| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
| |
The plugin_id variable is unused in acct_inact_limit(). This
patch removes the unused variable.
|
| |
|
|
|
|
| |
This patch makes the access log entries for search, add, mod, del,
and modrdn operations display the authzid that is used when the
proxy authorization control is sent by the client.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
write entry; db error - 22 Invalid argument
https://bugzilla.redhat.com/show_bug.cgi?id=640854
Description: DBENV open flags is used to determine the DB_OPEN mode
whether to set DB_AUTO_COMMIT or not. The info was eliminated in
the change made for "Bug 633168 - Share backend dbEnv with the
replication changelog".
This patch picks up the backend dbenv openflags and uses it for
the changelog DB_OPEN.
|
| |
|
|
|
|
|
|
| |
if the attribute accountInactivityLimit is specified in the global
config entry cn=config,cn=Account Policy Plugin,cn=plugins,cn=config,
it will be the default inactivity limit - if there is an account policy
specified by acctPolicySubentry, that one will take precedence over the
global policy
|
| |
|
|
|
|
| |
the main init function is responsible for looking to see if it is enabled
and should not do any further processing, including registering the
pre/post op plugins, if it is disabled
|
| |
|
|
|
| |
acct_record_login() should use and destroy the pblock locally - it does
not need to be passed in from the calling function
|
| |
|
|
|
|
|
|
|
|
|
| |
Add the account policy plugin and related server code, schema, and config
A new switch to configure has been added --enable-acctpolicy - this is
enabled by default - so the plugin and the schema will be built and installed
by default
the plugin will be in dse.ldif, but will be disabled by default
The original contribution had some minor problems with the schema and config
entries - these have been cleaned up
The original contribution had a few memory leaks - these have been cleaned up
|
| |
|
|
|
|
|
|
|
|
| |
Have to ensure that all usage of ber_init in the server checks to see if
the bv->bv_val is non-NULL before using ber_init, and return the appropriate
error if it is NULL
Also fixed a problem in dna_extend_exop - would not send the ldap result to
the client in certain error conditions
Reviewed by: nhosoi (Thanks!)
Tested on: RHEL5 x86_64
|
| |
|
|
|
|
|
|
|
|
|
| |
When using the linked attribute plug-in, an entry that is renamed
that is outside of the scope of the plug-in will cause the forward
links in other entries to be updated if they contain a managed
attribute type.
We need to check if the new DN of the renamed entry is within the
scope of the configured linked attributes before updating forward
links.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=634561
Resolves: bug 634561
Bug Description: Server crushes when using Windows Sync Agreement
Reviewed by: ???
Branch: master
Fix Description: The regular replication protocol and the windows sync
protocol have two completely different struct repl_connection. They
are almost the same, almost identical fields, but they are different.
When additional fields were added to the struct repl_connection, not
at the end of the structure, and identical changes were not made to the
struct repl_connection in windows_connection.c, the structures got out
of sync. The authors tried to anticipate this condition by providing
windows_ versions of all of the conn_ functions. We were not using the
windows_ versions of these functions in all places in the winsync code.
The fix is to use the windows_ versions of these functions throughout
the winsync code, and to make the struct repl_connection the same size
up through the char *plain field. If additional fields are added to
either structure at the end, this problem should not occur in the
future.
Platforms tested: RHEL5 x86_64
Flag Day: no
Doc impact: no
(cherry picked from commit 4bd78323d0bb1299a19e0ed1feebc79ff997c92f)
|
| |
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=630092
Description:
The cos_cache_add_defn() has been modified to release theDef
when an error occurs.
|
| |
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=630092
Description:
The acllas__client_match_URL() has been modified to release the
hostport before it returns.
|
| |
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=630092
Description:
The windows_search_local_entry_by_uniqueid() has been modified to release
the memory allocated for local_subtree.
|
| |
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=630092
Description:
The acquire_replica() has been modified to release current_csn before
it returns.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=630092
Description:
The mep_pre_op() is correctly allocating and releasing smods during
modify operation. However, the "else" clause on line 1517 theoretically
allows other operations to enter and cause resource leak. The code has
been modified to reject other operations from operating against the
config entries.
|
| |
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=630092
Description:
The mep_pre_op() has been modified to release config_copy before it goes
out of scope by moving mep_free_config_entry() out of the switch statement.
|
| |
|
|
|
|
|
|
| |
We need to check if aclpb is NULL before dereferencing it. The
proper thing to do here is to make aclplugin_preop_common() return
an error to the LDAP client and to return 1 since the whole purpose
of this function is to initialize the aclpb. Doing this will avoid
the NULL dereference.
|
| |
|
|
|
|
|
|
| |
The config parameter is dereferenced before checking if it is NULL
early in memberof_modop_one_replace_r(). Later in the function,
we first check if config is NULL before dereferencing it. We
should check if config is NULL at the beginning of the function
and bail out before we dereference it.
|
| |
|
|
|
|
|
| |
At the end of the for loop, be will be NULL if we never find a
valid be->be_usn_counter. This will cause us to dereference a
NULL pointer at the next if statement after the for loop. We
need to check if be is NULL before dereferencing it.
|
| |
|
|
|
|
|
|
| |
If the attr parameter that is passed to my_ber_scanf_attr() is
NULL, we jump to the loser label where we clean up memory we may
have allocated. We dereference attr without first checking if it
is NULL in this clean-up code. We need to check if attr is NULL
before dereferencing it.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Coverity believes that search_result_pb can be NULL since we check
if it is NULL before freeing the internal search results. If this
was true, there would be a NULL dereference issue when we call
slapi_pblock_get(). We are guaranteed that search_result_pb is
non-NULL after slapi_pblock_new() is called since the server would
exit if it was unable to allocate memory.
We should remove the NULL check before freeing the internal search
results.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
If we fail to fetch the postop entry for a modrdn operation in the
Managed Entry Plug-in, we end up passing a NULL pointer to
slapi_entry_attr_get_charptr(). This function dereferences the
entry without checking if it is NULL first. The mep_modrdn_post_op()
function should just return if we are unable to fetch the postop
entry.
I believe that this issue could trigger a crash when chain-on-update
is configured and a modrdn operation is chained. There is no postop
entry in this case.
|
| |
|
|
|
|
|
|
| |
It is not necessary to check if config_entry->types is NULL since
it is guaranteed to be non-NULL by dna_parse_config_entry() when
it creates config_entry. Coverity thinks that a NULL derefence is
possible since we are checking if config_entry->types is NULL. We
should remove this NULL check.
|
| |
|
|
|
|
| |
When parsing a URL without a host or port present, we can
dereference a NULL pointer. We need to check if hostport is NULL
before dereferencing it.
|
| |
|
|
|
|
| |
We need to check if ruv is NULL before dereferencing it. The
assertion will not help us here in an optimized build, so an
explicit NULL check will keep us from crashing.
|
| |
|
|
|
| |
The tmpDn pointer is deferenced before checking if it is NULL. We
need to check if it is NULL first.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=633168
Description:
* cl5_api.c, cl5_api.h
- fetches dbEnv from backend using slapi_back_get_info.
- unused macros and DB helper functions and APIs are removed.
* cl5_config.c
- local changelog DB related config parameters are removed.
* Added SLAPI_PLUGIN_BE_PRE_CLOSE_FN and SLAPI_PLUGIN_BE_POST_OPEN_FN to
close changelog DB before dbEnv is closed and to open changelog DB after
dbEnv is opened, respectively.
* Added slapi APIs slapi_back_get_info and slapi_back_set_info to get/set
the backend info.
* back-ldbm
- db2bak[.pl] and bak2db[.pl] backs up and restores the database files
including changelog db.
- changelog dir is backed up in <backupdir>/.repl_changelog_backup.
- underlying implementation ldbm_back_get_info for slapi_back_get_info
is added.
* Added an upgrade script 81changelog.pl
See also:
http://directory.fedoraproject.org/wiki/Move_changelog
|
| |
|
|
|
|
|
| |
Object ro is freed in objset_next_obj and next object is returned
if any. After ro is released, it was used to get agreement data.
This patch moves the location of objset_next_obj after the agreement
data is retrieved.
|
| |
|
|
|
|
|
|
| |
There is no chance for local_newentry to be anything other than NULL
when we check it in the call to slapi_log_error() since the check only
happens after we're verified that newparent and local_origsdn are not NULL.
Since we are guaranteed that local_newentry is NULL, we can just eliminate
this check and use the string "local entry" in the message that we print.
|
| |
|
|
|
|
|
|
|
|
|
| |
There is no chance for op_string to be NULL if "rc == LDAP_SUCCESS"
since op_string is set for all operation types in the switch statement,
which is the only place that rc can be set to something other that the
value of -1 that it is initialized to.
We can just skip the NULL checking for op_string in the calls to
slapi_log_error(). I also fixed the indentation to help me read
the code easier.
|
| |
|
|
|
|
|
|
|
| |
We need to remove the last "if (dnParts)" condition since it will
never be true.
The last frees of newDN, sval, and newvalue are also unnecessary
since they are only set in the non subtree rename case, where they
are already freed as well.
|
| |
|
|
|
|
|
| |
We were not checking the return value of ber_scanf in the DNA
plug-in when parsing the range transfer response. This checks
the return value and sets the return code to LDAP_PROTOCOL_ERROR
if we were unable to parse the range transfer response.
|
| |
|
|
|
|
|
|
|
| |
We were not checking the return value of ldap_parse_result in the
windows_check_user_password() function. The old code was a bit
unclear about setting rc when we encountered errors from
ldap_result(). It also was calling ldap_parse_result() even if
ldap_result() encountered an error. I fixed this code to be a
bit more straightforward.
|
| |
|
|
|
|
|
|
|
|
|
| |
The refint plug-in code currently looks as if it could use the
search_result variable when it is uninitialized. I don't believe
that this is possible since it would require the filter variable
to be NULL, which should not occur since slapi_ch_smprintf() would
make the process exit if it failed to allocate memory. Even so,
the correct thing to do from a code cleanliness standpoint is to
move all code that assumes we performed a search into the "if (filter)"
block.
|
| |
|
|
|
|
|
| |
When using slapi_mods_init_byref/get_ldapmods_byref, the slapi_mods code
expects the Slapi_Mods to be read-only. Since the usn code adds a mod
to the list, it needs to use the slapi_mods_init_passin/get_ldapmods_passout
APIs. This avoids an assertion when using --enable-debug.
|
| |
|
|
|
|
|
|
|
| |
This commit fixes many compiler warnings, mostly for things like unused
variables, functions, goto labels.
One place was using csngen_free instead of csn_free. A couple of places
were using casts incorrectly, and several places needed some casts added.
Tested on: RHEL5 x86_64, Fedora 14 x86_64
Reviewed by: nkinder (Thanks!)
|
| |
|
|
|
|
| |
instead of changing the logic to catch matched_val == NULL, make the code
work like it does in earlier releases, but add an explicit check for
matched_val == NULL to avoid using it.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The DS has some problems with the openldap versions of these functions:
1) They are deprecated - should use the str2[r]dn and [r]dn2str and the
bv versions of those functions instead
2) They escape utf-8 and other values in the strings - the mozldap functions
do not do this
3) They handle double quoted strings, but they remove the quotes - our
code expects the quotes to be left in place
Until we fix our DN handling, and get rid of the double quoted DNs, we just
use the mozldap versions of these functions.
|
| |
|
|
|
|
| |
rawdn may be normalized in place - if we add back the '?' to the URL
before we construct the new URL with the normalized DN, we will create
a bogus URL string - so delay that until we construct the new URL
|
| |
|
|
|
| |
I missed a couple of places in the acl code that should use
slapi_ldap_url_parse - I also added some more debugging
|
| |
|
|
|
|
| |
The logic looking for a missing suffix DN in a parsed URL was incorrect.
In addition, since passthru requires a suffix DN, pass the require_dn
flag.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
| |
Added proxy auth control creation - mozldap has a function to do that but
not openldap
Do not use mozldap filter create function - just create one using
slapi_smprintf
Fix usage of TLS/SSL with new NSS functionality
Created ldif parse wrapper - changed code to use it
Reviewed by: nkinder (Thanks!)
Platforms tested: Fedora 14 (rawhide)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=531642
Resolves: 531642
Fix description:
1. Introduced a config parameter nsslapd-entryusn-global: on|off to
enable | disable the global mode. By default, off.
In the global mode, search on root dse returns "lastusn: <num>"
without the backend subtype (e.g., "lastusn;userroot: <num>")
2. Added slapi_get_next_suffix_ext to mapping_tree.c, which visits
children as well as siblings in the mapping tree.
(Note: slapi_get_next_suffix does just siblings.)
3. import (ldif2db) adds "entryusn: 0" to every entry unless the
entry already contains the entryusn attribute.
4. ldbm_back_delete, ldbm_back_modify, ldbm_back_modrdn: set
ldap_result_code to pblock so that bepost plugin could see if
the operation was successful or not.
See also http://directory.fedoraproject.org/wiki/Entry_USN#Global_mode
|
| |
|
|
|
|
|
|
|
|
| |
This patch allows multiple memberOfGroupAttr values to be set in the
memberOf plug-in config. This allows different grouping attributes
to be used.
For more details, see the design doc:
http://directory.fedoraproject.org/wiki/MemberOf_Multiple_Grouping_Enhancements
|
| |
|
|
|
| |
the name "dn" is being deprecated - the standard attribute name is
"distinguishedName" - ger should support both of these
|
| |
|
|
| |
(ldap/servers/plugins/replication/repl5_agmt.c)
|
| |
|
|
|
|
| |
The postal_validate() function cannot accept an empty string as a valid
value of postalAddress syntax. In addition, we were not properly checking
a value which did not contain a '$' character.
|
| |
|
|
|
|
|
|
|
|
| |
11940 - 12166
https://bugzilla.redhat.com/show_bug.cgi?id=611790
Resolves: bug 611790
Bug description: Fix coverify Defect Type: Null pointer dereferences issues 11940 - 12166
Fix description: Catch possible NULL pointer in ruv_get_replica_generation().
Note: committing the fix on behalf of Endi (edewata@redhat.com).
|
| |
|
|
|
|
|
|
|
|
|
| |
11940 - 12166
https://bugzilla.redhat.com/show_bug.cgi?id=611790
Resolves: bug 611790
Bug description: Fix coverify Defect Type: Null pointer dereferences issues 11940 - 12166
Fix description: Catch possible NULL pointer in cos_cache_add_defn().
Note: committing the fix on behalf of Endi (edewata@redhat.com).
|
