| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
| |
Summary: Corrected ACI checking for userPassword during an add operation.
|
| |
|
|
| |
Summary: Make fallback SASL path work for 64-bit Linux default location.
|
| |
|
|
|
|
| |
FC 6 does not have /usr/include/linux/sys.h. The two files in the diff below include it, but I'm not sure why. If you look at the file on an earlier system, it appears that there is nothing in it. All it seems to do is define NR_syscalls, which is not used anywhere in any include file that I can find, nor in any ds code. So I propose changing the code not to include this file.
2) Change version to 1.0.4
I already got the other files, except for ldap/cm/Makefile
|
| |
|
|
|
| |
Summary: subtree search fails to find items under a db containing special characters (Comment#16)
Description: When dn contains rdn which includes '\\', it was escaped twice to generate a key for entrydn and caused mismatch in forming ancestorid index. It ends up the subtree search fail.
|
| |
|
|
| |
Summary: Added new config parameter for setting the SASL plug-in path.
|
| | |
|
| |
|
|
|
| |
Summary: parameterizing the hardcoded paths (phase 3. installed binaries, change log, setup)
Comment #23
|
| |
|
|
|
| |
spurious search timeouts (comment #7)
fixed anoter int vs. time_t type mismatch.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Bug Description: deleting attributes when changing password causes server crash
Reviewed by: nhosoi (Thanks!)
Fix Description: From Michal: "The function mod2smod does not check for mod->mod_bvalues being NULL and tries
to dereference it (modutil.c:370). This function happens to be called only by
slapi_mods_get_{first,next}_smod(), which are in turn called only by
check_trivial_words() in pw.c; this is why the crash appears only when checking
password syntax."
I added the same check for the mod_values case - even though the
code says this should never be called, better to be safe than sorry.
Platforms tested: RHEL4
|
| |
|
|
|
|
|
|
|
|
|
|
| |
cert, and instance dir)
1) introduced these 3 new config attributes:
nsslapd-lockdir, nsslapd-tmpdir, nsslapd-certdir,
and eliminated: nsslapd-instancedir.
2) replaced the hardcoded paths with the corresponding attribute value in the
server as well as in the create/remove instance codes.
3) moved snmp stats file to the nsslapd-tmpdir
4) moved the server instance dir to <prefix>/lib/<brand>-ds/slapd-<id>
|
| |
|
|
|
|
|
|
|
|
|
| |
Bug Description: one byte memory leak in modify
Reviewed by: nhosoi (Thanks!)
Files: see diff
Branch: HEAD
Fix Description: Just call slapi_ch_free_string() with the mod->mod_type. This is safe to call with NULL.
Platforms tested: RHEL4
Flag Day: no
Doc impact: no
|
| |
|
|
|
|
|
|
|
| |
Bug Description: Memory leak in ldbm_config.c:replace_ldbm_config_value
Reviewed by: nhosoi (Thanks!)
Fix Description: Just needed to call slapi_mods_done(&smods) after the call to slapi_modify_internal_pb(). This is the same as in the other places in the server that perform an internal modify operation.
Platforms tested: RHEL4
Flag Day: no
Doc impact: no
|
| |
|
|
|
|
|
|
|
| |
Bug Description: Change version to 1.0.3
Reviewed by: nkinder, nhosoi (Thanks!)
Fix Description: Update version strings and etc. to 1.0.3
Platforms tested: FC5
Flag Day: no
Doc impact: no
|
| |
|
|
| |
Fixed a problem that ldapsearch reports random timeouts on 64-bit machine.
|
| |
|
|
| |
phase 1. parameterizing config, schema and ldif directory
|
| |
|
|
| |
always copying from the beginning of the buffer.
|
| |
|
|
|
|
| |
support
comment#5: Fixed a stupid copy and paste bug...
|
| |
|
|
|
|
|
|
| |
slapi-private.h: introduced PRLDAP_SET_PORT to set port to the port field in
PRNetAddr. A copy of the same macro in LDAP C SDK (v6). Note: once NSPR
provides an equivalent API, we may want to replace this macro with the one.
(the NSPR compatibility issue remains, though.)
connection.c, daemon.c: replaced PR_SetNetAddr with PRLDAP_SET_PORT.
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
| |
Changes:
1) When ber_get_next_buffer_ext fails, not just LBER_DEFAULT but
LBER_OVERFLOW can be set to the ber tag. Thus, LBER_OVERFLOW is also
checked in the error check now.
2) The too large length error used be checked as "errno == EMSGSIZE",
which is replaced with "tag == LBER_OVERFLOW"
|
| | |
|
| |
|
|
| |
removed "-z defs" from the command line building libslapd.so and libback-ldbm.so.
|
| | |
|
| |
|
|
| |
Fix Descrition: Stopped using basename and dirname.
|
| | |
|
| |
|
|
| |
operation
|
| | |
|
| |
|
|
| |
If NOTFOUND is returned from new idl, keep ALLID to check with the filter later.
|
| |
|
|
| |
compilation error
|
| | |
|
| |
|
|
|
|
|
|
| |
The problem was check_db_version finds the existing DBVERSION is old and set
dblayer_private->blayer_recovery_required = 1. If it's set,
DBLAYER_CLEAN_RECOVER_MODE is processed properly. Unfortunately, it was
"reinitialized" in the function read_metadata, which is called after
check_db_version.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bug Description: ldapserver: Close potential security vulnerabilities in CGI code
Reviewed by: Nathan, Noriko, and Pete (Thanks!)
Fix Description: Clean up usage of sprintf, strcpy, fgets instead of
gets, fixed buffer usage, etc., mostly in the CGI code and other user
facing code (i.e. setup). Also, Steve Grubb told me about a GCC trick
to force it to check printf style varargs functions, to check the format
string against the argument string, for type mismatches, missing
arguments, and too many arguments.
In the CGI form argument parsing code, we needed to be more careful
about checking for bad input - good input is supposed to look like this:
name=value&name=value&.....
&name=value. I don't think the original code
was checking properly for something like name&name=value.
There was another place where we were not checking to see if a buffer
had enough room before appending a string to it.
I had to change a couple of functions to allow passing in the size of
the buffer.
Fixed some issues raised by Noriko and Nathan.
Platforms tested: RHEL4
Flag Day: no
Doc impact: no
QA impact: should be covered by regular nightly and manual testing
New Tests integrated into TET: none
|
| |
|
|
| |
nsconfig.mk so that the makefile used for packaging gets the info.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
1) picked up the latest components including Cyrus SASL, Perldap, SetupUtil,
and AdminServer
2) fixed the java paths for the internal build.
3) added an option -AA to HP-UX C++ compiler to adjust to SetupUtil build (use
libstd 2)
4) replaced <iostream.h>, <strstream.h> and <fstream.h> with <iostream>,
<strstream>, <fstream> respectively in ldap/cm/newinst/ux-dialog.cc
5) package svrcore and perldap, which were dropped in the current
ldap/cm/Makefile
6) added a perl script genPerlDAPInf.pl to generate perldap.inf file
|
| |
|
|
|
|
|
|
|
| |
. removed the dependency on DBM
. Updated components' RELDATEs.
. Console jar file name adjustment: <brand>-<comp>-<dotversion>.jar
. Fix for HP-UX IPF
. Use non-branded SetupUtil; add resource file to change branding
. Updated the code to call createSIE so that the right brand is passed to SetupUtil.
|
| |
|
|
| |
build to compile
|
| | |
|
| | |
|
| |
|
|
| |
slapd_chown_if_not_owner function
|
| |
|
|
| |
if idl is NULL, changed add_op_attrs to always set IMPORT_ADD_OP_ATTRS_NO_PARENT in non-error case (err == 0 or err == DB_NOTFOUND)
|
| |
|
|
|
|
|
| |
The problem is that the new IDL code is not exposing the DB_NOTFOUND error when
the index key is not found. Import checks if the result was DB_NOTFOUND when
checking for the parent entry's entrydn index. This works fine with the old
IDL code. (nkinder@redhat.com)
|
| | |
|
| |
|
|
| |
re-binding
|
| |
|
|
|
|
| |
operations simultaneously.
Demoted the write lock to the read lock in vlv_update_all_indexes
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bug Description: crash after succesful pwdchange via ldappasswd
Reviewed by: Pete, Nathan (Thanks!)
Fix Description: The passwd_extop code does an internal operation to
change the password. Some of this code is only intended to be called
for external operations where you have a conn structure. The one place
in particular which caused this bug is in update_pw_info, where it is
only triggered if you must change the password or password expiration is
in effect. The fix is to just check to see if the pb_conn is not null.
Platforms tested: Fedora Core 4
Flag Day: no
Doc impact: no
|
| |
|
|
|
| |
1) NSCONFIG accidentally got a white space (for non-Linux platforms)
2) Solaris needs to include limits.h explicitly
|
| |
|
|
|
|
| |
Description: crash: modify/delete when attr name doesn't match database
Reviewed by: All (Thanks!)
Fix description: Use case insensitive comparison for attribute names.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bug Description: recursion causes OOM with bad DN in dn2ancestor
Reviewed by: All (Thanks!)
Fix Description:
The fix looks scary, but I thought it would be best to get rid of
recursion entirely (ugh - recursion in a multi threaded server - this
isn't lisp . . .). Along with eliminating recursion, I created a new
function called slapi_dn_find_parent that just returns a pointer to the
beginning of the parent of the given dn, rather than returning a copy
(as in slapi_dn_parent), to eliminate malloc/free in cases where it is
unnecessary such as iterating through the parents in an DN. The new
function is basically just the guts of slapi_dn_parent with one twist,
specifically to address the bug in question - it skips through
consecutive runs of DN separator characters. We should probably have a
function like const char *slapi_dn_is_valid(const char *) that returns
NULL if the given DN is valid or returns a pointer to the first invalid
character if not. We could probably save a lot of time in processing
bad or malicious client requests.
Anyway, back to dn2ancestor. The given ancestordn must contain the
_unnormalized_ parent DN, since some clients get irritated when they get
back an DN in a different form than given. However, we need to have a
normalized DN to pass to dn2entry, and we cannot use a single Slapi_DN
that has both a dn and a ndn that are passed in byval (unless we add a
new API or skip the API altogether), so the variable ancestorndn holds
the normalized DN. Using the original pointer to the given sdn also
allows us to avoid malloc/free entirely.
Platforms tested: Fedora Core 4
Flag Day: no
Doc impact: no
QA impact: should be covered by regular nightly and manual testing
New Tests integrated into TET: We need a test case that calls moddn and
modify operations with really bad DNs, consisting of nothing but
thousands of ',', '+', and '=' chars.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bug Description: memory leaks using ber_scanf when handling bad BER packets
Reviewed by: All (Thanks!)
Files: https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=123783
Branch: HEAD
Fix Description:
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=179135#c0
I basically did a search through our code for all calls to ber_scanf,
ber_get_stringa, and ber_get_stringal and made sure we properly free any
arguments that may have been allocated. There was a bug in the ldapsdk
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=179135 that causes
us to free uninitialized memory when trying to clean up the result of
ber_get_stringal (or ber_scanf with 'V'). I had to initialize some
variables to NULL so that we could properly clean them up, and added
some additional clean ups that were missing. Also, in repl_extop.c, we
were calling free on an array that we should have been calling
ch_array_free on. Yet another lesson in the evils of slapi_ch_free and
disabling compiler type checks in general.
Platforms tested: Fedora Core 4
Flag Day: no
Doc impact: no
|
