[Fedora-directory-commits] ldapserver/ldap/servers/slapd/back-ldbm dn2entry.c, 1.4, 1.5
by Doctor Conrad
Author: rmeggins
Update of /cvs/dirsec/ldapserver/ldap/servers/slapd/back-ldbm
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv4939/ldapserver/ldap/servers/slapd/back-ldbm
Modified Files:
dn2entry.c
Log Message:
Bug(s) fixed: 179137
Bug Description: recursion causes OOM with bad DN in dn2ancestor
Reviewed by: All (Thanks!)
Fix Description:
The fix looks scary, but I thought it would be best to get rid of
recursion entirely (ugh - recursion in a multi threaded server - this
isn't lisp . . .). Along with eliminating recursion, I created a new
function called slapi_dn_find_parent that just returns a pointer to the
beginning of the parent of the given dn, rather than returning a copy
(as in slapi_dn_parent), to eliminate malloc/free in cases where it is
unnecessary such as iterating through the parents in an DN. The new
function is basically just the guts of slapi_dn_parent with one twist,
specifically to address the bug in question - it skips through
consecutive runs of DN separator characters. We should probably have a
function like const char *slapi_dn_is_valid(const char *) that returns
NULL if the given DN is valid or returns a pointer to the first invalid
character if not. We could probably save a lot of time in processing
bad or malicious client requests.
Anyway, back to dn2ancestor. The given ancestordn must contain the
_unnormalized_ parent DN, since some clients get irritated when they get
back an DN in a different form than given. However, we need to have a
normalized DN to pass to dn2entry, and we cannot use a single Slapi_DN
that has both a dn and a ndn that are passed in byval (unless we add a
new API or skip the API altogether), so the variable ancestorndn holds
the normalized DN. Using the original pointer to the given sdn also
allows us to avoid malloc/free entirely.
Platforms tested: Fedora Core 4
Flag Day: no
Doc impact: no
QA impact: should be covered by regular nightly and manual testing
New Tests integrated into TET: We need a test case that calls moddn and
modify operations with really bad DNs, consisting of nothing but
thousands of ',', '+', and '=' chars.
Index: dn2entry.c
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/back-ldbm/dn2entry.c,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -r1.4 -r1.5
--- dn2entry.c 19 Apr 2005 22:07:38 -0000 1.4
+++ dn2entry.c 23 Feb 2006 20:48:05 -0000 1.5
@@ -109,58 +109,12 @@
}
/*
- * dn2entry_or_ancestor - look up dn in the cache/indexes and return the
- * corresponding entry. If the entry is not found, this function returns NULL
- * and sets ancestordn to the DN of highest entry in the tree matched.
- *
- * ancestordn should be initialized before calling this function.
- *
- * When the caller is finished with the entry returned, it should return it
- * to the cache:
- * e = dn2entry_or_ancestor( ... );
- * if ( NULL != e ) {
- * cache_return( &inst->inst_cache, &e );
- * }
- */
-struct backentry *
-dn2entry_or_ancestor(
- Slapi_Backend *be,
- const Slapi_DN *sdn,
- Slapi_DN *ancestordn,
- back_txn *txn,
- int *err
-)
-{
- struct backentry *e;
-
- LDAPDebug( LDAP_DEBUG_TRACE, "=> dn2entry_or_ancestor \"%s\"\n", slapi_sdn_get_dn(sdn), 0, 0 );
-
- /*
- * Fetch the entry asked for.
- */
-
- e= dn2entry(be,sdn,txn,err);
-
- if(e==NULL)
- {
- /*
- * could not find the entry named. crawl back up the dn and
- * stop at the first ancestor that does exist, or when we get
- * to the suffix.
- */
- e= dn2ancestor(be,sdn,ancestordn,txn,err);
- }
-
- LDAPDebug( LDAP_DEBUG_TRACE, "<= dn2entry_or_ancestor %p\n", e, 0, 0 );
- return( e );
-}
-
-/*
* Use the DN to fetch the parent of the entry.
* If the parent entry doesn't exist, keep working
* up the DN until we hit "" or an backend suffix.
*
- * ancestordn should be initialized before calling this function.
+ * ancestordn should be initialized before calling this function, and
+ * should be empty
*
* Returns NULL for no entry found.
*
@@ -184,18 +138,64 @@
LDAPDebug( LDAP_DEBUG_TRACE, "=> dn2ancestor \"%s\"\n", slapi_sdn_get_dn(sdn), 0, 0 );
- /* stop when we get to "", or a backend suffix point */
- slapi_sdn_done(ancestordn); /* free any previous contents */
- slapi_sdn_get_backend_parent(sdn,ancestordn,be);
- if ( !slapi_sdn_isempty(ancestordn) )
- {
- Slapi_DN *newsdn = slapi_sdn_dup(ancestordn);
- e = dn2entry_or_ancestor( be, newsdn, ancestordn, txn, err );
- slapi_sdn_free(&newsdn);
- }
-
- LDAPDebug( LDAP_DEBUG_TRACE, "<= dn2ancestor %p\n", e, 0, 0 );
- return( e );
+ /* first, check to see if the given sdn is empty or a root suffix of the
+ given backend - if so, it has no parent */
+ if (!slapi_sdn_isempty(sdn) && !slapi_be_issuffix( be, sdn )) {
+ Slapi_DN ancestorndn;
+ const char *ptr;
+
+ /* assign ancestordn to the parent of the given dn - ancestordn will contain
+ the "raw" unnormalized DN from the caller, so we can give back the DN
+ in the same format as we received it */
+ ptr = slapi_dn_find_parent(slapi_sdn_get_dn(sdn));
+ /* assign the ancestordn dn pointer to the parent of dn from sdn - sdn "owns"
+ the memory, but ancestordn points to it */
+ slapi_sdn_set_dn_byref(ancestordn, ptr); /* free any previous contents */
+ /* now, do the same for the normalized version */
+ /* ancestorndn holds the normalized version for iteration purposes and
+ because dn2entry needs the normalized dn */
+ ptr = slapi_dn_find_parent(slapi_sdn_get_ndn(sdn));
+ slapi_sdn_init_ndn_byref(&ancestorndn, ptr);
+
+ /*
+ At this point you may be wondering why I need both ancestorndn and
+ ancestordn. Because, with the slapi_sdn interface, you cannot set both
+ the dn and ndn byref at the same time. Whenever you call set_dn or set_ndn,
+ it calls slapi_sdn_done which wipes out the previous contents. I suppose I
+ could have added another API to allow you to pass them both in. Also, using
+ slapi_sdn_get_ndn(ancestordn) every time would result in making a copy then
+ normalizing the copy every time - not efficient.
+ So, why not just use a char* for the ancestorndn? Because dn2entry requires
+ a Slapi_DN with the normalized dn.
+ */
+
+ /* stop when we get to "", or a backend suffix point */
+ while (!e && !slapi_sdn_isempty(&ancestorndn) && !slapi_be_issuffix( be, &ancestorndn )) {
+ /* find the entry - it uses the ndn, so no further conversion is necessary */
+ e= dn2entry(be,&ancestorndn,txn,err);
+ if (!e) {
+ /* not found, so set ancestordn to its parent and try again */
+ ptr = slapi_dn_find_parent(slapi_sdn_get_ndn(&ancestorndn));
+ /* keep in mind that ptr points to the raw ndn pointer inside
+ ancestorndn which is still the ndn string "owned" by sdn, the
+ original dn we started with - we are careful not to touch
+ or change it */
+ slapi_sdn_set_ndn_byref(&ancestorndn, ptr); /* wipe out the previous contents */
+ /* now do the same for the unnormalized one */
+ ptr = slapi_dn_find_parent(slapi_sdn_get_dn(ancestordn));
+ slapi_sdn_set_dn_byref(ancestordn, ptr); /* wipe out the previous contents */
+ }
+ }
+
+ slapi_sdn_done(&ancestorndn);
+ }
+
+ /* post conditions:
+ e is the entry of the ancestor of sdn OR e is the suffix entry
+ OR e is NULL
+ ancestordn contains the unnormalized DN of e or is empty */
+ LDAPDebug( LDAP_DEBUG_TRACE, "<= dn2ancestor %p\n", e, 0, 0 );
+ return( e );
}
/*
18 years, 1 month
[Fedora-directory-commits] ldapserver/ldap/servers/slapd dn.c, 1.7, 1.8 slapi-plugin.h, 1.8, 1.9
by Doctor Conrad
Author: rmeggins
Update of /cvs/dirsec/ldapserver/ldap/servers/slapd
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv4939/ldapserver/ldap/servers/slapd
Modified Files:
dn.c slapi-plugin.h
Log Message:
Bug(s) fixed: 179137
Bug Description: recursion causes OOM with bad DN in dn2ancestor
Reviewed by: All (Thanks!)
Fix Description:
The fix looks scary, but I thought it would be best to get rid of
recursion entirely (ugh - recursion in a multi threaded server - this
isn't lisp . . .). Along with eliminating recursion, I created a new
function called slapi_dn_find_parent that just returns a pointer to the
beginning of the parent of the given dn, rather than returning a copy
(as in slapi_dn_parent), to eliminate malloc/free in cases where it is
unnecessary such as iterating through the parents in an DN. The new
function is basically just the guts of slapi_dn_parent with one twist,
specifically to address the bug in question - it skips through
consecutive runs of DN separator characters. We should probably have a
function like const char *slapi_dn_is_valid(const char *) that returns
NULL if the given DN is valid or returns a pointer to the first invalid
character if not. We could probably save a lot of time in processing
bad or malicious client requests.
Anyway, back to dn2ancestor. The given ancestordn must contain the
_unnormalized_ parent DN, since some clients get irritated when they get
back an DN in a different form than given. However, we need to have a
normalized DN to pass to dn2entry, and we cannot use a single Slapi_DN
that has both a dn and a ndn that are passed in byval (unless we add a
new API or skip the API altogether), so the variable ancestorndn holds
the normalized DN. Using the original pointer to the given sdn also
allows us to avoid malloc/free entirely.
Platforms tested: Fedora Core 4
Flag Day: no
Doc impact: no
QA impact: should be covered by regular nightly and manual testing
New Tests integrated into TET: We need a test case that calls moddn and
modify operations with really bad DNs, consisting of nothing but
thousands of ',', '+', and '=' chars.
Index: dn.c
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/dn.c,v
retrieving revision 1.7
retrieving revision 1.8
diff -u -r1.7 -r1.8
--- dn.c 8 Dec 2005 00:59:14 -0000 1.7
+++ dn.c 23 Feb 2006 20:47:59 -0000 1.8
@@ -593,8 +593,26 @@
return r;
}
-char*
-slapi_dn_parent( const char *dn )
+/*
+ * This function is used for speed. Instead of returning a newly allocated
+ * dn string that contains the parent, this function just returns a pointer
+ * to the address _within_ the given string where the parent dn of the
+ * given dn starts e.g. if you call this with "dc=example,dc=com", the
+ * function will return "dc=com" - that is, the char* returned will be the
+ * address of the 'd' after the ',' in "dc=example,dc=com". This function
+ * also checks for bogus things like consecutive ocurrances of unquoted
+ * separators e.g. DNs like cn=foo,,,,,,,,,,,cn=bar,,,,,,,
+ * This function is useful for "interating" over a DN returning the ancestors
+ * of the given dn e.g.
+ *
+ * const char *dn = somedn;
+ * while (dn = slapi_dn_find_parent(dn)) {
+ * see if parent exists
+ * etc.
+ * }
+ */
+const char*
+slapi_dn_find_parent( const char *dn )
{
const char *s;
int inquote;
@@ -621,14 +639,34 @@
} else {
if ( *s == '"' )
inquote = 1;
- else if ( DNSEPARATOR( *s ) )
- return( slapi_ch_strdup( s + 1 ) );
+ else {
+ if ( DNSEPARATOR( *s ) ) {
+ while ( *s && DNSEPARATOR( *s ) ) {
+ ++s;
+ }
+ if (*s) {
+ return( s );
+ }
+ }
+ }
}
}
return( NULL );
}
+char*
+slapi_dn_parent( const char *dn )
+{
+ const char *s = slapi_dn_find_parent(dn);
+
+ if ( s == NULL || *s == '\0' ) {
+ return( NULL );
+ }
+
+ return( slapi_ch_strdup( s ) );
+}
+
/*
* slapi_dn_issuffix - tells whether suffix is a suffix of dn. both dn
* and suffix must be normalized.
Index: slapi-plugin.h
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/slapi-plugin.h,v
retrieving revision 1.8
retrieving revision 1.9
diff -u -r1.8 -r1.9
--- slapi-plugin.h 19 Apr 2005 22:07:37 -0000 1.8
+++ slapi-plugin.h 23 Feb 2006 20:47:59 -0000 1.9
@@ -362,6 +362,7 @@
char *slapi_dn_ignore_case( char *dn );
char *slapi_dn_normalize_case( char *dn );
char *slapi_dn_beparent( Slapi_PBlock *pb, const char *dn );
+const char *slapi_dn_find_parent( const char *dn );
char *slapi_dn_parent( const char *dn );
int slapi_dn_issuffix( const char *dn, const char *suffix );
int slapi_dn_isparent( const char *parentdn, const char *childdn );
18 years, 1 month
[Fedora-directory-commits] ldapserver/ldap/servers/slapd/back-ldbm sort.c, 1.5, 1.6
by Doctor Conrad
Author: rmeggins
Update of /cvs/dirsec/ldapserver/ldap/servers/slapd/back-ldbm
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv4860/ldapserver/ldap/servers/slapd/back-ldbm
Modified Files:
sort.c
Log Message:
Bug(s) fixed: 179135
Bug Description: memory leaks using ber_scanf when handling bad BER packets
Reviewed by: All (Thanks!)
Files: https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=123783
Branch: HEAD
Fix Description:
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=179135#c0
I basically did a search through our code for all calls to ber_scanf,
ber_get_stringa, and ber_get_stringal and made sure we properly free any
arguments that may have been allocated. There was a bug in the ldapsdk
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=179135 that causes
us to free uninitialized memory when trying to clean up the result of
ber_get_stringal (or ber_scanf with 'V'). I had to initialize some
variables to NULL so that we could properly clean them up, and added
some additional clean ups that were missing. Also, in repl_extop.c, we
were calling free on an array that we should have been calling
ch_array_free on. Yet another lesson in the evils of slapi_ch_free and
disabling compiler type checks in general.
Platforms tested: Fedora Core 4
Flag Day: no
Doc impact: no
Index: sort.c
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/back-ldbm/sort.c,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- sort.c 19 Apr 2005 22:07:38 -0000 1.5
+++ sort.c 23 Feb 2006 20:45:22 -0000 1.6
@@ -384,6 +384,7 @@
return_value = ber_scanf(ber,"a",&rtype);
if (LBER_ERROR == return_value) {
+ slapi_ch_free_string(&rtype);
rc = LDAP_PROTOCOL_ERROR;
goto err;
}
18 years, 1 month
[Fedora-directory-commits] ldapserver/ldap/servers/slapd add.c, 1.5, 1.6 ava.c, 1.4, 1.5 bind.c, 1.6, 1.7 compare.c, 1.4, 1.5 delete.c, 1.4, 1.5 filter.c, 1.5, 1.6 modify.c, 1.8, 1.9 modrdn.c, 1.4, 1.5
by Doctor Conrad
Author: rmeggins
Update of /cvs/dirsec/ldapserver/ldap/servers/slapd
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv4860/ldapserver/ldap/servers/slapd
Modified Files:
add.c ava.c bind.c compare.c delete.c filter.c modify.c
modrdn.c
Log Message:
Bug(s) fixed: 179135
Bug Description: memory leaks using ber_scanf when handling bad BER packets
Reviewed by: All (Thanks!)
Files: https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=123783
Branch: HEAD
Fix Description:
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=179135#c0
I basically did a search through our code for all calls to ber_scanf,
ber_get_stringa, and ber_get_stringal and made sure we properly free any
arguments that may have been allocated. There was a bug in the ldapsdk
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=179135 that causes
us to free uninitialized memory when trying to clean up the result of
ber_get_stringal (or ber_scanf with 'V'). I had to initialize some
variables to NULL so that we could properly clean them up, and added
some additional clean ups that were missing. Also, in repl_extop.c, we
were calling free on an array that we should have been calling
ch_array_free on. Yet another lesson in the evils of slapi_ch_free and
disabling compiler type checks in general.
Platforms tested: Fedora Core 4
Flag Day: no
Doc impact: no
Index: add.c
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/add.c,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- add.c 19 Apr 2005 22:07:36 -0000 1.5
+++ add.c 23 Feb 2006 20:45:16 -0000 1.6
@@ -102,8 +102,9 @@
*/
/* get the name */
{
- char *dn;
+ char *dn = NULL;
if ( ber_scanf( ber, "{a", &dn ) == LBER_ERROR ) {
+ slapi_ch_free_string(&dn);
LDAPDebug( LDAP_DEBUG_ANY,
"ber_scanf failed (op=Add; params=DN)\n", 0, 0, 0 );
op_shared_log_error_access (pb, "ADD", "???", "decoding error");
@@ -121,11 +122,13 @@
tag != LBER_DEFAULT && tag != LBER_END_OF_SEQORSET;
tag = ber_next_element( ber, &len, last ) ) {
char *type = NULL, *normtype = NULL;
- struct berval **vals;
+ struct berval **vals = NULL;
if ( ber_scanf( ber, "{a{V}}", &type, &vals ) == LBER_ERROR ) {
op_shared_log_error_access (pb, "ADD", slapi_sdn_get_dn (slapi_entry_get_sdn_const(e)), "decoding error");
send_ldap_result( pb, LDAP_PROTOCOL_ERROR, NULL,
"decoding error", 0, NULL );
+ slapi_ch_free_string(&type);
+ ber_bvecfree( vals );
goto free_and_return;
}
@@ -134,7 +137,7 @@
op_shared_log_error_access (pb, "ADD", slapi_sdn_get_dn (slapi_entry_get_sdn_const(e)), "null value");
send_ldap_result( pb, LDAP_PROTOCOL_ERROR, NULL, NULL,
0, NULL );
- free( type );
+ slapi_ch_free_string(&type);
goto free_and_return;
}
@@ -144,7 +147,7 @@
PR_snprintf (ebuf, BUFSIZ, "invalid type '%s'", type);
op_shared_log_error_access (pb, "ADD", slapi_sdn_get_dn (slapi_entry_get_sdn_const(e)), ebuf);
send_ldap_result( pb, rc, NULL, ebuf, 0, NULL );
- free( type );
+ slapi_ch_free_string(&type);
slapi_ch_free( (void**)&normtype );
ber_bvecfree( vals );
goto free_and_return;
Index: ava.c
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/ava.c,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -r1.4 -r1.5
--- ava.c 19 Apr 2005 22:07:36 -0000 1.4
+++ ava.c 23 Feb 2006 20:45:16 -0000 1.5
@@ -53,10 +53,12 @@
struct ava *ava
)
{
- char *type;
+ char *type = NULL;
if ( ber_scanf( ber, "{ao}", &type, &ava->ava_value )
== LBER_ERROR ) {
+ slapi_ch_free_string(&type);
+ ava_done(ava);
LDAPDebug( LDAP_DEBUG_ANY, " get_ava ber_scanf\n", 0, 0, 0 );
return( LDAP_PROTOCOL_ERROR );
}
Index: bind.c
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/bind.c,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- bind.c 19 Apr 2005 22:07:36 -0000 1.6
+++ bind.c 23 Feb 2006 20:45:16 -0000 1.7
@@ -111,7 +111,7 @@
long ber_version = -1;
int auth_response_requested = 0;
int pw_response_requested = 0;
- char *dn, *saslmech = NULL;
+ char *dn = NULL, *saslmech = NULL;
struct berval cred = {0};
Slapi_Backend *be = NULL;
unsigned long rc;
@@ -154,6 +154,7 @@
log_bind_access (pb, "???", method, version, saslmech, "decoding error");
send_ldap_result( pb, LDAP_PROTOCOL_ERROR, NULL,
"decoding error", 0, NULL );
+ slapi_ch_free_string(&dn);
return;
}
Index: compare.c
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/compare.c,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -r1.4 -r1.5
--- compare.c 19 Apr 2005 22:07:36 -0000 1.4
+++ compare.c 23 Feb 2006 20:45:16 -0000 1.5
@@ -60,13 +60,13 @@
do_compare( Slapi_PBlock *pb )
{
BerElement *ber = pb->pb_op->o_ber;
- char *dn;
- struct ava ava;
+ char *dn = NULL;
+ struct ava ava = {0};
Slapi_Backend *be = NULL;
int err;
char ebuf[ BUFSIZ ];
Slapi_DN sdn;
- Slapi_Entry *referral;
+ Slapi_Entry *referral = NULL;
char errorbuf[BUFSIZ];
LDAPDebug( LDAP_DEBUG_TRACE, "do_compare\n", 0, 0, 0 );
@@ -74,6 +74,9 @@
/* count the compare request */
PR_AtomicIncrement(g_get_global_snmp_vars()->ops_tbl.dsCompareOps);
+ /* have to init this here so we can "done" it below if we short circuit */
+ slapi_sdn_init(&sdn);
+
/*
* Parse the compare request. It looks like this:
*
@@ -86,7 +89,6 @@
* }
*/
-
if ( ber_scanf( ber, "{a{ao}}", &dn, &ava.ava_type,
&ava.ava_value ) == LBER_ERROR ) {
LDAPDebug( LDAP_DEBUG_ANY,
@@ -94,7 +96,7 @@
0, 0, 0 );
send_ldap_result( pb, LDAP_PROTOCOL_ERROR, NULL, NULL, 0,
NULL );
- return;
+ goto free_and_return;
}
/*
* in LDAPv3 there can be optional control extensions on
@@ -106,6 +108,7 @@
goto free_and_return;
}
slapi_sdn_init_dn_passin(&sdn,dn);
+ dn = NULL; /* do not free - sdn owns it now */
/* target spec is used to decide which plugins are applicable for the operation */
operation_set_target_spec (pb->pb_op, &sdn);
@@ -181,5 +184,6 @@
if (be)
slapi_be_Unlock(be);
slapi_sdn_done(&sdn);
+ slapi_ch_free_string(&dn);
ava_done( &ava );
}
Index: delete.c
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/delete.c,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -r1.4 -r1.5
--- delete.c 19 Apr 2005 22:07:36 -0000 1.4
+++ delete.c 23 Feb 2006 20:45:16 -0000 1.5
@@ -66,7 +66,7 @@
{
Slapi_Operation *operation;
BerElement *ber;
- char *dn;
+ char *dn = NULL;
int err;
LDAPDebug( LDAP_DEBUG_TRACE, "do_delete\n", 0, 0, 0 );
@@ -89,7 +89,7 @@
op_shared_log_error_access (pb, "DEL", "???", "decoding error");
send_ldap_result( pb, LDAP_PROTOCOL_ERROR, NULL, NULL, 0,
NULL );
- return;
+ goto free_and_return;
}
/*
Index: filter.c
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/filter.c,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- filter.c 19 Apr 2005 22:07:36 -0000 1.5
+++ filter.c 23 Feb 2006 20:45:16 -0000 1.6
@@ -175,7 +175,7 @@
unsigned long len;
int err;
struct slapi_filter *f;
- char *ftmp, *type;
+ char *ftmp, *type = NULL;
LDAPDebug( LDAP_DEBUG_FILTER, "=> get_filter_internal\n", 0, 0, 0 );
@@ -293,6 +293,7 @@
case LDAP_FILTER_PRESENT:
LDAPDebug( LDAP_DEBUG_FILTER, "PRESENT\n", 0, 0, 0 );
if ( ber_scanf( ber, "a", &type ) == LBER_ERROR ) {
+ slapi_ch_free_string(&type);
err = LDAP_PROTOCOL_ERROR;
} else {
err = LDAP_SUCCESS;
@@ -440,12 +441,13 @@
)
{
unsigned long tag, len, rc;
- char *val, *last, *type;
+ char *val, *last, *type = NULL;
char ebuf[BUFSIZ];
LDAPDebug( LDAP_DEBUG_FILTER, "=> get_substring_filter\n", 0, 0, 0 );
if ( ber_scanf( ber, "{a", &type ) == LBER_ERROR ) {
+ slapi_ch_free_string(&type);
return( LDAP_PROTOCOL_ERROR );
}
f->f_sub_type = slapi_attr_syntax_normalize( type );
@@ -460,8 +462,10 @@
tag != LBER_ERROR && tag != LBER_END_OF_SEQORSET;
tag = ber_next_element( ber, &len, last ) )
{
+ val = NULL;
rc = ber_scanf( ber, "a", &val );
if ( rc == LBER_ERROR ) {
+ slapi_ch_free_string(&val);
return( LDAP_PROTOCOL_ERROR );
}
if ( val == NULL || *val == '\0' ) {
@@ -573,8 +577,9 @@
}
}
{
- char* type;
+ char* type = NULL;
if (ber_scanf( ber, "a", &type ) == LBER_ERROR) {
+ slapi_ch_free_string (&type);
rc = LDAP_PROTOCOL_ERROR;
} else {
mrf->mrf_type = slapi_attr_syntax_normalize(type);
Index: modify.c
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/modify.c,v
retrieving revision 1.8
retrieving revision 1.9
diff -u -r1.8 -r1.9
--- modify.c 25 Jan 2006 16:51:39 -0000 1.8
+++ modify.c 23 Feb 2006 20:45:16 -0000 1.9
@@ -114,7 +114,7 @@
{
Slapi_Operation *operation;
BerElement *ber;
- char *last, *type;
+ char *last, *type = NULL;
unsigned long tag, len;
LDAPMod *mod;
LDAPMod **mods;
@@ -124,7 +124,7 @@
int ignored_some_mods = 0;
int has_password_mod = 0; /* number of password mods */
char *old_pw = NULL; /* remember the old password */
- char *dn;
+ char *dn = NULL;
LDAPDebug( LDAP_DEBUG_TRACE, "do_modify\n", 0, 0, 0 );
@@ -161,6 +161,7 @@
op_shared_log_error_access (pb, "MOD", "???", "decoding error");
send_ldap_result( pb, LDAP_PROTOCOL_ERROR, NULL, NULL, 0,
NULL );
+ slapi_ch_free_string(&dn);
return;
}
}
@@ -186,7 +187,9 @@
op_shared_log_error_access (pb, "MOD", dn, "decoding error");
send_ldap_result( pb, LDAP_PROTOCOL_ERROR, NULL,
"decoding error", 0, NULL );
+ ber_bvecfree(mod->mod_bvalues);
slapi_ch_free((void **)&mod);
+ slapi_ch_free_string(&type);
goto free_and_return;
}
mod->mod_op = long_mod_op;
Index: modrdn.c
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/modrdn.c,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -r1.4 -r1.5
--- modrdn.c 19 Apr 2005 22:07:36 -0000 1.4
+++ modrdn.c 23 Feb 2006 20:45:16 -0000 1.5
@@ -66,10 +66,10 @@
{
Slapi_Operation *operation;
BerElement *ber;
- char *dn, *newsuperior = NULL;
+ char *dn = NULL, *newsuperior = NULL;
char *newrdn = NULL;
- int err, deloldrdn;
- unsigned long len;
+ int err = 0, deloldrdn = 0;
+ unsigned long len = 0;
LDAPDebug( LDAP_DEBUG_TRACE, "do_modrdn\n", 0, 0, 0 );
@@ -99,7 +99,7 @@
send_ldap_result( pb, LDAP_PROTOCOL_ERROR, NULL,
"unable to decode DN, newRDN, or deleteOldRDN parameters",
0, NULL );
- return;
+ goto free_and_return;
}
if ( ber_peek_tag( ber, &len ) == LDAP_TAG_NEWSUPERIOR ) {
18 years, 1 month
[Fedora-directory-commits] ldapserver/ldap/servers/plugins/replication repl5_total.c, 1.5, 1.6 repl_controls.c, 1.5, 1.6 repl_extop.c, 1.7, 1.8
by Doctor Conrad
Author: rmeggins
Update of /cvs/dirsec/ldapserver/ldap/servers/plugins/replication
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv4860/ldapserver/ldap/servers/plugins/replication
Modified Files:
repl5_total.c repl_controls.c repl_extop.c
Log Message:
Bug(s) fixed: 179135
Bug Description: memory leaks using ber_scanf when handling bad BER packets
Reviewed by: All (Thanks!)
Files: https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=123783
Branch: HEAD
Fix Description:
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=179135#c0
I basically did a search through our code for all calls to ber_scanf,
ber_get_stringa, and ber_get_stringal and made sure we properly free any
arguments that may have been allocated. There was a bug in the ldapsdk
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=179135 that causes
us to free uninitialized memory when trying to clean up the result of
ber_get_stringal (or ber_scanf with 'V'). I had to initialize some
variables to NULL so that we could properly clean them up, and added
some additional clean ups that were missing. Also, in repl_extop.c, we
were calling free on an array that we should have been calling
ch_array_free on. Yet another lesson in the evils of slapi_ch_free and
disabling compiler type checks in general.
Platforms tested: Fedora Core 4
Flag Day: no
Doc impact: no
Index: repl5_total.c
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/servers/plugins/replication/repl5_total.c,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- repl5_total.c 19 Apr 2005 22:07:32 -0000 1.5
+++ repl5_total.c 23 Feb 2006 20:45:09 -0000 1.6
@@ -585,7 +585,7 @@
char *lasti;
unsigned long len;
unsigned long tag;
- char *str;
+ char *str = NULL;
int rc;
Slapi_Value *value;
@@ -685,6 +685,9 @@
if (value)
slapi_value_free (&value);
+ slapi_ch_free_string(&attrtype);
+ slapi_ch_free_string(&str);
+
return -1;
}
Index: repl_controls.c
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/servers/plugins/replication/repl_controls.c,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- repl_controls.c 19 Apr 2005 22:07:32 -0000 1.5
+++ repl_controls.c 23 Feb 2006 20:45:10 -0000 1.6
@@ -349,15 +349,15 @@
emtag != LBER_ERROR && emtag != LBER_END_OF_SEQORSET;
emtag = ber_next_element( ember, &emlen, emlast ))
{
- struct berval **embvals;
- if ( ber_scanf( ember, "{i{a[V]}}", &op, &type, &embvals ) == LBER_ERROR )
+ struct berval **embvals = NULL;
+ type = NULL;
+ if ( ber_scanf( ember, "{i{a[V]}}", &op, &type, &embvals ) != LBER_ERROR )
{
- continue;
+ slapi_mods_add_modbvps( smods, op, type, embvals);
/* GGOODREPL I suspect this will cause two sets of lastmods attr values
to end up in the entry. We need to remove the old ones.
*/
}
- slapi_mods_add_modbvps( smods, op, type, embvals);
free( type );
ber_bvecfree( embvals );
}
Index: repl_extop.c
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/servers/plugins/replication/repl_extop.c,v
retrieving revision 1.7
retrieving revision 1.8
diff -u -r1.7 -r1.8
--- repl_extop.c 19 Apr 2005 22:07:32 -0000 1.7
+++ repl_extop.c 23 Feb 2006 20:45:10 -0000 1.8
@@ -384,7 +384,8 @@
/* slapi_ch_free accepts NULL pointer */
slapi_ch_free ((void**)protocol_oid);
slapi_ch_free ((void**)repl_root);
- slapi_ch_free ((void **)extra_referrals);
+ slapi_ch_array_free (*extra_referrals);
+ *extra_referrals = NULL;
slapi_ch_free ((void**)csnstr);
if (*supplier_ruv)
18 years, 1 month
[Fedora-directory-commits] ldapserver/ldap/cm/newinst sec_tools_wrapper, NONE, 1.1 Makefile, 1.9, 1.10 ns-update, 1.10, 1.11 setup, 1.14, 1.15
by Doctor Conrad
Author: rmeggins
Update of /cvs/dirsec/ldapserver/ldap/cm/newinst
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv2205/ldapserver/ldap/cm/newinst
Modified Files:
Makefile ns-update setup
Added Files:
sec_tools_wrapper
Log Message:
Bug(s) fixed: 182613
Bug Description: Upgrade wipes out sectool wrappers
Reviewed by: Pete and Nathan (Thanks!)
Fix Description: It's better if we just package those wrappers instead
of creating them on the fly. The new file sec_tools_wrappers is a
simple shell script that assumes it's being run out of a parent/bin
directory which contains a program called $0-bin, and the shared libs it
needs are in parent/lib. This shell script is copied to
shared/bin/certutil, shared/bin/modutil, etc. I had to create another
makefile packaging macro to handle the case where you want to package a
file under a different name than the original. Also
1) Add Red Hat and Fedora DS to upgradeServer
2) adminutil property directory is now adminutil-properties instead of
property
3) General clean up of some upgrade install things
Platforms tested: Fedora Core 4
Flag Day: no
Doc impact: no
--- NEW FILE sec_tools_wrapper ---
#!/bin/sh
#
# BEGIN COPYRIGHT BLOCK
# This Program is free software; you can redistribute it and/or modify it under
# the terms of the GNU General Public License as published by the Free Software
# Foundation; version 2 of the License.
#
# This Program is distributed in the hope that it will be useful, but WITHOUT
# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
# FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License along with
# this Program; if not, write to the Free Software Foundation, Inc., 59 Temple
# Place, Suite 330, Boston, MA 02111-1307 USA.
#
# In addition, as a special exception, Red Hat, Inc. gives You the additional
# right to link the code of this Program with code not covered under the GNU
# General Public License ("Non-GPL Code") and to distribute linked combinations
# including the two, subject to the limitations in this paragraph. Non-GPL Code
# permitted under this exception must only link to the code of this Program
# through those well defined interfaces identified in the file named EXCEPTION
# found in the source code files (the "Approved Interfaces"). The files of
# Non-GPL Code may instantiate templates or use macros or inline functions from
# the Approved Interfaces without causing the resulting work to be covered by
# the GNU General Public License. Only Red Hat, Inc. may make changes or
# additions to the list of Approved Interfaces. You must obey the GNU General
# Public License in all respects for all of the Program code and other code used
# in conjunction with the Program except the Non-GPL Code covered by this
# exception. If you modify this file, you may extend this exception to your
# version of the file, but you are not obligated to do so. If you do not wish to
# provide this exception without modification, you must delete this exception
# statement from your version and license this file solely under the GPL without
# exception.
#
# Copyright (C) 2006 Red Hat, Inc.
# All rights reserved.
# END COPYRIGHT BLOCK
#
# This file is the wrapper around the security tools. It just sets the
# runtime library lookup path and invokes the actual binary with the given
# arguments. This file is copied to the actual name of the command e.g.
# we get the binary certutil program from the NSS package. When we package
# it, we rename it to certutil-bin e.g. cp $(NSS)/certutil shared/bin/certutil-bin
# This file is copied to certutil e.g. cp sec_tools_wrapper shared/bin/certutil
# figure out where the libdir is based on the location of this shell script
savedir=`pwd`
bindir=`dirname $0`
if test -n "$bindir" ; then
cd $bindir/../lib
else
# could be running as e.g. ./certutil or certutil if current dir is in PATH
cd ../lib
fi
# assume the libdir is ../lib from the bindir e.g. sroot/shared/bin and sroot/shared/lib
libdir=`pwd`
cd $savedir
# cover our bases on ld libpaths
SHLIB_PATH=$libdir
LIBPATH=$libdir
LD_LIBRARY_PATH=$libdir
DYLD_PATH=$libdir
export SHLIB_PATH LIBPATH LD_LIBRARY_PATH DYLD_PATH
$0-bin ${1+"$@"}
Index: Makefile
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/cm/newinst/Makefile,v
retrieving revision 1.9
retrieving revision 1.10
diff -u -r1.9 -r1.10
--- Makefile 15 Feb 2006 22:54:02 -0000 1.9
+++ Makefile 23 Feb 2006 19:30:41 -0000 1.10
@@ -95,10 +95,13 @@
# Source for staged installation utilities
INCDIR=$(SETUPUTIL_INCLUDE) -I$(LDAP_SRC)/admin/include -I$(LDAP_SRC)/admin/lib -I$(LDAP_SRC)/admin/src
+# we wrap the security tools with a shell script wrapper for their ld libpath
+PACKAGE_SEC_T0OLS = $(addprefix $(RELDIR)/shared/bin/,$(SECURITY_TOOLS))
+
# ADM_VERSDIR = admserv40
# ADM_RELDATE = 19980112
-all: $(OBJDEST) $(BINDEST) $(SETUPUTIL_DEP) $(LDAPSDK_DEP) $(SECURITY_DEP) $(NSPR_DEP) $(OSOBJS) $(OBJS1) $(OBJS2) $(BINS) $(INFO) $(BINDEST)/ns-update $(BINDEST)/uninstall
+all: $(OBJDEST) $(BINDEST) $(SETUPUTIL_DEP) $(LDAPSDK_DEP) $(SECURITY_DEP) $(NSPR_DEP) $(OSOBJS) $(OBJS1) $(OBJS2) $(BINS) $(INFO) $(BINDEST)/ns-update $(BINDEST)/uninstall $(PACKAGE_SEC_T0OLS)
# removed ns-keygen from build - it was only used for Dir Lite
# $(BINDEST)/ns-keygen
ifeq ($(ARCH), BSDI)
@@ -170,6 +173,11 @@
-o $(BINDEST)/ns-config $(RPATHFLAG_PREFIX)$(RPATHFLAG)$(RPATHFLAG_EXTRAS) $(OBJS1) $(OBJS2) $(SETUPUTILLINK) $(LDAPLINK) $(SECURITYLINK) $(NSPRLINK) \
$(EXTRA_LIBS) $(CURSES)
+$(RELDIR)/shared/bin/%: sec_tools_wrapper $(RELDIR)/shared/bin
+ -@$(RM) $@
+ $(CP) $< $@
+ chmod +x $@
+
ifeq ($(ARCH), WINNT)
$(INFO):
$(PERL) fixINF.pl $(BUILD_MODULE) $(NOSP_DIR_VERSION) $(BUILD_ROOT)/$(BUILD_ARCH)/buildnum.dat slapd.inf $(SECURITY) $(PRODUCT) $(IS_DIR_LITE) $(INSTANCE_NAME_PREFIX) $@.inf $(BUILD_BOMB) "bin/admin/ns-admin,bin/admin/ns-admin.so"
Index: ns-update
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/cm/newinst/ns-update,v
retrieving revision 1.10
retrieving revision 1.11
diff -u -r1.10 -r1.11
--- ns-update 7 Dec 2005 21:29:14 -0000 1.10
+++ ns-update 23 Feb 2006 19:30:41 -0000 1.11
@@ -60,48 +60,6 @@
cd $cwd
}
-wrap_security_tools()
-{
- cwd=`pwd`
- SECURITY_BINNAMES="certutil derdump modutil pk12util pp ssltap shlibsign"
- arch=`uname`
- if [ $arch = HP-UX ]; then
- env_ld_library_path=SHLIB_PATH
- elif [ $arch = AIX ]; then
- env_ld_library_path=LIBPATH
- else
- env_ld_library_path=LD_LIBRARY_PATH
- fi
- cd $sroot/shared/bin
- for file in $SECURITY_BINNAMES
- do
- if [ -f $file -a ! -f $file-bin ]; then
- mv $file $file-bin
- echo "#!/bin/sh" > $file
- echo $env_ld_library_path=$sroot/shared/lib >> $file
- echo "export $env_ld_library_path" >> $file
- echo "$sroot/shared/bin/$file-bin " '${1+"$@"}' >> $file
- chmod 755 $file
- fi
- done
-
- if [ -d $sroot/shared32/bin ] ; then
- cd $sroot/shared32/bin
- for file in modutil
- do
- if [ -f $file -a ! -f $file-bin ]; then
- mv $file $file-bin
- echo "#!/bin/sh" > $file
- echo $env_ld_library_path=$sroot/shared32/lib >> $file
- echo "export $env_ld_library_path" >> $file
- echo "$sroot/shared32/bin/$file-bin " '${1+"$@"}' >> $file
- chmod 755 $file
- fi
- done
- fi
- cd $cwd
-}
-
# if the -r flag is present, this means we're doing a
# reinstall or an upgrade, so restart the servers
for arg in $* ; do
@@ -161,8 +119,6 @@
$PERL $sroot/bin/slapd/admin/bin/upgradeServer $sroot
fi
-wrap_security_tools $sroot
-
cd `dirname $0`
# we need to make sure the alias directory is owned by the server user/group
@@ -196,10 +152,6 @@
./ds_create $* $extraflags
rc=$?
-if [ -f fix_secmod_db_64 ]; then
- ./fix_secmod_db_64 $sroot/alias $sroot/shared32/bin
-fi
-
# chown the cookie directory - bug 175098
if [ "$ssuser" ] ; then
if [ "$ssgrp" ] ; then
Index: setup
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/cm/newinst/setup,v
retrieving revision 1.14
retrieving revision 1.15
diff -u -r1.14 -r1.15
--- setup 17 Nov 2005 17:38:25 -0000 1.14
+++ setup 23 Feb 2006 19:30:41 -0000 1.15
@@ -289,8 +289,12 @@
if [ -d $sroot/admin-serv/config ]; then
adminSSLOff $sroot/admin-serv/config/adm.conf security: assecure.txt
adminSSLOff $sroot/admin-serv/config/local.conf configuration.nsServerSecurity: assecure.txt
- adminSSLOff $sroot/admin-serv/config/magnus.conf Security assecure.txt
- adminXmlSSLOff $sroot/admin-serv/config/server.xml security assecure.txt
+ if [ -f $sroot/admin-serv/config/magnus.conf ] ; then
+ adminSSLOff $sroot/admin-serv/config/magnus.conf Security assecure.txt
+ fi
+ if [ -f $sroot/admin-serv/config/server.xml ] ; then
+ adminXmlSSLOff $sroot/admin-serv/config/server.xml security assecure.txt
+ fi
if [ $isadminsslon -ne 0 ]; then
$sroot/start-admin
18 years, 1 month
[Fedora-directory-commits] ldapserver/ldap/cm Makefile,1.51,1.52
by Doctor Conrad
Author: rmeggins
Update of /cvs/dirsec/ldapserver/ldap/cm
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv2205/ldapserver/ldap/cm
Modified Files:
Makefile
Log Message:
Bug(s) fixed: 182613
Bug Description: Upgrade wipes out sectool wrappers
Reviewed by: Pete and Nathan (Thanks!)
Fix Description: It's better if we just package those wrappers instead
of creating them on the fly. The new file sec_tools_wrappers is a
simple shell script that assumes it's being run out of a parent/bin
directory which contains a program called $0-bin, and the shared libs it
needs are in parent/lib. This shell script is copied to
shared/bin/certutil, shared/bin/modutil, etc. I had to create another
makefile packaging macro to handle the case where you want to package a
file under a different name than the original. Also
1) Add Red Hat and Fedora DS to upgradeServer
2) adminutil property directory is now adminutil-properties instead of
property
3) General clean up of some upgrade install things
Platforms tested: Fedora Core 4
Flag Day: no
Doc impact: no
Index: Makefile
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/cm/Makefile,v
retrieving revision 1.51
retrieving revision 1.52
diff -u -r1.51 -r1.52
--- Makefile 23 Feb 2006 01:20:06 -0000 1.51
+++ Makefile 23 Feb 2006 19:30:35 -0000 1.52
@@ -346,6 +346,20 @@
fi ; \
done
+# PACKAGE_SRC_DESTFILE is defined in components.mk - these are component files and directories to install
+# with the other component files that we don't necessarily pick up from the admin server build
+# these can go in any directory - this differs from PACKAGE_SRC_DEST above in that in this case, the
+# destination is a _file_, not a directory, and src must be a filename, not a directory
+ for destfile in $(PACKAGE_SRC_DESTFILE) ; \
+ do if [ "$$src" ] ; \
+ then destdir=`dirname $$destfile` ; \
+ if [ ! -d $(RELDIR)/$$destdir ] ; then mkdir -p $(RELDIR)/$$destdir ; fi ; \
+ $(CP) $$src $(RELDIR)/$$destfile ; \
+ src= ; \
+ else src=$$destfile ; \
+ fi ; \
+ done
+
# install the DSMLGW into the client directory
# the following DSML files must be packaged separately:
# web-app_2_3.dtd, activation.jar, saaj.jar - due to Sun license
18 years, 1 month
[Fedora-directory-commits] ldapserver/ldap/admin/src upgradeServer, 1.7, 1.8
by Doctor Conrad
Author: rmeggins
Update of /cvs/dirsec/ldapserver/ldap/admin/src
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv2205/ldapserver/ldap/admin/src
Modified Files:
upgradeServer
Log Message:
Bug(s) fixed: 182613
Bug Description: Upgrade wipes out sectool wrappers
Reviewed by: Pete and Nathan (Thanks!)
Fix Description: It's better if we just package those wrappers instead
of creating them on the fly. The new file sec_tools_wrappers is a
simple shell script that assumes it's being run out of a parent/bin
directory which contains a program called $0-bin, and the shared libs it
needs are in parent/lib. This shell script is copied to
shared/bin/certutil, shared/bin/modutil, etc. I had to create another
makefile packaging macro to handle the case where you want to package a
file under a different name than the original. Also
1) Add Red Hat and Fedora DS to upgradeServer
2) adminutil property directory is now adminutil-properties instead of
property
3) General clean up of some upgrade install things
Platforms tested: Fedora Core 4
Flag Day: no
Doc impact: no
Index: upgradeServer
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/admin/src/upgradeServer,v
retrieving revision 1.7
retrieving revision 1.8
diff -u -r1.7 -r1.8
--- upgradeServer 21 Oct 2005 19:21:10 -0000 1.7
+++ upgradeServer 23 Feb 2006 19:30:30 -0000 1.8
@@ -326,7 +326,29 @@
sleep(1); # allow some data to accumulate in the pipe
# print "Output from $prog -v:\n";
while (<F>) {
- if (/^Netscape-Directory\/(\d+)\.(\d+)(?:\.(\d+))?(?:b\d)*\s+(\S+)/) {
+ if (/^Red Hat-Directory\/(\d+)\.(\d+)(?:\.(\d+))?(?:b\d)*\s+(\S+)/) {
+ $version = $1;
+ $minor = $2;
+ if ($4) {
+ $subminor = $3;
+ $buildNumber = $4;
+ } else {
+ $buildNumber = $3;
+ }
+ last;
+ }
+ elsif (/^Fedora-Directory\/(\d+)\.(\d+)(?:\.(\d+))?(?:b\d)*\s+(\S+)/) {
+ $version = $1;
+ $minor = $2;
+ if ($4) {
+ $subminor = $3;
+ $buildNumber = $4;
+ } else {
+ $buildNumber = $3;
+ }
+ last;
+ }
+ elsif (/^Netscape-Directory\/(\d+)\.(\d+)(?:\.(\d+))?(?:b\d)*\s+(\S+)/) {
$version = $1;
$minor = $2;
if ($4) {
@@ -414,7 +436,6 @@
"$sroot/bin/slapd/admin/scripts/template-migrate5to7",
"$sroot/bin/slapd/admin/scripts/template-migrate6to7",
"$sroot/bin/slapd/admin/scripts/template-migrateInstance7",
- "$sroot/bin/slapd/admin/scripts/template-migrateTo4",
"$sroot/bin/slapd/admin/scripts/template-migrateTo7",
"$sroot/bin/slapd/admin/scripts/template-repl-monitor-cgi.pl",
);
18 years, 1 month
[Fedora-directory-commits] ldapserver components.mk, 1.40, 1.41 ldapserver.spec.tmpl, 1.24, 1.25
by Doctor Conrad
Author: rmeggins
Update of /cvs/dirsec/ldapserver
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv2205/ldapserver
Modified Files:
components.mk ldapserver.spec.tmpl
Log Message:
Bug(s) fixed: 182613
Bug Description: Upgrade wipes out sectool wrappers
Reviewed by: Pete and Nathan (Thanks!)
Fix Description: It's better if we just package those wrappers instead
of creating them on the fly. The new file sec_tools_wrappers is a
simple shell script that assumes it's being run out of a parent/bin
directory which contains a program called $0-bin, and the shared libs it
needs are in parent/lib. This shell script is copied to
shared/bin/certutil, shared/bin/modutil, etc. I had to create another
makefile packaging macro to handle the case where you want to package a
file under a different name than the original. Also
1) Add Red Hat and Fedora DS to upgradeServer
2) adminutil property directory is now adminutil-properties instead of
property
3) General clean up of some upgrade install things
Platforms tested: Fedora Core 4
Flag Day: no
Doc impact: no
Index: components.mk
===================================================================
RCS file: /cvs/dirsec/ldapserver/components.mk,v
retrieving revision 1.40
retrieving revision 1.41
diff -u -r1.40 -r1.41
--- components.mk 14 Feb 2006 04:26:54 -0000 1.40
+++ components.mk 23 Feb 2006 19:30:23 -0000 1.41
@@ -112,6 +112,14 @@
# separate the src from the dest with a single space
PACKAGE_SRC_DEST =
+# this macro contains a list of pairs of source and dest files, not directories
+# the source is where to find the item in the build tree, and the dest is
+# the place in the release to put the item, relative to the server root e.g.
+# nls locale files are in libnls31/locale, but for packaging they need to
+# go into lib/nls, not just lib; the destination should be a file name;
+# separate the src from the dest with a single space
+PACKAGE_SRC_DESTFILE =
+
# these defs are useful for doing pattern search/replace
COMMA := ,
NULLSTRING :=
@@ -264,8 +272,10 @@
# we need to package the root cert file in the alias directory
PACKAGE_SRC_DEST += $(SECURITY_LIBPATH)/$(LIB_PREFIX)nssckbi.$(DLL_SUFFIX) alias
-# need to package the sec tools in shared/bin
-BINS_TO_PKG_SHARED += $(SECURITY_TOOLS_FULLPATH)
+# the security tools are wrapped with shell scripts so that the correct ld libpath can be set
+# so, when we package them, we rename them with a -bin extension e.g. certutil -> shared/bin/certutil-bin
+# the actual certutil will be an executable shell script that points to certutil-bin
+PACKAGE_SRC_DESTFILE += $(foreach prog,$(SECURITY_TOOLS),$(SECURITY_BINPATH)/$(prog)$(SPACE)shared/bin/$(prog)-bin)
### SECURITY END #############################
@@ -531,7 +541,7 @@
ADMINUTIL_INCPATH = $(ADMINUTIL_BUILD_DIR)/include/adminutil-$(ADMINUTIL_DOT_VER)
endif
-PACKAGE_SRC_DEST += $(ADMINUTIL_LIBPATH)/property bin/slapd/lib
+PACKAGE_SRC_DEST += $(ADMINUTIL_LIBPATH)/adminutil-properties bin/slapd/lib
LIBS_TO_PKG += $(wildcard $(ADMINUTIL_LIBPATH)/*.$(DLL_SUFFIX))
LIBS_TO_PKG_CLIENTS += $(wildcard $(ADMINUTIL_LIBPATH)/*.$(DLL_SUFFIX))
Index: ldapserver.spec.tmpl
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldapserver.spec.tmpl,v
retrieving revision 1.24
retrieving revision 1.25
diff -u -r1.24 -r1.25
--- ldapserver.spec.tmpl 23 Feb 2006 04:06:17 -0000 1.24
+++ ldapserver.spec.tmpl 23 Feb 2006 19:30:23 -0000 1.25
@@ -156,13 +156,10 @@
chown $usergroup $RPM_INSTALL_PREFIX/alias
fi
fi
- for instance in `ls -d $RPM_INSTALL_PREFIX/slapd-*`
- do
- cp $RPM_INSTALL_PREFIX/bin/slapd/install/schema/00core.ldif $instance/config/schema
- done
- echo "Upgrade complete. Please restart slapd then admin."
+ echo "Upgrade finished. Please run $RPM_INSTALL_PREFIX/setup/setup to complete the upgrade."
+else
+ echo "Install finished. Please run $RPM_INSTALL_PREFIX/setup/setup to complete installation and set up the servers."
fi
-echo "Install finished. Please run $RPM_INSTALL_PREFIX/setup/setup to set up the servers."
%preun
# only run uninstall if this is the last version of the package
18 years, 1 month
[Fedora-directory-commits] setuputil/installer/unix product.cc, 1.3, 1.4
by Doctor Conrad
Author: nkinder
Update of /cvs/dirsec/setuputil/installer/unix
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv29367
Modified Files:
product.cc
Log Message:
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=182611
Bug(s) fixed: 182611
Bug Description: When running setup of 64-bit Directory Server on my FC4 x86_64 machine,
setup complains that there is not enough available diskspace when I actually have 90+ GB
available on the installation partition.
Reviewed by:
Files: see diffs
Branch: HEAD (setuputil)
Fix Description: We were using fscanf to read in the total unzipped size of our zip archives
incorrectly. It was scanning for a normal int, but storing it in a long. The compiler was
not automatically converting types correctly which would cause the required space to be
a huge number. The proper thing to do is to have fscanf read in a long.
Flag Day: no
Doc impact: no
QA impact: Should be covered by manual and nightly testing
New Tests integrated into TET: none
https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=125120
Index: product.cc
===================================================================
RCS file: /cvs/dirsec/setuputil/installer/unix/product.cc,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- product.cc 12 Jan 2006 17:26:46 -0000 1.3
+++ product.cc 23 Feb 2006 17:57:02 -0000 1.4
@@ -27,6 +27,25 @@
**
** HISTORY:
** $Log$
+** Revision 1.4 2006/02/23 17:57:02 nkinder
+** https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=182611
+** Bug(s) fixed: 182611
+** Bug Description: When running setup of 64-bit Directory Server on my FC4 x86_64 machine,
+** setup complains that there is not enough available diskspace when I actually have 90+ GB
+** available on the installation partition.
+** Reviewed by:
+** Files: see diffs
+** Branch: HEAD (setuputil)
+** Fix Description: We were using fscanf to read in the total unzipped size of our zip archives
+** incorrectly. It was scanning for a normal int, but storing it in a long. The compiler was
+** not automatically converting types correctly which would cause the required space to be
+** a huge number. The proper thing to do is to have fscanf read in a long.
+** Flag Day: no
+** Doc impact: no
+** QA impact: Should be covered by manual and nightly testing
+** New Tests integrated into TET: none
+** https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=125120
+**
** Revision 1.3 2006/01/12 17:26:46 nkinder
** 174749 - Uninstall should not follow symlinks
**
@@ -1160,7 +1179,7 @@
if (fp = fopen(tmpfilename.data(), "r"))
{
long size;
- if (EOF != fscanf(fp, "%d", &size))
+ if (EOF != fscanf(fp, "%ld", &size))
{
long newSize = getArchiveSize() + (size / 1024 + 1);
setArchiveSize(newSize);
@@ -1228,7 +1247,7 @@
if (fp = fopen(tmpfilename.data(), "r"))
{
long size;
- if (EOF != fscanf(fp, "%d", &size))
+ if (EOF != fscanf(fp, "%ld", &size))
{
long newSize = getArchiveSize() + (size / 1024 + 1);
setArchiveSize(newSize);
18 years, 1 month