summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Bug 609590 - fix coverity Defect Type: Memory - corruptions issuesbug609590Rich Megginson2010-07-011-0/+1
| | | | | | | | | | | | | https://bugzilla.redhat.com/show_bug.cgi?id=609590 Resolves: bug 609590 Bug Description: fix coverity Defect Type: Memory - corruptions issues Reviewed by: nhosoi (Thanks!) Branch: HEAD Fix Description: To avoid a potential double free, set ipaddrs to NULL after freeing it. Platforms tested: RHEL5 x86_64 Flag Day: no Doc impact: no
* Bug 602531 - coverity: op_shared_delete: compare preop entry and ↵Rich Megginson2010-07-011-7/+12
| | | | | | | | | | | | | | | GLUE_PARENT_ENTRY before freeing them https://bugzilla.redhat.com/show_bug.cgi?id=602531 Resolves: bug 602531 Bug Description: coverity: op_shared_delete: compare preop entry and GLUE_PARENT_ENTRY before freeing them Reviewed by: nhosoi (Thanks!) Branch: HEAD Fix Description: Get the pre entry and glue parent entries separately, compare them, and only free one of them if they are the same. Platforms tested: RHEL5 x86_64 Flag Day: no Doc impact: no
* Bug 602530 - coverity: op_shared_modify: compare pre, post and original ↵Rich Megginson2010-07-011-4/+18
| | | | | | | | | | | | | | | entries before freeing them https://bugzilla.redhat.com/show_bug.cgi?id=602530 Resolves: bug 602530 Bug Description: coverity: op_shared_modify: compare pre, post and original entries before freeing them Reviewed by: nhosoi (Thanks!) Branch: HEAD Fix Description: Get the pre entry and post entry separately, compare them to e and to each other before attempting to free them. Platforms tested: RHEL5 x86_64 Flag Day: no Doc impact: no
* Bug 609590 - fix coverity Defect Type: Memory - corruptions issuesRich Megginson2010-07-011-1/+1
| | | | | | | | | | | | | https://bugzilla.redhat.com/show_bug.cgi?id=609590 Resolves: bug 609590 Bug Description: fix coverity Defect Type: Memory - corruptions issues Reviewed by: nhosoi (Thanks!) Branch: HEAD Fix Description: The code wants to allocate space for a struct berval, not struct berval *. Platforms tested: RHEL5 x86_64 Flag Day: no Doc impact: no
* Bug 609590 - fix coverity Defect Type: Memory - corruptions issuesRich Megginson2010-07-011-2/+2
| | | | | | | | | | | | | | | https://bugzilla.redhat.com/show_bug.cgi?id=609590 Resolves: bug 609590 Bug Description: fix coverity Defect Type: Memory - corruptions issues Reviewed by: nhosoi (Thanks!) Branch: HEAD Fix Description: The code is allocating space for an array of int which is 4 bytes. In this case, since type_name_disposition is int**, doing *type_name_disposition is still a pointer type rather than the int type. We have to do **type_name_disposition to get to the int type we want. Platforms tested: RHEL5 x86_64 Flag Day: no Doc impact: no
* Bug 609590 - fix coverity Defect Type: Memory - corruptions issuesRich Megginson2010-07-011-1/+1
| | | | | | | | | | | | | https://bugzilla.redhat.com/show_bug.cgi?id=609590 Resolves: bug 609590 Bug Description: fix coverity Defect Type: Memory - corruptions issues Reviewed by: nhosoi (Thanks!) Branch: HEAD Fix Description: The code is allocating an array of struct dynalib *, so the sizeof needs to use (struct dynalib *) not (struct dynalib). Platforms tested: RHEL5 x86_64 Flag Day: no Doc impact: no
* Bug 609590 - fix coverity Defect Type: Memory - corruptions issuesRich Megginson2010-07-011-1/+2
| | | | | | | | | | | | https://bugzilla.redhat.com/show_bug.cgi?id=609590 Resolves: bug 609590 Bug Description: fix coverity Defect Type: Memory - corruptions issues Reviewed by: nhosoi (Thanks!) Branch: HEAD Fix Description: Do not allow pt->pt_sizendx to be == PLMAXSIZENDX Platforms tested: RHEL5 x86_64 Flag Day: no Doc impact: no
* Bug 609590 - fix coverity Defect Type: Memory - corruptions issuesRich Megginson2010-07-011-6/+1
| | | | | | | | | | | | | https://bugzilla.redhat.com/show_bug.cgi?id=609590 Resolves: bug 609590 Bug Description: fix coverity Defect Type: Memory - corruptions issues Reviewed by: nhosoi (Thanks!) Branch: HEAD Fix Description: The point of this code is to copy the conn authtype to the operation authtype, so just do that. Platforms tested: RHEL5 x86_64 Flag Day: no Doc impact: no
* Bug 609590 - fix coverity Defect Type: Memory - corruptions issuesRich Megginson2010-07-011-2/+2
| | | | | | | | | | | | | https://bugzilla.redhat.com/show_bug.cgi?id=609590 Resolves: bug 609590 Bug Description: fix coverity Defect Type: Memory - corruptions issues Reviewed by: nhosoi (Thanks!) Branch: HEAD Fix Description: ACLPB_MAX_ATTR_LEN is the buffer size including the trailing null, not the strlen. Platforms tested: RHEL5 x86_64 Flag Day: no Doc impact: no
* Bug 609590 - fix coverity Defect Type: Memory - corruptions issuesRich Megginson2010-07-011-0/+4
| | | | | | | | | | | | https://bugzilla.redhat.com/show_bug.cgi?id=609590 Resolves: bug 609590 Bug Description: fix coverity Defect Type: Memory - corruptions issues Reviewed by: nhosoi (Thanks!) Branch: HEAD Fix Description: Just error and return if nread is < 0. Platforms tested: RHEL5 x86_64 Flag Day: no Doc impact: no
* Bug 609590 - fix coverity Defect Type: Memory - corruptions issuesRich Megginson2010-07-011-0/+1
| | | | | | | | | | | | | https://bugzilla.redhat.com/show_bug.cgi?id=609590 Resolves: bug 609590 Bug Description: fix coverity Defect Type: Memory - corruptions issues Reviewed by: nhosoi (Thanks!) Branch: HEAD Fix Description: If there was an error, set filter to NULL so we won't attempt to free static memory. Platforms tested: RHEL5 x86_64 Flag Day: no Doc impact: no
* Bug 609590 - fix coverity Defect Type: Memory - corruptions issuesRich Megginson2010-07-011-6/+4
| | | | | | | | | | | | https://bugzilla.redhat.com/show_bug.cgi?id=609590 Resolves: bug 609590 Bug Description: fix coverity Defect Type: Memory - corruptions issues Reviewed by: nhosoi (Thanks!) Branch: HEAD Fix Description: The cnt parameter is not used, so just get rid of it. Platforms tested: RHEL5 x86_64 Flag Day: no Doc impact: no
* bump version to 1.2.6.rc4Rich Megginson2010-07-011-1/+1
|
* Bug 603942 - null deref in _ger_parse_control() for subjectdn389-ds-base-1.2.6.rc3Rich Megginson2010-07-011-2/+2
| | | | | | | | | | | | | https://bugzilla.redhat.com/show_bug.cgi?id=603942 Resolves: bug 603942 Bug Description: null deref in _ger_parse_control() for subjectdn Reviewed by: nkinder (Thanks!) Branch: HEAD Fix Description: Needed to pass &orig to ber_scanf 'a' instead of orig. Also,check for NULL before doing strlen(orig). Platforms tested: RHEL5 x86_64 Flag Day: no Doc impact: no (cherry picked from commit 82625ebf670c0f234e8bcbf18420e84b325e359e)
* 609256 - Selinux: pwdhash fails if called via Admin Server CGINoriko Hosoi2010-06-291-0/+1
| | | | | | | | | | | | | | | | | https://bugzilla.redhat.com/show_bug.cgi?id=609256 Description by nkinder@redhat.com: Our CGIs are very restricted in what they can access/run. Most of the CGIs are self contained programs (they may use libraries, which is fine). In this case, it looks like pwdhash-bin is called from the SELinux context used by CGIs (httpd_dirsrvadmin_script_t). The pwdhash-bin program then tries to load libslapd.so.0, which is labeled as dirsrv_lib_t. This should be allowed by our SELinux policy since we call this macro with the httpd_dirsrvadmin_script_t contex. What seems to be the issue here is that libslapd.so.0 is a symlink, not a regular file. SELinux considers this to be a class of "lnk_file", as can be seen in the raw AVC from /var/log/audit/audit. We need to expand the dirsrv_exec_lib macro to cover link_file.
* 578296 - Attribute type entrydn needs to be added when subtreeNoriko Hosoi2010-06-245-3/+67
| | | | | | | | | | | | | | | | | | | rename switch is on https://bugzilla.redhat.com/show_bug.cgi?id=578296 Change Description: 1) ldbm_back_next_search_entry_ext (ldbm_search.c) When getting an entry from ID using id2entry_ext, pass a flag ID2ENTRY_ADD_ENTRYDN to add entrydn to the entry. 2) id2entry_ext (id2entry.c) Added id2entry_ext to handle the flag ID2ENTRY_ADD_ENTRYDN. If ID2ENTRY_ADD_ENTRYDN is set in the flags variable and entryrdn switch is enabled, entrydn is added to the entry. 3) index_read_ext (index.c) If entryrdn switch is on and the attribute type is entrydn and the search type is equality, then call entryrdn_index_read to get the ID directly.
* 605827 - In-place upgrade: upgrade dn format should not run in setup-ds-admin.plNoriko Hosoi2010-06-231-0/+7
| | | | | | | | | https://bugzilla.redhat.com/show_bug.cgi?id=605827 Description: 70upgradednformat.pl does nothing if the server is up. The upgrade script is effective only when it's called in the Off- line mode. (cherry picked from commit a109da80a8eae4400b42a27bb5de604f9aee344d)
* Bug 604453 - SASL Stress and Server crash: Program quits with the assertion ↵Rich Megginson2010-06-236-53/+144
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | failure in PR_Poll https://bugzilla.redhat.com/show_bug.cgi?id=604453 Resolves: bug 604453 Bug Description: SASL Stress and Server crash: Program quits with the assertion failure in PR_Poll Reviewed by: nhosoi (Thanks!) Branch: master Fix Description: When the server pushes the SASL IO layer on to the connection it must do so when there are no other references to the connection. The only way to do this without introducing more locking is to have the saslbind code just register the intent to push SASL IO at the next available time. This cannot be done in the sasl bind code (or any operation code for that matter) because connection_threadmain() will enable the connection for reading (and polling) after reading the PDU and before calling the operation function. Therefore, during the operation function, the connection may be being actively polled, so we must not access the conn c_prfd. The best place to push the IO layer is in connection_threadmain, after the server has notified that there is read ready on the connection, but before we have actually attempted to read anything. At this point, connection_threadmain is the only thread that will be accessing the connection, and if we push or pop the IO layer before calling the read function, we are guaranteed to have the correct IO layer to use. The code has been made generic enough to allow for use by the startTLS code if the need arises. I also added some more locking in the saslbind code, and changed the sasl IO code to more closely resemble the way that the NSS code deals with IO layer push/pop. Platforms tested: RHEL5 x86_64 Flag Day: no Doc impact: no (cherry picked from commit c28fcadfc7812108573e40f13624e11a5a8609e5)
* Bug 604453 - SASL Stress and Server crash: Program quits with the assertion ↵Rich Megginson2010-06-231-2/+1
| | | | | | | | | | | | | | | | | | failure in PR_Poll https://bugzilla.redhat.com/show_bug.cgi?id=604453 Resolves: bug 604453 Description: SASL Stress and Server crash: Program quits with the assertion failure in PR_Poll Branch: master Reviewed by: nhosoi (Thanks!) Fix Description: We usually do not have to pop the IO layer from the SASL connection. This is usually handled by PR_Close() on the PRFD, which should only happen when the connection is not being referenced by the main PR_Poll() call. The only time we need to explicitly pop the SASL IO layer is if the client re-negotiates the SASL bind with a different ssf e.g. going from clear to protected or vice versa. Platforms tested: RHEL5 x86_64 (cherry picked from commit ac6ce0947d9b2d5ec3649948bca861f0e318d708)
* 606920 - anonymous resource limit - nstimelimit -Noriko Hosoi2010-06-221-8/+12
| | | | | | | | | | | also applied to "cn=directory manager" https://bugzilla.redhat.com/show_bug.cgi?id=606920 Description: When a timelimit (as well as a sizelimit) is successfully retrieved from SLAPIResLimitConnData, the value is always set to pblock. With this change, it sets "no limit (-1)" if the operation is initiated by Directory Manager.
* bump version to 1.2.6.rc3Rich Megginson2010-06-161-1/+1
|
* Bug 604263 - Fix memory leak when password change is rejected389-ds-base-1.2.6.rc2Nathan Kinder2010-06-151-0/+1
| | | | | | | | | If a password is changed using the password modify extended operation, the modify used to modify the password will be leaked if the change is rejected due to password policy or access control settings. This patch frees the mod when the password change is rejected.
* bump version to 1.2.6.rc2Rich Megginson2010-06-091-1/+1
|
* bump version to 1.2.6.rc1Rich Megginson2010-06-091-1/+1
| | | | This is 1.2.6 Release Candidate 1
* 574101 - MODRDN request never returns - possible deadlock389-ds-base-1.2.6.rc1Noriko Hosoi2010-06-081-1/+5
| | | | | | | | | https://bugzilla.redhat.com/show_bug.cgi?id=574101 Description: To create the ID list for child entries of to-be-renamed entry, an inappropriate function (idl_append) was used. The function expects the passed IDs are sorted. If not sorted, idl_insert should be used instead.
* Bug 601433 - Add man pages for start-dirsrv and related commandsNathan Kinder2010-06-0815-22626/+28559
| | | | | This adds man pages for the start-dirsrv, stop-dirsrv, and restart-dirsrv commands.
* 597375 - Deleting LDBM database causes backup/restore problemNoriko Hosoi2010-06-032-3/+15
| | | | | | | | | | | | | | | | | | | | | | | | https://bugzilla.redhat.com/show_bug.cgi?id=597375 Fix Description: 1) When a backend was removed, the db instance directory was removed as well (See also 463774 - index files for database should be deleted when db is deleted). In case DB_RECOVER_FATAL is set in the DB open after the removal (e.g., in restore), the logs in the transaction logs are replayed and compared with the contents of the DB files. At that time, if the db instance directory does not exist, libdb returns FATAL error. To prevent the problem, we have to leave the empty directory. 2) When removing index files, we don't have to open index files with CREAT flag. Note: In the bug 463774, the server was fixed so that once a db backend is removed, the db instance directory is removed. With this fix (597375), the backend removal leaves the empty db instance directory. Plus, if backup is restored, even if the backup was made after the backend is deleted, the restore could create empty DB files in the deleted db instance directory if the transaction log files still contain the history of the deleted backend.
* bump version to 1.2.6.a5Rich Megginson2010-05-261-1/+1
|
* Bug 595874 - 99user.ldif getting overpopulated389-ds-base-1.2.6.a4Rich Megginson2010-05-261-4/+18
| | | | | | | | | | | | | | | | | https://bugzilla.redhat.com/show_bug.cgi?id=595874 Resolves: bug 595874 Bug Description: 99user.ldif getting overpopulated Reviewed by: self Branch: HEAD Fix Description: The schema code was adding X-ORIGIN 'user defined' to all schema elements that had no X-ORIGIN. It should only add user defined to schema elements from the user defined schema file, not to schema defined in standard (read only) schema files. It looks like the code should work fine if the schema element has no origin, so there is no reason to add an origin for schema other than user defined schema. Platforms tested: RHEL5 x86_64 Flag Day: no Doc impact: no
* Bug 593392 - setup-ds-admin.pl -k creates world readable fileRich Megginson2010-05-267-78/+68
| | | | | | | | | | | | | | | | | | | | https://bugzilla.redhat.com/show_bug.cgi?id=593392 Resolves: bug 593392 Bug Description: setup-ds-admin.pl -k creates world readable file Reviewed by: thoger (Thanks!) Branch: HEAD Fix Description: Use umask to make sure we create a .inf file that is only viewable by the user. In addition, only create the temp file and filename when necessary. In some places, the code was creating a .inf file on disk when it could just create one in memory. The code should check to see if the Inf object has a file associated with it before attemtping to unlink it. Make sure we do not unlink a .inf file given with -f on the command line. If the user specified -k, always write to a temp file using __temp__ as the keyword to tell Inf->write to generate a temp file. Platforms tested: RHEL5 x86_64 Flag Day: no Doc impact: no
* 511112 - Password history limited to 25 valuessaslbasednNoriko Hosoi2010-05-251-3/+3
| | | | | | | | | https://bugzilla.redhat.com/show_bug.cgi?id=511112 Fix Description: If an entry already having more than 25 password history attributes is added and password modify is performed on the entry, it overflows the fixed length values_replace array and crashes the server. This patch protects the overflow.
* 595893 - Base DN in SASL mapping is not normalizedNoriko Hosoi2010-05-251-3/+19
| | | | | | | | https://bugzilla.redhat.com/show_bug.cgi?id=595893 Fix Description: It must be guaranteed that ndn returned from slapi_sdn_get_ndn is normalized. Putting back the normalization code in slapi_sdn_get_ndn.
* 593899 - adding specific ACI causes very large mem allocate requestNoriko Hosoi2010-05-211-0/+1
| | | | | | | | | | | https://bugzilla.redhat.com/show_bug.cgi?id=593899 Additional fix: if a target value is double quoted followed by trailing spaces, the double quotes were not correctly handled. Sample failed case: aci: ( target = "ldap:///ou=organizationalUnit, o=test_ACIs.com" ) ^ Changed to call __acl_strip_trailing_space to remove them.
* 588867 - entryusn plugin fails on solarisNoriko Hosoi2010-05-211-3/+3
| | | | | | | | | | | https://bugzilla.redhat.com/show_bug.cgi?id=588867 Fix description: _sparcv9_AtomicAdd, _sparcv9_AtomicSub, and _sparcv9_AtomicSet were not correctly declared. It brought in the implicit function declaration, where the return value were casted to 32-bit integer and the comparison against the 64-bit unsigned integer failed. The comparison was in the endless loop and it caused the server hang.
* Repl Session API needs to check for NULL api before initbug515329.pyRich Megginson2010-05-211-1/+3
| | | | | | | | | The new repl sesssion API will crash when adding a replication agreement. It should check to see if there is a repl session api before attempting to get the init function. Reviewed by: nhosoi Branch: HEAD Platforms tested: RHEL5 x86_64
* 593899 - adding specific ACI causes very large mem allocate requestNoriko Hosoi2010-05-201-26/+62
| | | | | | | | | | | | https://bugzilla.redhat.com/show_bug.cgi?id=593899 Fix Description: There was a bug if an invalid syntax acl was given (e.g., the value of userdn was not double quoted), normalize_nextACERule mistakenly continued processing the acl and eventually tried to allocate a huge size of memory (since the end address was less than the start address, end - start became negative) and it made the server quit. Added more error handling code to prevent such failures.
* Bug 592389 - Set anonymous resource limits properlyNathan Kinder2010-05-202-3/+36
| | | | | | | | | The anonymous resource limits were not being properly set. This patch ensures that the limits are set properly when an anonymous or unauthenticated BIND operation is performed. It also sets the anonymous limits when we do a read on a connection that has not yet perfomed a BIND. These limits will be overwritten with any default or user-based limits once a valid BIND is performed.
* Correct function prototype for repl session hookNathan Kinder2010-05-191-1/+1
| | | | | The previous patch had a mangled function name in the function prototype. This corrects the name.
* Add replication session hooksNathan Kinder2010-05-1914-251/+1273
| | | | | | | | This adds the ability to write a plug-in to register callbacks for controlling when replication is allowed to occur. For details, please see the design document at: http://directory.fedoraproject.org/wiki/Replication_Session_Hooks
* 593110 - backup-restore does not ALWAYS workNoriko Hosoi2010-05-192-3/+8
| | | | | | | | | | | | | | | https://bugzilla.redhat.com/show_bug.cgi?id=593110 Fix description: ldap/servers/slapd/back-ldbm/dblayer.c -- A memory area that stores nsslapd-directory was shared between 2 structures: struct ldbminfo and dblayer_private. In dblayer_post_close, dblayer_private is released but not struct ldbminfo. The latter does not know the memory area is freed. This fix changes it so that each structure has its own copy. ldap/servers/plugins/acl/acl.c -- A variable result_status had a chance to be evaluated w/o an initialization.
* 593453 - Creating password policy with ns-newpolicy.pl on ReplicatedNoriko Hosoi2010-05-181-0/+4
| | | | | | | | | | | | Server Causes Crash Fix description: normalized_mods->mod_bvalues is an array of (struct berval *). When slapi_dn_normalize_ext returns an allocated memory (case rc > 0), a new struct berval should have been allocated and the address of the normalized string (normed) and its length (dnlen) should be set in the berval. The struct berval allocation was missing in the previous fix for "Update to New DN Format".
* 591336 - Implementing upgrade DN format toolNoriko Hosoi2010-05-1740-28668/+24459
| | | | | | | | | | | | | | | | | | | | | | | | | | Change description: . adding upgradednformat utility to each server instance. . adding 91upgradednformat.pl for in-place-upgrade. . implementing ldbm_back_upgradednformat sharing the import/ reincexing codes. . adding a new DBVERSION ID "dn-4514" for the upgraded db. . fixing access logs (delete.c and modify.c) . fixing compiler warnings. . fixing memory leaks. . fixing a bug in syntax plugin to free strings. . adding templates for plugin id, version, vendor, and description, which are needed for the online upgrade. . dbversion_write takes an additional bit flags, which indicates which extra DBVERSION strings are written to the DBVERSION file. It was introduced for the upgrade tools not to intervene each other's tasks (e.g., dn2rdn for converting entrydn to entryrdn and upgradednformat for upgrading the DN format). . fixing a bug in entryrdn index code which was missing to normalize RDN. See also: https://bugzilla.redhat.com/show_bug.cgi?id=591336 http://directory.fedoraproject.org/wiki/Upgrade_to_New_DN_Format#Migration.2FUpgrade
* bump console version to 1.2.3Rich Megginson2010-05-131-1/+1
|
* Bug 591685 - Server instances Fail to Start on Solaris due to Library Path ↵Rich Megginson2010-05-131-1/+1
| | | | | | | | | | | | | | | and pcre https://bugzilla.redhat.com/show_bug.cgi?id=591685 Resolves: bug 591685 Bug Description: Server instances Fail to Start on Solaris due to Library Path and pcre Reviewed by: self Branch: master Fix Description: Added pcre_libdir to the initscript LD_LIBRARY_PATH Platforms tested: Solaris 9 Flag Day: no Doc impact: no (cherry picked from commit 21629abd33d98a000ae89c73cadd6782b885f793)
* 590931 - rhds81 import - hardcoded pages_limit for nsslapd-import-cache-autosizeNoriko Hosoi2010-05-124-51/+104
| | | | | | | | | | | | | | | | | | | | | | | | Fix Description: 1. Got rid of the old hardcoded limit 200MB. 2. Introduced the memory hard limit and soft limit. Standalone command line import ldif2db behaves as follows: If import cache autosize is enabled: nsslapd-import-cache-autosize: -1 or 1 ~ 99 (if the value is greater than or equal to 100, it's reset to 50 with a warning.) the import cache size is calculated as nsslapd-import-cache-autosize * pages / 125 (./125 instead of ./100 is for adjusting the BDB overhead.) If import cache is disabled: nsslapd-import-cache-autosize: 0 get the nsslapd-import-cachesize. Calculate the memory size left after allocating the import cache size. If the size is less than the hard limit, it issues an error and quit. If the size is greater than the hard limit and less than the soft limit, it issues a warning, but continues the import task. Note: this function is called only if the import is executed as a stand alone command line (ldif2db).
* Bug 586571 - DS Console shows escaped DNsRich Megginson2010-05-057-30/+41
| | | | | | | | | | | | | | | | | | | | https://bugzilla.redhat.com/show_bug.cgi?id=586571 Resolves: bug 586571 Bug Description: DS Console shows escaped DNs Reviewed by: nkinder (Thanks!) Branch: HEAD Fix Description: In order for the console fixed to be used to manage the correct directory server, the directory server needs to be able to specify the ds console jar file version down to 3 digits, as opposed to the current two digits. To support this, instead of overriding PACKAGE_BASE_VERSION, a new configure macro is introduced - CONSOLE_VERSION. This value is set in VERSION.sh, so it can be easily updated, and it is used to set the value for BaseVersion in slapd.inf, which is what the admin server setup uses to set the ds console jar file version corresponding to the directory server. Platforms tested: RHEL5 x86_64, Fedora 12 Flag Day: no Doc impact: no
* Bug 584497 - Allow DNA plugin to set same value on multiple attributesNathan Kinder2010-04-301-115/+352
| | | | | | | | | | | | | | | | | | | | | | | | This patch allows one to set multiple dnaType attributes for a single DNA range. This allows the same value to be used for each dnaType (such as ensuring the uidNumber and gidNumber are the same value from the range when ading a posixAccount). There are some differences with the way DNA works for multi-type ranges. For a value to be generated from a multi-type range, the magic value must be specified to indicate which attributes should use the newly generated value. This allows a range to be shared across different entry types (such as having a uidNumber/gidNumber range that is used or posixAccount and posixGroup entries). A multi-type range will not generate a value for missing attributes as DNA does for single-type ranges. Since a range can have multiple types, the internal ordering of config structs had to be changed to order by scope only. It was previously ordered by type and then scope, which allowed us to easily detect if we had already generated a value for a given type. This change required a number of helper functions to be added for tracking and checking which types we have already generated values for.
* 574167 - An escaped space at the end of the RDN value is notNoriko Hosoi2010-04-272-5/+25
| | | | | | | | | | | | | | | | | | | | handled correctly https://bugzilla.redhat.com/show_bug.cgi?id=574167 Bug Description: If a DN contains "\ " at the end of its RDN, it's be converted to "\20" by slapi_dn_normalize_ext in the add operation. But the following search returns ' ' (not an escaped space). Fix Description: When slapi_dn_normalize_ext was applied to a string which contains "\20", it converted the string to ' '. This fix changes the behaviour so that the string "\20" in DN remains untouched. Also, this patch includes a fix to add a default suffix value with no double quotes in template-suffix-db.ldif.in. We keep double quoted suffix for the backward compatibility.
* 585905 - ACL with targattrfilters error crashes the serverNoriko Hosoi2010-04-271-1/+25
| | | | | | | | | | | | | | | | | | https://bugzilla.redhat.com/show_bug.cgi?id=585905 Bug Description: targattrfilters takes this format of value: (targattrfilters="add=attr1:F1 && attr2:F2... && attrn:Fn,del=attr1:F1 && attr2:F2 ... && attrn:Fn") The ACL plugin code had blindly expected the value contains the operator "add" or "del" and '=' to concatenate the attribute and filter pair. The plugin should have checked the possibility that the value does not follow the format. Fix Description: If '=' is not included in the targattrfilters value, the ACL parser returns ACL_SYNTAX_ERR. Also, adding a check code for the returned pointer from strchr and strstr.
* Fix too few args for format warning in acllasaclwarnsRich Megginson2010-04-261-2/+2
| | | | Removed unused format arguments from format string