esc/mac/coolkey_package_data Info.plist,1.1,1.1.2.1
by Jack Magne
Author: jmagne
Update of /cvs/dirsec/esc/mac/coolkey_package_data
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv10728/coolkey_package_data
Modified Files:
Tag: PKI_8_0_RTM_BRANCH
Info.plist
Log Message:
Bug 369031 - ESC incompatible with OS X Leopard.
Index: Info.plist
===================================================================
RCS file: /cvs/dirsec/esc/mac/coolkey_package_data/Info.plist,v
retrieving revision 1.1
retrieving revision 1.1.2.1
diff -u -r1.1 -r1.1.2.1
--- Info.plist 2 Aug 2007 18:22:20 -0000 1.1
+++ Info.plist 16 Mar 2010 23:10:46 -0000 1.1.2.1
@@ -19,7 +19,7 @@
<plist version="1.0">
<dict>
<key>CFBundleGetInfoString</key>
- <string>Smart Card Manager 1.14</string>
+ <string>Smart Card Manager 1.19</string>
<key>CFBundleName</key>
<string>Smart Card Manager</string>
<key>CFBundleIdentifier</key>
14 years, 1 month
esc/mac/misc libtool.coolkey.patch,1.1,1.1.2.1
by Jack Magne
Author: jmagne
Update of /cvs/dirsec/esc/mac/misc
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv10560/misc
Modified Files:
Tag: PKI_8_0_RTM_BRANCH
libtool.coolkey.patch
Log Message:
Bug 369031 - ESC incompatible with OS X Leopard.
libtool.coolkey.patch:
libtool | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
Index: libtool.coolkey.patch
===================================================================
RCS file: /cvs/dirsec/esc/mac/misc/libtool.coolkey.patch,v
retrieving revision 1.1
retrieving revision 1.1.2.1
diff -u -r1.1 -r1.1.2.1
--- libtool.coolkey.patch 2 Aug 2007 18:22:21 -0000 1.1
+++ libtool.coolkey.patch 16 Mar 2010 23:08:38 -0000 1.1.2.1
@@ -5,7 +5,7 @@
# Commands used to build and install a shared archive.
-archive_cmds="\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$libobjs \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring"
-+archive_cmds="\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$libobjs \$deplibs -isysroot /Developer/SDKs/MacOSX10.4u.sdk -arch ppc -arch i386 \$compiler_flags -install_name \$rpath/\$soname \$verstring"
++archive_cmds="\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$libobjs \$deplibs -isysroot /Developer/SDKs/MacOSX10.5.sdk -arch ppc -arch i386 \$compiler_flags -install_name \$rpath/\$soname \$verstring"
archive_expsym_cmds="sed -e \\\"s,#.*,,\\\" -e \\\"s,^[ ]*,,\\\" -e \\\"s,^\\\\(..*\\\\),_&,\\\" < \$export_symbols > \$output_objdir/\${libname}-symbols.expsym~\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$libobjs \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring~nmedit -s \$output_objdir/\${libname}-symbols.expsym \${lib}"
postinstall_cmds=""
postuninstall_cmds=""
@@ -15,15 +15,15 @@
# Commands used to build and install a shared archive.
-archive_cmds="\$CC -dynamiclib -single_module \$allow_undefined_flag -o \$lib \$libobjs \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring"
-archive_expsym_cmds="sed -e \\\"s,#.*,,\\\" -e \\\"s,^[ ]*,,\\\" -e \\\"s,^\\\\(..*\\\\),_&,\\\" < \$export_symbols > \$output_objdir/\${libname}-symbols.expsym~\$CC -dynamiclib -single_module \$allow_undefined_flag -o \$lib \$libobjs \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring~nmedit -s \$output_objdir/\${libname}-symbols.expsym \${lib}"
-+archive_cmds="\$CC -dynamiclib -single_module \$allow_undefined_flag -o \$lib \$libobjs \$deplibs -isysroot /Developer/SDKs/MacOSX10.4u.sdk -arch ppc -arch i386 \$compiler_flags -install_name \$rpath/\$soname \$verstring"
-+archive_expsym_cmds="sed -e \\\"s,#.*,,\\\" -e \\\"s,^[ ]*,,\\\" -e \\\"s,^\\\\(..*\\\\),_&,\\\" < \$export_symbols > \$output_objdir/\${libname}-symbols.expsym~\$CC -dynamiclib -single_module \$allow_undefined_flag -o \$lib \$libobjs \$deplibs -isysroot /Developer/SDKs/MacOSX10.4u.sdk -arch ppc -arch i386 \$compiler_flags -install_name \$rpath/\$soname \$verstring~nmedit -s \$output_objdir/\${libname}-symbols.expsym \${lib}"
++archive_cmds="\$CC -dynamiclib -single_module \$allow_undefined_flag -o \$lib \$libobjs \$deplibs -isysroot /Developer/SDKs/MacOSX10.5.sdk -arch ppc -arch i386 \$compiler_flags -install_name \$rpath/\$soname \$verstring"
++archive_expsym_cmds="sed -e \\\"s,#.*,,\\\" -e \\\"s,^[ ]*,,\\\" -e \\\"s,^\\\\(..*\\\\),_&,\\\" < \$export_symbols > \$output_objdir/\${libname}-symbols.expsym~\$CC -dynamiclib -single_module \$allow_undefined_flag -o \$lib \$libobjs \$deplibs -isysroot /Developer/SDKs/MacOSX10.5.sdk -arch ppc -arch i386 \$compiler_flags -install_name \$rpath/\$soname \$verstring~nmedit -s \$output_objdir/\${libname}-symbols.expsym \${lib}"
postinstall_cmds=""
postuninstall_cmds=""
# Commands used to build a loadable module (assumed same as above if empty)
module_cmds="\$CC \$allow_undefined_flag -o \$lib -bundle \$libobjs \$deplibs\$compiler_flags"
-module_expsym_cmds="sed -e \\\"s,#.*,,\\\" -e \\\"s,^[ ]*,,\\\" -e \\\"s,^\\\\(..*\\\\),_&,\\\" < \$export_symbols > \$output_objdir/\${libname}-symbols.expsym~\$CC \$allow_undefined_flag -o \$lib -bundle \$libobjs \$deplibs\$compiler_flags~nmedit -s \$output_objdir/\${libname}-symbols.expsym \${lib}"
-+module_expsym_cmds="sed -e \\\"s,#.*,,\\\" -e \\\"s,^[ ]*,,\\\" -e \\\"s,^\\\\(..*\\\\),_&,\\\" < \$export_symbols > \$output_objdir/\${libname}-symbols.expsym~\$CC \$allow_undefined_flag -o \$lib -bundle \$libobjs \$deplibs -isysroot /Developer/SDKs/MacOSX10.4u.sdk -arch ppc -arch i386 \$compiler_flags~nmedit -s \$output_objdir/\${libname}-symbols.expsym \${lib}"
++module_expsym_cmds="sed -e \\\"s,#.*,,\\\" -e \\\"s,^[ ]*,,\\\" -e \\\"s,^\\\\(..*\\\\),_&,\\\" < \$export_symbols > \$output_objdir/\${libname}-symbols.expsym~\$CC \$allow_undefined_flag -o \$lib -bundle \$libobjs \$deplibs -isysroot /Developer/SDKs/MacOSX10.5.sdk -arch ppc -arch i386 \$compiler_flags~nmedit -s \$output_objdir/\${libname}-symbols.expsym \${lib}"
# Commands to strip libraries.
old_striplib=""
14 years, 1 month
esc/mac mac-build.sh,1.4,1.4.2.1
by Jack Magne
Author: jmagne
Update of /cvs/dirsec/esc/mac
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv10560
Modified Files:
Tag: PKI_8_0_RTM_BRANCH
mac-build.sh
Log Message:
Bug 369031 - ESC incompatible with OS X Leopard.
Index: mac-build.sh
===================================================================
RCS file: /cvs/dirsec/esc/mac/mac-build.sh,v
retrieving revision 1.4
retrieving revision 1.4.2.1
diff -u -r1.4 -r1.4.2.1
--- mac-build.sh 6 Mar 2008 00:09:43 -0000 1.4
+++ mac-build.sh 16 Mar 2010 23:08:37 -0000 1.4.2.1
@@ -28,41 +28,38 @@
#Environment variables
# TOKEND_PATH_NAME - Path of where to obtain the TokenD bundle ex: /usr/local/tokend/COOLKEY.zip
-printf "\n \n"
-echo "Building ESC... for Mac.... "
-printf "\n"
+#GECKO_SDK_PATH - Path to the Universal Binary Xulrunner SDK
-OSX_RPM_PATH=/usr/local/bin
+if [ ! $XUL_FRAMEWORK_PATH ];
+then
+ XUL_FRAMEWORK_PATH=~/XUL.framework
+fi
-LIB_USB_URL_BASE=http://downloads.sourceforge.net/libusb
-LIB_USB_NAME=libusb-0.1.12
-LIB_USB_URL=$LIB_USB_URL_BASE/$LIB_USB_NAME
+TOKEND_PATH_NAME=/Users/slowjack/COOLKEY.zip
-IFD_EGATE_URL_BASE=ftp://download.fedora.redhat.com/pub/fedora/linux/core/6/source/SRPMS
-IFD_EGATE_NAME=ifd-egate-0.05
-IFD_EGATE_REL=15
+printf "\n \n"
+echo "Building ESC... for Mac.... "
+printf "\n"
-COOLKEY_PKG_NAME=SmartCardManager1.16.pkg
+COOLKEY_PKG_NAME=SmartCardManager1.19.pkg
COOLKEY_VOL_NAME=SMARTCARDMANAGER
-COOLKEY_TAG=HEAD
-
+COOLKEY_TAG=PKI_8_0_RTM_BRANCH
+ESC_TAG=PKI_8_0_RTM_BRANCH
-ESC_VERSION=1.0.1-6
+ESC_VERSION=1.1.0-11
-COOLKEY_DMG_NAME=SmartCardManager-$ESC_VERSION.OSX4.darwin.dmg
+COOLKEY_DMG_NAME=SmartCardManager-$ESC_VERSION.OSX5.darwin.dmg
-ENABLE_PK11INSTALL=
+ENABLE_PK11INSTALL=--enable-pk11install
#replacement libtool files
-LIBTOOL_USB_PATCH=../misc/libtool.usb.patch
LIBTOOL_COOLKEY=
#Various CVS repositories
FEDORA_CVS_ROOT=:pserver:anonymous@cvs.fedora.redhat.com/cvs/dirsec
MOZ_CVS_ROOT=:pserver:anonymous@cvs-mirror.mozilla.org:/cvsroot
-MOZ_XULRUNNER_BRANCH=MOZILLA_1_8_0_7_RELEASE
# Various path constants
@@ -70,8 +67,7 @@
PK11INSTALL_PATH=/Applications/Utilities/PK11Install
TOKEND_DEST_PATH=/System/Library/Security/tokend
-#TOKEND_PATH_NAME=/share/builds/components/tokend/20070111/COOLKEY.zip
-TOKEND_DEST_NAME=A_COOLKEY.tokend
+TOKEND_DEST_NAME=COOLKEY.tokend
BASE_DIR=${PWD}
@@ -79,7 +75,7 @@
#Where to grab a few universal NSS dylib's for pk11install
-PK11INSTALL_LIB_PATH=$BASE_DIR/esc/dist/Darwin6.8_OPT.OBJ/xulrunner_build/i386/dist/universal/xulrunner/XUL.framework/Versions/Current
+PK11INSTALL_LIB_PATH=$GECKO_SDK_PATH/bin
function cleanup {
@@ -91,108 +87,11 @@
rm -f *.gz
- rm -f COOLKEY.zip
-
-}
-
-function buildUSB {
-
- if [ $NUM_ARGS -ne 0 ] && [ $THE_ARG != -doUsb ];
- then
- echo "Do not build Usb"
- return 0
- fi
-
- cd $BASE_DIR
-
- echo "Build Lib USB... "
- printf "\n"
-
- curl --verbose -O -L $LIB_USB_URL_BASE/$LIB_USB_NAME.tar.gz
-
- if [ $? != 0 ];
- then
- echo "Can't obtain tarball for Lib USB."
- return 1
- fi
-
-
- tar -xzvf $LIB_USB_NAME.tar.gz
-
- if [ $? != 0 ];
- then
- echo "Can't unpack Lib USB tarball."
- return 1
- fi
+ rm -rf $COOLKEY_PKG_NAME
- cd $LIB_USB_NAME
-
- ./configure --disable-dependency-tracking --prefix=$COOLKEY_PATH CFLAGS="-isysroot /Developer/SDKs/MacOSX10.4u.sdk -arch i386 -arch ppc" CXXFLAGS="-isysroot /Developer/SDKs/MacOSX10.4u.sdk -arch i386 -arch ppc" LDFLAGS="-arch ppc -arch i386"
-
- if [ $? != 0 ];
- then
- echo "Can't configure Lib USB."
- return 1
- fi
-
- cp $LIBTOOL_USB_PATCH .
- patch -p0 -N < libtool.usb.patch
-
- make
-
- if [ $? != 0 ];
- then
- echo "Can't make Lib USB."
- return 1
- fi
-
-
- make DESTDIR=${PWD}/../staging install
-
- return 0
-}
-
-function buildEGATE {
-
- if [ $NUM_ARGS -ne 0 ] && [ $THE_ARG != -doEgate ];
- then
- echo "Do not build Egate"
- return 0
- fi
-
- echo "Build IFD-EGATE ... "
-
- printf "\n"
-
- cd $BASE_DIR
-
- curl --verbose -O $IFD_EGATE_URL_BASE/$IFD_EGATE_NAME-$IFD_EGATE_REL.src.rpm
-
- if [ $? != 0 ];
- then
- echo "Can't obtain RPM for Egate."
- return 1
- fi
-
-
- $OSX_RPM_PATH/rpm -ihv --define="_topdir ${PWD}" $IFD_EGATE_NAME-$IFD_EGATE_REL.src.rpm
-
- $OSX_RPM_PATH/rpmbuild --nodeps -bp --define="_topdir ${PWD}" SPECS/ifd-egate.spec
-
- cd BUILD/$IFD_EGATE_NAME
-
- make PCSC_CFLAGS=-I/System/Library/Frameworks/PCSC.framework/Versions/Current/Headers USB_CFLAGS="-I../../staging/usr/local/CoolKey/include -isysroot /Developer/SDKs/MacOSX10.4u.sdk -arch ppc -arch i386" USB_LDFLAGS="-L../../staging/usr/local/CoolKey/lib -arch ppc -isysroot /Developer/SDKs/MacOSX10.4u.sdk -arch i386" -f Makefile-OSX
-
- if [ $? != 0 ];
- then
- echo "Can't buld Egate."
- return 1
- fi
-
- cp ../../misc/Makefile-OSX.egate.patch .
- patch -p0 -N < Makefile-OSX.egate.patch
+ rm -f COOLKEY.zip
- make -f Makefile-OSX DESTDIR=${PWD}/../../staging install
+ sudo rm -rf COOLKEY.tokend
}
@@ -201,19 +100,22 @@
echo "Build CoolKey... "
printf "\n"
-
if [ $NUM_ARGS -ne 0 ] && [ $THE_ARG != -doCoolKey ];
then
echo "Do not build CoolKey"
return 0
fi
-
echo "ENABLE_PK11INSTALLL $ENABLE_PK11INSTALL"
cd $BASE_DIR
- cvs -d $FEDORA_CVS_ROOT co -r $COOLKEY_TAG coolkey
+ if [ -d coolkey ];
+ then
+ echo "CoolKey checked out already."
+ else
+ cvs -d $FEDORA_CVS_ROOT co -r $COOLKEY_TAG coolkey
+ fi
if [ $? != 0 ];
then
@@ -221,10 +123,8 @@
return 1
fi
-
cd coolkey
-
/usr/bin/autoconf
if [ $? != 0 ];
@@ -233,7 +133,7 @@
return 1
fi
- ./configure --disable-dependency-tracking --prefix=$COOLKEY_PATH NSS_CFLAGS="-I ${PWD}/../esc/dist/Dar*/xulrunner_build/i386/dist/public/nss -I ${PWD}/../esc/dist/Dar*/xulrunner_build/i386/dist/include/nspr" NSS_LIBS="-L${PWD}/../esc/dist/Darwin6.8_OPT.OBJ/xulrunner_build/i386/dist/universal/xulrunner/XUL.framework/Versions/Current -Wl,-executable_path,${PWD}/../esc/dist/Darwin6.8_OPT.OBJ/xulrunner_build/i386/dist/universal/xulrunner/XUL.framework/Versions/Current"
+ ./configure --enable-debug --disable-dependency-tracking --prefix=$COOLKEY_PATH NSS_CFLAGS="-I $GECKO_SDK_PATH/sdk/include" NSS_LIBS="-L/Library/Frameworks/XUL.framework/Versions/Current -Wl,-executable_path,/System/Frameworks//XUL.framework/Versions/Current $ENABLE_PK11INSTALL"
if [ $? != 0 ];
then
@@ -261,7 +161,7 @@
if [ $? != 0 ];
then
- echo "Can't re-make coolkey."
+ echo "Can't make pk11install!"
return 1
fi
@@ -278,6 +178,8 @@
cp -f $PK11INSTALL_LIB_PATH/libplc4.dylib ../staging/$COOLKEY_PATH/bin
cp -f $PK11INSTALL_LIB_PATH/libplds4.dylib ../staging/$COOLKEY_PATH/bin
cp -f $PK11INSTALL_LIB_PATH/libnspr4.dylib ../staging/$COOLKEY_PATH/bin
+ cp -f $PK11INSTALL_LIB_PATH/libnssutil3.dylib ../staging/$COOLKEY_PATH/bin
+ cp -f $PK11INSTALL_LIB_PATH/libsqlite3.dylib ../staging/$COOLKEY_PATH/bin
return 0
}
@@ -300,9 +202,9 @@
if [ -d esc ];
then
- cvs -d $FEDORA_CVS_ROOT update esc
+ echo "ESC checked out already."
else
- cvs -d $FEDORA_CVS_ROOT co esc
+ cvs -d $FEDORA_CVS_ROOT co -r $ESC_TAG esc
fi
if [ $? != 0 ];
@@ -312,29 +214,18 @@
fi
cd esc
- mkdir -p dist/src
- cd dist/src
- cvs -d $MOZ_CVS_ROOT co -r $MOZ_XULRUNNER_BRANCH mozilla/client.mk
+ make BUILD_OPT=1 USE_XUL_SDK=1 clean
+ echo make BUILD_OPT=1 USE_XUL_SDK=1 ESC_VERSION=$ESC_VERSION CKY_INCLUDE=-I$BASE_DIR/staging/$COOLKEY_PATH/include CKY_LIB_LDD=-L$BASE_DIR/staging/$COOLKEY_PATH/lib XUL_FRAMEWORK_PATH=$XUL_FRAMEWORK_PATH
- if [ $? != 0 ];
- then
- echo "Can't checkout Xulrunner code."
- return 1
- fi
+ echo make BUILD_OPT=1 USE_XUL_SDK=1 ESC_VERSION=$ESC_VERSION CKY_INCLUDE=-I$BASE_DIR/staging/$COOLKEY_PATH/include CKY_LIB_LDD=-L$BASE_DIR/staging/$COOLKEY_PATH/lib XUL_FRAMEWORK_PATH=$XUL_FRAMEWORK_PATH > build.sh
- cd mozilla
- make -f client.mk checkout MOZ_CO_PROJECT=xulrunner
-
- if [ $? != 0 ];
- then
- echo "Can't checkout Xulrunner code."
- return 1
- fi
-
- cd ../../..
+ echo make BUILD_OPT=1 USE_XUL_SDK=1 clean > clean.sh
- make BUILD_OPT=1 ESC_VERSION=$ESC_VERSION CKY_INCLUDE=-I$BASE_DIR/staging/$COOLKEY_PATH/include CKY_LIB_LDD=-L$BASE_DIR/staging/$COOLKEY_PATH/lib
+ chmod 775 build.sh
+ chmod 775 clean.sh
+
+ make BUILD_OPT=1 USE_XUL_SDK=1 ESC_VERSION=$ESC_VERSION CKY_INCLUDE=-I$BASE_DIR/staging/$COOLKEY_PATH/include CKY_LIB_LDD=-L$BASE_DIR/staging/$COOLKEY_PATH/lib XUL_FRAMEWORK_PATH=$XUL_FRAMEWORK_PATH
if [ $? != 0 ];
then
@@ -387,7 +278,6 @@
fi
-
mkdir -p staging/$TOKEND_DEST_PATH
unzip COOLKEY.zip
@@ -398,8 +288,7 @@
return 0
fi
-
- mv COOLKEY.tokend ./staging/$TOKEND_DEST_PATH/A_COOLKEY.tokend
+ sudo mv COOLKEY.tokend ./staging/$TOKEND_DEST_PATH/COOLKEY.tokend
if [ $? != 0 ];
then
@@ -407,10 +296,7 @@
return 0
fi
-
return 0
-
-
}
function buildMacPackage {
@@ -458,7 +344,7 @@
echo "About to create pkg installer..."
- $PACKAGE_MAKER_PATH/PackageMaker -build -p $COOLKEY_PKG_NAME -f $BASE_DIR/staging -i $BASE_DIR/coolkey_package_data/Info.plist -d $BASE_DIR/coolkey_package_data/Description.plist -r $BASE_DIR/coolkey_package_data/Resources
+ $PACKAGE_MAKER_PATH/PackageMaker -build -p $COOLKEY_PKG_NAME -f $BASE_DIR/staging -i $BASE_DIR/coolkey_package_data/Info.plist -d $BASE_DIR/coolkey_package_data/Description.plist -r $BASE_DIR/coolkey_package_data/Resources --verbose
if [ $? != 0 ];
then
@@ -469,7 +355,7 @@
echo "Creating final dmg file .... "
printf "\n"
- hdiutil create -format UDZO -fs HFS+ -volname $COOLKEY_VOL_NAME -srcfolder $COOLKEY_PKG_NAME $COOLKEY_DMG_NAME
+ hdiutil create -format UDZO -fs HFS+ -volname $COOLKEY_VOL_NAME -srcfolder $BASE_DIR/$COOLKEY_PKG_NAME $COOLKEY_DMG_NAME
if [ $? != 0 ];
then
@@ -486,47 +372,26 @@
echo "Initializing system for Mac build..... "
printf "\n"
-
- sudo chown -R -v -h ${USER}:${USER} staging/usr
- sudo chown -R -v -h ${USER}:${USER} staging/System
- sudo chown -R -v -h ${USER}:${USER} staging/Applications
-
-
- echo "Setting default compiler to gcc 4.0.1 ...... "
- printf "\n"
-
- sudo gcc_select 4.0
+ mkdir -p staging
+ mkdir -p staging/usr
+ mkdir -p staging/System
+ mkdir -p staging/Applications
+
+ sudo chown -R -v -h ${USER}:staff staging/usr
+ sudo chown -R -v -h ${USER}:staff staging/System
+ sudo chown -R -v -h ${USER}:staff staging/Applications
rm -rf staging/CVS
rm -rf staging/$TOKEND_DEST_PATH
- rm -rf *.dmg
-
-
- mkdir -p BUILD
-
- if [ $? != 0 ];
- then
- echo "Problem setting up build...."
- exit 1
- fi
-
- mkdir -p SPECS
-
- if [ $? != 0 ];
- then
- echo "Problem setting up build...."
- exit 1
- fi
- mkdir -p SOURCES
+ rm -rf staging/Applications/*
+ rm -rf staging/System/*
+ rm -rf stating/usr/*
- if [ $? != 0 ];
- then
- echo "Problem setting up build...."
- exit 1
- fi
+ rm -rf *.dmg
+ export MACOSX_DEPLOYMENT_TARGET=10.5
}
@@ -554,7 +419,7 @@
return
fi
- if [ $THE_ARG != -doUsb ] && [ $THE_ARG != -doEgate ] && [ $THE_ARG != -doEsc ] && [ $THE_ARG != -doCoolKey ] && [ $THE_ARG != -doTokenD ] && [ $THE_ARG != -doInstaller ];
+ if [ $THE_ARG != -doEsc ] && [ $THE_ARG != -doCoolKey ] && [ $THE_ARG != -doTokenD ] && [ $THE_ARG != -doInstaller ];
then
echo "Incorrect arguments!"
usage
@@ -571,18 +436,13 @@
processARGS
-
initializeBuild
-buildUSB
-
if [ $? != 0 ];
then
exit 1
fi
-buildEGATE
-
if [ $? != 0 ];
then
exit 1
@@ -604,17 +464,6 @@
exit 1
fi
-# Build coolkey, now with pk11install
-
-ENABLE_PK11INSTALL=--enable-pk11install
-
-buildCOOLKEY
-
-if [ $? != 0 ];
-then
- exit 1
-fi
-
obtainTokenD
if [ $? != 0 ];
14 years, 1 month
Branch 'Directory_Server_8_2_Branch' - ldap/servers
by Noriko Hosoi
ldap/servers/slapd/dn.c | 4 +---
ldap/servers/slapd/util.c | 4 +---
2 files changed, 2 insertions(+), 6 deletions(-)
New commits:
commit 81de991c5b52c7f3c02aa6215227aee2408f24bc
Author: Noriko Hosoi <nhosoi(a)redhat.com>
Date: Fri Mar 12 17:30:49 2010 -0800
573060 - DN normalizer: ESC HEX HEX is not normalized (
https://bugzilla.redhat.com/show_bug.cgi?id=573060
Description: there were 2 bugs handling ESC HEX HEXT format.
It was ignoring non-ASCII characters. Now, they are covered.
diff --git a/ldap/servers/slapd/dn.c b/ldap/servers/slapd/dn.c
index 3ab9327..73eeda1 100644
--- a/ldap/servers/slapd/dn.c
+++ b/ldap/servers/slapd/dn.c
@@ -361,9 +361,7 @@ substr_dn_normalize( char *dn, char *end )
gotesc = 1;
if ( s+2 < end ) {
int n = hexchar2int( s[1] );
- /* If 8th bit is on, the char is not ASCII (not UTF-8).
- * Thus, not UTF-8 */
- if ( n >= 0 && n < 8 ) {
+ if ( n >= 0 && n < 16 ) {
int n2 = hexchar2int( s[2] );
if ( n2 >= 0 ) {
n = (n << 4) + n2;
diff --git a/ldap/servers/slapd/util.c b/ldap/servers/slapd/util.c
index 71a2305..d26b0b9 100644
--- a/ldap/servers/slapd/util.c
+++ b/ldap/servers/slapd/util.c
@@ -217,9 +217,7 @@ strcpy_unescape_value( char *d, const char *s )
gotesc = 1;
if ( s+2 < end ) {
int n = hexchar2int( s[1] );
- /* If 8th bit is on, the char is not ASCII (not UTF-8).
- * Thus, not UTF-8 */
- if ( n >= 0 && n < 8 ) {
+ if ( n >= 0 && n < 16 ) {
int n2 = hexchar2int( s[2] );
if ( n2 >= 0 ) {
n = (n << 4) + n2;
14 years, 1 month
ldap/servers
by Noriko Hosoi
ldap/servers/slapd/dn.c | 4 +---
ldap/servers/slapd/util.c | 4 +---
2 files changed, 2 insertions(+), 6 deletions(-)
New commits:
commit 23bf6060d3088f9a3f5f5fac1b18faa4bc8756c8
Author: Noriko Hosoi <nhosoi(a)redhat.com>
Date: Fri Mar 12 17:30:49 2010 -0800
573060 - DN normalizer: ESC HEX HEX is not normalized (
https://bugzilla.redhat.com/show_bug.cgi?id=573060
Description: there were 2 bugs handling ESC HEX HEXT format.
It was ignoring non-ASCII characters. Now, they are covered.
diff --git a/ldap/servers/slapd/dn.c b/ldap/servers/slapd/dn.c
index 2e5ac00..f9c2258 100644
--- a/ldap/servers/slapd/dn.c
+++ b/ldap/servers/slapd/dn.c
@@ -361,9 +361,7 @@ substr_dn_normalize( char *dn, char *end )
gotesc = 1;
if ( s+2 < end ) {
int n = hexchar2int( s[1] );
- /* If 8th bit is on, the char is not ASCII (not UTF-8).
- * Thus, not UTF-8 */
- if ( n >= 0 && n < 8 ) {
+ if ( n >= 0 && n < 16 ) {
int n2 = hexchar2int( s[2] );
if ( n2 >= 0 ) {
n = (n << 4) + n2;
diff --git a/ldap/servers/slapd/util.c b/ldap/servers/slapd/util.c
index 71a2305..d26b0b9 100644
--- a/ldap/servers/slapd/util.c
+++ b/ldap/servers/slapd/util.c
@@ -217,9 +217,7 @@ strcpy_unescape_value( char *d, const char *s )
gotesc = 1;
if ( s+2 < end ) {
int n = hexchar2int( s[1] );
- /* If 8th bit is on, the char is not ASCII (not UTF-8).
- * Thus, not UTF-8 */
- if ( n >= 0 && n < 8 ) {
+ if ( n >= 0 && n < 16 ) {
int n2 = hexchar2int( s[2] );
if ( n2 >= 0 ) {
n = (n << 4) + n2;
14 years, 1 month
esc/src/app/xul/esc/chrome/content/esc ESC.js, 1.28, 1.29
by Jack Magne
Author: jmagne
Update of /cvs/dirsec/esc/src/app/xul/esc/chrome/content/esc
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv8286
Modified Files:
ESC.js
Log Message:
Further fix for #469867 - Cannot use arrow keys to move between cards in the main ESC screen.
Index: ESC.js
===================================================================
RCS file: /cvs/dirsec/esc/src/app/xul/esc/chrome/content/esc/ESC.js,v
retrieving revision 1.28
retrieving revision 1.29
diff -u -r1.28 -r1.29
--- ESC.js 22 Feb 2010 21:38:16 -0000 1.28
+++ ESC.js 15 Mar 2010 20:51:27 -0000 1.29
@@ -1810,11 +1810,12 @@
{
return;
}
+ list.selectItem(gCurrentSelectedRow);
selectedIndex = list.selectedIndex;
if(selectedIndex == -1)
{
- olditem = list.getItemAtIndex(0);
+ olditem = list.getItemAtIndex(0);
if(olditem) {
list.selectItem(olditem);
olditem.click();
@@ -1825,7 +1826,7 @@
if(evt.keyCode == KeyEvent.DOM_VK_UP) {
offset = -1;
- }
+ }
if(evt.keyCode == KeyEvent.DOM_VK_DOWN) {
offset = 1;
}
@@ -1837,7 +1838,7 @@
list.moveByOffset( offset , 1, 0);
newitem = list.getItemAtIndex(list.selectedIndex);
olditem.blur();
- if(newitem)
+ if(newitem)
newitem.click();
}
}
@@ -2396,6 +2397,7 @@
{
DisableItem(menu_format);
DisableItem(menu_resetpassword);
+ DisableItem(menu_enroll);
}
}
14 years, 1 month
ldap/servers
by Richard Allen Megginson
ldap/servers/plugins/pam_passthru/pam_ptimpl.c | 17 ++-
ldap/servers/slapd/bind.c | 8 -
ldap/servers/slapd/daemon.c | 10 +
ldap/servers/slapd/libslapd.def | 1
ldap/servers/slapd/pw.c | 138 +++++++++++++++++++++++++
ldap/servers/slapd/pw_mgmt.c | 136 ------------------------
ldap/servers/slapd/saslbind.c | 2
ldap/servers/slapd/slapi-plugin.h | 2
8 files changed, 167 insertions(+), 147 deletions(-)
New commits:
commit 1ef0ec98b6c91471454647e5f613d26fa015c619
Author: Endi S. Dewata <edewata(a)redhat.com>
Date: Thu Mar 11 14:26:56 2010 -0600
Bug 470684 - Pam_passthru plugin doesn't verify account activation
https://bugzilla.redhat.com/show_bug.cgi?id=470684
Resolves: bug 470684
Bug Description: Pam passthrough doesn't verify account activation
Reviewed by: rmeggins
Branch: HEAD
Fix Description: The check_account_lock() has been renamed to
slapi_check_account_lock() and moved into libslapd.so so any plugins
can use it. The account_inactivation_only parameter has been replaced
by check_password_policy. A new parameter send_result has been added
to determine whether to send LDAP results.
The pam_passthru plugin has been modified to use this function to
check account activation when the pamIDMapMethod is set to ENTRY.
The plugin will not check password policy.
diff --git a/ldap/servers/plugins/pam_passthru/pam_ptimpl.c b/ldap/servers/plugins/pam_passthru/pam_ptimpl.c
index 6e5fc9f..662239f 100644
--- a/ldap/servers/plugins/pam_passthru/pam_ptimpl.c
+++ b/ldap/servers/plugins/pam_passthru/pam_ptimpl.c
@@ -106,7 +106,7 @@ derive_from_bind_dn(Slapi_PBlock *pb, char *binddn, MyStrBuf *pam_id)
}
static char *
-derive_from_bind_entry(Slapi_PBlock *pb, char *binddn, MyStrBuf *pam_id, char *map_ident_attr)
+derive_from_bind_entry(Slapi_PBlock *pb, char *binddn, MyStrBuf *pam_id, char *map_ident_attr, int *locked)
{
char buf[BUFSIZ];
Slapi_Entry *entry = NULL;
@@ -128,6 +128,12 @@ derive_from_bind_entry(Slapi_PBlock *pb, char *binddn, MyStrBuf *pam_id, char *m
"Could not find entry for BIND dn %s\n",
escape_string(binddn, buf));
init_my_str_buf(pam_id, NULL);
+ } else if (slapi_check_account_lock( pb, entry, 0, 0, 0 ) == 1) {
+ slapi_log_error(SLAPI_LOG_FATAL, PAM_PASSTHRU_PLUGIN_SUBSYSTEM,
+ "Account %s inactivated.\n",
+ escape_string(binddn, buf));
+ init_my_str_buf(pam_id, NULL);
+ *locked = 1;
} else {
char *val = slapi_entry_attr_get_charptr(entry, map_ident_attr);
init_my_str_buf(pam_id, val);
@@ -266,17 +272,24 @@ do_one_pam_auth(
struct pam_conv my_pam_conv = {pam_conv_func, NULL};
char buf[BUFSIZ]; /* for error messages */
char *errmsg = NULL; /* free with PR_smprintf_free */
+ int locked = 0;
slapi_pblock_get( pb, SLAPI_BIND_TARGET, &binddn );
if (method == PAMPT_MAP_METHOD_RDN) {
derive_from_bind_dn(pb, binddn, &pam_id);
} else if (method == PAMPT_MAP_METHOD_ENTRY) {
- derive_from_bind_entry(pb, binddn, &pam_id, map_ident_attr);
+ derive_from_bind_entry(pb, binddn, &pam_id, map_ident_attr, &locked);
} else {
init_my_str_buf(&pam_id, binddn);
}
+ if (locked) {
+ errmsg = PR_smprintf("Account inactivated. Contact system administrator.");
+ retcode = LDAP_UNWILLING_TO_PERFORM; /* user inactivated */
+ goto done; /* skip the pam stuff */
+ }
+
if (!pam_id.str) {
errmsg = PR_smprintf("Bind DN [%s] is invalid or not found",
escape_string(binddn, buf));
diff --git a/ldap/servers/slapd/bind.c b/ldap/servers/slapd/bind.c
index d3e9009..f0bdbae 100644
--- a/ldap/servers/slapd/bind.c
+++ b/ldap/servers/slapd/bind.c
@@ -441,8 +441,8 @@ do_bind( Slapi_PBlock *pb )
if (!isroot ) {
/* check if the account is locked */
bind_target_entry = get_entry(pb, pb->pb_conn->c_external_dn);
- if ( bind_target_entry != NULL && check_account_lock(pb, bind_target_entry,
- pw_response_requested, 0 /*not account_inactivation_only*/ ) == 1) {
+ if ( bind_target_entry != NULL && slapi_check_account_lock(pb, bind_target_entry,
+ pw_response_requested, 1 /*check password policy*/, 1 /*send ldap result*/) == 1) {
/* call postop plugins */
plugin_call_plugins( pb, SLAPI_PLUGIN_POST_BIND_FN );
goto free_and_return;
@@ -642,10 +642,10 @@ do_bind( Slapi_PBlock *pb )
*
*/
- /* get the entry now, so that we can give it to check_account_lock and reslimit_update_from_dn */
+ /* get the entry now, so that we can give it to slapi_check_account_lock and reslimit_update_from_dn */
if (! slapi_be_is_flag_set(be, SLAPI_BE_FLAG_REMOTE_DATA)) {
bind_target_entry = get_entry(pb, slapi_sdn_get_ndn(&sdn));
- rc = check_account_lock ( pb, bind_target_entry, pw_response_requested,0);
+ rc = slapi_check_account_lock ( pb, bind_target_entry, pw_response_requested, 1, 1);
}
slapi_pblock_set( pb, SLAPI_PLUGIN, be->be_database );
diff --git a/ldap/servers/slapd/daemon.c b/ldap/servers/slapd/daemon.c
index 0db7f13..672a9a4 100644
--- a/ldap/servers/slapd/daemon.c
+++ b/ldap/servers/slapd/daemon.c
@@ -1922,11 +1922,12 @@ slapd_bind_local_user(Connection *conn)
if(entries[0] && 0 == entries[1])
{
/* observe account locking */
- ret = check_account_lock(
+ ret = slapi_check_account_lock(
0, /* pb not req */
entries[0],
0, /* no response control */
- 1 /* inactivation only */
+ 0, /* don't check password policy */
+ 0 /* don't send ldap result */
);
if(0 == ret)
@@ -1981,11 +1982,12 @@ entry_map_free:
if(0 == ret && e)
{
- ret = check_account_lock(
+ ret = slapi_check_account_lock(
0, /* pb not req */
e,
0, /* no response control */
- 1 /* inactivation only */
+ 0, /* don't check password policy */
+ 0 /* don't send ldap result */
);
if(1 == ret)
diff --git a/ldap/servers/slapd/libslapd.def b/ldap/servers/slapd/libslapd.def
index c2bdfbe..c5fd242 100644
--- a/ldap/servers/slapd/libslapd.def
+++ b/ldap/servers/slapd/libslapd.def
@@ -1198,3 +1198,4 @@ EXPORTS
config_get_pw_maxrepeats @1205
config_get_pw_mincategories @1206
config_get_pw_mintokenlength @1207
+ slapi_check_account_lock @1208
diff --git a/ldap/servers/slapd/pw.c b/ldap/servers/slapd/pw.c
index f1e87a3..15add06 100644
--- a/ldap/servers/slapd/pw.c
+++ b/ldap/servers/slapd/pw.c
@@ -1982,3 +1982,141 @@ check_pw_storagescheme_value( const char *attr_name, char *value, long minval, l
return retVal;
}
+/* check_account_lock is called before bind opeation; this could be a pre-op. */
+int
+slapi_check_account_lock ( Slapi_PBlock *pb, Slapi_Entry * bind_target_entry, int pwresponse_req, int check_password_policy, int send_result) {
+
+ time_t unlock_time;
+ time_t cur_time;
+ char *cur_time_str = NULL;
+ char *accountUnlockTime;
+ passwdPolicy *pwpolicy = NULL;
+ char *dn = NULL;
+
+ /* kexcoff: account inactivation */
+ int rc = 0;
+ Slapi_ValueSet *values = NULL;
+ int type_name_disposition = 0;
+ char *actual_type_name = NULL;
+ int attr_free_flags = 0;
+ /* kexcoff - end */
+
+ if ( bind_target_entry == NULL )
+ return -1;
+
+ if(check_password_policy)
+ {
+ dn = slapi_entry_get_ndn(bind_target_entry);
+ pwpolicy = new_passwdPolicy(pb, dn);
+ }
+
+ /* kexcoff: account inactivation */
+ /* check if the entry is locked by nsAccountLock attribute - account inactivation feature */
+
+ rc = slapi_vattr_values_get(bind_target_entry, "nsAccountLock",
+ &values,
+ &type_name_disposition, &actual_type_name,
+ SLAPI_VIRTUALATTRS_REQUEST_POINTERS,
+ &attr_free_flags);
+ if ( rc == 0 )
+ {
+ Slapi_Value *v = NULL;
+ const struct berval *bvp = NULL;
+
+ if ( (slapi_valueset_first_value( values, &v ) != -1) &&
+ ( bvp = slapi_value_get_berval( v )) != NULL )
+ {
+ if ( (bvp != NULL) && (strcasecmp(bvp->bv_val, "true") == 0) )
+ {
+ /* account inactivated */
+ if (check_password_policy && pwresponse_req) {
+ slapi_pwpolicy_make_response_control ( pb, -1, -1,
+ LDAP_PWPOLICY_ACCTLOCKED );
+ }
+ if (send_result)
+ send_ldap_result ( pb, LDAP_UNWILLING_TO_PERFORM, NULL,
+ "Account inactivated. Contact system administrator.",
+ 0, NULL );
+ slapi_vattr_values_free(&values, &actual_type_name, attr_free_flags);
+ goto locked;
+ }
+ } /* else, account "activated", keep on the process */
+
+ if ( values != NULL )
+ slapi_vattr_values_free(&values, &actual_type_name, attr_free_flags);
+ }
+ /* kexcoff - end */
+
+ /*
+ * Check if the password policy has to be checked or not
+ */
+ if ( !check_password_policy || pwpolicy->pw_lockout == 0 ) {
+ goto notlocked;
+ }
+
+ /*
+ * Check the attribute of the password policy
+ */
+
+ /* check if account is locked out. If so, send result and return 1 */
+ {
+ unsigned int maxfailure= pwpolicy->pw_maxfailure;
+ /* It's locked if passwordRetryCount >= maxfailure */
+ if ( slapi_entry_attr_get_uint(bind_target_entry,"passwordRetryCount") < maxfailure )
+ {
+ /* Not locked */
+ goto notlocked;
+ }
+ }
+
+ /* locked but maybe it's time to unlock it */
+ accountUnlockTime= slapi_entry_attr_get_charptr(bind_target_entry, "accountUnlockTime");
+ if (accountUnlockTime != NULL)
+ {
+ unlock_time = parse_genTime(accountUnlockTime);
+ slapi_ch_free((void **) &accountUnlockTime );
+
+ if ( pwpolicy->pw_unlock == 0 &&
+ unlock_time == NO_TIME ) {
+
+ /* account is locked forever. contact admin to reset */
+ if (pwresponse_req) {
+ slapi_pwpolicy_make_response_control ( pb, -1, -1,
+ LDAP_PWPOLICY_ACCTLOCKED );
+ }
+ if (send_result)
+ send_ldap_result ( pb, LDAP_CONSTRAINT_VIOLATION, NULL,
+ "Exceed password retry limit. Contact system administrator to reset.",
+ 0, NULL );
+ goto locked;
+ }
+ cur_time = current_time();
+ cur_time_str = format_genTime( cur_time);
+ if ( difftime ( parse_genTime( cur_time_str ), unlock_time ) < 0 ) {
+
+ /* account is locked, cannot do anything */
+ if (pwresponse_req) {
+ slapi_pwpolicy_make_response_control ( pb, -1, -1,
+ LDAP_PWPOLICY_ACCTLOCKED );
+ }
+ if (send_result)
+ send_ldap_result ( pb, LDAP_CONSTRAINT_VIOLATION, NULL,
+ "Exceed password retry limit. Please try later.",
+ 0, NULL );
+ slapi_ch_free((void **) &cur_time_str );
+ goto locked;
+ }
+ slapi_ch_free((void **) &cur_time_str );
+ }
+
+notlocked:
+ /* account is not locked. */
+ if(check_password_policy)
+ delete_passwdPolicy(&pwpolicy);
+ return ( 0 );
+locked:
+ if(check_password_policy)
+ delete_passwdPolicy(&pwpolicy);
+ return (1);
+
+}
diff --git a/ldap/servers/slapd/pw_mgmt.c b/ldap/servers/slapd/pw_mgmt.c
index 34afa15..97b51c8 100644
--- a/ldap/servers/slapd/pw_mgmt.c
+++ b/ldap/servers/slapd/pw_mgmt.c
@@ -291,142 +291,6 @@ skip:
return( 0 );
}
-/* check_account_lock is called before bind opeation; this could be a pre-op. */
-int
-check_account_lock ( Slapi_PBlock *pb, Slapi_Entry * bind_target_entry, int pwresponse_req, int account_inactivation_only) {
-
- time_t unlock_time;
- time_t cur_time;
- char *cur_time_str = NULL;
- char *accountUnlockTime;
- passwdPolicy *pwpolicy = NULL;
- char *dn = NULL;
-
- /* kexcoff: account inactivation */
- int rc = 0;
- Slapi_ValueSet *values = NULL;
- int type_name_disposition = 0;
- char *actual_type_name = NULL;
- int attr_free_flags = 0;
- /* kexcoff - end */
-
- if ( bind_target_entry == NULL )
- return -1;
-
- if(!account_inactivation_only)
- {
- dn = slapi_entry_get_ndn(bind_target_entry);
- pwpolicy = new_passwdPolicy(pb, dn);
- }
-
- /* kexcoff: account inactivation */
- /* check if the entry is locked by nsAccountLock attribute - account inactivation feature */
-
- rc = slapi_vattr_values_get(bind_target_entry, "nsAccountLock",
- &values,
- &type_name_disposition, &actual_type_name,
- SLAPI_VIRTUALATTRS_REQUEST_POINTERS,
- &attr_free_flags);
- if ( rc == 0 )
- {
- Slapi_Value *v = NULL;
- const struct berval *bvp = NULL;
-
- if ( (slapi_valueset_first_value( values, &v ) != -1) &&
- ( bvp = slapi_value_get_berval( v )) != NULL )
- {
- if ( (bvp != NULL) && (strcasecmp(bvp->bv_val, "true") == 0) )
- {
- /* account inactivated */
- if (!account_inactivation_only && pwresponse_req) {
- slapi_pwpolicy_make_response_control ( pb, -1, -1,
- LDAP_PWPOLICY_ACCTLOCKED );
- }
- if(!account_inactivation_only)
- send_ldap_result ( pb, LDAP_UNWILLING_TO_PERFORM, NULL,
- "Account inactivated. Contact system administrator.",
- 0, NULL );
- slapi_vattr_values_free(&values, &actual_type_name, attr_free_flags);
- goto locked;
- }
- } /* else, account "activated", keep on the process */
-
- if ( values != NULL )
- slapi_vattr_values_free(&values, &actual_type_name, attr_free_flags);
- }
- /* kexcoff - end */
-
- /*
- * Check if the password policy has to be checked or not
- */
- if ( account_inactivation_only || pwpolicy->pw_lockout == 0 ) {
- goto notlocked;
- }
-
- /*
- * Check the attribute of the password policy
- */
-
- /* check if account is locked out. If so, send result and return 1 */
- {
- unsigned int maxfailure= pwpolicy->pw_maxfailure;
- /* It's locked if passwordRetryCount >= maxfailure */
- if ( slapi_entry_attr_get_uint(bind_target_entry,"passwordRetryCount") < maxfailure )
- {
- /* Not locked */
- goto notlocked;
- }
- }
-
- /* locked but maybe it's time to unlock it */
- accountUnlockTime= slapi_entry_attr_get_charptr(bind_target_entry, "accountUnlockTime");
- if (accountUnlockTime != NULL)
- {
- unlock_time = parse_genTime(accountUnlockTime);
- slapi_ch_free((void **) &accountUnlockTime );
-
- if ( pwpolicy->pw_unlock == 0 &&
- unlock_time == NO_TIME ) {
-
- /* account is locked forever. contact admin to reset */
- if (pwresponse_req) {
- slapi_pwpolicy_make_response_control ( pb, -1, -1,
- LDAP_PWPOLICY_ACCTLOCKED );
- }
- send_ldap_result ( pb, LDAP_CONSTRAINT_VIOLATION, NULL,
- "Exceed password retry limit. Contact system administrator to reset."
- , 0, NULL );
- goto locked;
- }
- cur_time = current_time();
- cur_time_str = format_genTime( cur_time);
- if ( difftime ( parse_genTime( cur_time_str ), unlock_time ) < 0 ) {
-
- /* account is locked, cannot do anything */
- if (pwresponse_req) {
- slapi_pwpolicy_make_response_control ( pb, -1, -1,
- LDAP_PWPOLICY_ACCTLOCKED );
- }
- send_ldap_result ( pb, LDAP_CONSTRAINT_VIOLATION, NULL,
- "Exceed password retry limit. Please try later." , 0, NULL );
- slapi_ch_free((void **) &cur_time_str );
- goto locked;
- }
- slapi_ch_free((void **) &cur_time_str );
- }
-
-notlocked:
- /* account is not locked. */
- if(!account_inactivation_only)
- delete_passwdPolicy(&pwpolicy);
- return ( 0 );
-locked:
- if(!account_inactivation_only)
- delete_passwdPolicy(&pwpolicy);
- return (1);
-
-}
-
void
pw_init ( void ) {
slapdFrontendConfig_t *slapdFrontendConfig;
diff --git a/ldap/servers/slapd/saslbind.c b/ldap/servers/slapd/saslbind.c
index 42d289a..1ed9942 100644
--- a/ldap/servers/slapd/saslbind.c
+++ b/ldap/servers/slapd/saslbind.c
@@ -936,7 +936,7 @@ void ids_sasl_check_bind(Slapi_PBlock *pb)
{
break;
}
- if ( check_account_lock(pb, bind_target_entry, pwresponse_requested, 0) == 1) {
+ if ( slapi_check_account_lock(pb, bind_target_entry, pwresponse_requested, 1, 1) == 1) {
slapi_entry_free(bind_target_entry);
break;
}
diff --git a/ldap/servers/slapd/slapi-plugin.h b/ldap/servers/slapd/slapi-plugin.h
index 5f97c05..47fc7b8 100644
--- a/ldap/servers/slapd/slapi-plugin.h
+++ b/ldap/servers/slapd/slapi-plugin.h
@@ -5953,6 +5953,8 @@ int slapi_set_plugin_default_config(const char *type, Slapi_Value *value);
* */
int slapi_get_plugin_default_config(char *type, Slapi_ValueSet **valueset);
+int slapi_check_account_lock( Slapi_PBlock *pb, Slapi_Entry *bind_target_entry, int pwresponse_req, int check_password_policy, int send_result);
+
#ifdef __cplusplus
}
#endif
14 years, 1 month
Branch 'Directory_Server_8_2_Branch' - ldap/servers
by Richard Allen Megginson
ldap/servers/plugins/acl/acleffectiverights.c | 2 --
1 file changed, 2 deletions(-)
New commits:
commit 87d2477da35f4a029a225dd37917d4405d94ba54
Author: Rich Megginson <rmeggins(a)redhat.com>
Date: Thu Mar 11 20:54:42 2010 -0700
Bug 572677 - Memory leak in searches including GER control
https://bugzilla.redhat.com/show_bug.cgi?id=572677
Resolves: bug 572677
Bug Description: Memory leak in searches including GER control
Reviewed by: Andrey Ivanov (Thanks!)
Branch: Directory_Server_8_2_Branch
Fix Description: The per-operation acl pblocks are cached. In order to
release the pblock back to the cache free list, the connection must be
provided. The connection comes from the pblock.
Platforms tested: RHEL5 x86_64
Flag Day: no
Doc impact: no
(cherry picked from commit ed463407ead1f63ba26f64740a1e5cd1d79a03ee)
diff --git a/ldap/servers/plugins/acl/acleffectiverights.c b/ldap/servers/plugins/acl/acleffectiverights.c
index 70c7c85..9afac07 100644
--- a/ldap/servers/plugins/acl/acleffectiverights.c
+++ b/ldap/servers/plugins/acl/acleffectiverights.c
@@ -280,8 +280,6 @@ _ger_release_gerpb (
{
if ( *gerpb )
{
- /* Return conn to pb */
- slapi_pblock_set ( *gerpb, SLAPI_CONNECTION, NULL );
slapi_pblock_destroy ( *gerpb );
*gerpb = NULL;
}
14 years, 1 month
ldap/servers
by Richard Allen Megginson
ldap/servers/plugins/acl/acleffectiverights.c | 2 --
1 file changed, 2 deletions(-)
New commits:
commit ed463407ead1f63ba26f64740a1e5cd1d79a03ee
Author: Rich Megginson <rmeggins(a)redhat.com>
Date: Thu Mar 11 20:54:42 2010 -0700
Bug 572677 - Memory leak in searches including GER control
https://bugzilla.redhat.com/show_bug.cgi?id=572677
Resolves: bug 572677
Bug Description: Memory leak in searches including GER control
Reviewed by: Andrey Ivanov (Thanks!)
Branch: HEAD
Fix Description: The per-operation acl pblocks are cached. In order to
release the pblock back to the cache free list, the connection must be
provided. The connection comes from the pblock.
Platforms tested: RHEL5 x86_64
Flag Day: no
Doc impact: no
diff --git a/ldap/servers/plugins/acl/acleffectiverights.c b/ldap/servers/plugins/acl/acleffectiverights.c
index 70c7c85..9afac07 100644
--- a/ldap/servers/plugins/acl/acleffectiverights.c
+++ b/ldap/servers/plugins/acl/acleffectiverights.c
@@ -280,8 +280,6 @@ _ger_release_gerpb (
{
if ( *gerpb )
{
- /* Return conn to pb */
- slapi_pblock_set ( *gerpb, SLAPI_CONNECTION, NULL );
slapi_pblock_destroy ( *gerpb );
*gerpb = NULL;
}
14 years, 1 month
Branch 'Directory_Server_8_2_Branch' - ldap/servers
by Noriko Hosoi
ldap/servers/slapd/back-ldbm/ldbm_add.c | 2 ++
ldap/servers/slapd/back-ldbm/ldbm_delete.c | 8 ++++++--
ldap/servers/slapd/back-ldbm/ldbm_modify.c | 3 ++-
ldap/servers/slapd/back-ldbm/ldbm_modrdn.c | 8 +++++---
ldap/servers/slapd/plugin_syntax.c | 3 +++
5 files changed, 18 insertions(+), 6 deletions(-)
New commits:
commit dd7054c240f740498b9b7bd08bd5abf170dc30a9
Author: Noriko Hosoi <nhosoi(a)redhat.com>
Date: Thu Mar 11 14:26:07 2010 -0800
572649 - DS8.2 crashes on RHEL 4 (corresponding to bob, ber_2 test case)
https://bugzilla.redhat.com/show_bug.cgi?id=572649
Fix Description: There was a chance to jump to error_return before
back_txn structure was initialized. In the error handling, the
transaction abort is called against the garbage address. Slapi_DN
also gets freed without an initialization. Now these variables
are initialized first.
diff --git a/ldap/servers/slapd/back-ldbm/ldbm_add.c b/ldap/servers/slapd/back-ldbm/ldbm_add.c
index 76cc6bb..f0d563b 100644
--- a/ldap/servers/slapd/back-ldbm/ldbm_add.c
+++ b/ldap/servers/slapd/back-ldbm/ldbm_add.c
@@ -130,6 +130,7 @@ ldbm_back_add( Slapi_PBlock *pb )
inst = (ldbm_instance *) be->be_instance_info;
+ /* sdn & parentsdn need to be initialized before "goto *_return" */
slapi_sdn_init(&sdn);
slapi_sdn_init(&parentsdn);
@@ -137,6 +138,7 @@ ldbm_back_add( Slapi_PBlock *pb )
slapi_entry_delete_values( e, hassubordinates, NULL );
slapi_entry_delete_values( e, numsubordinates, NULL );
+ /* dblayer_txn_init needs to be called before "goto error_return" */
dblayer_txn_init(li,&txn);
/* The dblock serializes writes to the database,
diff --git a/ldap/servers/slapd/back-ldbm/ldbm_delete.c b/ldap/servers/slapd/back-ldbm/ldbm_delete.c
index bc298a9..9cb961c 100644
--- a/ldap/servers/slapd/back-ldbm/ldbm_delete.c
+++ b/ldap/servers/slapd/back-ldbm/ldbm_delete.c
@@ -100,6 +100,12 @@ ldbm_back_delete( Slapi_PBlock *pb )
slapi_pblock_get( pb, SLAPI_OPERATION, &operation );
slapi_pblock_get( pb, SLAPI_IS_REPLICATED_OPERATION, &is_replicated_operation );
+ /* sdn & parentsdn need to be initialized before "goto *_return */
+ slapi_sdn_init(&sdn);
+
+ /* dblayer_txn_init needs to be called before "goto error_return" */
+ dblayer_txn_init(li,&txn);
+
if (pb->pb_conn)
{
slapi_log_error (SLAPI_LOG_TRACE, "ldbm_back_delete", "enter conn=%" NSPRIu64 " op=%d\n", pb->pb_conn->c_connid, operation->o_opid);
@@ -125,8 +131,6 @@ ldbm_back_delete( Slapi_PBlock *pb )
slapi_sdn_init_dn_byref(&sdn,dn);
- dblayer_txn_init(li,&txn);
-
/* The dblock serializes writes to the database,
* which reduces deadlocking in the db code,
* which means that we run faster.
diff --git a/ldap/servers/slapd/back-ldbm/ldbm_modify.c b/ldap/servers/slapd/back-ldbm/ldbm_modify.c
index 3e2b9e9..2b17eee 100644
--- a/ldap/servers/slapd/back-ldbm/ldbm_modify.c
+++ b/ldap/servers/slapd/back-ldbm/ldbm_modify.c
@@ -225,6 +225,8 @@ ldbm_back_modify( Slapi_PBlock *pb )
is_ruv = operation_is_flag_set(operation, OP_FLAG_REPL_RUV);
inst = (ldbm_instance *) be->be_instance_info;
+ /* dblayer_txn_init needs to be called before "goto error_return" */
+ dblayer_txn_init(li,&txn);
if (NULL == addr)
{
goto error_return;
@@ -236,7 +238,6 @@ ldbm_back_modify( Slapi_PBlock *pb )
slapi_pblock_get(pb, SLAPI_PB_RESULT_TEXT, &ldap_result_message);
goto error_return;
}
- dblayer_txn_init(li,&txn);
/* The dblock serializes writes to the database,
* which reduces deadlocking in the db code,
diff --git a/ldap/servers/slapd/back-ldbm/ldbm_modrdn.c b/ldap/servers/slapd/back-ldbm/ldbm_modrdn.c
index b88d964..0dd8eb2 100644
--- a/ldap/servers/slapd/back-ldbm/ldbm_modrdn.c
+++ b/ldap/servers/slapd/back-ldbm/ldbm_modrdn.c
@@ -109,7 +109,8 @@ ldbm_back_modrdn( Slapi_PBlock *pb )
char ebuf[BUFSIZ];
CSN *opcsn = NULL;
- slapi_sdn_init(&dn_newdn);
+ /* sdn & parentsdn need to be initialized before "goto *_return" */
+ slapi_sdn_init(&dn_newdn);
slapi_sdn_init(&dn_parentdn);
slapi_pblock_get( pb, SLAPI_MODRDN_TARGET, &dn );
@@ -121,6 +122,9 @@ ldbm_back_modrdn( Slapi_PBlock *pb )
slapi_pblock_get( pb, SLAPI_IS_REPLICATED_OPERATION, &is_replicated_operation );
is_fixup_operation = operation_is_flag_set(operation, OP_FLAG_REPL_FIXUP);
+ /* dblayer_txn_init needs to be called before "goto error_return" */
+ dblayer_txn_init(li,&txn);
+
if (pb->pb_conn)
{
slapi_log_error (SLAPI_LOG_TRACE, "ldbm_back_modrdn", "enter conn=%" NSPRIu64 " op=%d\n", pb->pb_conn->c_connid, operation->o_opid);
@@ -155,8 +159,6 @@ ldbm_back_modrdn( Slapi_PBlock *pb )
return( -1 );
}
- dblayer_txn_init(li,&txn);
-
/* The dblock serializes writes to the database,
* which reduces deadlocking in the db code,
* which means that we run faster.
diff --git a/ldap/servers/slapd/plugin_syntax.c b/ldap/servers/slapd/plugin_syntax.c
index e2cc7fb..5565d58 100644
--- a/ldap/servers/slapd/plugin_syntax.c
+++ b/ldap/servers/slapd/plugin_syntax.c
@@ -324,6 +324,7 @@ slapi_dn_syntax_check(
/* See if we need to set the error text in the pblock. */
if (errp != &errtext[0]) {
+ /* SLAPI_PB_RESULT_TEXT duplicates the text in slapi_pblock_set */
slapi_pblock_set( pb, SLAPI_PB_RESULT_TEXT, errtext );
}
@@ -413,6 +414,7 @@ slapi_entry_syntax_check(
/* See if we need to set the error text in the pblock. */
if (errp != &errtext[0]) {
+ /* SLAPI_PB_RESULT_TEXT duplicates the text in slapi_pblock_set */
slapi_pblock_set( pb, SLAPI_PB_RESULT_TEXT, errtext );
}
@@ -499,6 +501,7 @@ slapi_mods_syntax_check(
/* See if we need to set the error text in the pblock. */
if (errp != &errtext[0]) {
+ /* SLAPI_PB_RESULT_TEXT duplicates the text in slapi_pblock_set */
slapi_pblock_set( pb, SLAPI_PB_RESULT_TEXT, errtext );
}
14 years, 1 month