| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=617013
Resolves: bug 617013
Bug Description: repl-monitor.pl use cpu upto 90%
Reviewed by: nhosoi (Thanks!)
Branch: master
Fix Description: The script recursively looks for servers - looks at servers
in replication agreements, adds them, then looks for replication agreements
on those servers, etc. When it added the servers, the logic was faulty for
seeing if the server was already in the list. So it just kept recursing
forever. One of the problems was that the script did not like a hostname
with a non \w char in it, such as the "-" char. There was another problem
with matching a server without a shadowport.
Platforms tested: RHEL5 x86_64
Flag Day: no
Doc impact: no
(cherry picked from commit 7de9007936a790625258967bfb959bc5989d25f2)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=616618
Change Description:
. renamed 91upgradednformat.pl to 80upgradednformat.pl to run
upgradednformat before 90subtreerename.pl.
. ported following patches applied to Directory_Server_8_2_Branch
to master and 389-ds-base-1.2.6.
612771 - RHDS 8.1/389 v1.2.5 accepts 2 identical entries with
different DN formats
* commit 50bb2ee6676e10cdda704982dfa831efa4011037
Fix Description:
This patch fixes the upgradednformat utility to eliminate the
duplicated DNs found in the upgrading period. Assuming DN:
attr0=value0,attr1=value1,...,attrn=valuen exists in the DB
and another identical DN is found, the second DN is renamed to
nsuniqueid=<uuid>+attr0=value0,attr1=value1,...,attrn=valuen
, where the <uuid> is the unique id assigned to the entry when
the entry is added to the server. The modification is logged
in the error log.
In addition, there was a bug to handle multi-valued RDNs in
slapi_dn_normalize_ext. In case multi-valued RDN appears with
DN value (e.g., nsuniqueid=<uuid>+cn=uid\=<uid>\,o\=<org>,dc=<dc>),
it was not normalized properly. Introduced second rdn_av_stack
(subinitial_rdn_av_stack) for the nested DN value.
See also:
http://directory.fedoraproject.org/wiki/Upgrade_to_New_DN_Format#Another_Upgrade_Scenario
* commit ebaa18adaf201f75c709e078abd8e32605eddb81
Fix Description:
1) In the previous commit 50bb2ee6676e10cdda704982dfa831efa4011037,
there were 3 places to miss replacing rdn_av_count with subrdn_av_count.
2) A variable subtypestart is used to keep the head of nested
multivalued RDNs. For instance,
seeAlso=cn\=<CN>\+l\=<L>\,o\=<O>,dc=examle,dc=com
^ or ^ or ^
There was a bug to set the first position ("cn" in the above example).
In addition, fixed a warning assigning "const char *" to "char *" in
import_foreman (import-threads.c).
* commit 472a2c0f2f21205390ba87c31c498b4419a932ba
Fix Description:
When newly creating an ancestorid index file, instead of
opening the index file with DB_TRUNCATE option, delete
the file then create it.
616135 - Upgrade failure on Solaris :
tar: db/NetscapeRoot/{DBVERSION,*.db4}:
No such file or directory
* commit e6723421e6dc69408edb2a396eb22da361cff206
Fix Description:
.../'{'DBVERSION,*.db4'}' is not a shell syntax. Process DBVERSION
and *.db4 individually.
Cherry-picked 700d7c1a199db4a690740636b8bd3e612304ce1e and
0b6ddc9b06845bdf385e749f2c5a99497df20d98 from
389-ds-base-1.2.6 branch.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=547503
Resolves: bug 547503
Bug Description: replication broken again, with 389 MMR replication and TCP errors
Reviewed by: nhosoi (Thanks!)
Branch: master
Fix Description: When turbo mode is used for the connection, the server does
not poll for read ready status in the main loop, nor go through the code in
handle_pr_read_ready that updates conn->c_idlesince. So while the conn is in
turbo mode, the c_idlesince is not updated. If the conn gets a timeout while
reading, a flag will be set on the connection that will put it back in the
main loop. When it then hits handle_pr_read_ready, if there is still no
activity on the connection, it will go through idle timeout processing. It
may have been a long time since c_idlesince was updated, so the connection
may be closed wrongly.
The solution is to have c_idlesince updated in connection_threadmain() in
turbo mode if the connection really isn't idle.
In addition, the conn private turbo_mode flag was not being used correctly -
in the timeout case, the local variable was being updated but not the
conn private turbo_flag. Since the conn private turbo_flag is not used
anywhere else, it can be removed, and just use the local variable.
Platforms tested: RHEL5 x86_64
Flag Day: no
Doc impact: no
(cherry picked from commit 9d638b3fc25fbc57884a511744943499c7102f40)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=614242
Resolves: bug 614242
Bug Description: C99/ANSI C++ related compile errors on HP-UX
Reviewed by: rmeggins
Branch: HEAD
Fix Description: In lib/ldaputil/vtable.c, a global static struct is declared and initialized to
{}. I see gcc allows this, and aCC does also but only with -AA ("newly
supported ANSI C++ Standard features").
In ldap/servers/slapd/tools/ldclt/ldclt.c, an array size is set using a
variable, which I think is legal in C99. Since the size is not computed, and
this is the only place C99 is taken advantage of, this can be changed to a
then I would instead add the -AC99 compiler flag for HP-UX.
Platforms tested: HP-UX
Flag Day: no
Doc impact: no
Patch submitted by: Ulf Weltman <ulf.weltman@hp.com>
|
| |
|
|
|
|
| |
The slapi-nis plug-in needs the dirsrv SELinux policy to allow
ns-slapd to bind to rpc ports. This adds the appropriate macros
to the dirsrv policy.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When a change was made to a DN mapped attribute in DS (such as
uniqueMember in a group entry), we may end up searching for the
entries that those values point to in AD when winsync is being
used. We were overwriting the "raw entry" pointer every time we
searched for an entry in AD. The raw entry is intended to point
to the entry that the original modification was made to, not the
entry that a DN mapped attribute value points to.
The fix is to add a flag that will force the raw entry to be kept
when we search for an entry in AD. We set this flag when we search
for entries that are pointed to be DN mapped attribute values and
reset it when we are finished. This results in the raw entry being
the actual entry that is the target of the operation we are syncing.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=609255
12241 Triaged Unassigned Bug Minor Fix Required
delete_acl_from_file(char *, char *…) ds/lib/libaccess/acltools.cpp
12242 UNINIT Triaged Unassigned Bug Minor Fix Required
get_acl_from_file(char *, char *, ACLListHandle **…) ds/lib/libaccess/acltools.cpp
12243 UNINIT Triaged Unassigned Bug Minor Fix Required
ACL_FileGetNameList() ds/lib/libaccess/acltools.cpp
12244 UNINIT Triaged Unassigned Bug Minor Fix Required
ACL_FileGetNameList() ds/lib/libaccess/acltools.cpp
12245 UNINIT Triaged Unassigned Bug Minor Fix Required
rename_acl_in_file(char *, char *, char *…) ds/lib/libaccess/acltools.cpp
12246 UNINIT Triaged Unassigned Bug Minor Fix Required
append_acl_to_file(char *, char *, char *…) ds/lib/libaccess/acltools.cpp
12247 UNINIT Triaged Unassigned Bug Minor Fix Required
append_acl_to_file(char *, char *, char *…) ds/lib/libaccess/acltools.cpp
Comment:
ACL_FileRenameAcl, ACL_FileDeleteAcl, ACL_FileGetAcl, ACL_FileSetAcl,
ACL_FileMergeAcl, ACL_FileMergeFile and their helper functions are
not used. These functions and their helper functions plus libaccess
test programs under the directory ./utest are eliminated.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=609255
12237 UNINIT Triaged Unassigned Bug Minor Fix Required
vlv_trim_candidates_byvalue() ds/ldap/servers/slapd/back-ldbm/vlv.c
Commit:
There is almost no chance to pass uninitialized typedown_value to
ber_bvecfree unless vlv_request_control value is NULL. Anyway, we
init typedown_value to NULL.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=609255
12236 UNINIT Triaged Unassigned Bug Minor Fix Required
dblayer_get_aux_id2entry() ds/ldap/servers/slapd/back-ldbm/dblayer.c
Comment:
If a backend instance info (inst) or ldbminfo (li) or dblayer private
info (opriv) is not available, uninitialized priv is passed to
slapi_ch_free_string and slapi_ch_free. We need to init priv to NULL
and handle done: case if priv is NULL.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=609255
12233 UNINIT Triaged Unassigned Bug Minor Fix Required
preop_modify() ds/ldap/servers/plugins/uiduniq/uid.c
Comment:
This is not an issue since attrName is an output variable
for getArguments at the line 689. But to make coverity
happy, we init attrName to NULL.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=609255
12230 UNINIT Triaged Unassigned Bug Minor Fix Required
preop_add() ds/ldap/servers/plugins/uiduniq/7bit.c
Comment:
Some cases such as NULL attrName is passed or it does not have a value,
uninitialized "violated" is passed to slapi_ch_smprintf via issue_error.
We should init violated to NULL.
12231 UNINIT Triaged Unassigned Bug Unspecified Fix Required
preop_modify() ds/ldap/servers/plugins/uiduniq/7bit.c
Comment:
Some cases such as NULL attrName is passed or mods were empty,
uninitialized "violated" is passed to slapi_ch_smprintf via issue_error.
We should init violated to NULL.
12232 UNINIT Triaged Unassigned Bug Minor Fix Required
preop_modrdn() ds/ldap/servers/plugins/uiduniq/7bit.c
Comment:
Some cases such as NULL attrName is passed or it does not have a value,
uninitialized "violated" is passed to slapi_ch_smprintf via issue_error.
We should init violated to NULL.
|
| |
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=609255
12225 UNINIT Triaged Unassigned Bug Minor Fix Required
windows_private_update_dirsync_control() ds/ldap/servers/plugins/replication/windows_private.c
Comment:
If DIRSYNC control is not found, uninitialized serverCookie is passed
to ber_bvfree. We should init serverCookie to NULL.
|
| |
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=609255
12224 UNINIT Triaged Unassigned Bug Minor Fix Required
windows_private_update_dirsync_control() ds/ldap/servers/plugins/replication/windows_private.c
Comment:
If DIRSYNC control is not found, uninitialized ber is passed to
ber_free. We should init ber to NULL.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=609255
12223 UNINIT Triaged Unassigned Bug Minor Fix Required
my_ber_scanf_attr() ds/ldap/servers/plugins/replication/repl5_total.c
Comment:
In case an error occurs between the line 594 and the line 648,
uninitialized value is passed to slapi_value_free. Need to init
value to NULL
|
| |
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=609255
12222 UNINIT Triaged Unassigned Bug Minor Fix Required
replica_get_purl_for_op() ds/ldap/servers/plugins/replication/repl5_plugins.c
Comment:
In case of an error "cannot obtain consumer connection extension or supplier_ruv", uninitialized purl is returned to the caller. Init purl to NULL
|
| |
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=609255
12221 UNINIT Triaged Unassigned Bug Minor Fix Required
create_NSDS50ReplicationExtopPayload() ds/ldap/servers/plugins/replication/repl_extop.c
Comment:
unlikely to cause a problem, but we should init repl_obj to NULL
|
| |
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=609255
12220 UNINIT Triaged Unassigned Bug Minor Fix Required
create_NSDS50ReplicationExtopPayload() ds/ldap/servers/plugins/replication/repl_extop.c
Comment:
unlikely to cause a problem, but we should init sdn to NULL
|
| |
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=609255
12216 UNINIT Triaged Unassigned Bug Minor Fix Required
private_protocol_factory() ds/ldap/servers/plugins/replication/repl5_protocol.c
Comment:
should be impossible for type to be anything but one of the
valid values, but it wouldn't hurt to init prp to NULL anyway
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=609255
12215 UNINIT Triaged Unassigned Bug Minor Fix Required
_cl5LDIF2Operation() ds/ldap/servers/plugins/replication/cl5_api.c
Comment:
should init rawDN to NULL and check if it is NULL before using it.
If rawDN is NULL, it returns error CL5_BAD_FORMAT.
Comment on the particular rawDN at the line 5218:
* When it comes here, case T_DNSTR is already
* passed and rawDN is supposed to set.
* But it's a good idea to make sure it is
* not NULL.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=609255
12210 UNINIT Triaged Unassigned Bug Minor Fix Required
str2entry_fast() ds/ldap/servers/slapd/entry.c
Comment:
ptype is always NULL the first time through the loop, so a will
always be initialized to NULL. But we should explicitly initialize
it to NULL in the declaration.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=609255
12291 USE_AFTER_FREE Triaged Unassigned Bug Minor Fix Required
dbconf_read_default_dbinfo_sub() ds/lib/ldaputil/dbconf.c
Comment:
should never happen - should always break out of the loop at 504
with a valid db_info - but we should set db_info = NULL after line
505 just to make sure
|
| |
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=609255
12300 USE_AFTER_FREE Triaged Unassigned Bug Minor Fix Required
append_acl_to_file(char *, char *, char *…) ds/lib/libaccess/acltools.cpp
Comment:
this code is not used any more. The fix is to have open_file_buf set
*buf to NULL after freeing
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=611850
Resolves: bug 611850
Bug Description: fix coverity Defect Type: Error handling issues
Reviewed by: nhosoi (Thanks!)
Branch: HEAD
Fix Description: Check the error return from the functions. In some cases,
I was able to figure out that the calling function should perform additional
error handling (return early, goto error label), but in general the code
just logs an appropriate error message and continues. I was able to get
rid of some more libacl code. I removed an unused variable from modify.c
Platforms tested: RHEL5 x86_64
Flag Day: no
Doc impact: no
|
| |
|
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=610276
Resolves: bug 610276
Bug Description: fix coverity Defect Type: API usage errors issues
Reviewed by: nhosoi (Thanks!)
Branch: HEAD
Fix Description: Must call va_end after calling va_start.
Platforms tested: RHEL5 x86_64
Flag Day: no
Doc impact: no
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=610177
Resolves: bug 610177
Bug Description: fix coverity Defect Type: Uninitialized variables issues
Reviewed by: nhosoi (Thanks!)
Branch: HEAD
Fix Description: Initialize variables to 0, NULL, or an appropriate error
code. Got rid of the unused lexer code.
Platforms tested: RHEL5 x86_64
Flag Day: no
Doc impact: no
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=609590
Resolves: bug 609590
Bug Description: fix coverity Defect Type: Memory - corruptions issues
Reviewed by: nhosoi (Thanks!)
Branch: HEAD
Fix Description: To avoid a potential double free, set ipaddrs to NULL
after freeing it.
Platforms tested: RHEL5 x86_64
Flag Day: no
Doc impact: no
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
GLUE_PARENT_ENTRY before freeing them
https://bugzilla.redhat.com/show_bug.cgi?id=602531
Resolves: bug 602531
Bug Description: coverity: op_shared_delete: compare preop entry and GLUE_PARENT_ENTRY before freeing them
Reviewed by: nhosoi (Thanks!)
Branch: HEAD
Fix Description: Get the pre entry and glue parent entries separately,
compare them, and only free one of them if they are the same.
Platforms tested: RHEL5 x86_64
Flag Day: no
Doc impact: no
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
entries before freeing them
https://bugzilla.redhat.com/show_bug.cgi?id=602530
Resolves: bug 602530
Bug Description: coverity: op_shared_modify: compare pre, post and original entries before freeing them
Reviewed by: nhosoi (Thanks!)
Branch: HEAD
Fix Description: Get the pre entry and post entry separately, compare them to
e and to each other before attempting to free them.
Platforms tested: RHEL5 x86_64
Flag Day: no
Doc impact: no
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=609590
Resolves: bug 609590
Bug Description: fix coverity Defect Type: Memory - corruptions issues
Reviewed by: nhosoi (Thanks!)
Branch: HEAD
Fix Description: The code wants to allocate space for a struct berval, not
struct berval *.
Platforms tested: RHEL5 x86_64
Flag Day: no
Doc impact: no
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=609590
Resolves: bug 609590
Bug Description: fix coverity Defect Type: Memory - corruptions issues
Reviewed by: nhosoi (Thanks!)
Branch: HEAD
Fix Description: The code is allocating space for an array of int which is
4 bytes. In this case, since type_name_disposition is int**, doing
*type_name_disposition is still a pointer type rather than the int type. We
have to do **type_name_disposition to get to the int type we want.
Platforms tested: RHEL5 x86_64
Flag Day: no
Doc impact: no
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=609590
Resolves: bug 609590
Bug Description: fix coverity Defect Type: Memory - corruptions issues
Reviewed by: nhosoi (Thanks!)
Branch: HEAD
Fix Description: The code is allocating an array of struct dynalib *, so the
sizeof needs to use (struct dynalib *) not (struct dynalib).
Platforms tested: RHEL5 x86_64
Flag Day: no
Doc impact: no
|
| |
|
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=609590
Resolves: bug 609590
Bug Description: fix coverity Defect Type: Memory - corruptions issues
Reviewed by: nhosoi (Thanks!)
Branch: HEAD
Fix Description: Do not allow pt->pt_sizendx to be == PLMAXSIZENDX
Platforms tested: RHEL5 x86_64
Flag Day: no
Doc impact: no
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=609590
Resolves: bug 609590
Bug Description: fix coverity Defect Type: Memory - corruptions issues
Reviewed by: nhosoi (Thanks!)
Branch: HEAD
Fix Description: The point of this code is to copy the conn authtype to
the operation authtype, so just do that.
Platforms tested: RHEL5 x86_64
Flag Day: no
Doc impact: no
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=609590
Resolves: bug 609590
Bug Description: fix coverity Defect Type: Memory - corruptions issues
Reviewed by: nhosoi (Thanks!)
Branch: HEAD
Fix Description: ACLPB_MAX_ATTR_LEN is the buffer size including the trailing
null, not the strlen.
Platforms tested: RHEL5 x86_64
Flag Day: no
Doc impact: no
|
| |
|
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=609590
Resolves: bug 609590
Bug Description: fix coverity Defect Type: Memory - corruptions issues
Reviewed by: nhosoi (Thanks!)
Branch: HEAD
Fix Description: Just error and return if nread is < 0.
Platforms tested: RHEL5 x86_64
Flag Day: no
Doc impact: no
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=609590
Resolves: bug 609590
Bug Description: fix coverity Defect Type: Memory - corruptions issues
Reviewed by: nhosoi (Thanks!)
Branch: HEAD
Fix Description: If there was an error, set filter to NULL so we won't attempt
to free static memory.
Platforms tested: RHEL5 x86_64
Flag Day: no
Doc impact: no
|
| |
|
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=609590
Resolves: bug 609590
Bug Description: fix coverity Defect Type: Memory - corruptions issues
Reviewed by: nhosoi (Thanks!)
Branch: HEAD
Fix Description: The cnt parameter is not used, so just get rid of it.
Platforms tested: RHEL5 x86_64
Flag Day: no
Doc impact: no
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=603942
Resolves: bug 603942
Bug Description: null deref in _ger_parse_control() for subjectdn
Reviewed by: nkinder (Thanks!)
Branch: HEAD
Fix Description: Needed to pass &orig to ber_scanf 'a' instead of orig. Also,check for NULL before doing strlen(orig).
Platforms tested: RHEL5 x86_64
Flag Day: no
Doc impact: no
(cherry picked from commit 82625ebf670c0f234e8bcbf18420e84b325e359e)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=609256
Description by nkinder@redhat.com:
Our CGIs are very restricted in what they can access/run. Most of
the CGIs are self contained programs (they may use libraries, which
is fine). In this case, it looks like pwdhash-bin is called from
the SELinux context used by CGIs (httpd_dirsrvadmin_script_t). The
pwdhash-bin program then tries to load libslapd.so.0, which is labeled
as dirsrv_lib_t. This should be allowed by our SELinux policy since
we call this macro with the httpd_dirsrvadmin_script_t contex. What
seems to be the issue here is that libslapd.so.0 is a symlink, not a
regular file. SELinux considers this to be a class of "lnk_file",
as can be seen in the raw AVC from /var/log/audit/audit. We need to
expand the dirsrv_exec_lib macro to cover link_file.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
rename switch is on
https://bugzilla.redhat.com/show_bug.cgi?id=578296
Change Description:
1) ldbm_back_next_search_entry_ext (ldbm_search.c)
When getting an entry from ID using id2entry_ext, pass a flag
ID2ENTRY_ADD_ENTRYDN to add entrydn to the entry.
2) id2entry_ext (id2entry.c)
Added id2entry_ext to handle the flag ID2ENTRY_ADD_ENTRYDN.
If ID2ENTRY_ADD_ENTRYDN is set in the flags variable and
entryrdn switch is enabled, entrydn is added to the entry.
3) index_read_ext (index.c)
If entryrdn switch is on and the attribute type is entrydn and
the search type is equality, then call entryrdn_index_read
to get the ID directly.
|
| |
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=605827
Description: 70upgradednformat.pl does nothing if the server is up.
The upgrade script is effective only when it's called in the Off-
line mode.
(cherry picked from commit a109da80a8eae4400b42a27bb5de604f9aee344d)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
failure in PR_Poll
https://bugzilla.redhat.com/show_bug.cgi?id=604453
Resolves: bug 604453
Bug Description: SASL Stress and Server crash: Program quits with the assertion failure in PR_Poll
Reviewed by: nhosoi (Thanks!)
Branch: master
Fix Description: When the server pushes the SASL IO layer on to the connection
it must do so when there are no other references to the connection. The only
way to do this without introducing more locking is to have the saslbind code
just register the intent to push SASL IO at the next available time. This
cannot be done in the sasl bind code (or any operation code for that matter)
because connection_threadmain() will enable the connection for reading
(and polling) after reading the PDU and before calling the operation
function. Therefore, during the operation function, the connection may be
being actively polled, so we must not access the conn c_prfd.
The best place to push the IO layer is in connection_threadmain, after the
server has notified that there is read ready on the connection, but before
we have actually attempted to read anything. At this point,
connection_threadmain is the only thread that will be accessing the
connection, and if we push or pop the IO layer before calling the read
function, we are guaranteed to have the correct IO layer to use.
The code has been made generic enough to allow for use by the startTLS code
if the need arises.
I also added some more locking in the saslbind code, and changed the sasl IO
code to more closely resemble the way that the NSS code deals with IO
layer push/pop.
Platforms tested: RHEL5 x86_64
Flag Day: no
Doc impact: no
(cherry picked from commit c28fcadfc7812108573e40f13624e11a5a8609e5)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
failure in PR_Poll
https://bugzilla.redhat.com/show_bug.cgi?id=604453
Resolves: bug 604453
Description: SASL Stress and Server crash: Program quits with the assertion failure in PR_Poll
Branch: master
Reviewed by: nhosoi (Thanks!)
Fix Description: We usually do not have to pop the IO layer from the SASL
connection. This is usually handled by PR_Close() on the PRFD, which should
only happen when the connection is not being referenced by the main PR_Poll()
call. The only time we need to explicitly pop the SASL IO layer is if the
client re-negotiates the SASL bind with a different ssf e.g. going from
clear to protected or vice versa.
Platforms tested: RHEL5 x86_64
(cherry picked from commit ac6ce0947d9b2d5ec3649948bca861f0e318d708)
|
| |
|
|
|
|
|
|
|
|
|
| |
also applied to "cn=directory manager"
https://bugzilla.redhat.com/show_bug.cgi?id=606920
Description: When a timelimit (as well as a sizelimit) is successfully
retrieved from SLAPIResLimitConnData, the value is always set to pblock.
With this change, it sets "no limit (-1)" if the operation is initiated
by Directory Manager.
|
| | |
|
| |
|
|
|
|
|
|
|
| |
If a password is changed using the password modify extended
operation, the modify used to modify the password will be leaked
if the change is rejected due to password policy or access control
settings.
This patch frees the mod when the password change is rejected.
|
| | |
|
| |
|
|
| |
This is 1.2.6 Release Candidate 1
|
| |
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=574101
Description: To create the ID list for child entries of to-be-renamed
entry, an inappropriate function (idl_append) was used. The function
expects the passed IDs are sorted. If not sorted, idl_insert should
be used instead.
|
