| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
| |
This patch makes the access log entries for search, add, mod, del,
and modrdn operations display the authzid that is used when the
proxy authorization control is sent by the client.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
write entry; db error - 22 Invalid argument
https://bugzilla.redhat.com/show_bug.cgi?id=640854
Description: DBENV open flags is used to determine the DB_OPEN mode
whether to set DB_AUTO_COMMIT or not. The info was eliminated in
the change made for "Bug 633168 - Share backend dbEnv with the
replication changelog".
This patch picks up the backend dbenv openflags and uses it for
the changelog DB_OPEN.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=640027
Description: When DN is made from RDNs containing escaped plus
"\+", the dn normalizer considers the value could be nested multi-
valued RDNs. (e.g., cn=C\=Z\+A\=X\+B\=Y\,o\=O,o=OO)
In that case, multi-valued RDNs are sorted by the normalizer.
(==> cn=A\=X\+B\=Y\+C\=Z\,o\=O,o=OO)
The sample DN provided by Andrey Ivanov contains "\+", but that
is not a separator for the multi-valued RDNs:
cn=mytest\+\=-123'\;456,dc=example,dc=com
The dn normalizer should have checked the possibility, as well.
The check is added in this patch.
Also, sorting was not triggered if multi-valued RDNs are located
at the end of the value. (e.g., cn=C\=X\,B\=Y\+A\=Z,o=OO)
The bug was fixed, as well.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=639289
Description:
There was a bug in the utf8 uppe2Lower table:
Character İ (LATIN CAPITAL LETTER I WITH DOT ABOVE) did not map
to the corresponding LATIN SMALL LETTER DOTLESS I (2 bytes) but
to ascii 'i' (1 byte). The shortened DN tailed with a garbage
character and the entry was treated as an orphan entry which does
not belong to any suffix.
This patch fixes the mapping table mismatch as well as adds a code
to dn_ignore_case_to_end to force to NULL terminate the converted
string.
|
| |
|
|
|
|
|
|
|
|
|
| |
Add the account policy plugin and related server code, schema, and config
A new switch to configure has been added --enable-acctpolicy - this is
enabled by default - so the plugin and the schema will be built and installed
by default
the plugin will be in dse.ldif, but will be disabled by default
The original contribution had some minor problems with the schema and config
entries - these have been cleaned up
The original contribution had a few memory leaks - these have been cleaned up
|
| |
|
|
|
|
|
|
|
|
| |
Have to ensure that all usage of ber_init in the server checks to see if
the bv->bv_val is non-NULL before using ber_init, and return the appropriate
error if it is NULL
Also fixed a problem in dna_extend_exop - would not send the ldap result to
the client in certain error conditions
Reviewed by: nhosoi (Thanks!)
Tested on: RHEL5 x86_64
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=635987
Description:
This commit made for the bug 635987 introduced a bug to replication.
commit 8ac525e5ac997378f4f2a386e9b96568c8d66db5
Author: Noriko Hosoi <nhosoi@redhat.com>
Date: Tue Sep 21 15:12:07 2010 -0700
subtree_candidates (ldbm_search.c)
If you do have a tombstone filter, descendants will be NULL,
and idl_intersection of candidates and descendents will wipe
out all of the candidates, leaving just the one entry, e->ep_id.
Changed to call idl_intersection only when the filter is not
for tombstone or entryrdn_get_noancestorid (false, by default).
|
| |
|
|
|
|
|
|
|
|
|
| |
also applied to "cn=directory manager"
https://bugzilla.redhat.com/show_bug.cgi?id=606920
Description: Client side sizelimit / timelimit request should
be honoured by the Directory Manager, too. Changing the time/
sizelimit evaluation so that if client side request exists,
the value is set even if the bind user is the directory manager.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
ACL containing ldap:///self
https://bugzilla.redhat.com/show_bug.cgi?id=635987
Description: When a basedn has no descendants, the code to take an
intersection of idl (which was returned from the filter search --
filter_candidates) and the basedn was skipped in subtree_candidates
(ldbm_search.c). Regardless of descendants, the intersection should
be taken for the idl and a tree starting with the basedn.
Note: This bug was introduced with entryrdn.
|
| |
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=630092
Description:
The str2simple() has been modified to release unqstr when
an error occurs.
|
| |
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=630092
Description:
The plugin_setup() has been modified to release the value before
it returns.
|
| |
|
|
|
| |
We don't free new_scheme if the password encode function is not
set. We need to free new_scheme in this error case.
|
| |
|
|
|
|
| |
There is a chance that we leak the memory pointed to by the new
variable if we never have one of the ldclt contexts point to it.
We need to jump to the error label in this case to free the memory.
|
| |
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=630092
Description:
The moddn_rename_children() has been modified to release
child_entry_copies before it returns.
|
| |
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=630092
Description:
The import_producer() has been modified to release ep when an error
occured.
|
| |
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=630092
Description:
The index_set_entry_to_fifo() has been modified to release ep when
the job is aborted.
|
| |
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=630092
Description:
The _entryrdn_delete_key() has been modified to release tmpsrdn
when an error occurs.
|
| |
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=630092
Description:
The bulk_import_queue() has been modified to release ep when an
error occurs.
|
| |
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=630092
Description:
The _entryrdn_index_read() has been modified to release tmpsrdn
when an error occurs.
|
| |
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=630092
Description:
The putvalue() has been modified to release b64 using freeEnc64()
before it returns.
|
| |
|
|
|
|
| |
There is a chance that a can be NULL, which we then dereference
within the else block. We should not execute the else block if
a is NULL.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
result being a paged one
https://bugzilla.redhat.com/show_bug.cgi?id=558099
Description: searched entry count is logged in the access log as
(nentries=<num>). When RFC 2696 page results control is passed,
the nentries logs the page size instead of the total searched
count. andrey.ivanov@polytechnique.fr proposed to log the control
info as follows:
[..] conn=# op=#RESULT err=0 tag=101 nentries=# etime=0 notes=P
This patch implemented the spec.
Also, there was a bug regarding unindexed note "notes=U" when
the paged results control is received. Only the first page logs
it, but not the rest. The bug was fixed.
|
| |
|
|
|
|
|
|
|
| |
the entry is moved to "under" the same DN.
https://bugzilla.redhat.com/show_bug.cgi?id=625014
Description: adding a check if the newsuperior is the entry itself
or its descendent. If it is, modrdn returns LDAP_UNWILLING_TO_PERFORM.
|
| |
|
|
|
|
|
|
| |
In entryrdn_compare_dups(), we dereference the a and b parameters
when initializing the elem_a and elem_b variables. We later
perform NULL checks on both a and b, but a NULL would have
triggered a crash. We should not dereference a or b until after
the NULL checks are performed.
|
| |
|
|
|
|
|
|
| |
The first parameter of dblayer_set_env_debugging() is dereferenced
inside of that function without NULL checking. We pass the env
variable to this function without first checking if it is NULL.
We should move the existing NULL check of env up to the top of the
dblayer_copy_file_keybybey() function.
|
| |
|
|
|
|
| |
The entry pointer that is passed to slapi_entry_attr_find() is
dereferenced by that function without a check for NULL. We should
check if ep->ep_entry is NULL before calling slapi_entry_attr_find().
|
| |
|
|
|
|
|
| |
There is a chance that we can deference a NULL pointer in the
mmldif code. If "(numb > tot_b)" is true, it is not guaranteed
that "a" is non-NULL. We need to check if "a" is NULL before
dereferencing it in the "(cmp < 0)" case.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
There is a possibility of deferencing prevocp when it is NULL
the second time through the loop if the first pass was not a
standard objectclass definition and tmpocp != curlisthead.
I don't think that this issue is possible unless some other
thread was able to modify tmpocp->oc_next between where curlisthead
is set (schema.c:2654) and where nextocp is set (schema.c:2658) the
first time through the loop. That said, I see no harm in checking
if prevocp is NULL before attempting to dereference it.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=631862
Resolves: bug 631862
Bug Description: crash - delete entries not in cache + referint
Reviewed by: rmeggins and nhosoi
Branch: master
Fix Description: When deleting an entry, the referential integrity (referint)
plugin does an internal search to find references to this entry (e.g. in
group entries) and removes them. The search code wants to ensure that the
entrydn attribute is present in the entry when using entryrdn (subtree
rename). The search code sets a flag to tell the id2entry code to add the
entrydn attribute if it is not present. However, it was doing this to an
entry in the cache, which may be in use by another thread. The solution is
to add the entrydn attribute before adding the entry to the cache. In the
id2entry code, this is after the entry has been read from the id2entry db
successfully, but before the entry is added to the cache. In the LDAP ADD
code, this is done when the other computed operational attributes are added
to the new entry.
In addition to the above fix by rmeggins@redhat.com, following changes are
made:
1) entrydn attribute is always added to the entry in memory before putting
it in the entry cache, and the attribute is removed before writing the
entry to the database.
2) eliminating id2entry_ext, which was introduced to pass flags, but it is
no longer needed since only a flag ID2ENTRY_ADD_ENTRYDN was removed.
Platforms tested: RHEL5 x86_64
Flag Day: no
Doc impact: no
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The function slapi_mapping_tree_select_and_check() is only called for
modrdn operations, to make sure we are not attempting to rename a suffix
or move an entry from one backend to another. This defeats datainterop
plugins that may want to perform some other operation in these cases. If
the target suffix/backend is not found, the default backend is used. If
the default backend is being used, don't check for all errors, just allow
the operation to pass through to the preop plugins.
Need to make sure this doesn't cause problems if
1) null suffix is not used - entry really is bogus or doesn't exist
2) null suffix is being used but entry belongs to another null suffix or
is really bogus
Reviewed by: nhosoi (Thanks!)
Tested on: Fedora 14 x86_64
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=633168
Description:
* cl5_api.c, cl5_api.h
- fetches dbEnv from backend using slapi_back_get_info.
- unused macros and DB helper functions and APIs are removed.
* cl5_config.c
- local changelog DB related config parameters are removed.
* Added SLAPI_PLUGIN_BE_PRE_CLOSE_FN and SLAPI_PLUGIN_BE_POST_OPEN_FN to
close changelog DB before dbEnv is closed and to open changelog DB after
dbEnv is opened, respectively.
* Added slapi APIs slapi_back_get_info and slapi_back_set_info to get/set
the backend info.
* back-ldbm
- db2bak[.pl] and bak2db[.pl] backs up and restores the database files
including changelog db.
- changelog dir is backed up in <backupdir>/.repl_changelog_backup.
- underlying implementation ldbm_back_get_info for slapi_back_get_info
is added.
* Added an upgrade script 81changelog.pl
See also:
http://directory.fedoraproject.org/wiki/Move_changelog
|
| |
|
|
|
|
| |
In attr_index_config(), if argc or argv are NULL, we jump to the
done label. We then try to free attrs, but it was never initialized.
We need to initialize attrs to NULL.
|
| |
|
|
|
| |
In search_easter_egg(), we need to initialize the bervals before
we pass them to slapi_ldif_parse_line().
|
| |
|
|
|
|
|
|
| |
If we encounter an error early in
ldbm_instance_index_config_modify_callback(), we jump to the out
label where we try to free origMatchingRules, but it may not be
initialized. The same is true for origIndexTypes. We need to
initialize these pointers to NULL.
|
| |
|
|
|
|
|
|
| |
If we encounter an error early in
ldbm_instance_index_config_modify_callback(), we jump to the out
label where we free each element of the arglist array. This can
happen without initializing the array. We need to initialize arglist
before there is any chance to jump to the out label.
|
| |
|
|
|
|
|
|
| |
In entryrdn_get_parent(), there is a DBT structure that we can use
without initializing. If we goto the bail label, we try to free
data.data, but data was never initialized. We should clear the
memory used by data in the beginning of the function before we have
an opportunity to goto bail.
|
| |
|
|
|
|
| |
We use some uninitialized bervals when the backend code calls
slapi_ldif_parse_line(). We should be initializing the bervals to
be empty.
|
| |
|
|
|
|
| |
When the server is built against MozLDAP, we use some uninitialized
bervals when the backend code calls slapi_ldif_parse_line(). We
should be initializing the bervals to be empty.
|
| |
|
|
|
|
|
|
|
|
|
| |
The switch statements in agt_mopen_stats() are missing breaks to
prevent falling through to the next case when the stats file is
opened in read-only mode. This looks like it causes the stats file
to get opened a second time in read/write mode when ldap-agent
attempts to open it in read-only mode. This may leak file
descriptors in ldap-agent.
We need to add the proper break statements.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
The final frees of priv->memory and priv will never be reached since
the function returns prior to these calls. It looks as if an
"error:" label was removed at some point, as the WIN32 code in this
function has goto statements using that label, but the label is not
defined.
The fix is to add the "error:" label in ifdef blocks for WIN32 that
calls the free of priv. The free of priv->memory is not necessary
since WIN32 doesn't use it and non-WIN32 builds don't use the error
label at all.
|
| |
|
|
|
|
|
|
|
|
|
| |
In the call to slapi_log_error(), we are guaranteed that srdn is
NULL if we are checking it for NULL due to the way the conditions
are nested. The only time we check if srdn is NULL is if be is
non-NULL, and the if condition guarantees that either be or srdn
are NULL.
We can just use the string "srdn" in our log message if be is
non-NULL.
|
| |
|
|
|
|
|
|
|
|
|
| |
In the moddn code that renames child entries, the for loop used to
rename the children can never be executed. Part of the condition
is that retval is 0, but retval will always be -1 the first time we
hit this loop. This only happens with subtree rename off, but it
should still be fixed.
The fix is to set retval to 0 at the prior to checking the condition
the first time.
|
| |
|
|
|
|
|
|
| |
The skipit variable is set to zero shortly before we check if it
is 0 in an if condition. This if block can be removed since it
will never be hit. The entry that was being freed in the if block
is already removed earlier in the function if skipit was non-0
prior to resetting skipit to 0.
|
| |
|
|
|
|
|
|
|
|
|
| |
In the call to slapi_log_error(), we are guaranteed that srdn is
NULL if we are checking it for NULL due to the way the conditions
are nested. The only time we check if srdn is NULL is if inst is
non-NULL, and the if condition guarantees that either inst or
srdn are NULL.
We can just use the string "srdn" in our log message if inst is
non-NULL.
|
| |
|
|
|
|
|
|
|
| |
If the index types (argv[1]) are not specified, attr_index_config()
bails. We can remove some dead code where we check if "argc == 1"
later in the function since that case can never happen.
Additionally, we need to check if argc is 0, or if argv is NULL
before attempting to parse the list of attributes to be indexed.
|
| |
|
|
|
|
|
|
|
|
| |
There is no chance for next_node to be anything other than NULL in
the final return statement due to the return in the "if (next_node)"
block immediately before the final return.
We can remove the return inside of the "if (next_node)" block since
the final return statement already deals with returning the proper
value if next_node is non-NULL.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The return statement at the end of agt_mopen_stats() is unreachable
according to coverity. This return was removed before to fix the
coverity defect, but it was added back to fix a compiler warning.
We can satisfy both the compiler and coverity by adding a rc
variable to hold the return code. We can then return rc at the end
of the function. This also allows us to clean up all of the return
calls in this function by having all of them set rc and jump to a
label at the function end.
|
| |
|
|
|
|
|
|
|
|
|
| |
The directory variable points to a dynamically allocated string
returned by rel2abspath(). We are changing directory to point to
a string constant if we are unable to parse the directory. This
not only leaks memory, but it can cause us to attempt to free the
string constant.
We should free the string before we overwrite it, and we should
dynamically allocate a new string instead of using a string constant.
|
| |
|
|
|
|
|
|
|
|
|
| |
We should check the return type of idl_append_extend(), though it does
not seem possible that the return type will be anything other than 0.
The only time idl_append_extend() returns anything other than 0 is
when it is unable to allocate memory. Since the underlying allocation
function is slapi_ch_calloc(), the server will just exit if it runs
out of memory, which means we will never return up through
idl_append_extend(). The right thing to do from a code standpoint is
to still check for the return value though.
|
| |
|
|
|
|
|
|
|
|
|
| |
We need to check the return value of cache_replace() in
id2entry_add_ext(). The only possible error that can be returned
is when the entry we are trying to replace is not found in the
cache. This should not occur since we are told that the entry
already exists by CACHE_ADD() just prior to this call. If we run
into this situation, we will just log an error without adding the
entry to the cache. This shouldn't be a big deal since the entry
will get added to the cache next time it is accessed.
|
