| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
| |
This commit fixes many compiler warnings, mostly for things like unused
variables, functions, goto labels.
One place was using csngen_free instead of csn_free. A couple of places
were using casts incorrectly, and several places needed some casts added.
|
|
|
|
|
| |
use slapi_pblock_set to set the ldap result code for the be postop plugins
instead of slapi_pblock_get
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If an ACI has a targetattr of userPassword and uses the USERDN
keyword, the ACI may not be evaluated correctly for password
change operations. This is caused by the fact that we use a
dummy target entry to check if the pasword change is allowed early
in the operation. This dummy entry will not have any attributes
that the ACI may use.
The fix is to actually fetch the target entry with all of it's
attributes. We still create a dummy entry if the target doesn't
exist to prevent returning a no such entry error when we should be
returning an access denied or insufficient access error.
|
|
|
|
|
|
|
| |
File: ldap/servers/slapd/dn.c
Description: slapi_dn_normalize_ext failed to check a typical
invald DN (e.g., "bogus,dc=example,dc=com"), in which RDN does
not have the type=value format. The problem is fixed.
|
|
|
|
|
|
|
|
|
|
|
|
| |
The DS has some problems with the openldap versions of these functions:
1) They are deprecated - should use the str2[r]dn and [r]dn2str and the
bv versions of those functions instead
2) They escape utf-8 and other values in the strings - the mozldap functions
do not do this
3) They handle double quoted strings, but they remove the quotes - our
code expects the quotes to be left in place
Until we fix our DN handling, and get rid of the double quoted DNs, we just
use the mozldap versions of these functions.
|
|
|
|
|
|
| |
rawdn may be normalized in place - if we add back the '?' to the URL
before we construct the new URL with the normalized DN, we will create
a bogus URL string - so delay that until we construct the new URL
|
|
|
|
|
| |
I missed a couple of places in the acl code that should use
slapi_ldap_url_parse - I also added some more debugging
|
|
|
|
|
|
|
| |
*out will never be NULL here, so we only need to check that src < *out as
the loop condition
when looking for a continuation line, make sure there are two characters
in *out to check
|
|
|
|
|
|
| |
when putting ldif data with the no wrap option, if we removed some
continuation lines, we have to move the output data pointer back since
the continuation line markers are removed in place
|
|
|
|
|
|
|
|
| |
mozldap accepts hostnames in the form host1[:port1] ... hostN[:portN]
in the ldap_init argument and in ldap urls/uris. DS code uses
ldap_initialize() which takes a list of uris in the form
ldap[s]://host1[:port1]/ ldap[s]://host2[:port2]/ ...
We have to convert the host:port list into a list of LDAP uris
|
|
|
|
|
|
|
| |
mozldap supports a non-standard URL extension which allows multiple host:port
combinations - openldap does not support this - fake out openldap by
converting spaces to %20 and all but the last colon to %3A before calling
ldap_url_parse, then unescape ludp->lud_host before returning
|
|
|
|
|
| |
The function ldif_sput already terminates the line with a newline character -
we do not need to add another one when unwrapping a wrapped line.
|
|
|
|
|
|
| |
If the openldap_read_function has returned all of the buffered data,
it needs to set errno to EWOULDBLOCK to let the code know that it needs
to read more data into the buffer.
|
|
|
|
|
|
|
| |
Even though the ldap.conf man page is not really clear about this,
looking at the code in libraries/libldap/tls2.c:ldap_int_tls_start()
if you don't specify LDAP_OPT_X_TLS_REQUIRE_CERT as
LDAP_OPT_X_TLS_NEVER it will check the hostname
|
|
|
|
|
|
| |
The script was looking for 1 and only 1 line returned by the ldapsearch
to see if the given entry is a role. openldap ldapsearch returns an empty
line as the last line. So just change the check to look for 1 or more lines.
|
|
|
|
| |
forgot to add ldaptool_opts for the non BUNDLE case in Makefile.am
|
|
|
|
|
| |
mozldap uses -1 but openldap uses -LLL to suppress printing the
in ldapsearch output - add a flag for this
|
|
|
|
|
|
| |
The logic looking for a missing suffix DN in a parsed URL was incorrect.
In addition, since passthru requires a suffix DN, pass the require_dn
flag.
|
|
|
|
|
|
| |
The value passed to the char * argument to ber_printf 'o' must not be
a NULL, even if the bv_len argument is 0. An empty string "" must
be passed instead.
|
|
|
|
| |
both ptype and type->bv_val are properly null terminated strings
|
| |
|
|
|
|
|
|
|
| |
There are slapi wrappers that hide differences between the openldap and
mozldap ldap and ldif API code. These are now doxygen documented.
Reviewed by: nkinder (Thanks!)
Platforms tested: Fedora 14 (rawhide)
|
|
|
|
|
|
| |
Since these functions are present in mozldap, just use them directly
Reviewed by: nkinder (Thanks!)
Platforms tested: Fedora 14 (rawhide)
|
|
|
|
|
|
|
|
|
| |
There are some differences between the mozldap and the openldap apis:
openldap has deprecated ldap_init in favor of ldap_initialize
openldap has deprecated the regular ldap op functions in favor of their
_ext alternatives
Reviewed by: nkinder (Thanks!)
Platforms tested: Fedora 14 (rawhide)
|
|
|
|
|
|
|
|
|
|
|
| |
Added proxy auth control creation - mozldap has a function to do that but
not openldap
Do not use mozldap filter create function - just create one using
slapi_smprintf
Fix usage of TLS/SSL with new NSS functionality
Created ldif parse wrapper - changed code to use it
Reviewed by: nkinder (Thanks!)
Platforms tested: Fedora 14 (rawhide)
|
|
|
|
|
|
|
|
|
|
| |
We have many scripts that use ldapsearch, ldapmodify, etc. All of these
currently use simple auth. When using the openldap versions of these
scripts, we have to pass the -x argument to use simple auth. A new
configure parameter ldaptool_opts is used to pass this down into the
scripts.
Reviewed by: nkinder (Thanks!)
Platforms tested: Fedora 14 (rawhide)
|
|
|
|
|
|
| |
need to free basedn after use by the internal search
Reviewed by: nkinder (Thanks!)
Platforms tested: Fedora 14 (rawhide)
|
|
|
|
|
|
|
| |
even though AC_CHECK_LIB finds ldap_url_parse_ext, that function is not
part of the public api
Reviewed by: nkinder (Thanks!)
Platforms tested: Fedora 14 (rawhide)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
change or change very rarely
https://bugzilla.redhat.com/show_bug.cgi?id=627738
Description:
1) id2entry_add_ext replaces an dn instance in the dn cache even if
the DN value is identical. Replace it only when they don't match.
2) Modifying the dn cache related labels:
dnEntrycachehits
dnEntrycachetries
dnEntrycachehitratio
dnCurrententrycachesize
dnMaxentrycachesize
dnCurrententrycachecount
dnMaxentrycachecount
===>
dncachehits
dncachetries
dncachehitratio
currentdncachesize
maxdncachesize
currentdncachecount
maxdncachecount
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=531642
Resolves: 531642
Fix description:
1. Introduced a config parameter nsslapd-entryusn-global: on|off to
enable | disable the global mode. By default, off.
In the global mode, search on root dse returns "lastusn: <num>"
without the backend subtype (e.g., "lastusn;userroot: <num>")
2. Added slapi_get_next_suffix_ext to mapping_tree.c, which visits
children as well as siblings in the mapping tree.
(Note: slapi_get_next_suffix does just siblings.)
3. import (ldif2db) adds "entryusn: 0" to every entry unless the
entry already contains the entryusn attribute.
4. ldbm_back_delete, ldbm_back_modify, ldbm_back_modrdn: set
ldap_result_code to pblock so that bepost plugin could see if
the operation was successful or not.
See also http://directory.fedoraproject.org/wiki/Entry_USN#Global_mode
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
entrydn is not present in search results
https://bugzilla.redhat.com/show_bug.cgi?id=628300
Resolves: 628300
Description: Code for supporting entrydn (added for Bug 578296)
contained a bug. If an entry was found in the entry cache,
id2entry_ext returned it without adding the entrydn attribute
value. This patch fixes the problem.
In addition, if the parent DN in the to-be-added entry is not
identical to the real parent DN (e.g., dc=eXAmple vs. dc=example),
replace the string with the real parent DN. This check & replace
is done only when the parent entry is in the entry cache not to
sacrifice the performance.
|
|
|
|
|
|
|
|
|
|
| |
This patch allows multiple memberOfGroupAttr values to be set in the
memberOf plug-in config. This allows different grouping attributes
to be used.
For more details, see the design doc:
http://directory.fedoraproject.org/wiki/MemberOf_Multiple_Grouping_Enhancements
|
|
|
|
|
| |
the name "dn" is being deprecated - the standard attribute name is
"distinguishedName" - ger should support both of these
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=617630
Bug description: CID 12090 was a false positive
description: Undo the commit e23c8bd9994d5592738cb44e1c2b426aba7fbd4a
|
|
|
|
| |
(ldap/servers/plugins/replication/repl5_agmt.c)
|
|
|
|
|
|
| |
The postal_validate() function cannot accept an empty string as a valid
value of postalAddress syntax. In addition, we were not properly checking
a value which did not contain a '$' character.
|
|
|
|
|
|
|
|
|
|
| |
11940 - 12166
https://bugzilla.redhat.com/show_bug.cgi?id=611790
Resolves: bug 611790
Bug description: Fix coverify Defect Type: Null pointer dereferences issues 11940 - 12166
Fix description: Catch possible NULL pointer in ruv_get_replica_generation().
Note: committing the fix on behalf of Endi (edewata@redhat.com).
|
|
|
|
|
|
|
|
|
|
|
| |
11940 - 12166
https://bugzilla.redhat.com/show_bug.cgi?id=611790
Resolves: bug 611790
Bug description: Fix coverify Defect Type: Null pointer dereferences issues 11940 - 12166
Fix description: Catch possible NULL pointer in cos_cache_add_defn().
Note: committing the fix on behalf of Endi (edewata@redhat.com).
|
|
|
|
|
|
|
|
|
| |
11940 - 12166
https://bugzilla.redhat.com/show_bug.cgi?id=611790
Resolves: bug 611790
Bug description: Fix coverify Defect Type: Null pointer dereferences issues 11940 - 12166
Fix description: Catch possible NULL pointer in ResHashCreate().
|
|
|
|
|
|
|
|
|
| |
11940 - 12166
https://bugzilla.redhat.com/show_bug.cgi?id=611790
Resolves: bug 611790
Bug description: Fix coverify Defect Type: Null pointer dereferences issues 11940 - 12166
Fix description: Catch possible NULL pointer in ldapu_cert_mapfn_default().
|
|
|
|
|
|
|
|
|
| |
11940 - 12166
https://bugzilla.redhat.com/show_bug.cgi?id=611790
Resolves: bug 611790
Bug description: Fix coverify Defect Type: Null pointer dereferences issues 11940 - 12166
Fix description: Catch possible NULL pointer in send_specific_attrs().
|
|
|
|
|
|
|
|
|
| |
11940 - 12166
https://bugzilla.redhat.com/show_bug.cgi?id=611790
Resolves: bug 611790
Bug description: Fix coverify Defect Type: Null pointer dereferences issues 11940 - 12166
Fix description: Catch possible NULL pointer in plugin_invoke_plugin_sdn().
|
|
|
|
|
|
|
|
|
| |
11940 - 12166
https://bugzilla.redhat.com/show_bug.cgi?id=611790
Resolves: bug 611790
Bug description: Fix coverify Defect Type: Null pointer dereferences issues 11940 - 12166
Fix description: Catch possible NULL pointer in dblayer_sys_pages().
|
|
|
|
|
|
|
|
|
| |
11940 - 12166
https://bugzilla.redhat.com/show_bug.cgi?id=611790
Resolves: bug 611790
Bug description: Fix coverify Defect Type: Null pointer dereferences issues 11940 - 12166
description: Catch possible NULL pointer in roles_cache_update() and roles_is_entry_member_of_object_ext().
|
|
|
|
|
|
|
|
|
| |
11940 - 12166
https://bugzilla.redhat.com/show_bug.cgi?id=611790
Resolves: bug 611790
Bug description: Fix coverify Defect Type: Null pointer dereferences issues 11940 - 12166
Fix description: Catch possible NULL pointer in age_str2time().
|
|
|
|
|
|
|
|
|
|
| |
11940 - 12166
https://bugzilla.redhat.com/show_bug.cgi?id=611790
Resolves: bug 611790
Bug description: Fix coverify Defect Type: Null pointer dereferences issues 11940 - 12166
Fix description: Catch possible NULL pointer in map_dn_values(), map_entry_dn_outbound(),
and windows_generate_update_mods().
|
|
|
|
|
|
|
|
|
| |
11940 - 12166
https://bugzilla.redhat.com/show_bug.cgi?id=611790
Resolves: bug 611790
Bug description: Fix coverify Defect Type: Null pointer dereferences issues 11940 - 12166
Fix description: Catch possible NULL pointer in windows_search_entry_ext().
|
|
|
|
|
|
|
|
|
| |
11940 - 12166
https://bugzilla.redhat.com/show_bug.cgi?id=611790
Resolves: bug 611790
Bug description: Fix coverify Defect Type: Null pointer dereferences issues 11940 - 12166
Fix description: Catch possible NULL pointer in replica_new_from_entry() and _replica_configure_ruv().
|
|
|
|
|
|
|
|
|
| |
11940 - 12166
https://bugzilla.redhat.com/show_bug.cgi?id=611790
Resolves: bug 611790
Bug description: Fix coverify Defect Type: Null pointer dereferences issues 11940 - 12166
Fix description: Catch possible NULL pointer in sendGetReq(), sendPostReq(), and parseAtPath().
|
|
|
|
|
|
|
|
|
| |
11940 - 12166
https://bugzilla.redhat.com/show_bug.cgi?id=611790
Resolves: bug 611790
Bug description: Fix coverify Defect Type: Null pointer dereferences issues 11940 - 12166
Fix description: Catch possible NULL pointer in print_access_control_summary().
|