Name | Date | Size | #Lines | LOC | ||
---|---|---|---|---|---|---|
.. | 03-May-2022 | - | ||||
ACL | H A D | 08-Jul-2005 | 1.2 KiB | 46 | 27 | |
FORMAT | H A D | 25-Apr-2008 | 4.3 KiB | 99 | 82 | |
GETTING.STARTED | H A D | 25-Apr-2008 | 2.4 KiB | 71 | 51 | |
Makefile | H A D | 03-May-2022 | 7.9 KiB | 218 | 179 | |
README | H A D | 25-Apr-2008 | 3.2 KiB | 71 | 58 | |
README.security | H A D | 19-Mar-2017 | 440 | 13 | 9 | |
RFCs | H A D | 15-Apr-2002 | 232 | 7 | 5 | |
THANKS | H A D | 19-Mar-2017 | 675 | 21 | 12 | |
TODO | H A D | 25-Apr-2008 | 1.9 KiB | 57 | 41 | |
acl.c | H A D | 19-Mar-2017 | 12.4 KiB | 512 | 429 | |
acl.h | H A D | 07-Dec-2005 | 96 | 10 | 7 | |
acls | H A D | 19-Mar-2017 | 406 | 13 | 12 | |
addindex.c | H A D | 19-Mar-2017 | 9.8 KiB | 371 | 342 | |
alloca.h | H A D | 03-May-2022 | 0 | 1 | 0 | |
asn1.h | H A D | 19-Mar-2017 | 9.7 KiB | 235 | 114 | |
asn1dump.c | H A D | 15-Apr-2014 | 375 | 25 | 21 | |
asn1oid.c | H A D | 27-Sep-2011 | 5.7 KiB | 101 | 87 | |
auth.c | H A D | 19-Mar-2017 | 1.1 KiB | 44 | 42 | |
auth.h | H A D | 14-May-2002 | 152 | 8 | 4 | |
bindrequest.c | H A D | 14-Jan-2002 | 253 | 13 | 11 | |
bstr.h | H A D | 25-Apr-2008 | 404 | 13 | 8 | |
bstr_diff.c | H A D | 05-Feb-2004 | 520 | 27 | 24 | |
bstr_diff2.c | H A D | 25-Apr-2008 | 502 | 31 | 28 | |
bstrfirst.c | H A D | 08-Jul-2002 | 117 | 7 | 5 | |
bstrlen.c | H A D | 25-Apr-2008 | 169 | 9 | 7 | |
bstrstart.c | H A D | 25-Apr-2008 | 110 | 7 | 5 | |
dumpacls.c | H A D | 19-Mar-2017 | 3.6 KiB | 123 | 120 | |
dumpidx.c | H A D | 19-Mar-2017 | 3.6 KiB | 128 | 122 | |
fmt_asn1OID.c | H A D | 28-Apr-2011 | 469 | 17 | 15 | |
fmt_asn1bitstring.c | H A D | 28-Apr-2011 | 613 | 20 | 17 | |
fmt_asn1generic.c | H A D | 07-May-2015 | 4.5 KiB | 158 | 150 | |
fmt_asn1int.c | H A D | 25-Apr-2008 | 387 | 12 | 9 | |
fmt_asn1intpayload.c | H A D | 25-Apr-2008 | 369 | 21 | 19 | |
fmt_asn1length.c | H A D | 25-Apr-2008 | 527 | 26 | 21 | |
fmt_asn1sint.c | H A D | 25-Apr-2008 | 387 | 12 | 9 | |
fmt_asn1sintpayload.c | H A D | 25-Apr-2008 | 424 | 23 | 20 | |
fmt_asn1string.c | H A D | 25-Apr-2008 | 312 | 11 | 9 | |
fmt_asn1tag.c | H A D | 19-Mar-2017 | 426 | 16 | 11 | |
fmt_asn1tagint.c | H A D | 28-Apr-2011 | 307 | 18 | 16 | |
fmt_asn1transparent.c | H A D | 25-Apr-2008 | 287 | 11 | 8 | |
fmt_ldapadl.c | H A D | 19-Mar-2017 | 694 | 33 | 29 | |
fmt_ldapava.c | H A D | 19-Mar-2017 | 222 | 10 | 8 | |
fmt_ldapbindrequest.c | H A D | 19-Mar-2017 | 575 | 21 | 18 | |
fmt_ldapdeleterequest.c | H A D | 19-Mar-2017 | 179 | 9 | 7 | |
fmt_ldapmessage.c | H A D | 19-Mar-2017 | 389 | 13 | 11 | |
fmt_ldappal.c | H A D | 19-Mar-2017 | 525 | 24 | 18 | |
fmt_ldapresult.c | H A D | 19-Mar-2017 | 604 | 21 | 19 | |
fmt_ldapsearchfilter.c | H A D | 19-Mar-2017 | 2 KiB | 72 | 52 | |
fmt_ldapsearchfilterstring.c | H A D | 19-Mar-2017 | 1.6 KiB | 70 | 68 | |
fmt_ldapsearchrequest.c | H A D | 19-Mar-2017 | 661 | 22 | 20 | |
fmt_ldapsearchresultentry.c | H A D | 19-Mar-2017 | 333 | 12 | 10 | |
fmt_ldapstring.c | H A D | 19-Mar-2017 | 126 | 6 | 4 | |
fmt_tls_alert.c | H A D | 07-May-2015 | 169 | 11 | 8 | |
fmt_tls_alert_pkt.c | H A D | 07-May-2015 | 235 | 12 | 10 | |
fmt_tls_clienthello.c | H A D | 07-May-2015 | 1.7 KiB | 52 | 48 | |
fmt_tls_handshake_cert.c | H A D | 08-May-2015 | 312 | 14 | 12 | |
fmt_tls_handshake_certs_header.c | H A D | 08-May-2015 | 826 | 29 | 19 | |
fmt_tls_packet.c | H A D | 07-May-2015 | 280 | 14 | 12 | |
fmt_tls_serverhello.c | H A D | 07-May-2015 | 5.3 KiB | 164 | 119 | |
fmt_tls_serverhellodone.c | H A D | 08-May-2015 | 168 | 9 | 7 | |
free_ldapadl.c | H A D | 16-Jul-2002 | 186 | 11 | 8 | |
free_ldappal.c | H A D | 16-Jul-2002 | 207 | 12 | 9 | |
free_ldapsearchfilter.c | H A D | 19-Mar-2017 | 434 | 23 | 21 | |
free_ldapsearchresultentry.c | H A D | 01-Apr-2005 | 110 | 6 | 4 | |
freeava.c | H A D | 14-Jan-2002 | 184 | 11 | 9 | |
freefilter.c | H A D | 14-Jan-2002 | 325 | 17 | 15 | |
freepal.c | H A D | 14-Jan-2002 | 302 | 16 | 14 | |
idx2ldif.c | H A D | 19-Mar-2017 | 2.3 KiB | 106 | 89 | |
init_tls_context.c | H A D | 07-May-2015 | 502 | 20 | 17 | |
ldap.h | H A D | 19-Mar-2017 | 7.2 KiB | 222 | 187 | |
ldap_match_mapped.c | H A D | 19-Mar-2017 | 5.1 KiB | 201 | 177 | |
ldap_match_sre.c | H A D | 28-Jun-2007 | 4.1 KiB | 167 | 154 | |
ldapclient.c | H A D | 19-Mar-2017 | 7.1 KiB | 279 | 259 | |
ldapclient_str.c | H A D | 19-Mar-2017 | 3.9 KiB | 146 | 137 | |
ldapdelete.c | H A D | 19-Mar-2017 | 3.1 KiB | 127 | 113 | |
ldif.h | H A D | 03-May-2022 | 930 | 35 | 26 | |
ldif_parse.c | H A D | 25-Apr-2008 | 7.7 KiB | 328 | 275 | |
matchcaseprefix.c | H A D | 05-Feb-2004 | 477 | 21 | 16 | |
matchcasestring.c | H A D | 25-Apr-2008 | 469 | 22 | 16 | |
matchprefix.c | H A D | 08-Jul-2002 | 471 | 21 | 16 | |
matchstring.c | H A D | 25-Apr-2008 | 442 | 22 | 16 | |
md5password.c | H A D | 25-Apr-2008 | 709 | 33 | 31 | |
mduptab.h | H A D | 25-Apr-2008 | 764 | 20 | 10 | |
mduptab_add.c | H A D | 25-Apr-2008 | 607 | 24 | 22 | |
mduptab_adds.c | H A D | 05-Feb-2004 | 149 | 8 | 6 | |
mduptab_init.c | H A D | 14-Feb-2004 | 142 | 8 | 6 | |
mduptab_init_reuse.c | H A D | 14-Feb-2004 | 122 | 7 | 5 | |
mduptab_reset.c | H A D | 20-Apr-2008 | 141 | 8 | 6 | |
mstorage.h | H A D | 25-Apr-2008 | 788 | 34 | 14 | |
mstorage_add.c | H A D | 22-Nov-2009 | 2.2 KiB | 86 | 70 | |
mstorage_add_bin.c | H A D | 22-Nov-2009 | 678 | 29 | 22 | |
mstorage_init.c | H A D | 04-Feb-2004 | 109 | 8 | 6 | |
mstorage_init_persistent.c | H A D | 05-Feb-2004 | 472 | 21 | 19 | |
mstorage_unmap.c | H A D | 25-Apr-2008 | 395 | 23 | 21 | |
mysql2ldif.c | H A D | 19-Mar-2017 | 3.6 KiB | 150 | 140 | |
normalize_dn.c | H A D | 20-Apr-2008 | 556 | 27 | 23 | |
parse.c | H A D | 19-Mar-2017 | 9.3 KiB | 316 | 213 | |
printasn1.c | H A D | 07-May-2015 | 3.4 KiB | 128 | 117 | |
scan_asn1BITSTRING.c | H A D | 28-Apr-2011 | 947 | 28 | 23 | |
scan_asn1BOOLEAN.c | H A D | 25-Apr-2008 | 416 | 17 | 15 | |
scan_asn1ENUMERATED.c | H A D | 25-Apr-2008 | 382 | 16 | 14 | |
scan_asn1INTEGER.c | H A D | 25-Apr-2008 | 319 | 13 | 11 | |
scan_asn1SEQUENCE.c | H A D | 25-Apr-2008 | 397 | 15 | 13 | |
scan_asn1SET.c | H A D | 25-Apr-2008 | 387 | 15 | 13 | |
scan_asn1STRING.c | H A D | 25-Apr-2008 | 334 | 13 | 11 | |
scan_asn1generic.c | H A D | 07-May-2015 | 7.5 KiB | 280 | 262 | |
scan_asn1int.c | H A D | 25-Apr-2008 | 380 | 11 | 9 | |
scan_asn1length.c | H A D | 19-Mar-2017 | 990 | 29 | 25 | |
scan_asn1oid.c | H A D | 19-Mar-2017 | 581 | 22 | 18 | |
scan_asn1rawint.c | H A D | 19-Mar-2017 | 722 | 22 | 18 | |
scan_asn1rawoid.c | H A D | 25-Feb-2017 | 936 | 42 | 33 | |
scan_asn1string.c | H A D | 25-Apr-2008 | 360 | 13 | 11 | |
scan_asn1tag.c | H A D | 19-Mar-2017 | 587 | 18 | 13 | |
scan_asn1tagint.c | H A D | 15-Apr-2014 | 436 | 16 | 14 | |
scan_certificate.c | H A D | 07-May-2015 | 11.5 KiB | 394 | 330 | |
scan_ldapaddrequest.c | H A D | 19-Mar-2017 | 2.5 KiB | 96 | 86 | |
scan_ldapava.c | H A D | 19-Mar-2017 | 296 | 11 | 9 | |
scan_ldapbindrequest.c | H A D | 19-Mar-2017 | 515 | 18 | 16 | |
scan_ldapbindresponse.c | H A D | 19-Mar-2017 | 679 | 24 | 22 | |
scan_ldapdeleterequest.c | H A D | 19-Mar-2017 | 182 | 10 | 8 | |
scan_ldapmessage.c | H A D | 19-Mar-2017 | 584 | 22 | 20 | |
scan_ldapmodifyrequest.c | H A D | 19-Mar-2017 | 2.8 KiB | 92 | 86 | |
scan_ldapresult.c | H A D | 19-Mar-2017 | 575 | 16 | 14 | |
scan_ldapsearchfilter.c | H A D | 19-Mar-2017 | 3.6 KiB | 111 | 81 | |
scan_ldapsearchfilterstring.c | H A D | 19-Mar-2017 | 2.3 KiB | 101 | 99 | |
scan_ldapsearchrequest.c | H A D | 19-Mar-2017 | 1.7 KiB | 59 | 54 | |
scan_ldapsearchresultentry.c | H A D | 19-Mar-2017 | 1.4 KiB | 44 | 41 | |
scan_ldapstring.c | H A D | 19-Mar-2017 | 143 | 6 | 4 | |
strduptab.c | H A D | 25-Apr-2008 | 583 | 31 | 28 | |
strduptab.h | H A D | 25-Apr-2008 | 502 | 14 | 5 | |
strstorage.c | H A D | 25-Apr-2008 | 549 | 30 | 27 | |
strstorage.h | H A D | 25-Apr-2008 | 259 | 7 | 1 | |
t.c | H A D | 21-Feb-2002 | 14.9 KiB | 558 | 466 | |
t1.c | H A D | 25-Apr-2008 | 3.2 KiB | 145 | 130 | |
t10.c | H A D | 12-May-2011 | 1.6 KiB | 73 | 64 | |
t2.c | H A D | 19-Mar-2017 | 6.4 KiB | 230 | 220 | |
tinyldap.c | H A D | 03-May-2022 | 71.6 KiB | 2,627 | 2,171 | |
tinytls.h | H A D | 07-May-2015 | 5.6 KiB | 167 | 106 | |
tls_accept.c | H A D | 08-May-2015 | 2.1 KiB | 86 | 69 | |
tls_cipherprio.c | H A D | 07-May-2015 | 281 | 14 | 11 | |
tls_connect.c | H A D | 08-May-2015 | 3.8 KiB | 126 | 107 | |
tls_doread.c | H A D | 25-Feb-2017 | 3.4 KiB | 122 | 92 | |
tls_dowrite.c | H A D | 08-May-2015 | 858 | 31 | 23 | |
x.c | H A D | 25-Feb-2017 | 2.1 KiB | 57 | 50 |
README
1Please read ldap.h and asn1.h for an overview of the API. 2 3Example code using the high level API is in tinyldap and ldapclient. 4This will be encapsulated some more eventually. 5 6ldapclient is the client test application. It connects to localhost, 7makes a BindRequest and dumps the BindResponse in human readable form. 8 9tinyldap is the server test application. It can understand BindRequest, 10some simple forms of SearchRequest, and it can even answer simple 11queries. 12 13tinyldap now supports an external database representation with indexes. 14Use "parse" to create the file "data" from an LDIF file called 15"exp.ldif" (I can't give you my test data, sorry). Then use "addindex" 16to add indexes if you like. To make an index case insentive (and the 17corresponding attribute, too), pass an "i" in third command line 18argument to addindex (e.g. "./addindex data sn i"). addindex also 19supports a second index type, where the offset table also contains the 20record number (will save run time, but the index is twice as large). To 21enable it, pass a "f" in the third command line argument. So, to have a 22fast case-insensitive index, use "if" or "fi" as third argument to 23addindex. 24 25Use "dumpidx" to have the contents of data displayed on screen. 26tinyldap has been modified to use data instead of the in-memory linked 27list. 28 29Do _not_ add an index for objectClass! It will not work! 30 31parse will now normalize dn before writing it to the index. That means 32that the attribute names in dn are lowercased, ';' is converted to ',' 33and spaces after ';' or ',' are removed. 34 35tinyldap support authentication. It does not have any real effect yet, 36as tinyldap does not support ACLs, but it can be used to use LDAP for 37password checking. To use this, you must add an index for "dn". Most 38programs check by an attribute called "uid", so you should have that as 39well, and put the password into an attribute called "userPassword". By 40convention, the attribute "homeDirectory" contains $HOME for that user. 41tinyldap support three kinds of passwords here: 42 43 - straight MD5 44 I think I took this scheme from OpenLDAP. It's just the straight 45 MD5 without salt but expressed as base64 not hex (as md5sum outputs 46 it). Example: 47 userPassword: {MD5}CY9rzUYh03PK3k6DJie09g== 48 You can use "md5password" (part of the tinyldap distribution) to 49 calculate these passwords. 50 51 - crypt(3) 52 This means you can simply copy the password from /etc/shadow. 53 If your libc supports MD5 passwords in crypt (diet libc does, glibc 54 does, all the free BSDs do; you can know them by the "$1$" at the 55 start), this is actually more secure than the straight MD5 above. 56 However, the ldif and data files are then not portable to tinyldap 57 running on another OS without MD5 support in crypt. Same goes for 58 blowfish or other obscure algorithms your crypt(3) may or may not 59 support. Example: 60 userPassword: a4FGJQkF1FYY2 61 62 - plain text password 63 You can also simply put the password in plain text in the ldif. 64 userPassword: test 65 This is NOT advisable, because tinyldap does not support ACLs yet! 66 That means everyone can read everyone's passwords. The MD5 above 67 provides at least moderate protection. 68 69This code has been tested against pam_ldap and an ldap checkpassword I 70wrote for a customer. 71
README.security
1tinyldap trusts the binary data file on disk. 2There are numerous ways to make tinyldap crash or loop endlessly if an 3attacker can hex edit the data file. 4 5Other than that, tinyldap does not trust anyone :-) 6 7tinyldap can (and should) be run as non-root, via tcpserver, in a chroot 8jail. 9 10If you worry about memory consumption, set resource limits before 11running tinyldap, e.g. with softlimit from daemontools or limit/ulimit 12in your shell. 13