init.c: align mi_dbenv_flags and flags with mdb_dbi_open, which declares
flags as unsigned int.
search.c: align mi_rtxn_size with ARG_UINT; adjust ww_ctx.nentries to
silence a warning about signed/unsigned comparison.
config.c: parse checkpoint config more carefully. Reject negative or
unreasonably large values for kbytes and minutes. Ensure both values are
parsed successfully before making any changes.
Fixes a compilation failure under MinGW, where stdint.h types are not
implicitly pulled in by other headers.
* use 'crypto_pwhash_str_alg(..., crypto_pwhash_ALG_ARGON2ID13)' to set
the algorithm to Argon2.
According to libsodium's documentation, the original 'crypto_pwhash_str()'
only guarantees a "memory-hard, CPU-intensive hash function", but not
necessarily Argon2. Although in released versions of libsodium Argon2 is
the only implemented backend, this may chane in the future.
* multiply the 'memory' parameter by 1024 to align it with the libargon2
implementation. The objective is to have consistent configuration in
OpenLDAP's pw-argon2 module no matter what backend implementation is used.
Signed-off-by: Peter Marschall <peter@adpm.de>
Always retry ldap_int_tls_connect() if it didn't complete,
regardless of blocking or non-blocking socket. Code from
ITS#7428 was wrong to only retry for async.
MinGW targets do not have the <sys/socket.h> header. The configure check
would conclude that there is no socklen_t type, resulting in portable.h
containing its own definition of socklen_t, which would later conflict
with the actual definition in <ws2tcpip.h>.
Add <ws2tcpip.h> to the configure check for socklen_t, so that the
defined type is correctly detected.
- give authid-rewrite's argument a name
- tidy saslauthz.c whitespace (mixed spaces/tabs)
- always declare slap_sasl_regexp_destroy: fixes an implicit declaration
warning when configured without librewrite
- delete dead code: ENABLE_REWRITE implies SLAP_AUTH_REWRITE, so this
code is never compiled
- make slap_sasl_regexp_rewrite_config static
- omit sasl_regexp unused fields when built with librewrite
thr_posix.c: In function 'ldap_pvt_thread_set_concurrency':
thr_posix.c:96:9: error: implicit declaration of function 'pthread_setconcurrency'
return pthread_setconcurrency( n );
^~~~~~~~~~~~~~~~~~~~~~
pthread_setcanceltype
Signed-off-by: Sergei Trofimovich <slyfox@gentoo.org>
The spec says that upon StartTLS 'success', both TLS communications is
established on the octet following the Start TLS response (and the
request)... and that once one starts TLS communications, one can never
go back to LDAP without TLS. So if there's a TLS failure (whether as
part of TLS nego or later), LDAP communications cannot be continued
(without TLS).
Only ignoring LDAP errors (rc > 0) ensures that if TLS negotiation
fails, we don't attempt to send LDAP operations without TLS.
