Commit Graph

2573 Commits

Author SHA1 Message Date
Hallvard Furuseth
101b6b9363 Fix --without-tls (ITS#4975). Enable certificate matching. 2007-05-20 22:48:21 +00:00
Hallvard Furuseth
c47e444698 libldap/tls.c calls CRYPTO_set_id_callback(ldap_pvt_thread_self), which
causes ldap_pvt_thread_self to be called with the wrong prototype.

That can cause OpenSSL to use a garbage value, e.g. if the unsigned
long it expects takes two words but ldap_pvt_thread_t is an int.

I'm fixing it in HEAD now and also provoking an error if unsigned
long cannot hold a ldap_pvt_thread_t.  Otherwise it can silently
compile to broken code.  Maybe the latter should go in configure,
but since OpenSSL presumably breaks anyway if that fails I don't
see much point at this time.
2007-05-20 20:02:52 +00:00
Hallvard Furuseth
eb351d9e33 ITS#4972: $LDAP_THREAD_DEBUG, detached threads, debug_already_initialized().
Also plug a memory leak, set state vars even when unused for the sake of
debugging, and tweak some readability issues & data types.
2007-05-18 17:49:38 +00:00
Hallvard Furuseth
6f3cf907b8 Readability patch: ERRVAL() macro for pthreads < 7 vs. >= 7 return values. 2007-05-18 15:28:09 +00:00
Hallvard Furuseth
f906a99eec Only define x509_cert_get_dn() when HAVE_GNUTLS. Remove unused variable. 2007-05-18 15:10:15 +00:00
Howard Chu
d9a43aee44 Fix GNUtls acknowledgement, initial work by Matt Backes. Sponsored by
The Written Word and Stanford University.
2007-05-14 23:35:36 +00:00
Ralf Haferkamp
6ee5d7d3da make openssl builds working again 2007-05-14 12:19:32 +00:00
Howard Chu
423f20c915 GNUtls - ignore free of NULL ctx 2007-05-13 09:43:41 +00:00
Howard Chu
5f36d32596 Don't NUL-terminate bervals during DN parsing 2007-05-13 09:37:37 +00:00
Howard Chu
47a8f3213b Merged GNUtls support into main tls.c 2007-05-13 00:15:27 +00:00
Pierangelo Masarati
7601a1f3fb fix read off by one (spotted by valgrind) 2007-05-12 12:38:09 +00:00
Hallvard Furuseth
e509d3ed9a Comment fixes.
Corrected rev 1.67 cvs comment: ltu_key[] is NULL-terminated _when not full_.
2007-05-11 18:48:13 +00:00
Howard Chu
236e5f50b3 Added ciphersuite support 2007-05-10 21:49:43 +00:00
Howard Chu
c51fd6c96e Add LDAP_OPT_X_TLS_CRLFILE, peer cert verification for GNUtls 2007-05-10 19:43:28 +00:00
Hallvard Furuseth
810b2389dc Since we only have LDAP_MAXTHR thread_keys, allow max LDAP_MAXTHR
threads per pool, even when ltp_max_count <= 0 ("unlimited").
Keep ltp_max_count in range [0, LDAP_MAXTHR].
2007-05-09 23:25:03 +00:00
Hallvard Furuseth
f0a1511422 Make ldap_int_thread_userctx_t.ltu_key[] a proper NULL-terminated array.
(setkey/getkey expected that, but purgekey could set a NULL in the middle.)
Added some checks for input key!=NULL.

API changes, need review - I'm not sure what's indented here:
- setkey(data=NULL, kfree!=NULL) searched as if intended to reset
  the key, but updated by setting the key.  Now always updates.
- setkey(key=<not found>, data=NULL) could return either success or
  failure.  Now succeeds iff (data == NULL && kfree == NULL).
2007-05-09 22:59:04 +00:00
Hallvard Furuseth
f5da908c49 thread_keys is a (poor) open-addessed hash table, but it lacked a
"deleted item" mark.  Add DELETED_THREAD_CTX.
Also improve the hash function a bit, and make the hash unsigned.
2007-05-09 22:22:44 +00:00
Hallvard Furuseth
8a92825225 Protect thread_keys[] with ldap_pvt_thread_pool_mutex, except in
ldap_pvt_thread_pool_purgekey() which may only be called during pauses.

Thus, also wait for pauses to finish before accessing thread_keys in
ldap_int_thread_pool_wrapper().  This may prevent pending tasks from
being started when a pause had been requested, which seems to have been
possible.  If that was a feature, we can split ltp_pause==1 in 2 states:
in pause (causes wait), and pause requested.

Also move 'thread_keys[].id = <thread id>' from pool_submit to
pool_wrapper.  Until pool_wrapper set the ctx as well, thread context
lookup would just return NULL anyway.
2007-05-09 21:38:28 +00:00
Hallvard Furuseth
92afeb8ef7 Replace state LDAP_INT_THREAD_POOL_PAUSING with member ltp_pause,
so a pause will work during states FINISHING and STOPPING.

Add missing waits and signals, and move waits in pool_wrapper().
Replace if(test) with while(test) when waiting for the multi-purpose
condition variable ltp_cond.
2007-05-09 19:53:25 +00:00
Hallvard Furuseth
9e9bf22a64 ITS#4943:
In ldap_pvt_thread_pool_submit(), when backing out of thread creation:
  ltp_pending_count '++' -> '--'.  Signal if there are no more threads.
In ldap_int_thread_pool_wrapper():
  if() -> assert() where false would result in eternal loop.
2007-05-09 19:34:49 +00:00
Hallvard Furuseth
bb890724d4 Don't complain if detached threads exit after ldap_debug_thread_destroy(). 2007-05-09 19:21:08 +00:00
Hallvard Furuseth
7b7b137832 Cast Debug(%p) pointer argument to void* 2007-05-09 18:38:10 +00:00
Hallvard Furuseth
bbc719ca56 ITS#4948: '#if <undefined macro>' -> '#ifdef' warning cleanup 2007-05-09 18:17:10 +00:00
Howard Chu
b7cfa97817 coverity error, u->lud_scheme is mandatory 2007-05-08 14:13:18 +00:00
Howard Chu
4803e9ba67 Revert prev commit, unnecessary 2007-04-23 14:27:07 +00:00
Howard Chu
7eb1f62f9d ITS#4935 SASL_MAX_BUFF_SIZE should be 2^24 - 1 2007-04-23 14:21:48 +00:00
Pierangelo Masarati
f29a4e140e don't assert(0); apparently, other responses may result from a simple bind (but log them, at least; ITS#4924) 2007-04-11 08:57:41 +00:00
Howard Chu
28493e554c ITS#4912 fix typo in prev commit 2007-04-05 00:16:17 +00:00
Hallvard Furuseth
545b5555fb ber_decode_oid(), ber_encode_oid(): cast bv_val to unsigned char* 2007-04-04 17:51:10 +00:00
Howard Chu
848be16aaf ITS#4879 fixes for url parse/unparse 2007-04-03 03:27:24 +00:00
Howard Chu
b596ae0adf ITS#4875 ignore zero-length st_size 2007-04-03 01:40:52 +00:00
Howard Chu
c80d5f970a ITS#4899 fix for keys not getting cleared 2007-04-01 11:52:51 +00:00
Howard Chu
c49812bf6f ITS#4893 back to pipes... 2007-03-26 12:44:11 +00:00
Howard Chu
867fb2fd9f ITS#4893 just send the client socket, not a pipe descriptor. 2007-03-25 15:20:50 +00:00
Howard Chu
c6df30118f ITS#4893 fix prev commit 2007-03-25 12:18:06 +00:00
Howard Chu
7426ab07fc ITS#4893 define LDAP_PF_LOCAL_SENDMSG in <ac/socket.h> if a message must
be sent to transmit client credentials. Buffer the message data.
2007-03-25 04:40:22 +00:00
Howard Chu
724784e6cb Use AC_MEMCPY 2007-03-25 04:31:34 +00:00
Howard Chu
49d708fae3 Preliminary GNUtls support. gnutls.c will merge back into tls.c later. 2007-03-23 23:47:07 +00:00
Howard Chu
b213588f95 Add options for ber_get_stringbv() to omit NUL-terminator, to allow
non-destructive in-place parsing
2007-03-23 15:27:38 +00:00
Howard Chu
f2a02b90ed Fix TLS default for clients 2007-03-23 12:47:35 +00:00
Howard Chu
a4f879f9d2 ITS#4880 s/HAVE_POSIX_TERMIOS/HAVE_TERMIOS_H/ 2007-03-23 01:10:58 +00:00
Howard Chu
9fe8f72310 Add DER OID encoder/decoder 2007-03-20 15:10:16 +00:00
Howard Chu
23ba7dfa12 Add ber_skip_data() to help positioning in structured BER data 2007-03-20 12:29:06 +00:00
Pierangelo Masarati
1429b49d1e apparently, time_t is unsigned in some systems 2007-03-12 21:04:01 +00:00
Kurt Zeilenga
0a1301bc6b Add support for uuid_generate/uuid_unparse 2007-03-02 07:36:23 +00:00
Pierangelo Masarati
687ed8861a don't play with URL list if connect(2) is asynchronous 2007-02-21 22:26:26 +00:00
Kurt Zeilenga
b3c4004042 Remove extrananous space in DN (in comment) 2007-02-19 23:39:01 +00:00
Kurt Zeilenga
7beb587a4b Cleanup last commit 2007-02-15 01:42:23 +00:00
Kurt Zeilenga
a9aeb858fe Needs <ac/time.h> 2007-02-15 01:20:46 +00:00
Howard Chu
8db4bd2cc9 Coverity error, uninit'd rc 2007-02-13 11:13:14 +00:00