mirror/openldap
2
0
Fork 0
mirror of https://git.openldap.org/openldap/openldap.git synced 2025-01-06 10:46:21 +08:00
Code Issues Packages Projects Releases Wiki Activity
22,818 Commits 38 Branches 307 Tags 74 MiB
3cd50fa8b3
Commit Graph

1569 Commits

Author SHA1 Message Date
Ondřej Kuzník
76df74dbea ITS#8731 Apply doc/devel/variadic_debug/07-shortcut.cocci 2019-02-15 16:51:53 +00:00
Ondřej Kuzník
97a310b312 ITS#8731 Apply doc/devel/variadic_debug/04-variadic.cocci 2019-02-15 16:51:53 +00:00
Howard Chu
299a6ca0f4 ITS#8971 tweak prev commit 
Check for BVISNULL, maybe rootDSE is a valid reqDN
 2019-02-02 22:48:53 +00:00
Howard Chu
f052e94593 ITS#8971 most exops have no reqDN 2019-02-02 21:45:04 +00:00
Quanah Gibson-Mount
b45a6a7dc7 Happy New Year! 2019-01-14 18:46:16 +00:00
Ondřej Kuzník
518e857c03 ITS#8663 Fix memberof SLAP_CONFIG_EMIT 2019-01-14 11:44:35 +00:00
Thorsten Glaser
e0a7049ee5 ITS#8890 fix benign typos 
No functional impact
 2018-12-18 22:56:18 +00:00
Howard Chu
0e8c2d5a54 Tweak privateKey schema 
We're using PKCS#8 syntax, drop the OpenLDAP syntax OID.
Rename attribute accordingly.
Tweak validator to accept encrypted keys.
 2018-12-18 21:27:24 +00:00
Quanah Gibson-Mount
4e23cfc4a9 ITS#8286 - Additional fixes 
Fix incorrect matching rules for olcTLSCertificateKey and olcDbCryptKey
Fix SYNTAX for olcRootPW to be octetString
 2018-12-18 21:05:09 +00:00
Quanah Gibson-Mount
3add82a3bb ITS#8286 -- Add matching rules for attributes 
Add matching rules for all cases where it was missing.  Cleanup
incorrect types for a few attributes as well.  Fix network-timeout
handling in back-ldap/meta/asyncmeta.
 2018-12-18 19:14:06 +00:00
Howard Chu
6081a0307c ITS#8752 cleanup prev commit 2018-12-06 10:26:33 -08:00
Howard Chu
34823321c3 ITS#8752 more for accesslog deadlock 
Restructure response/cleanup invocation to avoid cleanup happening before response
 2018-12-06 10:03:27 -08:00
Ondřej Kuzník
04a52cef40 ITS#8927 ppolicy: accept replicated changes even in MMR 2018-10-31 09:51:22 +00:00
Ondřej Kuzník
c351616ccd ITS#8866 Fix use-after free 2018-10-26 15:16:41 +01:00
Quanah Gibson-Mount
cd82de56c8 ITS#8866 (cont) slapo-unique 
use correct memory allocation/free functions
 2018-10-26 01:58:35 +00:00
Michael Ströder
7359a5413a ITS#8866 slapo-unique to return filter used in diagnostic message 2018-10-26 01:54:39 +00:00
Ondřej Kuzník
a2d93d69f0 ITS#8772 Remove reliance on the local rmutex implementation 2018-10-19 13:08:10 +01:00
Ondřej Kuzník
df83989f0f Skip ITS#6545 transition markers when we change mod op 2018-10-18 10:41:43 +01:00
Ondřej Kuzník
b06f5b0493 ITS#8663 Improve memberof cn=config handling 2018-07-02 16:19:54 +01:00
Howard Chu
9069cbe543 ITS#8616 don't check for existing value when deleting values 2018-05-24 17:53:10 +01:00
Howard Chu
0ba50a1d06 ITS#8843 check for NULL modlist 2018-05-02 16:51:49 +01:00
Quanah Gibson-Mount
59e9ff6243 Happy New Year 2018-03-22 15:35:24 +00:00
Howard Chu
08851a8200 ITS#8789 revert previous patch 
And try another approach. Always write contextCSN updates, but
don't set dont_replicate for updates we want propagated.
 2018-02-28 22:19:57 +00:00
Howard Chu
434c306cbe Add debug msg if adding entry to logDB fails 2018-02-21 19:50:45 +00:00
Howard Chu
9fc6b894ec ITS#8752 accesslog: partially revert 3bb8b737ed 2018-02-21 19:48:02 +00:00
Howard Chu
dc3b3be429 ITS#8486 Don't keep sl_mutex locked when playing the sessionlog 2018-02-11 16:47:47 +00:00
Howard Chu
0c1ebd178c ITS#8801 Fix CSN queue processing 2018-02-08 00:18:00 +00:00
Howard Chu
4d1077ffa4 ITS#8800 remove originator check in syncprov_search_response 
Let the entryCSN check do all the work. Reloading a server from an old
backup needs this to go thru.
 2018-02-08 00:17:07 +00:00
Howard Chu
0eb577632f ITS#8607 Don't record checkpoints 2018-02-08 00:16:50 +00:00
Howard Chu
ca7f697e14 ITS#8100 fixes for delta-syncrepl with empty accesslog 
Update syncprov contextCSNs when context entry is added.
Fix accesslog to properly tag Add op when adding context entry.
 2018-01-30 21:40:05 +00:00
Howard Chu
3bb8b737ed ITS#8752 accesslog: cleanup should only be called on failures 2017-10-14 11:22:53 +01:00
Howard Chu
03ee55d725 Revert "ITS#8752 ppolicy: don't call same cleanup twice" 
This reverts commit 1c963f4739.

Revert "ITS#8752 make sure all cleanups are called in overlay_op_walk"

This reverts commit b0ad788b8a.
 2017-10-13 18:47:25 +01:00
Howard Chu
1c963f4739 ITS#8752 ppolicy: don't call same cleanup twice 
fallout from b0ad788b8a
 2017-10-13 17:39:37 +01:00
Howard Chu
4a574324fd ITS#8752 additional debug info, thread ID of rmutex lockers 2017-10-13 17:28:46 +01:00
Howard Chu
065b315f0d fix syncprov_qtask race, test062 crashes 
Keep s_mutex locked until we know we're removed from queue.
Remember qtask cookie so we can retract if ineeded when deleting
the overlay from running slapd.

config_delete is still unsafe, overlay_remove is running with active
threadpool instead of paused pool.
 2017-10-13 17:28:28 +01:00
Josh Soref
10566c8be3 ITS#8605 - spelling fixes 
* javascript
* kernel
* ldap
* length
* macros
* maintained
* manager
* matching
* maximum
* mechanism
* memory
* method
* mimic
* minimum
* modifiable
* modifiers
* modifying
* multiple
* necessary
* normalized
* objectclass
* occurrence
* occurring
* offered
* operation
* original
* overridden
* parameter
* permanent
* preemptively
* printable
* protocol
* provider
* really
* redistribution
* referenced
* refresh
* regardless
* registered
* request
* reserved
* resource
* response
* sanity
* separated
* setconcurrency
* should
* specially
* specifies
* structure
* structures
* subordinates
* substitution
* succeed
* successful
* successfully
* sudoers
* sufficient
* superiors
* supported
* synchronization
* terminated
* they're
* through
* traffic
* transparent
* unsigned
* unsupported
* version
* absence
* achieves
* adamson
* additional
* address
* against
* appropriate
* architecture
* associated
* async
* attribute
* authentication
* authorized
* auxiliary
* available
* begin
* beginning
* buffered
* canonical
* certificate
* charray
* check
* class
* compatibility
* compilation
* component
* configurable
* configuration
* configure
* conjunction
* constraints
* constructor
* contained
* containing
* continued
* control
* convenience
* correspond
* credentials
* cyrillic
* database
* definitions
* deloldrdn
* dereferencing
* destroy
* distinguish
* documentation
* emmanuel
* enabled
* entry
* enumerated
* everything
* exhaustive
* existence
* existing
* explicitly
* extract
* fallthru
* fashion
* february
* finally
* function
* generically
* groupname
* happened
* implementation
* including
* initialization
* initializes
* insensitive
* instantiated
* instantiation
* integral
* internal
* iterate
 2017-10-11 14:39:38 -07:00
Quanah Gibson-Mount
fd5ad3ef39 ITS#8527 - Add additional debug logging on consumer/provider state when the consumer has a newer cookie than the provider 2017-10-11 14:32:25 -07:00
sca+openldap@andreasschulze.de
90835da72f ITS#8578 - remove unused-variables in RE24 testing call (2.4.45) 2017-10-06 10:45:08 -07:00
Ondřej Kuzník
08492987a0 ITS#7100 Update entryTtl behaviour to match RFC 2589 2017-10-06 10:43:48 -07:00
Quanah Gibson-Mount
86105092bd CHECK_CSN is a debug only flag for testing. It should always remain 
behind LDAP_DEVEL
 2017-09-26 11:30:50 -07:00
Quanah Gibson-Mount
7246da8a66 Whitespace cleanup 2017-09-26 10:33:01 -07:00
Ondřej Kuzník
9e156bf914 ITS#8444 Do not clear the pending operation when checkpointing 
When a checkpoint happens, if we remove the CSN from the pending list,
accesslog won't pass it onto the accesslog DB. But in a delta-mmr
scenario, an accesslog entry without a CSN faces a race where it might
be applied twice - that usually fails and causes a full refresh, other
times it can cause a silent desync - both are undesirable.
 2017-08-25 16:52:13 +01:00
Howard Chu
a9f462d615 ITS#8690 one more time 2017-08-04 20:58:07 +01:00
Howard Chu
c9e56b80f3 ITS#8690 fix again 2017-08-04 13:40:34 +01:00
Howard Chu
bcc6601091 Revert "ITS#8690 refix" 
This reverts commit a5f3a2885c.
 2017-08-04 13:34:03 +01:00
Howard Chu
a5f3a2885c ITS#8690 refix 
Don't double-queue delete ops
 2017-08-02 00:52:13 +01:00
Howard Chu
9827569ff0 ITS#8690 fix prev commit 2017-08-01 21:57:02 +01:00
Howard Chu
1fbc0dff88 ITS#8690 plug memleak on Delete ops 2017-07-21 19:04:08 +01:00
Kevin Lam
11bf6bc10a ITS#8592 Fix double free in sssvlv overlay 2017-04-26 11:05:00 -07:00
Howard Chu
2975a1d6f1 Tweaks for OpenSSL 1.1 API deprecations 2017-04-19 20:19:09 +01:00
Howard Chu
c0ff8e8a21 Delete extraneous #define 
Was only for convenience during testing
 2017-04-19 19:27:02 +01:00
Quanah Gibson-Mount
87f3477626 Fix autoca build with OpenSSL 1.1.0 2017-04-18 13:40:05 -07:00
Howard Chu
25dc9e99ea Cleanup warnings, unused vars, etc. 2017-04-09 23:42:22 +01:00
Howard Chu
cff264c6e1 Fix autoca schema init 
Wait for core.schema to get loaded
 2017-04-09 22:45:36 +01:00
Howard Chu
268f71cb27 autoca fixups 
Move install of CA cert to a pool thread, otherwise cn=config deadlocks
on dynamically loaded overlay.

Dup/release entry before attempting to modify it, to avoid deadlocks
in back-bdb/hdb.

Always use PKCS#8 format when storing private keys.
 2017-04-09 20:31:11 +01:00
Howard Chu
0f9ec8322f Add localDN config 
If a cert is generated for this DN, configure it as the local
TLS cert/key
 2017-04-09 16:44:14 +01:00
Howard Chu
b939bb519e Set the CA cert in cn=config if none was already set 2017-04-09 15:42:17 +01:00
Howard Chu
2860fd4c6c Move privateKey schema into slapd 2017-04-09 14:16:56 +01:00
Howard Chu
2b920ecaec Add autoca overlay 
Automated certificate authority
 2017-04-08 02:51:08 +01:00
Ondřej Kuzník
ec5af7b5e7 ITS#6545 Update accesslog format and syncrepl consumer 
Make two successive modifications of the same attribute separate. This
lets the consumer interpret the log entry the same way as the server
that produced it.

Still depends on the log entry attributes being read in the same order
as they were written.
 2017-04-07 14:39:07 -07:00
Ondřej Kuzník
46c85a32ae ITS#8266 Allow empty mods 2017-03-30 15:27:45 -07:00
Ondřej Kuzník
e56a849e5d ITS#8625 Separate Avlnode and TAvlnode types 
Switch AVL_CHILD/AVL_THREAD values and set Avlnode bits to AVL_CHILD for
better compatibility between avl and tavl as suggested by Howard.
 2017-03-29 14:52:44 +01:00
Quanah Gibson-Mount
1df85d3427 Happy New Year! 2017-01-03 12:36:47 -08:00
Howard Chu
589331ea75 More for ITS#8460 
accesslog can alter the timestamp on contextCSN updates
 2016-08-11 17:27:35 +01:00
Hallvard Furuseth
23c5d6bbdd ITS#8435 Fix uninited slap_callback.sc_writewait 2016-06-12 08:30:58 +02:00
Howard Chu
b7c1a5d6b8 ITS#8423 check for pause in accesslog_purge 2016-05-15 00:51:14 +01:00
Howard Chu
d6f3440d94 ITS#8365 partially revert ITS#8281 
Must setup psearch before snapshotting ctxcsn
 2016-02-02 19:41:13 +00:00
Quanah Gibson-Mount
6c4d6c880b Happy New Year! 2016-01-29 13:32:05 -06:00
Howard Chu
a9df031d0d ITS#8354 move abandon check 2016-01-23 16:06:32 +00:00
Howard Chu
6d2eb36ccb ITS#8354 tweak prev commit 
Delay mutex init to avoid leaking the mutex
 2016-01-22 20:46:23 +00:00
Howard Chu
4773850d42 ITS#8354 fix syncprov abandon 
Check for abandon just before recording psearch
 2016-01-22 20:41:48 +00:00
Howard Chu
eaee3b39ba ITS#8351 fix accesslog callback init 2016-01-15 10:37:56 +00:00
Howard Chu
3a305253a0 ITS#8327 fix ppolicy_get_default 
pwdMaxRecordedFailure must never be zero
 2015-12-03 00:58:33 +00:00
Howard Chu
71c907fb88 ITS#8281 more for prev commit 2015-10-24 06:34:24 +01:00
Howard Chu
cd8ff37629 ITS#8281 fix delta-mmr with interrupted refresh 
Prevent spurious contextCSN generation
and ignore consumers when we have no contextCSN yet.
But make sure to propagate valid contextCSN updates to
accesslog/syncprov for delta consumers.
 2015-10-24 06:06:49 +01:00
Ryan Tandy
f5100665e3 ITS#7964 avoid double-unescaping rewrite rules 
config_fp_parse_line processes backslash escapes. When existing rewrite
rules were reloaded while inserting a new rule, this caused backslashes
to be lost from every rule except the most recently inserted one.
config_parse_ldif performs similar splitting, but leaves backslashes
alone.
 2015-09-06 21:34:03 -07:00
Ryan Tandy
e27108e7cb ITS#7889 add olcDropUnrequested to olcRwmConfig 2015-09-05 17:59:38 -07:00
Ryan Tandy
1b7a5871c2 ITS#8234 revert to default policy on failure 2015-09-01 19:19:57 -07:00
Ryan Tandy
572ad2b037 ITS#7537 release entry on failure 2015-09-01 18:56:19 -07:00
Howard Chu
79157d314f ITS#8220 fix prev commit 
Dynamic startup was failing
 2015-08-21 11:40:02 +01:00
Howard Chu
7fb9bb93bf ITS#8220 restore refint performance 2015-08-19 14:04:15 +01:00
Howard Chu
e5b9bdd8c5 ITS#8185 missing schema reference 2015-08-15 00:56:50 +01:00
Ryan Tandy
1c49424134 ITS#8133 avoid mods during dds_db_open 
If dds is present early in the overlay stack, the modify ops from
dds_expire can trigger other overlays before they have initialized.
Avoid that by delaying the first expiry until startup has finished.
 2015-08-14 08:46:56 -07:00
Howard Chu
b0950f4d44 Fix copy/paste error in prev commit 2015-08-14 15:33:32 +01:00
Howard Chu
af27b7032e ITS#8185 add pwdMaxRecordedFailure 
Limit the number of pwdFailureTime stamps to record, regardless
of lockout settings.
 2015-08-14 15:19:46 +01:00
Ryan Tandy
7380354270 ITS#8213 fix deleting rewrite rules 
From ITS#5940. Add path has the same code.
 2015-08-08 07:49:15 +00:00
Howard Chu
624c1fac8b ITS#8184 avoid redundant mod ops 
If multiple ppolicy overlays are present on a glued tree, they all
attempt to update the policy operational attributes in response to
password-related activities. The redundant mod ops will cause the
entire op to fail. Check for these ops before inserting new ones.
 2015-07-10 14:04:29 +01:00
Howard Chu
eb25ece469 Revert unintended commit 2015-07-08 14:25:52 +01:00
Howard Chu
b7a291a488 Experimental syslog() replacement 
2-3x faster than libc. Add it to the Makefile yourself if you want to test it.
 2015-07-08 14:22:29 +01:00
Ryan Tandy
4f82c10120 ITS#8107 don't shadow rc 2015-04-23 05:16:12 +01:00
Ondřej Kuzník
cf3e10ee15 ITS#8057 Use an actual entry for modify/modrdn checks 2015-04-08 23:26:27 +01:00
Howard Chu
ff7c0e5779 ITS#8081 - more for #8063 
Prev patch broke underlying assumption that mods queue and execute
in order. Now must search list for matching mod to dequeue.
 2015-03-21 21:32:48 +00:00
Howard Chu
8eb9aa7dc5 ITS#8063 more for prev commit 2015-02-25 06:11:44 +00:00
Howard Chu
8ad64c8f9a ITS#8063 don't block our own thread 2015-02-25 05:44:07 +00:00
Ondřej Kuzník
4b84b6af14 ITS#8057 Enforce uniqueness unless permitted by ACL 2015-02-16 17:30:59 +00:00
Quanah Gibson-Mount
1705fa7e55 Happy New Year 2015-02-11 15:36:57 -06:00
Howard Chu
cb3952db4b ITS#8039 more cleanup 2015-02-03 10:23:39 +00:00
Howard Chu
b1d1c74247 Cleanup prev commit 2015-02-02 08:45:57 +00:00
Howard Chu
bb9287ba1a More for ITS#8043 2015-02-02 08:42:28 +00:00
Howard Chu
bc1e08e296 ITS#8043 don't leave dangling syncops 2015-01-31 13:04:53 +00:00