| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| | |
|
| |
|
|
| |
need to set localuser before creating/opening error log.
|
| |
|
|
|
| |
Modified to change the owner to the "localuser" if the error log file is not
owned by the user.
|
| |
|
|
|
|
|
|
|
|
| |
the contents. I'm not sure why we haven't caught this earlier, but
I believe it has something to do with the patch to make ds build on
Fedora Core 4 with gcc4. To do that, we turn off the -fwriteable-strings
argument to gcc. I suppose with it on, it moves those strings to
some sort of writeable memory location. With it off, constant strings
are definitely in the data section. There was one place in views that
used a constant string, and a couple of places in the windows sync code.
|
| |
|
|
|
|
| |
NSS/SSL init. For example, import needs to hash passwords, export of encrypted attrs needs encryption.
2) Only create, configure (for SSL) and bind TCP ports if running in regular or referral mode. Before, the code short circuited if doing import, export, etc. before getting to the port stuff. But since 1) above, the code needs to take care only to do network related stuff if in network mode.
|
| |
|
|
|
| |
related files are owned by the correct user, but make that happen before
the detach so we can ask for the pin on the terminal.
|
| | |
|
| |
|
|
|
|
| |
was due to the security CGI not being able to read the ds key/cert db files. They were owned by root instead of the server uid because they were being created by NSS_Initialize which was being called before the server did the setuid.
The fix is to move the NSS/SSL initialization code to just after the setuid call.
|
| |
|
|
|
|
|
| |
i1) For non-RHEL platforms, package cyrus sasl library and the supported plugins.
2) by default, cyrus sasl expects to see the plugins in /usr/lib/sasl2.
Instead, tell sasl to search "../../../lib/sasl2" (relative path from ns-slapd)
for the plugins.
|
| |
|
|
|
|
|
|
|
|
|
| |
Bug Description: sasl code needs to accomodate older versions of sasl
Reviewed by: Noriko (Thanks!)
Fix Description: 1) Change build to use -L/usr/kerberos/lib on RHEL3
since that's where gssapi_krb5 is on that platform 2) ifdef out the use
of SASL_AUX_PASSWORD_PROP - if it's not defined, we don't need to use it.
Platforms tested: RHEL3
Flag Day: no
Doc impact: no
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bug Description: slapd crashes during SASL authentication
Reviewed by: Noriko (Thanks!)
Branch: HEAD and Directory71RtmBranch
Fix Description: When we build cyrus-sasl on RHEL, we tell it to use
berkeley db for its sasldb database. It uses whatever version of
berkeley db is installed in the system. On RHEL3, this is usually
libdb-4.1. However, at runtime, slapd uses 4.2, leading to conflicts.
This doesn't happen on RHEL4 because it already has 4.2 on it. The db
is used to lookup auxiliary properties (auxprop) related to the user,
such as password or whatever. This happens in sasl after the user is
looked up. In our server, the way we use it, we don't care about these
auxprops, or we get them in another way. If you don't tell sasl which
auxprop plugin you want to use, it tries to use all of them, which means
it will attempt to use the sasldb plugin, which will lead to the crash.
The solution is to add our own auxprop plugin which is just a dummy that
does nothing, and tell sasl to use our plugin.
Platforms tested: RHEL3, RHEL4
Flag Day: no
Doc impact: no
QA impact: retest
New Tests integrated into TET: none
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Bug Description: Change ldapserver version to 1.0
Reviewed by: Noriko (Thanks!)
Fix Description: This also fixes some lingering build issues involving
perldap, which is no longer a separate setup package, but just gets
included into DS in a similar manner to nspr, nss, etc.
Platforms tested: RHEL4
Flag Day: no
Doc impact: no
QA impact: should be covered by regular nightly and manual testing
New Tests integrated into TET: none
|
| |
|
|
| |
duplicate values for system-only multivalued attributes. This change just skips the dscorepropagationdata attibute when receiving a change from DirSync.
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
improper use of ldap_get_next.
|
| |
|
|
| |
certain changes to not get synched.
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bug Description: ./ns-slapd crashes on bind containing invalid dn and password
Reviewed by: Noriko (Thanks!)
Branch: HEAD
Fix Description: It's really crashing on the search request. The problem is that the server assumes all strings are encoded in utf8 format, since that is the only encoding allowed by the LDAP standards. Non-utf8 works in most places except the function slapi_utf8StrToLower(), which returns NULL given a string of non-utf8 bytes. The fix for this particular problem is to check for a NULL return value and handle accordingly.
The real solution to this problem would be for the server to check for valid utf8 strings in _all_ LDAP data, according to the syntax of the attribute (e.g. for binary or octet string syntax data, and other binary formats, all bets are off, but then we shouldn't be doing strtolower on these blobs either).
And, while we're at it, add data validation based on syntax for _all_ attributes e.g. in a pre-op.
Platforms tested: RHEL4
Flag Day: no
Doc impact: no
QA impact: should be covered by regular nightly and manual testing
New Tests integrated into TET: none
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Bug Description: slapd crashes during SASL authentication
Reviewed by: Noriko (Thanks!)
Branch: HEAD
Fix Description: I could not reproduce the crash. I tried several different ways - no password in entry, empty password in entry, SSHA hashed password in entry - no crashes. No useful information from the FDS bug reporter either. In fact I found that SASL Digest-MD5 was not working at all. We needed to use the SASL_AUX_PASSWORD_PROP define instead of hardcoding "userpassword" - I guess sasl is case sensitive. I also fixed some missing new lines in log messages.
Platforms tested: RHEL4
Flag Day: no
Doc impact: no
QA impact: should be covered by regular nightly and manual testing
New Tests integrated into TET: none
|
| |
|
|
|
|
|
|
| |
1) Eliminated SLAPD_MODUTIL_TREE_THREASHHOLD from attr.c as well as valueset.c.
With this change, if an attribute has more than 1 value to add/replace/delete,
it creates an AVL tree to check the duplicates.
2) Replace was not checking the duplicated value at all. Added a code to put
the attribute values into the AVL tree as being done for add and delete.
|
| |
|
|
|
|
| |
By default, it dumps the entire entry. (it used to be truncated at the BUFSIZ
size). In case no need to dump the entire entry, introduced the truncate option
"-t".
|
| |
|
|
| |
access of memory which sometimes resulted in crashing.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Bug Description: Daily Acceptance: Directory Install failed to register Directory server as a Red Hat server (81)
Reviewed by: Nathan (Thanks!)
Fix Description: The index code, in the replace case, was not checking to see if there were
actually any values to delete before attempting to delete them. This fix just
checks to see if there are any values to delete.
Platforms tested: RHEL3
Flag Day: no
Doc impact: no
QA impact: should be covered by regular nightly and manual testing with the new indexing tests
New Tests integrated into TET: none
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
| |
Bug Description: Directory Server crashes when deleting a view
Reviewed by: Nathan (Thanks!)
Fix Description: Needed to pass in the _address_ of theCache.pCacheViews to views_cache_add_ll_entry. Yet another lesson in using the compiler to catch type errors rather than casting to void*.
Platforms tested: RHEL3
Flag Day: no
Doc impact: no
QA impact: should be covered by regular nightly and manual testing
New Tests integrated into TET: none
|
| |
|
|
|
|
|
|
|
|
|
| |
Bug Description: Adding multiple attributes using a single ldapmodify crashes ns-slapd
Reviewed by: Nathan (Thanks!)
Fix Description: In C, the array '[]' dereference operator takes precedence over the '*' deref operator. In this case, I needed to put parentheses around the pointer dereference to avoid having array dereferenced first. modary is a pointer to an array, not an array, so I can't dereference it with the array operator until I first dereference the pointer.
Platforms tested: RHEL3
Flag Day: no
Doc impact: no
QA impact: should be covered by regular nightly and manual testing
New Tests integrated into TET: none
|
| |
|
|
| |
subtrees that the operation applies to
|
| |
|
|
|
| |
in a critical section. This fix creates a mutex at init time and uses that
mutex to create a critical section around all PAM API access.
|
| |
|
|
| |
returning SUCCESS.
|
| |
|
|
|
|
|
| |
Coding done by David Irving, Fred Brittain, and Aaron Gagnon
Reviewed by Rich Megginson - minor changes to md5_pwd.c
Tested on RHEL3 with FDS post-7.1
Does not include the OpenLDAP migration script - that will be handled separately
|
| |
|
|
| |
Plus fixed branding/version number.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
| |
Bug Description: Reliab 05: chaining backend test core dumped on HPUX backend
Reviewed by: Noriko (Thanks!)
Fix Description: This is a 64 bit issue. For ber_scanf, the "i" and "e" flags require a pointer to a long. There were a couple of places in the chaining backend code where we were passing in an int instead. This works fine on 32 bit where ints and longs are both 32 bits. I did a quick check through the code - these were the only places not using longs. The only way you would see this bug is in a "hub" chaining backend - one that gets requests from a mux and chains them to another farm server, or possibly on a mux in certain conditions.
Platforms tested: HP-UX 11.i 64 bit
Flag Day: no
Doc impact: no
QA impact: rerun chaining tests
New Tests integrated into TET: none
|
| |
|
|
| |
replication. Add an error string returned to clients if an illegal attribute is configured
|
| |
|
|
| |
the acquire process has been successful thus far.
|
| |
|
|
| |
failed when it failed due to attempting to do fractional replication to another master.
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
