| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
| |
The plugin_id variable is unused in acct_inact_limit(). This
patch removes the unused variable.
|
|
|
|
|
|
| |
This patch makes the access log entries for search, add, mod, del,
and modrdn operations display the authzid that is used when the
proxy authorization control is sent by the client.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
write entry; db error - 22 Invalid argument
https://bugzilla.redhat.com/show_bug.cgi?id=640854
Description: DBENV open flags is used to determine the DB_OPEN mode
whether to set DB_AUTO_COMMIT or not. The info was eliminated in
the change made for "Bug 633168 - Share backend dbEnv with the
replication changelog".
This patch picks up the backend dbenv openflags and uses it for
the changelog DB_OPEN.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=640027
Description: When DN is made from RDNs containing escaped plus
"\+", the dn normalizer considers the value could be nested multi-
valued RDNs. (e.g., cn=C\=Z\+A\=X\+B\=Y\,o\=O,o=OO)
In that case, multi-valued RDNs are sorted by the normalizer.
(==> cn=A\=X\+B\=Y\+C\=Z\,o\=O,o=OO)
The sample DN provided by Andrey Ivanov contains "\+", but that
is not a separator for the multi-valued RDNs:
cn=mytest\+\=-123'\;456,dc=example,dc=com
The dn normalizer should have checked the possibility, as well.
The check is added in this patch.
Also, sorting was not triggered if multi-valued RDNs are located
at the end of the value. (e.g., cn=C\=X\,B\=Y\+A\=Z,o=OO)
The bug was fixed, as well.
|
|
|
|
|
|
|
|
|
|
|
|
| |
The Console throws an error dialog when you attempt to edit the
default self-write ACI. The Console thinks that the labeledURL
attribute is not valid sicne it does not properly handle attributes
that use anything other than the primary short name.
This patch changes the default ACI to use the primary short name
of labeledURI instead of labeledURL. Fixing the Console to handle
non-primary short names will be dealt with in another bug in the
future.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=639289
Description:
There was a bug in the utf8 uppe2Lower table:
Character İ (LATIN CAPITAL LETTER I WITH DOT ABOVE) did not map
to the corresponding LATIN SMALL LETTER DOTLESS I (2 bytes) but
to ascii 'i' (1 byte). The shortened DN tailed with a garbage
character and the entry was treated as an orphan entry which does
not belong to any suffix.
This patch fixes the mapping table mismatch as well as adds a code
to dn_ignore_case_to_end to force to NULL terminate the converted
string.
|
|
|
|
|
|
|
|
|
|
|
| |
no instances
https://bugzilla.redhat.com/show_bug.cgi?id=628096
The initscript.in has been modified such that it will suppress
the error message from the ls command and generate a consistent
error message for all commands in case there is no instance
configured.
|
|
|
|
| |
Fixed some typos and copy/paste errors in Makefile.am and acctpolicy schema
|
|
|
|
|
|
|
|
| |
if the attribute accountInactivityLimit is specified in the global
config entry cn=config,cn=Account Policy Plugin,cn=plugins,cn=config,
it will be the default inactivity limit - if there is an account policy
specified by acctPolicySubentry, that one will take precedence over the
global policy
|
|
|
|
|
|
| |
the main init function is responsible for looking to see if it is enabled
and should not do any further processing, including registering the
pre/post op plugins, if it is disabled
|
|
|
|
|
| |
acct_record_login() should use and destroy the pblock locally - it does
not need to be passed in from the calling function
|
|
|
|
|
|
|
|
|
|
|
| |
Add the account policy plugin and related server code, schema, and config
A new switch to configure has been added --enable-acctpolicy - this is
enabled by default - so the plugin and the schema will be built and installed
by default
the plugin will be in dse.ldif, but will be disabled by default
The original contribution had some minor problems with the schema and config
entries - these have been cleaned up
The original contribution had a few memory leaks - these have been cleaned up
|
|
|
|
|
|
|
|
|
|
| |
Have to ensure that all usage of ber_init in the server checks to see if
the bv->bv_val is non-NULL before using ber_init, and return the appropriate
error if it is NULL
Also fixed a problem in dna_extend_exop - would not send the ldap result to
the client in certain error conditions
Reviewed by: nhosoi (Thanks!)
Tested on: RHEL5 x86_64
|
|
|
|
|
|
|
|
|
|
|
| |
When using the linked attribute plug-in, an entry that is renamed
that is outside of the scope of the plug-in will cause the forward
links in other entries to be updated if they contain a managed
attribute type.
We need to check if the new DN of the renamed entry is within the
scope of the configured linked attributes before updating forward
links.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=635987
Description:
This commit made for the bug 635987 introduced a bug to replication.
commit 8ac525e5ac997378f4f2a386e9b96568c8d66db5
Author: Noriko Hosoi <nhosoi@redhat.com>
Date: Tue Sep 21 15:12:07 2010 -0700
subtree_candidates (ldbm_search.c)
If you do have a tombstone filter, descendants will be NULL,
and idl_intersection of candidates and descendents will wipe
out all of the candidates, leaving just the one entry, e->ep_id.
Changed to call idl_intersection only when the filter is not
for tombstone or entryrdn_get_noancestorid (false, by default).
|
|
|
|
|
|
|
|
| |
When going through the exceptions table in libaccess, we don't
check if we are at the last pair of elements in the array before
incrementing to the next pair. This patch adds checks to see if
we are at the last pair of elements and avoids the increment if
necessary.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=634561
Resolves: bug 634561
Bug Description: Server crushes when using Windows Sync Agreement
Reviewed by: ???
Branch: master
Fix Description: The regular replication protocol and the windows sync
protocol have two completely different struct repl_connection. They
are almost the same, almost identical fields, but they are different.
When additional fields were added to the struct repl_connection, not
at the end of the structure, and identical changes were not made to the
struct repl_connection in windows_connection.c, the structures got out
of sync. The authors tried to anticipate this condition by providing
windows_ versions of all of the conn_ functions. We were not using the
windows_ versions of these functions in all places in the winsync code.
The fix is to use the windows_ versions of these functions throughout
the winsync code, and to make the struct repl_connection the same size
up through the char *plain field. If additional fields are added to
either structure at the end, this problem should not occur in the
future.
Platforms tested: RHEL5 x86_64
Flag Day: no
Doc impact: no
(cherry picked from commit 4bd78323d0bb1299a19e0ed1feebc79ff997c92f)
|
|
|
|
|
|
|
|
|
|
|
| |
also applied to "cn=directory manager"
https://bugzilla.redhat.com/show_bug.cgi?id=606920
Description: Client side sizelimit / timelimit request should
be honoured by the Directory Manager, too. Changing the time/
sizelimit evaluation so that if client side request exists,
the value is set even if the bind user is the directory manager.
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
ACL containing ldap:///self
https://bugzilla.redhat.com/show_bug.cgi?id=635987
Description: When a basedn has no descendants, the code to take an
intersection of idl (which was returned from the filter search --
filter_candidates) and the basedn was skipped in subtree_candidates
(ldbm_search.c). Regardless of descendants, the intersection should
be taken for the idl and a tree starting with the basedn.
Note: This bug was introduced with entryrdn.
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=630092
Description:
The acl_Parse() has been modified to release newacls and newaclv
when an error occurs.
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=630092
Description:
The str2simple() has been modified to release unqstr when
an error occurs.
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=630092
Description:
The cos_cache_add_defn() has been modified to release theDef
when an error occurs.
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=630092
Description:
The plugin_setup() has been modified to release the value before
it returns.
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=630092
Description:
The acllas__client_match_URL() has been modified to release the
hostport before it returns.
|
|
|
|
|
|
| |
The ldapu_propval_list_free() function was freeing the nodes in
the list, but not the list itself. We need to free the list itself
after all of the nodes have been freed.
|
|
|
|
|
| |
We don't free new_scheme if the password encode function is not
set. We need to free new_scheme in this error case.
|
|
|
|
|
|
| |
There is a chance that we leak the memory pointed to by the new
variable if we never have one of the ldclt contexts point to it.
We need to jump to the error label in this case to free the memory.
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=630092
Description:
The moddn_rename_children() has been modified to release
child_entry_copies before it returns.
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=630092
Description:
The import_producer() has been modified to release ep when an error
occured.
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=630092
Description:
The index_set_entry_to_fifo() has been modified to release ep when
the job is aborted.
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=630092
Description:
The _entryrdn_delete_key() has been modified to release tmpsrdn
when an error occurs.
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=630092
Description:
The bulk_import_queue() has been modified to release ep when an
error occurs.
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=630092
Description:
The _entryrdn_index_read() has been modified to release tmpsrdn
when an error occurs.
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=630092
Description:
The windows_search_local_entry_by_uniqueid() has been modified to release
the memory allocated for local_subtree.
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=630092
Description:
The acquire_replica() has been modified to release current_csn before
it returns.
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=630092
Description:
The mep_pre_op() is correctly allocating and releasing smods during
modify operation. However, the "else" clause on line 1517 theoretically
allows other operations to enter and cause resource leak. The code has
been modified to reject other operations from operating against the
config entries.
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=630092
Description:
The mep_pre_op() has been modified to release config_copy before it goes
out of scope by moving mep_free_config_entry() out of the switch statement.
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=630092
Description:
The putvalue() has been modified to release b64 using freeEnc64()
before it returns.
|
|
|
|
|
|
|
| |
It looks like aclpvt is only initialized before use if __cplusplus
or lint are defined. I see no harm in always initializing aclpvt
to NULL, which will guarantee that we don't use an uninitialized
pointer.
|
|
|
|
|
|
|
|
| |
We need to check if aclpb is NULL before dereferencing it. The
proper thing to do here is to make aclplugin_preop_common() return
an error to the LDAP client and to return 1 since the whole purpose
of this function is to initialize the aclpb. Doing this will avoid
the NULL dereference.
|
|
|
|
|
|
| |
There is a chance that a can be NULL, which we then dereference
within the else block. We should not execute the else block if
a is NULL.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
result being a paged one
https://bugzilla.redhat.com/show_bug.cgi?id=558099
Description: searched entry count is logged in the access log as
(nentries=<num>). When RFC 2696 page results control is passed,
the nentries logs the page size instead of the total searched
count. andrey.ivanov@polytechnique.fr proposed to log the control
info as follows:
[..] conn=# op=#RESULT err=0 tag=101 nentries=# etime=0 notes=P
This patch implemented the spec.
Also, there was a bug regarding unindexed note "notes=U" when
the paged results control is received. Only the first page logs
it, but not the rest. The bug was fixed.
|
|
|
|
|
|
|
|
|
| |
the entry is moved to "under" the same DN.
https://bugzilla.redhat.com/show_bug.cgi?id=625014
Description: adding a check if the newsuperior is the entry itself
or its descendent. If it is, modrdn returns LDAP_UNWILLING_TO_PERFORM.
|
|
|
|
|
|
| |
If strdup() fails, the cmd variable will be NULL. We dereference
it without checking it strdup() was successful. We should check
if cmd is NULL before dereferencing it.
|
|
|
|
|
|
|
|
| |
In entryrdn_compare_dups(), we dereference the a and b parameters
when initializing the elem_a and elem_b variables. We later
perform NULL checks on both a and b, but a NULL would have
triggered a crash. We should not dereference a or b until after
the NULL checks are performed.
|
|
|
|
|
|
|
|
| |
The first parameter of dblayer_set_env_debugging() is dereferenced
inside of that function without NULL checking. We pass the env
variable to this function without first checking if it is NULL.
We should move the existing NULL check of env up to the top of the
dblayer_copy_file_keybybey() function.
|
|
|
|
|
|
|
|
| |
The config parameter is dereferenced before checking if it is NULL
early in memberof_modop_one_replace_r(). Later in the function,
we first check if config is NULL before dereferencing it. We
should check if config is NULL at the beginning of the function
and bail out before we dereference it.
|
|
|
|
|
|
|
| |
If there is a problem allocating pResHash, we jump to the error
label. The error label then dereferences pResHash to do a deep
free, but it doesn't check if pResHash is NULL first. We need to
check if pResHash is NULL before dereferencing it.
|
|
|
|
|
|
|
| |
At the end of the for loop, be will be NULL if we never find a
valid be->be_usn_counter. This will cause us to dereference a
NULL pointer at the next if statement after the for loop. We
need to check if be is NULL before dereferencing it.
|
|
|
|
|
|
|
|
| |
If the attr parameter that is passed to my_ber_scanf_attr() is
NULL, we jump to the loser label where we clean up memory we may
have allocated. We dereference attr without first checking if it
is NULL in this clean-up code. We need to check if attr is NULL
before dereferencing it.
|