| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=610281
11958 NO_EFFECT Triaged Unassigned Bug Moderate Fix Required
do_bind() ds/ldap/servers/slapd/bind.c
Comment:
slapi_dn_normalize_ext() may return a negative value but rc is of type ber_tag_t which is an unsigned int. Introducing "ber_tag_t ber_rc" just for ber functions and "int rc" for the rest.
|
|
|
|
|
|
|
|
|
| |
The anonymous resource limits were not being properly set. This
patch ensures that the limits are set properly when an anonymous
or unauthenticated BIND operation is performed. It also sets the
anonymous limits when we do a read on a connection that has not
yet perfomed a BIND. These limits will be overwritten with any
default or user-based limits once a valid BIND is performed.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fix Description:
. adding slapi_dn_normalize_ext and its siblings to normalize/validate
invalid DNs; deprecating slapi_dn_normalize and its siblings. (dn.c)
. replacing slapi_dn_normalize with new corresponding functions.
. normalizing hardcoded DNs (e.g., removing spaces around ',')
. setting correct DN syntax to nsslapd-suffix, nsslapd-ldapiautodnsuffix,
costemplatedn, nsslapd-changelogsuffix, nsBaseDN, nsBindDN
. if nsslapd-dn-validate-strict is enabled, incoming DN is examined and
rejected if it is invalid. Once approved, the DN is normalized.
. fixing compiler warnings and typos.
See also:
http://directory.fedoraproject.org/wiki/Upgrade_to_New_DN_Format
Related bugs:
Bug 199923 - subtree search fails to find items under a db containing special
characters
Bug 567968 - subtree/user level password policy created using 389-ds-console
doesn't work.
Bug 570107 - The import of LDIFs with base-64 encoded DNs fails, modrdn with
non-ASCII new rdn incorrect
Bug 570962 - ns-inactivate.pl does not work
Bug 572785 - DN syntax: old style of DN <type>="<DN>",<the_rest> is not
correctly normalized
Bug 573060 - DN normalizer: ESC HEX HEX is not normalized
Bug 574167 - An escaped space at the end of the RDN value is not handled
correctly
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=470684
Resolves: bug 470684
Bug Description: Pam passthrough doesn't verify account activation
Reviewed by: rmeggins
Branch: HEAD
Fix Description: The check_account_lock() has been renamed to
slapi_check_account_lock() and moved into libslapd.so so any plugins
can use it. The account_inactivation_only parameter has been replaced
by check_password_policy. A new parameter send_result has been added
to determine whether to send LDAP results.
The pam_passthru plugin has been modified to use this function to
check account activation when the pamIDMapMethod is set to ENTRY.
The plugin will not check password policy.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
sasl/external
https://bugzilla.redhat.com/show_bug.cgi?id=554573
Resolves: bug 554573
Bug Description: ACIs use bind DN from bind req rather than cert mapped DN from sasl/external
Reviewed by: ???
Branch: HEAD
Fix Description: Added a new config option - nsslapd-force-sasl-external (on/off)
default is off - when set to on, a SIMPLE bind on a connection that has set
a DN from a cert will be changed to be a SASL/EXTERNAL bind.
Platforms tested: RHEL5 x86_64
Flag Day: no
Doc impact: yes - new attribute to document
Note: This commit is for reapplying the patch I accidentally reverted
by the previous revert (031e725dce895bf2382ca7801cef772fe6b24c61).
(see commit f4b90ed5e43fa06ea6185cf17073b7a32db6ef4c, as well)
commit 031e725dce895bf2382ca7801cef772fe6b24c61
Author: Noriko Hosoi <nhosoi@redhat.com>
Date: Fri Mar 5 16:09:28 2010 -0800
Revert "Merge branch '547503'"
This reverts commit f2a04fdc45cc8a408267019990504354282c4303, reversing
changes made to 0b95451c7e50cb6b2d0cb310dddca18336e1b2ac.
|
|
|
|
|
| |
This reverts commit f2a04fdc45cc8a408267019990504354282c4303, reversing
changes made to 0b95451c7e50cb6b2d0cb310dddca18336e1b2ac.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
sasl/external
https://bugzilla.redhat.com/show_bug.cgi?id=554573
Resolves: bug 554573
Bug Description: ACIs use bind DN from bind req rather than cert mapped DN from sasl/external
Reviewed by: nhosoi (Thanks!)
Branch: HEAD
Fix Description: Added a new config option - nsslapd-force-sasl-external (on/off)
default is off - when set to on, a SIMPLE bind on a connection that has set
a DN from a cert will be changed to be a SASL/EXTERNAL bind.
Platforms tested: RHEL5 x86_64
Flag Day: no
Doc impact: yes - new attribute to document
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Reviewed by: nhosoi (Thanks!)
var/tmp/run_gssapi.vg.25032:Memory leak: 99 bytes duplicates: 5
> malloc() at vg_replace_malloc.c:207
> strdup() at /lib/libc-2.10.2.so
> slapi_ch_strdup() at ch_malloc.c:277
> ids_sasl_check_bind() at saslbind.c:924
> do_bind() at bind.c:382
> connection_threadmain() at connection.c:554
> --unknown-- at /lib/libnspr4.so
> start_thread() at /lib/libpthread-2.10.2.so
> clone() at /lib/libc-2.10.2.so
The problem is that ids_sasl_check_bind can reset SLAPI_BIND_TARGET to
a malloc'd value. The do_bind() code should check for this condition
and free it.
var/tmp/entryusn.vg.5997:Memory leak: 8 bytes duplicates: 8
> calloc() at vg_replace_malloc.c:397
> slapi_ch_calloc() at ch_malloc.c:243
> slapi_counter_new() at slapi_counter.c:95
> ldbm_usn_init() at ldbm_usn.c:86
> ldbm_back_start() at start.c:223
> plugin_call_func() at plugin.c:1417
> plugin_dependency_startall.clone.0() at plugin.c:1385
> main() at main.c:1138
The backend cleanup code should free be_usn_counter.
var/tmp/ipv6.vg.15561:Memory leak: 13 bytes duplicates: 3
> malloc() at vg_replace_malloc.c:207
> strdup() at /lib/libc-2.10.2.so
> slapi_ch_strdup() at ch_malloc.c:277
> config_get_listenhost() at libglobs.c:3674
> main() at main.c:874
var/tmp/ipv6.vg.15561:Memory leak: 13 bytes duplicates: 3
> malloc() at vg_replace_malloc.c:207
> strdup() at /lib/libc-2.10.2.so
> slapi_ch_strdup() at ch_malloc.c:277
> config_get_securelistenhost() at libglobs.c:3686
> main() at main.c:881
config_get_listenhost() and config_get_securelistenhost() return malloc'd
memory which must be freed.
var/tmp/dna_scen1.vg.4901:Memory leak: 248 bytes duplicates: 1
> malloc() at vg_replace_malloc.c:207
> nslberi_malloc() at io.c:1677
> ber_flatten() at io.c:1604
> create_NSDS50ReplicationExtopPayload() at repl_extop.c:218
> NSDS50EndReplicationRequest_new() at repl_extop.c:265
> release_replica() at repl5_protocol_util.c:469
> repl5_inc_run() at repl5_inc_protocol.c:1187
> prot_thread_main() at repl5_protocol.c:341
> --unknown-- at /lib/libnspr4.so
> start_thread() at /lib/libpthread-2.10.2.so
> clone() at /lib/libc-2.10.2.so
The payload was not being freed under all function exit conditions. So, just free it immediately after use.
var/tmp/dnarun.vg.2491:Memory leak: 27 bytes duplicates: 0
> malloc() at vg_replace_malloc.c:207
> slapi_ch_malloc() at ch_malloc.c:155
> slapi_entry_attr_get_charptr() at entry.c:2432
> dna_parse_config_entry() at dna.c:816
> dna_pre_op() at dna.c:2587
> plugin_call_func() at plugin.c:1417
> plugin_call_plugins() at plugin.c:1379
> op_shared_add() at add.c:606
> do_add() at add.c:232
> connection_threadmain() at connection.c:564
> --unknown-- at /lib/libnspr4.so
> start_thread() at /lib/libpthread-2.10.2.so
> clone() at /lib/libc-2.10.2.so
The value was not being freed under all conditions.
==9877== 1,890 (252 direct, 1,638 indirect) bytes in 3 blocks are definitely lost in loss record 1,628 of 1,725
==9877== at 0x47E0E5C: calloc (vg_replace_malloc.c:397)
==9877== by 0x4819D89: slapi_ch_calloc (ch_malloc.c:243)
==9877== by 0x48284A6: slapi_entry_alloc (entry.c:1686)
==9877== by 0x4829BA5: str2entry_dupcheck (entry.c:631)
==9877== by 0x482BB5D: slapi_str2entry_ext (entry.c:1194)
==9877== by 0xB2A8E9D: import_producer (import-threads.c:541)
==9877== by 0x72E1990: (within /lib/libnspr4.so)
==9877== by 0x731E8F4: start_thread (in /lib/libpthread-2.10.2.so)
==9877== by 0x75B2FCD: clone (in /lib/libc-2.10.2.so)
Make sure the entry or backentry are freed.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=506206
Resolves: bug 506206
Bug Description: problems linking with -z defs
Reviewed by: nhosoi (Thanks!)
Branch: HEAD
Fix Description: Some platforms (debian) and some build checking tools
(rpmlint, others) link with -z defs to look for any undefined references at
link time. We had several of these in various directory server objects.
1) all of the plugins need to link against libslapd.la
2) most of the plugins need to link against ldapcsdk and nspr
3) the pwdstorage plugin needs to link against LIBCRYPT, which is platform
dependent
4) various other link fixes
Platforms tested: RHEL5 x86_64
Flag Day: yes - autotool file changes
Doc impact: no
|
|
|
|
|
|
|
|
| |
This patch makes SASL EXTERNAL binds obey the account lock. The
previous code was allowing the bind through even if the account
was locked.
This patch was contributed by Ulf Weltman of Hewlett Packard.
|
|
|
|
|
|
|
| |
This patch makes SASL binds call the pre-op and post-op plug-ins.
The previous code was not calling the plug-ins for SASL binds.
This fix was contributed by Ulf Weltman of Hewlett Packard.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This adds a new configuration setting to the cn=config entry named
nsslapd-minssf. This can be set to a non-negative integer representing
the minimum key strength required to process operations. The default
setting will be 0.
The SSF for a particular connection will be determined by the key
strength cipher used to protect the connection. If the SSF used for a
connection does not meet the minimum requirement, the operation will be
rejected with an error code of LDAP_UNWILLING_TO_PERFORM (53) along
with a message stating that the minimum SSF was not met. Notable
exceptions to this are operations that attempt to protect a connection.
These operations are:
* SASL BIND
* startTLS
These operations will be allowed to occur on a connection with a SSF
less than the minimum. If the results of these operations end up with
a SSF smaller than the minimum, they will be rejected. Additionally,
we allow UNBIND and ABANDON operations to go through.
I also corrected a few issues with the anonymous access switch code
that I noticed while testing. We need to allow the startTLS extended
operation to go through when sent by an anonymous user since it is
common to send startTLS prior to a BIND to protect the credentials.
I also noticed that we were using the authtype from the operation
struct to determine is a user was anonymous when we really should
have been using the DN. This was causing anonymous operations to
get through on SSL/TLS connections.
|
|
|
|
|
|
|
|
|
|
|
| |
This adds a new config switch (nsslapd-allow-anonymous-access) that
allows one to restrict all anonymous access. When this is enabled,
the connection displatch code will only allow BIND operations through
for an unauthenticated user. The BIND code will only allow the
operation through if it's not an anonymous or unauthenticated BIND.
I also fixed a missing capability in the SELinux policy that I ran
into while testing this patch.
|
|
|
|
|
|
|
|
|
|
|
|
| |
This adds a new configuration attribute named
nsslapd-require-secure-binds. When enabled, a simple bind
will only be allowed over a secure transport (SSL/TLS or a
SASL privacy layer). An attempt to do a simple bind over
an insecure transport will return a LDAP result of
LDAP_CONFIDENTIALITY_REQUIRED. This new setting will not
affect anonymous or unauthenticated binds.
The default setting is to have this option disabled.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bug Description: Need to address 64-bit compiler warnings - again
Reviewed by: nhosoi (Thanks!)
Fix Description: This patch cleans up most of the other remaining compiler warnings. I compiled the directory server code with these flags on RHEL5 x86_64: -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic
I also enabled argument/format match checking for most of the commonly used varadic functions. Most of the problems I found fell into these categories:
1) Too many or not enough arguments e.g. most everything that uses or did use LDAPDebug had extra 0,0 arguments. If they had been switched to use slapi_log_error, I removed the extra arguments - for those places still using LDAPDebug, I introduced more macros to handle the number of arguments, since C macros cannot be varadic.
2) When using NSPR formatting functions, we have to use %llu or %lld for 64-bit values, even on 64-bit systems. However, for regular system formatting functions, we have to use %ld or %lu. I introduced two new macros NSPRIu64 and NSPRI64 to handle cases where we are passing explicit 64-bit values to NSPR formatting functions, so that we can use the regular PRIu64 and PRI64 macros for regular system formatting functions. I also made sure we used NSPRI* only with NSPR functions, and used PRI* only with system functions.
3) use %lu for size_t and %ld for time_t
I did find a few "real" errors, places that the code was doing something definitely not right:
https://bugzilla.redhat.com/attachment.cgi?id=325774&action=diff#ldapserver/ldap/servers/plugins/acl/aclinit.c_sec4
https://bugzilla.redhat.com/attachment.cgi?id=325774&action=diff#ldapserver/ldap/servers/plugins/acl/acllas.c_sec17
https://bugzilla.redhat.com/attachment.cgi?id=325774&action=diff#ldapserver/ldap/servers/plugins/http/http_impl.c_sec1
https://bugzilla.redhat.com/attachment.cgi?id=325774&action=diff#ldapserver/ldap/servers/plugins/memberof/memberof.c_sec1
https://bugzilla.redhat.com/attachment.cgi?id=325774&action=diff#ldapserver/ldap/servers/plugins/pam_passthru/pam_ptimpl.c_sec1
https://bugzilla.redhat.com/attachment.cgi?id=325774&action=diff#ldapserver/ldap/servers/plugins/replication/cl5_api.c_sec5
https://bugzilla.redhat.com/attachment.cgi?id=325774&action=diff#ldapserver/ldap/servers/plugins/replication/cl5_clcache.c_sec2
https://bugzilla.redhat.com/attachment.cgi?id=325774&action=diff#ldapserver/ldap/servers/plugins/replication/replutil.c_sec1
https://bugzilla.redhat.com/attachment.cgi?id=325774&action=diff#ldapserver/ldap/servers/slapd/libglobs.c_sec1
https://bugzilla.redhat.com/attachment.cgi?id=325774&action=diff#ldapserver/ldap/servers/slapd/back-ldbm/dbverify.c_sec2
https://bugzilla.redhat.com/attachment.cgi?id=325774&action=diff#ldapserver/ldap/servers/slapd/back-ldbm/ldif2ldbm.c_sec3
This is why it's important to use this compiler checking, and why it's important to fix compiler warnings, if for no other reason than the sheer noise from so many warnings can mask real errors.
Platforms tested: RHEL5
Flag Day: no
Doc impact: no
|
|
|
|
| |
Summary: Add config setting to disable unauthenticated binds.
|
|
|
|
| |
Summary: Convert counters to 64-bit capable Slapi_Counter type.
|
|
|
|
| |
Summary: Add support for 64-bit counters (phase 1).
|
|
|
|
|
| |
Summary: Memory usage research: checking in the experimental code
See also: http://directory.fedoraproject.org/wiki/Memory_Usage_Research
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Reviewed by: nhosoi (Thanks!)
Fix Description: The intptr_t and uintptr_t are types which are defined as integer types that are the same size as the pointer (void *) type. On the platforms we currently support, this is the same as long and unsigned long, respectively (ILP32 and LP64). However, intptr_t and uintptr_t are more portable. These can be used to assign a value passed as a void * to get an integer value, then "cast down" to an int or PRBool, and vice versa. This seems to be a common idiom in other applications where values must be passed as void *.
For the printf/scanf formats, there is a standard header called inttypes.h which defines formats to use for various 64 bit quantities, so that you don't need to figure out if you have to use %lld or %ld for a 64-bit value - you just use PRId64 which is set to the correct value. I also assumed that size_t is defined as the same size as a pointer so I used the PRIuPTR format macro for size_t.
I removed many unused variables and some unused functions.
I put parentheses around assignments in conditional expressions to tell the compiler not to complain about them.
I cleaned up some #defines that were defined more than once.
I commented out some unused goto labels.
Some of our header files shared among several source files define static variables. I made it so that those variables are not defined unless a macro is set in the source file. This avoids a lot of unused variable warnings.
I added some return values to functions that were declared as returning a value but did not return a value. In all of these cases no one was checking the return value anyway.
I put explicit parentheses around cases like this: expr || expr && expr - the && has greater precedence than the ||. The compiler complains because it wants you to make sure you mean expr || (expr && expr), not (expr || expr) && expr.
I cleaned up several places where the compiler was complaining about possible use of uninitialized variables. There are still a lot of these cases remaining.
There are a lot of warnings like this:
lib/ldaputil/certmap.c:1279: warning: dereferencing type-punned pointer will break strict-aliasing rules
These are due to our use of void ** to pass in addresses of addresses of structures. Many of these are calls to slapi_ch_free, but many are not - they are cases where we do not know what the type is going to be and may have to cast and modify the structure or pointer. I started replacing the calls to slapi_ch_free with slapi_ch_free_string, but there are many many more that need to be fixed.
The dblayer code also contains a fix for https://bugzilla.redhat.com/show_bug.cgi?id=463991 - instead of checking for dbenv->foo_handle to see if a db "feature" is enabled, instead check the flags passed to open the dbenv. This works for bdb 4.2 through bdb 4.7 and probably other releases as well.
Platforms tested: RHEL5 x86_64, Fedora 8 i386
Flag Day: no
Doc impact: no
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bug Description: SASL bind can leak credentials in some cases
Reviewed by: nkinder, nhosoi (Thanks!)
Branch: HEAD
Fix Description: There is this call in saslbind.c line 767:
/* can't do any harm */
if (cred->bv_len == 0) cred->bv_val = NULL;
apparently in some cases, cred bv_len is 0 but cred->bv_val is not-null. This
causes a leak of cred->bv_val.
The fix is to make sure cred->bv_val is freed if bv_len is 0. This should
catch all cases where this erroneous assumption is made.
Platforms tested: RHEL5, Fedora 8
Flag Day: no
Doc impact: no
QA impact: should be covered by regular nightly and manual testing
New Tests integrated into TET: none
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Summary: LDAPI: support auto-bind
Description:
1) Debugged the basic code of slapd_get_socket_peer, which is used for Solaris9
and HP-UX. The recvmsg call returns an error immediately if no data is waiting
to be received since the socket is set PR_SockOpt_Nonblocking (O_NONBLOCK). To
make slapd_get_socket_peer more robust, we have to retry recvmsg if it returns
EAGAIN. But set a retry count not to hang there.
2) Introduced c_local_valid in the Connection handle to tell the autobind
code that the uid/gid pair is valid or not.
3) Stops the automagic/unconditional auto-bind (the code used to be in
daemon.c).
4) Auto-bind is effective only when the client passes the SASL/EXTERNAL request.
|
|
|
|
| |
Summary: HP-UX: warnings reported by the HP-UX compiler
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Summary: configure needs to support --with-fhs (Comment #6)
Changes: Added the following include next to the end of the copyright block.
+
+#ifdef HAVE_CONFIG_H
+# include <config.h>
+#endif
+
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bug Description: memory leaks using ber_scanf when handling bad BER packets
Reviewed by: All (Thanks!)
Files: https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=123783
Branch: HEAD
Fix Description:
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=179135#c0
I basically did a search through our code for all calls to ber_scanf,
ber_get_stringa, and ber_get_stringal and made sure we properly free any
arguments that may have been allocated. There was a bug in the ldapsdk
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=179135 that causes
us to free uninitialized memory when trying to clean up the result of
ber_get_stringal (or ber_scanf with 'V'). I had to initialize some
variables to NULL so that we could properly clean them up, and added
some additional clean ups that were missing. Also, in repl_extop.c, we
were calling free on an array that we should have been calling
ch_array_free on. Yet another lesson in the evils of slapi_ch_free and
disabling compiler type checks in general.
Platforms tested: Fedora Core 4
Flag Day: no
Doc impact: no
|
| |
|
| |
|
|
|
|
| |
warnings on Linux; remove pam_passthru from DS 7.1
|
| |
|
| |
|
|
(foxworth)
|