Commit Graph

22859 Commits

Author SHA1 Message Date
Howard Chu
906cab755d ITS#9121 fix memberOf filtering
Replace (memberOf=<groupDN>) filter with expansion of group's URI
2020-04-03 21:25:58 +01:00
Howard Chu
015eae8fde ITS#9121 optimize dyngroup membership checking
parse dyngroup URLs in advance, don't use the ACL engine's
evaluator any more
2020-04-03 21:25:43 +01:00
Howard Chu
c9ff501e6d ITS#9121 memberof counting
Keep track of number of uses of memberOf in config, to
allow bypassing code if not in use.
2020-04-03 21:25:34 +01:00
Quanah Gibson-Mount
4ac88b219d ITS#8383 - Regenerate configure 2020-04-03 17:02:14 +00:00
Ryan Tandy
27545be45f ITS#8383 Look for socklen_t in <ws2tcpip.h> too
MinGW targets do not have the <sys/socket.h> header. The configure check
would conclude that there is no socklen_t type, resulting in portable.h
containing its own definition of socklen_t, which would later conflict
with the actual definition in <ws2tcpip.h>.

Add <ws2tcpip.h> to the configure check for socklen_t, so that the
defined type is correctly detected.
2020-04-03 16:59:15 +00:00
Ondřej Kuzník
e0c80d6b09 ITS#6207 Add GitLab CI 2020-04-03 10:27:03 +01:00
Ondřej Kuzník
6d9e9e6cb0 ITS#6207 Print out test timings 2020-04-03 09:47:46 +01:00
Ondřej Kuzník
720057f4f3 ITS#8753 Fix pinning test script with no openssl 2020-04-03 09:47:46 +01:00
Quanah Gibson-Mount
05e0780558 ITS#6035 - regenerate configure 2020-04-02 16:28:58 +00:00
Ryan Tandy
2b01b8dd56 ITS#6035 Create test script 2020-04-02 09:10:51 -07:00
Ryan Tandy
1d562a7a52 ITS#6035 olcAuthIDRewrite insert/delete support 2020-04-02 09:10:51 -07:00
Ryan Tandy
c4db906107 ITS#6035 olcAuthzRegexp insert/delete support 2020-04-02 09:10:51 -07:00
Ryan Tandy
822ed8c11d ITS#6035 saslauthz cleanups (no functional change)
- give authid-rewrite's argument a name
- tidy saslauthz.c whitespace (mixed spaces/tabs)
- always declare slap_sasl_regexp_destroy: fixes an implicit declaration
  warning when configured without librewrite
- delete dead code: ENABLE_REWRITE implies SLAP_AUTH_REWRITE, so this
  code is never compiled
- make slap_sasl_regexp_rewrite_config static
- omit sasl_regexp unused fields when built with librewrite
2020-04-02 09:10:51 -07:00
Ryan Tandy
7732cb2794 ITS#9086 Add debug logging for more GnuTLS errors 2020-04-02 15:52:31 +00:00
Peter Marschall
52fad51dcc ITS#8628 - contrib/passwd/pbkdf2: new Makefile variables SSL_LIB & SSL_INC 2020-04-01 22:29:10 +00:00
Quanah Gibson-Mount
a5b8a41c13 ITS#9003
Note that with slapd-ldap, the special character "*" actually allows anonymous rather than denies, as is the case with authz-policy
2020-04-01 19:40:27 +00:00
Ryan Tandy
d86caacaa1 ITS#8837 Fix pw-pbkdf2 manpage name to get it installed 2020-03-29 10:00:45 -07:00
Sergei Trofimovich
57b7003a64 thr_posix.c: fix implicit function declaration for 'pthread_setconcurrency'
thr_posix.c: In function 'ldap_pvt_thread_set_concurrency':
thr_posix.c:96:9: error: implicit declaration of function 'pthread_setconcurrency'
  return pthread_setconcurrency( n );
         ^~~~~~~~~~~~~~~~~~~~~~
         pthread_setcanceltype

Signed-off-by: Sergei Trofimovich <slyfox@gentoo.org>
2020-03-26 22:06:41 +00:00
Kurt Zeilenga
23af2c36e2 ITS#8675 - Fix tools to not continue on TLS error
The spec says that upon StartTLS 'success', both TLS communications is
established on the octet following the Start TLS response (and the
request)... and that once one starts TLS communications, one can never
go back to LDAP without TLS. So if there's a TLS failure (whether as
part of TLS nego or later), LDAP communications cannot be continued
(without TLS).

Only ignoring LDAP errors (rc > 0) ensures that if TLS negotiation
fails, we don't attempt to send LDAP operations without TLS.
2020-03-26 18:45:00 +00:00
Emily Backes
f4bfb5e0a5 ITS#7074 - change olcDatabaseDummy initialization for windows 2020-03-20 19:08:22 +00:00
Howard Chu
4f7ea78c95 ITS#9181 Fix race on Windows mutex init 2020-03-16 17:07:43 +00:00
Howard Chu
2d87a1c7b5 ITS#9182 pcache: fix private DB init 2020-03-11 19:17:10 +00:00
Ryan Tandy
d34d2c3945 ITS#8639 Delete LM hash support from smbk5pwd 2020-03-07 16:55:35 +00:00
Ryan Tandy
0de74408f2 ITS#8639 Regenerate configure and portable.hin 2020-03-07 16:55:35 +00:00
Andrew Lawrence
6f5cc45f93 ITS#8639 remove LANMAN hashed passwords 2020-03-07 16:55:35 +00:00
Howard Chu
1c05dce379 ITS#9121 fix filter error message
Filters use parentheses, not brackets.
2020-03-06 17:29:44 +00:00
Ryan Tandy
1dbb82ec8c Fix SLAPD_OVER_RETCODE description 2020-02-28 12:00:14 -08:00
Ryan Tandy
c2f75cd108 Regenerate portable.hin with autoheader 2.69 2020-02-28 12:00:10 -08:00
Howard Chu
2c6fccb49b ITS#9121 plug entry leak 2020-02-25 18:06:15 +00:00
Quanah Gibson-Mount
6bd2a3721d ITS#9175 - Fix argument cast
Fixes potential segfault in ldapsearch
2020-02-21 21:10:49 +00:00
Ondřej Kuzník
a2a859fd0b Correct cyrus-sasl version verison check 2020-02-21 10:44:59 +00:00
Ondřej Kuzník
140b676bc1 ITS#9171 Insert callback in the right place 2020-02-21 10:44:59 +00:00
Howard Chu
299fb490a2 ITS#9121 fix prev commit
Only flush entry if dynlist_prepare_entry altered it
2020-02-14 22:32:03 +00:00
Ryan Tandy
5d8c491fa1 ITS#9166 Fix slapdconfig.sdf mismatched braces 2020-02-12 10:55:08 -08:00
Ondřej Kuzník
b1170bc035 Revert "ITS#9160 OOM handling in mdb tools", wrong branch.
This reverts commit be61a967e6.
2020-02-07 11:34:20 +00:00
Ondřej Kuzník
47e0e3fdb5 ITS#9160 OOM handling in back-asyncmeta 2020-02-07 09:46:52 +00:00
Ondřej Kuzník
7336827769 ITS#9160 OOM handling in back-meta 2020-02-07 09:46:52 +00:00
Ondřej Kuzník
4bb239bd76 ITS#9160 OOM handling in libldap 2020-02-07 09:46:52 +00:00
Ondřej Kuzník
816d94b221 ITS#9160 OOM handling in slapd 2020-02-07 09:46:52 +00:00
Ondřej Kuzník
be61a967e6 ITS#9160 OOM handling in mdb tools 2020-02-07 09:46:52 +00:00
Ondřej Kuzník
9835662927 ITS#9160 OOM handling in test programs 2020-02-07 09:46:52 +00:00
Ondřej Kuzník
28828e1b40 ITS#9160 OOM handling in contrib 2020-02-07 09:46:52 +00:00
Ondřej Kuzník
af5ed7c6e2 ITS#8575 Accept parameters for hashing new passwords 2020-02-07 09:46:23 +00:00
Ondřej Kuzník
8bb8905b64 ITS#8575 Add a libsodium based implementation 2020-02-07 09:46:23 +00:00
Simon Levermann
7e3822f3bb ITS#8575 Implement argon2 password hashing as a module
This change implements argon2, which won the Password Hashing
Competition (https://password-hashing.net/) as a contrib-module in order
to provide a modern password hashing alternative in openldap. The
currently available password hashing algorithms are relatively old, and
modern hardware, especially GPUs can compute quite a few (ranging from
tens of thousands to millions) of hashes per second. Argon2 was designed
to withstand such attacks.

This implementation uses the default work factors used in the argon2
command line client, but the resulting hashes are stored in a way that
would allow retroactive changes to these values, or even exposing them
as configuration in the module.
2020-02-07 09:46:23 +00:00
Howard Chu
02eb0b6fe8 ITS#9121 fix filtering of dyngroups with memberof 2020-02-04 16:36:42 +00:00
Quanah Gibson-Mount
d2c9ef8cc4 ITS#7855 - Update config.guess and config.sub for ldapc++ contrib module
Update config.guess and config.sub from official upstream project at https://savannah.gnu.org/projects/config/

    Specifically in this case, commit 5256817ace8493502ec88501a19e4051c2e220b0 for the date Wed Jan 1 19:36:58 2020 +1100
2020-02-03 19:12:36 +00:00
Quanah Gibson-Mount
165c632249 Move CONFIG_DELETE out from behind LDAP_DEVEL 2020-02-03 16:55:34 +00:00
Quanah Gibson-Mount
7244a7b6d8 ITS#8040 - Move LAZY_COMMIT to be active outside of LDAP_DEVEL 2020-02-02 19:02:18 +00:00
Quanah Gibson-Mount
0dbbe8c012 ITS#8040 - Fix missing ifdefs for LAZY_COMMIT 2020-02-02 19:00:34 +00:00