February 2006 - 389-commits - Fedora Mailing-Lists

[Fedora-directory-commits] ldapserver component_versions.mk, 1.35.2.2, 1.35.2.3 components.mk, 1.30, 1.30.2.1 internal_comp_deps.mk, 1.24, 1.24.2.1 ldapserver.spec.tmpl, 1.10.2.7, 1.10.2.8 nsdefs.mk, 1.11.2.2, 1.11.2.3

by Doctor Conrad

Author: nhosoi Update of /cvs/dirsec/ldapserver In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv24857 Modified Files: Tag: Directory71RtmBranch component_versions.mk components.mk internal_comp_deps.mk ldapserver.spec.tmpl nsdefs.mk Log Message: [181582] Directory Server 7.1 SP2 packaging Changes: 1) SP1 -> SP2 2) LDAPCSDK v5.16 -> v5.17 3) redhat-ds-7.1SP1-3.RHEL4.i386.opt.rpm -> redhat-ds-7.1SP2-4.RHEL4.i386.opt.rpm 4) modified makefile/script to support copying a component file Index: component_versions.mk =================================================================== RCS file: /cvs/dirsec/ldapserver/component_versions.mk,v retrieving revision 1.35.2.2 retrieving revision 1.35.2.3 diff -u -r1.35.2.2 -r1.35.2.3 --- component_versions.mk 22 Oct 2005 00:07:40 -0000 1.35.2.2 +++ component_versions.mk 15 Feb 2006 21:32:16 -0000 1.35.2.3 @@ -81,7 +81,7 @@ # LDAP SDK ifndef LDAP_RELDATE - LDAP_RELDATE = v5.16 + LDAP_RELDATE = v5.17 endif ifndef LDAPCOMP_DIR LDAPCOMP_DIR=ldapsdk50 Index: components.mk =================================================================== RCS file: /cvs/dirsec/ldapserver/components.mk,v retrieving revision 1.30 retrieving revision 1.30.2.1 diff -u -r1.30 -r1.30.2.1 --- components.mk 16 May 2005 21:58:00 -0000 1.30 +++ components.mk 15 Feb 2006 21:32:16 -0000 1.30.2.1 @@ -296,13 +296,15 @@ else LDAPSDK_LIBPATH = $(LDAP_ROOT)/lib LDAPSDK_INCDIR = $(LDAP_ROOT)/include - LDAPSDK_BINPATH = $(LDAP_ROOT)/tools + LDAPSDK_BINPATH = $(LDAP_ROOT)/bin endif LDAPSDK_INCLUDE = -I$(LDAPSDK_INCDIR) # package the command line programs -LDAPSDK_TOOLS = $(wildcard $(LDAPSDK_BINPATH)/ldap*$(EXE_SUFFIX)) -BINS_TO_PKG_SHARED += $(LDAPSDK_TOOLS) +LDAPSDK_BINNAMES = ldapcmp ldapcompare ldapdelete ldapmodify ldapsearch +LDAPSDK_TOOLS = $(addsuffix $(EXE_SUFFIX),$(LDAPSDK_BINNAMES)) +LDAPSDK_TOOLS_FULLPATH = $(addprefix $(LDAPSDK_BINPATH)/, $(LDAPSDK_TOOLS)) +BINS_TO_PKG_SHARED += $(LDAPSDK_TOOLS_FULLPATH) # package the include files - needed for the plugin API LDAPSDK_INCLUDE_FILES = $(wildcard $(LDAPSDK_INCDIR)/*.h) PACKAGE_SRC_DEST += $(subst $(SPACE),$(SPACE)plugins/slapd/slapi/include$(SPACE),$(LDAPSDK_INCLUDE_FILES)) Index: internal_comp_deps.mk =================================================================== RCS file: /cvs/dirsec/ldapserver/internal_comp_deps.mk,v retrieving revision 1.24 retrieving revision 1.24.2.1 diff -u -r1.24 -r1.24.2.1 --- internal_comp_deps.mk 18 May 2005 13:38:57 -0000 1.24 +++ internal_comp_deps.mk 15 Feb 2006 21:32:16 -0000 1.24.2.1 @@ -236,7 +236,7 @@ mkdir -p $(LDAP_LIBPATH) $(FTP_PULL) -method $(LDAPSDK_PULL_METHOD) \ -objdir $(LDAP_ROOT) -componentdir $(LDAP_RELEASE) \ - -files include,$(LDAPSDK_PULL_LIBS),tools + -files include,$(LDAPSDK_PULL_LIBS),bin endif -@if [ ! -f $@ ] ; \ then echo "Error: could not get component LDAPSDK file $@" ; \ Index: ldapserver.spec.tmpl =================================================================== RCS file: /cvs/dirsec/ldapserver/ldapserver.spec.tmpl,v retrieving revision 1.10.2.7 retrieving revision 1.10.2.8 diff -u -r1.10.2.7 -r1.10.2.8 --- ldapserver.spec.tmpl 14 Oct 2005 17:32:46 -0000 1.10.2.7 +++ ldapserver.spec.tmpl 15 Feb 2006 21:32:16 -0000 1.10.2.8 @@ -45,7 +45,7 @@ Summary: @COMPANY-PRODUCT-NAME@ Name: @LCASE-COMPANY-NAME-NOSP@-ds Version: @GEN-VERSION@ -Release: 3.@PLATFORM@ +Release: 4.@PLATFORM@ License: GPL plus extensions Group: System Environment/Daemons URL: @COMPANY-URL@ Index: nsdefs.mk =================================================================== RCS file: /cvs/dirsec/ldapserver/nsdefs.mk,v retrieving revision 1.11.2.2 retrieving revision 1.11.2.3 diff -u -r1.11.2.2 -r1.11.2.3 --- nsdefs.mk 10 Sep 2005 00:41:45 -0000 1.11.2.2 +++ nsdefs.mk 15 Feb 2006 21:32:16 -0000 1.11.2.3 @@ -265,8 +265,8 @@ OBJDIR=$(COMMON_OBJDIR) OBJDIR_32=$(COMMON_OBJDIR_32) DO_SEARCH=no -DIR_VERSION:=7.1 SP1 -NOSP_DIR_VERSION:=7.1SP1 +DIR_VERSION:=7.1 SP2 +NOSP_DIR_VERSION:=7.1SP2 DIR_NORM_VERSION:=7.1 PRODUCT_NAME="$(PRODUCTCORE) $(DIR_VERSION)" # When you change DIRSDK_VERSION or DIRSDK_VERSION_DLL_SUFFIX, you must

18 years, 2 months

1
0
0 / 0

[Fedora-directory-commits] ldapserver/ldap/servers/slapd passwd_extop.c, 1.6, 1.7

by Doctor Conrad

Author: rmeggins Update of /cvs/dirsec/ldapserver/ldap/servers/slapd In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv24719 Modified Files: passwd_extop.c Log Message: Bug(s) fixed: 181587 Bug Description: Password Modify LDAPv3 extended operation erroneously forces the client to supply old password Reviewed by: Pete & Nathan (Thanks!) Fix Description: If the BIND operation was successful, the CONN_DN field is always set to the proper DN. This is even the case during a SASL or client cert DN if the authentication was successful AND the given identity could be mapped to a real user in the directory. Also, the authmethod will be something other than NULL or none. So, if the old password was not given, that is ok if there is a non-anonymous bind DN and a real authmethod. The rest of the operation passes through the usual access control. Platforms tested: Fedora Core 4 Flag Day: no Doc impact: no Index: passwd_extop.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/passwd_extop.c,v retrieving revision 1.6 retrieving revision 1.7 diff -u -r1.6 -r1.7 --- passwd_extop.c 19 Apr 2005 22:07:36 -0000 1.6 +++ passwd_extop.c 15 Feb 2006 21:22:46 -0000 1.7 @@ -201,6 +201,7 @@ { char *oid = NULL; char *bindDN = NULL; + char *authmethod = NULL; char *dn = NULL; char *oldPasswd = NULL; char *newPasswd = NULL; @@ -297,6 +298,7 @@ { if ( ber_scanf( ber, "a", &dn) == LBER_ERROR ) { + slapi_ch_free_string(&dn); LDAPDebug( LDAP_DEBUG_ANY, "ber_scanf failed :{\n", 0, 0, 0 ); errMesg = "ber_scanf failed at userID parse.\n"; @@ -313,6 +315,7 @@ { if ( ber_scanf( ber, "a", &oldPasswd ) == LBER_ERROR ) { + slapi_ch_free_string(&oldPasswd); LDAPDebug( LDAP_DEBUG_ANY, "ber_scanf failed :{\n", 0, 0, 0 ); errMesg = "ber_scanf failed at oldPasswd parse.\n"; @@ -320,10 +323,6 @@ goto free_and_return; } tag = ber_peek_tag( ber, &len); - } else { - errMesg = "Current passwd must be supplied by the user.\n"; - rc = LDAP_PARAM_ERROR; - goto free_and_return; } /* identify newPasswd field by tags */ @@ -331,6 +330,7 @@ { if ( ber_scanf( ber, "a", &newPasswd ) == LBER_ERROR ) { + slapi_ch_free_string(&newPasswd); LDAPDebug( LDAP_DEBUG_ANY, "ber_scanf failed :{\n", 0, 0, 0 ); errMesg = "ber_scanf failed at newPasswd parse.\n"; @@ -348,12 +348,27 @@ dn, oldPasswd, newPasswd); */ - if (oldPasswd == NULL || *oldPasswd == '\0') { - /* Refuse to handle this operation because current password is not provided */ - errMesg = "Current passwd must be supplied by the user.\n"; - rc = LDAP_PARAM_ERROR; + /* Get Bind DN */ + slapi_pblock_get( pb, SLAPI_CONN_DN, &bindDN ); + + /* If the connection is bound anonymously, we must refuse to process this operation. */ + if (bindDN == NULL || *bindDN == '\0') { + /* Refuse the operation because they're bound anonymously */ + errMesg = "Anonymous Binds are not allowed.\n"; + rc = LDAP_INSUFFICIENT_ACCESS; goto free_and_return; } + + if (oldPasswd == NULL || *oldPasswd == '\0') { + /* If user is authenticated, they already gave their password during + the bind operation (or used sasl or client cert auth) */ + slapi_pblock_get(pb, SLAPI_CONN_AUTHMETHOD, &authmethod); + if (!authmethod || !strcmp(authmethod, SLAPD_AUTH_NONE)) { + errMesg = "User must be authenticated to the directory server.\n"; + rc = LDAP_INSUFFICIENT_ACCESS; + goto free_and_return; + } + } /* We don't implement password generation, so if the request implies * that they asked us to do that, we must refuse to process it */ @@ -364,22 +379,12 @@ goto free_and_return; } - /* Get Bind DN */ - slapi_pblock_get( pb, SLAPI_CONN_DN, &bindDN ); - - /* If the connection is bound anonymously, we must refuse to process this operation. */ - if (bindDN == NULL || *bindDN == '\0') { - /* Refuse the operation because they're bound anonymously */ - errMesg = "Anonymous Binds are not allowed.\n"; - rc = LDAP_INSUFFICIENT_ACCESS; - goto free_and_return; - } /* Determine the target DN for this operation */ /* Did they give us a DN ? */ if (dn == NULL || *dn == '\0') { /* Get the DN from the bind identity on this connection */ - dn = bindDN; + dn = slapi_ch_strdup(bindDN); LDAPDebug( LDAP_DEBUG_ANY, "Missing userIdentity in request, using the bind DN instead.\n", 0, 0, 0 ); @@ -433,13 +438,15 @@ * They gave us a password (old), check it against the target entry * Is the old password valid ? */ - ret = passwd_check_pwd(targetEntry, oldPasswd); - if (ret) { - /* No, then we fail this operation */ - errMesg = "Invalid oldPasswd value.\n"; - rc = ret; - goto free_and_return; - } + if (oldPasswd && *oldPasswd) { + ret = passwd_check_pwd(targetEntry, oldPasswd); + if (ret) { + /* No, then we fail this operation */ + errMesg = "Invalid oldPasswd value.\n"; + rc = ret; + goto free_and_return; + } + } /* Now we're ready to make actual password change */ @@ -455,7 +462,17 @@ /* Free anything that we allocated above */ free_and_return: - + + slapi_ch_free_string(&oldPasswd); + slapi_ch_free_string(&newPasswd); + /* Either this is the same pointer that we allocated and set above, + or whoever used it should have freed it and allocated a new + value that we need to free here */ + slapi_pblock_get( pb, SLAPI_ORIGINAL_TARGET, &dn ); + slapi_ch_free_string(&dn); + slapi_pblock_set( pb, SLAPI_ORIGINAL_TARGET, NULL ); + slapi_ch_free_string(&authmethod); + if ( targetEntry != NULL ){ slapi_entry_free (targetEntry); } @@ -465,9 +482,8 @@ ber = NULL; } - slapi_log_error( SLAPI_LOG_PLUGIN, "passwd_modify_extop", - errMesg ); + errMesg ? errMesg : "success" ); send_ldap_result( pb, rc, NULL, errMesg, 0, NULL );

18 years, 2 months

1
0
0 / 0

[Fedora-directory-commits] ldapserver/ldap/servers/slapd libglobs.c, 1.7, 1.8

by Doctor Conrad

Author: nkinder Update of /cvs/dirsec/ldapserver/ldap/servers/slapd In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv3170 Modified Files: libglobs.c Log Message: Bug(s) fixed: 181032 Bug Description: Most of our integer based config parameters do not do a good job validating input. For example, alphabetic characters will be accepted as a value if "0" is a valid setting for a given parameter since atoi returns "0" on error. We also don't properly check for range errors for many parameters. Reviewed by: Rich, Pete, and Noriko (Thanks!) Files: ldapserver/ldap/servers/slapd/libglobs.c Branch: HEAD Fix Description: This adds better input validation for a number of integer based config settings. I replaced our usage of atoi() with strtol() so we can recognize conversion errors. I also added more descriptive error strings where they were missing. I revised the fix due to feedback from Noriko. She recommended that we check for ERANGE areas for all calls to strtol insead of only checking when LONG_MAX is a valid setting for a config parameter. Flag Day: no Doc impact: no QA impact: should be covered by regular nightly and manual testing New Tests integrated into TET: none Index: libglobs.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/libglobs.c,v retrieving revision 1.7 retrieving revision 1.8 diff -u -r1.7 -r1.8 --- libglobs.c 25 Jan 2006 16:51:39 -0000 1.7 +++ libglobs.c 15 Feb 2006 00:26:19 -0000 1.8 @@ -950,7 +950,8 @@ int config_set_port( const char *attrname, char *port, char *errorbuf, int apply ) { - int nPort; + long nPort; + char *endp = NULL; slapdFrontendConfig_t *slapdFrontendConfig = getFrontendConfig(); int retVal = LDAP_SUCCESS; @@ -958,17 +959,20 @@ return LDAP_OPERATIONS_ERROR; } - nPort = atoi( port ); + errno = 0; + nPort = strtol(port, &endp, 10); - if ( nPort == 0 ) { - LDAPDebug( LDAP_DEBUG_ANY, - "Information: Non-Secure Port Disabled, server only contactable via secure port\n", 0, 0, 0 ); - } - else if (nPort > LDAP_PORT_MAX || nPort < 0 ) { + if ( *endp != '\0' || errno == ERANGE || nPort > LDAP_PORT_MAX || nPort < 0 ) { retVal = LDAP_OPERATIONS_ERROR; PR_snprintf ( errorbuf, SLAPI_DSE_RETURNTEXT_SIZE, - "%s: %d is invalid, ports must range from 1 to %d", - attrname, nPort, LDAP_PORT_MAX ); + "%s: \"%s\" is invalid, ports must range from 0 to %d", + attrname, port, LDAP_PORT_MAX ); + return retVal; + } + + if ( nPort == 0 ) { + LDAPDebug( LDAP_DEBUG_ANY, + "Information: Non-Secure Port Disabled, server only contactable via secure port\n", 0, 0, 0 ); } if ( apply ) { @@ -984,19 +988,23 @@ int config_set_secureport( const char *attrname, char *port, char *errorbuf, int apply ) { - int nPort = atoi ( port ); + long nPort; + char *endp = NULL; slapdFrontendConfig_t *slapdFrontendConfig = getFrontendConfig(); int retVal = LDAP_SUCCESS; if ( config_value_is_null( attrname, port, errorbuf, 0 )) { return LDAP_OPERATIONS_ERROR; } + + errno = 0; + nPort = strtol(port, &endp, 10); - if (nPort > LDAP_PORT_MAX || nPort <= 0 ) { + if (*endp != '\0' || errno == ERANGE || nPort > LDAP_PORT_MAX || nPort <= 0 ) { retVal = LDAP_OPERATIONS_ERROR; PR_snprintf ( errorbuf, SLAPI_DSE_RETURNTEXT_SIZE, - "%s: %d is invalid, ports must range from 1 to %d", - attrname, nPort, LDAP_PORT_MAX ); + "%s: \"%s\" is invalid, ports must range from 1 to %d", + attrname, port, LDAP_PORT_MAX ); } if (apply) { @@ -1159,23 +1167,27 @@ int config_set_sizelimit( const char *attrname, char *value, char *errorbuf, int apply ) { int retVal = LDAP_SUCCESS; + long sizelimit; + char *endp = NULL; Slapi_Backend *be; char *cookie; + slapdFrontendConfig_t *slapdFrontendConfig = getFrontendConfig(); - int sizelimit = atoi ( value ); - if ( config_value_is_null( attrname, value, errorbuf, 0 )) { return LDAP_OPERATIONS_ERROR; } - if ( sizelimit < -1 ) { - PR_snprintf ( errorbuf, SLAPI_DSE_RETURNTEXT_SIZE, "%s: %d is too small", - attrname, sizelimit ); + errno = 0; + sizelimit = strtol(value, &endp, 10); + + if ( *endp != '\0' || errno == ERANGE || sizelimit < -1 ) { + PR_snprintf ( errorbuf, SLAPI_DSE_RETURNTEXT_SIZE, "%s: \"%s\" is invalid, sizelimit must range from -1 to %ld", + attrname, value, LONG_MAX ); retVal = LDAP_OPERATIONS_ERROR; return retVal; } - + if (apply) { CFG_LOCK_WRITE(slapdFrontendConfig); @@ -1347,15 +1359,20 @@ int config_set_pw_minlength( const char *attrname, char *value, char *errorbuf, int apply ) { - int retVal = LDAP_SUCCESS, minLength = 0; + int retVal = LDAP_SUCCESS; + long minLength = 0; + char *endp = NULL; + slapdFrontendConfig_t *slapdFrontendConfig = getFrontendConfig(); if ( config_value_is_null( attrname, value, errorbuf, 0 )) { return LDAP_OPERATIONS_ERROR; } - minLength = atoi(value); - if ( minLength < 2 || minLength > 512 ) { + errno = 0; + minLength = strtol(value, &endp, 10); + + if ( *endp != '\0' || errno == ERANGE || minLength < 2 || minLength > 512 ) { PR_snprintf ( errorbuf, SLAPI_DSE_RETURNTEXT_SIZE, "password minimum length \"%s\" is invalid. " "The minimum length must range from 2 to 512.", @@ -1377,15 +1394,20 @@ int config_set_pw_mindigits( const char *attrname, char *value, char *errorbuf, int apply ) { - int retVal = LDAP_SUCCESS, minDigits = 0; + int retVal = LDAP_SUCCESS; + long minDigits = 0; + char *endp = NULL; + slapdFrontendConfig_t *slapdFrontendConfig = getFrontendConfig(); if ( config_value_is_null( attrname, value, errorbuf, 0 )) { return LDAP_OPERATIONS_ERROR; } - minDigits = atoi(value); - if ( minDigits < 0 || minDigits > 64 ) { + errno = 0; + minDigits = strtol(value, &endp, 10); + + if ( *endp != '\0' || errno == ERANGE || minDigits < 0 || minDigits > 64 ) { PR_snprintf ( errorbuf, SLAPI_DSE_RETURNTEXT_SIZE, "password minimum number of digits \"%s\" is invalid. " "The minimum number of digits must range from 0 to 64.", @@ -1407,15 +1429,20 @@ int config_set_pw_minalphas( const char *attrname, char *value, char *errorbuf, int apply ) { - int retVal = LDAP_SUCCESS, minAlphas = 0; + int retVal = LDAP_SUCCESS; + long minAlphas = 0; + char *endp = NULL; + slapdFrontendConfig_t *slapdFrontendConfig = getFrontendConfig(); if ( config_value_is_null( attrname, value, errorbuf, 0 )) { return LDAP_OPERATIONS_ERROR; } - minAlphas = atoi(value); - if ( minAlphas < 0 || minAlphas > 64 ) { + errno = 0; + minAlphas = strtol(value, &endp, 10); + + if ( *endp != '\0' || errno == ERANGE || minAlphas < 0 || minAlphas > 64 ) { PR_snprintf ( errorbuf, SLAPI_DSE_RETURNTEXT_SIZE, "password minimum number of alphas \"%s\" is invalid. " "The minimum number of alphas must range from 0 to 64.", @@ -1437,15 +1464,20 @@ int config_set_pw_minuppers( const char *attrname, char *value, char *errorbuf, int apply ) { - int retVal = LDAP_SUCCESS, minUppers = 0; + int retVal = LDAP_SUCCESS; + long minUppers = 0; + char *endp = NULL; + slapdFrontendConfig_t *slapdFrontendConfig = getFrontendConfig(); if ( config_value_is_null( attrname, value, errorbuf, 0 )) { return LDAP_OPERATIONS_ERROR; } - minUppers = atoi(value); - if ( minUppers < 0 || minUppers > 64 ) { + errno = 0; + minUppers = strtol(value, &endp, 10); + + if ( *endp != '\0' || errno == ERANGE || minUppers < 0 || minUppers > 64 ) { PR_snprintf ( errorbuf, SLAPI_DSE_RETURNTEXT_SIZE, "password minimum number of uppercase characters \"%s\" is invalid. " "The minimum number of uppercase characters must range from 0 to 64.", @@ -1467,15 +1499,20 @@ int config_set_pw_minlowers( const char *attrname, char *value, char *errorbuf, int apply ) { - int retVal = LDAP_SUCCESS, minLowers = 0; + int retVal = LDAP_SUCCESS; + long minLowers = 0; + char *endp = NULL; + slapdFrontendConfig_t *slapdFrontendConfig = getFrontendConfig(); if ( config_value_is_null( attrname, value, errorbuf, 0 )) { return LDAP_OPERATIONS_ERROR; } - minLowers = atoi(value); - if ( minLowers < 0 || minLowers > 64 ) { + errno = 0; + minLowers = strtol(value, &endp, 10); + + if ( *endp != '\0' || errno == ERANGE || minLowers < 0 || minLowers > 64 ) { PR_snprintf ( errorbuf, SLAPI_DSE_RETURNTEXT_SIZE, "password minimum number of lowercase characters \"%s\" is invalid. " "The minimum number of lowercase characters must range from 0 to 64.", @@ -1497,15 +1534,20 @@ int config_set_pw_minspecials( const char *attrname, char *value, char *errorbuf, int apply ) { - int retVal = LDAP_SUCCESS, minSpecials = 0; + int retVal = LDAP_SUCCESS; + long minSpecials = 0; + char *endp = NULL; + slapdFrontendConfig_t *slapdFrontendConfig = getFrontendConfig(); if ( config_value_is_null( attrname, value, errorbuf, 0 )) { return LDAP_OPERATIONS_ERROR; } - minSpecials = atoi(value); - if ( minSpecials < 0 || minSpecials > 64 ) { + errno = 0; + minSpecials = strtol(value, &endp, 10); + + if ( *endp != '\0' || errno == ERANGE || minSpecials < 0 || minSpecials > 64 ) { PR_snprintf ( errorbuf, SLAPI_DSE_RETURNTEXT_SIZE, "password minimum number of special characters \"%s\" is invalid. " "The minimum number of special characters must range from 0 to 64.", @@ -1527,15 +1569,20 @@ int config_set_pw_min8bit( const char *attrname, char *value, char *errorbuf, int apply ) { - int retVal = LDAP_SUCCESS, min8bit = 0; + int retVal = LDAP_SUCCESS; + long min8bit = 0; + char *endp = NULL; + slapdFrontendConfig_t *slapdFrontendConfig = getFrontendConfig(); if ( config_value_is_null( attrname, value, errorbuf, 0 )) { return LDAP_OPERATIONS_ERROR; } - min8bit = atoi(value); - if ( min8bit < 0 || min8bit > 64 ) { + errno = 0; + min8bit = strtol(value, &endp, 10); + + if ( *endp != '\0' || errno == ERANGE || min8bit < 0 || min8bit > 64 ) { PR_snprintf ( errorbuf, SLAPI_DSE_RETURNTEXT_SIZE, "password minimum number of 8-bit characters \"%s\" is invalid. " "The minimum number of 8-bit characters must range from 0 to 64.", @@ -1557,15 +1604,20 @@ int config_set_pw_maxrepeats( const char *attrname, char *value, char *errorbuf, int apply ) { - int retVal = LDAP_SUCCESS, maxRepeats = 0; + int retVal = LDAP_SUCCESS; + long maxRepeats = 0; + char *endp = NULL; + slapdFrontendConfig_t *slapdFrontendConfig = getFrontendConfig(); if ( config_value_is_null( attrname, value, errorbuf, 0 )) { return LDAP_OPERATIONS_ERROR; } - maxRepeats = atoi(value); - if ( maxRepeats < 0 || maxRepeats > 64 ) { + errno = 0; + maxRepeats = strtol(value, &endp, 10); + + if ( *endp != '\0' || errno == ERANGE || maxRepeats < 0 || maxRepeats > 64 ) { PR_snprintf ( errorbuf, SLAPI_DSE_RETURNTEXT_SIZE, "password maximum number of repeated characters \"%s\" is invalid. " "The maximum number of repeated characters must range from 0 to 64.", @@ -1587,15 +1639,20 @@ int config_set_pw_mincategories( const char *attrname, char *value, char *errorbuf, int apply ) { - int retVal = LDAP_SUCCESS, minCategories = 0; + int retVal = LDAP_SUCCESS; + long minCategories = 0; + char *endp = NULL; + slapdFrontendConfig_t *slapdFrontendConfig = getFrontendConfig(); if ( config_value_is_null( attrname, value, errorbuf, 0 )) { return LDAP_OPERATIONS_ERROR; } - minCategories = atoi(value); - if ( minCategories < 1 || minCategories > 5 ) { + errno = 0; + minCategories = strtol(value, &endp, 10); + + if ( *endp != '\0' || errno == ERANGE || minCategories < 1 || minCategories > 5 ) { PR_snprintf ( errorbuf, SLAPI_DSE_RETURNTEXT_SIZE, "password minimum number of categories \"%s\" is invalid. " "The minimum number of categories must range from 1 to 5.", @@ -1617,15 +1674,20 @@ int config_set_pw_mintokenlength( const char *attrname, char *value, char *errorbuf, int apply ) { - int retVal = LDAP_SUCCESS, minTokenLength = 0; + int retVal = LDAP_SUCCESS; + long minTokenLength = 0; + char *endp = NULL; + slapdFrontendConfig_t *slapdFrontendConfig = getFrontendConfig(); if ( config_value_is_null( attrname, value, errorbuf, 0 )) { return LDAP_OPERATIONS_ERROR; } - minTokenLength = atoi(value); - if ( minTokenLength < 1 || minTokenLength > 64 ) { + errno = 0; + minTokenLength = strtol(value, &endp, 10); + + if ( *endp != '\0' || errno == ERANGE || minTokenLength < 1 || minTokenLength > 64 ) { PR_snprintf ( errorbuf, SLAPI_DSE_RETURNTEXT_SIZE, "password minimum token length \"%s\" is invalid. " "The minimum token length must range from 1 to 64.", @@ -1647,15 +1709,20 @@ int config_set_pw_maxfailure( const char *attrname, char *value, char *errorbuf, int apply ) { - int retVal = LDAP_SUCCESS, maxFailure = 0; + int retVal = LDAP_SUCCESS; + long maxFailure = 0; + char *endp = NULL; + slapdFrontendConfig_t *slapdFrontendConfig = getFrontendConfig(); if ( config_value_is_null( attrname, value, errorbuf, 0 )) { return LDAP_OPERATIONS_ERROR; } - maxFailure = atoi(value); - if ( maxFailure <= 0 || maxFailure > 32767 ) { + errno = 0; + maxFailure = strtol(value, &endp, 10); + + if ( *endp != '\0' || errno == ERANGE || maxFailure <= 0 || maxFailure > 32767 ) { PR_snprintf ( errorbuf, SLAPI_DSE_RETURNTEXT_SIZE, "password maximum retry \"%s\" is invalid. " "Password maximum failure must range from 1 to 32767", @@ -1679,15 +1746,20 @@ int config_set_pw_inhistory( const char *attrname, char *value, char *errorbuf, int apply ) { - int retVal = LDAP_SUCCESS, history = 0; + int retVal = LDAP_SUCCESS; + long history = 0; + char *endp = NULL; + slapdFrontendConfig_t *slapdFrontendConfig = getFrontendConfig(); if ( config_value_is_null( attrname, value, errorbuf, 0 )) { return LDAP_OPERATIONS_ERROR; } - history = atoi(value); - if ( history < 2 || history > 24 ) { + errno = 0; + history = strtol(value, &endp, 10); + + if ( *endp != '\0' || errno == ERANGE || history < 2 || history > 24 ) { PR_snprintf ( errorbuf, SLAPI_DSE_RETURNTEXT_SIZE, "password history length \"%s\" is invalid. " "The password history must range from 2 to 24", @@ -1712,16 +1784,19 @@ config_set_pw_lockduration( const char *attrname, char *value, char *errorbuf, int apply ) { int retVal = LDAP_SUCCESS; long duration = 0; /* in minutes */ + char *endp = NULL; + slapdFrontendConfig_t *slapdFrontendConfig = getFrontendConfig(); if ( config_value_is_null( attrname, value, errorbuf, 0 )) { return LDAP_OPERATIONS_ERROR; } + errno = 0; /* in seconds */ - duration = strtol (value, NULL, 0); + duration = strtol(value, &endp, 10); - if ( duration <= 0 || duration > (MAX_ALLOWED_TIME_IN_SECS - current_time()) ) { + if ( *endp != '\0' || errno == ERANGE || duration <= 0 || duration > (MAX_ALLOWED_TIME_IN_SECS - current_time()) ) { PR_snprintf ( errorbuf, SLAPI_DSE_RETURNTEXT_SIZE, "password lockout duration \"%s\" seconds is invalid. ", value ); @@ -1741,15 +1816,19 @@ config_set_pw_resetfailurecount( const char *attrname, char *value, char *errorbuf, int apply ) { int retVal = LDAP_SUCCESS; long duration = 0; /* in minutes */ + char *endp = NULL; + slapdFrontendConfig_t *slapdFrontendConfig = getFrontendConfig(); if ( config_value_is_null( attrname, value, errorbuf, 0 )) { return LDAP_OPERATIONS_ERROR; } + errno = 0; /* in seconds */ - duration = strtol (value, NULL, 0); - if ( duration < 0 || duration > (MAX_ALLOWED_TIME_IN_SECS - current_time()) ) { + duration = strtol(value, &endp, 10); + + if ( *endp != '\0' || errno == ERANGE || duration < 0 || duration > (MAX_ALLOWED_TIME_IN_SECS - current_time()) ) { PR_snprintf ( errorbuf, SLAPI_DSE_RETURNTEXT_SIZE, "password reset count duration \"%s\" seconds is invalid. ", value ); @@ -1824,18 +1903,22 @@ int config_set_pw_gracelimit( const char *attrname, char *value, char *errorbuf, int apply ) { - int retVal = LDAP_SUCCESS, gracelimit = 0; + int retVal = LDAP_SUCCESS; + long gracelimit = 0; + char *endp = NULL; + slapdFrontendConfig_t *slapdFrontendConfig = getFrontendConfig(); if ( config_value_is_null( attrname, value, errorbuf, 0 )) { return LDAP_OPERATIONS_ERROR; } - - gracelimit = atoi(value); - if ( gracelimit < 0 ) { + errno = 0; + gracelimit = strtol(value, &endp, 10); + + if ( *endp != '\0' || errno == ERANGE || gracelimit < 0 ) { PR_snprintf ( errorbuf, SLAPI_DSE_RETURNTEXT_SIZE, - "password grace limit \"%s\" is invalid.", - value ); + "password grace limit \"%s\" is invalid, password grace limit must range from 0 to %ld", + value , LONG_MAX ); retVal = LDAP_OPERATIONS_ERROR; return retVal; } @@ -2296,17 +2379,21 @@ int config_set_threadnumber( const char *attrname, char *value, char *errorbuf, int apply ) { - int retVal = LDAP_SUCCESS, threadnum = 0; + int retVal = LDAP_SUCCESS; + long threadnum = 0; + char *endp = NULL; + slapdFrontendConfig_t *slapdFrontendConfig = getFrontendConfig(); if ( config_value_is_null( attrname, value, errorbuf, 0 )) { return LDAP_OPERATIONS_ERROR; } - threadnum = atoi ( value ); + errno = 0; + threadnum = strtol(value, &endp, 10); - if ( threadnum < 1 || threadnum > 65535 ) { - PR_snprintf ( errorbuf, SLAPI_DSE_RETURNTEXT_SIZE, "%s: invalid value %d, maximum thread number must range from 1 to 65535", attrname, threadnum ); + if ( *endp != '\0' || errno == ERANGE || threadnum < 1 || threadnum > 65535 ) { + PR_snprintf ( errorbuf, SLAPI_DSE_RETURNTEXT_SIZE, "%s: invalid value \"%s\", maximum thread number must range from 1 to 65535", attrname, value ); retVal = LDAP_OPERATIONS_ERROR; } @@ -2321,17 +2408,21 @@ int config_set_maxthreadsperconn( const char *attrname, char *value, char *errorbuf, int apply ) { - int retVal = LDAP_SUCCESS, maxthreadnum = 0; + int retVal = LDAP_SUCCESS; + long maxthreadnum = 0; + char *endp = NULL; + slapdFrontendConfig_t *slapdFrontendConfig = getFrontendConfig(); if ( config_value_is_null( attrname, value, errorbuf, 0 )) { return LDAP_OPERATIONS_ERROR; } - maxthreadnum = atoi ( value ); + errno = 0; + maxthreadnum = strtol(value, &endp, 10); - if ( maxthreadnum < 1 || maxthreadnum > 65535 ) { - PR_snprintf ( errorbuf, SLAPI_DSE_RETURNTEXT_SIZE, "%s: invalid value %d, maximum thread number per connection must range from 1 to 65535", attrname, maxthreadnum ); + if ( *endp != '\0' || errno == ERANGE || maxthreadnum < 1 || maxthreadnum > 65535 ) { + PR_snprintf ( errorbuf, SLAPI_DSE_RETURNTEXT_SIZE, "%s: invalid value \"%s\", maximum thread number per connection must range from 1 to 65535", attrname, value ); retVal = LDAP_OPERATIONS_ERROR; } @@ -2348,29 +2439,34 @@ #include <sys/resource.h> int config_set_maxdescriptors( const char *attrname, char *value, char *errorbuf, int apply ) { - int retVal = LDAP_SUCCESS, nValue = 0; + int retVal = LDAP_SUCCESS; + long nValue = 0; int maxVal = 65535; struct rlimit rlp; + char *endp = NULL; + slapdFrontendConfig_t *slapdFrontendConfig = getFrontendConfig(); if ( config_value_is_null( attrname, value, errorbuf, 0 )) { return LDAP_OPERATIONS_ERROR; } - nValue = atoi ( value ); if ( 0 == getrlimit( RLIMIT_NOFILE, &rlp ) ) { - maxVal = (int)rlp.rlim_max; + maxVal = (int)rlp.rlim_max; } - - if ( nValue < 1 || nValue > maxVal ) { - PR_snprintf ( errorbuf, SLAPI_DSE_RETURNTEXT_SIZE, "%s: invalid value %d, maximum file descriptors must range from 1 to %d (the current process limit)", - attrname, nValue, maxVal ); - if ( nValue < 1 ) { - retVal = LDAP_OPERATIONS_ERROR; - } else { - nValue = maxVal; - retVal = LDAP_UNWILLING_TO_PERFORM; - } + + errno = 0; + nValue = strtol(value, &endp, 10); + + if ( *endp != '\0' || errno == ERANGE || nValue < 1 || nValue > maxVal ) { + PR_snprintf ( errorbuf, SLAPI_DSE_RETURNTEXT_SIZE, "%s: invalid value \"%s\", maximum file descriptors must range from 1 to %d (the current process limit)", + attrname, value, maxVal ); + if ( nValue > maxVal ) { + nValue = maxVal; + retVal = LDAP_UNWILLING_TO_PERFORM; + } else { + retVal = LDAP_OPERATIONS_ERROR; + } } if (apply) { @@ -2385,8 +2481,10 @@ int config_set_conntablesize( const char *attrname, char *value, char *errorbuf, int apply ) { - int retVal = LDAP_SUCCESS, nValue = 0; + int retVal = LDAP_SUCCESS; + long nValue = 0; int maxVal = 65535; + char *endp = NULL; #ifndef _WIN32 struct rlimit rlp; #endif @@ -2396,27 +2494,31 @@ return LDAP_OPERATIONS_ERROR; } - nValue = atoi ( value ); +#ifndef _WIN32 + if ( 0 == getrlimit( RLIMIT_NOFILE, &rlp ) ) { + maxVal = (int)rlp.rlim_max; + } +#endif + + errno = 0; + nValue = strtol(value, &endp, 0); #ifdef _WIN32 - if ( nValue < 1 || nValue > 0xfffffe ) { - PR_snprintf ( errorbuf, SLAPI_DSE_RETURNTEXT_SIZE, "%s: invalid value %d, connection table size must range from 1 to 0xfffffe", attrname, nValue ); + if ( *endp != '\0' || errno == ERANGE || nValue < 1 || nValue > 0xfffffe ) { + PR_snprintf ( errorbuf, SLAPI_DSE_RETURNTEXT_SIZE, "%s: invalid value \"%s\", connection table size must range from 1 to 0xfffffe", attrname, value ); retVal = LDAP_OPERATIONS_ERROR; } #elif !defined(AIX) - if ( 0 == getrlimit( RLIMIT_NOFILE, &rlp ) ) { - maxVal = (int)rlp.rlim_max; - } - if ( nValue < 1 || nValue > maxVal ) { - PR_snprintf ( errorbuf, SLAPI_DSE_RETURNTEXT_SIZE, "%s: invalid value %d, connection table size must range from 1 to %d (the current process maxdescriptors limit)", - attrname, nValue, maxVal ); - if ( nValue < 1 ) { - retVal = LDAP_OPERATIONS_ERROR; - } else { - nValue = maxVal; - retVal = LDAP_UNWILLING_TO_PERFORM; - } + if ( *endp != '\0' || errno == ERANGE || nValue < 1 || nValue > maxVal ) { + PR_snprintf ( errorbuf, SLAPI_DSE_RETURNTEXT_SIZE, "%s: invalid value \"%s\", connection table size must range from 1 to %d" + " (the current process maxdescriptors limit)", attrname, value, maxVal ); + if ( nValue > maxVal) { + nValue = maxVal; + retVal = LDAP_UNWILLING_TO_PERFORM; + } else { + retVal = LDAP_OPERATIONS_ERROR; + } } #endif @@ -2431,18 +2533,38 @@ int config_set_reservedescriptors( const char *attrname, char *value, char *errorbuf, int apply ) { - int retVal = LDAP_SUCCESS, nValue = 0; + int retVal = LDAP_SUCCESS; + int maxVal = 65535; + long nValue = 0; + char *endp = NULL; +#ifndef _WIN32 + struct rlimit rlp; +#endif + slapdFrontendConfig_t *slapdFrontendConfig = getFrontendConfig(); if ( config_value_is_null( attrname, value, errorbuf, 0 )) { return LDAP_OPERATIONS_ERROR; } - nValue = atoi ( value ); +#ifndef _WIN32 + if ( 0 == getrlimit( RLIMIT_NOFILE, &rlp ) ) { + maxVal = (int)rlp.rlim_max; + } +#endif + + errno = 0; + nValue = strtol(value, &endp, 10); - if ( nValue < 1 || nValue > 65535 ) { - PR_snprintf ( errorbuf, SLAPI_DSE_RETURNTEXT_SIZE, "%s: invalid value %d, reserved file descriptors must range from 1 to 65535", attrname, nValue ); - retVal = LDAP_OPERATIONS_ERROR; + if ( *endp != '\0' || errno == ERANGE || nValue < 1 || nValue > maxVal ) { + PR_snprintf ( errorbuf, SLAPI_DSE_RETURNTEXT_SIZE, "%s: invalid value \"%s\", reserved file descriptors must range from 1 to %d" + " (the current process maxdescriptors limit)", attrname, value, maxVal ); + if ( nValue > maxVal) { + nValue = maxVal; + retVal = LDAP_UNWILLING_TO_PERFORM; + } else { + retVal = LDAP_OPERATIONS_ERROR; + } } if (apply) { @@ -2458,14 +2580,25 @@ int config_set_ioblocktimeout( const char *attrname, char *value, char *errorbuf, int apply ) { - int retVal = LDAP_SUCCESS, nValue = 0; + int retVal = LDAP_SUCCESS; + long nValue = 0; + char *endp = NULL; + slapdFrontendConfig_t *slapdFrontendConfig = getFrontendConfig(); if ( config_value_is_null( attrname, value, errorbuf, 0 )) { return LDAP_OPERATIONS_ERROR; } - nValue = atoi ( value ); + errno = 0; + nValue = strtol(value, &endp, 10); + + if ( *endp != '\0' || errno == ERANGE || nValue < 0 ) { + PR_snprintf ( errorbuf, SLAPI_DSE_RETURNTEXT_SIZE, "%s: invalid value \"%s\", I/O block timeout must range from 0 to %ld", + attrname, value, LONG_MAX ); + retVal = LDAP_OPERATIONS_ERROR; + return retVal; + } #if defined(IRIX) /* on IRIX poll can only handle timeouts up to @@ -2489,14 +2622,25 @@ int config_set_idletimeout( const char *attrname, char *value, char *errorbuf, int apply ) { - int retVal = LDAP_SUCCESS, nValue = 0; + int retVal = LDAP_SUCCESS; + long nValue = 0; + char *endp = NULL; + slapdFrontendConfig_t *slapdFrontendConfig = getFrontendConfig(); if ( config_value_is_null( attrname, value, errorbuf, 0 )) { return LDAP_OPERATIONS_ERROR; } - nValue = atoi ( value ); + errno = 0; + nValue = strtol(value, &endp, 10); + + if (*endp != '\0' || errno == ERANGE || nValue < 0 ) { + PR_snprintf ( errorbuf, SLAPI_DSE_RETURNTEXT_SIZE, "%s: invalid value \"%s\", idle timeout must range from 0 to %ld", + attrname, value, LONG_MAX ); + retVal = LDAP_OPERATIONS_ERROR; + return retVal; + } if (apply) { CFG_LOCK_WRITE(slapdFrontendConfig); @@ -2511,19 +2655,25 @@ int config_set_groupevalnestlevel( const char *attrname, char * value, char *errorbuf, int apply ) { - int retVal = LDAP_SUCCESS, nValue = 0; + int retVal = LDAP_SUCCESS; + long nValue = 0; + char *endp = NULL; + slapdFrontendConfig_t *slapdFrontendConfig = getFrontendConfig(); if ( config_value_is_null( attrname, value, errorbuf, 0 )) { return LDAP_OPERATIONS_ERROR; } - nValue = atoi ( value ); + errno = 0; + nValue = strtol(value, &endp, 10); - if ( nValue < 1 ) { + if ( *endp != '\0' || errno == ERANGE || nValue < 0 || nValue > 5 ) { PR_snprintf ( errorbuf, SLAPI_DSE_RETURNTEXT_SIZE, - "%s: invalid value %d, must be a positive number", - attrname, nValue ); + "%s: invalid value \"%s\", group eval nest level must range from 0 to 5", + attrname, value ); + retVal = LDAP_OPERATIONS_ERROR; + return retVal; } if (apply) { CFG_LOCK_WRITE(slapdFrontendConfig); @@ -2571,7 +2721,9 @@ int config_set_timelimit( const char *attrname, char *value, char *errorbuf, int apply ) { - int retVal = LDAP_SUCCESS, nVal = 0; + int retVal = LDAP_SUCCESS; + long nVal = 0; + char *endp = NULL; slapdFrontendConfig_t *slapdFrontendConfig = getFrontendConfig(); Slapi_Backend *be = NULL; char *cookie; @@ -2582,10 +2734,15 @@ return LDAP_OPERATIONS_ERROR; } - nVal = atoi(value); - if ( nVal < 0 ) { + errno = 0; + nVal = strtol(value, &endp, 10); + + if ( *endp != '\0' || errno == ERANGE || nVal < 0 ) { PR_snprintf ( errorbuf, SLAPI_DSE_RETURNTEXT_SIZE, - "%s: invalid value %d", attrname, nVal ); + "%s: invalid value \"%s\", time limit must range from 0 to %ld", + attrname, value, LONG_MAX ); + retVal = LDAP_OPERATIONS_ERROR; + return retVal; } if ( apply ) { @@ -2699,22 +2856,27 @@ } return retVal; } + int config_set_pw_maxage( const char *attrname, char *value, char *errorbuf, int apply ) { int retVal = LDAP_SUCCESS; long age; + char *endp = NULL; + slapdFrontendConfig_t *slapdFrontendConfig = getFrontendConfig(); if ( config_value_is_null( attrname, value, errorbuf, 1 )) { return LDAP_OPERATIONS_ERROR; } + errno = 0; /* age in seconds */ - age = strtol(value, NULL, 0 ); - if ( age <= 0 || age > (MAX_ALLOWED_TIME_IN_SECS - current_time()) ) { + age = strtol(value, &endp, 10); + + if ( *endp != '\0' || errno == ERANGE || age <= 0 || age > (MAX_ALLOWED_TIME_IN_SECS - current_time()) ) { PR_snprintf ( errorbuf, SLAPI_DSE_RETURNTEXT_SIZE, - "password maximum age \"%s\" seconds is invalid. ", - value ); + "%s: password maximum age \"%s\" seconds is invalid. ", + attrname, value ); retVal = LDAP_OPERATIONS_ERROR; return retVal; } @@ -2736,6 +2898,7 @@ return LDAP_OPERATIONS_ERROR; } + errno = 0; /* age in seconds */ age = strtol(value, &endPtr, 0 ); /* endPtr should never be NULL, but we check just in case; if the @@ -2750,10 +2913,11 @@ */ if ( (age < 0) || (age > (MAX_ALLOWED_TIME_IN_SECS - current_time())) || - (endPtr == NULL) || (endPtr == value) || !isdigit(*(endPtr-1)) ) { + (endPtr == NULL) || (endPtr == value) || !isdigit(*(endPtr-1)) || + errno == ERANGE ) { PR_snprintf ( errorbuf, SLAPI_DSE_RETURNTEXT_SIZE, - "password minimum age \"%s\" seconds is invalid. ", - value ); + "%s: password minimum age \"%s\" seconds is invalid. ", + attrname, value ); retVal = LDAP_OPERATIONS_ERROR; return retVal; } @@ -2768,19 +2932,23 @@ config_set_pw_warning( const char *attrname, char *value, char *errorbuf, int apply ) { int retVal = LDAP_SUCCESS; long sec; + char *endp = NULL; + slapdFrontendConfig_t *slapdFrontendConfig = getFrontendConfig(); if ( config_value_is_null( attrname, value, errorbuf, 1 )) { return LDAP_OPERATIONS_ERROR; } + errno = 0; /* in seconds */ - sec = strtol(value, NULL, 0); - if (sec < 0) { + sec = strtol(value, &endp, 10); + + if (*endp != '\0' || errno == ERANGE || sec < 0) { PR_snprintf ( errorbuf, SLAPI_DSE_RETURNTEXT_SIZE, - "password warning age \"%s\" seconds is invalid, password warning " - "age must be >= 0 seconds", - value ); + "%s: password warning age \"%s\" seconds is invalid, password warning " + "age must range from 0 to %ld seconds", + attrname, value, LONG_MAX ); retVal = LDAP_OPERATIONS_ERROR; return retVal; } @@ -2795,16 +2963,28 @@ int config_set_errorlog_level( const char *attrname, char *value, char *errorbuf, int apply ) { - int retVal = LDAP_SUCCESS, level = 0; + int retVal = LDAP_SUCCESS; + long level = 0; + char *endp = NULL; + slapdFrontendConfig_t *slapdFrontendConfig = getFrontendConfig(); if ( config_value_is_null( attrname, value, errorbuf, 1 )) { return LDAP_OPERATIONS_ERROR; } + + errno = 0; + level = strtol(value, &endp, 10); + + if ( *endp != '\0' || errno == ERANGE || level < 0 ) { + PR_snprintf ( errorbuf, SLAPI_DSE_RETURNTEXT_SIZE, "%s: error log level \"%s\" is invalid," + " error log level must range from 0 to %ld", attrname, value, LONG_MAX ); + retVal = LDAP_OPERATIONS_ERROR; + return retVal; + } if ( apply ) { CFG_LOCK_WRITE(slapdFrontendConfig); - level = atoi ( value ); level |= LDAP_DEBUG_ANY; #ifdef _WIN32 @@ -2821,16 +3001,28 @@ int config_set_accesslog_level( const char *attrname, char *value, char *errorbuf, int apply ) { - int retVal = LDAP_SUCCESS, level = 0; + int retVal = LDAP_SUCCESS; + long level = 0; + char *endp = NULL; + slapdFrontendConfig_t *slapdFrontendConfig = getFrontendConfig(); if ( config_value_is_null( attrname, value, errorbuf, 1 )) { return LDAP_OPERATIONS_ERROR; } + + errno = 0; + level = strtol(value, &endp, 10); + + if ( *endp != '\0' || errno == ERANGE || level < 0 ) { + PR_snprintf ( errorbuf, SLAPI_DSE_RETURNTEXT_SIZE, "%s: access log level \"%s\" is invalid," + " access log level must range from 0 to %ld", attrname, value, LONG_MAX ); + retVal = LDAP_OPERATIONS_ERROR; + return retVal; + } if ( apply ) { CFG_LOCK_WRITE(slapdFrontendConfig); - level = atoi ( value ); g_set_accesslog_level ( level ); slapdFrontendConfig->accessloglevel = level; CFG_UNLOCK_WRITE(slapdFrontendConfig);

18 years, 2 months

1
0
0 / 0

[Fedora-directory-commits] dsbuild/meta/ds Makefile,1.1.1.1,1.2

by Doctor Conrad

Author: rmeggins Update of /cvs/dirsec/dsbuild/meta/ds In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv31137/dsbuild/meta/ds Modified Files: Makefile Log Message: upgrade to 1.0.2 Index: Makefile =================================================================== RCS file: /cvs/dirsec/dsbuild/meta/ds/Makefile,v retrieving revision 1.1.1.1 retrieving revision 1.2 diff -u -r1.1.1.1 -r1.2 --- Makefile 10 Feb 2006 15:28:54 -0000 1.1.1.1 +++ Makefile 14 Feb 2006 22:30:05 -0000 1.2 @@ -1,5 +1,5 @@ GARNAME = ds -GARVERSION = 1 +GARVERSION = 1.0.2 CATEGORIES = meta # assume that if someone defines DEBUG=1 they mean DEBUG=full

18 years, 2 months

1
0
0 / 0

[Fedora-directory-commits] dsbuild/ds/setuputil Makefile, 1.1.1.1, 1.2 checksums, 1.1.1.1, 1.2

by Doctor Conrad

Author: rmeggins Update of /cvs/dirsec/dsbuild/ds/setuputil In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv31137/dsbuild/ds/setuputil Modified Files: Makefile checksums Log Message: upgrade to 1.0.2 Index: Makefile =================================================================== RCS file: /cvs/dirsec/dsbuild/ds/setuputil/Makefile,v retrieving revision 1.1.1.1 retrieving revision 1.2 diff -u -r1.1.1.1 -r1.2 --- Makefile 10 Feb 2006 15:28:53 -0000 1.1.1.1 +++ Makefile 14 Feb 2006 22:30:00 -0000 1.2 @@ -1,5 +1,5 @@ GARNAME = fedora-setuputil -GARVERSION = 1.0 +GARVERSION = 1.0.2 CATEGORIES = ds DISTFILES = $(GARNAME)-$(GARVERSION).tar.gz PATCHFILES = Index: checksums =================================================================== RCS file: /cvs/dirsec/dsbuild/ds/setuputil/checksums,v retrieving revision 1.1.1.1 retrieving revision 1.2 diff -u -r1.1.1.1 -r1.2 --- checksums 10 Feb 2006 15:28:53 -0000 1.1.1.1 +++ checksums 14 Feb 2006 22:30:00 -0000 1.2 @@ -1 +1,2 @@ 6bc26ba2edee75c3c8d5bf9a21bda7b8 download/fedora-setuputil-1.0.tar.gz +ad98662666e99bd737227ad6cf89abec download/fedora-setuputil-1.0.2.tar.gz

18 years, 2 months

1
0
0 / 0

[Fedora-directory-commits] dsbuild/ds/onlinehelp Makefile, 1.1.1.1, 1.2 checksums, 1.1.1.1, 1.2

by Doctor Conrad

Author: rmeggins Update of /cvs/dirsec/dsbuild/ds/onlinehelp In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv31137/dsbuild/ds/onlinehelp Modified Files: Makefile checksums Log Message: upgrade to 1.0.2 Index: Makefile =================================================================== RCS file: /cvs/dirsec/dsbuild/ds/onlinehelp/Makefile,v retrieving revision 1.1.1.1 retrieving revision 1.2 diff -u -r1.1.1.1 -r1.2 --- Makefile 10 Feb 2006 15:28:53 -0000 1.1.1.1 +++ Makefile 14 Feb 2006 22:29:34 -0000 1.2 @@ -1,5 +1,5 @@ GARNAME = fedora-onlinehelp -GARVERSION = 1.0 +GARVERSION = 1.0.2 CATEGORIES = ds DISTFILES = $(GARNAME)-$(GARVERSION).tar.gz PATCHFILES = Index: checksums =================================================================== RCS file: /cvs/dirsec/dsbuild/ds/onlinehelp/checksums,v retrieving revision 1.1.1.1 retrieving revision 1.2 diff -u -r1.1.1.1 -r1.2 --- checksums 10 Feb 2006 15:28:53 -0000 1.1.1.1 +++ checksums 14 Feb 2006 22:29:34 -0000 1.2 @@ -1 +1,2 @@ cc8cece82f0dc4d3ff502129fdd590f6 download/fedora-onlinehelp-1.0.tar.gz +bd3d02c50d88848551dfa24964cfcf92 download/fedora-onlinehelp-1.0.2.tar.gz

18 years, 2 months

1
0
0 / 0

[Fedora-directory-commits] dsbuild/ds/mozilla Makefile, 1.1.1.1, 1.2 checksums, 1.1.1.1, 1.2

by Doctor Conrad

Author: rmeggins Update of /cvs/dirsec/dsbuild/ds/mozilla In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv31137/dsbuild/ds/mozilla Modified Files: Makefile checksums Log Message: upgrade to 1.0.2 Index: Makefile =================================================================== RCS file: /cvs/dirsec/dsbuild/ds/mozilla/Makefile,v retrieving revision 1.1.1.1 retrieving revision 1.2 diff -u -r1.1.1.1 -r1.2 --- Makefile 10 Feb 2006 15:28:54 -0000 1.1.1.1 +++ Makefile 14 Feb 2006 22:29:29 -0000 1.2 @@ -3,8 +3,9 @@ CATEGORIES = ds # have the regular download rule download the patch rather than listing it in PATCHFILES # this is so we can override the default patch rule -MYPATCH = mozilla-gcc4.patch -DISTFILES = mozilla-components-2.tar.gz $(MYPATCH) +#MYPATCH = mozilla-gcc4.patch +MYPATCH = sysfdtable.patch sysfdtable2.patch +DISTFILES = mozilla-components-1.0.2.tar.gz $(MYPATCH) PATCHFILES = LIBDEPS = @@ -16,7 +17,7 @@ INSTALL_SCRIPTS = custom ifndef DEBUG -OPTFLAG="BUILDOPT=1" +OPTFLAG="BUILD_OPT=1" CONFIGFLAG=--disable-debug --enable-optimize else CONFIGFLAG=--enable-debug --disable-optimize @@ -24,22 +25,25 @@ # this is our "custom" patch target post-patch: +ifdef MYPATCH cat $(addprefix download/,$(MYPATCH)) | ( cd work ; patch -p0 ) +endif $(MAKECOOKIE) configure-custom: # remove the stupid mozilla- directory rmdir $(WORKSRC) - cd work/mozilla/directory/c-sdk && ./configure --with-nss $(CONFIGFLAG) $(MAKECOOKIE) build-custom: cd work/mozilla/security/nss && $(MAKE) nss_build_all $(OPTFLAG) cd work/mozilla/security/svrcore && $(MAKE) $(OPTFLAG) + cd work/mozilla/directory/c-sdk && ./configure --with-svrcore $(CONFIGFLAG) cd work/mozilla/directory/c-sdk && $(MAKE) BUILDCLU=1 HAVE_SVRCORE=1 $(OPTFLAG) # perldap uses MakeMaker, so lots of env. vars. cd work/mozilla/directory/perldap && \ - LDAPSDKDIR=/opt/mozldap LDAPSDKSSL=yes NSPRDIR=`echo ../../dist/*.OBJ` perl Makefile.PL && $(MAKE) + LDAPSDKDIR=/opt/mozldap LDAPSDKSSL=yes NSPRDIR=`echo ../../dist/*.OBJ` perl Makefile.PL && \ + $(MAKE) LD_RUN_PATH=/opt/fedora-ds/shared/lib $(MAKECOOKIE) Index: checksums =================================================================== RCS file: /cvs/dirsec/dsbuild/ds/mozilla/checksums,v retrieving revision 1.1.1.1 retrieving revision 1.2 diff -u -r1.1.1.1 -r1.2 --- checksums 10 Feb 2006 15:28:54 -0000 1.1.1.1 +++ checksums 14 Feb 2006 22:29:29 -0000 1.2 @@ -1,3 +1,6 @@ b93ea453da4e0510130649cf827108b1 download/mozilla-components.tar.gz 39bca53b30595c69fc64a6710dd3129e download/mozilla-components-2.tar.gz a4c0724bc5b319ec7670da4cce93f920 download/mozilla-gcc4.patch +f0d13d53c37adfe5312cf44d5d992042 download/sysfdtable.patch +251df4db04cced3c22713c865289d471 download/sysfdtable2.patch +931bc65330ad6d53aeb951e9d51a6a53 download/mozilla-components-1.0.2.tar.gz

18 years, 2 months

1
0
0 / 0

[Fedora-directory-commits] dsbuild/ds/mod_restartd Makefile, 1.1.1.1, 1.2 checksums, 1.1.1.1, 1.2

by Doctor Conrad

Author: rmeggins Update of /cvs/dirsec/dsbuild/ds/mod_restartd In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv31137/dsbuild/ds/mod_restartd Modified Files: Makefile checksums Log Message: upgrade to 1.0.2 Index: Makefile =================================================================== RCS file: /cvs/dirsec/dsbuild/ds/mod_restartd/Makefile,v retrieving revision 1.1.1.1 retrieving revision 1.2 diff -u -r1.1.1.1 -r1.2 --- Makefile 10 Feb 2006 15:28:53 -0000 1.1.1.1 +++ Makefile 14 Feb 2006 22:29:23 -0000 1.2 @@ -1,7 +1,7 @@ include ../../objdirname.mk GARNAME = mod_restartd -GARVERSION = 1.0 +GARVERSION = 1.0.2 CATEGORIES = ds DISTFILES = $(GARNAME)-$(GARVERSION).tar.gz PATCHFILES = @@ -41,7 +41,7 @@ CONFIGURE_ARGS = --with-apr-config -ifdef DEBUG +ifeq ($(DEBUG),full) CONFIGURE_ENV = CFLAGS=-g else CONFIGURE_ENV = CFLAGS=-O2 Index: checksums =================================================================== RCS file: /cvs/dirsec/dsbuild/ds/mod_restartd/checksums,v retrieving revision 1.1.1.1 retrieving revision 1.2 diff -u -r1.1.1.1 -r1.2 --- checksums 10 Feb 2006 15:28:53 -0000 1.1.1.1 +++ checksums 14 Feb 2006 22:29:23 -0000 1.2 @@ -1 +1,2 @@ 5d04f72e1b1287fde46213678d8f24de download/mod_restartd-1.0.tar.gz +27121b306c0c777d7187223b4179c601 download/mod_restartd-1.0.2.tar.gz

18 years, 2 months

1
0
0 / 0

[Fedora-directory-commits] dsbuild/ds/mod_nss Makefile, 1.1.1.1, 1.2 checksums, 1.1.1.1, 1.2

by Doctor Conrad

Author: rmeggins Update of /cvs/dirsec/dsbuild/ds/mod_nss In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv31137/dsbuild/ds/mod_nss Modified Files: Makefile checksums Log Message: upgrade to 1.0.2 Index: Makefile =================================================================== RCS file: /cvs/dirsec/dsbuild/ds/mod_nss/Makefile,v retrieving revision 1.1.1.1 retrieving revision 1.2 diff -u -r1.1.1.1 -r1.2 --- Makefile 10 Feb 2006 15:28:53 -0000 1.1.1.1 +++ Makefile 14 Feb 2006 22:29:18 -0000 1.2 @@ -1,7 +1,7 @@ include ../../objdirname.mk GARNAME = mod_nss -GARVERSION = 1.0 +GARVERSION = 1.0.2 CATEGORIES = ds DISTFILES = $(GARNAME)-$(GARVERSION).tar.gz PATCHFILES = @@ -43,7 +43,7 @@ CONFIGURE_ARGS = --with-apr-config --with-nspr=$(MOZILLA_DIST)/$(MOZ_OBJDIR_NAME) --with-nss-inc=$(MOZILLA_DIST)/public/nss --with-nss-lib=$(MOZILLA_DIST)/$(MOZ_OBJDIR_NAME)/lib -ifdef DEBUG +ifeq ($(DEBUG),full) CONFIGURE_ENV = CFLAGS=-g else CONFIGURE_ENV = CFLAGS=-O2 Index: checksums =================================================================== RCS file: /cvs/dirsec/dsbuild/ds/mod_nss/checksums,v retrieving revision 1.1.1.1 retrieving revision 1.2 diff -u -r1.1.1.1 -r1.2 --- checksums 10 Feb 2006 15:28:53 -0000 1.1.1.1 +++ checksums 14 Feb 2006 22:29:18 -0000 1.2 @@ -1 +1,2 @@ 68bb2fcd01694538e384454ee4c8ae53 download/mod_nss-1.0.tar.gz +59a6a6b2f17d2bf8f68a36d10ee378ba download/mod_nss-1.0.2.tar.gz

18 years, 2 months

1
0
0 / 0

[Fedora-directory-commits] dsbuild/ds/mod_admserv Makefile, 1.1.1.1, 1.2 checksums, 1.1.1.1, 1.2

by Doctor Conrad

Author: rmeggins Update of /cvs/dirsec/dsbuild/ds/mod_admserv In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv31137/dsbuild/ds/mod_admserv Modified Files: Makefile checksums Log Message: upgrade to 1.0.2 Index: Makefile =================================================================== RCS file: /cvs/dirsec/dsbuild/ds/mod_admserv/Makefile,v retrieving revision 1.1.1.1 retrieving revision 1.2 diff -u -r1.1.1.1 -r1.2 --- Makefile 10 Feb 2006 15:28:54 -0000 1.1.1.1 +++ Makefile 14 Feb 2006 22:29:12 -0000 1.2 @@ -1,7 +1,7 @@ include ../../objdirname.mk GARNAME = mod_admserv -GARVERSION = 1.0 +GARVERSION = 1.0.2 CATEGORIES = ds DISTFILES = $(GARNAME)-$(GARVERSION).tar.gz PATCHFILES = @@ -12,7 +12,7 @@ MOZILLA_DIST = $(ABS_GARDIR)/$(CATEGORIES)/mozilla/work/mozilla/dist -ADMINUTIL = $(ABS_GARDIR)/$(CATEGORIES)/adminutil/work/fedora-adminutil-1.0/built/adminutil/$(OBJDIR_NAME) +ADMINUTIL = $(ABS_GARDIR)/$(CATEGORIES)/adminutil/work/fedora-adminutil-1.0.2/built/adminutil/$(OBJDIR_NAME) INSTALL_SCRIPTS = custom @@ -47,7 +47,7 @@ CONFIGURE_ARGS = --with-apr-config --with-nspr=$(MOZILLA_DIST)/$(MOZ_OBJDIR_NAME) --with-nss-inc=$(MOZILLA_DIST)/public/nss --with-nss-lib=$(MOZILLA_DIST)/$(MOZ_OBJDIR_NAME)/lib --with-ldapsdk-inc=$(MOZILLA_DIST)/public/ldap --with-ldapsdk-lib=$(MOZILLA_DIST)/lib --with-adminutil=$(ADMINUTIL) -ifdef DEBUG +ifeq ($(DEBUG),full) CONFIGURE_ENV = CFLAGS=-g else CONFIGURE_ENV = CFLAGS=-O2 Index: checksums =================================================================== RCS file: /cvs/dirsec/dsbuild/ds/mod_admserv/checksums,v retrieving revision 1.1.1.1 retrieving revision 1.2 diff -u -r1.1.1.1 -r1.2 --- checksums 10 Feb 2006 15:28:53 -0000 1.1.1.1 +++ checksums 14 Feb 2006 22:29:12 -0000 1.2 @@ -1 +1,2 @@ a2615e7a400d10e6ec41565748decd3b download/mod_admserv-1.0.tar.gz +51e4a305687b48820bc8e02a28eb8fb7 download/mod_admserv-1.0.2.tar.gz

18 years, 2 months

1
0
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

389-commits February 2006