| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=616618
Change Description:
. renamed 91upgradednformat.pl to 80upgradednformat.pl to run
upgradednformat before 90subtreerename.pl.
. ported following patches applied to Directory_Server_8_2_Branch
to master and 389-ds-base-1.2.6.
612771 - RHDS 8.1/389 v1.2.5 accepts 2 identical entries with
different DN formats
* commit 50bb2ee6676e10cdda704982dfa831efa4011037
Fix Description:
This patch fixes the upgradednformat utility to eliminate the
duplicated DNs found in the upgrading period. Assuming DN:
attr0=value0,attr1=value1,...,attrn=valuen exists in the DB
and another identical DN is found, the second DN is renamed to
nsuniqueid=<uuid>+attr0=value0,attr1=value1,...,attrn=valuen
, where the <uuid> is the unique id assigned to the entry when
the entry is added to the server. The modification is logged
in the error log.
In addition, there was a bug to handle multi-valued RDNs in
slapi_dn_normalize_ext. In case multi-valued RDN appears with
DN value (e.g., nsuniqueid=<uuid>+cn=uid\=<uid>\,o\=<org>,dc=<dc>),
it was not normalized properly. Introduced second rdn_av_stack
(subinitial_rdn_av_stack) for the nested DN value.
See also:
http://directory.fedoraproject.org/wiki/Upgrade_to_New_DN_Format#Another_Upgrade_Scenario
* commit ebaa18adaf201f75c709e078abd8e32605eddb81
Fix Description:
1) In the previous commit 50bb2ee6676e10cdda704982dfa831efa4011037,
there were 3 places to miss replacing rdn_av_count with subrdn_av_count.
2) A variable subtypestart is used to keep the head of nested
multivalued RDNs. For instance,
seeAlso=cn\=<CN>\+l\=<L>\,o\=<O>,dc=examle,dc=com
^ or ^ or ^
There was a bug to set the first position ("cn" in the above example).
In addition, fixed a warning assigning "const char *" to "char *" in
import_foreman (import-threads.c).
* commit 472a2c0f2f21205390ba87c31c498b4419a932ba
Fix Description:
When newly creating an ancestorid index file, instead of
opening the index file with DB_TRUNCATE option, delete
the file then create it.
616135 - Upgrade failure on Solaris :
tar: db/NetscapeRoot/{DBVERSION,*.db4}:
No such file or directory
* commit e6723421e6dc69408edb2a396eb22da361cff206
Fix Description:
.../'{'DBVERSION,*.db4'}' is not a shell syntax. Process DBVERSION
and *.db4 individually.
Cherry-picked 700d7c1a199db4a690740636b8bd3e612304ce1e and
0b6ddc9b06845bdf385e749f2c5a99497df20d98 from
389-ds-base-1.2.6 branch.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=547503
Resolves: bug 547503
Bug Description: replication broken again, with 389 MMR replication and TCP errors
Reviewed by: nhosoi (Thanks!)
Branch: master
Fix Description: When turbo mode is used for the connection, the server does
not poll for read ready status in the main loop, nor go through the code in
handle_pr_read_ready that updates conn->c_idlesince. So while the conn is in
turbo mode, the c_idlesince is not updated. If the conn gets a timeout while
reading, a flag will be set on the connection that will put it back in the
main loop. When it then hits handle_pr_read_ready, if there is still no
activity on the connection, it will go through idle timeout processing. It
may have been a long time since c_idlesince was updated, so the connection
may be closed wrongly.
The solution is to have c_idlesince updated in connection_threadmain() in
turbo mode if the connection really isn't idle.
In addition, the conn private turbo_mode flag was not being used correctly -
in the timeout case, the local variable was being updated but not the
conn private turbo_flag. Since the conn private turbo_flag is not used
anywhere else, it can be removed, and just use the local variable.
Platforms tested: RHEL5 x86_64
Flag Day: no
Doc impact: no
(cherry picked from commit 9d638b3fc25fbc57884a511744943499c7102f40)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=614242
Resolves: bug 614242
Bug Description: C99/ANSI C++ related compile errors on HP-UX
Reviewed by: rmeggins
Branch: HEAD
Fix Description: In lib/ldaputil/vtable.c, a global static struct is declared and initialized to
{}. I see gcc allows this, and aCC does also but only with -AA ("newly
supported ANSI C++ Standard features").
In ldap/servers/slapd/tools/ldclt/ldclt.c, an array size is set using a
variable, which I think is legal in C99. Since the size is not computed, and
this is the only place C99 is taken advantage of, this can be changed to a
then I would instead add the -AC99 compiler flag for HP-UX.
Platforms tested: HP-UX
Flag Day: no
Doc impact: no
Patch submitted by: Ulf Weltman <ulf.weltman@hp.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When a change was made to a DN mapped attribute in DS (such as
uniqueMember in a group entry), we may end up searching for the
entries that those values point to in AD when winsync is being
used. We were overwriting the "raw entry" pointer every time we
searched for an entry in AD. The raw entry is intended to point
to the entry that the original modification was made to, not the
entry that a DN mapped attribute value points to.
The fix is to add a flag that will force the raw entry to be kept
when we search for an entry in AD. We set this flag when we search
for entries that are pointed to be DN mapped attribute values and
reset it when we are finished. This results in the raw entry being
the actual entry that is the target of the operation we are syncing.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=609255
12237 UNINIT Triaged Unassigned Bug Minor Fix Required
vlv_trim_candidates_byvalue() ds/ldap/servers/slapd/back-ldbm/vlv.c
Commit:
There is almost no chance to pass uninitialized typedown_value to
ber_bvecfree unless vlv_request_control value is NULL. Anyway, we
init typedown_value to NULL.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=609255
12236 UNINIT Triaged Unassigned Bug Minor Fix Required
dblayer_get_aux_id2entry() ds/ldap/servers/slapd/back-ldbm/dblayer.c
Comment:
If a backend instance info (inst) or ldbminfo (li) or dblayer private
info (opriv) is not available, uninitialized priv is passed to
slapi_ch_free_string and slapi_ch_free. We need to init priv to NULL
and handle done: case if priv is NULL.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=609255
12233 UNINIT Triaged Unassigned Bug Minor Fix Required
preop_modify() ds/ldap/servers/plugins/uiduniq/uid.c
Comment:
This is not an issue since attrName is an output variable
for getArguments at the line 689. But to make coverity
happy, we init attrName to NULL.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=609255
12230 UNINIT Triaged Unassigned Bug Minor Fix Required
preop_add() ds/ldap/servers/plugins/uiduniq/7bit.c
Comment:
Some cases such as NULL attrName is passed or it does not have a value,
uninitialized "violated" is passed to slapi_ch_smprintf via issue_error.
We should init violated to NULL.
12231 UNINIT Triaged Unassigned Bug Unspecified Fix Required
preop_modify() ds/ldap/servers/plugins/uiduniq/7bit.c
Comment:
Some cases such as NULL attrName is passed or mods were empty,
uninitialized "violated" is passed to slapi_ch_smprintf via issue_error.
We should init violated to NULL.
12232 UNINIT Triaged Unassigned Bug Minor Fix Required
preop_modrdn() ds/ldap/servers/plugins/uiduniq/7bit.c
Comment:
Some cases such as NULL attrName is passed or it does not have a value,
uninitialized "violated" is passed to slapi_ch_smprintf via issue_error.
We should init violated to NULL.
|
| |
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=609255
12225 UNINIT Triaged Unassigned Bug Minor Fix Required
windows_private_update_dirsync_control() ds/ldap/servers/plugins/replication/windows_private.c
Comment:
If DIRSYNC control is not found, uninitialized serverCookie is passed
to ber_bvfree. We should init serverCookie to NULL.
|
| |
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=609255
12224 UNINIT Triaged Unassigned Bug Minor Fix Required
windows_private_update_dirsync_control() ds/ldap/servers/plugins/replication/windows_private.c
Comment:
If DIRSYNC control is not found, uninitialized ber is passed to
ber_free. We should init ber to NULL.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=609255
12223 UNINIT Triaged Unassigned Bug Minor Fix Required
my_ber_scanf_attr() ds/ldap/servers/plugins/replication/repl5_total.c
Comment:
In case an error occurs between the line 594 and the line 648,
uninitialized value is passed to slapi_value_free. Need to init
value to NULL
|
| |
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=609255
12222 UNINIT Triaged Unassigned Bug Minor Fix Required
replica_get_purl_for_op() ds/ldap/servers/plugins/replication/repl5_plugins.c
Comment:
In case of an error "cannot obtain consumer connection extension or supplier_ruv", uninitialized purl is returned to the caller. Init purl to NULL
|
| |
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=609255
12221 UNINIT Triaged Unassigned Bug Minor Fix Required
create_NSDS50ReplicationExtopPayload() ds/ldap/servers/plugins/replication/repl_extop.c
Comment:
unlikely to cause a problem, but we should init repl_obj to NULL
|
| |
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=609255
12220 UNINIT Triaged Unassigned Bug Minor Fix Required
create_NSDS50ReplicationExtopPayload() ds/ldap/servers/plugins/replication/repl_extop.c
Comment:
unlikely to cause a problem, but we should init sdn to NULL
|
| |
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=609255
12216 UNINIT Triaged Unassigned Bug Minor Fix Required
private_protocol_factory() ds/ldap/servers/plugins/replication/repl5_protocol.c
Comment:
should be impossible for type to be anything but one of the
valid values, but it wouldn't hurt to init prp to NULL anyway
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=609255
12215 UNINIT Triaged Unassigned Bug Minor Fix Required
_cl5LDIF2Operation() ds/ldap/servers/plugins/replication/cl5_api.c
Comment:
should init rawDN to NULL and check if it is NULL before using it.
If rawDN is NULL, it returns error CL5_BAD_FORMAT.
Comment on the particular rawDN at the line 5218:
* When it comes here, case T_DNSTR is already
* passed and rawDN is supposed to set.
* But it's a good idea to make sure it is
* not NULL.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=609255
12210 UNINIT Triaged Unassigned Bug Minor Fix Required
str2entry_fast() ds/ldap/servers/slapd/entry.c
Comment:
ptype is always NULL the first time through the loop, so a will
always be initialized to NULL. But we should explicitly initialize
it to NULL in the declaration.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=611850
Resolves: bug 611850
Bug Description: fix coverity Defect Type: Error handling issues
Reviewed by: nhosoi (Thanks!)
Branch: HEAD
Fix Description: Check the error return from the functions. In some cases,
I was able to figure out that the calling function should perform additional
error handling (return early, goto error label), but in general the code
just logs an appropriate error message and continues. I was able to get
rid of some more libacl code. I removed an unused variable from modify.c
Platforms tested: RHEL5 x86_64
Flag Day: no
Doc impact: no
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=610177
Resolves: bug 610177
Bug Description: fix coverity Defect Type: Uninitialized variables issues
Reviewed by: nhosoi (Thanks!)
Branch: HEAD
Fix Description: Initialize variables to 0, NULL, or an appropriate error
code. Got rid of the unused lexer code.
Platforms tested: RHEL5 x86_64
Flag Day: no
Doc impact: no
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
GLUE_PARENT_ENTRY before freeing them
https://bugzilla.redhat.com/show_bug.cgi?id=602531
Resolves: bug 602531
Bug Description: coverity: op_shared_delete: compare preop entry and GLUE_PARENT_ENTRY before freeing them
Reviewed by: nhosoi (Thanks!)
Branch: HEAD
Fix Description: Get the pre entry and glue parent entries separately,
compare them, and only free one of them if they are the same.
Platforms tested: RHEL5 x86_64
Flag Day: no
Doc impact: no
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
entries before freeing them
https://bugzilla.redhat.com/show_bug.cgi?id=602530
Resolves: bug 602530
Bug Description: coverity: op_shared_modify: compare pre, post and original entries before freeing them
Reviewed by: nhosoi (Thanks!)
Branch: HEAD
Fix Description: Get the pre entry and post entry separately, compare them to
e and to each other before attempting to free them.
Platforms tested: RHEL5 x86_64
Flag Day: no
Doc impact: no
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=609590
Resolves: bug 609590
Bug Description: fix coverity Defect Type: Memory - corruptions issues
Reviewed by: nhosoi (Thanks!)
Branch: HEAD
Fix Description: The code wants to allocate space for a struct berval, not
struct berval *.
Platforms tested: RHEL5 x86_64
Flag Day: no
Doc impact: no
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=609590
Resolves: bug 609590
Bug Description: fix coverity Defect Type: Memory - corruptions issues
Reviewed by: nhosoi (Thanks!)
Branch: HEAD
Fix Description: The code is allocating space for an array of int which is
4 bytes. In this case, since type_name_disposition is int**, doing
*type_name_disposition is still a pointer type rather than the int type. We
have to do **type_name_disposition to get to the int type we want.
Platforms tested: RHEL5 x86_64
Flag Day: no
Doc impact: no
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=609590
Resolves: bug 609590
Bug Description: fix coverity Defect Type: Memory - corruptions issues
Reviewed by: nhosoi (Thanks!)
Branch: HEAD
Fix Description: The code is allocating an array of struct dynalib *, so the
sizeof needs to use (struct dynalib *) not (struct dynalib).
Platforms tested: RHEL5 x86_64
Flag Day: no
Doc impact: no
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=609590
Resolves: bug 609590
Bug Description: fix coverity Defect Type: Memory - corruptions issues
Reviewed by: nhosoi (Thanks!)
Branch: HEAD
Fix Description: The point of this code is to copy the conn authtype to
the operation authtype, so just do that.
Platforms tested: RHEL5 x86_64
Flag Day: no
Doc impact: no
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=609590
Resolves: bug 609590
Bug Description: fix coverity Defect Type: Memory - corruptions issues
Reviewed by: nhosoi (Thanks!)
Branch: HEAD
Fix Description: ACLPB_MAX_ATTR_LEN is the buffer size including the trailing
null, not the strlen.
Platforms tested: RHEL5 x86_64
Flag Day: no
Doc impact: no
|
| |
|
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=609590
Resolves: bug 609590
Bug Description: fix coverity Defect Type: Memory - corruptions issues
Reviewed by: nhosoi (Thanks!)
Branch: HEAD
Fix Description: Just error and return if nread is < 0.
Platforms tested: RHEL5 x86_64
Flag Day: no
Doc impact: no
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=609590
Resolves: bug 609590
Bug Description: fix coverity Defect Type: Memory - corruptions issues
Reviewed by: nhosoi (Thanks!)
Branch: HEAD
Fix Description: If there was an error, set filter to NULL so we won't attempt
to free static memory.
Platforms tested: RHEL5 x86_64
Flag Day: no
Doc impact: no
|
| |
|
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=609590
Resolves: bug 609590
Bug Description: fix coverity Defect Type: Memory - corruptions issues
Reviewed by: nhosoi (Thanks!)
Branch: HEAD
Fix Description: The cnt parameter is not used, so just get rid of it.
Platforms tested: RHEL5 x86_64
Flag Day: no
Doc impact: no
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=603942
Resolves: bug 603942
Bug Description: null deref in _ger_parse_control() for subjectdn
Reviewed by: nkinder (Thanks!)
Branch: HEAD
Fix Description: Needed to pass &orig to ber_scanf 'a' instead of orig. Also,check for NULL before doing strlen(orig).
Platforms tested: RHEL5 x86_64
Flag Day: no
Doc impact: no
(cherry picked from commit 82625ebf670c0f234e8bcbf18420e84b325e359e)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
rename switch is on
https://bugzilla.redhat.com/show_bug.cgi?id=578296
Change Description:
1) ldbm_back_next_search_entry_ext (ldbm_search.c)
When getting an entry from ID using id2entry_ext, pass a flag
ID2ENTRY_ADD_ENTRYDN to add entrydn to the entry.
2) id2entry_ext (id2entry.c)
Added id2entry_ext to handle the flag ID2ENTRY_ADD_ENTRYDN.
If ID2ENTRY_ADD_ENTRYDN is set in the flags variable and
entryrdn switch is enabled, entrydn is added to the entry.
3) index_read_ext (index.c)
If entryrdn switch is on and the attribute type is entrydn and
the search type is equality, then call entryrdn_index_read
to get the ID directly.
|
| |
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=605827
Description: 70upgradednformat.pl does nothing if the server is up.
The upgrade script is effective only when it's called in the Off-
line mode.
(cherry picked from commit a109da80a8eae4400b42a27bb5de604f9aee344d)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
failure in PR_Poll
https://bugzilla.redhat.com/show_bug.cgi?id=604453
Resolves: bug 604453
Bug Description: SASL Stress and Server crash: Program quits with the assertion failure in PR_Poll
Reviewed by: nhosoi (Thanks!)
Branch: master
Fix Description: When the server pushes the SASL IO layer on to the connection
it must do so when there are no other references to the connection. The only
way to do this without introducing more locking is to have the saslbind code
just register the intent to push SASL IO at the next available time. This
cannot be done in the sasl bind code (or any operation code for that matter)
because connection_threadmain() will enable the connection for reading
(and polling) after reading the PDU and before calling the operation
function. Therefore, during the operation function, the connection may be
being actively polled, so we must not access the conn c_prfd.
The best place to push the IO layer is in connection_threadmain, after the
server has notified that there is read ready on the connection, but before
we have actually attempted to read anything. At this point,
connection_threadmain is the only thread that will be accessing the
connection, and if we push or pop the IO layer before calling the read
function, we are guaranteed to have the correct IO layer to use.
The code has been made generic enough to allow for use by the startTLS code
if the need arises.
I also added some more locking in the saslbind code, and changed the sasl IO
code to more closely resemble the way that the NSS code deals with IO
layer push/pop.
Platforms tested: RHEL5 x86_64
Flag Day: no
Doc impact: no
(cherry picked from commit c28fcadfc7812108573e40f13624e11a5a8609e5)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
failure in PR_Poll
https://bugzilla.redhat.com/show_bug.cgi?id=604453
Resolves: bug 604453
Description: SASL Stress and Server crash: Program quits with the assertion failure in PR_Poll
Branch: master
Reviewed by: nhosoi (Thanks!)
Fix Description: We usually do not have to pop the IO layer from the SASL
connection. This is usually handled by PR_Close() on the PRFD, which should
only happen when the connection is not being referenced by the main PR_Poll()
call. The only time we need to explicitly pop the SASL IO layer is if the
client re-negotiates the SASL bind with a different ssf e.g. going from
clear to protected or vice versa.
Platforms tested: RHEL5 x86_64
(cherry picked from commit ac6ce0947d9b2d5ec3649948bca861f0e318d708)
|
| |
|
|
|
|
|
|
|
|
|
| |
also applied to "cn=directory manager"
https://bugzilla.redhat.com/show_bug.cgi?id=606920
Description: When a timelimit (as well as a sizelimit) is successfully
retrieved from SLAPIResLimitConnData, the value is always set to pblock.
With this change, it sets "no limit (-1)" if the operation is initiated
by Directory Manager.
|
| |
|
|
|
|
|
|
|
| |
If a password is changed using the password modify extended
operation, the modify used to modify the password will be leaked
if the change is rejected due to password policy or access control
settings.
This patch frees the mod when the password change is rejected.
|
| |
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=574101
Description: To create the ID list for child entries of to-be-renamed
entry, an inappropriate function (idl_append) was used. The function
expects the passed IDs are sorted. If not sorted, idl_insert should
be used instead.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=597375
Fix Description:
1) When a backend was removed, the db instance directory was removed
as well (See also 463774 - index files for database should be deleted
when db is deleted). In case DB_RECOVER_FATAL is set in the DB open
after the removal (e.g., in restore), the logs in the transaction
logs are replayed and compared with the contents of the DB files.
At that time, if the db instance directory does not exist, libdb
returns FATAL error. To prevent the problem, we have to leave the
empty directory.
2) When removing index files, we don't have to open index files
with CREAT flag.
Note: In the bug 463774, the server was fixed so that once a db
backend is removed, the db instance directory is removed. With
this fix (597375), the backend removal leaves the empty db instance
directory. Plus, if backup is restored, even if the backup was
made after the backend is deleted, the restore could create empty
DB files in the deleted db instance directory if the transaction
log files still contain the history of the deleted backend.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=595874
Resolves: bug 595874
Bug Description: 99user.ldif getting overpopulated
Reviewed by: self
Branch: HEAD
Fix Description: The schema code was adding X-ORIGIN 'user defined' to all
schema elements that had no X-ORIGIN. It should only add user defined to
schema elements from the user defined schema file, not to schema defined
in standard (read only) schema files. It looks like the code should work
fine if the schema element has no origin, so there is no reason to add
an origin for schema other than user defined schema.
Platforms tested: RHEL5 x86_64
Flag Day: no
Doc impact: no
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=593392
Resolves: bug 593392
Bug Description: setup-ds-admin.pl -k creates world readable file
Reviewed by: thoger (Thanks!)
Branch: HEAD
Fix Description: Use umask to make sure we create a .inf file that is
only viewable by the user. In addition, only create the temp file and
filename when necessary. In some places, the code was creating a .inf
file on disk when it could just create one in memory. The code should
check to see if the Inf object has a file associated with it before
attemtping to unlink it. Make sure we do not unlink a .inf file given
with -f on the command line. If the user specified -k, always write to
a temp file using __temp__ as the keyword to tell Inf->write to generate
a temp file.
Platforms tested: RHEL5 x86_64
Flag Day: no
Doc impact: no
|
| |
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=511112
Fix Description: If an entry already having more than 25 password
history attributes is added and password modify is performed on
the entry, it overflows the fixed length values_replace array and
crashes the server. This patch protects the overflow.
|
| |
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=595893
Fix Description: It must be guaranteed that ndn returned
from slapi_sdn_get_ndn is normalized. Putting back the
normalization code in slapi_sdn_get_ndn.
|
| |
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=593899
Additional fix: if a target value is double quoted followed by
trailing spaces, the double quotes were not correctly handled.
Sample failed case:
aci: ( target = "ldap:///ou=organizationalUnit, o=test_ACIs.com" )
^
Changed to call __acl_strip_trailing_space to remove them.
|
| |
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=588867
Fix description: _sparcv9_AtomicAdd, _sparcv9_AtomicSub, and
_sparcv9_AtomicSet were not correctly declared. It brought
in the implicit function declaration, where the return value
were casted to 32-bit integer and the comparison against the
64-bit unsigned integer failed. The comparison was in the
endless loop and it caused the server hang.
|
| |
|
|
|
|
|
|
|
| |
The new repl sesssion API will crash when adding a replication agreement.
It should check to see if there is a repl session api before attempting
to get the init function.
Reviewed by: nhosoi
Branch: HEAD
Platforms tested: RHEL5 x86_64
|
| |
|
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=593899
Fix Description: There was a bug if an invalid syntax acl was given
(e.g., the value of userdn was not double quoted), normalize_nextACERule
mistakenly continued processing the acl and eventually tried to
allocate a huge size of memory (since the end address was less
than the start address, end - start became negative) and it made
the server quit. Added more error handling code to prevent such
failures.
|
| |
|
|
|
|
|
|
|
| |
The anonymous resource limits were not being properly set. This
patch ensures that the limits are set properly when an anonymous
or unauthenticated BIND operation is performed. It also sets the
anonymous limits when we do a read on a connection that has not
yet perfomed a BIND. These limits will be overwritten with any
default or user-based limits once a valid BIND is performed.
|
| |
|
|
|
| |
The previous patch had a mangled function name in
the function prototype. This corrects the name.
|
| |
|
|
|
|
|
|
| |
This adds the ability to write a plug-in to register callbacks for
controlling when replication is allowed to occur. For details,
please see the design document at:
http://directory.fedoraproject.org/wiki/Replication_Session_Hooks
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=593110
Fix description:
ldap/servers/slapd/back-ldbm/dblayer.c -- A memory area that
stores nsslapd-directory was shared between 2 structures:
struct ldbminfo and dblayer_private. In dblayer_post_close,
dblayer_private is released but not struct ldbminfo. The
latter does not know the memory area is freed. This fix
changes it so that each structure has its own copy.
ldap/servers/plugins/acl/acl.c -- A variable result_status
had a chance to be evaluated w/o an initialization.
|
