Commit Graph

341 Commits

Author SHA1 Message Date
Ryan Tandy
9d2dc5dd24 ITS#8198 use #elif instead of #else for gnutls cases
Reserve #else for actual fallback cases.
2015-08-22 18:59:13 -07:00
Luca Bruno
709a0f4a97 ITS#8198 Optionally use libnettle instead of OpenSSL for crypto
OpenLDAP can be configured to be either built with OpenSSL or
GnuTLS. This commit adds support for building pw-pbkbdf2 module
without OpenSSL, by using PBKDF2 crypto primitives provided by
libnettle.
Closes hamano/openldap-pbkdf2#2

Signed-off-by: Luca Bruno <luca.bruno@rocket-internet.de>
2015-08-22 19:35:38 +00:00
Luca Bruno
ba20d70d2b ITS#8198 Fix an always-true check
Fixed asprintf return value check, in order to properly catch
error conditions. This has been caught by clang -Wtautological-compare:

pw-pbkdf2.c:132:17: warning: comparison of unsigned expression < 0 is always false
        if(msg->bv_len < 0){
           ~~~~~~~~~~~ ^ ~

Signed-off-by: Luca Bruno <luca.bruno@rocket-internet.de>
2015-08-22 19:35:34 +00:00
Howard Chu
768967f176 More filter tweaks 2015-08-10 19:36:06 +01:00
Howard Chu
571a7c72fc Shortcut name mapping
If the naming attribute is in the RDN we don't need to look it up.
2015-08-09 20:57:49 +01:00
Howard Chu
523f989d8f More filter mapping
Was only handling (objectclass=<group>)(<memberUid>=bar).
Now handles (objectclass=<group>)(<groupname>=bar) too.
2015-08-07 04:04:22 +01:00
Howard Chu
706bbd42d9 Fix interaction with rwm 2015-08-01 00:35:44 +01:00
Howard Chu
20c0464fed Also remap explicitly requested attr names 2015-08-01 00:20:49 +01:00
Howard Chu
024d4cbee2 Fix filter init
compound filters f_next is not ignored
2015-07-28 12:10:54 +01:00
Howard Chu
fb7470d82f More tweaks
Check for error on internal search, init AttributeAssertions in
constructed filter
2015-07-25 23:23:41 +01:00
Howard Chu
3770a2c1e3 tweak filter mapping in prev commit
Don't bypass downcasing
2015-07-25 22:31:43 +01:00
Howard Chu
4cbd3b63c0 Add filter remapping 2015-07-25 22:23:46 +01:00
Howard Chu
a8491a63e6 Fix setting authTimestamp on non-TOTP binds 2015-07-16 03:28:37 +01:00
Howard Chu
34e7cbb6fe Plug memleak on mismatched length 2015-07-13 17:17:42 +01:00
Howard Chu
1ab08d2f8e Fix whitespace in manpage 2015-07-07 19:10:00 +01:00
Howard Chu
b6208a4474 New ADremap overlay 2015-07-03 20:11:25 +01:00
Howard Chu
e4278b5731 Fix cfg OID typos 2015-07-03 10:52:20 +01:00
Howard Chu
ea43ac38bf Merge authTimestamp from lastbind overlay
This code duplicates the basic function of lastbind. The two overlays
cannot be used together. The timestamp Mod op is changed to require
the old value to still be present at the end of the Bind. This allows
us to detect collisions (multiple successful Binds in the same time
window) and properly fail the extra Bind attempts.
2015-07-02 20:12:51 +01:00
Howard Chu
e069a79239 Add TOTP pw mechanism 2015-07-02 17:05:14 +01:00
Ryan Tandy
0146e3ddfc ITS#8097 nssov: clean up some compiler warnings 2015-04-16 03:41:48 +01:00
Ryan Tandy
dc277009e2 ITS#8097 nssov: update to protocol version 2
This updates nssov for the protocol changes in nss-pam-ldapd commits
5f55781 and 6a74d8d. The protocol was changed to network byte order,
uid_t and gid_t were changed to int32_t, and the READ_TYPE and
WRITE_TYPE macros were removed. The PAM protocol was restructured to
drop the DN field and to use a common basic set of fields for all
requests.
2015-04-16 03:41:30 +01:00
Ryan Tandy
6a28f3dc20 ITS#8097 nssov: update nss-pam-ldapd files to 0.9.4 2015-04-16 03:41:05 +01:00
Howard Chu
2d9f33072b ITS#8080 nssov: use old pwd if it's given 2015-03-18 20:50:19 +00:00
Ryan Tandy
0200c6d92c ITS#8080 nssov: allow user pwmod without pwdmgr configured 2015-03-18 20:48:15 +00:00
Ryan Tandy
957d4770eb ITS#8080 nssov: only allow root to become pwdmgr 2015-03-18 20:47:57 +00:00
Ryan Tandy
7e3177070a ITS#8080 nssov: require old password unless pwdmgr 2015-03-18 20:47:32 +00:00
Ryan Tandy
05ea78703b ITS#8079 nssov: fix compare for usergroup
More for 5c527bc49e
2015-03-15 19:32:29 +00:00
Howard Chu
1859a6f069 ITS#8065 more for syncrepl compat
Use opextra to detect our own internal ops, not a public control
2015-03-09 19:05:07 +00:00
Howard Chu
9655b23ce0 ITS#8006 more rootdn privs 2015-02-26 00:14:41 +00:00
Howard Chu
91f14e6c39 ITS#8065 don't log/replicate internal ops 2015-02-25 15:34:00 +00:00
Howard Chu
46c07bbfb5 More for prev commit 2015-02-25 00:39:14 +00:00
Howard Chu
79bbf05c5a More for ITS#6970
modrdn had the same bug
2015-02-25 00:30:36 +00:00
Quanah Gibson-Mount
1705fa7e55 Happy New Year 2015-02-11 15:36:57 -06:00
Howard Chu
9232232397 More for ITS#6970 2015-02-02 19:28:59 +00:00
SATOH Fumiyasu
ea58e1ee55 ITS#7782 tweak contrib/slapd-modules/**/Makefile
Set LDAP_BUILD=$(LDAP_SRC) by default
2014-12-16 19:52:44 +00:00
Howard Chu
a8bfed69fd ITS#8006 Use rootdn consistently on internal ops 2014-12-15 20:20:23 +00:00
Howard Chu
b8912c33ba ITS#8000 silence warnings 2014-12-10 22:24:25 +00:00
Howard Chu
62818acd0a ITS#7998 silence warning 2014-12-10 21:59:45 +00:00
Howard Chu
f05a39268d ITS#7997 silence warning 2014-12-10 21:57:44 +00:00
HAMANO Tsukasa
2a43a7d16f ITS#7977 Add PBKDF2 -SHA256 and -SHA512 2014-11-05 09:29:31 +00:00
Howard Chu
7e7ce79bd7 ITS#6970 more error checks in add_group 2014-07-21 11:32:31 -07:00
Howard Chu
4a1b7556a2 ITS#6970 all attrset params are required 2014-07-21 11:08:03 -07:00
Howard Chu
1f8945e8e4 ITS#6970 fix deadlocks 2014-07-21 10:47:36 -07:00
Howard Chu
316afb1190 ITS#6970 fix autogroup Add Entry processing
Push modifications into response callback; only execute if
main Add actually succeeded.
2014-07-21 07:56:05 -07:00
ryan@nardis.ca
b54ae0e2bd ITS#7851 contrib pw-sha2 fix int/size_t comparison 2014-07-18 09:43:36 -07:00
Ryan Tandy
9b36358270 ITS#7851 tell lutil_b64_pton the correct target buffer size 2014-07-18 09:42:22 -07:00
Howard Chu
44f797edad Fix EOL/whitespace 2014-07-18 09:28:27 -07:00
Ryan Tandy
1560c61fa2 ITS#7869 fix do_phk_hash arguments 2014-07-18 09:27:14 -07:00
Ryan Tandy
829027945f ITS#7877 use nettle instead of gcrypt 2014-06-30 20:07:41 -07:00
ryan@nardis.ca
d10652d33c ITS#7885 Wrong RPATH in contrib/passwd/Makefile
Similar to #7858, another easy patch.
2014-06-30 04:54:38 -07:00