Commit Graph

682 Commits

Author SHA1 Message Date
Ondřej Kuzník
28828e1b40 ITS#9160 OOM handling in contrib 2020-02-07 09:46:52 +00:00
Ondřej Kuzník
af5ed7c6e2 ITS#8575 Accept parameters for hashing new passwords 2020-02-07 09:46:23 +00:00
Ondřej Kuzník
8bb8905b64 ITS#8575 Add a libsodium based implementation 2020-02-07 09:46:23 +00:00
Simon Levermann
7e3822f3bb ITS#8575 Implement argon2 password hashing as a module
This change implements argon2, which won the Password Hashing
Competition (https://password-hashing.net/) as a contrib-module in order
to provide a modern password hashing alternative in openldap. The
currently available password hashing algorithms are relatively old, and
modern hardware, especially GPUs can compute quite a few (ranging from
tens of thousands to millions) of hashes per second. Argon2 was designed
to withstand such attacks.

This implementation uses the default work factors used in the argon2
command line client, but the resulting hashes are stored in a way that
would allow retroactive changes to these values, or even exposing them
as configuration in the module.
2020-02-07 09:46:23 +00:00
Quanah Gibson-Mount
d2c9ef8cc4 ITS#7855 - Update config.guess and config.sub for ldapc++ contrib module
Update config.guess and config.sub from official upstream project at https://savannah.gnu.org/projects/config/

    Specifically in this case, commit 5256817ace8493502ec88501a19e4051c2e220b0 for the date Wed Jan 1 19:36:58 2020 +1100
2020-02-03 19:12:36 +00:00
Quanah Gibson-Mount
f6ad222e41 Happy New Year! 2020-01-09 16:50:21 +00:00
Greg Veldman
3be82f40d5 ITS#9055 Introduce a combined password scheme 2019-10-03 08:41:31 +01:00
Greg Veldman
711a96064e ITS#9055 Accept previous token 2019-10-03 08:37:03 +01:00
Quanah Gibson-Mount
1d0a96e78a Revert "ITS#9008 Do the same for contrib Makefiles"
This reverts commit 3fa7d3c805.
2019-05-17 17:03:02 +00:00
Quanah Gibson-Mount
ec2cb12e68 ITS#9010 - Delete back-bdb/back-hdb
This commits deletes all references and code for back-bdb and back-hdb.
There is some follow up work still necessary to flush out the admin
guide for back-mdb.
2019-05-13 17:20:28 +00:00
Ondřej Kuzník
3fa7d3c805 ITS#9008 Do the same for contrib Makefiles 2019-04-24 14:59:51 +01:00
Ondřej Kuzník
251ce83d60 ITS#8731 NSSOV is not processable by coccinelle 2019-02-15 16:51:53 +00:00
Ondřej Kuzník
97a310b312 ITS#8731 Apply doc/devel/variadic_debug/04-variadic.cocci 2019-02-15 16:51:53 +00:00
Ondřej Kuzník
e1e643ea41 ITS#8731 Manual adjustments 2019-02-15 16:51:53 +00:00
Ondřej Kuzník
129dcfbd86 ITS#8731 General Debug() related fixes 2019-02-15 16:51:53 +00:00
Quanah Gibson-Mount
b45a6a7dc7 Happy New Year! 2019-01-14 18:46:16 +00:00
Quanah Gibson-Mount
3add82a3bb ITS#8286 -- Add matching rules for attributes
Add matching rules for all cases where it was missing.  Cleanup
incorrect types for a few attributes as well.  Fix network-timeout
handling in back-ldap/meta/asyncmeta.
2018-12-18 19:14:06 +00:00
Ondřej Kuzník
d40a832db0 ITS#8878 Include the first character in the transformation 2018-11-08 11:14:47 +00:00
Quanah Gibson-Mount
59e9ff6243 Happy New Year 2018-03-22 15:35:24 +00:00
Josh Soref
10566c8be3 ITS#8605 - spelling fixes
* javascript
* kernel
* ldap
* length
* macros
* maintained
* manager
* matching
* maximum
* mechanism
* memory
* method
* mimic
* minimum
* modifiable
* modifiers
* modifying
* multiple
* necessary
* normalized
* objectclass
* occurrence
* occurring
* offered
* operation
* original
* overridden
* parameter
* permanent
* preemptively
* printable
* protocol
* provider
* really
* redistribution
* referenced
* refresh
* regardless
* registered
* request
* reserved
* resource
* response
* sanity
* separated
* setconcurrency
* should
* specially
* specifies
* structure
* structures
* subordinates
* substitution
* succeed
* successful
* successfully
* sudoers
* sufficient
* superiors
* supported
* synchronization
* terminated
* they're
* through
* traffic
* transparent
* unsigned
* unsupported
* version
* absence
* achieves
* adamson
* additional
* address
* against
* appropriate
* architecture
* associated
* async
* attribute
* authentication
* authorized
* auxiliary
* available
* begin
* beginning
* buffered
* canonical
* certificate
* charray
* check
* class
* compatibility
* compilation
* component
* configurable
* configuration
* configure
* conjunction
* constraints
* constructor
* contained
* containing
* continued
* control
* convenience
* correspond
* credentials
* cyrillic
* database
* definitions
* deloldrdn
* dereferencing
* destroy
* distinguish
* documentation
* emmanuel
* enabled
* entry
* enumerated
* everything
* exhaustive
* existence
* existing
* explicitly
* extract
* fallthru
* fashion
* february
* finally
* function
* generically
* groupname
* happened
* implementation
* including
* initialization
* initializes
* insensitive
* instantiated
* instantiation
* integral
* internal
* iterate
2017-10-11 14:39:38 -07:00
ck@test-centos64.cksoft.de
44e9bda0e4 ITS#7721 - Allow authTimestamp updates to be forwarded via updateref 2017-10-11 14:31:38 -07:00
Quanah Gibson-Mount
a795d7cc0b ITS#8583 - Fix C++ LDAP Control structure 2017-10-06 10:45:21 -07:00
SATOH Fumiyasu
2c36a37f90 ITS#8709 contrib/slapd-modules/passwd/totp: OpenSSL 1.1.0 compatibility 2017-09-06 21:29:24 +01:00
Quanah Gibson-Mount
0f101f0fce ITS#8205 - Pick up changes that were ignored in the last commit 2017-04-25 11:48:32 -07:00
Quanah Gibson-Mount
92eabee52e ITS#8205 - Fix typos, use man page from Howard for TOTP 2017-04-25 11:38:57 -07:00
Peter Marschall
46da831b6d ITS#8205 - contrib/smbk5pwd: add man page, install it too
Add a manual page slapo-smbk5pwd.5 and update smbk5pwd's Makefile to
install the new manual page.

ITS#8205 - contrib/lastbind: install man page

Update lastbind's Makefile to install the manual page too.

ITS#8205 - contrib/passwd/sha2: add man page, install it too

Add a manual page slapd-pw-sha2.5 and update passwd/sha2's Makefile to
install the new manual page.

ITS#8205 - contrib/adremap: install man page

Update adremap's Makefile to install the manual page too.

ITS#8205 - contrib/allop: install man page

Update allop's Makefile to install the manual page too.

ITS#8205 - contrib/cloak: install man page

Update cloak's Makefile to install the manual page too.

ITS#8205 - contrib/lastmod: install man page

Update lastmod's Makefile to install the manual page too.

ITS#8205 - contrib/nops: install man page

Update nops's Makefile to install the manual page too.

ITS#8205 - contrib/nssov: install man page

Update nssov's Makefile to install the manual page too.

ITS#8205 - contrib/passwd: add man page slapd-pw-sha2.5, install it too

Add a manual page slapd-pw-radius.5 and update passwd's Makefile to
install the new manual page.

ITS#8205 - contrib/passwd/totp: add man page, install it too

Add a manual page slapo-totp.5 and update passwd/totp's Makefile to
install the new manual page.

ITS#8205 - contrib/passwd/pbkdf2: add man page, install it too

Add a manual page slapd-pw-pbkdf2.5 and update passwd/pbkdf2's Makefile to
install the new manual page.
2017-04-25 11:38:44 -07:00
Ondřej Kuzník
af78f2ef64 ITS#8632 request the correct type 2017-04-10 14:26:56 +01:00
Ondřej Kuzník
59fbc28dbc ITS#8513 Update TOTP README 2017-03-29 10:51:22 -07:00
Quanah Gibson-Mount
2c84446240 ITS#8587 - Fix typos 2017-03-29 10:44:55 -07:00
Emily Backes
b76f117d3e ITS#8569 Add a manpage for slapo-autogroup 2017-01-18 09:38:06 -08:00
Quanah Gibson-Mount
1df85d3427 Happy New Year! 2017-01-03 12:36:47 -08:00
Emmanuel Dreyfus
0d10236da9 Use newer DES API so that smbk5pwd loads with newer OpenSSL
OpenSSL removed old DES API which used des_* functions.
24956ca00f

In order to link with libcrypto from recent OpenSSL releases, we need
to replace the older API des_* functions by the newer API DES_* functions.

Signed-off-by: Emmanuel Dreyfus <manu@netbsd.org>
2016-11-29 09:35:08 -08:00
Hallvard Furuseth
2996fda0ee Fix contrib prototypes - add ConfigReply* 2016-06-12 10:19:03 +02:00
Hallvard Furuseth
23c5d6bbdd ITS#8435 Fix uninited slap_callback.sc_writewait 2016-06-12 08:30:58 +02:00
Devin J. Pohly
fb5b3a0df2 ITS#6826 conversion scripts
These were provided as part of the original ITS but not previously committed.
Perl scripts to convert between Apache and OpenLDAP hash formats.
2016-04-11 13:35:39 +01:00
Quanah Gibson-Mount
6c4d6c880b Happy New Year! 2016-01-29 13:32:05 -06:00
Howard Chu
fb00ef1915 ITS#8294 more for prev commit 2015-10-29 20:31:36 +00:00
Howard Chu
01c27e1342 ITS#8294 avoid symbol clash with other crypto libs 2015-10-29 20:19:00 +00:00
Howard Chu
639da48fdc ITS#8230 add GnuTLS/nettle support 2015-09-25 19:28:18 +01:00
Howard Chu
ccedb68ee2 ITS#8230 fix padding count 2015-09-25 18:53:05 +01:00
Howard Chu
6e4c747d5d ITS#8230 Don't skip tval on big-endian 2015-09-25 18:52:24 +01:00
Ryan Tandy
f81bec6184 ITS#8235 fix compiler warnings 2015-09-02 13:15:23 -07:00
Ryan Tandy
9d2dc5dd24 ITS#8198 use #elif instead of #else for gnutls cases
Reserve #else for actual fallback cases.
2015-08-22 18:59:13 -07:00
Luca Bruno
709a0f4a97 ITS#8198 Optionally use libnettle instead of OpenSSL for crypto
OpenLDAP can be configured to be either built with OpenSSL or
GnuTLS. This commit adds support for building pw-pbkbdf2 module
without OpenSSL, by using PBKDF2 crypto primitives provided by
libnettle.
Closes hamano/openldap-pbkdf2#2

Signed-off-by: Luca Bruno <luca.bruno@rocket-internet.de>
2015-08-22 19:35:38 +00:00
Luca Bruno
ba20d70d2b ITS#8198 Fix an always-true check
Fixed asprintf return value check, in order to properly catch
error conditions. This has been caught by clang -Wtautological-compare:

pw-pbkdf2.c:132:17: warning: comparison of unsigned expression < 0 is always false
        if(msg->bv_len < 0){
           ~~~~~~~~~~~ ^ ~

Signed-off-by: Luca Bruno <luca.bruno@rocket-internet.de>
2015-08-22 19:35:34 +00:00
Howard Chu
768967f176 More filter tweaks 2015-08-10 19:36:06 +01:00
Howard Chu
571a7c72fc Shortcut name mapping
If the naming attribute is in the RDN we don't need to look it up.
2015-08-09 20:57:49 +01:00
Howard Chu
523f989d8f More filter mapping
Was only handling (objectclass=<group>)(<memberUid>=bar).
Now handles (objectclass=<group>)(<groupname>=bar) too.
2015-08-07 04:04:22 +01:00
Howard Chu
706bbd42d9 Fix interaction with rwm 2015-08-01 00:35:44 +01:00
Howard Chu
20c0464fed Also remap explicitly requested attr names 2015-08-01 00:20:49 +01:00