| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
| |
slapi_dn_normalize_original can modify the argument string, so we cannot
pass in a const char *rawdn to that function - instead, pass in a copy
created by slapi_ch_strdup
|
|
|
|
|
|
|
|
|
|
|
|
| |
The DS has some problems with the openldap versions of these functions:
1) They are deprecated - should use the str2[r]dn and [r]dn2str and the
bv versions of those functions instead
2) They escape utf-8 and other values in the strings - the mozldap functions
do not do this
3) They handle double quoted strings, but they remove the quotes - our
code expects the quotes to be left in place
Until we fix our DN handling, and get rid of the double quoted DNs, we just
use the mozldap versions of these functions.
|
|
|
|
| |
both ptype and type->bv_val are properly null terminated strings
|
|
|
|
|
|
|
| |
There are slapi wrappers that hide differences between the openldap and
mozldap ldap and ldif API code. These are now doxygen documented.
Reviewed by: nkinder (Thanks!)
Platforms tested: Fedora 14 (rawhide)
|
|
|
|
|
|
|
|
|
|
|
| |
Added proxy auth control creation - mozldap has a function to do that but
not openldap
Do not use mozldap filter create function - just create one using
slapi_smprintf
Fix usage of TLS/SSL with new NSS functionality
Created ldif parse wrapper - changed code to use it
Reviewed by: nkinder (Thanks!)
Platforms tested: Fedora 14 (rawhide)
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=619122
Resolves: bug 619122
Bug description: fix coverify Defect Type: Resource leaks issues CID 11998.
description: The str2entry_fast() has been modified to release maxcsn before returning.
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=619122
Resolves: bug 619122
Bug description: fix coverify Defect Type: Resource leaks issues CID 11997.
description: The str2entry_fast() has been modified to release attributedeletioncsn before returning.
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=619122
Resolves: bug 619122
Bug description: fix coverify Defect Type: Resource leaks issues CID 11996.
description: The str2entry_dupcheck() has been modified to release unused maxcsn.
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=619122
Resolves: bug 619122
Bug description: fix coverify Defect Type: Resource leaks issues CID 11995.
description: The str2entry_dupcheck() has been modified to release attributedeletioncsn properly.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=616618
Change Description:
. renamed 91upgradednformat.pl to 80upgradednformat.pl to run
upgradednformat before 90subtreerename.pl.
. ported following patches applied to Directory_Server_8_2_Branch
to master and 389-ds-base-1.2.6.
612771 - RHDS 8.1/389 v1.2.5 accepts 2 identical entries with
different DN formats
* commit 50bb2ee6676e10cdda704982dfa831efa4011037
Fix Description:
This patch fixes the upgradednformat utility to eliminate the
duplicated DNs found in the upgrading period. Assuming DN:
attr0=value0,attr1=value1,...,attrn=valuen exists in the DB
and another identical DN is found, the second DN is renamed to
nsuniqueid=<uuid>+attr0=value0,attr1=value1,...,attrn=valuen
, where the <uuid> is the unique id assigned to the entry when
the entry is added to the server. The modification is logged
in the error log.
In addition, there was a bug to handle multi-valued RDNs in
slapi_dn_normalize_ext. In case multi-valued RDN appears with
DN value (e.g., nsuniqueid=<uuid>+cn=uid\=<uid>\,o\=<org>,dc=<dc>),
it was not normalized properly. Introduced second rdn_av_stack
(subinitial_rdn_av_stack) for the nested DN value.
See also:
http://directory.fedoraproject.org/wiki/Upgrade_to_New_DN_Format#Another_Upgrade_Scenario
* commit ebaa18adaf201f75c709e078abd8e32605eddb81
Fix Description:
1) In the previous commit 50bb2ee6676e10cdda704982dfa831efa4011037,
there were 3 places to miss replacing rdn_av_count with subrdn_av_count.
2) A variable subtypestart is used to keep the head of nested
multivalued RDNs. For instance,
seeAlso=cn\=<CN>\+l\=<L>\,o\=<O>,dc=examle,dc=com
^ or ^ or ^
There was a bug to set the first position ("cn" in the above example).
In addition, fixed a warning assigning "const char *" to "char *" in
import_foreman (import-threads.c).
* commit 472a2c0f2f21205390ba87c31c498b4419a932ba
Fix Description:
When newly creating an ancestorid index file, instead of
opening the index file with DB_TRUNCATE option, delete
the file then create it.
616135 - Upgrade failure on Solaris :
tar: db/NetscapeRoot/{DBVERSION,*.db4}:
No such file or directory
* commit e6723421e6dc69408edb2a396eb22da361cff206
Fix Description:
.../'{'DBVERSION,*.db4'}' is not a shell syntax. Process DBVERSION
and *.db4 individually.
Cherry-picked 700d7c1a199db4a690740636b8bd3e612304ce1e and
0b6ddc9b06845bdf385e749f2c5a99497df20d98 from
389-ds-base-1.2.6 branch.
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=609255
12210 UNINIT Triaged Unassigned Bug Minor Fix Required
str2entry_fast() ds/ldap/servers/slapd/entry.c
Comment:
ptype is always NULL the first time through the loop, so a will
always be initialized to NULL. But we should explicitly initialize
it to NULL in the declaration.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fix Description:
. adding slapi_dn_normalize_ext and its siblings to normalize/validate
invalid DNs; deprecating slapi_dn_normalize and its siblings. (dn.c)
. replacing slapi_dn_normalize with new corresponding functions.
. normalizing hardcoded DNs (e.g., removing spaces around ',')
. setting correct DN syntax to nsslapd-suffix, nsslapd-ldapiautodnsuffix,
costemplatedn, nsslapd-changelogsuffix, nsBaseDN, nsBindDN
. if nsslapd-dn-validate-strict is enabled, incoming DN is examined and
rejected if it is invalid. Once approved, the DN is normalized.
. fixing compiler warnings and typos.
See also:
http://directory.fedoraproject.org/wiki/Upgrade_to_New_DN_Format
Related bugs:
Bug 199923 - subtree search fails to find items under a db containing special
characters
Bug 567968 - subtree/user level password policy created using 389-ds-console
doesn't work.
Bug 570107 - The import of LDIFs with base-64 encoded DNs fails, modrdn with
non-ASCII new rdn incorrect
Bug 570962 - ns-inactivate.pl does not work
Bug 572785 - DN syntax: old style of DN <type>="<DN>",<the_rest> is not
correctly normalized
Bug 573060 - DN normalizer: ESC HEX HEX is not normalized
Bug 574167 - An escaped space at the end of the RDN value is not handled
correctly
|
|
|
|
|
|
| |
This patch cleans up various build warnings found by compiling the code
with -Wall on RHEL5.
Reviewed by: nhosoi (Thanks!)
|
|
|
|
|
|
|
|
|
|
|
| |
There were many places in the server code that directly used the syntax
plugin for the attribute. If the attribute schema definition specified
a matching rule, we must use that matching rule for matching values of
that attribute, filtering that attribute, and generating index keys for
values of that attribute. New internal and plugin APIs have been added
that use the Slapi_Attr* instead of using the syntax plugin directly.
The new API will determine which matching rule to apply based on the
schema definition.
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=558518
Resolves: bug 558518
Bug Description: several spelling errors
Reviewed by: ???
Branch: HEAD
Fix Description: Fix several spelling errors in error messages and man pages.
Platforms tested: RHEL5 x86_64
Flag Day: no
Doc impact: no
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch includes
- replacing the entrydn index with the entryrdn index
- replacing a full DN in each entry in the DB with an RDN
- extending Slapi_Entry, entry2str, and str2entry to absorb the changes
made on the entry
- adding DN/RDN helper functions
- adding DN cache
- adding a utility and a migration script to convert the DN format database
to the RDN format
- extending a database dump utility dbscan to support the entryrdn
- slapi_dn_syntax_check by nkinder@redhat.com is added to check the dn before
modify operations
- big fix for 171338 - Enhancement: winsync modrdn not synced
In addition to the above, compile warnings and memory leaks found in testing
the new feature are fixed.
For more details, see the feature design document at:
http://directory.fedoraproject.org/wiki/Subtree_Rename
and bugzilla at:
https://bugzilla.redhat.com/show_bug.cgi?id=171338
|
|
|
|
|
|
|
|
|
|
| |
These changes allow the server to be built with OpenLDAP (2.4.17+). A brief summary of the changes:
* #defines not provided by OpenLDAP were copied into slapi-plugin.h and protected with #ifndef blocks
* where it made sense, I created slapi wrapper functions for things like URL and LDIF processing to abstract way the differences in the APIs
* I created a new file utf8.c which contains the UTF8 functions from MozLDAP - this is only compiled when using OpenLDAP
* I tried to clean up the code - use the _ext versions of LDAP functions everywhere since the older versions should be considered deprecated
* I removed some unused code
NOTE that this should still be considered a work in progress since it depends on functionality not yet present in a released version of OpenLDAP, for NSS crypto and for the LDIF public API.
|
|
|
|
| |
Summary: Consistently deal with attr syntax info struct ref count when fetcvhing and returning them to the global hashtables.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bug Description: Need to address 64-bit compiler warnings - again
Reviewed by: nhosoi (Thanks!)
Fix Description: This patch cleans up most of the other remaining compiler warnings. I compiled the directory server code with these flags on RHEL5 x86_64: -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic
I also enabled argument/format match checking for most of the commonly used varadic functions. Most of the problems I found fell into these categories:
1) Too many or not enough arguments e.g. most everything that uses or did use LDAPDebug had extra 0,0 arguments. If they had been switched to use slapi_log_error, I removed the extra arguments - for those places still using LDAPDebug, I introduced more macros to handle the number of arguments, since C macros cannot be varadic.
2) When using NSPR formatting functions, we have to use %llu or %lld for 64-bit values, even on 64-bit systems. However, for regular system formatting functions, we have to use %ld or %lu. I introduced two new macros NSPRIu64 and NSPRI64 to handle cases where we are passing explicit 64-bit values to NSPR formatting functions, so that we can use the regular PRIu64 and PRI64 macros for regular system formatting functions. I also made sure we used NSPRI* only with NSPR functions, and used PRI* only with system functions.
3) use %lu for size_t and %ld for time_t
I did find a few "real" errors, places that the code was doing something definitely not right:
https://bugzilla.redhat.com/attachment.cgi?id=325774&action=diff#ldapserver/ldap/servers/plugins/acl/aclinit.c_sec4
https://bugzilla.redhat.com/attachment.cgi?id=325774&action=diff#ldapserver/ldap/servers/plugins/acl/acllas.c_sec17
https://bugzilla.redhat.com/attachment.cgi?id=325774&action=diff#ldapserver/ldap/servers/plugins/http/http_impl.c_sec1
https://bugzilla.redhat.com/attachment.cgi?id=325774&action=diff#ldapserver/ldap/servers/plugins/memberof/memberof.c_sec1
https://bugzilla.redhat.com/attachment.cgi?id=325774&action=diff#ldapserver/ldap/servers/plugins/pam_passthru/pam_ptimpl.c_sec1
https://bugzilla.redhat.com/attachment.cgi?id=325774&action=diff#ldapserver/ldap/servers/plugins/replication/cl5_api.c_sec5
https://bugzilla.redhat.com/attachment.cgi?id=325774&action=diff#ldapserver/ldap/servers/plugins/replication/cl5_clcache.c_sec2
https://bugzilla.redhat.com/attachment.cgi?id=325774&action=diff#ldapserver/ldap/servers/plugins/replication/replutil.c_sec1
https://bugzilla.redhat.com/attachment.cgi?id=325774&action=diff#ldapserver/ldap/servers/slapd/libglobs.c_sec1
https://bugzilla.redhat.com/attachment.cgi?id=325774&action=diff#ldapserver/ldap/servers/slapd/back-ldbm/dbverify.c_sec2
https://bugzilla.redhat.com/attachment.cgi?id=325774&action=diff#ldapserver/ldap/servers/slapd/back-ldbm/ldif2ldbm.c_sec3
This is why it's important to use this compiler checking, and why it's important to fix compiler warnings, if for no other reason than the sheer noise from so many warnings can mask real errors.
Platforms tested: RHEL5
Flag Day: no
Doc impact: no
|
|
|
|
|
| |
Summary: Memory usage research: checking in the experimental code
See also: http://directory.fedoraproject.org/wiki/Memory_Usage_Research
|
|
|
|
| |
Summary: Perform better config validation in the DNA plug-in.
|
|
|
|
| |
Summary: Make DNA plug-in auto-extended exhausted ranges.
|
|
|
|
|
|
|
|
| |
Summary: attacker can tie up CPU in regex code
Description: when substring search is requested, sets the time limit based upon
the nsslapd-timelimit value. Pass the timelimit (time_up) to the regular
expression function. When the time is up, it returns the "Timelimit exceeded"
error. Note: timelimit is applied non-Directory Manager users.
|
|
|
|
|
|
| |
Summary: Dynamically reload schema via task interface
Description: implemented task based schema file reloading
(see also http://directory.fedoraproject.org/wiki/Dynamically_Reload_Schema)
|
|
|
|
| |
Summary: HP-UX: warnings reported by the HP-UX compiler
|
|
|
|
|
|
|
|
| |
Summary: Use mozldap6 ldif_parse_line API
Changes:
1) Removed ldif.h from the DS tree.
2) Eliminated the 5-th arg of ldif_parse_line (errmsg) and the errmsg related
code.
|
|
|
|
|
|
|
|
|
|
| |
Summary: configure needs to support --with-fhs (Comment #6)
Changes: Added the following include next to the end of the copyright block.
+
+#ifdef HAVE_CONFIG_H
+# include <config.h>
+#endif
+
|
|
|
|
|
| |
Summary: subtree search fails to find items under a db containing special characters (Comment#16)
Description: When dn contains rdn which includes '\\', it was escaped twice to generate a key for entrydn and caused mismatch in forming ancestorid index. It ends up the subtree search fail.
|
|
|
|
|
|
|
|
| |
1) Eliminated SLAPD_MODUTIL_TREE_THREASHHOLD from attr.c as well as valueset.c.
With this change, if an attribute has more than 1 value to add/replace/delete,
it creates an AVL tree to check the duplicates.
2) Replace was not checking the duplicated value at all. Added a code to put
the attribute values into the AVL tree as being done for add and delete.
|
| |
|
|
|
|
|
|
| |
changes.
Multi-value'ed attribute diff was not implemented; Added the implementation.
|
| |
|
| |
|
|
|
|
| |
strlen, removing some dead code, other odds and ends.
|
|
|
|
| |
warnings on Linux; remove pam_passthru from DS 7.1
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bug Description: The auth specific PAM libraries do not have a run time
dependency on libpam, but they do use symbols
in libpam - they expect the executable has already loaded libpam and
made its symbols visible to all other
dynamically loaded libraries. This breaks with DS when loading the PAM
plugin since we just use the default
dlopen arguments, which make the symbols private. We need a way to tell
the plugin loader to treat certain
plugins differently without changing the behavior for all plugins.
Reviewed by: dboreham, nkinder (Thanks!)
Fix Description: Added two new plugin configuration options:
nsslapd-pluginLoadNow and nsslapd-pluginLoadGlobal. These are boolean
valued and false by default (also false if absent). LoadNow causes all
symbols in the plugin and all of its dependents to be loaded
immediately, as opposed to load lazy which only loads the symbol when
used the first time (we probably don't ever want to do this, but it's
there if we need it). LoadGlobal makes all loaded symbols visible to
the executable and all other dynamically loaded libraries, which solves
the PAM problem.
Platforms tested: RHEL3
Flag Day: no
Doc impact: Yes. Need to document the two new plugin config attributes
and their behavior, and document slapi_entry_get_bool().
QA impact: should be covered by regular nightly and manual testing
New Tests integrated into TET: none
|
|
(foxworth)
|