February 2006 - 389-commits - Fedora Mailing-Lists

[Fedora-directory-commits] ldapserver/ldap/servers/slapd/back-ldbm dn2entry.c, 1.4, 1.5

by Doctor Conrad

Author: rmeggins Update of /cvs/dirsec/ldapserver/ldap/servers/slapd/back-ldbm In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv4939/ldapserver/ldap/servers/slapd/back-ldbm Modified Files: dn2entry.c Log Message: Bug(s) fixed: 179137 Bug Description: recursion causes OOM with bad DN in dn2ancestor Reviewed by: All (Thanks!) Fix Description: The fix looks scary, but I thought it would be best to get rid of recursion entirely (ugh - recursion in a multi threaded server - this isn't lisp . . .). Along with eliminating recursion, I created a new function called slapi_dn_find_parent that just returns a pointer to the beginning of the parent of the given dn, rather than returning a copy (as in slapi_dn_parent), to eliminate malloc/free in cases where it is unnecessary such as iterating through the parents in an DN. The new function is basically just the guts of slapi_dn_parent with one twist, specifically to address the bug in question - it skips through consecutive runs of DN separator characters. We should probably have a function like const char *slapi_dn_is_valid(const char *) that returns NULL if the given DN is valid or returns a pointer to the first invalid character if not. We could probably save a lot of time in processing bad or malicious client requests. Anyway, back to dn2ancestor. The given ancestordn must contain the _unnormalized_ parent DN, since some clients get irritated when they get back an DN in a different form than given. However, we need to have a normalized DN to pass to dn2entry, and we cannot use a single Slapi_DN that has both a dn and a ndn that are passed in byval (unless we add a new API or skip the API altogether), so the variable ancestorndn holds the normalized DN. Using the original pointer to the given sdn also allows us to avoid malloc/free entirely. Platforms tested: Fedora Core 4 Flag Day: no Doc impact: no QA impact: should be covered by regular nightly and manual testing New Tests integrated into TET: We need a test case that calls moddn and modify operations with really bad DNs, consisting of nothing but thousands of ',', '+', and '=' chars. Index: dn2entry.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/back-ldbm/dn2entry.c,v retrieving revision 1.4 retrieving revision 1.5 diff -u -r1.4 -r1.5 --- dn2entry.c 19 Apr 2005 22:07:38 -0000 1.4 +++ dn2entry.c 23 Feb 2006 20:48:05 -0000 1.5 @@ -109,58 +109,12 @@ } /* - * dn2entry_or_ancestor - look up dn in the cache/indexes and return the - * corresponding entry. If the entry is not found, this function returns NULL - * and sets ancestordn to the DN of highest entry in the tree matched. - * - * ancestordn should be initialized before calling this function. - * - * When the caller is finished with the entry returned, it should return it - * to the cache: - * e = dn2entry_or_ancestor( ... ); - * if ( NULL != e ) { - * cache_return( &inst->inst_cache, &e ); - * } - */ -struct backentry * -dn2entry_or_ancestor( - Slapi_Backend *be, - const Slapi_DN *sdn, - Slapi_DN *ancestordn, - back_txn *txn, - int *err -) -{ - struct backentry *e; - - LDAPDebug( LDAP_DEBUG_TRACE, "=> dn2entry_or_ancestor \"%s\"\n", slapi_sdn_get_dn(sdn), 0, 0 ); - - /* - * Fetch the entry asked for. - */ - - e= dn2entry(be,sdn,txn,err); - - if(e==NULL) - { - /* - * could not find the entry named. crawl back up the dn and - * stop at the first ancestor that does exist, or when we get - * to the suffix. - */ - e= dn2ancestor(be,sdn,ancestordn,txn,err); - } - - LDAPDebug( LDAP_DEBUG_TRACE, "<= dn2entry_or_ancestor %p\n", e, 0, 0 ); - return( e ); -} - -/* * Use the DN to fetch the parent of the entry. * If the parent entry doesn't exist, keep working * up the DN until we hit "" or an backend suffix. * - * ancestordn should be initialized before calling this function. + * ancestordn should be initialized before calling this function, and + * should be empty * * Returns NULL for no entry found. * @@ -184,18 +138,64 @@ LDAPDebug( LDAP_DEBUG_TRACE, "=> dn2ancestor \"%s\"\n", slapi_sdn_get_dn(sdn), 0, 0 ); - /* stop when we get to "", or a backend suffix point */ - slapi_sdn_done(ancestordn); /* free any previous contents */ - slapi_sdn_get_backend_parent(sdn,ancestordn,be); - if ( !slapi_sdn_isempty(ancestordn) ) - { - Slapi_DN *newsdn = slapi_sdn_dup(ancestordn); - e = dn2entry_or_ancestor( be, newsdn, ancestordn, txn, err ); - slapi_sdn_free(&newsdn); - } - - LDAPDebug( LDAP_DEBUG_TRACE, "<= dn2ancestor %p\n", e, 0, 0 ); - return( e ); + /* first, check to see if the given sdn is empty or a root suffix of the + given backend - if so, it has no parent */ + if (!slapi_sdn_isempty(sdn) && !slapi_be_issuffix( be, sdn )) { + Slapi_DN ancestorndn; + const char *ptr; + + /* assign ancestordn to the parent of the given dn - ancestordn will contain + the "raw" unnormalized DN from the caller, so we can give back the DN + in the same format as we received it */ + ptr = slapi_dn_find_parent(slapi_sdn_get_dn(sdn)); + /* assign the ancestordn dn pointer to the parent of dn from sdn - sdn "owns" + the memory, but ancestordn points to it */ + slapi_sdn_set_dn_byref(ancestordn, ptr); /* free any previous contents */ + /* now, do the same for the normalized version */ + /* ancestorndn holds the normalized version for iteration purposes and + because dn2entry needs the normalized dn */ + ptr = slapi_dn_find_parent(slapi_sdn_get_ndn(sdn)); + slapi_sdn_init_ndn_byref(&ancestorndn, ptr); + + /* + At this point you may be wondering why I need both ancestorndn and + ancestordn. Because, with the slapi_sdn interface, you cannot set both + the dn and ndn byref at the same time. Whenever you call set_dn or set_ndn, + it calls slapi_sdn_done which wipes out the previous contents. I suppose I + could have added another API to allow you to pass them both in. Also, using + slapi_sdn_get_ndn(ancestordn) every time would result in making a copy then + normalizing the copy every time - not efficient. + So, why not just use a char* for the ancestorndn? Because dn2entry requires + a Slapi_DN with the normalized dn. + */ + + /* stop when we get to "", or a backend suffix point */ + while (!e && !slapi_sdn_isempty(&ancestorndn) && !slapi_be_issuffix( be, &ancestorndn )) { + /* find the entry - it uses the ndn, so no further conversion is necessary */ + e= dn2entry(be,&ancestorndn,txn,err); + if (!e) { + /* not found, so set ancestordn to its parent and try again */ + ptr = slapi_dn_find_parent(slapi_sdn_get_ndn(&ancestorndn)); + /* keep in mind that ptr points to the raw ndn pointer inside + ancestorndn which is still the ndn string "owned" by sdn, the + original dn we started with - we are careful not to touch + or change it */ + slapi_sdn_set_ndn_byref(&ancestorndn, ptr); /* wipe out the previous contents */ + /* now do the same for the unnormalized one */ + ptr = slapi_dn_find_parent(slapi_sdn_get_dn(ancestordn)); + slapi_sdn_set_dn_byref(ancestordn, ptr); /* wipe out the previous contents */ + } + } + + slapi_sdn_done(&ancestorndn); + } + + /* post conditions: + e is the entry of the ancestor of sdn OR e is the suffix entry + OR e is NULL + ancestordn contains the unnormalized DN of e or is empty */ + LDAPDebug( LDAP_DEBUG_TRACE, "<= dn2ancestor %p\n", e, 0, 0 ); + return( e ); } /*

18 years, 1 month

1
0
0 / 0

[Fedora-directory-commits] ldapserver/ldap/servers/slapd dn.c, 1.7, 1.8 slapi-plugin.h, 1.8, 1.9

by Doctor Conrad

Author: rmeggins Update of /cvs/dirsec/ldapserver/ldap/servers/slapd In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv4939/ldapserver/ldap/servers/slapd Modified Files: dn.c slapi-plugin.h Log Message: Bug(s) fixed: 179137 Bug Description: recursion causes OOM with bad DN in dn2ancestor Reviewed by: All (Thanks!) Fix Description: The fix looks scary, but I thought it would be best to get rid of recursion entirely (ugh - recursion in a multi threaded server - this isn't lisp . . .). Along with eliminating recursion, I created a new function called slapi_dn_find_parent that just returns a pointer to the beginning of the parent of the given dn, rather than returning a copy (as in slapi_dn_parent), to eliminate malloc/free in cases where it is unnecessary such as iterating through the parents in an DN. The new function is basically just the guts of slapi_dn_parent with one twist, specifically to address the bug in question - it skips through consecutive runs of DN separator characters. We should probably have a function like const char *slapi_dn_is_valid(const char *) that returns NULL if the given DN is valid or returns a pointer to the first invalid character if not. We could probably save a lot of time in processing bad or malicious client requests. Anyway, back to dn2ancestor. The given ancestordn must contain the _unnormalized_ parent DN, since some clients get irritated when they get back an DN in a different form than given. However, we need to have a normalized DN to pass to dn2entry, and we cannot use a single Slapi_DN that has both a dn and a ndn that are passed in byval (unless we add a new API or skip the API altogether), so the variable ancestorndn holds the normalized DN. Using the original pointer to the given sdn also allows us to avoid malloc/free entirely. Platforms tested: Fedora Core 4 Flag Day: no Doc impact: no QA impact: should be covered by regular nightly and manual testing New Tests integrated into TET: We need a test case that calls moddn and modify operations with really bad DNs, consisting of nothing but thousands of ',', '+', and '=' chars. Index: dn.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/dn.c,v retrieving revision 1.7 retrieving revision 1.8 diff -u -r1.7 -r1.8 --- dn.c 8 Dec 2005 00:59:14 -0000 1.7 +++ dn.c 23 Feb 2006 20:47:59 -0000 1.8 @@ -593,8 +593,26 @@ return r; } -char* -slapi_dn_parent( const char *dn ) +/* + * This function is used for speed. Instead of returning a newly allocated + * dn string that contains the parent, this function just returns a pointer + * to the address _within_ the given string where the parent dn of the + * given dn starts e.g. if you call this with "dc=example,dc=com", the + * function will return "dc=com" - that is, the char* returned will be the + * address of the 'd' after the ',' in "dc=example,dc=com". This function + * also checks for bogus things like consecutive ocurrances of unquoted + * separators e.g. DNs like cn=foo,,,,,,,,,,,cn=bar,,,,,,, + * This function is useful for "interating" over a DN returning the ancestors + * of the given dn e.g. + * + * const char *dn = somedn; + * while (dn = slapi_dn_find_parent(dn)) { + * see if parent exists + * etc. + * } + */ +const char* +slapi_dn_find_parent( const char *dn ) { const char *s; int inquote; @@ -621,14 +639,34 @@ } else { if ( *s == '"' ) inquote = 1; - else if ( DNSEPARATOR( *s ) ) - return( slapi_ch_strdup( s + 1 ) ); + else { + if ( DNSEPARATOR( *s ) ) { + while ( *s && DNSEPARATOR( *s ) ) { + ++s; + } + if (*s) { + return( s ); + } + } + } } } return( NULL ); } +char* +slapi_dn_parent( const char *dn ) +{ + const char *s = slapi_dn_find_parent(dn); + + if ( s == NULL || *s == '\0' ) { + return( NULL ); + } + + return( slapi_ch_strdup( s ) ); +} + /* * slapi_dn_issuffix - tells whether suffix is a suffix of dn. both dn * and suffix must be normalized. Index: slapi-plugin.h =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/slapi-plugin.h,v retrieving revision 1.8 retrieving revision 1.9 diff -u -r1.8 -r1.9 --- slapi-plugin.h 19 Apr 2005 22:07:37 -0000 1.8 +++ slapi-plugin.h 23 Feb 2006 20:47:59 -0000 1.9 @@ -362,6 +362,7 @@ char *slapi_dn_ignore_case( char *dn ); char *slapi_dn_normalize_case( char *dn ); char *slapi_dn_beparent( Slapi_PBlock *pb, const char *dn ); +const char *slapi_dn_find_parent( const char *dn ); char *slapi_dn_parent( const char *dn ); int slapi_dn_issuffix( const char *dn, const char *suffix ); int slapi_dn_isparent( const char *parentdn, const char *childdn );

18 years, 1 month

1
0
0 / 0

[Fedora-directory-commits] ldapserver/ldap/servers/slapd/back-ldbm sort.c, 1.5, 1.6

by Doctor Conrad

Author: rmeggins Update of /cvs/dirsec/ldapserver/ldap/servers/slapd/back-ldbm In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv4860/ldapserver/ldap/servers/slapd/back-ldbm Modified Files: sort.c Log Message: Bug(s) fixed: 179135 Bug Description: memory leaks using ber_scanf when handling bad BER packets Reviewed by: All (Thanks!) Files: https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=123783 Branch: HEAD Fix Description: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=179135#c0 I basically did a search through our code for all calls to ber_scanf, ber_get_stringa, and ber_get_stringal and made sure we properly free any arguments that may have been allocated. There was a bug in the ldapsdk https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=179135 that causes us to free uninitialized memory when trying to clean up the result of ber_get_stringal (or ber_scanf with 'V'). I had to initialize some variables to NULL so that we could properly clean them up, and added some additional clean ups that were missing. Also, in repl_extop.c, we were calling free on an array that we should have been calling ch_array_free on. Yet another lesson in the evils of slapi_ch_free and disabling compiler type checks in general. Platforms tested: Fedora Core 4 Flag Day: no Doc impact: no Index: sort.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/back-ldbm/sort.c,v retrieving revision 1.5 retrieving revision 1.6 diff -u -r1.5 -r1.6 --- sort.c 19 Apr 2005 22:07:38 -0000 1.5 +++ sort.c 23 Feb 2006 20:45:22 -0000 1.6 @@ -384,6 +384,7 @@ return_value = ber_scanf(ber,"a",&rtype); if (LBER_ERROR == return_value) { + slapi_ch_free_string(&rtype); rc = LDAP_PROTOCOL_ERROR; goto err; }

18 years, 1 month

1
0
0 / 0

[Fedora-directory-commits] ldapserver/ldap/servers/slapd add.c, 1.5, 1.6 ava.c, 1.4, 1.5 bind.c, 1.6, 1.7 compare.c, 1.4, 1.5 delete.c, 1.4, 1.5 filter.c, 1.5, 1.6 modify.c, 1.8, 1.9 modrdn.c, 1.4, 1.5

by Doctor Conrad

Author: rmeggins Update of /cvs/dirsec/ldapserver/ldap/servers/slapd In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv4860/ldapserver/ldap/servers/slapd Modified Files: add.c ava.c bind.c compare.c delete.c filter.c modify.c modrdn.c Log Message: Bug(s) fixed: 179135 Bug Description: memory leaks using ber_scanf when handling bad BER packets Reviewed by: All (Thanks!) Files: https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=123783 Branch: HEAD Fix Description: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=179135#c0 I basically did a search through our code for all calls to ber_scanf, ber_get_stringa, and ber_get_stringal and made sure we properly free any arguments that may have been allocated. There was a bug in the ldapsdk https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=179135 that causes us to free uninitialized memory when trying to clean up the result of ber_get_stringal (or ber_scanf with 'V'). I had to initialize some variables to NULL so that we could properly clean them up, and added some additional clean ups that were missing. Also, in repl_extop.c, we were calling free on an array that we should have been calling ch_array_free on. Yet another lesson in the evils of slapi_ch_free and disabling compiler type checks in general. Platforms tested: Fedora Core 4 Flag Day: no Doc impact: no Index: add.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/add.c,v retrieving revision 1.5 retrieving revision 1.6 diff -u -r1.5 -r1.6 --- add.c 19 Apr 2005 22:07:36 -0000 1.5 +++ add.c 23 Feb 2006 20:45:16 -0000 1.6 @@ -102,8 +102,9 @@ */ /* get the name */ { - char *dn; + char *dn = NULL; if ( ber_scanf( ber, "{a", &dn ) == LBER_ERROR ) { + slapi_ch_free_string(&dn); LDAPDebug( LDAP_DEBUG_ANY, "ber_scanf failed (op=Add; params=DN)\n", 0, 0, 0 ); op_shared_log_error_access (pb, "ADD", "???", "decoding error"); @@ -121,11 +122,13 @@ tag != LBER_DEFAULT && tag != LBER_END_OF_SEQORSET; tag = ber_next_element( ber, &len, last ) ) { char *type = NULL, *normtype = NULL; - struct berval **vals; + struct berval **vals = NULL; if ( ber_scanf( ber, "{a{V}}", &type, &vals ) == LBER_ERROR ) { op_shared_log_error_access (pb, "ADD", slapi_sdn_get_dn (slapi_entry_get_sdn_const(e)), "decoding error"); send_ldap_result( pb, LDAP_PROTOCOL_ERROR, NULL, "decoding error", 0, NULL ); + slapi_ch_free_string(&type); + ber_bvecfree( vals ); goto free_and_return; } @@ -134,7 +137,7 @@ op_shared_log_error_access (pb, "ADD", slapi_sdn_get_dn (slapi_entry_get_sdn_const(e)), "null value"); send_ldap_result( pb, LDAP_PROTOCOL_ERROR, NULL, NULL, 0, NULL ); - free( type ); + slapi_ch_free_string(&type); goto free_and_return; } @@ -144,7 +147,7 @@ PR_snprintf (ebuf, BUFSIZ, "invalid type '%s'", type); op_shared_log_error_access (pb, "ADD", slapi_sdn_get_dn (slapi_entry_get_sdn_const(e)), ebuf); send_ldap_result( pb, rc, NULL, ebuf, 0, NULL ); - free( type ); + slapi_ch_free_string(&type); slapi_ch_free( (void**)&normtype ); ber_bvecfree( vals ); goto free_and_return; Index: ava.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/ava.c,v retrieving revision 1.4 retrieving revision 1.5 diff -u -r1.4 -r1.5 --- ava.c 19 Apr 2005 22:07:36 -0000 1.4 +++ ava.c 23 Feb 2006 20:45:16 -0000 1.5 @@ -53,10 +53,12 @@ struct ava *ava ) { - char *type; + char *type = NULL; if ( ber_scanf( ber, "{ao}", &type, &ava->ava_value ) == LBER_ERROR ) { + slapi_ch_free_string(&type); + ava_done(ava); LDAPDebug( LDAP_DEBUG_ANY, " get_ava ber_scanf\n", 0, 0, 0 ); return( LDAP_PROTOCOL_ERROR ); } Index: bind.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/bind.c,v retrieving revision 1.6 retrieving revision 1.7 diff -u -r1.6 -r1.7 --- bind.c 19 Apr 2005 22:07:36 -0000 1.6 +++ bind.c 23 Feb 2006 20:45:16 -0000 1.7 @@ -111,7 +111,7 @@ long ber_version = -1; int auth_response_requested = 0; int pw_response_requested = 0; - char *dn, *saslmech = NULL; + char *dn = NULL, *saslmech = NULL; struct berval cred = {0}; Slapi_Backend *be = NULL; unsigned long rc; @@ -154,6 +154,7 @@ log_bind_access (pb, "???", method, version, saslmech, "decoding error"); send_ldap_result( pb, LDAP_PROTOCOL_ERROR, NULL, "decoding error", 0, NULL ); + slapi_ch_free_string(&dn); return; } Index: compare.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/compare.c,v retrieving revision 1.4 retrieving revision 1.5 diff -u -r1.4 -r1.5 --- compare.c 19 Apr 2005 22:07:36 -0000 1.4 +++ compare.c 23 Feb 2006 20:45:16 -0000 1.5 @@ -60,13 +60,13 @@ do_compare( Slapi_PBlock *pb ) { BerElement *ber = pb->pb_op->o_ber; - char *dn; - struct ava ava; + char *dn = NULL; + struct ava ava = {0}; Slapi_Backend *be = NULL; int err; char ebuf[ BUFSIZ ]; Slapi_DN sdn; - Slapi_Entry *referral; + Slapi_Entry *referral = NULL; char errorbuf[BUFSIZ]; LDAPDebug( LDAP_DEBUG_TRACE, "do_compare\n", 0, 0, 0 ); @@ -74,6 +74,9 @@ /* count the compare request */ PR_AtomicIncrement(g_get_global_snmp_vars()->ops_tbl.dsCompareOps); + /* have to init this here so we can "done" it below if we short circuit */ + slapi_sdn_init(&sdn); + /* * Parse the compare request. It looks like this: * @@ -86,7 +89,6 @@ * } */ - if ( ber_scanf( ber, "{a{ao}}", &dn, &ava.ava_type, &ava.ava_value ) == LBER_ERROR ) { LDAPDebug( LDAP_DEBUG_ANY, @@ -94,7 +96,7 @@ 0, 0, 0 ); send_ldap_result( pb, LDAP_PROTOCOL_ERROR, NULL, NULL, 0, NULL ); - return; + goto free_and_return; } /* * in LDAPv3 there can be optional control extensions on @@ -106,6 +108,7 @@ goto free_and_return; } slapi_sdn_init_dn_passin(&sdn,dn); + dn = NULL; /* do not free - sdn owns it now */ /* target spec is used to decide which plugins are applicable for the operation */ operation_set_target_spec (pb->pb_op, &sdn); @@ -181,5 +184,6 @@ if (be) slapi_be_Unlock(be); slapi_sdn_done(&sdn); + slapi_ch_free_string(&dn); ava_done( &ava ); } Index: delete.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/delete.c,v retrieving revision 1.4 retrieving revision 1.5 diff -u -r1.4 -r1.5 --- delete.c 19 Apr 2005 22:07:36 -0000 1.4 +++ delete.c 23 Feb 2006 20:45:16 -0000 1.5 @@ -66,7 +66,7 @@ { Slapi_Operation *operation; BerElement *ber; - char *dn; + char *dn = NULL; int err; LDAPDebug( LDAP_DEBUG_TRACE, "do_delete\n", 0, 0, 0 ); @@ -89,7 +89,7 @@ op_shared_log_error_access (pb, "DEL", "???", "decoding error"); send_ldap_result( pb, LDAP_PROTOCOL_ERROR, NULL, NULL, 0, NULL ); - return; + goto free_and_return; } /* Index: filter.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/filter.c,v retrieving revision 1.5 retrieving revision 1.6 diff -u -r1.5 -r1.6 --- filter.c 19 Apr 2005 22:07:36 -0000 1.5 +++ filter.c 23 Feb 2006 20:45:16 -0000 1.6 @@ -175,7 +175,7 @@ unsigned long len; int err; struct slapi_filter *f; - char *ftmp, *type; + char *ftmp, *type = NULL; LDAPDebug( LDAP_DEBUG_FILTER, "=> get_filter_internal\n", 0, 0, 0 ); @@ -293,6 +293,7 @@ case LDAP_FILTER_PRESENT: LDAPDebug( LDAP_DEBUG_FILTER, "PRESENT\n", 0, 0, 0 ); if ( ber_scanf( ber, "a", &type ) == LBER_ERROR ) { + slapi_ch_free_string(&type); err = LDAP_PROTOCOL_ERROR; } else { err = LDAP_SUCCESS; @@ -440,12 +441,13 @@ ) { unsigned long tag, len, rc; - char *val, *last, *type; + char *val, *last, *type = NULL; char ebuf[BUFSIZ]; LDAPDebug( LDAP_DEBUG_FILTER, "=> get_substring_filter\n", 0, 0, 0 ); if ( ber_scanf( ber, "{a", &type ) == LBER_ERROR ) { + slapi_ch_free_string(&type); return( LDAP_PROTOCOL_ERROR ); } f->f_sub_type = slapi_attr_syntax_normalize( type ); @@ -460,8 +462,10 @@ tag != LBER_ERROR && tag != LBER_END_OF_SEQORSET; tag = ber_next_element( ber, &len, last ) ) { + val = NULL; rc = ber_scanf( ber, "a", &val ); if ( rc == LBER_ERROR ) { + slapi_ch_free_string(&val); return( LDAP_PROTOCOL_ERROR ); } if ( val == NULL || *val == '\0' ) { @@ -573,8 +577,9 @@ } } { - char* type; + char* type = NULL; if (ber_scanf( ber, "a", &type ) == LBER_ERROR) { + slapi_ch_free_string (&type); rc = LDAP_PROTOCOL_ERROR; } else { mrf->mrf_type = slapi_attr_syntax_normalize(type); Index: modify.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/modify.c,v retrieving revision 1.8 retrieving revision 1.9 diff -u -r1.8 -r1.9 --- modify.c 25 Jan 2006 16:51:39 -0000 1.8 +++ modify.c 23 Feb 2006 20:45:16 -0000 1.9 @@ -114,7 +114,7 @@ { Slapi_Operation *operation; BerElement *ber; - char *last, *type; + char *last, *type = NULL; unsigned long tag, len; LDAPMod *mod; LDAPMod **mods; @@ -124,7 +124,7 @@ int ignored_some_mods = 0; int has_password_mod = 0; /* number of password mods */ char *old_pw = NULL; /* remember the old password */ - char *dn; + char *dn = NULL; LDAPDebug( LDAP_DEBUG_TRACE, "do_modify\n", 0, 0, 0 ); @@ -161,6 +161,7 @@ op_shared_log_error_access (pb, "MOD", "???", "decoding error"); send_ldap_result( pb, LDAP_PROTOCOL_ERROR, NULL, NULL, 0, NULL ); + slapi_ch_free_string(&dn); return; } } @@ -186,7 +187,9 @@ op_shared_log_error_access (pb, "MOD", dn, "decoding error"); send_ldap_result( pb, LDAP_PROTOCOL_ERROR, NULL, "decoding error", 0, NULL ); + ber_bvecfree(mod->mod_bvalues); slapi_ch_free((void **)&mod); + slapi_ch_free_string(&type); goto free_and_return; } mod->mod_op = long_mod_op; Index: modrdn.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/modrdn.c,v retrieving revision 1.4 retrieving revision 1.5 diff -u -r1.4 -r1.5 --- modrdn.c 19 Apr 2005 22:07:36 -0000 1.4 +++ modrdn.c 23 Feb 2006 20:45:16 -0000 1.5 @@ -66,10 +66,10 @@ { Slapi_Operation *operation; BerElement *ber; - char *dn, *newsuperior = NULL; + char *dn = NULL, *newsuperior = NULL; char *newrdn = NULL; - int err, deloldrdn; - unsigned long len; + int err = 0, deloldrdn = 0; + unsigned long len = 0; LDAPDebug( LDAP_DEBUG_TRACE, "do_modrdn\n", 0, 0, 0 ); @@ -99,7 +99,7 @@ send_ldap_result( pb, LDAP_PROTOCOL_ERROR, NULL, "unable to decode DN, newRDN, or deleteOldRDN parameters", 0, NULL ); - return; + goto free_and_return; } if ( ber_peek_tag( ber, &len ) == LDAP_TAG_NEWSUPERIOR ) {

18 years, 1 month

1
0
0 / 0

[Fedora-directory-commits] ldapserver/ldap/servers/plugins/replication repl5_total.c, 1.5, 1.6 repl_controls.c, 1.5, 1.6 repl_extop.c, 1.7, 1.8

by Doctor Conrad

Author: rmeggins Update of /cvs/dirsec/ldapserver/ldap/servers/plugins/replication In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv4860/ldapserver/ldap/servers/plugins/replication Modified Files: repl5_total.c repl_controls.c repl_extop.c Log Message: Bug(s) fixed: 179135 Bug Description: memory leaks using ber_scanf when handling bad BER packets Reviewed by: All (Thanks!) Files: https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=123783 Branch: HEAD Fix Description: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=179135#c0 I basically did a search through our code for all calls to ber_scanf, ber_get_stringa, and ber_get_stringal and made sure we properly free any arguments that may have been allocated. There was a bug in the ldapsdk https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=179135 that causes us to free uninitialized memory when trying to clean up the result of ber_get_stringal (or ber_scanf with 'V'). I had to initialize some variables to NULL so that we could properly clean them up, and added some additional clean ups that were missing. Also, in repl_extop.c, we were calling free on an array that we should have been calling ch_array_free on. Yet another lesson in the evils of slapi_ch_free and disabling compiler type checks in general. Platforms tested: Fedora Core 4 Flag Day: no Doc impact: no Index: repl5_total.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/plugins/replication/repl5_total.c,v retrieving revision 1.5 retrieving revision 1.6 diff -u -r1.5 -r1.6 --- repl5_total.c 19 Apr 2005 22:07:32 -0000 1.5 +++ repl5_total.c 23 Feb 2006 20:45:09 -0000 1.6 @@ -585,7 +585,7 @@ char *lasti; unsigned long len; unsigned long tag; - char *str; + char *str = NULL; int rc; Slapi_Value *value; @@ -685,6 +685,9 @@ if (value) slapi_value_free (&value); + slapi_ch_free_string(&attrtype); + slapi_ch_free_string(&str); + return -1; } Index: repl_controls.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/plugins/replication/repl_controls.c,v retrieving revision 1.5 retrieving revision 1.6 diff -u -r1.5 -r1.6 --- repl_controls.c 19 Apr 2005 22:07:32 -0000 1.5 +++ repl_controls.c 23 Feb 2006 20:45:10 -0000 1.6 @@ -349,15 +349,15 @@ emtag != LBER_ERROR && emtag != LBER_END_OF_SEQORSET; emtag = ber_next_element( ember, &emlen, emlast )) { - struct berval **embvals; - if ( ber_scanf( ember, "{i{a[V]}}", &op, &type, &embvals ) == LBER_ERROR ) + struct berval **embvals = NULL; + type = NULL; + if ( ber_scanf( ember, "{i{a[V]}}", &op, &type, &embvals ) != LBER_ERROR ) { - continue; + slapi_mods_add_modbvps( smods, op, type, embvals); /* GGOODREPL I suspect this will cause two sets of lastmods attr values to end up in the entry. We need to remove the old ones. */ } - slapi_mods_add_modbvps( smods, op, type, embvals); free( type ); ber_bvecfree( embvals ); } Index: repl_extop.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/plugins/replication/repl_extop.c,v retrieving revision 1.7 retrieving revision 1.8 diff -u -r1.7 -r1.8 --- repl_extop.c 19 Apr 2005 22:07:32 -0000 1.7 +++ repl_extop.c 23 Feb 2006 20:45:10 -0000 1.8 @@ -384,7 +384,8 @@ /* slapi_ch_free accepts NULL pointer */ slapi_ch_free ((void**)protocol_oid); slapi_ch_free ((void**)repl_root); - slapi_ch_free ((void **)extra_referrals); + slapi_ch_array_free (*extra_referrals); + *extra_referrals = NULL; slapi_ch_free ((void**)csnstr); if (*supplier_ruv)

18 years, 1 month

1
0
0 / 0

[Fedora-directory-commits] ldapserver/ldap/cm/newinst sec_tools_wrapper, NONE, 1.1 Makefile, 1.9, 1.10 ns-update, 1.10, 1.11 setup, 1.14, 1.15

by Doctor Conrad

Author: rmeggins Update of /cvs/dirsec/ldapserver/ldap/cm/newinst In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv2205/ldapserver/ldap/cm/newinst Modified Files: Makefile ns-update setup Added Files: sec_tools_wrapper Log Message: Bug(s) fixed: 182613 Bug Description: Upgrade wipes out sectool wrappers Reviewed by: Pete and Nathan (Thanks!) Fix Description: It's better if we just package those wrappers instead of creating them on the fly. The new file sec_tools_wrappers is a simple shell script that assumes it's being run out of a parent/bin directory which contains a program called $0-bin, and the shared libs it needs are in parent/lib. This shell script is copied to shared/bin/certutil, shared/bin/modutil, etc. I had to create another makefile packaging macro to handle the case where you want to package a file under a different name than the original. Also 1) Add Red Hat and Fedora DS to upgradeServer 2) adminutil property directory is now adminutil-properties instead of property 3) General clean up of some upgrade install things Platforms tested: Fedora Core 4 Flag Day: no Doc impact: no --- NEW FILE sec_tools_wrapper --- #!/bin/sh # # BEGIN COPYRIGHT BLOCK # This Program is free software; you can redistribute it and/or modify it under # the terms of the GNU General Public License as published by the Free Software # Foundation; version 2 of the License. # # This Program is distributed in the hope that it will be useful, but WITHOUT # ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS # FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. # # You should have received a copy of the GNU General Public License along with # this Program; if not, write to the Free Software Foundation, Inc., 59 Temple # Place, Suite 330, Boston, MA 02111-1307 USA. # # In addition, as a special exception, Red Hat, Inc. gives You the additional # right to link the code of this Program with code not covered under the GNU # General Public License ("Non-GPL Code") and to distribute linked combinations # including the two, subject to the limitations in this paragraph. Non-GPL Code # permitted under this exception must only link to the code of this Program # through those well defined interfaces identified in the file named EXCEPTION # found in the source code files (the "Approved Interfaces"). The files of # Non-GPL Code may instantiate templates or use macros or inline functions from # the Approved Interfaces without causing the resulting work to be covered by # the GNU General Public License. Only Red Hat, Inc. may make changes or # additions to the list of Approved Interfaces. You must obey the GNU General # Public License in all respects for all of the Program code and other code used # in conjunction with the Program except the Non-GPL Code covered by this # exception. If you modify this file, you may extend this exception to your # version of the file, but you are not obligated to do so. If you do not wish to # provide this exception without modification, you must delete this exception # statement from your version and license this file solely under the GPL without # exception. # # Copyright (C) 2006 Red Hat, Inc. # All rights reserved. # END COPYRIGHT BLOCK # # This file is the wrapper around the security tools. It just sets the # runtime library lookup path and invokes the actual binary with the given # arguments. This file is copied to the actual name of the command e.g. # we get the binary certutil program from the NSS package. When we package # it, we rename it to certutil-bin e.g. cp $(NSS)/certutil shared/bin/certutil-bin # This file is copied to certutil e.g. cp sec_tools_wrapper shared/bin/certutil # figure out where the libdir is based on the location of this shell script savedir=`pwd` bindir=`dirname $0` if test -n "$bindir" ; then cd $bindir/../lib else # could be running as e.g. ./certutil or certutil if current dir is in PATH cd ../lib fi # assume the libdir is ../lib from the bindir e.g. sroot/shared/bin and sroot/shared/lib libdir=`pwd` cd $savedir # cover our bases on ld libpaths SHLIB_PATH=$libdir LIBPATH=$libdir LD_LIBRARY_PATH=$libdir DYLD_PATH=$libdir export SHLIB_PATH LIBPATH LD_LIBRARY_PATH DYLD_PATH $0-bin ${1+"$@"} Index: Makefile =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/cm/newinst/Makefile,v retrieving revision 1.9 retrieving revision 1.10 diff -u -r1.9 -r1.10 --- Makefile 15 Feb 2006 22:54:02 -0000 1.9 +++ Makefile 23 Feb 2006 19:30:41 -0000 1.10 @@ -95,10 +95,13 @@ # Source for staged installation utilities INCDIR=$(SETUPUTIL_INCLUDE) -I$(LDAP_SRC)/admin/include -I$(LDAP_SRC)/admin/lib -I$(LDAP_SRC)/admin/src +# we wrap the security tools with a shell script wrapper for their ld libpath +PACKAGE_SEC_T0OLS = $(addprefix $(RELDIR)/shared/bin/,$(SECURITY_TOOLS)) + # ADM_VERSDIR = admserv40 # ADM_RELDATE = 19980112 -all: $(OBJDEST) $(BINDEST) $(SETUPUTIL_DEP) $(LDAPSDK_DEP) $(SECURITY_DEP) $(NSPR_DEP) $(OSOBJS) $(OBJS1) $(OBJS2) $(BINS) $(INFO) $(BINDEST)/ns-update $(BINDEST)/uninstall +all: $(OBJDEST) $(BINDEST) $(SETUPUTIL_DEP) $(LDAPSDK_DEP) $(SECURITY_DEP) $(NSPR_DEP) $(OSOBJS) $(OBJS1) $(OBJS2) $(BINS) $(INFO) $(BINDEST)/ns-update $(BINDEST)/uninstall $(PACKAGE_SEC_T0OLS) # removed ns-keygen from build - it was only used for Dir Lite # $(BINDEST)/ns-keygen ifeq ($(ARCH), BSDI) @@ -170,6 +173,11 @@ -o $(BINDEST)/ns-config $(RPATHFLAG_PREFIX)$(RPATHFLAG)$(RPATHFLAG_EXTRAS) $(OBJS1) $(OBJS2) $(SETUPUTILLINK) $(LDAPLINK) $(SECURITYLINK) $(NSPRLINK) \ $(EXTRA_LIBS) $(CURSES) +$(RELDIR)/shared/bin/%: sec_tools_wrapper $(RELDIR)/shared/bin + -@$(RM) $@ + $(CP) $< $@ + chmod +x $@ + ifeq ($(ARCH), WINNT) $(INFO): $(PERL) fixINF.pl $(BUILD_MODULE) $(NOSP_DIR_VERSION) $(BUILD_ROOT)/$(BUILD_ARCH)/buildnum.dat slapd.inf $(SECURITY) $(PRODUCT) $(IS_DIR_LITE) $(INSTANCE_NAME_PREFIX) $@.inf $(BUILD_BOMB) "bin/admin/ns-admin,bin/admin/ns-admin.so" Index: ns-update =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/cm/newinst/ns-update,v retrieving revision 1.10 retrieving revision 1.11 diff -u -r1.10 -r1.11 --- ns-update 7 Dec 2005 21:29:14 -0000 1.10 +++ ns-update 23 Feb 2006 19:30:41 -0000 1.11 @@ -60,48 +60,6 @@ cd $cwd } -wrap_security_tools() -{ - cwd=`pwd` - SECURITY_BINNAMES="certutil derdump modutil pk12util pp ssltap shlibsign" - arch=`uname` - if [ $arch = HP-UX ]; then - env_ld_library_path=SHLIB_PATH - elif [ $arch = AIX ]; then - env_ld_library_path=LIBPATH - else - env_ld_library_path=LD_LIBRARY_PATH - fi - cd $sroot/shared/bin - for file in $SECURITY_BINNAMES - do - if [ -f $file -a ! -f $file-bin ]; then - mv $file $file-bin - echo "#!/bin/sh" > $file - echo $env_ld_library_path=$sroot/shared/lib >> $file - echo "export $env_ld_library_path" >> $file - echo "$sroot/shared/bin/$file-bin " '${1+"$@"}' >> $file - chmod 755 $file - fi - done - - if [ -d $sroot/shared32/bin ] ; then - cd $sroot/shared32/bin - for file in modutil - do - if [ -f $file -a ! -f $file-bin ]; then - mv $file $file-bin - echo "#!/bin/sh" > $file - echo $env_ld_library_path=$sroot/shared32/lib >> $file - echo "export $env_ld_library_path" >> $file - echo "$sroot/shared32/bin/$file-bin " '${1+"$@"}' >> $file - chmod 755 $file - fi - done - fi - cd $cwd -} - # if the -r flag is present, this means we're doing a # reinstall or an upgrade, so restart the servers for arg in $* ; do @@ -161,8 +119,6 @@ $PERL $sroot/bin/slapd/admin/bin/upgradeServer $sroot fi -wrap_security_tools $sroot - cd `dirname $0` # we need to make sure the alias directory is owned by the server user/group @@ -196,10 +152,6 @@ ./ds_create $* $extraflags rc=$? -if [ -f fix_secmod_db_64 ]; then - ./fix_secmod_db_64 $sroot/alias $sroot/shared32/bin -fi - # chown the cookie directory - bug 175098 if [ "$ssuser" ] ; then if [ "$ssgrp" ] ; then Index: setup =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/cm/newinst/setup,v retrieving revision 1.14 retrieving revision 1.15 diff -u -r1.14 -r1.15 --- setup 17 Nov 2005 17:38:25 -0000 1.14 +++ setup 23 Feb 2006 19:30:41 -0000 1.15 @@ -289,8 +289,12 @@ if [ -d $sroot/admin-serv/config ]; then adminSSLOff $sroot/admin-serv/config/adm.conf security: assecure.txt adminSSLOff $sroot/admin-serv/config/local.conf configuration.nsServerSecurity: assecure.txt - adminSSLOff $sroot/admin-serv/config/magnus.conf Security assecure.txt - adminXmlSSLOff $sroot/admin-serv/config/server.xml security assecure.txt + if [ -f $sroot/admin-serv/config/magnus.conf ] ; then + adminSSLOff $sroot/admin-serv/config/magnus.conf Security assecure.txt + fi + if [ -f $sroot/admin-serv/config/server.xml ] ; then + adminXmlSSLOff $sroot/admin-serv/config/server.xml security assecure.txt + fi if [ $isadminsslon -ne 0 ]; then $sroot/start-admin

18 years, 1 month

1
0
0 / 0

[Fedora-directory-commits] ldapserver/ldap/cm Makefile,1.51,1.52

by Doctor Conrad

Author: rmeggins Update of /cvs/dirsec/ldapserver/ldap/cm In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv2205/ldapserver/ldap/cm Modified Files: Makefile Log Message: Bug(s) fixed: 182613 Bug Description: Upgrade wipes out sectool wrappers Reviewed by: Pete and Nathan (Thanks!) Fix Description: It's better if we just package those wrappers instead of creating them on the fly. The new file sec_tools_wrappers is a simple shell script that assumes it's being run out of a parent/bin directory which contains a program called $0-bin, and the shared libs it needs are in parent/lib. This shell script is copied to shared/bin/certutil, shared/bin/modutil, etc. I had to create another makefile packaging macro to handle the case where you want to package a file under a different name than the original. Also 1) Add Red Hat and Fedora DS to upgradeServer 2) adminutil property directory is now adminutil-properties instead of property 3) General clean up of some upgrade install things Platforms tested: Fedora Core 4 Flag Day: no Doc impact: no Index: Makefile =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/cm/Makefile,v retrieving revision 1.51 retrieving revision 1.52 diff -u -r1.51 -r1.52 --- Makefile 23 Feb 2006 01:20:06 -0000 1.51 +++ Makefile 23 Feb 2006 19:30:35 -0000 1.52 @@ -346,6 +346,20 @@ fi ; \ done +# PACKAGE_SRC_DESTFILE is defined in components.mk - these are component files and directories to install +# with the other component files that we don't necessarily pick up from the admin server build +# these can go in any directory - this differs from PACKAGE_SRC_DEST above in that in this case, the +# destination is a _file_, not a directory, and src must be a filename, not a directory + for destfile in $(PACKAGE_SRC_DESTFILE) ; \ + do if [ "$$src" ] ; \ + then destdir=`dirname $$destfile` ; \ + if [ ! -d $(RELDIR)/$$destdir ] ; then mkdir -p $(RELDIR)/$$destdir ; fi ; \ + $(CP) $$src $(RELDIR)/$$destfile ; \ + src= ; \ + else src=$$destfile ; \ + fi ; \ + done + # install the DSMLGW into the client directory # the following DSML files must be packaged separately: # web-app_2_3.dtd, activation.jar, saaj.jar - due to Sun license

18 years, 1 month

1
0
0 / 0

[Fedora-directory-commits] ldapserver/ldap/admin/src upgradeServer, 1.7, 1.8

by Doctor Conrad

Author: rmeggins Update of /cvs/dirsec/ldapserver/ldap/admin/src In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv2205/ldapserver/ldap/admin/src Modified Files: upgradeServer Log Message: Bug(s) fixed: 182613 Bug Description: Upgrade wipes out sectool wrappers Reviewed by: Pete and Nathan (Thanks!) Fix Description: It's better if we just package those wrappers instead of creating them on the fly. The new file sec_tools_wrappers is a simple shell script that assumes it's being run out of a parent/bin directory which contains a program called $0-bin, and the shared libs it needs are in parent/lib. This shell script is copied to shared/bin/certutil, shared/bin/modutil, etc. I had to create another makefile packaging macro to handle the case where you want to package a file under a different name than the original. Also 1) Add Red Hat and Fedora DS to upgradeServer 2) adminutil property directory is now adminutil-properties instead of property 3) General clean up of some upgrade install things Platforms tested: Fedora Core 4 Flag Day: no Doc impact: no Index: upgradeServer =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/admin/src/upgradeServer,v retrieving revision 1.7 retrieving revision 1.8 diff -u -r1.7 -r1.8 --- upgradeServer 21 Oct 2005 19:21:10 -0000 1.7 +++ upgradeServer 23 Feb 2006 19:30:30 -0000 1.8 @@ -326,7 +326,29 @@ sleep(1); # allow some data to accumulate in the pipe # print "Output from $prog -v:\n"; while (<F>) { - if (/^Netscape-Directory\/(\d+)\.(\d+)(?:\.(\d+))?(?:b\d)*\s+(\S+)/) { + if (/^Red Hat-Directory\/(\d+)\.(\d+)(?:\.(\d+))?(?:b\d)*\s+(\S+)/) { + $version = $1; + $minor = $2; + if ($4) { + $subminor = $3; + $buildNumber = $4; + } else { + $buildNumber = $3; + } + last; + } + elsif (/^Fedora-Directory\/(\d+)\.(\d+)(?:\.(\d+))?(?:b\d)*\s+(\S+)/) { + $version = $1; + $minor = $2; + if ($4) { + $subminor = $3; + $buildNumber = $4; + } else { + $buildNumber = $3; + } + last; + } + elsif (/^Netscape-Directory\/(\d+)\.(\d+)(?:\.(\d+))?(?:b\d)*\s+(\S+)/) { $version = $1; $minor = $2; if ($4) { @@ -414,7 +436,6 @@ "$sroot/bin/slapd/admin/scripts/template-migrate5to7", "$sroot/bin/slapd/admin/scripts/template-migrate6to7", "$sroot/bin/slapd/admin/scripts/template-migrateInstance7", - "$sroot/bin/slapd/admin/scripts/template-migrateTo4", "$sroot/bin/slapd/admin/scripts/template-migrateTo7", "$sroot/bin/slapd/admin/scripts/template-repl-monitor-cgi.pl", );

18 years, 1 month

1
0
0 / 0

[Fedora-directory-commits] ldapserver components.mk, 1.40, 1.41 ldapserver.spec.tmpl, 1.24, 1.25

by Doctor Conrad

Author: rmeggins Update of /cvs/dirsec/ldapserver In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv2205/ldapserver Modified Files: components.mk ldapserver.spec.tmpl Log Message: Bug(s) fixed: 182613 Bug Description: Upgrade wipes out sectool wrappers Reviewed by: Pete and Nathan (Thanks!) Fix Description: It's better if we just package those wrappers instead of creating them on the fly. The new file sec_tools_wrappers is a simple shell script that assumes it's being run out of a parent/bin directory which contains a program called $0-bin, and the shared libs it needs are in parent/lib. This shell script is copied to shared/bin/certutil, shared/bin/modutil, etc. I had to create another makefile packaging macro to handle the case where you want to package a file under a different name than the original. Also 1) Add Red Hat and Fedora DS to upgradeServer 2) adminutil property directory is now adminutil-properties instead of property 3) General clean up of some upgrade install things Platforms tested: Fedora Core 4 Flag Day: no Doc impact: no Index: components.mk =================================================================== RCS file: /cvs/dirsec/ldapserver/components.mk,v retrieving revision 1.40 retrieving revision 1.41 diff -u -r1.40 -r1.41 --- components.mk 14 Feb 2006 04:26:54 -0000 1.40 +++ components.mk 23 Feb 2006 19:30:23 -0000 1.41 @@ -112,6 +112,14 @@ # separate the src from the dest with a single space PACKAGE_SRC_DEST = +# this macro contains a list of pairs of source and dest files, not directories +# the source is where to find the item in the build tree, and the dest is +# the place in the release to put the item, relative to the server root e.g. +# nls locale files are in libnls31/locale, but for packaging they need to +# go into lib/nls, not just lib; the destination should be a file name; +# separate the src from the dest with a single space +PACKAGE_SRC_DESTFILE = + # these defs are useful for doing pattern search/replace COMMA := , NULLSTRING := @@ -264,8 +272,10 @@ # we need to package the root cert file in the alias directory PACKAGE_SRC_DEST += $(SECURITY_LIBPATH)/$(LIB_PREFIX)nssckbi.$(DLL_SUFFIX) alias -# need to package the sec tools in shared/bin -BINS_TO_PKG_SHARED += $(SECURITY_TOOLS_FULLPATH) +# the security tools are wrapped with shell scripts so that the correct ld libpath can be set +# so, when we package them, we rename them with a -bin extension e.g. certutil -> shared/bin/certutil-bin +# the actual certutil will be an executable shell script that points to certutil-bin +PACKAGE_SRC_DESTFILE += $(foreach prog,$(SECURITY_TOOLS),$(SECURITY_BINPATH)/$(prog)$(SPACE)shared/bin/$(prog)-bin) ### SECURITY END ############################# @@ -531,7 +541,7 @@ ADMINUTIL_INCPATH = $(ADMINUTIL_BUILD_DIR)/include/adminutil-$(ADMINUTIL_DOT_VER) endif -PACKAGE_SRC_DEST += $(ADMINUTIL_LIBPATH)/property bin/slapd/lib +PACKAGE_SRC_DEST += $(ADMINUTIL_LIBPATH)/adminutil-properties bin/slapd/lib LIBS_TO_PKG += $(wildcard $(ADMINUTIL_LIBPATH)/*.$(DLL_SUFFIX)) LIBS_TO_PKG_CLIENTS += $(wildcard $(ADMINUTIL_LIBPATH)/*.$(DLL_SUFFIX)) Index: ldapserver.spec.tmpl =================================================================== RCS file: /cvs/dirsec/ldapserver/ldapserver.spec.tmpl,v retrieving revision 1.24 retrieving revision 1.25 diff -u -r1.24 -r1.25 --- ldapserver.spec.tmpl 23 Feb 2006 04:06:17 -0000 1.24 +++ ldapserver.spec.tmpl 23 Feb 2006 19:30:23 -0000 1.25 @@ -156,13 +156,10 @@ chown $usergroup $RPM_INSTALL_PREFIX/alias fi fi - for instance in `ls -d $RPM_INSTALL_PREFIX/slapd-*` - do - cp $RPM_INSTALL_PREFIX/bin/slapd/install/schema/00core.ldif $instance/config/schema - done - echo "Upgrade complete. Please restart slapd then admin." + echo "Upgrade finished. Please run $RPM_INSTALL_PREFIX/setup/setup to complete the upgrade." +else + echo "Install finished. Please run $RPM_INSTALL_PREFIX/setup/setup to complete installation and set up the servers." fi -echo "Install finished. Please run $RPM_INSTALL_PREFIX/setup/setup to set up the servers." %preun # only run uninstall if this is the last version of the package

18 years, 1 month

1
0
0 / 0

[Fedora-directory-commits] setuputil/installer/unix product.cc, 1.3, 1.4

by Doctor Conrad

Author: nkinder Update of /cvs/dirsec/setuputil/installer/unix In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv29367 Modified Files: product.cc Log Message: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=182611 Bug(s) fixed: 182611 Bug Description: When running setup of 64-bit Directory Server on my FC4 x86_64 machine, setup complains that there is not enough available diskspace when I actually have 90+ GB available on the installation partition. Reviewed by: Files: see diffs Branch: HEAD (setuputil) Fix Description: We were using fscanf to read in the total unzipped size of our zip archives incorrectly. It was scanning for a normal int, but storing it in a long. The compiler was not automatically converting types correctly which would cause the required space to be a huge number. The proper thing to do is to have fscanf read in a long. Flag Day: no Doc impact: no QA impact: Should be covered by manual and nightly testing New Tests integrated into TET: none https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=125120 Index: product.cc =================================================================== RCS file: /cvs/dirsec/setuputil/installer/unix/product.cc,v retrieving revision 1.3 retrieving revision 1.4 diff -u -r1.3 -r1.4 --- product.cc 12 Jan 2006 17:26:46 -0000 1.3 +++ product.cc 23 Feb 2006 17:57:02 -0000 1.4 @@ -27,6 +27,25 @@ ** ** HISTORY: ** $Log$ +** Revision 1.4 2006/02/23 17:57:02 nkinder +** https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=182611 +** Bug(s) fixed: 182611 +** Bug Description: When running setup of 64-bit Directory Server on my FC4 x86_64 machine, +** setup complains that there is not enough available diskspace when I actually have 90+ GB +** available on the installation partition. +** Reviewed by: +** Files: see diffs +** Branch: HEAD (setuputil) +** Fix Description: We were using fscanf to read in the total unzipped size of our zip archives +** incorrectly. It was scanning for a normal int, but storing it in a long. The compiler was +** not automatically converting types correctly which would cause the required space to be +** a huge number. The proper thing to do is to have fscanf read in a long. +** Flag Day: no +** Doc impact: no +** QA impact: Should be covered by manual and nightly testing +** New Tests integrated into TET: none +** https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=125120 +** ** Revision 1.3 2006/01/12 17:26:46 nkinder ** 174749 - Uninstall should not follow symlinks ** @@ -1160,7 +1179,7 @@ if (fp = fopen(tmpfilename.data(), "r")) { long size; - if (EOF != fscanf(fp, "%d", &size)) + if (EOF != fscanf(fp, "%ld", &size)) { long newSize = getArchiveSize() + (size / 1024 + 1); setArchiveSize(newSize); @@ -1228,7 +1247,7 @@ if (fp = fopen(tmpfilename.data(), "r")) { long size; - if (EOF != fscanf(fp, "%d", &size)) + if (EOF != fscanf(fp, "%ld", &size)) { long newSize = getArchiveSize() + (size / 1024 + 1); setArchiveSize(newSize);

18 years, 1 month

1
0
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

389-commits February 2006