[Fedora-directory-commits] ldapserver component_versions.mk, 1.35.2.2, 1.35.2.3 components.mk, 1.30, 1.30.2.1 internal_comp_deps.mk, 1.24, 1.24.2.1 ldapserver.spec.tmpl, 1.10.2.7, 1.10.2.8 nsdefs.mk, 1.11.2.2, 1.11.2.3
by Doctor Conrad
Author: nhosoi
Update of /cvs/dirsec/ldapserver
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv24857
Modified Files:
Tag: Directory71RtmBranch
component_versions.mk components.mk internal_comp_deps.mk
ldapserver.spec.tmpl nsdefs.mk
Log Message:
[181582] Directory Server 7.1 SP2 packaging
Changes:
1) SP1 -> SP2
2) LDAPCSDK v5.16 -> v5.17
3) redhat-ds-7.1SP1-3.RHEL4.i386.opt.rpm ->
redhat-ds-7.1SP2-4.RHEL4.i386.opt.rpm
4) modified makefile/script to support copying a component file
Index: component_versions.mk
===================================================================
RCS file: /cvs/dirsec/ldapserver/component_versions.mk,v
retrieving revision 1.35.2.2
retrieving revision 1.35.2.3
diff -u -r1.35.2.2 -r1.35.2.3
--- component_versions.mk 22 Oct 2005 00:07:40 -0000 1.35.2.2
+++ component_versions.mk 15 Feb 2006 21:32:16 -0000 1.35.2.3
@@ -81,7 +81,7 @@
# LDAP SDK
ifndef LDAP_RELDATE
- LDAP_RELDATE = v5.16
+ LDAP_RELDATE = v5.17
endif
ifndef LDAPCOMP_DIR
LDAPCOMP_DIR=ldapsdk50
Index: components.mk
===================================================================
RCS file: /cvs/dirsec/ldapserver/components.mk,v
retrieving revision 1.30
retrieving revision 1.30.2.1
diff -u -r1.30 -r1.30.2.1
--- components.mk 16 May 2005 21:58:00 -0000 1.30
+++ components.mk 15 Feb 2006 21:32:16 -0000 1.30.2.1
@@ -296,13 +296,15 @@
else
LDAPSDK_LIBPATH = $(LDAP_ROOT)/lib
LDAPSDK_INCDIR = $(LDAP_ROOT)/include
- LDAPSDK_BINPATH = $(LDAP_ROOT)/tools
+ LDAPSDK_BINPATH = $(LDAP_ROOT)/bin
endif
LDAPSDK_INCLUDE = -I$(LDAPSDK_INCDIR)
# package the command line programs
-LDAPSDK_TOOLS = $(wildcard $(LDAPSDK_BINPATH)/ldap*$(EXE_SUFFIX))
-BINS_TO_PKG_SHARED += $(LDAPSDK_TOOLS)
+LDAPSDK_BINNAMES = ldapcmp ldapcompare ldapdelete ldapmodify ldapsearch
+LDAPSDK_TOOLS = $(addsuffix $(EXE_SUFFIX),$(LDAPSDK_BINNAMES))
+LDAPSDK_TOOLS_FULLPATH = $(addprefix $(LDAPSDK_BINPATH)/, $(LDAPSDK_TOOLS))
+BINS_TO_PKG_SHARED += $(LDAPSDK_TOOLS_FULLPATH)
# package the include files - needed for the plugin API
LDAPSDK_INCLUDE_FILES = $(wildcard $(LDAPSDK_INCDIR)/*.h)
PACKAGE_SRC_DEST += $(subst $(SPACE),$(SPACE)plugins/slapd/slapi/include$(SPACE),$(LDAPSDK_INCLUDE_FILES))
Index: internal_comp_deps.mk
===================================================================
RCS file: /cvs/dirsec/ldapserver/internal_comp_deps.mk,v
retrieving revision 1.24
retrieving revision 1.24.2.1
diff -u -r1.24 -r1.24.2.1
--- internal_comp_deps.mk 18 May 2005 13:38:57 -0000 1.24
+++ internal_comp_deps.mk 15 Feb 2006 21:32:16 -0000 1.24.2.1
@@ -236,7 +236,7 @@
mkdir -p $(LDAP_LIBPATH)
$(FTP_PULL) -method $(LDAPSDK_PULL_METHOD) \
-objdir $(LDAP_ROOT) -componentdir $(LDAP_RELEASE) \
- -files include,$(LDAPSDK_PULL_LIBS),tools
+ -files include,$(LDAPSDK_PULL_LIBS),bin
endif
-@if [ ! -f $@ ] ; \
then echo "Error: could not get component LDAPSDK file $@" ; \
Index: ldapserver.spec.tmpl
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldapserver.spec.tmpl,v
retrieving revision 1.10.2.7
retrieving revision 1.10.2.8
diff -u -r1.10.2.7 -r1.10.2.8
--- ldapserver.spec.tmpl 14 Oct 2005 17:32:46 -0000 1.10.2.7
+++ ldapserver.spec.tmpl 15 Feb 2006 21:32:16 -0000 1.10.2.8
@@ -45,7 +45,7 @@
Summary: @COMPANY-PRODUCT-NAME@
Name: @LCASE-COMPANY-NAME-NOSP@-ds
Version: @GEN-VERSION@
-Release: 3.@PLATFORM@
+Release: 4.@PLATFORM@
License: GPL plus extensions
Group: System Environment/Daemons
URL: @COMPANY-URL@
Index: nsdefs.mk
===================================================================
RCS file: /cvs/dirsec/ldapserver/nsdefs.mk,v
retrieving revision 1.11.2.2
retrieving revision 1.11.2.3
diff -u -r1.11.2.2 -r1.11.2.3
--- nsdefs.mk 10 Sep 2005 00:41:45 -0000 1.11.2.2
+++ nsdefs.mk 15 Feb 2006 21:32:16 -0000 1.11.2.3
@@ -265,8 +265,8 @@
OBJDIR=$(COMMON_OBJDIR)
OBJDIR_32=$(COMMON_OBJDIR_32)
DO_SEARCH=no
-DIR_VERSION:=7.1 SP1
-NOSP_DIR_VERSION:=7.1SP1
+DIR_VERSION:=7.1 SP2
+NOSP_DIR_VERSION:=7.1SP2
DIR_NORM_VERSION:=7.1
PRODUCT_NAME="$(PRODUCTCORE) $(DIR_VERSION)"
# When you change DIRSDK_VERSION or DIRSDK_VERSION_DLL_SUFFIX, you must
18 years, 2 months
[Fedora-directory-commits] ldapserver/ldap/servers/slapd passwd_extop.c, 1.6, 1.7
by Doctor Conrad
Author: rmeggins
Update of /cvs/dirsec/ldapserver/ldap/servers/slapd
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv24719
Modified Files:
passwd_extop.c
Log Message:
Bug(s) fixed: 181587
Bug Description: Password Modify LDAPv3 extended operation erroneously
forces the client to supply old password
Reviewed by: Pete & Nathan (Thanks!)
Fix Description: If the BIND operation was successful, the CONN_DN field
is always set to the proper DN. This is even the case during a SASL or
client cert DN if the authentication was successful AND the given
identity could be mapped to a real user in the directory. Also, the
authmethod will be something other than NULL or none. So, if the old
password was not given, that is ok if there is a non-anonymous bind DN
and a real authmethod. The rest of the operation passes through the usual access control.
Platforms tested: Fedora Core 4
Flag Day: no
Doc impact: no
Index: passwd_extop.c
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/passwd_extop.c,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- passwd_extop.c 19 Apr 2005 22:07:36 -0000 1.6
+++ passwd_extop.c 15 Feb 2006 21:22:46 -0000 1.7
@@ -201,6 +201,7 @@
{
char *oid = NULL;
char *bindDN = NULL;
+ char *authmethod = NULL;
char *dn = NULL;
char *oldPasswd = NULL;
char *newPasswd = NULL;
@@ -297,6 +298,7 @@
{
if ( ber_scanf( ber, "a", &dn) == LBER_ERROR )
{
+ slapi_ch_free_string(&dn);
LDAPDebug( LDAP_DEBUG_ANY,
"ber_scanf failed :{\n", 0, 0, 0 );
errMesg = "ber_scanf failed at userID parse.\n";
@@ -313,6 +315,7 @@
{
if ( ber_scanf( ber, "a", &oldPasswd ) == LBER_ERROR )
{
+ slapi_ch_free_string(&oldPasswd);
LDAPDebug( LDAP_DEBUG_ANY,
"ber_scanf failed :{\n", 0, 0, 0 );
errMesg = "ber_scanf failed at oldPasswd parse.\n";
@@ -320,10 +323,6 @@
goto free_and_return;
}
tag = ber_peek_tag( ber, &len);
- } else {
- errMesg = "Current passwd must be supplied by the user.\n";
- rc = LDAP_PARAM_ERROR;
- goto free_and_return;
}
/* identify newPasswd field by tags */
@@ -331,6 +330,7 @@
{
if ( ber_scanf( ber, "a", &newPasswd ) == LBER_ERROR )
{
+ slapi_ch_free_string(&newPasswd);
LDAPDebug( LDAP_DEBUG_ANY,
"ber_scanf failed :{\n", 0, 0, 0 );
errMesg = "ber_scanf failed at newPasswd parse.\n";
@@ -348,12 +348,27 @@
dn, oldPasswd, newPasswd); */
- if (oldPasswd == NULL || *oldPasswd == '\0') {
- /* Refuse to handle this operation because current password is not provided */
- errMesg = "Current passwd must be supplied by the user.\n";
- rc = LDAP_PARAM_ERROR;
+ /* Get Bind DN */
+ slapi_pblock_get( pb, SLAPI_CONN_DN, &bindDN );
+
+ /* If the connection is bound anonymously, we must refuse to process this operation. */
+ if (bindDN == NULL || *bindDN == '\0') {
+ /* Refuse the operation because they're bound anonymously */
+ errMesg = "Anonymous Binds are not allowed.\n";
+ rc = LDAP_INSUFFICIENT_ACCESS;
goto free_and_return;
}
+
+ if (oldPasswd == NULL || *oldPasswd == '\0') {
+ /* If user is authenticated, they already gave their password during
+ the bind operation (or used sasl or client cert auth) */
+ slapi_pblock_get(pb, SLAPI_CONN_AUTHMETHOD, &authmethod);
+ if (!authmethod || !strcmp(authmethod, SLAPD_AUTH_NONE)) {
+ errMesg = "User must be authenticated to the directory server.\n";
+ rc = LDAP_INSUFFICIENT_ACCESS;
+ goto free_and_return;
+ }
+ }
/* We don't implement password generation, so if the request implies
* that they asked us to do that, we must refuse to process it */
@@ -364,22 +379,12 @@
goto free_and_return;
}
- /* Get Bind DN */
- slapi_pblock_get( pb, SLAPI_CONN_DN, &bindDN );
-
- /* If the connection is bound anonymously, we must refuse to process this operation. */
- if (bindDN == NULL || *bindDN == '\0') {
- /* Refuse the operation because they're bound anonymously */
- errMesg = "Anonymous Binds are not allowed.\n";
- rc = LDAP_INSUFFICIENT_ACCESS;
- goto free_and_return;
- }
/* Determine the target DN for this operation */
/* Did they give us a DN ? */
if (dn == NULL || *dn == '\0') {
/* Get the DN from the bind identity on this connection */
- dn = bindDN;
+ dn = slapi_ch_strdup(bindDN);
LDAPDebug( LDAP_DEBUG_ANY,
"Missing userIdentity in request, using the bind DN instead.\n",
0, 0, 0 );
@@ -433,13 +438,15 @@
* They gave us a password (old), check it against the target entry
* Is the old password valid ?
*/
- ret = passwd_check_pwd(targetEntry, oldPasswd);
- if (ret) {
- /* No, then we fail this operation */
- errMesg = "Invalid oldPasswd value.\n";
- rc = ret;
- goto free_and_return;
- }
+ if (oldPasswd && *oldPasswd) {
+ ret = passwd_check_pwd(targetEntry, oldPasswd);
+ if (ret) {
+ /* No, then we fail this operation */
+ errMesg = "Invalid oldPasswd value.\n";
+ rc = ret;
+ goto free_and_return;
+ }
+ }
/* Now we're ready to make actual password change */
@@ -455,7 +462,17 @@
/* Free anything that we allocated above */
free_and_return:
-
+
+ slapi_ch_free_string(&oldPasswd);
+ slapi_ch_free_string(&newPasswd);
+ /* Either this is the same pointer that we allocated and set above,
+ or whoever used it should have freed it and allocated a new
+ value that we need to free here */
+ slapi_pblock_get( pb, SLAPI_ORIGINAL_TARGET, &dn );
+ slapi_ch_free_string(&dn);
+ slapi_pblock_set( pb, SLAPI_ORIGINAL_TARGET, NULL );
+ slapi_ch_free_string(&authmethod);
+
if ( targetEntry != NULL ){
slapi_entry_free (targetEntry);
}
@@ -465,9 +482,8 @@
ber = NULL;
}
-
slapi_log_error( SLAPI_LOG_PLUGIN, "passwd_modify_extop",
- errMesg );
+ errMesg ? errMesg : "success" );
send_ldap_result( pb, rc, NULL, errMesg, 0, NULL );
18 years, 2 months
[Fedora-directory-commits] ldapserver/ldap/servers/slapd libglobs.c, 1.7, 1.8
by Doctor Conrad
Author: nkinder
Update of /cvs/dirsec/ldapserver/ldap/servers/slapd
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv3170
Modified Files:
libglobs.c
Log Message:
Bug(s) fixed: 181032
Bug Description: Most of our integer based config parameters do not do a good job
validating input. For example, alphabetic characters will be accepted as a value
if "0" is a valid setting for a given parameter since atoi returns "0" on error. We
also don't properly check for range errors for many parameters.
Reviewed by: Rich, Pete, and Noriko (Thanks!)
Files: ldapserver/ldap/servers/slapd/libglobs.c
Branch: HEAD
Fix Description: This adds better input validation for a number of integer based config
settings. I replaced our usage of atoi() with strtol() so we can recognize
conversion errors. I also added more descriptive error strings where they were
missing. I revised the fix due to feedback from Noriko. She recommended that
we check for ERANGE areas for all calls to strtol insead of only checking when
LONG_MAX is a valid setting for a config parameter.
Flag Day: no
Doc impact: no
QA impact: should be covered by regular nightly and manual testing
New Tests integrated into TET: none
Index: libglobs.c
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/libglobs.c,v
retrieving revision 1.7
retrieving revision 1.8
diff -u -r1.7 -r1.8
--- libglobs.c 25 Jan 2006 16:51:39 -0000 1.7
+++ libglobs.c 15 Feb 2006 00:26:19 -0000 1.8
@@ -950,7 +950,8 @@
int
config_set_port( const char *attrname, char *port, char *errorbuf, int apply ) {
- int nPort;
+ long nPort;
+ char *endp = NULL;
slapdFrontendConfig_t *slapdFrontendConfig = getFrontendConfig();
int retVal = LDAP_SUCCESS;
@@ -958,17 +959,20 @@
return LDAP_OPERATIONS_ERROR;
}
- nPort = atoi( port );
+ errno = 0;
+ nPort = strtol(port, &endp, 10);
- if ( nPort == 0 ) {
- LDAPDebug( LDAP_DEBUG_ANY,
- "Information: Non-Secure Port Disabled, server only contactable via secure port\n", 0, 0, 0 );
- }
- else if (nPort > LDAP_PORT_MAX || nPort < 0 ) {
+ if ( *endp != '\0' || errno == ERANGE || nPort > LDAP_PORT_MAX || nPort < 0 ) {
retVal = LDAP_OPERATIONS_ERROR;
PR_snprintf ( errorbuf, SLAPI_DSE_RETURNTEXT_SIZE,
- "%s: %d is invalid, ports must range from 1 to %d",
- attrname, nPort, LDAP_PORT_MAX );
+ "%s: \"%s\" is invalid, ports must range from 0 to %d",
+ attrname, port, LDAP_PORT_MAX );
+ return retVal;
+ }
+
+ if ( nPort == 0 ) {
+ LDAPDebug( LDAP_DEBUG_ANY,
+ "Information: Non-Secure Port Disabled, server only contactable via secure port\n", 0, 0, 0 );
}
if ( apply ) {
@@ -984,19 +988,23 @@
int
config_set_secureport( const char *attrname, char *port, char *errorbuf, int apply ) {
- int nPort = atoi ( port );
+ long nPort;
+ char *endp = NULL;
slapdFrontendConfig_t *slapdFrontendConfig = getFrontendConfig();
int retVal = LDAP_SUCCESS;
if ( config_value_is_null( attrname, port, errorbuf, 0 )) {
return LDAP_OPERATIONS_ERROR;
}
+
+ errno = 0;
+ nPort = strtol(port, &endp, 10);
- if (nPort > LDAP_PORT_MAX || nPort <= 0 ) {
+ if (*endp != '\0' || errno == ERANGE || nPort > LDAP_PORT_MAX || nPort <= 0 ) {
retVal = LDAP_OPERATIONS_ERROR;
PR_snprintf ( errorbuf, SLAPI_DSE_RETURNTEXT_SIZE,
- "%s: %d is invalid, ports must range from 1 to %d",
- attrname, nPort, LDAP_PORT_MAX );
+ "%s: \"%s\" is invalid, ports must range from 1 to %d",
+ attrname, port, LDAP_PORT_MAX );
}
if (apply) {
@@ -1159,23 +1167,27 @@
int
config_set_sizelimit( const char *attrname, char *value, char *errorbuf, int apply ) {
int retVal = LDAP_SUCCESS;
+ long sizelimit;
+ char *endp = NULL;
Slapi_Backend *be;
char *cookie;
+
slapdFrontendConfig_t *slapdFrontendConfig = getFrontendConfig();
- int sizelimit = atoi ( value );
-
if ( config_value_is_null( attrname, value, errorbuf, 0 )) {
return LDAP_OPERATIONS_ERROR;
}
- if ( sizelimit < -1 ) {
- PR_snprintf ( errorbuf, SLAPI_DSE_RETURNTEXT_SIZE, "%s: %d is too small",
- attrname, sizelimit );
+ errno = 0;
+ sizelimit = strtol(value, &endp, 10);
+
+ if ( *endp != '\0' || errno == ERANGE || sizelimit < -1 ) {
+ PR_snprintf ( errorbuf, SLAPI_DSE_RETURNTEXT_SIZE, "%s: \"%s\" is invalid, sizelimit must range from -1 to %ld",
+ attrname, value, LONG_MAX );
retVal = LDAP_OPERATIONS_ERROR;
return retVal;
}
-
+
if (apply) {
CFG_LOCK_WRITE(slapdFrontendConfig);
@@ -1347,15 +1359,20 @@
int
config_set_pw_minlength( const char *attrname, char *value, char *errorbuf, int apply ) {
- int retVal = LDAP_SUCCESS, minLength = 0;
+ int retVal = LDAP_SUCCESS;
+ long minLength = 0;
+ char *endp = NULL;
+
slapdFrontendConfig_t *slapdFrontendConfig = getFrontendConfig();
if ( config_value_is_null( attrname, value, errorbuf, 0 )) {
return LDAP_OPERATIONS_ERROR;
}
- minLength = atoi(value);
- if ( minLength < 2 || minLength > 512 ) {
+ errno = 0;
+ minLength = strtol(value, &endp, 10);
+
+ if ( *endp != '\0' || errno == ERANGE || minLength < 2 || minLength > 512 ) {
PR_snprintf ( errorbuf, SLAPI_DSE_RETURNTEXT_SIZE,
"password minimum length \"%s\" is invalid. "
"The minimum length must range from 2 to 512.",
@@ -1377,15 +1394,20 @@
int
config_set_pw_mindigits( const char *attrname, char *value, char *errorbuf, int apply ) {
- int retVal = LDAP_SUCCESS, minDigits = 0;
+ int retVal = LDAP_SUCCESS;
+ long minDigits = 0;
+ char *endp = NULL;
+
slapdFrontendConfig_t *slapdFrontendConfig = getFrontendConfig();
if ( config_value_is_null( attrname, value, errorbuf, 0 )) {
return LDAP_OPERATIONS_ERROR;
}
- minDigits = atoi(value);
- if ( minDigits < 0 || minDigits > 64 ) {
+ errno = 0;
+ minDigits = strtol(value, &endp, 10);
+
+ if ( *endp != '\0' || errno == ERANGE || minDigits < 0 || minDigits > 64 ) {
PR_snprintf ( errorbuf, SLAPI_DSE_RETURNTEXT_SIZE,
"password minimum number of digits \"%s\" is invalid. "
"The minimum number of digits must range from 0 to 64.",
@@ -1407,15 +1429,20 @@
int
config_set_pw_minalphas( const char *attrname, char *value, char *errorbuf, int apply ) {
- int retVal = LDAP_SUCCESS, minAlphas = 0;
+ int retVal = LDAP_SUCCESS;
+ long minAlphas = 0;
+ char *endp = NULL;
+
slapdFrontendConfig_t *slapdFrontendConfig = getFrontendConfig();
if ( config_value_is_null( attrname, value, errorbuf, 0 )) {
return LDAP_OPERATIONS_ERROR;
}
- minAlphas = atoi(value);
- if ( minAlphas < 0 || minAlphas > 64 ) {
+ errno = 0;
+ minAlphas = strtol(value, &endp, 10);
+
+ if ( *endp != '\0' || errno == ERANGE || minAlphas < 0 || minAlphas > 64 ) {
PR_snprintf ( errorbuf, SLAPI_DSE_RETURNTEXT_SIZE,
"password minimum number of alphas \"%s\" is invalid. "
"The minimum number of alphas must range from 0 to 64.",
@@ -1437,15 +1464,20 @@
int
config_set_pw_minuppers( const char *attrname, char *value, char *errorbuf, int apply ) {
- int retVal = LDAP_SUCCESS, minUppers = 0;
+ int retVal = LDAP_SUCCESS;
+ long minUppers = 0;
+ char *endp = NULL;
+
slapdFrontendConfig_t *slapdFrontendConfig = getFrontendConfig();
if ( config_value_is_null( attrname, value, errorbuf, 0 )) {
return LDAP_OPERATIONS_ERROR;
}
- minUppers = atoi(value);
- if ( minUppers < 0 || minUppers > 64 ) {
+ errno = 0;
+ minUppers = strtol(value, &endp, 10);
+
+ if ( *endp != '\0' || errno == ERANGE || minUppers < 0 || minUppers > 64 ) {
PR_snprintf ( errorbuf, SLAPI_DSE_RETURNTEXT_SIZE,
"password minimum number of uppercase characters \"%s\" is invalid. "
"The minimum number of uppercase characters must range from 0 to 64.",
@@ -1467,15 +1499,20 @@
int
config_set_pw_minlowers( const char *attrname, char *value, char *errorbuf, int apply ) {
- int retVal = LDAP_SUCCESS, minLowers = 0;
+ int retVal = LDAP_SUCCESS;
+ long minLowers = 0;
+ char *endp = NULL;
+
slapdFrontendConfig_t *slapdFrontendConfig = getFrontendConfig();
if ( config_value_is_null( attrname, value, errorbuf, 0 )) {
return LDAP_OPERATIONS_ERROR;
}
- minLowers = atoi(value);
- if ( minLowers < 0 || minLowers > 64 ) {
+ errno = 0;
+ minLowers = strtol(value, &endp, 10);
+
+ if ( *endp != '\0' || errno == ERANGE || minLowers < 0 || minLowers > 64 ) {
PR_snprintf ( errorbuf, SLAPI_DSE_RETURNTEXT_SIZE,
"password minimum number of lowercase characters \"%s\" is invalid. "
"The minimum number of lowercase characters must range from 0 to 64.",
@@ -1497,15 +1534,20 @@
int
config_set_pw_minspecials( const char *attrname, char *value, char *errorbuf, int apply ) {
- int retVal = LDAP_SUCCESS, minSpecials = 0;
+ int retVal = LDAP_SUCCESS;
+ long minSpecials = 0;
+ char *endp = NULL;
+
slapdFrontendConfig_t *slapdFrontendConfig = getFrontendConfig();
if ( config_value_is_null( attrname, value, errorbuf, 0 )) {
return LDAP_OPERATIONS_ERROR;
}
- minSpecials = atoi(value);
- if ( minSpecials < 0 || minSpecials > 64 ) {
+ errno = 0;
+ minSpecials = strtol(value, &endp, 10);
+
+ if ( *endp != '\0' || errno == ERANGE || minSpecials < 0 || minSpecials > 64 ) {
PR_snprintf ( errorbuf, SLAPI_DSE_RETURNTEXT_SIZE,
"password minimum number of special characters \"%s\" is invalid. "
"The minimum number of special characters must range from 0 to 64.",
@@ -1527,15 +1569,20 @@
int
config_set_pw_min8bit( const char *attrname, char *value, char *errorbuf, int apply ) {
- int retVal = LDAP_SUCCESS, min8bit = 0;
+ int retVal = LDAP_SUCCESS;
+ long min8bit = 0;
+ char *endp = NULL;
+
slapdFrontendConfig_t *slapdFrontendConfig = getFrontendConfig();
if ( config_value_is_null( attrname, value, errorbuf, 0 )) {
return LDAP_OPERATIONS_ERROR;
}
- min8bit = atoi(value);
- if ( min8bit < 0 || min8bit > 64 ) {
+ errno = 0;
+ min8bit = strtol(value, &endp, 10);
+
+ if ( *endp != '\0' || errno == ERANGE || min8bit < 0 || min8bit > 64 ) {
PR_snprintf ( errorbuf, SLAPI_DSE_RETURNTEXT_SIZE,
"password minimum number of 8-bit characters \"%s\" is invalid. "
"The minimum number of 8-bit characters must range from 0 to 64.",
@@ -1557,15 +1604,20 @@
int
config_set_pw_maxrepeats( const char *attrname, char *value, char *errorbuf, int apply ) {
- int retVal = LDAP_SUCCESS, maxRepeats = 0;
+ int retVal = LDAP_SUCCESS;
+ long maxRepeats = 0;
+ char *endp = NULL;
+
slapdFrontendConfig_t *slapdFrontendConfig = getFrontendConfig();
if ( config_value_is_null( attrname, value, errorbuf, 0 )) {
return LDAP_OPERATIONS_ERROR;
}
- maxRepeats = atoi(value);
- if ( maxRepeats < 0 || maxRepeats > 64 ) {
+ errno = 0;
+ maxRepeats = strtol(value, &endp, 10);
+
+ if ( *endp != '\0' || errno == ERANGE || maxRepeats < 0 || maxRepeats > 64 ) {
PR_snprintf ( errorbuf, SLAPI_DSE_RETURNTEXT_SIZE,
"password maximum number of repeated characters \"%s\" is invalid. "
"The maximum number of repeated characters must range from 0 to 64.",
@@ -1587,15 +1639,20 @@
int
config_set_pw_mincategories( const char *attrname, char *value, char *errorbuf, int apply ) {
- int retVal = LDAP_SUCCESS, minCategories = 0;
+ int retVal = LDAP_SUCCESS;
+ long minCategories = 0;
+ char *endp = NULL;
+
slapdFrontendConfig_t *slapdFrontendConfig = getFrontendConfig();
if ( config_value_is_null( attrname, value, errorbuf, 0 )) {
return LDAP_OPERATIONS_ERROR;
}
- minCategories = atoi(value);
- if ( minCategories < 1 || minCategories > 5 ) {
+ errno = 0;
+ minCategories = strtol(value, &endp, 10);
+
+ if ( *endp != '\0' || errno == ERANGE || minCategories < 1 || minCategories > 5 ) {
PR_snprintf ( errorbuf, SLAPI_DSE_RETURNTEXT_SIZE,
"password minimum number of categories \"%s\" is invalid. "
"The minimum number of categories must range from 1 to 5.",
@@ -1617,15 +1674,20 @@
int
config_set_pw_mintokenlength( const char *attrname, char *value, char *errorbuf, int apply ) {
- int retVal = LDAP_SUCCESS, minTokenLength = 0;
+ int retVal = LDAP_SUCCESS;
+ long minTokenLength = 0;
+ char *endp = NULL;
+
slapdFrontendConfig_t *slapdFrontendConfig = getFrontendConfig();
if ( config_value_is_null( attrname, value, errorbuf, 0 )) {
return LDAP_OPERATIONS_ERROR;
}
- minTokenLength = atoi(value);
- if ( minTokenLength < 1 || minTokenLength > 64 ) {
+ errno = 0;
+ minTokenLength = strtol(value, &endp, 10);
+
+ if ( *endp != '\0' || errno == ERANGE || minTokenLength < 1 || minTokenLength > 64 ) {
PR_snprintf ( errorbuf, SLAPI_DSE_RETURNTEXT_SIZE,
"password minimum token length \"%s\" is invalid. "
"The minimum token length must range from 1 to 64.",
@@ -1647,15 +1709,20 @@
int
config_set_pw_maxfailure( const char *attrname, char *value, char *errorbuf, int apply ) {
- int retVal = LDAP_SUCCESS, maxFailure = 0;
+ int retVal = LDAP_SUCCESS;
+ long maxFailure = 0;
+ char *endp = NULL;
+
slapdFrontendConfig_t *slapdFrontendConfig = getFrontendConfig();
if ( config_value_is_null( attrname, value, errorbuf, 0 )) {
return LDAP_OPERATIONS_ERROR;
}
- maxFailure = atoi(value);
- if ( maxFailure <= 0 || maxFailure > 32767 ) {
+ errno = 0;
+ maxFailure = strtol(value, &endp, 10);
+
+ if ( *endp != '\0' || errno == ERANGE || maxFailure <= 0 || maxFailure > 32767 ) {
PR_snprintf ( errorbuf, SLAPI_DSE_RETURNTEXT_SIZE,
"password maximum retry \"%s\" is invalid. "
"Password maximum failure must range from 1 to 32767",
@@ -1679,15 +1746,20 @@
int
config_set_pw_inhistory( const char *attrname, char *value, char *errorbuf, int apply ) {
- int retVal = LDAP_SUCCESS, history = 0;
+ int retVal = LDAP_SUCCESS;
+ long history = 0;
+ char *endp = NULL;
+
slapdFrontendConfig_t *slapdFrontendConfig = getFrontendConfig();
if ( config_value_is_null( attrname, value, errorbuf, 0 )) {
return LDAP_OPERATIONS_ERROR;
}
- history = atoi(value);
- if ( history < 2 || history > 24 ) {
+ errno = 0;
+ history = strtol(value, &endp, 10);
+
+ if ( *endp != '\0' || errno == ERANGE || history < 2 || history > 24 ) {
PR_snprintf ( errorbuf, SLAPI_DSE_RETURNTEXT_SIZE,
"password history length \"%s\" is invalid. "
"The password history must range from 2 to 24",
@@ -1712,16 +1784,19 @@
config_set_pw_lockduration( const char *attrname, char *value, char *errorbuf, int apply ) {
int retVal = LDAP_SUCCESS;
long duration = 0; /* in minutes */
+ char *endp = NULL;
+
slapdFrontendConfig_t *slapdFrontendConfig = getFrontendConfig();
if ( config_value_is_null( attrname, value, errorbuf, 0 )) {
return LDAP_OPERATIONS_ERROR;
}
+ errno = 0;
/* in seconds */
- duration = strtol (value, NULL, 0);
+ duration = strtol(value, &endp, 10);
- if ( duration <= 0 || duration > (MAX_ALLOWED_TIME_IN_SECS - current_time()) ) {
+ if ( *endp != '\0' || errno == ERANGE || duration <= 0 || duration > (MAX_ALLOWED_TIME_IN_SECS - current_time()) ) {
PR_snprintf ( errorbuf, SLAPI_DSE_RETURNTEXT_SIZE,
"password lockout duration \"%s\" seconds is invalid. ",
value );
@@ -1741,15 +1816,19 @@
config_set_pw_resetfailurecount( const char *attrname, char *value, char *errorbuf, int apply ) {
int retVal = LDAP_SUCCESS;
long duration = 0; /* in minutes */
+ char *endp = NULL;
+
slapdFrontendConfig_t *slapdFrontendConfig = getFrontendConfig();
if ( config_value_is_null( attrname, value, errorbuf, 0 )) {
return LDAP_OPERATIONS_ERROR;
}
+ errno = 0;
/* in seconds */
- duration = strtol (value, NULL, 0);
- if ( duration < 0 || duration > (MAX_ALLOWED_TIME_IN_SECS - current_time()) ) {
+ duration = strtol(value, &endp, 10);
+
+ if ( *endp != '\0' || errno == ERANGE || duration < 0 || duration > (MAX_ALLOWED_TIME_IN_SECS - current_time()) ) {
PR_snprintf ( errorbuf, SLAPI_DSE_RETURNTEXT_SIZE,
"password reset count duration \"%s\" seconds is invalid. ",
value );
@@ -1824,18 +1903,22 @@
int
config_set_pw_gracelimit( const char *attrname, char *value, char *errorbuf, int apply ) {
- int retVal = LDAP_SUCCESS, gracelimit = 0;
+ int retVal = LDAP_SUCCESS;
+ long gracelimit = 0;
+ char *endp = NULL;
+
slapdFrontendConfig_t *slapdFrontendConfig = getFrontendConfig();
if ( config_value_is_null( attrname, value, errorbuf, 0 )) {
return LDAP_OPERATIONS_ERROR;
}
-
- gracelimit = atoi(value);
- if ( gracelimit < 0 ) {
+ errno = 0;
+ gracelimit = strtol(value, &endp, 10);
+
+ if ( *endp != '\0' || errno == ERANGE || gracelimit < 0 ) {
PR_snprintf ( errorbuf, SLAPI_DSE_RETURNTEXT_SIZE,
- "password grace limit \"%s\" is invalid.",
- value );
+ "password grace limit \"%s\" is invalid, password grace limit must range from 0 to %ld",
+ value , LONG_MAX );
retVal = LDAP_OPERATIONS_ERROR;
return retVal;
}
@@ -2296,17 +2379,21 @@
int
config_set_threadnumber( const char *attrname, char *value, char *errorbuf, int apply ) {
- int retVal = LDAP_SUCCESS, threadnum = 0;
+ int retVal = LDAP_SUCCESS;
+ long threadnum = 0;
+ char *endp = NULL;
+
slapdFrontendConfig_t *slapdFrontendConfig = getFrontendConfig();
if ( config_value_is_null( attrname, value, errorbuf, 0 )) {
return LDAP_OPERATIONS_ERROR;
}
- threadnum = atoi ( value );
+ errno = 0;
+ threadnum = strtol(value, &endp, 10);
- if ( threadnum < 1 || threadnum > 65535 ) {
- PR_snprintf ( errorbuf, SLAPI_DSE_RETURNTEXT_SIZE, "%s: invalid value %d, maximum thread number must range from 1 to 65535", attrname, threadnum );
+ if ( *endp != '\0' || errno == ERANGE || threadnum < 1 || threadnum > 65535 ) {
+ PR_snprintf ( errorbuf, SLAPI_DSE_RETURNTEXT_SIZE, "%s: invalid value \"%s\", maximum thread number must range from 1 to 65535", attrname, value );
retVal = LDAP_OPERATIONS_ERROR;
}
@@ -2321,17 +2408,21 @@
int
config_set_maxthreadsperconn( const char *attrname, char *value, char *errorbuf, int apply ) {
- int retVal = LDAP_SUCCESS, maxthreadnum = 0;
+ int retVal = LDAP_SUCCESS;
+ long maxthreadnum = 0;
+ char *endp = NULL;
+
slapdFrontendConfig_t *slapdFrontendConfig = getFrontendConfig();
if ( config_value_is_null( attrname, value, errorbuf, 0 )) {
return LDAP_OPERATIONS_ERROR;
}
- maxthreadnum = atoi ( value );
+ errno = 0;
+ maxthreadnum = strtol(value, &endp, 10);
- if ( maxthreadnum < 1 || maxthreadnum > 65535 ) {
- PR_snprintf ( errorbuf, SLAPI_DSE_RETURNTEXT_SIZE, "%s: invalid value %d, maximum thread number per connection must range from 1 to 65535", attrname, maxthreadnum );
+ if ( *endp != '\0' || errno == ERANGE || maxthreadnum < 1 || maxthreadnum > 65535 ) {
+ PR_snprintf ( errorbuf, SLAPI_DSE_RETURNTEXT_SIZE, "%s: invalid value \"%s\", maximum thread number per connection must range from 1 to 65535", attrname, value );
retVal = LDAP_OPERATIONS_ERROR;
}
@@ -2348,29 +2439,34 @@
#include <sys/resource.h>
int
config_set_maxdescriptors( const char *attrname, char *value, char *errorbuf, int apply ) {
- int retVal = LDAP_SUCCESS, nValue = 0;
+ int retVal = LDAP_SUCCESS;
+ long nValue = 0;
int maxVal = 65535;
struct rlimit rlp;
+ char *endp = NULL;
+
slapdFrontendConfig_t *slapdFrontendConfig = getFrontendConfig();
if ( config_value_is_null( attrname, value, errorbuf, 0 )) {
return LDAP_OPERATIONS_ERROR;
}
- nValue = atoi ( value );
if ( 0 == getrlimit( RLIMIT_NOFILE, &rlp ) ) {
- maxVal = (int)rlp.rlim_max;
+ maxVal = (int)rlp.rlim_max;
}
-
- if ( nValue < 1 || nValue > maxVal ) {
- PR_snprintf ( errorbuf, SLAPI_DSE_RETURNTEXT_SIZE, "%s: invalid value %d, maximum file descriptors must range from 1 to %d (the current process limit)",
- attrname, nValue, maxVal );
- if ( nValue < 1 ) {
- retVal = LDAP_OPERATIONS_ERROR;
- } else {
- nValue = maxVal;
- retVal = LDAP_UNWILLING_TO_PERFORM;
- }
+
+ errno = 0;
+ nValue = strtol(value, &endp, 10);
+
+ if ( *endp != '\0' || errno == ERANGE || nValue < 1 || nValue > maxVal ) {
+ PR_snprintf ( errorbuf, SLAPI_DSE_RETURNTEXT_SIZE, "%s: invalid value \"%s\", maximum file descriptors must range from 1 to %d (the current process limit)",
+ attrname, value, maxVal );
+ if ( nValue > maxVal ) {
+ nValue = maxVal;
+ retVal = LDAP_UNWILLING_TO_PERFORM;
+ } else {
+ retVal = LDAP_OPERATIONS_ERROR;
+ }
}
if (apply) {
@@ -2385,8 +2481,10 @@
int
config_set_conntablesize( const char *attrname, char *value, char *errorbuf, int apply ) {
- int retVal = LDAP_SUCCESS, nValue = 0;
+ int retVal = LDAP_SUCCESS;
+ long nValue = 0;
int maxVal = 65535;
+ char *endp = NULL;
#ifndef _WIN32
struct rlimit rlp;
#endif
@@ -2396,27 +2494,31 @@
return LDAP_OPERATIONS_ERROR;
}
- nValue = atoi ( value );
+#ifndef _WIN32
+ if ( 0 == getrlimit( RLIMIT_NOFILE, &rlp ) ) {
+ maxVal = (int)rlp.rlim_max;
+ }
+#endif
+
+ errno = 0;
+ nValue = strtol(value, &endp, 0);
#ifdef _WIN32
- if ( nValue < 1 || nValue > 0xfffffe ) {
- PR_snprintf ( errorbuf, SLAPI_DSE_RETURNTEXT_SIZE, "%s: invalid value %d, connection table size must range from 1 to 0xfffffe", attrname, nValue );
+ if ( *endp != '\0' || errno == ERANGE || nValue < 1 || nValue > 0xfffffe ) {
+ PR_snprintf ( errorbuf, SLAPI_DSE_RETURNTEXT_SIZE, "%s: invalid value \"%s\", connection table size must range from 1 to 0xfffffe", attrname, value );
retVal = LDAP_OPERATIONS_ERROR;
}
#elif !defined(AIX)
- if ( 0 == getrlimit( RLIMIT_NOFILE, &rlp ) ) {
- maxVal = (int)rlp.rlim_max;
- }
- if ( nValue < 1 || nValue > maxVal ) {
- PR_snprintf ( errorbuf, SLAPI_DSE_RETURNTEXT_SIZE, "%s: invalid value %d, connection table size must range from 1 to %d (the current process maxdescriptors limit)",
- attrname, nValue, maxVal );
- if ( nValue < 1 ) {
- retVal = LDAP_OPERATIONS_ERROR;
- } else {
- nValue = maxVal;
- retVal = LDAP_UNWILLING_TO_PERFORM;
- }
+ if ( *endp != '\0' || errno == ERANGE || nValue < 1 || nValue > maxVal ) {
+ PR_snprintf ( errorbuf, SLAPI_DSE_RETURNTEXT_SIZE, "%s: invalid value \"%s\", connection table size must range from 1 to %d"
+ " (the current process maxdescriptors limit)", attrname, value, maxVal );
+ if ( nValue > maxVal) {
+ nValue = maxVal;
+ retVal = LDAP_UNWILLING_TO_PERFORM;
+ } else {
+ retVal = LDAP_OPERATIONS_ERROR;
+ }
}
#endif
@@ -2431,18 +2533,38 @@
int
config_set_reservedescriptors( const char *attrname, char *value, char *errorbuf, int apply ) {
- int retVal = LDAP_SUCCESS, nValue = 0;
+ int retVal = LDAP_SUCCESS;
+ int maxVal = 65535;
+ long nValue = 0;
+ char *endp = NULL;
+#ifndef _WIN32
+ struct rlimit rlp;
+#endif
+
slapdFrontendConfig_t *slapdFrontendConfig = getFrontendConfig();
if ( config_value_is_null( attrname, value, errorbuf, 0 )) {
return LDAP_OPERATIONS_ERROR;
}
- nValue = atoi ( value );
+#ifndef _WIN32
+ if ( 0 == getrlimit( RLIMIT_NOFILE, &rlp ) ) {
+ maxVal = (int)rlp.rlim_max;
+ }
+#endif
+
+ errno = 0;
+ nValue = strtol(value, &endp, 10);
- if ( nValue < 1 || nValue > 65535 ) {
- PR_snprintf ( errorbuf, SLAPI_DSE_RETURNTEXT_SIZE, "%s: invalid value %d, reserved file descriptors must range from 1 to 65535", attrname, nValue );
- retVal = LDAP_OPERATIONS_ERROR;
+ if ( *endp != '\0' || errno == ERANGE || nValue < 1 || nValue > maxVal ) {
+ PR_snprintf ( errorbuf, SLAPI_DSE_RETURNTEXT_SIZE, "%s: invalid value \"%s\", reserved file descriptors must range from 1 to %d"
+ " (the current process maxdescriptors limit)", attrname, value, maxVal );
+ if ( nValue > maxVal) {
+ nValue = maxVal;
+ retVal = LDAP_UNWILLING_TO_PERFORM;
+ } else {
+ retVal = LDAP_OPERATIONS_ERROR;
+ }
}
if (apply) {
@@ -2458,14 +2580,25 @@
int
config_set_ioblocktimeout( const char *attrname, char *value, char *errorbuf, int apply ) {
- int retVal = LDAP_SUCCESS, nValue = 0;
+ int retVal = LDAP_SUCCESS;
+ long nValue = 0;
+ char *endp = NULL;
+
slapdFrontendConfig_t *slapdFrontendConfig = getFrontendConfig();
if ( config_value_is_null( attrname, value, errorbuf, 0 )) {
return LDAP_OPERATIONS_ERROR;
}
- nValue = atoi ( value );
+ errno = 0;
+ nValue = strtol(value, &endp, 10);
+
+ if ( *endp != '\0' || errno == ERANGE || nValue < 0 ) {
+ PR_snprintf ( errorbuf, SLAPI_DSE_RETURNTEXT_SIZE, "%s: invalid value \"%s\", I/O block timeout must range from 0 to %ld",
+ attrname, value, LONG_MAX );
+ retVal = LDAP_OPERATIONS_ERROR;
+ return retVal;
+ }
#if defined(IRIX)
/* on IRIX poll can only handle timeouts up to
@@ -2489,14 +2622,25 @@
int
config_set_idletimeout( const char *attrname, char *value, char *errorbuf, int apply ) {
- int retVal = LDAP_SUCCESS, nValue = 0;
+ int retVal = LDAP_SUCCESS;
+ long nValue = 0;
+ char *endp = NULL;
+
slapdFrontendConfig_t *slapdFrontendConfig = getFrontendConfig();
if ( config_value_is_null( attrname, value, errorbuf, 0 )) {
return LDAP_OPERATIONS_ERROR;
}
- nValue = atoi ( value );
+ errno = 0;
+ nValue = strtol(value, &endp, 10);
+
+ if (*endp != '\0' || errno == ERANGE || nValue < 0 ) {
+ PR_snprintf ( errorbuf, SLAPI_DSE_RETURNTEXT_SIZE, "%s: invalid value \"%s\", idle timeout must range from 0 to %ld",
+ attrname, value, LONG_MAX );
+ retVal = LDAP_OPERATIONS_ERROR;
+ return retVal;
+ }
if (apply) {
CFG_LOCK_WRITE(slapdFrontendConfig);
@@ -2511,19 +2655,25 @@
int
config_set_groupevalnestlevel( const char *attrname, char * value, char *errorbuf, int apply ) {
- int retVal = LDAP_SUCCESS, nValue = 0;
+ int retVal = LDAP_SUCCESS;
+ long nValue = 0;
+ char *endp = NULL;
+
slapdFrontendConfig_t *slapdFrontendConfig = getFrontendConfig();
if ( config_value_is_null( attrname, value, errorbuf, 0 )) {
return LDAP_OPERATIONS_ERROR;
}
- nValue = atoi ( value );
+ errno = 0;
+ nValue = strtol(value, &endp, 10);
- if ( nValue < 1 ) {
+ if ( *endp != '\0' || errno == ERANGE || nValue < 0 || nValue > 5 ) {
PR_snprintf ( errorbuf, SLAPI_DSE_RETURNTEXT_SIZE,
- "%s: invalid value %d, must be a positive number",
- attrname, nValue );
+ "%s: invalid value \"%s\", group eval nest level must range from 0 to 5",
+ attrname, value );
+ retVal = LDAP_OPERATIONS_ERROR;
+ return retVal;
}
if (apply) {
CFG_LOCK_WRITE(slapdFrontendConfig);
@@ -2571,7 +2721,9 @@
int
config_set_timelimit( const char *attrname, char *value, char *errorbuf, int apply ) {
- int retVal = LDAP_SUCCESS, nVal = 0;
+ int retVal = LDAP_SUCCESS;
+ long nVal = 0;
+ char *endp = NULL;
slapdFrontendConfig_t *slapdFrontendConfig = getFrontendConfig();
Slapi_Backend *be = NULL;
char *cookie;
@@ -2582,10 +2734,15 @@
return LDAP_OPERATIONS_ERROR;
}
- nVal = atoi(value);
- if ( nVal < 0 ) {
+ errno = 0;
+ nVal = strtol(value, &endp, 10);
+
+ if ( *endp != '\0' || errno == ERANGE || nVal < 0 ) {
PR_snprintf ( errorbuf, SLAPI_DSE_RETURNTEXT_SIZE,
- "%s: invalid value %d", attrname, nVal );
+ "%s: invalid value \"%s\", time limit must range from 0 to %ld",
+ attrname, value, LONG_MAX );
+ retVal = LDAP_OPERATIONS_ERROR;
+ return retVal;
}
if ( apply ) {
@@ -2699,22 +2856,27 @@
}
return retVal;
}
+
int
config_set_pw_maxage( const char *attrname, char *value, char *errorbuf, int apply ) {
int retVal = LDAP_SUCCESS;
long age;
+ char *endp = NULL;
+
slapdFrontendConfig_t *slapdFrontendConfig = getFrontendConfig();
if ( config_value_is_null( attrname, value, errorbuf, 1 )) {
return LDAP_OPERATIONS_ERROR;
}
+ errno = 0;
/* age in seconds */
- age = strtol(value, NULL, 0 );
- if ( age <= 0 || age > (MAX_ALLOWED_TIME_IN_SECS - current_time()) ) {
+ age = strtol(value, &endp, 10);
+
+ if ( *endp != '\0' || errno == ERANGE || age <= 0 || age > (MAX_ALLOWED_TIME_IN_SECS - current_time()) ) {
PR_snprintf ( errorbuf, SLAPI_DSE_RETURNTEXT_SIZE,
- "password maximum age \"%s\" seconds is invalid. ",
- value );
+ "%s: password maximum age \"%s\" seconds is invalid. ",
+ attrname, value );
retVal = LDAP_OPERATIONS_ERROR;
return retVal;
}
@@ -2736,6 +2898,7 @@
return LDAP_OPERATIONS_ERROR;
}
+ errno = 0;
/* age in seconds */
age = strtol(value, &endPtr, 0 );
/* endPtr should never be NULL, but we check just in case; if the
@@ -2750,10 +2913,11 @@
*/
if ( (age < 0) ||
(age > (MAX_ALLOWED_TIME_IN_SECS - current_time())) ||
- (endPtr == NULL) || (endPtr == value) || !isdigit(*(endPtr-1)) ) {
+ (endPtr == NULL) || (endPtr == value) || !isdigit(*(endPtr-1)) ||
+ errno == ERANGE ) {
PR_snprintf ( errorbuf, SLAPI_DSE_RETURNTEXT_SIZE,
- "password minimum age \"%s\" seconds is invalid. ",
- value );
+ "%s: password minimum age \"%s\" seconds is invalid. ",
+ attrname, value );
retVal = LDAP_OPERATIONS_ERROR;
return retVal;
}
@@ -2768,19 +2932,23 @@
config_set_pw_warning( const char *attrname, char *value, char *errorbuf, int apply ) {
int retVal = LDAP_SUCCESS;
long sec;
+ char *endp = NULL;
+
slapdFrontendConfig_t *slapdFrontendConfig = getFrontendConfig();
if ( config_value_is_null( attrname, value, errorbuf, 1 )) {
return LDAP_OPERATIONS_ERROR;
}
+ errno = 0;
/* in seconds */
- sec = strtol(value, NULL, 0);
- if (sec < 0) {
+ sec = strtol(value, &endp, 10);
+
+ if (*endp != '\0' || errno == ERANGE || sec < 0) {
PR_snprintf ( errorbuf, SLAPI_DSE_RETURNTEXT_SIZE,
- "password warning age \"%s\" seconds is invalid, password warning "
- "age must be >= 0 seconds",
- value );
+ "%s: password warning age \"%s\" seconds is invalid, password warning "
+ "age must range from 0 to %ld seconds",
+ attrname, value, LONG_MAX );
retVal = LDAP_OPERATIONS_ERROR;
return retVal;
}
@@ -2795,16 +2963,28 @@
int
config_set_errorlog_level( const char *attrname, char *value, char *errorbuf, int apply ) {
- int retVal = LDAP_SUCCESS, level = 0;
+ int retVal = LDAP_SUCCESS;
+ long level = 0;
+ char *endp = NULL;
+
slapdFrontendConfig_t *slapdFrontendConfig = getFrontendConfig();
if ( config_value_is_null( attrname, value, errorbuf, 1 )) {
return LDAP_OPERATIONS_ERROR;
}
+
+ errno = 0;
+ level = strtol(value, &endp, 10);
+
+ if ( *endp != '\0' || errno == ERANGE || level < 0 ) {
+ PR_snprintf ( errorbuf, SLAPI_DSE_RETURNTEXT_SIZE, "%s: error log level \"%s\" is invalid,"
+ " error log level must range from 0 to %ld", attrname, value, LONG_MAX );
+ retVal = LDAP_OPERATIONS_ERROR;
+ return retVal;
+ }
if ( apply ) {
CFG_LOCK_WRITE(slapdFrontendConfig);
- level = atoi ( value );
level |= LDAP_DEBUG_ANY;
#ifdef _WIN32
@@ -2821,16 +3001,28 @@
int
config_set_accesslog_level( const char *attrname, char *value, char *errorbuf, int apply ) {
- int retVal = LDAP_SUCCESS, level = 0;
+ int retVal = LDAP_SUCCESS;
+ long level = 0;
+ char *endp = NULL;
+
slapdFrontendConfig_t *slapdFrontendConfig = getFrontendConfig();
if ( config_value_is_null( attrname, value, errorbuf, 1 )) {
return LDAP_OPERATIONS_ERROR;
}
+
+ errno = 0;
+ level = strtol(value, &endp, 10);
+
+ if ( *endp != '\0' || errno == ERANGE || level < 0 ) {
+ PR_snprintf ( errorbuf, SLAPI_DSE_RETURNTEXT_SIZE, "%s: access log level \"%s\" is invalid,"
+ " access log level must range from 0 to %ld", attrname, value, LONG_MAX );
+ retVal = LDAP_OPERATIONS_ERROR;
+ return retVal;
+ }
if ( apply ) {
CFG_LOCK_WRITE(slapdFrontendConfig);
- level = atoi ( value );
g_set_accesslog_level ( level );
slapdFrontendConfig->accessloglevel = level;
CFG_UNLOCK_WRITE(slapdFrontendConfig);
18 years, 2 months
[Fedora-directory-commits] dsbuild/meta/ds Makefile,1.1.1.1,1.2
by Doctor Conrad
Author: rmeggins
Update of /cvs/dirsec/dsbuild/meta/ds
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv31137/dsbuild/meta/ds
Modified Files:
Makefile
Log Message:
upgrade to 1.0.2
Index: Makefile
===================================================================
RCS file: /cvs/dirsec/dsbuild/meta/ds/Makefile,v
retrieving revision 1.1.1.1
retrieving revision 1.2
diff -u -r1.1.1.1 -r1.2
--- Makefile 10 Feb 2006 15:28:54 -0000 1.1.1.1
+++ Makefile 14 Feb 2006 22:30:05 -0000 1.2
@@ -1,5 +1,5 @@
GARNAME = ds
-GARVERSION = 1
+GARVERSION = 1.0.2
CATEGORIES = meta
# assume that if someone defines DEBUG=1 they mean DEBUG=full
18 years, 2 months
[Fedora-directory-commits] dsbuild/ds/setuputil Makefile, 1.1.1.1, 1.2 checksums, 1.1.1.1, 1.2
by Doctor Conrad
Author: rmeggins
Update of /cvs/dirsec/dsbuild/ds/setuputil
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv31137/dsbuild/ds/setuputil
Modified Files:
Makefile checksums
Log Message:
upgrade to 1.0.2
Index: Makefile
===================================================================
RCS file: /cvs/dirsec/dsbuild/ds/setuputil/Makefile,v
retrieving revision 1.1.1.1
retrieving revision 1.2
diff -u -r1.1.1.1 -r1.2
--- Makefile 10 Feb 2006 15:28:53 -0000 1.1.1.1
+++ Makefile 14 Feb 2006 22:30:00 -0000 1.2
@@ -1,5 +1,5 @@
GARNAME = fedora-setuputil
-GARVERSION = 1.0
+GARVERSION = 1.0.2
CATEGORIES = ds
DISTFILES = $(GARNAME)-$(GARVERSION).tar.gz
PATCHFILES =
Index: checksums
===================================================================
RCS file: /cvs/dirsec/dsbuild/ds/setuputil/checksums,v
retrieving revision 1.1.1.1
retrieving revision 1.2
diff -u -r1.1.1.1 -r1.2
--- checksums 10 Feb 2006 15:28:53 -0000 1.1.1.1
+++ checksums 14 Feb 2006 22:30:00 -0000 1.2
@@ -1 +1,2 @@
6bc26ba2edee75c3c8d5bf9a21bda7b8 download/fedora-setuputil-1.0.tar.gz
+ad98662666e99bd737227ad6cf89abec download/fedora-setuputil-1.0.2.tar.gz
18 years, 2 months
[Fedora-directory-commits] dsbuild/ds/onlinehelp Makefile, 1.1.1.1, 1.2 checksums, 1.1.1.1, 1.2
by Doctor Conrad
Author: rmeggins
Update of /cvs/dirsec/dsbuild/ds/onlinehelp
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv31137/dsbuild/ds/onlinehelp
Modified Files:
Makefile checksums
Log Message:
upgrade to 1.0.2
Index: Makefile
===================================================================
RCS file: /cvs/dirsec/dsbuild/ds/onlinehelp/Makefile,v
retrieving revision 1.1.1.1
retrieving revision 1.2
diff -u -r1.1.1.1 -r1.2
--- Makefile 10 Feb 2006 15:28:53 -0000 1.1.1.1
+++ Makefile 14 Feb 2006 22:29:34 -0000 1.2
@@ -1,5 +1,5 @@
GARNAME = fedora-onlinehelp
-GARVERSION = 1.0
+GARVERSION = 1.0.2
CATEGORIES = ds
DISTFILES = $(GARNAME)-$(GARVERSION).tar.gz
PATCHFILES =
Index: checksums
===================================================================
RCS file: /cvs/dirsec/dsbuild/ds/onlinehelp/checksums,v
retrieving revision 1.1.1.1
retrieving revision 1.2
diff -u -r1.1.1.1 -r1.2
--- checksums 10 Feb 2006 15:28:53 -0000 1.1.1.1
+++ checksums 14 Feb 2006 22:29:34 -0000 1.2
@@ -1 +1,2 @@
cc8cece82f0dc4d3ff502129fdd590f6 download/fedora-onlinehelp-1.0.tar.gz
+bd3d02c50d88848551dfa24964cfcf92 download/fedora-onlinehelp-1.0.2.tar.gz
18 years, 2 months
[Fedora-directory-commits] dsbuild/ds/mozilla Makefile, 1.1.1.1, 1.2 checksums, 1.1.1.1, 1.2
by Doctor Conrad
Author: rmeggins
Update of /cvs/dirsec/dsbuild/ds/mozilla
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv31137/dsbuild/ds/mozilla
Modified Files:
Makefile checksums
Log Message:
upgrade to 1.0.2
Index: Makefile
===================================================================
RCS file: /cvs/dirsec/dsbuild/ds/mozilla/Makefile,v
retrieving revision 1.1.1.1
retrieving revision 1.2
diff -u -r1.1.1.1 -r1.2
--- Makefile 10 Feb 2006 15:28:54 -0000 1.1.1.1
+++ Makefile 14 Feb 2006 22:29:29 -0000 1.2
@@ -3,8 +3,9 @@
CATEGORIES = ds
# have the regular download rule download the patch rather than listing it in PATCHFILES
# this is so we can override the default patch rule
-MYPATCH = mozilla-gcc4.patch
-DISTFILES = mozilla-components-2.tar.gz $(MYPATCH)
+#MYPATCH = mozilla-gcc4.patch
+MYPATCH = sysfdtable.patch sysfdtable2.patch
+DISTFILES = mozilla-components-1.0.2.tar.gz $(MYPATCH)
PATCHFILES =
LIBDEPS =
@@ -16,7 +17,7 @@
INSTALL_SCRIPTS = custom
ifndef DEBUG
-OPTFLAG="BUILDOPT=1"
+OPTFLAG="BUILD_OPT=1"
CONFIGFLAG=--disable-debug --enable-optimize
else
CONFIGFLAG=--enable-debug --disable-optimize
@@ -24,22 +25,25 @@
# this is our "custom" patch target
post-patch:
+ifdef MYPATCH
cat $(addprefix download/,$(MYPATCH)) | ( cd work ; patch -p0 )
+endif
$(MAKECOOKIE)
configure-custom:
# remove the stupid mozilla- directory
rmdir $(WORKSRC)
- cd work/mozilla/directory/c-sdk && ./configure --with-nss $(CONFIGFLAG)
$(MAKECOOKIE)
build-custom:
cd work/mozilla/security/nss && $(MAKE) nss_build_all $(OPTFLAG)
cd work/mozilla/security/svrcore && $(MAKE) $(OPTFLAG)
+ cd work/mozilla/directory/c-sdk && ./configure --with-svrcore $(CONFIGFLAG)
cd work/mozilla/directory/c-sdk && $(MAKE) BUILDCLU=1 HAVE_SVRCORE=1 $(OPTFLAG)
# perldap uses MakeMaker, so lots of env. vars.
cd work/mozilla/directory/perldap && \
- LDAPSDKDIR=/opt/mozldap LDAPSDKSSL=yes NSPRDIR=`echo ../../dist/*.OBJ` perl Makefile.PL && $(MAKE)
+ LDAPSDKDIR=/opt/mozldap LDAPSDKSSL=yes NSPRDIR=`echo ../../dist/*.OBJ` perl Makefile.PL && \
+ $(MAKE) LD_RUN_PATH=/opt/fedora-ds/shared/lib
$(MAKECOOKIE)
Index: checksums
===================================================================
RCS file: /cvs/dirsec/dsbuild/ds/mozilla/checksums,v
retrieving revision 1.1.1.1
retrieving revision 1.2
diff -u -r1.1.1.1 -r1.2
--- checksums 10 Feb 2006 15:28:54 -0000 1.1.1.1
+++ checksums 14 Feb 2006 22:29:29 -0000 1.2
@@ -1,3 +1,6 @@
b93ea453da4e0510130649cf827108b1 download/mozilla-components.tar.gz
39bca53b30595c69fc64a6710dd3129e download/mozilla-components-2.tar.gz
a4c0724bc5b319ec7670da4cce93f920 download/mozilla-gcc4.patch
+f0d13d53c37adfe5312cf44d5d992042 download/sysfdtable.patch
+251df4db04cced3c22713c865289d471 download/sysfdtable2.patch
+931bc65330ad6d53aeb951e9d51a6a53 download/mozilla-components-1.0.2.tar.gz
18 years, 2 months
[Fedora-directory-commits] dsbuild/ds/mod_restartd Makefile, 1.1.1.1, 1.2 checksums, 1.1.1.1, 1.2
by Doctor Conrad
Author: rmeggins
Update of /cvs/dirsec/dsbuild/ds/mod_restartd
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv31137/dsbuild/ds/mod_restartd
Modified Files:
Makefile checksums
Log Message:
upgrade to 1.0.2
Index: Makefile
===================================================================
RCS file: /cvs/dirsec/dsbuild/ds/mod_restartd/Makefile,v
retrieving revision 1.1.1.1
retrieving revision 1.2
diff -u -r1.1.1.1 -r1.2
--- Makefile 10 Feb 2006 15:28:53 -0000 1.1.1.1
+++ Makefile 14 Feb 2006 22:29:23 -0000 1.2
@@ -1,7 +1,7 @@
include ../../objdirname.mk
GARNAME = mod_restartd
-GARVERSION = 1.0
+GARVERSION = 1.0.2
CATEGORIES = ds
DISTFILES = $(GARNAME)-$(GARVERSION).tar.gz
PATCHFILES =
@@ -41,7 +41,7 @@
CONFIGURE_ARGS = --with-apr-config
-ifdef DEBUG
+ifeq ($(DEBUG),full)
CONFIGURE_ENV = CFLAGS=-g
else
CONFIGURE_ENV = CFLAGS=-O2
Index: checksums
===================================================================
RCS file: /cvs/dirsec/dsbuild/ds/mod_restartd/checksums,v
retrieving revision 1.1.1.1
retrieving revision 1.2
diff -u -r1.1.1.1 -r1.2
--- checksums 10 Feb 2006 15:28:53 -0000 1.1.1.1
+++ checksums 14 Feb 2006 22:29:23 -0000 1.2
@@ -1 +1,2 @@
5d04f72e1b1287fde46213678d8f24de download/mod_restartd-1.0.tar.gz
+27121b306c0c777d7187223b4179c601 download/mod_restartd-1.0.2.tar.gz
18 years, 2 months
[Fedora-directory-commits] dsbuild/ds/mod_nss Makefile, 1.1.1.1, 1.2 checksums, 1.1.1.1, 1.2
by Doctor Conrad
Author: rmeggins
Update of /cvs/dirsec/dsbuild/ds/mod_nss
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv31137/dsbuild/ds/mod_nss
Modified Files:
Makefile checksums
Log Message:
upgrade to 1.0.2
Index: Makefile
===================================================================
RCS file: /cvs/dirsec/dsbuild/ds/mod_nss/Makefile,v
retrieving revision 1.1.1.1
retrieving revision 1.2
diff -u -r1.1.1.1 -r1.2
--- Makefile 10 Feb 2006 15:28:53 -0000 1.1.1.1
+++ Makefile 14 Feb 2006 22:29:18 -0000 1.2
@@ -1,7 +1,7 @@
include ../../objdirname.mk
GARNAME = mod_nss
-GARVERSION = 1.0
+GARVERSION = 1.0.2
CATEGORIES = ds
DISTFILES = $(GARNAME)-$(GARVERSION).tar.gz
PATCHFILES =
@@ -43,7 +43,7 @@
CONFIGURE_ARGS = --with-apr-config --with-nspr=$(MOZILLA_DIST)/$(MOZ_OBJDIR_NAME) --with-nss-inc=$(MOZILLA_DIST)/public/nss --with-nss-lib=$(MOZILLA_DIST)/$(MOZ_OBJDIR_NAME)/lib
-ifdef DEBUG
+ifeq ($(DEBUG),full)
CONFIGURE_ENV = CFLAGS=-g
else
CONFIGURE_ENV = CFLAGS=-O2
Index: checksums
===================================================================
RCS file: /cvs/dirsec/dsbuild/ds/mod_nss/checksums,v
retrieving revision 1.1.1.1
retrieving revision 1.2
diff -u -r1.1.1.1 -r1.2
--- checksums 10 Feb 2006 15:28:53 -0000 1.1.1.1
+++ checksums 14 Feb 2006 22:29:18 -0000 1.2
@@ -1 +1,2 @@
68bb2fcd01694538e384454ee4c8ae53 download/mod_nss-1.0.tar.gz
+59a6a6b2f17d2bf8f68a36d10ee378ba download/mod_nss-1.0.2.tar.gz
18 years, 2 months
[Fedora-directory-commits] dsbuild/ds/mod_admserv Makefile, 1.1.1.1, 1.2 checksums, 1.1.1.1, 1.2
by Doctor Conrad
Author: rmeggins
Update of /cvs/dirsec/dsbuild/ds/mod_admserv
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv31137/dsbuild/ds/mod_admserv
Modified Files:
Makefile checksums
Log Message:
upgrade to 1.0.2
Index: Makefile
===================================================================
RCS file: /cvs/dirsec/dsbuild/ds/mod_admserv/Makefile,v
retrieving revision 1.1.1.1
retrieving revision 1.2
diff -u -r1.1.1.1 -r1.2
--- Makefile 10 Feb 2006 15:28:54 -0000 1.1.1.1
+++ Makefile 14 Feb 2006 22:29:12 -0000 1.2
@@ -1,7 +1,7 @@
include ../../objdirname.mk
GARNAME = mod_admserv
-GARVERSION = 1.0
+GARVERSION = 1.0.2
CATEGORIES = ds
DISTFILES = $(GARNAME)-$(GARVERSION).tar.gz
PATCHFILES =
@@ -12,7 +12,7 @@
MOZILLA_DIST = $(ABS_GARDIR)/$(CATEGORIES)/mozilla/work/mozilla/dist
-ADMINUTIL = $(ABS_GARDIR)/$(CATEGORIES)/adminutil/work/fedora-adminutil-1.0/built/adminutil/$(OBJDIR_NAME)
+ADMINUTIL = $(ABS_GARDIR)/$(CATEGORIES)/adminutil/work/fedora-adminutil-1.0.2/built/adminutil/$(OBJDIR_NAME)
INSTALL_SCRIPTS = custom
@@ -47,7 +47,7 @@
CONFIGURE_ARGS = --with-apr-config --with-nspr=$(MOZILLA_DIST)/$(MOZ_OBJDIR_NAME) --with-nss-inc=$(MOZILLA_DIST)/public/nss --with-nss-lib=$(MOZILLA_DIST)/$(MOZ_OBJDIR_NAME)/lib --with-ldapsdk-inc=$(MOZILLA_DIST)/public/ldap --with-ldapsdk-lib=$(MOZILLA_DIST)/lib --with-adminutil=$(ADMINUTIL)
-ifdef DEBUG
+ifeq ($(DEBUG),full)
CONFIGURE_ENV = CFLAGS=-g
else
CONFIGURE_ENV = CFLAGS=-O2
Index: checksums
===================================================================
RCS file: /cvs/dirsec/dsbuild/ds/mod_admserv/checksums,v
retrieving revision 1.1.1.1
retrieving revision 1.2
diff -u -r1.1.1.1 -r1.2
--- checksums 10 Feb 2006 15:28:53 -0000 1.1.1.1
+++ checksums 14 Feb 2006 22:29:12 -0000 1.2
@@ -1 +1,2 @@
a2615e7a400d10e6ec41565748decd3b download/mod_admserv-1.0.tar.gz
+51e4a305687b48820bc8e02a28eb8fb7 download/mod_admserv-1.0.2.tar.gz
18 years, 2 months