| Commit message (Collapse) | Author | Age | Files | Lines |
... | |
|
|
|
|
|
|
|
|
| |
We were not checking the return value of ldap_parse_result in the
windows_check_user_password() function. The old code was a bit
unclear about setting rc when we encountered errors from
ldap_result(). It also was calling ldap_parse_result() even if
ldap_result() encountered an error. I fixed this code to be a
bit more straightforward.
|
|
|
|
|
|
|
|
|
|
|
| |
Currently, the ldbm_back_ldbm2ldif() function could bail due to an
error before fd is set. We then attempt to close the file that fd
refers to. We should initialize fd to STDOUT_FILENUM, as we skip
calling close() if fd is set to STDOUT_FILENUM.
Additionally, I noticed that we could call close() when fd is
negative or if it is STDERR or STDIN. I fixed this so close() is
not called in those cases.
|
|
|
|
|
|
|
|
|
|
|
| |
The refint plug-in code currently looks as if it could use the
search_result variable when it is uninitialized. I don't believe
that this is possible since it would require the filter variable
to be NULL, which should not occur since slapi_ch_smprintf() would
make the process exit if it failed to allocate memory. Even so,
the correct thing to do from a code cleanliness standpoint is to
move all code that assumes we performed a search into the "if (filter)"
block.
|
|
|
|
|
| |
openldap requires that the protocol version be explicitly set to 3
mozldap defaults to 3, but it doesn't hurt to set it again
|
|
|
|
|
| |
(cov#15521) The oldndn variable was unused in the dncache_replace() function.
This patch removes the unused variable.
|
|
|
|
|
| |
(cov#15521) The newndn variable was unused in the dncache_replace() function.
This patch removes the unused variable.
|
|
|
|
|
|
|
| |
When using slapi_mods_init_byref/get_ldapmods_byref, the slapi_mods code
expects the Slapi_Mods to be read-only. Since the usn code adds a mod
to the list, it needs to use the slapi_mods_init_passin/get_ldapmods_passout
APIs. This avoids an assertion when using --enable-debug.
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=629710
Resolves: 629710
Description: do_escape_string (core of escape_string) converts
'\\ (backslash)' to '\5C' even if the following 2 characters are
hex digits. That is, the character is already escaped. This
patch checks the case and if it is, it does not escape it further.
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
do not change or change very rarely
https://bugzilla.redhat.com/show_bug.cgi?id=627738
Description:
Change made in this commit: cc36301a7cae6737d9f8a0e53bed653a52130a1d
for the following bug introduced a missing-cache-return bug:
id2entry_add_ext replaces an dn instance in the dn cache even if
the DN value is identical. Replace it only when they don't match.
Thanks to andrey.ivanov@polytechnique.fr for finding it out:
https://bugzilla.redhat.com/show_bug.cgi?id=627738#c5
|
|
|
|
|
|
|
|
|
| |
This commit fixes many compiler warnings, mostly for things like unused
variables, functions, goto labels.
One place was using csngen_free instead of csn_free. A couple of places
were using casts incorrectly, and several places needed some casts added.
Tested on: RHEL5 x86_64, Fedora 14 x86_64
Reviewed by: nkinder (Thanks!)
|
|
|
|
|
|
| |
instead of changing the logic to catch matched_val == NULL, make the code
work like it does in earlier releases, but add an explicit check for
matched_val == NULL to avoid using it.
|
|
|
|
|
|
| |
slapi_dn_normalize_original can modify the argument string, so we cannot
pass in a const char *rawdn to that function - instead, pass in a copy
created by slapi_ch_strdup
|
|
|
|
|
| |
use slapi_pblock_set to set the ldap result code for the be postop plugins
instead of slapi_pblock_get
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If an ACI has a targetattr of userPassword and uses the USERDN
keyword, the ACI may not be evaluated correctly for password
change operations. This is caused by the fact that we use a
dummy target entry to check if the pasword change is allowed early
in the operation. This dummy entry will not have any attributes
that the ACI may use.
The fix is to actually fetch the target entry with all of it's
attributes. We still create a dummy entry if the target doesn't
exist to prevent returning a no such entry error when we should be
returning an access denied or insufficient access error.
|
|
|
|
|
|
|
| |
File: ldap/servers/slapd/dn.c
Description: slapi_dn_normalize_ext failed to check a typical
invald DN (e.g., "bogus,dc=example,dc=com"), in which RDN does
not have the type=value format. The problem is fixed.
|
|
|
|
|
|
|
|
|
|
|
|
| |
The DS has some problems with the openldap versions of these functions:
1) They are deprecated - should use the str2[r]dn and [r]dn2str and the
bv versions of those functions instead
2) They escape utf-8 and other values in the strings - the mozldap functions
do not do this
3) They handle double quoted strings, but they remove the quotes - our
code expects the quotes to be left in place
Until we fix our DN handling, and get rid of the double quoted DNs, we just
use the mozldap versions of these functions.
|
|
|
|
|
|
| |
rawdn may be normalized in place - if we add back the '?' to the URL
before we construct the new URL with the normalized DN, we will create
a bogus URL string - so delay that until we construct the new URL
|
|
|
|
|
| |
I missed a couple of places in the acl code that should use
slapi_ldap_url_parse - I also added some more debugging
|
|
|
|
|
|
|
| |
*out will never be NULL here, so we only need to check that src < *out as
the loop condition
when looking for a continuation line, make sure there are two characters
in *out to check
|
|
|
|
|
|
| |
when putting ldif data with the no wrap option, if we removed some
continuation lines, we have to move the output data pointer back since
the continuation line markers are removed in place
|
|
|
|
|
|
|
|
| |
mozldap accepts hostnames in the form host1[:port1] ... hostN[:portN]
in the ldap_init argument and in ldap urls/uris. DS code uses
ldap_initialize() which takes a list of uris in the form
ldap[s]://host1[:port1]/ ldap[s]://host2[:port2]/ ...
We have to convert the host:port list into a list of LDAP uris
|
|
|
|
|
|
|
| |
mozldap supports a non-standard URL extension which allows multiple host:port
combinations - openldap does not support this - fake out openldap by
converting spaces to %20 and all but the last colon to %3A before calling
ldap_url_parse, then unescape ludp->lud_host before returning
|
|
|
|
|
| |
The function ldif_sput already terminates the line with a newline character -
we do not need to add another one when unwrapping a wrapped line.
|
|
|
|
|
|
| |
If the openldap_read_function has returned all of the buffered data,
it needs to set errno to EWOULDBLOCK to let the code know that it needs
to read more data into the buffer.
|
|
|
|
|
|
|
| |
Even though the ldap.conf man page is not really clear about this,
looking at the code in libraries/libldap/tls2.c:ldap_int_tls_start()
if you don't specify LDAP_OPT_X_TLS_REQUIRE_CERT as
LDAP_OPT_X_TLS_NEVER it will check the hostname
|
|
|
|
|
|
| |
The script was looking for 1 and only 1 line returned by the ldapsearch
to see if the given entry is a role. openldap ldapsearch returns an empty
line as the last line. So just change the check to look for 1 or more lines.
|
|
|
|
|
| |
mozldap uses -1 but openldap uses -LLL to suppress printing the
in ldapsearch output - add a flag for this
|
|
|
|
|
|
| |
The logic looking for a missing suffix DN in a parsed URL was incorrect.
In addition, since passthru requires a suffix DN, pass the require_dn
flag.
|
|
|
|
|
|
| |
The value passed to the char * argument to ber_printf 'o' must not be
a NULL, even if the bv_len argument is 0. An empty string "" must
be passed instead.
|
|
|
|
| |
both ptype and type->bv_val are properly null terminated strings
|
| |
|
|
|
|
|
|
|
| |
There are slapi wrappers that hide differences between the openldap and
mozldap ldap and ldif API code. These are now doxygen documented.
Reviewed by: nkinder (Thanks!)
Platforms tested: Fedora 14 (rawhide)
|
|
|
|
|
|
| |
Since these functions are present in mozldap, just use them directly
Reviewed by: nkinder (Thanks!)
Platforms tested: Fedora 14 (rawhide)
|
|
|
|
|
|
|
|
|
| |
There are some differences between the mozldap and the openldap apis:
openldap has deprecated ldap_init in favor of ldap_initialize
openldap has deprecated the regular ldap op functions in favor of their
_ext alternatives
Reviewed by: nkinder (Thanks!)
Platforms tested: Fedora 14 (rawhide)
|
|
|
|
|
|
|
|
|
|
|
| |
Added proxy auth control creation - mozldap has a function to do that but
not openldap
Do not use mozldap filter create function - just create one using
slapi_smprintf
Fix usage of TLS/SSL with new NSS functionality
Created ldif parse wrapper - changed code to use it
Reviewed by: nkinder (Thanks!)
Platforms tested: Fedora 14 (rawhide)
|
|
|
|
|
|
|
|
|
|
| |
We have many scripts that use ldapsearch, ldapmodify, etc. All of these
currently use simple auth. When using the openldap versions of these
scripts, we have to pass the -x argument to use simple auth. A new
configure parameter ldaptool_opts is used to pass this down into the
scripts.
Reviewed by: nkinder (Thanks!)
Platforms tested: Fedora 14 (rawhide)
|
|
|
|
|
|
| |
need to free basedn after use by the internal search
Reviewed by: nkinder (Thanks!)
Platforms tested: Fedora 14 (rawhide)
|
|
|
|
|
|
|
| |
even though AC_CHECK_LIB finds ldap_url_parse_ext, that function is not
part of the public api
Reviewed by: nkinder (Thanks!)
Platforms tested: Fedora 14 (rawhide)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
change or change very rarely
https://bugzilla.redhat.com/show_bug.cgi?id=627738
Description:
1) id2entry_add_ext replaces an dn instance in the dn cache even if
the DN value is identical. Replace it only when they don't match.
2) Modifying the dn cache related labels:
dnEntrycachehits
dnEntrycachetries
dnEntrycachehitratio
dnCurrententrycachesize
dnMaxentrycachesize
dnCurrententrycachecount
dnMaxentrycachecount
===>
dncachehits
dncachetries
dncachehitratio
currentdncachesize
maxdncachesize
currentdncachecount
maxdncachecount
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=531642
Resolves: 531642
Fix description:
1. Introduced a config parameter nsslapd-entryusn-global: on|off to
enable | disable the global mode. By default, off.
In the global mode, search on root dse returns "lastusn: <num>"
without the backend subtype (e.g., "lastusn;userroot: <num>")
2. Added slapi_get_next_suffix_ext to mapping_tree.c, which visits
children as well as siblings in the mapping tree.
(Note: slapi_get_next_suffix does just siblings.)
3. import (ldif2db) adds "entryusn: 0" to every entry unless the
entry already contains the entryusn attribute.
4. ldbm_back_delete, ldbm_back_modify, ldbm_back_modrdn: set
ldap_result_code to pblock so that bepost plugin could see if
the operation was successful or not.
See also http://directory.fedoraproject.org/wiki/Entry_USN#Global_mode
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
entrydn is not present in search results
https://bugzilla.redhat.com/show_bug.cgi?id=628300
Resolves: 628300
Description: Code for supporting entrydn (added for Bug 578296)
contained a bug. If an entry was found in the entry cache,
id2entry_ext returned it without adding the entrydn attribute
value. This patch fixes the problem.
In addition, if the parent DN in the to-be-added entry is not
identical to the real parent DN (e.g., dc=eXAmple vs. dc=example),
replace the string with the real parent DN. This check & replace
is done only when the parent entry is in the entry cache not to
sacrifice the performance.
|
|
|
|
|
|
|
|
|
|
| |
This patch allows multiple memberOfGroupAttr values to be set in the
memberOf plug-in config. This allows different grouping attributes
to be used.
For more details, see the design doc:
http://directory.fedoraproject.org/wiki/MemberOf_Multiple_Grouping_Enhancements
|
|
|
|
|
| |
the name "dn" is being deprecated - the standard attribute name is
"distinguishedName" - ger should support both of these
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=617630
Bug description: CID 12090 was a false positive
description: Undo the commit e23c8bd9994d5592738cb44e1c2b426aba7fbd4a
|
|
|
|
| |
(ldap/servers/plugins/replication/repl5_agmt.c)
|
|
|
|
|
|
| |
The postal_validate() function cannot accept an empty string as a valid
value of postalAddress syntax. In addition, we were not properly checking
a value which did not contain a '$' character.
|
|
|
|
|
|
|
|
|
|
| |
11940 - 12166
https://bugzilla.redhat.com/show_bug.cgi?id=611790
Resolves: bug 611790
Bug description: Fix coverify Defect Type: Null pointer dereferences issues 11940 - 12166
Fix description: Catch possible NULL pointer in ruv_get_replica_generation().
Note: committing the fix on behalf of Endi (edewata@redhat.com).
|
|
|
|
|
|
|
|
|
|
|
| |
11940 - 12166
https://bugzilla.redhat.com/show_bug.cgi?id=611790
Resolves: bug 611790
Bug description: Fix coverify Defect Type: Null pointer dereferences issues 11940 - 12166
Fix description: Catch possible NULL pointer in cos_cache_add_defn().
Note: committing the fix on behalf of Endi (edewata@redhat.com).
|
|
|
|
|
|
|
|
|
| |
11940 - 12166
https://bugzilla.redhat.com/show_bug.cgi?id=611790
Resolves: bug 611790
Bug description: Fix coverify Defect Type: Null pointer dereferences issues 11940 - 12166
Fix description: Catch possible NULL pointer in send_specific_attrs().
|
|
|
|
|
|
|
|
|
| |
11940 - 12166
https://bugzilla.redhat.com/show_bug.cgi?id=611790
Resolves: bug 611790
Bug description: Fix coverify Defect Type: Null pointer dereferences issues 11940 - 12166
Fix description: Catch possible NULL pointer in plugin_invoke_plugin_sdn().
|