| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bug Description: upgrade install of ssl enabled servers changes file/dir permisssions from nobody to root
Reviewed by: nhosoi (Thanks!)
Fix Description: The ssloff and sslon operations change several files, by grep/sed to temp
files, then moving the temp files over the original ones. When done as root,
this changes the file ownership to root from the original nobody. In order to
preserve the file/directory ownership, we first figure out the instance, then
use the ownership of that dse.ldif file to determine the server user:group. We
have to do this before the call to SSLOff because SSLOff needs the user:group
to chown the files. Then, every time we create a new file and replace an
existing one, we do a chown $user:$group to preserve the existing file
ownership.
Platforms tested: RHEL4
Flag Day: no
Doc impact: no
|
| |
|
|
| |
ld.so.1: ns-slapd: fatal: libns-dshttpd72.so: open failed: No such file or directory
|
| |
|
|
|
| |
Summary: Processed: parameterizing the hardcoded paths (phase 3. installed binaries, change log, setup)
Comment #29
|
| |
|
|
|
|
|
|
| |
Summary: Use autoconf to generate task perl script templates
Comment #10, #11, #14
Note: This is a generated file by autoconf. Checking this file in to support
the old style build. When migrating to the autotoolized build is completed,
this file is supposed to be removed from CVS.
|
| |
|
|
|
| |
Summary: Use autoconf to generate task perl script templates
Comment #10, #11, #14
|
| |
|
|
|
|
|
|
| |
Summary: Use autoconf to generate task perl script templates
Changes:
1) added template files to AC_CONFIG_FILES list
2) added db_bindir and ldapsdk_bindir to pass their tools path to the template
files. The paths are hardcoded for now.
|
| | |
|
| |
|
|
|
| |
Summary: parameterizing the hardcoded paths (phase 3. installed binaries, change log, setup)
Comment #23
|
| |
|
|
| |
Phase one of implementing new GNU Automake/Autoconf build system.
|
| | |
|
| |
|
|
|
| |
spurious search timeouts (comment #7)
fixed anoter int vs. time_t type mismatch.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Bug Description: deleting attributes when changing password causes server crash
Reviewed by: nhosoi (Thanks!)
Fix Description: From Michal: "The function mod2smod does not check for mod->mod_bvalues being NULL and tries
to dereference it (modutil.c:370). This function happens to be called only by
slapi_mods_get_{first,next}_smod(), which are in turn called only by
check_trivial_words() in pw.c; this is why the crash appears only when checking
password syntax."
I added the same check for the mod_values case - even though the
code says this should never be called, better to be safe than sorry.
Platforms tested: RHEL4
|
| |
|
|
|
|
|
| |
enable rpmbuild,
I inadvertantly removed the packaging for ds-nshttpd from the gateway. This adds it back
for USE_DSGW=1 builds.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
cert, and instance dir)
1) introduced these 3 new config attributes:
nsslapd-lockdir, nsslapd-tmpdir, nsslapd-certdir,
and eliminated: nsslapd-instancedir.
2) replaced the hardcoded paths with the corresponding attribute value in the
server as well as in the create/remove instance codes.
3) moved snmp stats file to the nsslapd-tmpdir
4) moved the server instance dir to <prefix>/lib/<brand>-ds/slapd-<id>
|
| |
|
|
|
|
|
|
|
|
|
| |
Bug Description: one byte memory leak in modify
Reviewed by: nhosoi (Thanks!)
Files: see diff
Branch: HEAD
Fix Description: Just call slapi_ch_free_string() with the mod->mod_type. This is safe to call with NULL.
Platforms tested: RHEL4
Flag Day: no
Doc impact: no
|
| |
|
|
|
|
|
|
|
| |
Bug Description: Memory leak in ldbm_config.c:replace_ldbm_config_value
Reviewed by: nhosoi (Thanks!)
Fix Description: Just needed to call slapi_mods_done(&smods) after the call to slapi_modify_internal_pb(). This is the same as in the other places in the server that perform an internal modify operation.
Platforms tested: RHEL4
Flag Day: no
Doc impact: no
|
| |
|
|
|
|
|
|
|
| |
Bug Description: Can't update scripts (e.g., start-slapd) in the instance directory
Reviewed by: ???
Fix Description: ns-update needs to run ds_create -r for each instance in the server root because the start-slapd et. al. scripts that it needs to recreate are per-instance. The install.inf passed in from setup only contains the information in the [General] and [admin] section. We need to supply the missing information for the [slapd] section to make both create_scripts() and reconfigure_instance() happy.
Platforms tested: RHEL4
Flag Day: no
Doc impact: no
|
| |
|
|
|
|
|
|
|
| |
Bug Description: PAM passthru plugin causes directory server to crash
Reviewed by: nhosoi (Thanks!)
Fix Description: If the DN given in the BIND request is bogus i.e. not a valid DN (at least not one that ldap_explode_dn can parse), we should just skip the PAM processing and just report a reasonable error to the client. Similarly, if the map method says to lookup the pam ID from the bind DN entry, and the entry cannot be found, just report an error and skip pam processing.
Platforms tested: FC5
Flag Day: no
Doc impact: no
|
| |
|
|
|
|
|
|
|
| |
Bug Description: Change version to 1.0.3
Reviewed by: nkinder, nhosoi (Thanks!)
Fix Description: Update version strings and etc. to 1.0.3
Platforms tested: FC5
Flag Day: no
Doc impact: no
|
| |
|
|
|
|
|
|
|
| |
Bug Description: incorrect base64 encoding of SHA passwords crashes server
Reviewed by: nkinder (Thanks!)
Fix Description: Check the return value of ldif_base64_decode to see if it is less than zero first before the other comparisons. This is the error condition, so we can just return an error. Additionally, the other comparisons with the unsigned should be ok since we know that the hash_len is a positive number.
Platforms tested: FC5
Flag Day: no
Doc impact: no
|
| |
|
|
|
|
|
|
|
|
| |
Bug Description: Branding: Netscape Directory Server Gateway
Reviewed by: nkinder (Thanks!)
Fix Description: There were quite a few places in the dsgw/phonebook that referred to Netscape Directory Server. These have been removed.
Nathan found a couple of places where I missed some netscape.com URLs, and suggested I remove references to Collabra server.
Platforms tested: FC5
Flag Day: no
Doc impact: no
|
| |
|
|
| |
Fixed a problem that ldapsearch reports random timeouts on 64-bit machine.
|
| |
|
|
| |
phase 1. parameterizing config, schema and ldif directory
|
| |
|
|
| |
always copying from the beginning of the buffer.
|
| |
|
|
|
|
| |
support
comment#5: Fixed a stupid copy and paste bug...
|
| |
|
|
|
|
|
|
| |
slapi-private.h: introduced PRLDAP_SET_PORT to set port to the port field in
PRNetAddr. A copy of the same macro in LDAP C SDK (v6). Note: once NSPR
provides an equivalent API, we may want to replace this macro with the one.
(the NSPR compatibility issue remains, though.)
connection.c, daemon.c: replaced PR_SetNetAddr with PRLDAP_SET_PORT.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Bug Description: PAM passthru: ENTRY map method not working and schema incorrect
Reviewed by: nhosoi (Thanks!)
Fix Description:
1) Rename all occurrences of pamMapMethod to pamIDMapMethod
2) The parsing code for the map method was just plain wrong - it wasn't
incrementing the pointer correctly.
3) This code: if (one == two == three == PAMPT_MAP_METHOD_NONE) - is not correct.
Platforms tested: RHEL4
Flag Day: no
Doc impact: no
|
| |
|
|
|
|
|
|
| |
Description: Enable rpmbuild of directory server
Fix Description: RELDIR is not defined in lib/ldaputil/Makefile, so just
remove the certmap.conf packaging from there and add it to ldap/cm/Makefile
The perldap packaging has changed for internal builds as well.
Tested on: Solaris
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Description: Enable rpmbuild of directory server
Fix Description: You can set env. vars. to override all of the LIB and INCLUDE paths with the
make -e flag. I moved all of the external component packaging stuff into the
packageDirectory target of ldap/cm/Makefile, and moved the "packaging" of the
internal files into the releaseDirectory target. So the releaseDirectory
target will now copy all of the ldapserver binaries and runtime files into
their correct places under RELDIR, which is then used to create the rpm. There
were a couple of other places that needed to change the way a particular file
was packaged in order ot make sure it was packaged in the core ds and not as an
external component.
Tested on: RHEL4
Reviewed by: nhosoi (Thanks!)
|
| |
|
|
|
|
|
|
|
|
|
| |
Bug Description: pass thru auth plugin should be configured by default
Reviewed by: rcritten (Thanks!)
Fix Description: If you do a core DS build, you don't have a config DS or a user DS, and
therefore the pass thru auth plugin is not added to the server config. It
should always be added, disabled if not used immediately. The fix is to add it in this case, disabled.
Platforms tested: RHEL4
Flag Day: no
Doc impact: no
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Description: Enable core DS build
Fix Description:
1) Need to package lib/ldaputil/certmap.conf into shared/config/certmap.conf
in DS build if not using admin server
2) We create shell script wrappers for the sectools (certutil, etc.). This
was being done in the setuputil related code in ldap/cm/newinst. This has
been moved to the more generic ldap/admin/src directory where other similar
scripts live.
Tested on: RHEL4 64
|
| | |
|
| |
|
|
|
|
| |
Description: Enable DS Core build/install on HP-UX
Fix Description: remove some bogus adminutil and nsdshttpd stuff from the plugin makefiles
Reviewed by: nhosoi (Thanks!)
|
| |
|
|
|
| |
Description: Enable DS Core build/install on Solaris
Fix Description: Make BUILD_JAVA_CODE default to 0; use CGI::Util::escape instead of URI::Escape because the former is available on all of our platforms
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bug Description: Enable core DS build
Reviewed by: nkinder, nhosoi (Thanks!)
Fix Description: I turned off all of the other components in the build,
such as adminserver, setuputil, clients, etc. and enabled the packaging
step when building just the core DS. Now, when you build just the core
DS, you get a slapd.tar.gz which you unpack in the server root you
create e.g. mkdir /opt/rhds ; cd /opt/rhds ; tar xfz slapd.tar.gz
In order to create an instance, you have to use the ds_newinst.pl script
as described here -
http://directory.fedora.redhat.com/wiki/Install_Guide#Installing_just_the_core_directory_server
I also got rid of several references to adminutil that are not needed
anymore.
Platforms tested: RHEL4 64
Flag Day: Yes. In order to build the full setuputil/adminserver
package, you must specify USE_SETUPUTIL=1 USE_ADMINSERVER=1 etc. on the
make/gmake command line.
Doc impact: no
QA impact: should be covered by regular nightly and manual testing
New Tests integrated into TET: I need to change the acceptance tests to
be able to test just the core DS package.
|
| | |
|
| |
|
|
|
|
|
|
|
| |
Changes:
1) When ber_get_next_buffer_ext fails, not just LBER_DEFAULT but
LBER_OVERFLOW can be set to the ber tag. Thus, LBER_OVERFLOW is also
checked in the error check now.
2) The too large length error used be checked as "errno == EMSGSIZE",
which is replaced with "tag == LBER_OVERFLOW"
|
| | |
|
| |
|
|
| |
removed "-z defs" from the command line building libslapd.so and libback-ldbm.so.
|
| | |
|
| | |
|
| |
|
|
| |
Fix Descrition: Stopped using basename and dirname.
|
| | |
|
| |
|
|
| |
operation
|
| | |
|
| |
|
|
| |
fallback and secure config attrs
|
| |
|
|
| |
If NOTFOUND is returned from new idl, keep ALLID to check with the filter later.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Bug Description: Close potential security vulnerabilities in CGI code - dsgw get/post arguments
Reviewed by: Noriko and Nathan (Thanks!)
Fix Description: Fortunately, the code was pretty clean already. There
were just a few places I needed to add some file or path name checking.
I also got rid of some code.
Platforms tested: Fedora Core 5
Flag Day: no
Doc impact: no
QA impact: should be covered by regular nightly and manual testing
New Tests integrated into TET: none
|
| |
|
|
|
|
| |
password always remembers initial password on (part 2)]
acl_access_allowed: changed to check the given entry address with the one in aclpb. If they don't match, even if the sdn's match, let acl re-evaluate.
|
