| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
| |
RPM post install adds a new patch to fix the httpd module load order, removes
the console patch
Tell the user to run setup/setup after upgrade installation.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Bug Description: 64bit issues with normalize_path(), make_dn(), and
add_aci_v()
Reviewed by: Nathan and Noriko (Thanks!)
Fix Description: 1) use sizeof(char *) as the elemsize to pass to
slapi_ch_calloc(). 2) create a variable const char *NULLSTR = 0 to pass
as the last argument to the varargs functions.
Platforms tested: RHEL4 64
Flag Day: no
Doc impact: no
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bug Description: Password Modify LDAPv3 extended operation erroneously
forces the client to supply old password
Reviewed by: Pete & Nathan (Thanks!)
Fix Description: If the BIND operation was successful, the CONN_DN field
is always set to the proper DN. This is even the case during a SASL or
client cert DN if the authentication was successful AND the given
identity could be mapped to a real user in the directory. Also, the
authmethod will be something other than NULL or none. So, if the old
password was not given, that is ok if there is a non-anonymous bind DN
and a real authmethod. The rest of the operation passes through the usual access control.
Platforms tested: Fedora Core 4
Flag Day: no
Doc impact: no
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bug Description: Most of our integer based config parameters do not do a good job
validating input. For example, alphabetic characters will be accepted as a value
if "0" is a valid setting for a given parameter since atoi returns "0" on error. We
also don't properly check for range errors for many parameters.
Reviewed by: Rich, Pete, and Noriko (Thanks!)
Files: ldapserver/ldap/servers/slapd/libglobs.c
Branch: HEAD
Fix Description: This adds better input validation for a number of integer based config
settings. I replaced our usage of atoi() with strtol() so we can recognize
conversion errors. I also added more descriptive error strings where they were
missing. I revised the fix due to feedback from Noriko. She recommended that
we check for ERANGE areas for all calls to strtol insead of only checking when
LONG_MAX is a valid setting for a config parameter.
Flag Day: no
Doc impact: no
QA impact: should be covered by regular nightly and manual testing
New Tests integrated into TET: none
|
| |
|
|
|
| |
Fixed the broken build (64-bit).
LDFLAG (set in the tools/Makefile) was not passed to rsearch and ldclt.
|
| |
|
|
|
|
| |
Fixed broken build on Solaris.
1) removed redeclared getsubopt in port.h
2) defined _XOPEN_SOURCE 500 for Linux
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
backup; Restore tries to restore all the fles from the backupdir
1) if the specified backup directory exists, rename it to <dir>.bak
2) support relative dir for the backup/restore dir, e.g., "bak2db bak/mybak"
|
| | |
|
| |
|
|
| |
integrated ldclt from DSRK into the DS source tree.
|
| |
|
|
|
|
|
| |
If the specified backup dir does not exist, does not contain necessary files
(including the directory is not accessible), is not a directory, or is
identical to the path to the db dir, issues an error and stops restoring before
wiping out the database.
|
| | |
|
| |
|
|
| |
Integrating rsearch and infadd source codes from DSRK into the Directory Server build tree.
|
| | |
|
| |
|
|
| |
It used to be taken to the "convert to quoted value" section even though the rdn did not have a quote.
|
| | |
|
| |
|
|
|
| |
If missing entry_id is found, skip it and continue reading the primary db to be
reindexed.
|
| | |
|
| |
|
|
| |
When reading a rotation info file, compare the contents with the files in the logs dir, if mismatch is found, update the rotation info file. Once the files arestored in the rotation info file, they will be the target of cleanup at the nextlog ration.
|
| |
|
|
| |
need to set localuser before creating/opening error log.
|
| |
|
|
|
| |
Modified to change the owner to the "localuser" if the error log file is not
owned by the user.
|
| |
|
|
|
|
| |
NSS/SSL init. For example, import needs to hash passwords, export of encrypted attrs needs encryption.
2) Only create, configure (for SSL) and bind TCP ports if running in regular or referral mode. Before, the code short circuited if doing import, export, etc. before getting to the port stuff. But since 1) above, the code needs to take care only to do network related stuff if in network mode.
|
| |
|
|
|
| |
related files are owned by the correct user, but make that happen before
the detach so we can ask for the pin on the terminal.
|
| | |
|
| |
|
|
|
|
| |
was due to the security CGI not being able to read the ds key/cert db files. They were owned by root instead of the server uid because they were being created by NSS_Initialize which was being called before the server did the setuid.
The fix is to move the NSS/SSL initialization code to just after the setuid call.
|
| |
|
|
|
|
|
| |
i1) For non-RHEL platforms, package cyrus sasl library and the supported plugins.
2) by default, cyrus sasl expects to see the plugins in /usr/lib/sasl2.
Instead, tell sasl to search "../../../lib/sasl2" (relative path from ns-slapd)
for the plugins.
|
| |
|
|
|
|
|
|
|
|
|
| |
Bug Description: sasl code needs to accomodate older versions of sasl
Reviewed by: Noriko (Thanks!)
Fix Description: 1) Change build to use -L/usr/kerberos/lib on RHEL3
since that's where gssapi_krb5 is on that platform 2) ifdef out the use
of SASL_AUX_PASSWORD_PROP - if it's not defined, we don't need to use it.
Platforms tested: RHEL3
Flag Day: no
Doc impact: no
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bug Description: slapd crashes during SASL authentication
Reviewed by: Noriko (Thanks!)
Branch: HEAD and Directory71RtmBranch
Fix Description: When we build cyrus-sasl on RHEL, we tell it to use
berkeley db for its sasldb database. It uses whatever version of
berkeley db is installed in the system. On RHEL3, this is usually
libdb-4.1. However, at runtime, slapd uses 4.2, leading to conflicts.
This doesn't happen on RHEL4 because it already has 4.2 on it. The db
is used to lookup auxiliary properties (auxprop) related to the user,
such as password or whatever. This happens in sasl after the user is
looked up. In our server, the way we use it, we don't care about these
auxprops, or we get them in another way. If you don't tell sasl which
auxprop plugin you want to use, it tries to use all of them, which means
it will attempt to use the sasldb plugin, which will lead to the crash.
The solution is to add our own auxprop plugin which is just a dummy that
does nothing, and tell sasl to use our plugin.
Platforms tested: RHEL3, RHEL4
Flag Day: no
Doc impact: no
QA impact: retest
New Tests integrated into TET: none
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Bug Description: Change ldapserver version to 1.0
Reviewed by: Noriko (Thanks!)
Fix Description: This also fixes some lingering build issues involving
perldap, which is no longer a separate setup package, but just gets
included into DS in a similar manner to nspr, nss, etc.
Platforms tested: RHEL4
Flag Day: no
Doc impact: no
QA impact: should be covered by regular nightly and manual testing
New Tests integrated into TET: none
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bug Description: ./ns-slapd crashes on bind containing invalid dn and password
Reviewed by: Noriko (Thanks!)
Branch: HEAD
Fix Description: It's really crashing on the search request. The problem is that the server assumes all strings are encoded in utf8 format, since that is the only encoding allowed by the LDAP standards. Non-utf8 works in most places except the function slapi_utf8StrToLower(), which returns NULL given a string of non-utf8 bytes. The fix for this particular problem is to check for a NULL return value and handle accordingly.
The real solution to this problem would be for the server to check for valid utf8 strings in _all_ LDAP data, according to the syntax of the attribute (e.g. for binary or octet string syntax data, and other binary formats, all bets are off, but then we shouldn't be doing strtolower on these blobs either).
And, while we're at it, add data validation based on syntax for _all_ attributes e.g. in a pre-op.
Platforms tested: RHEL4
Flag Day: no
Doc impact: no
QA impact: should be covered by regular nightly and manual testing
New Tests integrated into TET: none
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Bug Description: slapd crashes during SASL authentication
Reviewed by: Noriko (Thanks!)
Branch: HEAD
Fix Description: I could not reproduce the crash. I tried several different ways - no password in entry, empty password in entry, SSHA hashed password in entry - no crashes. No useful information from the FDS bug reporter either. In fact I found that SASL Digest-MD5 was not working at all. We needed to use the SASL_AUX_PASSWORD_PROP define instead of hardcoding "userpassword" - I guess sasl is case sensitive. I also fixed some missing new lines in log messages.
Platforms tested: RHEL4
Flag Day: no
Doc impact: no
QA impact: should be covered by regular nightly and manual testing
New Tests integrated into TET: none
|
| |
|
|
|
|
|
|
| |
1) Eliminated SLAPD_MODUTIL_TREE_THREASHHOLD from attr.c as well as valueset.c.
With this change, if an attribute has more than 1 value to add/replace/delete,
it creates an AVL tree to check the duplicates.
2) Replace was not checking the duplicated value at all. Added a code to put
the attribute values into the AVL tree as being done for add and delete.
|
| |
|
|
|
|
| |
By default, it dumps the entire entry. (it used to be truncated at the BUFSIZ
size). In case no need to dump the entire entry, introduced the truncate option
"-t".
|
| |
|
|
| |
access of memory which sometimes resulted in crashing.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Bug Description: Daily Acceptance: Directory Install failed to register Directory server as a Red Hat server (81)
Reviewed by: Nathan (Thanks!)
Fix Description: The index code, in the replace case, was not checking to see if there were
actually any values to delete before attempting to delete them. This fix just
checks to see if there are any values to delete.
Platforms tested: RHEL3
Flag Day: no
Doc impact: no
QA impact: should be covered by regular nightly and manual testing with the new indexing tests
New Tests integrated into TET: none
|
| | |
|
| |
|
|
| |
returning SUCCESS.
|
| |
|
|
| |
Plus fixed branding/version number.
|
| | |
|
| | |
|
| |
|
|
| |
Pass these build variables to gmake: NO_MDUPDATE=1 NS_USE_GCC=1
|
| |
|
|
|
|
| |
changes.
Multi-value'ed attribute diff was not implemented; Added the implementation.
|
| |
|
|
| |
Convert to C-style comments to avoid build breakage.
|
| | |
|
