| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
|
|
|
|
|
| |
In the moddn code that renames child entries, the for loop used to
rename the children can never be executed. Part of the condition
is that retval is 0, but retval will always be -1 the first time we
hit this loop. This only happens with subtree rename off, but it
should still be fixed.
The fix is to set retval to 0 at the prior to checking the condition
the first time.
|
| |
|
|
|
|
|
|
| |
The skipit variable is set to zero shortly before we check if it
is 0 in an if condition. This if block can be removed since it
will never be hit. The entry that was being freed in the if block
is already removed earlier in the function if skipit was non-0
prior to resetting skipit to 0.
|
| |
|
|
|
|
|
|
|
|
|
| |
In the call to slapi_log_error(), we are guaranteed that srdn is
NULL if we are checking it for NULL due to the way the conditions
are nested. The only time we check if srdn is NULL is if inst is
non-NULL, and the if condition guarantees that either inst or
srdn are NULL.
We can just use the string "srdn" in our log message if inst is
non-NULL.
|
| |
|
|
|
|
|
|
|
| |
If the index types (argv[1]) are not specified, attr_index_config()
bails. We can remove some dead code where we check if "argc == 1"
later in the function since that case can never happen.
Additionally, we need to check if argc is 0, or if argv is NULL
before attempting to parse the list of attributes to be indexed.
|
| |
|
|
|
|
|
|
|
|
| |
There is no chance for next_node to be anything other than NULL in
the final return statement due to the return in the "if (next_node)"
block immediately before the final return.
We can remove the return inside of the "if (next_node)" block since
the final return statement already deals with returning the proper
value if next_node is non-NULL.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The return statement at the end of agt_mopen_stats() is unreachable
according to coverity. This return was removed before to fix the
coverity defect, but it was added back to fix a compiler warning.
We can satisfy both the compiler and coverity by adding a rc
variable to hold the return code. We can then return rc at the end
of the function. This also allows us to clean up all of the return
calls in this function by having all of them set rc and jump to a
label at the function end.
|
| |
|
|
|
|
|
|
|
|
|
| |
The directory variable points to a dynamically allocated string
returned by rel2abspath(). We are changing directory to point to
a string constant if we are unable to parse the directory. This
not only leaks memory, but it can cause us to attempt to free the
string constant.
We should free the string before we overwrite it, and we should
dynamically allocate a new string instead of using a string constant.
|
| |
|
|
|
|
|
|
|
|
|
| |
We should check the return type of idl_append_extend(), though it does
not seem possible that the return type will be anything other than 0.
The only time idl_append_extend() returns anything other than 0 is
when it is unable to allocate memory. Since the underlying allocation
function is slapi_ch_calloc(), the server will just exit if it runs
out of memory, which means we will never return up through
idl_append_extend(). The right thing to do from a code standpoint is
to still check for the return value though.
|
| |
|
|
|
|
|
|
|
|
|
| |
We need to check the return value of cache_replace() in
id2entry_add_ext(). The only possible error that can be returned
is when the entry we are trying to replace is not found in the
cache. This should not occur since we are told that the entry
already exists by CACHE_ADD() just prior to this call. If we run
into this situation, we will just log an error without adding the
entry to the cache. This shouldn't be a big deal since the entry
will get added to the cache next time it is accessed.
|
| |
|
|
|
|
| |
We were not checking the return value of stat() before attempting
to access the structure that stat fille in in the protect_db code.
This patch checks the return value first.
|
| |
|
|
|
|
|
|
|
|
|
| |
Currently, the ldbm_back_ldbm2ldif() function could bail due to an
error before fd is set. We then attempt to close the file that fd
refers to. We should initialize fd to STDOUT_FILENUM, as we skip
calling close() if fd is set to STDOUT_FILENUM.
Additionally, I noticed that we could call close() when fd is
negative or if it is STDERR or STDIN. I fixed this so close() is
not called in those cases.
|
| |
|
|
|
| |
openldap requires that the protocol version be explicitly set to 3
mozldap defaults to 3, but it doesn't hurt to set it again
|
| |
|
|
|
| |
(cov#15521) The oldndn variable was unused in the dncache_replace() function.
This patch removes the unused variable.
|
| |
|
|
|
| |
(cov#15521) The newndn variable was unused in the dncache_replace() function.
This patch removes the unused variable.
|
| |
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=629710
Resolves: 629710
Description: do_escape_string (core of escape_string) converts
'\\ (backslash)' to '\5C' even if the following 2 characters are
hex digits. That is, the character is already escaped. This
patch checks the case and if it is, it does not escape it further.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
do not change or change very rarely
https://bugzilla.redhat.com/show_bug.cgi?id=627738
Description:
Change made in this commit: cc36301a7cae6737d9f8a0e53bed653a52130a1d
for the following bug introduced a missing-cache-return bug:
id2entry_add_ext replaces an dn instance in the dn cache even if
the DN value is identical. Replace it only when they don't match.
Thanks to andrey.ivanov@polytechnique.fr for finding it out:
https://bugzilla.redhat.com/show_bug.cgi?id=627738#c5
|
| |
|
|
|
|
|
|
|
| |
This commit fixes many compiler warnings, mostly for things like unused
variables, functions, goto labels.
One place was using csngen_free instead of csn_free. A couple of places
were using casts incorrectly, and several places needed some casts added.
Tested on: RHEL5 x86_64, Fedora 14 x86_64
Reviewed by: nkinder (Thanks!)
|
| |
|
|
|
|
| |
slapi_dn_normalize_original can modify the argument string, so we cannot
pass in a const char *rawdn to that function - instead, pass in a copy
created by slapi_ch_strdup
|
| |
|
|
|
| |
use slapi_pblock_set to set the ldap result code for the be postop plugins
instead of slapi_pblock_get
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
If an ACI has a targetattr of userPassword and uses the USERDN
keyword, the ACI may not be evaluated correctly for password
change operations. This is caused by the fact that we use a
dummy target entry to check if the pasword change is allowed early
in the operation. This dummy entry will not have any attributes
that the ACI may use.
The fix is to actually fetch the target entry with all of it's
attributes. We still create a dummy entry if the target doesn't
exist to prevent returning a no such entry error when we should be
returning an access denied or insufficient access error.
|
| |
|
|
|
|
|
| |
File: ldap/servers/slapd/dn.c
Description: slapi_dn_normalize_ext failed to check a typical
invald DN (e.g., "bogus,dc=example,dc=com"), in which RDN does
not have the type=value format. The problem is fixed.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The DS has some problems with the openldap versions of these functions:
1) They are deprecated - should use the str2[r]dn and [r]dn2str and the
bv versions of those functions instead
2) They escape utf-8 and other values in the strings - the mozldap functions
do not do this
3) They handle double quoted strings, but they remove the quotes - our
code expects the quotes to be left in place
Until we fix our DN handling, and get rid of the double quoted DNs, we just
use the mozldap versions of these functions.
|
| |
|
|
|
|
|
| |
*out will never be NULL here, so we only need to check that src < *out as
the loop condition
when looking for a continuation line, make sure there are two characters
in *out to check
|
| |
|
|
|
|
| |
when putting ldif data with the no wrap option, if we removed some
continuation lines, we have to move the output data pointer back since
the continuation line markers are removed in place
|
| |
|
|
|
|
|
|
| |
mozldap accepts hostnames in the form host1[:port1] ... hostN[:portN]
in the ldap_init argument and in ldap urls/uris. DS code uses
ldap_initialize() which takes a list of uris in the form
ldap[s]://host1[:port1]/ ldap[s]://host2[:port2]/ ...
We have to convert the host:port list into a list of LDAP uris
|
| |
|
|
|
|
|
| |
mozldap supports a non-standard URL extension which allows multiple host:port
combinations - openldap does not support this - fake out openldap by
converting spaces to %20 and all but the last colon to %3A before calling
ldap_url_parse, then unescape ludp->lud_host before returning
|
| |
|
|
|
| |
The function ldif_sput already terminates the line with a newline character -
we do not need to add another one when unwrapping a wrapped line.
|
| |
|
|
|
|
| |
If the openldap_read_function has returned all of the buffered data,
it needs to set errno to EWOULDBLOCK to let the code know that it needs
to read more data into the buffer.
|
| |
|
|
|
|
|
| |
Even though the ldap.conf man page is not really clear about this,
looking at the code in libraries/libldap/tls2.c:ldap_int_tls_start()
if you don't specify LDAP_OPT_X_TLS_REQUIRE_CERT as
LDAP_OPT_X_TLS_NEVER it will check the hostname
|
| |
|
|
|
|
| |
The logic looking for a missing suffix DN in a parsed URL was incorrect.
In addition, since passthru requires a suffix DN, pass the require_dn
flag.
|
| |
|
|
|
|
| |
The value passed to the char * argument to ber_printf 'o' must not be
a NULL, even if the bv_len argument is 0. An empty string "" must
be passed instead.
|
| |
|
|
| |
both ptype and type->bv_val are properly null terminated strings
|
| | |
|
| |
|
|
|
|
|
| |
There are slapi wrappers that hide differences between the openldap and
mozldap ldap and ldif API code. These are now doxygen documented.
Reviewed by: nkinder (Thanks!)
Platforms tested: Fedora 14 (rawhide)
|
| |
|
|
|
|
| |
Since these functions are present in mozldap, just use them directly
Reviewed by: nkinder (Thanks!)
Platforms tested: Fedora 14 (rawhide)
|
| |
|
|
|
|
|
|
|
| |
There are some differences between the mozldap and the openldap apis:
openldap has deprecated ldap_init in favor of ldap_initialize
openldap has deprecated the regular ldap op functions in favor of their
_ext alternatives
Reviewed by: nkinder (Thanks!)
Platforms tested: Fedora 14 (rawhide)
|
| |
|
|
|
|
|
|
|
|
|
| |
Added proxy auth control creation - mozldap has a function to do that but
not openldap
Do not use mozldap filter create function - just create one using
slapi_smprintf
Fix usage of TLS/SSL with new NSS functionality
Created ldif parse wrapper - changed code to use it
Reviewed by: nkinder (Thanks!)
Platforms tested: Fedora 14 (rawhide)
|
| |
|
|
|
|
| |
need to free basedn after use by the internal search
Reviewed by: nkinder (Thanks!)
Platforms tested: Fedora 14 (rawhide)
|
| |
|
|
|
|
|
| |
even though AC_CHECK_LIB finds ldap_url_parse_ext, that function is not
part of the public api
Reviewed by: nkinder (Thanks!)
Platforms tested: Fedora 14 (rawhide)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
change or change very rarely
https://bugzilla.redhat.com/show_bug.cgi?id=627738
Description:
1) id2entry_add_ext replaces an dn instance in the dn cache even if
the DN value is identical. Replace it only when they don't match.
2) Modifying the dn cache related labels:
dnEntrycachehits
dnEntrycachetries
dnEntrycachehitratio
dnCurrententrycachesize
dnMaxentrycachesize
dnCurrententrycachecount
dnMaxentrycachecount
===>
dncachehits
dncachetries
dncachehitratio
currentdncachesize
maxdncachesize
currentdncachecount
maxdncachecount
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=531642
Resolves: 531642
Fix description:
1. Introduced a config parameter nsslapd-entryusn-global: on|off to
enable | disable the global mode. By default, off.
In the global mode, search on root dse returns "lastusn: <num>"
without the backend subtype (e.g., "lastusn;userroot: <num>")
2. Added slapi_get_next_suffix_ext to mapping_tree.c, which visits
children as well as siblings in the mapping tree.
(Note: slapi_get_next_suffix does just siblings.)
3. import (ldif2db) adds "entryusn: 0" to every entry unless the
entry already contains the entryusn attribute.
4. ldbm_back_delete, ldbm_back_modify, ldbm_back_modrdn: set
ldap_result_code to pblock so that bepost plugin could see if
the operation was successful or not.
See also http://directory.fedoraproject.org/wiki/Entry_USN#Global_mode
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
entrydn is not present in search results
https://bugzilla.redhat.com/show_bug.cgi?id=628300
Resolves: 628300
Description: Code for supporting entrydn (added for Bug 578296)
contained a bug. If an entry was found in the entry cache,
id2entry_ext returned it without adding the entrydn attribute
value. This patch fixes the problem.
In addition, if the parent DN in the to-be-added entry is not
identical to the real parent DN (e.g., dc=eXAmple vs. dc=example),
replace the string with the real parent DN. This check & replace
is done only when the parent entry is in the entry cache not to
sacrifice the performance.
|
| |
|
|
|
|
|
|
|
|
| |
This patch allows multiple memberOfGroupAttr values to be set in the
memberOf plug-in config. This allows different grouping attributes
to be used.
For more details, see the design doc:
http://directory.fedoraproject.org/wiki/MemberOf_Multiple_Grouping_Enhancements
|
| |
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=617630
Bug description: CID 12090 was a false positive
description: Undo the commit e23c8bd9994d5592738cb44e1c2b426aba7fbd4a
|
| |
|
|
|
|
|
|
|
| |
11940 - 12166
https://bugzilla.redhat.com/show_bug.cgi?id=611790
Resolves: bug 611790
Bug description: Fix coverify Defect Type: Null pointer dereferences issues 11940 - 12166
Fix description: Catch possible NULL pointer in send_specific_attrs().
|
| |
|
|
|
|
|
|
|
| |
11940 - 12166
https://bugzilla.redhat.com/show_bug.cgi?id=611790
Resolves: bug 611790
Bug description: Fix coverify Defect Type: Null pointer dereferences issues 11940 - 12166
Fix description: Catch possible NULL pointer in plugin_invoke_plugin_sdn().
|
| |
|
|
|
|
|
|
|
| |
11940 - 12166
https://bugzilla.redhat.com/show_bug.cgi?id=611790
Resolves: bug 611790
Bug description: Fix coverify Defect Type: Null pointer dereferences issues 11940 - 12166
Fix description: Catch possible NULL pointer in dblayer_sys_pages().
|
| |
|
|
|
|
|
|
|
|
| |
12167 - 12199
https://bugzilla.redhat.com/show_bug.cgi?id=610119
Resolves: bug 610119
Bug description: Fix coverify Defect Type: Null pointer dereferences issues 12167 - 12199
Fix description: Catch possible NULL pointer in ldbm_instance_index_config_modify_callback()
and ldbm_instance_config_add_index_entry().
|
| |
|
|
|
|
|
|
|
| |
12167 - 12199
https://bugzilla.redhat.com/show_bug.cgi?id=610119
Resolves: bug 610119
Bug description: Fix coverify Defect Type: Null pointer dereferences issues 12167 - 12199
Fix description: Catch possible NULL pointer in index_range_read().
|
| |
|
|
|
|
|
|
|
| |
12167 - 12199
https://bugzilla.redhat.com/show_bug.cgi?id=610119
Resolves: bug 610119
Bug description: Fix coverify Defect Type: Null pointer dereferences issues 12167 - 12199
Fix description: Catch possible NULL pointer in readAttrValue().
|
