Commit Graph

22645 Commits

Author SHA1 Message Date
Howard Chu
379f138098 ITS#9091 drop attr mappings added in an aborted txn
If a txn is aborted in id2entry_put, attribute index mappings
added during that txn must also be dropped from memory.
2019-10-14 18:34:07 +01:00
Howard Chu
4bc333c5e7 ITS#9095 insert missing commit at end of slapindex processing 2019-10-11 20:48:51 +01:00
Greg Veldman
3be82f40d5 ITS#9055 Introduce a combined password scheme 2019-10-03 08:41:31 +01:00
Greg Veldman
711a96064e ITS#9055 Accept previous token 2019-10-03 08:37:03 +01:00
Ondřej Kuzník
639e5f15fd ITS#9081 Do not leak sb (ITS#8755 regression) 2019-09-23 17:27:18 +01:00
Ondřej Kuzník
81025cc8bf ITS#9077 Let the loop finish 2019-09-23 16:37:38 +01:00
Ryan Tandy
63c82c0ed7 ITS#9069 Do not call gnutls_global_set_mutex()
Since GnuTLS moved to implicit initialization on library load, calling
this function deinitializes GnuTLS and then re-initializes it.

When GnuTLS uses /dev/urandom as an entropy source (getrandom() not
available, or older versions of GnuTLS), and the application closed all
file descriptors at startup, this could result in GnuTLS opening
/dev/urandom over one of the application's file descriptors when
re-initialized.

Additionally, the custom mutex functions are never reset, so if libldap
is unloaded (for example via dlclose()) after calling this, its code may
be unmapped and the application could crash when GnuTLS calls the mutex
functions.

On typical systems, GnuTLS system mutexes are probably the same as what
libldap uses anyway.
2019-09-12 13:16:30 -07:00
Ondřej Kuzník
dc3e450104 ITS#8731 Remove extra args 2019-09-10 19:00:24 +01:00
Ondřej Kuzník
a14fb731ac ITS#9076 Set oldctrls correctly 2019-09-10 19:00:24 +01:00
Ryan Tandy
dbcdcb8258 ITS#8983 ignore psearchctrl.c symlink 2019-08-30 09:06:26 -07:00
Ondřej Kuzník
5b304a3ae6 ITS#9071 Document "tls none" for back-ldap 2019-08-30 14:02:31 +01:00
Ondřej Kuzník
e192a0e544 Only allow autoca building with openssl 2019-08-27 17:23:13 +01:00
Ryan Tandy
67f81dccc8 ITS#8753 Set minimum GnuTLS version to 3.2.2
Ensure gnutls_digest_get_id() is available
2019-08-27 16:56:48 +01:00
Julia Bremer
8514f2a771 ITS#9067 fix syntax evaluation of preferredDeliveryMethod 2019-08-26 17:14:25 +01:00
Quanah Gibson-Mount
efbfc1fe95 ITS#9065 - Document correct attribute pwdGraceAuthnLimit 2019-08-19 15:45:31 +00:00
Quanah Gibson-Mount
d98317488f ITS#9062 -- Honor TMPDIR in mkdep 2019-08-13 15:03:45 +00:00
Quanah Gibson-Mount
7cc34fa722 ITS#9063 -- Fix missing bold tag for tls_reqcert 2019-08-12 23:49:50 +00:00
Quanah Gibson-Mount
0eed0ccefc ITS#7585 - Windows doesn't support LDAPI
Adjust patch for ITS#7585 as Windows does not have LDAPI support.
2019-07-23 14:45:16 +00:00
Quanah Gibson-Mount
4ccd139355 Revert "use AI_ADDRCONFIG if defined in the environment"
This reverts commit ebf0ef5cb1.

Depends on custom glibc from RedHat
2019-07-19 16:24:45 +00:00
Howard Chu
92b03e82e0 ITS#7657 honor unchecked limit 2019-07-17 10:17:43 +01:00
Howard Chu
e90e8c7d3c ITS#7657 back-mdb improve alias deref
Don't search for scopes of entries with no children
2019-07-15 16:47:18 +01:00
Ondřej Kuzník
230b853488 ITS#8427 Take late TLS configuration into account 2019-07-15 17:01:08 +02:00
Ondřej Kuzník
39fc8a7c96 ITS#8427 Set up a regression test 2019-07-15 17:01:08 +02:00
Howard Chu
5fec7b777f ITS#8977 don't use any stack allocated IDLs
Trying again, fixed previous attempt
2019-07-11 15:47:03 +01:00
Howard Chu
0fa0f8ff07 ITS#9052 zero out sasl_ssf in connection_init 2019-07-10 21:29:39 +01:00
Ondřej Kuzník
15137bf76f ITS#9038 Another test028 typo 2019-07-08 23:29:04 +00:00
Howard Chu
f6766f1a1f Revert "ITS#8977 don't use any stack allocated IDLs"
This reverts commit bfe9152c4c.
2019-07-03 17:20:34 +01:00
Howard Chu
bfe9152c4c ITS#8977 don't use any stack allocated IDLs 2019-07-03 16:59:53 +01:00
Quanah Gibson-Mount
403c01b5e6 Fix previous commit. It broke builds where --with-cyrus-sasl=no is set. 2019-06-27 17:44:18 +00:00
Howard Chu
ec411582d6 ITS#8977 make sure olcBackend entry is created 2019-06-27 15:33:09 +01:00
Quanah Gibson-Mount
c4df431c6c ITS#8977 - Note allowed value range for idlexp 2019-06-26 18:15:32 +00:00
Howard Chu
b02807ea2f Cleanup limits in cyrus.c 2019-06-25 15:31:31 +01:00
Ondřej Kuzník
12f0242589 ITS#9038 Fix typo in test script 2019-06-24 16:37:23 +02:00
Ondřej Kuzník
17b5b3d7f8 Separate VERSION to its own paragraph 2019-06-21 13:44:06 +02:00
Ondřej Kuzník
b2f4cacd47 ITS#7996 Use a separate mutex in ldap_int_initialize 2019-06-21 12:19:38 +02:00
Ondřej Kuzník
c06dc95cf9 ITS#8799 Let the common backend be configured through cn=config 2019-06-20 17:03:27 +02:00
Ondřej Kuzník
747679256c Resolve conflict between ITS#7492 and ITS#7520 2019-06-20 17:03:27 +02:00
Ondřej Kuzník
60754d77c8 ITS#8755 Do not close the default SockBuf a second time 2019-06-20 16:58:25 +02:00
Ondřej Kuzník
75e0eba1f7 ITS#9000 memberof: noop a noop rename 2019-06-20 16:55:13 +02:00
Ondřej Kuzník
eb5a58487b ITS#9038 Update test028 to test this is enforced 2019-06-19 18:47:32 +02:00
Howard Chu
fbe5611e60 ITS#9038 restrict rootDN proxyauthz to its own DBs.
Treat as normal user for any other DB.
2019-06-19 12:40:19 +01:00
Quanah Gibson-Mount
bc61773904 ITS#8286 - Add missing matching rules
Add missing matching rules for the cn=config schema elements for:

slapd-null
slapd-relay
slapo-chain
2019-06-18 17:31:55 +00:00
Jame Gerwe
6c177e6629 ITS#8794 - Fix implicit declaration for ldap_is_ldapc_url
Fix building OpenLDAP with -DLDAP_CONNECTIONLESS so that ldap_is_ldapc_url function is defined
2019-06-17 17:25:29 +00:00
Quanah Gibson-Mount
85ccf7bbac ITS#8997 - Fix segfault by setting return code value
Fix case with back-ldap where an entry was returned but didn't match the filter being applied by setting the return code value before dropping to cleanup.
2019-06-17 17:15:00 +00:00
Ondřej Kuzník
be55ce8087 ITS#8637 Reject multiple chain URIs just like slapd.conf 2019-06-17 16:05:44 +00:00
HAMANO Tsukasa
77119a1f6f ITS#8349 - Fix ppolicy behavior when pwdInHistory is changed 2019-06-17 15:55:15 +00:00
Ondřej Kuzník
d40b357f5d ITS#8964 Do not free original filter 2019-06-17 12:49:25 +02:00
Ondřej Kuzník
6a5e30674b ITS#8671 Expose OpenLDAP specific interfaces in openldap.h 2019-06-14 11:52:35 +02:00
Ondřej Kuzník
02df0b485a ITS#8427 Only do StartTLS if configured 2019-06-13 12:12:54 +02:00
Ondřej Kuzník
5e8aa3f6d1 ITS#8754 Don't try IPv6 addresses unless configured to 2019-06-13 10:24:43 +02:00