 +00:00
Ondřej Kuzník
b4f43ed8e1 Refactor backend reset 
Reuse the connection walking facility in timeout management.
 2020-11-17 17:58:15 +00:00
Ondřej Kuzník
638f8a2cbc Tighten checks on retry management 2020-11-17 17:58:15 +00:00
Ondřej Kuzník
2a813cb06d Clean up backend_retry and its callers. 2020-11-17 17:58:15 +00:00
Ondřej Kuzník
241f65b9e0 Fix a race in managing b_dns_req 2020-11-17 17:58:15 +00:00
Nadezhda Ivanova
f4a2fdd400 Fix a new backend not being operational if added via cn=config 2020-11-17 17:58:15 +00:00
Ondřej Kuzník
00806dd32a libevent 2.0 support 2020-11-17 17:58:15 +00:00
Ondřej Kuzník
f1ea9da3a0 Reorganise listener support in cn=config and module startup 2020-11-17 17:58:15 +00:00