Ryan Tandy
9d2dc5dd24
ITS#8198 use #elif instead of #else for gnutls cases
...
Reserve #else for actual fallback cases.
2015-08-22 18:59:13 -07:00
Luca Bruno
709a0f4a97
ITS#8198 Optionally use libnettle instead of OpenSSL for crypto
...
OpenLDAP can be configured to be either built with OpenSSL or
GnuTLS. This commit adds support for building pw-pbkbdf2 module
without OpenSSL, by using PBKDF2 crypto primitives provided by
libnettle.
Closes hamano/openldap-pbkdf2#2
Signed-off-by: Luca Bruno <luca.bruno@rocket-internet.de>
2015-08-22 19:35:38 +00:00
Luca Bruno
ba20d70d2b
ITS#8198 Fix an always-true check
...
Fixed asprintf return value check, in order to properly catch
error conditions. This has been caught by clang -Wtautological-compare:
pw-pbkdf2.c:132:17: warning: comparison of unsigned expression < 0 is always false
if(msg->bv_len < 0){
~~~~~~~~~~~ ^ ~
Signed-off-by: Luca Bruno <luca.bruno@rocket-internet.de>
2015-08-22 19:35:34 +00:00
Howard Chu
768967f176
More filter tweaks
2015-08-10 19:36:06 +01:00
Howard Chu
571a7c72fc
Shortcut name mapping
...
If the naming attribute is in the RDN we don't need to look it up.
2015-08-09 20:57:49 +01:00
Howard Chu
523f989d8f
More filter mapping
...
Was only handling (objectclass=<group>)(<memberUid>=bar).
Now handles (objectclass=<group>)(<groupname>=bar) too.
2015-08-07 04:04:22 +01:00
Howard Chu
706bbd42d9
Fix interaction with rwm
2015-08-01 00:35:44 +01:00
Howard Chu
20c0464fed
Also remap explicitly requested attr names
2015-08-01 00:20:49 +01:00
Howard Chu
024d4cbee2
Fix filter init
...
compound filters f_next is not ignored
2015-07-28 12:10:54 +01:00
Howard Chu
fb7470d82f
More tweaks
...
Check for error on internal search, init AttributeAssertions in
constructed filter
2015-07-25 23:23:41 +01:00
Howard Chu
3770a2c1e3
tweak filter mapping in prev commit
...
Don't bypass downcasing
2015-07-25 22:31:43 +01:00
Howard Chu
4cbd3b63c0
Add filter remapping
2015-07-25 22:23:46 +01:00
Howard Chu
a8491a63e6
Fix setting authTimestamp on non-TOTP binds
2015-07-16 03:28:37 +01:00
Howard Chu
34e7cbb6fe
Plug memleak on mismatched length
2015-07-13 17:17:42 +01:00
Howard Chu
1ab08d2f8e
Fix whitespace in manpage
2015-07-07 19:10:00 +01:00
Howard Chu
b6208a4474
New ADremap overlay
2015-07-03 20:11:25 +01:00
Howard Chu
e4278b5731
Fix cfg OID typos
2015-07-03 10:52:20 +01:00
Howard Chu
ea43ac38bf
Merge authTimestamp from lastbind overlay
...
This code duplicates the basic function of lastbind. The two overlays
cannot be used together. The timestamp Mod op is changed to require
the old value to still be present at the end of the Bind. This allows
us to detect collisions (multiple successful Binds in the same time
window) and properly fail the extra Bind attempts.
2015-07-02 20:12:51 +01:00
Howard Chu
e069a79239
Add TOTP pw mechanism
2015-07-02 17:05:14 +01:00
Ryan Tandy
0146e3ddfc
ITS#8097 nssov: clean up some compiler warnings
2015-04-16 03:41:48 +01:00
Ryan Tandy
dc277009e2
ITS#8097 nssov: update to protocol version 2
...
This updates nssov for the protocol changes in nss-pam-ldapd commits
5f55781 and 6a74d8d. The protocol was changed to network byte order,
uid_t and gid_t were changed to int32_t, and the READ_TYPE and
WRITE_TYPE macros were removed. The PAM protocol was restructured to
drop the DN field and to use a common basic set of fields for all
requests.
2015-04-16 03:41:30 +01:00
Ryan Tandy
6a28f3dc20
ITS#8097 nssov: update nss-pam-ldapd files to 0.9.4
2015-04-16 03:41:05 +01:00
Howard Chu
2d9f33072b
ITS#8080 nssov: use old pwd if it's given
2015-03-18 20:50:19 +00:00
Ryan Tandy
0200c6d92c
ITS#8080 nssov: allow user pwmod without pwdmgr configured
2015-03-18 20:48:15 +00:00
Ryan Tandy
957d4770eb
ITS#8080 nssov: only allow root to become pwdmgr
2015-03-18 20:47:57 +00:00
Ryan Tandy
7e3177070a
ITS#8080 nssov: require old password unless pwdmgr
2015-03-18 20:47:32 +00:00
Ryan Tandy
05ea78703b
ITS#8079 nssov: fix compare for usergroup
...
More for 5c527bc49e
2015-03-15 19:32:29 +00:00
Howard Chu
1859a6f069
ITS#8065 more for syncrepl compat
...
Use opextra to detect our own internal ops, not a public control
2015-03-09 19:05:07 +00:00
Howard Chu
9655b23ce0
ITS#8006 more rootdn privs
2015-02-26 00:14:41 +00:00
Howard Chu
91f14e6c39
ITS#8065 don't log/replicate internal ops
2015-02-25 15:34:00 +00:00
Howard Chu
46c07bbfb5
More for prev commit
2015-02-25 00:39:14 +00:00
Howard Chu
79bbf05c5a
More for ITS#6970
...
modrdn had the same bug
2015-02-25 00:30:36 +00:00
Quanah Gibson-Mount
1705fa7e55
Happy New Year
2015-02-11 15:36:57 -06:00
Howard Chu
9232232397
More for ITS#6970
2015-02-02 19:28:59 +00:00
Hallvard Breien Furuseth
0528f9f923
Update wrap_slap_ops.
...
Catch a new bi_op_bind[]() case. Silence warnings in END{}.
2015-01-27 23:37:46 +01:00
SATOH Fumiyasu
ea58e1ee55
ITS#7782 tweak contrib/slapd-modules/**/Makefile
...
Set LDAP_BUILD=$(LDAP_SRC) by default
2014-12-16 19:52:44 +00:00
Howard Chu
a8bfed69fd
ITS#8006 Use rootdn consistently on internal ops
2014-12-15 20:20:23 +00:00
Howard Chu
b8912c33ba
ITS#8000 silence warnings
2014-12-10 22:24:25 +00:00
Howard Chu
62818acd0a
ITS#7998 silence warning
2014-12-10 21:59:45 +00:00
Howard Chu
f05a39268d
ITS#7997 silence warning
2014-12-10 21:57:44 +00:00
HAMANO Tsukasa
2a43a7d16f
ITS#7977 Add PBKDF2 -SHA256 and -SHA512
2014-11-05 09:29:31 +00:00
Howard Chu
7e7ce79bd7
ITS#6970 more error checks in add_group
2014-07-21 11:32:31 -07:00
Howard Chu
4a1b7556a2
ITS#6970 all attrset params are required
2014-07-21 11:08:03 -07:00
Howard Chu
1f8945e8e4
ITS#6970 fix deadlocks
2014-07-21 10:47:36 -07:00
Howard Chu
316afb1190
ITS#6970 fix autogroup Add Entry processing
...
Push modifications into response callback; only execute if
main Add actually succeeded.
2014-07-21 07:56:05 -07:00
ryan@nardis.ca
b54ae0e2bd
ITS#7851 contrib pw-sha2 fix int/size_t comparison
2014-07-18 09:43:36 -07:00
Ryan Tandy
9b36358270
ITS#7851 tell lutil_b64_pton the correct target buffer size
2014-07-18 09:42:22 -07:00
Howard Chu
44f797edad
Fix EOL/whitespace
2014-07-18 09:28:27 -07:00
Ryan Tandy
1560c61fa2
ITS#7869 fix do_phk_hash arguments
2014-07-18 09:27:14 -07:00
Ryan Tandy
829027945f
ITS#7877 use nettle instead of gcrypt
2014-06-30 20:07:41 -07:00