]>
git.sur5r.net Git - openldap/log
Nadezhda Ivanova [Tue, 12 Sep 2017 14:14:30 +0000 (17:14 +0300)]
ITS#8404 Fix an assertion failure during modify of olcDbRewrite in back-meta
Quanah Gibson-Mount [Sun, 23 Apr 2017 22:30:07 +0000 (15:30 -0700)]
ITS#8121 - Note ldap_sasl_bind and ldap_sasl_bind_s can be used to make simple binds via the LDAP_SASL_SIMPLE mechanism
Ted C. Cheng [Fri, 6 Feb 2015 01:19:39 +0000 (17:19 -0800)]
ITS#7520 - back-ldap omit-unknown-schema changes
Jan Vcelak [Wed, 29 Aug 2012 14:23:52 +0000 (16:23 +0200)]
ITS#7374 - MozNSS: better file name matching for hashed CA certificate directory
CA certificate files in OpenSSL compatible CACERTDIR were loaded if the
file extension was '.0'. However the file name should be 8 letters long
certificate hash of the certificate subject name, followed by a numeric
suffix which is used to differentiate between two certificates with the
same subject name.
Wit this patch, certificate file names are matched correctly (using
regular expressions).
Jan Vcelak [Tue, 28 Aug 2012 14:57:54 +0000 (16:57 +0200)]
ITS#7373 - TLS: do not reuse tls_session if hostname check fails
If multiple servers are specified, the connection to the first one
succeeds, and the hostname verification fails, *tls_session is not
dropped, but reused when connecting to the second server.
This is a problem with Mozilla NSS backend because another handshake
cannot be performed on the same file descriptor. From this reason,
hostname checking was moved into ldap_int_tls_connect() before
connection error handling.
Ondřej Kuzník [Sun, 22 Nov 2015 18:32:43 +0000 (18:32 +0000)]
ITS#7100 Update entryTtl behaviour to match RFC 2589
Ondřej Kuzník [Sun, 22 Nov 2015 18:31:30 +0000 (18:31 +0000)]
ITS#7100 Test for entryTtl reflecting time to live
Quanah Gibson-Mount [Thu, 7 Sep 2017 15:44:28 +0000 (08:44 -0700)]
ITS#5048 - index on entryCSN is mandatory
Howard Chu [Thu, 5 Oct 2017 21:13:39 +0000 (22:13 +0100)]
ITS#8752 fix syncrepl null_callback
Make sure it's last in callback stack
Quanah Gibson-Mount [Thu, 5 Oct 2017 16:23:02 +0000 (09:23 -0700)]
Fix script so it exits
Quanah Gibson-Mount [Thu, 5 Oct 2017 03:42:54 +0000 (20:42 -0700)]
ITS#8444 - Fix description to match the actual issue that was fixed
Quanah Gibson-Mount [Thu, 5 Oct 2017 03:36:25 +0000 (20:36 -0700)]
ITS#8752 - Add regression test
Hallvard Furuseth [Fri, 23 Jun 2017 09:56:49 +0000 (10:56 +0100)]
ITS#8733 Allow a raw integer to be decoded from a berval
Hallvard Furuseth [Fri, 23 Jun 2017 09:55:36 +0000 (10:55 +0100)]
ITS#8733 Allow extraction of the complete ber element
Ondřej Kuzník [Wed, 10 May 2017 14:57:27 +0000 (15:57 +0100)]
ITS#8732 Extend CIRCLEQ macros
Quanah Gibson-Mount [Tue, 26 Sep 2017 18:51:27 +0000 (11:51 -0700)]
LDAP_FEATURE_SUBORDINATE_SCOPE is from expired draft-sermersheim-ldap-subordinate-scope, leave behind LDAP_DEVEL
Quanah Gibson-Mount [Tue, 26 Sep 2017 18:35:50 +0000 (11:35 -0700)]
Move a bunch of featuers back behind LDAP_DEVEL for 2.5
SLAP_AUXPROP_DONTUSECOPY is ok for release
Quanah Gibson-Mount [Tue, 26 Sep 2017 18:30:50 +0000 (11:30 -0700)]
CHECK_CSN is a debug only flag for testing. It should always remain
behind LDAP_DEVEL
Quanah Gibson-Mount [Tue, 26 Sep 2017 18:27:15 +0000 (11:27 -0700)]
ITS#6817 - back-meta work for SLAP_AUTH_DN was never finished according
to the ITS notes. In addition, this would need man page updates for the
feature
Quanah Gibson-Mount [Tue, 26 Sep 2017 18:04:45 +0000 (11:04 -0700)]
The support for unindexed attributes being tracked in back-monitor needs
to remain behind LDAP_DEVEL for now. Right now, the mutex in
back-monitor cannot properly handle the load if the server had a lot
of unindexed attributes that were being accessed in search filters.
Quanah Gibson-Mount [Tue, 26 Sep 2017 17:59:08 +0000 (10:59 -0700)]
ITS#7428 - Non-blocking TLS is not compatible with MOZNSS
Quanah Gibson-Mount [Tue, 26 Sep 2017 17:33:01 +0000 (10:33 -0700)]
Whitespace cleanup
Ondřej Kuzník [Wed, 8 Mar 2017 17:03:18 +0000 (17:03 +0000)]
ITS#8638 Add a recursive mutex to libldap_r for libevent
Most thread implementations suppport a native recursive mutex, use that
where possible (especially when a regular mutex is recursive already).
Also provide a macro for applications to test whether they can use the
lock functions interchangeably.
Ondřej Kuzník [Wed, 24 May 2017 15:12:48 +0000 (16:12 +0100)]
Fix warnings issued by autoconf 2.68+
Quanah Gibson-Mount [Fri, 22 Sep 2017 19:05:18 +0000 (12:05 -0700)]
Fix additional compile for /dev/poll support. /dev/poll is neither tested nor supported.
Quanah Gibson-Mount [Tue, 19 Sep 2017 22:21:56 +0000 (15:21 -0700)]
Merge branch 'master' of ssh://git-master.openldap.org/~git/git/openldap
Quanah Gibson-Mount [Tue, 19 Sep 2017 22:20:56 +0000 (15:20 -0700)]
Fix calls to SLAP_DEVPOLL_SOCK_LX for multi-listener support. Support
for /dev/poll is neither enabled nor tested, so other issues may exist.
Howard Chu [Fri, 8 Sep 2017 20:36:05 +0000 (21:36 +0100)]
ITS#8725 fix
75999a18c3c302bc2a71e9a01dfe63a62be8077c
Not needed since callback uses tmpalloc
Quanah Gibson-Mount [Fri, 8 Sep 2017 19:03:02 +0000 (12:03 -0700)]
Fix typo "errror" -> "error"
Nadezhda Ivanova [Fri, 24 Mar 2017 11:19:00 +0000 (13:19 +0200)]
ITS#8725 Always remove listener descriptors from daemon on shutdown
Howard Chu [Tue, 14 Mar 2017 08:50:17 +0000 (08:50 +0000)]
ITS#8725 add slap_sl_mark / slap_sl_release
For fast cleanup after constructing disposable entries
Howard Chu [Thu, 9 Feb 2017 17:20:28 +0000 (17:20 +0000)]
ITS#8725 Avoid listener thread startup race
Typically only shows up under valgrind, not in regular runs
Howard Chu [Thu, 19 Jan 2017 20:10:38 +0000 (20:10 +0000)]
ITS#8725 connection fixes
Fix op_finish, must resched connection to pick up pending ops.
Fix op completion counter.
Howard Chu [Tue, 17 Jan 2017 09:44:03 +0000 (09:44 +0000)]
ITS#8725 backover fixes for async
Fix some valgrind race conditions - wait for frontend to finish up
Don't set callbacks for abandon or unbind - since they have no response
Use tmpalloc for backover callback
Nadezhda Ivanova [Fri, 27 Jan 2017 09:49:24 +0000 (10:49 +0100)]
ITS#8725 Fix an invalid data access during add operations if backend is asynchronous
Howard Chu [Tue, 17 Jan 2017 11:35:54 +0000 (11:35 +0000)]
ITS#8727 plug ber leaks
Howard Chu [Mon, 16 Jan 2017 21:21:33 +0000 (21:21 +0000)]
ITS#8725 Add SLAPD_ASYNCOP return code
Tell frontend the op will finish asynchronously, leave it alone
Howard Chu [Wed, 6 Sep 2017 20:46:09 +0000 (21:46 +0100)]
ITS#8717 call connection delete callbacks
When TLS fails to start
SATOH Fumiyasu [Thu, 3 Aug 2017 07:59:02 +0000 (16:59 +0900)]
ITS#8709 contrib/slapd-modules/passwd/totp: OpenSSL 1.1.0 compatibility
Howard Chu [Wed, 6 Sep 2017 20:25:16 +0000 (21:25 +0100)]
ITS#8719 add crypt_r() support
Michael Ströder [Tue, 5 Sep 2017 13:52:34 +0000 (15:52 +0200)]
ITS#8714 Send out EXTENDED operation message from back-sock
Howard Chu [Thu, 31 Aug 2017 15:53:45 +0000 (16:53 +0100)]
ITS#8270 use the configured exop timeout for StartTLS
Also, there's no need for a retry loop here. Just wait for
the specified timeout or give up.
Ondřej Kuzník [Fri, 25 Aug 2017 15:25:23 +0000 (16:25 +0100)]
ITS#8444 Do not clear the pending operation when checkpointing
When a checkpoint happens, if we remove the CSN from the pending list,
accesslog won't pass it onto the accesslog DB. But in a delta-mmr
scenario, an accesslog entry without a CSN faces a race where it might
be applied twice - that usually fails and causes a full refresh, other
times it can cause a silent desync - both are undesirable.
Quanah Gibson-Mount [Mon, 21 Aug 2017 16:19:12 +0000 (09:19 -0700)]
ITS#8715 Fix typo with olcTLSCiphersuite
Quanah Gibson-Mount [Wed, 16 Aug 2017 15:50:22 +0000 (08:50 -0700)]
ITS#8713 Delete stub man page for LDBM
Howard Chu [Fri, 4 Aug 2017 19:58:07 +0000 (20:58 +0100)]
ITS#8690 one more time
Howard Chu [Fri, 4 Aug 2017 12:40:34 +0000 (13:40 +0100)]
ITS#8690 fix again
Howard Chu [Fri, 4 Aug 2017 12:34:03 +0000 (13:34 +0100)]
Revert "ITS#8690 refix"
This reverts commit
a5f3a2885c9d1a72ecebf159522a558a1f33d767 .
Howard Chu [Thu, 3 Aug 2017 11:42:21 +0000 (12:42 +0100)]
ITS#8705 fix service pathname
Strip trailing space of last pathname component, if any. Not first.
Howard Chu [Tue, 1 Aug 2017 23:52:13 +0000 (00:52 +0100)]
ITS#8690 refix
Don't double-queue delete ops
Howard Chu [Tue, 1 Aug 2017 21:08:50 +0000 (22:08 +0100)]
ITS#8226 optimization
Don't release read txn unless there has actually been a new write txn
Howard Chu [Tue, 1 Aug 2017 20:57:02 +0000 (21:57 +0100)]
ITS#8690 fix prev commit
Howard Chu [Tue, 1 Aug 2017 20:47:15 +0000 (21:47 +0100)]
Cleanup uninit'd vars
Howard Chu [Fri, 21 Jul 2017 18:04:08 +0000 (19:04 +0100)]
ITS#8690 plug memleak on Delete ops
Quanah Gibson-Mount [Fri, 21 Jul 2017 00:11:01 +0000 (17:11 -0700)]
ITS#8697 - For Windows builds with newer MINGW, remove refptr symbols
mappings from slapd.def
Quanah Gibson-Mount [Fri, 23 Jun 2017 16:44:46 +0000 (09:44 -0700)]
Fix missing index on reqResult
Howard Chu [Thu, 22 Jun 2017 17:08:40 +0000 (18:08 +0100)]
ITS#8678 temporary hack
Quanah Gibson-Mount [Wed, 7 Jun 2017 00:04:11 +0000 (17:04 -0700)]
ITS#8667 - Add regression test
Howard Chu [Thu, 1 Jun 2017 16:52:15 +0000 (17:52 +0100)]
Merge remote-tracking branch 'origin/mdb.RE/0.9'
Howard Chu [Thu, 1 Jun 2017 16:51:10 +0000 (17:51 +0100)]
Release 0.9.21
Ryan Tandy [Thu, 18 May 2017 03:07:39 +0000 (20:07 -0700)]
ITS#8655 fix double free on paged search with pagesize 0
Fixes a double free when a search includes the Paged Results control
with a page size of 0 and the search base matches the filter.
Ryan Tandy [Fri, 5 May 2017 03:08:07 +0000 (03:08 +0000)]
ITS#8648 init SASL library in global init
Ryan Tandy [Sun, 7 May 2017 20:16:00 +0000 (20:16 +0000)]
ITS#8648 check result of ldap_int_initialize in ldap_{get,set}_option
Ryan Tandy [Sat, 6 May 2017 22:50:13 +0000 (22:50 +0000)]
ITS#8650 retry gnutls_handshake after GNUTLS_E_AGAIN
Quanah Gibson-Mount [Sun, 23 Apr 2017 22:13:23 +0000 (15:13 -0700)]
ITS#8123 - Fix wording to match examples
Kevin Lam [Tue, 21 Feb 2017 04:20:38 +0000 (12:20 +0800)]
ITS#8592 Fix double free in sssvlv overlay
Quanah Gibson-Mount [Tue, 25 Apr 2017 23:09:22 +0000 (16:09 -0700)]
Fix slapo-pcache to use mdb as the example backend
Quanah Gibson-Mount [Tue, 25 Apr 2017 18:47:49 +0000 (11:47 -0700)]
ITS#8205 - Pick up changes that were ignored in the last commit
Quanah Gibson-Mount [Tue, 25 Apr 2017 18:37:48 +0000 (11:37 -0700)]
ITS#8205 - Fix typos, use man page from Howard for TOTP
Peter Marschall [Sun, 26 Jul 2015 13:04:26 +0000 (15:04 +0200)]
ITS#8205 - contrib/smbk5pwd: add man page, install it too
Add a manual page slapo-smbk5pwd.5 and update smbk5pwd's Makefile to
install the new manual page.
ITS#8205 - contrib/lastbind: install man page
Update lastbind's Makefile to install the manual page too.
ITS#8205 - contrib/passwd/sha2: add man page, install it too
Add a manual page slapd-pw-sha2.5 and update passwd/sha2's Makefile to
install the new manual page.
ITS#8205 - contrib/adremap: install man page
Update adremap's Makefile to install the manual page too.
ITS#8205 - contrib/allop: install man page
Update allop's Makefile to install the manual page too.
ITS#8205 - contrib/cloak: install man page
Update cloak's Makefile to install the manual page too.
ITS#8205 - contrib/lastmod: install man page
Update lastmod's Makefile to install the manual page too.
ITS#8205 - contrib/nops: install man page
Update nops's Makefile to install the manual page too.
ITS#8205 - contrib/nssov: install man page
Update nssov's Makefile to install the manual page too.
ITS#8205 - contrib/passwd: add man page slapd-pw-sha2.5, install it too
Add a manual page slapd-pw-radius.5 and update passwd's Makefile to
install the new manual page.
ITS#8205 - contrib/passwd/totp: add man page, install it too
Add a manual page slapo-totp.5 and update passwd/totp's Makefile to
install the new manual page.
ITS#8205 - contrib/passwd/pbkdf2: add man page, install it too
Add a manual page slapd-pw-pbkdf2.5 and update passwd/pbkdf2's Makefile to
install the new manual page.
Ryan Tandy [Tue, 25 Apr 2017 01:53:56 +0000 (01:53 +0000)]
ITS#8644 fix previous commit: initialize KILLPIDS
Ryan Tandy [Tue, 25 Apr 2017 01:28:25 +0000 (01:28 +0000)]
ITS#8644 wait for slapd to start in test064
Quanah Gibson-Mount [Mon, 24 Apr 2017 20:15:56 +0000 (13:15 -0700)]
ITS#8635 - Note that non-zero serverID's are required for MMR, and that serverID 0 is specific to single master replication only
Quanah Gibson-Mount [Sun, 23 Apr 2017 19:23:56 +0000 (12:23 -0700)]
ITS#8613 - Note that slapo-memberOf should not be used in a replicated environment
Jephte CLAIN [Thu, 31 Dec 2015 08:03:56 +0000 (12:03 +0400)]
ITS#8344 - accesslog database should not be replicated
Howard Chu [Fri, 21 Apr 2017 13:39:17 +0000 (14:39 +0100)]
Fix pool_retract signature
Omitted from
e12ca8b6fed6b8a2526c5c8ee820bf5aa942b59d
Quanah Gibson-Mount [Wed, 19 Apr 2017 19:49:24 +0000 (12:49 -0700)]
Regenerate for autoca, asyncmeta, and wiredtiger
Howard Chu [Wed, 19 Apr 2017 19:19:09 +0000 (20:19 +0100)]
Tweaks for OpenSSL 1.1 API deprecations
Howard Chu [Wed, 19 Apr 2017 18:27:02 +0000 (19:27 +0100)]
Delete extraneous #define
Was only for convenience during testing
Quanah Gibson-Mount [Tue, 18 Apr 2017 20:40:05 +0000 (13:40 -0700)]
Fix autoca build with OpenSSL 1.1.0
Quanah Gibson-Mount [Tue, 18 Apr 2017 15:23:18 +0000 (08:23 -0700)]
Regenerate configure
Quanah Gibson-Mount [Tue, 18 Apr 2017 15:22:56 +0000 (08:22 -0700)]
Quanah Gibson-Mount [Tue, 18 Apr 2017 15:01:26 +0000 (08:01 -0700)]
ITS#8643 - Fix typo
Quanah Gibson-Mount [Fri, 14 Apr 2017 17:50:46 +0000 (10:50 -0700)]
ITS#8634 - Fix DES API function calls to current DES API
Ondřej Kuzník [Mon, 10 Apr 2017 10:26:28 +0000 (11:26 +0100)]
ITS#8632 request the correct type
Ondřej Kuzník [Mon, 10 Apr 2017 09:42:46 +0000 (10:42 +0100)]
ITS#8631 Initialize sal
Howard Chu [Sun, 9 Apr 2017 23:54:21 +0000 (00:54 +0100)]
Cleanup unused vars
Howard Chu [Sun, 9 Apr 2017 23:51:09 +0000 (00:51 +0100)]
Tweak privateKeyValidate
Only accept PKCS#8 private keys
Howard Chu [Sun, 9 Apr 2017 23:21:08 +0000 (00:21 +0100)]
Add GnuTLS support for direct DER config of cacert/cert/key
Followon to
b402a2805f8b96d2751a7315ea5e70e5082965ed
Howard Chu [Sun, 9 Apr 2017 22:42:22 +0000 (23:42 +0100)]
Cleanup warnings, unused vars, etc.
Howard Chu [Sun, 9 Apr 2017 21:45:36 +0000 (22:45 +0100)]
Fix autoca schema init
Wait for core.schema to get loaded
Howard Chu [Sun, 9 Apr 2017 20:37:55 +0000 (21:37 +0100)]
Cleanup test066 comments
Howard Chu [Sun, 9 Apr 2017 19:48:37 +0000 (20:48 +0100)]
autoca manpage updates
Howard Chu [Sun, 9 Apr 2017 19:33:50 +0000 (20:33 +0100)]
Add autoca test script
Howard Chu [Sun, 9 Apr 2017 19:31:11 +0000 (20:31 +0100)]
autoca fixups
Move install of CA cert to a pool thread, otherwise cn=config deadlocks
on dynamically loaded overlay.
Dup/release entry before attempting to modify it, to avoid deadlocks
in back-bdb/hdb.
Always use PKCS#8 format when storing private keys.
Howard Chu [Sun, 9 Apr 2017 19:29:47 +0000 (20:29 +0100)]
Fixup for ;binary config attrs
Use the plain attributeDescription when searching config tables
Howard Chu [Sun, 9 Apr 2017 15:40:25 +0000 (16:40 +0100)]
Add localDN config
If a cert is generated for this DN, configure it as the local
TLS cert/key
Howard Chu [Sun, 9 Apr 2017 14:42:17 +0000 (15:42 +0100)]
Set the CA cert in cn=config if none was already set
Howard Chu [Sun, 9 Apr 2017 14:41:16 +0000 (15:41 +0100)]
Fixup pause handling, silence warnings
Don't try to resume the pool if pausing failed.
Howard Chu [Sun, 9 Apr 2017 14:39:44 +0000 (15:39 +0100)]
Fixup handle_pause()
Return -1 if running on the main thread - which means there
are no worker threads to pause.