March 2010 - 389-commits - Fedora Mailing-Lists

by Noriko Hosoi

ldap/servers/slapd/back-ldbm/ldbm_add.c | 1 + ldap/servers/slapd/back-ldbm/ldbm_delete.c | 8 ++++++-- ldap/servers/slapd/back-ldbm/ldbm_modify.c | 2 +- ldap/servers/slapd/back-ldbm/ldbm_modrdn.c | 6 ++++-- ldap/servers/slapd/plugin_syntax.c | 3 +++ 5 files changed, 15 insertions(+), 5 deletions(-) New commits: commit 2b39f92cf4bd22e2091c35b0c92e945423b311ef Author: Noriko Hosoi <nhosoi(a)redhat.com> Date: Thu Mar 11 16:51:26 2010 -0800 572649 - DS8.2 crashes on RHEL 4 (corresponding to bob, ber_2 test case) https://bugzilla.redhat.com/show_bug.cgi?id=572649 Fix Description: There was a chance to jump to error_return before back_txn structure was initialized. In the error handling, the transaction abort is called against the garbage address. Slapi_DN also gets freed without an initialization. Now these variables are initialized first. diff --git a/ldap/servers/slapd/back-ldbm/ldbm_add.c b/ldap/servers/slapd/back-ldbm/ldbm_add.c index 11b2fa6..d2d6197 100644 --- a/ldap/servers/slapd/back-ldbm/ldbm_add.c +++ b/ldap/servers/slapd/back-ldbm/ldbm_add.c @@ -130,6 +130,7 @@ ldbm_back_add( Slapi_PBlock *pb ) inst = (ldbm_instance *) be->be_instance_info; + /* sdn & parentsdn need to be initialized before "goto *_return" */ slapi_sdn_init(&sdn); slapi_sdn_init(&parentsdn); diff --git a/ldap/servers/slapd/back-ldbm/ldbm_delete.c b/ldap/servers/slapd/back-ldbm/ldbm_delete.c index 8224114..98374ee 100644 --- a/ldap/servers/slapd/back-ldbm/ldbm_delete.c +++ b/ldap/servers/slapd/back-ldbm/ldbm_delete.c @@ -100,6 +100,12 @@ ldbm_back_delete( Slapi_PBlock *pb ) slapi_pblock_get( pb, SLAPI_OPERATION, &operation ); slapi_pblock_get( pb, SLAPI_IS_REPLICATED_OPERATION, &is_replicated_operation ); + /* sdn & parentsdn need to be initialized before "goto *_return */ + slapi_sdn_init(&sdn); + + /* dblayer_txn_init needs to be called before "goto error_return" */ + dblayer_txn_init(li,&txn); + if (pb->pb_conn) { slapi_log_error (SLAPI_LOG_TRACE, "ldbm_back_delete", "enter conn=%" NSPRIu64 " op=%d\n", pb->pb_conn->c_connid, operation->o_opid); @@ -125,8 +131,6 @@ ldbm_back_delete( Slapi_PBlock *pb ) slapi_sdn_init_dn_byref(&sdn,dn); - dblayer_txn_init(li,&txn); - /* The dblock serializes writes to the database, * which reduces deadlocking in the db code, * which means that we run faster. diff --git a/ldap/servers/slapd/back-ldbm/ldbm_modify.c b/ldap/servers/slapd/back-ldbm/ldbm_modify.c index 3cda1d8..cf41a64 100644 --- a/ldap/servers/slapd/back-ldbm/ldbm_modify.c +++ b/ldap/servers/slapd/back-ldbm/ldbm_modify.c @@ -226,6 +226,7 @@ ldbm_back_modify( Slapi_PBlock *pb ) is_ruv = operation_is_flag_set(operation, OP_FLAG_REPL_RUV); inst = (ldbm_instance *) be->be_instance_info; + dblayer_txn_init(li,&txn); if (NULL == addr) { goto error_return; @@ -237,7 +238,6 @@ ldbm_back_modify( Slapi_PBlock *pb ) slapi_pblock_get(pb, SLAPI_PB_RESULT_TEXT, &ldap_result_message); goto error_return; } - dblayer_txn_init(li,&txn); /* The dblock serializes writes to the database, * which reduces deadlocking in the db code, diff --git a/ldap/servers/slapd/back-ldbm/ldbm_modrdn.c b/ldap/servers/slapd/back-ldbm/ldbm_modrdn.c index 5e2b185..a3f1929 100644 --- a/ldap/servers/slapd/back-ldbm/ldbm_modrdn.c +++ b/ldap/servers/slapd/back-ldbm/ldbm_modrdn.c @@ -109,6 +109,7 @@ ldbm_back_modrdn( Slapi_PBlock *pb ) char ebuf[BUFSIZ]; CSN *opcsn = NULL; + /* sdn & parentsdn need to be initialized before "goto *_return" */ slapi_sdn_init(&dn_newdn); slapi_sdn_init(&dn_parentdn); @@ -121,6 +122,9 @@ ldbm_back_modrdn( Slapi_PBlock *pb ) slapi_pblock_get( pb, SLAPI_IS_REPLICATED_OPERATION, &is_replicated_operation ); is_fixup_operation = operation_is_flag_set(operation, OP_FLAG_REPL_FIXUP); + /* dblayer_txn_init needs to be called before "goto error_return" */ + dblayer_txn_init(li,&txn); + if (pb->pb_conn) { slapi_log_error (SLAPI_LOG_TRACE, "ldbm_back_modrdn", "enter conn=%" NSPRIu64 " op=%d\n", pb->pb_conn->c_connid, operation->o_opid); @@ -159,8 +163,6 @@ ldbm_back_modrdn( Slapi_PBlock *pb ) return( -1 ); } - dblayer_txn_init(li,&txn); - /* The dblock serializes writes to the database, * which reduces deadlocking in the db code, * which means that we run faster. diff --git a/ldap/servers/slapd/plugin_syntax.c b/ldap/servers/slapd/plugin_syntax.c index 80ce12a..384692d 100644 --- a/ldap/servers/slapd/plugin_syntax.c +++ b/ldap/servers/slapd/plugin_syntax.c @@ -335,6 +335,7 @@ slapi_dn_syntax_check( /* See if we need to set the error text in the pblock. */ if (errp != &errtext[0]) { + /* SLAPI_PB_RESULT_TEXT duplicates the text in slapi_pblock_set */ slapi_pblock_set( pb, SLAPI_PB_RESULT_TEXT, errtext ); } @@ -424,6 +425,7 @@ slapi_entry_syntax_check( /* See if we need to set the error text in the pblock. */ if (errp != &errtext[0]) { + /* SLAPI_PB_RESULT_TEXT duplicates the text in slapi_pblock_set */ slapi_pblock_set( pb, SLAPI_PB_RESULT_TEXT, errtext ); } @@ -510,6 +512,7 @@ slapi_mods_syntax_check( /* See if we need to set the error text in the pblock. */ if (errp != &errtext[0]) { + /* SLAPI_PB_RESULT_TEXT duplicates the text in slapi_pblock_set */ slapi_pblock_set( pb, SLAPI_PB_RESULT_TEXT, errtext ); }

14 years, 1 month

1
0
0 / 0

ldap/servers

by Noriko Hosoi

ldap/servers/slapd/back-ldbm/import-threads.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) New commits: commit dc2f7d061279089651fb56b57183496cf6926fc7 Author: Noriko Hosoi <nhosoi(a)jiji.sjc.redhat.com> Date: Thu Mar 11 16:37:42 2010 -0800 570107 - The import of LDIFs with base-64 encoded DNs fails, modrdn with non-ASCII new rdn incorrect https://bugzilla.redhat.com/show_bug.cgi?id=570107 Description: When getting the DN value from the raw ldif file, it was strictly checking "dn: ", which was incomplete. We should have checked "dn:: " for the Base64 encoded DN. This patch is adding the case. diff --git a/ldap/servers/slapd/back-ldbm/import-threads.c b/ldap/servers/slapd/back-ldbm/import-threads.c index 37e1f4d..6cc1b66 100644 --- a/ldap/servers/slapd/back-ldbm/import-threads.c +++ b/ldap/servers/slapd/back-ldbm/import-threads.c @@ -521,10 +521,12 @@ import_producer(void *param) if (!(str2entry_flags & SLAPI_STR2ENTRY_INCLUDE_VERSION_STR) && entryrdn_get_switch()) { /* subtree-rename: on */ char *dn = NULL; - int rc = 0; /* estr should start with "dn: " */ + int rc = 0; /* estr should start with "dn: " or "dn:: " */ if (strncmp(estr, "dn: ", 4) && - NULL == strstr(estr, "\ndn: ")) { /* in case comments precedes + NULL == strstr(estr, "\ndn: ") && /* in case comments precedes the entry */ + strncmp(estr, "dn:: ", 5) && + NULL == strstr(estr, "\ndn:: ")) { /* ditto */ import_log_notice(job, "WARNING: skipping bad LDIF entry (not " "starting with \"dn: \") ending line %d of file \"%s\"", curr_lineno, curr_filename);

14 years, 1 month

1
0
0 / 0

Branch 'Directory_Server_8_2_Branch' - ldap/servers

by Noriko Hosoi

ldap/servers/plugins/syntaxes/validate.c | 1 ldap/servers/slapd/back-ldbm/ldbm_add.c | 9 + ldap/servers/slapd/dn.c | 153 +++++++++++++++++++------------ 3 files changed, 102 insertions(+), 61 deletions(-) New commits: commit b46d314292ae186a64692e550e7e1fa289596f08 Author: Noriko Hosoi <nhosoi(a)redhat.com> Date: Thu Mar 11 11:10:48 2010 -0800 199923 - subtree search fails to find items under a db containing special characters https://bugzilla.redhat.com/show_bug.cgi?id=199923 Description: regression observed in the tests. > as of March 04, 2010, this is happening again. Fix Description: dn.c: Based upon RFC 4514, the following characters in the RDN values need to be escaped: '+', ';', '<', '>', and '=' for the intermediate characters '+', ';', '<', '>', '=', '#' and ' ' for leading characters '+', ';', '<', '>', '=', and ' ' for trailing characters validate.c: If an escaped character followed by another escaped character, e.g., \#\<, the pointer was moved twice skipping '\' before '<' and it makes the validation fail. ldbm_add.c: a local variable addr was not initialized. diff --git a/ldap/servers/plugins/syntaxes/validate.c b/ldap/servers/plugins/syntaxes/validate.c index d0da4be..aab6d9c 100644 --- a/ldap/servers/plugins/syntaxes/validate.c +++ b/ldap/servers/plugins/syntaxes/validate.c @@ -535,7 +535,6 @@ int rdn_validate( const char *begin, const char *end, const char **last ) } p++; } - p++; /* Only allow 'SUTF1' chars now. */ } else if (!IS_SUTF1(*p)) { rc = 1; diff --git a/ldap/servers/slapd/back-ldbm/ldbm_add.c b/ldap/servers/slapd/back-ldbm/ldbm_add.c index 3bd6eae..76cc6bb 100644 --- a/ldap/servers/slapd/back-ldbm/ldbm_add.c +++ b/ldap/servers/slapd/back-ldbm/ldbm_add.c @@ -112,7 +112,7 @@ ldbm_back_add( Slapi_PBlock *pb ) int is_fixup_operation= 0; int is_ruv = 0; /* True if the current entry is RUV */ CSN *opcsn = NULL; - entry_address addr; + entry_address addr = {0}; slapi_pblock_get( pb, SLAPI_PLUGIN_PRIVATE, &li ); slapi_pblock_get( pb, SLAPI_ADD_ENTRY, &e ); @@ -188,7 +188,7 @@ ldbm_back_add( Slapi_PBlock *pb ) { /* Check if an entry with the intended uniqueid already exists. */ done_with_pblock_entry(pb,SLAPI_ADD_EXISTING_UNIQUEID_ENTRY); /* Could be through this multiple times */ - addr.dn = NULL; + addr.dn = addr.udn = NULL; addr.uniqueid = (char*)slapi_entry_get_uniqueid(e); /* jcm - cast away const */ ldap_result_code= get_copy_of_entry(pb, &addr, &txn, SLAPI_ADD_EXISTING_UNIQUEID_ENTRY, !is_replicated_operation); } @@ -211,6 +211,7 @@ ldbm_back_add( Slapi_PBlock *pb ) /* Check if an entry with the intended DN already exists. */ done_with_pblock_entry(pb,SLAPI_ADD_EXISTING_DN_ENTRY); /* Could be through this multiple times */ addr.dn = dn; + addr.udn = NULL; addr.uniqueid = NULL; ldap_result_code= get_copy_of_entry(pb, &addr, &txn, SLAPI_ADD_EXISTING_DN_ENTRY, !is_replicated_operation); if(ldap_result_code==LDAP_OPERATIONS_ERROR || @@ -226,6 +227,7 @@ ldbm_back_add( Slapi_PBlock *pb ) { done_with_pblock_entry(pb,SLAPI_ADD_PARENT_ENTRY); /* Could be through this multiple times */ addr.dn = (char*)slapi_sdn_get_dn (&parentsdn); /* get_copy_of_entry assumes the DN is not normalized */ + addr.udn = NULL; addr.uniqueid = operation->o_params.p.p_add.parentuniqueid; ldap_result_code= get_copy_of_entry(pb, &addr, &txn, SLAPI_ADD_PARENT_ENTRY, !is_replicated_operation); /* need to set parentsdn or parentuniqueid if either is not set? */ @@ -265,6 +267,7 @@ ldbm_back_add( Slapi_PBlock *pb ) if(have_parent_address(&parentsdn, operation->o_params.p.p_add.parentuniqueid)) { addr.dn = (char*)slapi_sdn_get_dn (&parentsdn); + addr.udn = NULL; addr.uniqueid = operation->o_params.p.p_add.parentuniqueid; parententry = find_entry2modify_only(pb,be,&addr,&txn); if (parententry && parententry->ep_entry) { @@ -345,7 +348,7 @@ ldbm_back_add( Slapi_PBlock *pb ) * When we resurect a tombstone we must use its UniqueID * to find the tombstone entry and lock it down in the cache. */ - addr.dn = NULL; + addr.dn = addr.udn = NULL; addr.uniqueid = (char *)slapi_entry_get_uniqueid(e); /* jcm - cast away const */ tombstoneentry = find_entry2modify( pb, be, &addr, NULL ); if ( tombstoneentry==NULL ) diff --git a/ldap/servers/slapd/dn.c b/ldap/servers/slapd/dn.c index 6aa7ae7..3ab9327 100644 --- a/ldap/servers/slapd/dn.c +++ b/ldap/servers/slapd/dn.c @@ -77,10 +77,16 @@ hexchar2int( char c ) return( -1 ); } -#define DNSEPARATOR(c) (c == ',' || c == ';') -#define SEPARATOR(c) (c == ',' || c == ';' || c == '+') -#define SPACE(c) (c == ' ' || c == '\n') /* XXX 518524 */ -#define NEEDSESCAPE(c) (c == '\\' || c == '"') +#define DNSEPARATOR(c) (((c) == ',') || ((c) == ';')) +#define SEPARATOR(c) (((c) == ',') || ((c) == ';') || ((c) == '+')) +#define SPACE(c) (((c) == ' ') || ((c) == '\n')) /* XXX 518524 */ +#define NEEDSESCAPE(c) (((c) == '\\') || ((c) == '"') || ((c) == '+') || \ + ((c) == ',') || ((c) == ';') || ((c) == '<') || ((c) == '>') || ((c) == '=')) +#define LEADNEEDSESCAPE(c) (((c) == ' ') || ((c) == '#') || NEEDSESCAPE(c)) +#if 0 /* not used */ +#define ONLYTRAILNEEDSESCAPE(c) ((c) == ' ') +#define TRAILNEEDSESCAPE(c) (ONLYTRAILNEEDSESCAPE(c) || NEEDSESCAPE(c)) +#endif #define B4TYPE 0 #define INTYPE 1 #define B4EQUAL 2 @@ -88,6 +94,7 @@ hexchar2int( char c ) #define INVALUE 4 #define INQUOTEDVALUE 5 #define B4SEPARATOR 6 +#define INVALUE1ST 7 #define SLAPI_DNNORM_INITIAL_RDN_AVS 10 #define SLAPI_DNNORM_SMALL_RDN_AV 512 @@ -148,6 +155,8 @@ substr_dn_normalize( char *dn, char *end ) char *d = NULL; char *s = NULL; char *typestart = NULL; + char *rdnbegin = NULL; + char *lastesc = NULL; int gotesc = 0; int state = B4TYPE; int rdn_av_count = 0; @@ -186,75 +195,104 @@ substr_dn_normalize( char *dn, char *end ) if ( *s == '"' || ! SPACE( *s ) ) { value_separator = NULL; value = d; - state = ( *s == '"' ) ? INQUOTEDVALUE : INVALUE; + state = ( *s == '"' ) ? INQUOTEDVALUE : INVALUE1ST; + rdnbegin = d; + lastesc = NULL; *d++ = *s; } break; + case INVALUE1ST: case INVALUE: if ( gotesc ) { if ( SEPARATOR( *s ) ) { value_separator = d; - } else if ( ! NEEDSESCAPE( *s ) ) { + } + if ( INVALUE1ST == state ) { + if ( !LEADNEEDSESCAPE( *s )) { + /* checking the leading char + special chars */ + --d; /* eliminate the \ */ + } + } else if ( !NEEDSESCAPE( *s ) ) { --d; /* eliminate the \ */ + lastesc = d; } } else if ( SEPARATOR( *s ) ) { - while ( SPACE( *(d - 1) ) ) - d--; + /* handling a trailing escaped space */ + /* assuming a space is the only an extra character which + * is not escaped if it appears in the middle, but should + * be if it does at the end of the RDN value */ + /* e.g., ou=ABC \ ,o=XYZ --> ou=ABC \ ,o=XYZ */ + if ( lastesc ) { + while ( SPACE( *(d - 1) ) && d > lastesc ) { + d--; + } + if ( d == lastesc ) { + *d++ = '\\'; + *d++ = ' '; /* escaped trailing space */ + } + } else { + while ( SPACE( *(d - 1) ) ) { + d--; + } + } if ( value_separator == dn ) { /* 2 or more separators */ - /* convert to quoted value: */ - char *L = NULL; /* char after last seperator */ - char *R; /* value character iterator */ - int escape_skips = 0; /* number of escapes we have seen after the first */ - - for ( R = value; (R = strchr( R, '\\' )) && (R < d); L = ++R ) { - if ( SEPARATOR( R[1] )) { - if ( L == NULL ) { - /* executes once, at first escape, adds opening quote */ - const size_t len = R - value; + /* convert to quoted value: */ + char *L = NULL; /* char after last seperator */ + char *R; /* value character iterator */ + int escape_skips = 0; /* number of escapes we have seen after the first */ + + for ( R = value; (R = strchr( R, '\\' )) && (R < d); L = ++R ) { + if ( SEPARATOR( R[1] )) { + if ( L == NULL ) { + /* executes once, at first escape, adds opening quote */ + const size_t len = R - value; - /* make room for quote by covering escape */ - if ( len > 0 ) { - memmove( value+1, value, len ); + /* make room for quote by covering escape */ + if ( len > 0 ) { + memmove( value+1, value, len ); + } + + *value = '"'; /* opening quote */ + value = R + 1; /* move passed what has been parsed */ + } else { + const size_t len = R - L; + if ( len > 0 ) { + /* remove the seperator */ + memmove( value, L, len ); + value += len; /* move passed what has been parsed */ + } + --d; + ++escape_skips; } + } /* if ( SEPARATOR( R[1] )) */ + } /* for */ + memmove( value, L, d - L + escape_skips ); + *d++ = '"'; /* closing quote */ + } /* if (value_separator == dn) */ + state = B4TYPE; - *value = '"'; /* opening quote */ - value = R + 1; /* move passed what has been parsed */ - } else { - const size_t len = R - L; - if ( len > 0 ) { - /* remove the seperator */ - memmove( value, L, len ); - value += len; /* move passed what has been parsed */ - } - --d; - ++escape_skips; - } - } - } - memmove( value, L, d - L + escape_skips ); - *d++ = '"'; /* closing quote */ - } - state = B4TYPE; - - /* - * Track and sort attribute values within - * multivalued RDNs. - */ - if ( *s == '+' || rdn_av_count > 0 ) { - add_rdn_av( typestart, d, &rdn_av_count, - &rdn_avs, initial_rdn_av_stack ); - } - if ( *s != '+' ) { /* at end of this RDN */ - if ( rdn_av_count > 1 ) { - sort_rdn_avs( rdn_avs, rdn_av_count ); + /* + * Track and sort attribute values within + * multivalued RDNs. + */ + if ( *s == '+' || rdn_av_count > 0 ) { + add_rdn_av( typestart, d, &rdn_av_count, + &rdn_avs, initial_rdn_av_stack ); } - if ( rdn_av_count > 0 ) { - reset_rdn_avs( &rdn_avs, &rdn_av_count ); + if ( *s != '+' ) { /* at end of this RDN */ + if ( rdn_av_count > 1 ) { + sort_rdn_avs( rdn_avs, rdn_av_count ); + } + if ( rdn_av_count > 0 ) { + reset_rdn_avs( &rdn_avs, &rdn_av_count ); + } } - } - *d++ = (*s == '+') ? '+' : ','; - break; + *d++ = (*s == '+') ? '+' : ','; + break; + } /* else if ( SEPARATOR( *s ) ) */ + if ( INVALUE1ST == state ) { + state = INVALUE; } *d++ = *s; break; @@ -355,7 +393,8 @@ substr_dn_normalize( char *dn, char *end ) * rdn to our list to sort. We should only be in the INVALUE * or B4SEPARATOR state if we have a valid rdn component to * be added. */ - if ((rdn_av_count > 0) && ((state == INVALUE) || (state == B4SEPARATOR))) { + if ((rdn_av_count > 0) && ((state == INVALUE1ST) || + (state == INVALUE) || (state == B4SEPARATOR))) { add_rdn_av( typestart, d, &rdn_av_count, &rdn_avs, initial_rdn_av_stack ); }

14 years, 1 month

1
0
0 / 0

ldap/servers

by Noriko Hosoi

ldap/servers/plugins/syntaxes/validate.c | 1 ldap/servers/slapd/back-ldbm/ldbm_add.c | 9 + ldap/servers/slapd/dn.c | 153 +++++++++++++++++++------------ 3 files changed, 102 insertions(+), 61 deletions(-) New commits: commit f11afee0ca0c4039cebc0efe4388b95776b6da4b Author: Noriko Hosoi <nhosoi(a)redhat.com> Date: Thu Mar 11 11:10:48 2010 -0800 199923 - subtree search fails to find items under a db containing special characters https://bugzilla.redhat.com/show_bug.cgi?id=199923 Description: regression observed in the tests. > as of March 04, 2010, this is happening again. Fix Description: dn.c: Based upon RFC 4514, the following characters in the RDN values need to be escaped: '+', ';', '<', '>', and '=' for the intermediate characters '+', ';', '<', '>', '=', '#' and ' ' for leading characters '+', ';', '<', '>', '=', and ' ' for trailing characters validate.c: If an escaped character followed by another escaped character, e.g., \#\<, the pointer was moved twice skipping '\' before '<' and it makes the validation fail. ldbm_add.c: a local variable addr was not initialized. diff --git a/ldap/servers/plugins/syntaxes/validate.c b/ldap/servers/plugins/syntaxes/validate.c index d0da4be..aab6d9c 100644 --- a/ldap/servers/plugins/syntaxes/validate.c +++ b/ldap/servers/plugins/syntaxes/validate.c @@ -535,7 +535,6 @@ int rdn_validate( const char *begin, const char *end, const char **last ) } p++; } - p++; /* Only allow 'SUTF1' chars now. */ } else if (!IS_SUTF1(*p)) { rc = 1; diff --git a/ldap/servers/slapd/back-ldbm/ldbm_add.c b/ldap/servers/slapd/back-ldbm/ldbm_add.c index 0db57f6..11b2fa6 100644 --- a/ldap/servers/slapd/back-ldbm/ldbm_add.c +++ b/ldap/servers/slapd/back-ldbm/ldbm_add.c @@ -112,7 +112,7 @@ ldbm_back_add( Slapi_PBlock *pb ) int is_fixup_operation= 0; int is_ruv = 0; /* True if the current entry is RUV */ CSN *opcsn = NULL; - entry_address addr; + entry_address addr = {0}; slapi_pblock_get( pb, SLAPI_PLUGIN_PRIVATE, &li ); slapi_pblock_get( pb, SLAPI_ADD_ENTRY, &e ); @@ -188,7 +188,7 @@ ldbm_back_add( Slapi_PBlock *pb ) { /* Check if an entry with the intended uniqueid already exists. */ done_with_pblock_entry(pb,SLAPI_ADD_EXISTING_UNIQUEID_ENTRY); /* Could be through this multiple times */ - addr.dn = NULL; + addr.dn = addr.udn = NULL; addr.uniqueid = (char*)slapi_entry_get_uniqueid(e); /* jcm - cast away const */ ldap_result_code= get_copy_of_entry(pb, &addr, &txn, SLAPI_ADD_EXISTING_UNIQUEID_ENTRY, !is_replicated_operation); } @@ -211,6 +211,7 @@ ldbm_back_add( Slapi_PBlock *pb ) /* Check if an entry with the intended DN already exists. */ done_with_pblock_entry(pb,SLAPI_ADD_EXISTING_DN_ENTRY); /* Could be through this multiple times */ addr.dn = dn; + addr.udn = NULL; addr.uniqueid = NULL; ldap_result_code= get_copy_of_entry(pb, &addr, &txn, SLAPI_ADD_EXISTING_DN_ENTRY, !is_replicated_operation); if(ldap_result_code==LDAP_OPERATIONS_ERROR || @@ -226,6 +227,7 @@ ldbm_back_add( Slapi_PBlock *pb ) { done_with_pblock_entry(pb,SLAPI_ADD_PARENT_ENTRY); /* Could be through this multiple times */ addr.dn = (char*)slapi_sdn_get_dn (&parentsdn); /* get_copy_of_entry assumes the DN is not normalized */ + addr.udn = NULL; addr.uniqueid = operation->o_params.p.p_add.parentuniqueid; ldap_result_code= get_copy_of_entry(pb, &addr, &txn, SLAPI_ADD_PARENT_ENTRY, !is_replicated_operation); /* need to set parentsdn or parentuniqueid if either is not set? */ @@ -265,6 +267,7 @@ ldbm_back_add( Slapi_PBlock *pb ) if(have_parent_address(&parentsdn, operation->o_params.p.p_add.parentuniqueid)) { addr.dn = (char*)slapi_sdn_get_dn (&parentsdn); + addr.udn = NULL; addr.uniqueid = operation->o_params.p.p_add.parentuniqueid; parententry = find_entry2modify_only(pb,be,&addr,&txn); if (parententry && parententry->ep_entry) { @@ -345,7 +348,7 @@ ldbm_back_add( Slapi_PBlock *pb ) * When we resurect a tombstone we must use its UniqueID * to find the tombstone entry and lock it down in the cache. */ - addr.dn = NULL; + addr.dn = addr.udn = NULL; addr.uniqueid = (char *)slapi_entry_get_uniqueid(e); /* jcm - cast away const */ tombstoneentry = find_entry2modify( pb, be, &addr, NULL ); if ( tombstoneentry==NULL ) diff --git a/ldap/servers/slapd/dn.c b/ldap/servers/slapd/dn.c index 2fb36e9..2e5ac00 100644 --- a/ldap/servers/slapd/dn.c +++ b/ldap/servers/slapd/dn.c @@ -77,10 +77,16 @@ hexchar2int( char c ) return( -1 ); } -#define DNSEPARATOR(c) (c == ',' || c == ';') -#define SEPARATOR(c) (c == ',' || c == ';' || c == '+') -#define SPACE(c) (c == ' ' || c == '\n') /* XXX 518524 */ -#define NEEDSESCAPE(c) (c == '\\' || c == '"') +#define DNSEPARATOR(c) (((c) == ',') || ((c) == ';')) +#define SEPARATOR(c) (((c) == ',') || ((c) == ';') || ((c) == '+')) +#define SPACE(c) (((c) == ' ') || ((c) == '\n')) /* XXX 518524 */ +#define NEEDSESCAPE(c) (((c) == '\\') || ((c) == '"') || ((c) == '+') || \ + ((c) == ',') || ((c) == ';') || ((c) == '<') || ((c) == '>') || ((c) == '=')) +#define LEADNEEDSESCAPE(c) (((c) == ' ') || ((c) == '#') || NEEDSESCAPE(c)) +#if 0 /* not used */ +#define ONLYTRAILNEEDSESCAPE(c) ((c) == ' ') +#define TRAILNEEDSESCAPE(c) (ONLYTRAILNEEDSESCAPE(c) || NEEDSESCAPE(c)) +#endif #define B4TYPE 0 #define INTYPE 1 #define B4EQUAL 2 @@ -88,6 +94,7 @@ hexchar2int( char c ) #define INVALUE 4 #define INQUOTEDVALUE 5 #define B4SEPARATOR 6 +#define INVALUE1ST 7 #define SLAPI_DNNORM_INITIAL_RDN_AVS 10 #define SLAPI_DNNORM_SMALL_RDN_AV 512 @@ -148,6 +155,8 @@ substr_dn_normalize( char *dn, char *end ) char *d = NULL; char *s = NULL; char *typestart = NULL; + char *rdnbegin = NULL; + char *lastesc = NULL; int gotesc = 0; int state = B4TYPE; int rdn_av_count = 0; @@ -186,75 +195,104 @@ substr_dn_normalize( char *dn, char *end ) if ( *s == '"' || ! SPACE( *s ) ) { value_separator = NULL; value = d; - state = ( *s == '"' ) ? INQUOTEDVALUE : INVALUE; + state = ( *s == '"' ) ? INQUOTEDVALUE : INVALUE1ST; + rdnbegin = d; + lastesc = NULL; *d++ = *s; } break; + case INVALUE1ST: case INVALUE: if ( gotesc ) { if ( SEPARATOR( *s ) ) { value_separator = d; - } else if ( ! NEEDSESCAPE( *s ) ) { + } + if ( INVALUE1ST == state ) { + if ( !LEADNEEDSESCAPE( *s )) { + /* checking the leading char + special chars */ + --d; /* eliminate the \ */ + } + } else if ( !NEEDSESCAPE( *s ) ) { --d; /* eliminate the \ */ + lastesc = d; } } else if ( SEPARATOR( *s ) ) { - while ( SPACE( *(d - 1) ) ) - d--; + /* handling a trailing escaped space */ + /* assuming a space is the only an extra character which + * is not escaped if it appears in the middle, but should + * be if it does at the end of the RDN value */ + /* e.g., ou=ABC \ ,o=XYZ --> ou=ABC \ ,o=XYZ */ + if ( lastesc ) { + while ( SPACE( *(d - 1) ) && d > lastesc ) { + d--; + } + if ( d == lastesc ) { + *d++ = '\\'; + *d++ = ' '; /* escaped trailing space */ + } + } else { + while ( SPACE( *(d - 1) ) ) { + d--; + } + } if ( value_separator == dn ) { /* 2 or more separators */ - /* convert to quoted value: */ - char *L = NULL; /* char after last seperator */ - char *R; /* value character iterator */ - int escape_skips = 0; /* number of escapes we have seen after the first */ - - for ( R = value; (R = strchr( R, '\\' )) && (R < d); L = ++R ) { - if ( SEPARATOR( R[1] )) { - if ( L == NULL ) { - /* executes once, at first escape, adds opening quote */ - const size_t len = R - value; + /* convert to quoted value: */ + char *L = NULL; /* char after last seperator */ + char *R; /* value character iterator */ + int escape_skips = 0; /* number of escapes we have seen after the first */ + + for ( R = value; (R = strchr( R, '\\' )) && (R < d); L = ++R ) { + if ( SEPARATOR( R[1] )) { + if ( L == NULL ) { + /* executes once, at first escape, adds opening quote */ + const size_t len = R - value; - /* make room for quote by covering escape */ - if ( len > 0 ) { - memmove( value+1, value, len ); + /* make room for quote by covering escape */ + if ( len > 0 ) { + memmove( value+1, value, len ); + } + + *value = '"'; /* opening quote */ + value = R + 1; /* move passed what has been parsed */ + } else { + const size_t len = R - L; + if ( len > 0 ) { + /* remove the seperator */ + memmove( value, L, len ); + value += len; /* move passed what has been parsed */ + } + --d; + ++escape_skips; } + } /* if ( SEPARATOR( R[1] )) */ + } /* for */ + memmove( value, L, d - L + escape_skips ); + *d++ = '"'; /* closing quote */ + } /* if (value_separator == dn) */ + state = B4TYPE; - *value = '"'; /* opening quote */ - value = R + 1; /* move passed what has been parsed */ - } else { - const size_t len = R - L; - if ( len > 0 ) { - /* remove the seperator */ - memmove( value, L, len ); - value += len; /* move passed what has been parsed */ - } - --d; - ++escape_skips; - } - } - } - memmove( value, L, d - L + escape_skips ); - *d++ = '"'; /* closing quote */ - } - state = B4TYPE; - - /* - * Track and sort attribute values within - * multivalued RDNs. - */ - if ( *s == '+' || rdn_av_count > 0 ) { - add_rdn_av( typestart, d, &rdn_av_count, - &rdn_avs, initial_rdn_av_stack ); - } - if ( *s != '+' ) { /* at end of this RDN */ - if ( rdn_av_count > 1 ) { - sort_rdn_avs( rdn_avs, rdn_av_count ); + /* + * Track and sort attribute values within + * multivalued RDNs. + */ + if ( *s == '+' || rdn_av_count > 0 ) { + add_rdn_av( typestart, d, &rdn_av_count, + &rdn_avs, initial_rdn_av_stack ); } - if ( rdn_av_count > 0 ) { - reset_rdn_avs( &rdn_avs, &rdn_av_count ); + if ( *s != '+' ) { /* at end of this RDN */ + if ( rdn_av_count > 1 ) { + sort_rdn_avs( rdn_avs, rdn_av_count ); + } + if ( rdn_av_count > 0 ) { + reset_rdn_avs( &rdn_avs, &rdn_av_count ); + } } - } - *d++ = (*s == '+') ? '+' : ','; - break; + *d++ = (*s == '+') ? '+' : ','; + break; + } /* else if ( SEPARATOR( *s ) ) */ + if ( INVALUE1ST == state ) { + state = INVALUE; } *d++ = *s; break; @@ -355,7 +393,8 @@ substr_dn_normalize( char *dn, char *end ) * rdn to our list to sort. We should only be in the INVALUE * or B4SEPARATOR state if we have a valid rdn component to * be added. */ - if ((rdn_av_count > 0) && ((state == INVALUE) || (state == B4SEPARATOR))) { + if ((rdn_av_count > 0) && ((state == INVALUE1ST) || + (state == INVALUE) || (state == B4SEPARATOR))) { add_rdn_av( typestart, d, &rdn_av_count, &rdn_avs, initial_rdn_av_stack ); }

14 years, 1 month

1
0
0 / 0

ldap/admin

by Richard Allen Megginson

ldap/admin/src/scripts/DSCreate.pm.in | 2 +- ldap/admin/src/scripts/DSUtil.pm.in | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) New commits: commit be17b937b06eeb0822189951a6f63cfb87749e32 Author: Endi S. Dewata <edewata(a)redhat.com> Date: Tue Mar 9 15:58:40 2010 -0600 Bug 570542 - Root password cannot contain matching curly braces https://bugzilla.redhat.com/show_bug.cgi?id=570542 Resolves: bug 570542 Bug Description: Root password cannot contain matching curly braces Branch: HEAD Fix Description: The scripts have been modified to check for matching curly braces only at the beginning of the password. Matching curly braces anywhere else would be accepted as a valid password. diff --git a/ldap/admin/src/scripts/DSCreate.pm.in b/ldap/admin/src/scripts/DSCreate.pm.in index f8757ff..06b2d1f 100644 --- a/ldap/admin/src/scripts/DSCreate.pm.in +++ b/ldap/admin/src/scripts/DSCreate.pm.in @@ -124,7 +124,7 @@ sub sanityCheckParams { return ('dialog_dsrootdn_error', $inf->{slapd}->{RootDN}); } - if ($inf->{slapd}->{RootDNPwd} =~ /\{\w+\}.+/) { + if ($inf->{slapd}->{RootDNPwd} =~ /^\{\w+\}.+/) { debug(1, "The root password is already hashed - no checking will be performed\n"); } elsif (length($inf->{slapd}->{RootDNPwd}) < 8) { debug(0, "WARNING: The root password is less than 8 characters long. You should choose a longer one.\n"); diff --git a/ldap/admin/src/scripts/DSUtil.pm.in b/ldap/admin/src/scripts/DSUtil.pm.in index a8f3a30..c292d4e 100644 --- a/ldap/admin/src/scripts/DSUtil.pm.in +++ b/ldap/admin/src/scripts/DSUtil.pm.in @@ -728,7 +728,7 @@ sub getHashedPassword { my $pwd = shift; my $alg = shift; - if ($pwd =~ /\{\w+\}.+/) { + if ($pwd =~ /^\{\w+\}.+/) { return $pwd; # already hashed }

14 years, 1 month

1
0
0 / 0

ldap/admin

by Richard Allen Megginson

ldap/admin/src/scripts/DSCreate.pm.in | 72 ++++++++++++++++++++--- ldap/admin/src/scripts/DSUtil.pm.in | 38 ------------ ldap/admin/src/scripts/remove-ds.pl.in | 28 +++----- ldap/admin/src/scripts/restart-dirsrv.in | 25 ++++++- ldap/admin/src/scripts/start-dirsrv.in | 27 +++++++- ldap/admin/src/scripts/stop-dirsrv.in | 27 +++++++- ldap/admin/src/scripts/template-restart-slapd.in | 2 ldap/admin/src/scripts/template-start-slapd.in | 2 ldap/admin/src/scripts/template-stop-slapd.in | 2 9 files changed, 145 insertions(+), 78 deletions(-) New commits: commit 7701c5626647ddfa44e4f4b11a11d3c384beffa7 Author: Endi S. Dewata <edewata(a)redhat.com> Date: Tue Mar 9 10:56:34 2010 -0600 Bug 538525 - Ability to create instance as non-root user https://bugzilla.redhat.com/show_bug.cgi?id=538525 Resolves: bug 538525 Bug Description: Ability to create instance as non-root user Branch: HEAD Fix Description: By default for root user the init config file will be stored in /etc/sysconfig and for non-root user it will be stored in $HOME/.dirsrv folder. A new parameter [slapd] initconfig_dir is added to the .inf file to specify a non-default folder for the init config folder. This folder must exist prior to running the DS tools. The folder can also be specified via setup-ds.pl command-line parameter slapd.initconfig_dir. A new parameter -d is added to the start-dirsrv, restart-dirsrv, and stop-dirsrv to specify the non-default init config folder. A new parameter --initconfig_dir is added to remove-ds.pl to specify the non-default init config folder. The templates for start-slapd, restart-slapd, stop-slapd scripts have been modified to specify the init config folder. diff --git a/ldap/admin/src/scripts/DSCreate.pm.in b/ldap/admin/src/scripts/DSCreate.pm.in index fb2a4d7..f8757ff 100644 --- a/ldap/admin/src/scripts/DSCreate.pm.in +++ b/ldap/admin/src/scripts/DSCreate.pm.in @@ -260,6 +260,17 @@ sub createInstanceScripts { my $perlexec = "@perlexec@" || "/usr/bin/env perl"; my $myperl = "!$perlexec"; my $mydevnull = (-f "/dev/null" ? " /dev/null " : " NUL "); + + # determine initconfig_dir + my $initconfig_dir = $inf->{slapd}->{initconfig_dir}; + if (!$initconfig_dir) { + if ($ENV{USER} eq 'root') { + $initconfig_dir = "$inf->{General}->{prefix}@initconfigdir@"; + } else { + $initconfig_dir = "$ENV{HOME}/.@package_name@"; + } + } + my %maptable = ( "DS-ROOT" => $inf->{General}->{prefix}, "SEP" => "/", # works on all platforms @@ -273,6 +284,7 @@ sub createInstanceScripts { "BAK-DIR" => $inf->{slapd}->{bak_dir}, "SERVER-DIR" => $inf->{General}->{ServerRoot}, "CONFIG-DIR" => $inf->{slapd}->{config_dir}, + "INITCONFIG-DIR" => $initconfig_dir, "INST-DIR" => $inf->{slapd}->{inst_dir}, "RUN-DIR" => $inf->{slapd}->{run_dir}, "PRODUCT-NAME" => "slapd", @@ -458,9 +470,21 @@ sub makeOtherConfigFiles { return @errs; } + # determine initconfig_dir + my $initconfig_dir = $inf->{slapd}->{initconfig_dir}; + if (!$initconfig_dir) { + if ($ENV{USER} eq 'root') { + $initconfig_dir = "$inf->{General}->{prefix}@initconfigdir@"; + } else { + $initconfig_dir = "$ENV{HOME}/.@package_name@"; + mkpath $initconfig_dir unless -d $initconfig_dir; + } + } + # install instance specific initconfig script $src = "$inf->{General}->{prefix}@configdir@/template-initconfig"; - $dest = "$inf->{General}->{prefix}@initconfigdir@/@package_name@-$inf->{slapd}->{ServerIdentifier}"; + $dest = "$initconfig_dir/@package_name@-$inf->{slapd}->{ServerIdentifier}"; + $! = 0; # clear errno if (!open(SRC, "< $src")) { @@ -1026,10 +1050,42 @@ sub stopServer { sub removeDSInstance { my $inst = shift; my $force = shift; + my $initconfig_dir = shift; my $baseconfigdir = $ENV{DS_CONFIG_DIR} || "@instconfigdir@"; my $instname = "slapd-$inst"; - my $configdir = "$baseconfigdir/$instname"; + my $configdir; + my $rundir; + my $product_name; my @errs; + + # determine initconfig_dir + if (!$initconfig_dir) { + if ($ENV{USER} eq 'root') { + $initconfig_dir = "@initconfigdir@"; + } else { + $initconfig_dir = "$ENV{HOME}/.@package_name@"; + } + } + + my $initconfig = "$initconfig_dir/@package_name@-$inst"; + + # Get the configdir, rundir and product_name from the instance initconfig script. + unless(open(INFILE, $initconfig)) { + return ( [ 'error_no_such_instance', $instname, $! ] ); + } + + my $line; + while($line = <INFILE>) { + if ($line =~ /CONFIG_DIR=(.*) ; export CONFIG_DIR/) { + $configdir = $1; + } elsif ($line =~ /RUN_DIR=(.*) ; export INST_DIR/) { + $rundir = $1; + } elsif ($line =~ /PRODUCT_NAME=(.*) ; export PRODUCT_NAME/) { + $product_name = $1; + } + } + close(INFILE); + if ( ! -d $configdir ) { debug(1, "Error: $configdir does not exist: $!\n"); @@ -1097,8 +1153,8 @@ sub removeDSInstance { if ( -d $instdir && $instdir =~ /$instname/ ) { # clean up pid files (if any) - remove_pidfile("STARTPIDFILE", $instdir, $instname); - remove_pidfile("PIDFILE", $instdir, $instname); + remove_pidfile("STARTPIDFILE", $inst, $instdir, $instname, $rundir, $product_name); + remove_pidfile("PIDFILE", $inst, $instdir, $instname, $rundir, $product_name); my $rc = rmtree($instdir); if ( 0 == $rc ) @@ -1111,12 +1167,12 @@ sub removeDSInstance { push @errs, remove_tree($entry, "nsslapd-schemadir", $instname, 1, "\.db\$"); # Remove the instance specific initconfig script - if ( -f "@initconfigdir@/@package_name@-$inst" ) { - my $rc = unlink("@initconfigdir@/@package_name@-$inst"); + if ( -f $initconfig ) { + my $rc = unlink($initconfig); if ( 0 == $rc ) { - push @errs, [ 'error_removing_path', "@initconfigdir@/@package_name@-$inst", $! ]; - debug(1, "Warning: @initconfigdir@/@package_name@-$inst was not removed. Error: $!\n"); + push @errs, [ 'error_removing_path', $initconfig, $! ]; + debug(1, "Warning: $initconfig was not removed. Error: $!\n"); } } diff --git a/ldap/admin/src/scripts/DSUtil.pm.in b/ldap/admin/src/scripts/DSUtil.pm.in index 79586db..a8f3a30 100644 --- a/ldap/admin/src/scripts/DSUtil.pm.in +++ b/ldap/admin/src/scripts/DSUtil.pm.in @@ -947,45 +947,9 @@ sub remove_tree sub remove_pidfile { - my ($type, $instdir, $instname) = @_; - my $serv_id; - my $run_dir; - my $product_name; + my ($type, $serv_id, $instdir, $instname, $run_dir, $product_name) = @_; my $pidfile; - # Get the serv_id from the start-slapd script. - unless(open(INFILE,"$instdir/start-slapd")) { - print("Cannot open start-slapd file for reading "); return 0; - } - my $line; - while($line = <INFILE>) { - if ($line =~ /start-dirsrv /g) { - my @servline=split(/start-dirsrv /, $line); - @servline=split(/\s+/, $servline[1]); - $serv_id=$servline[0]; - } - } - close(INFILE); - - # Get the run_dir and product_name from the instance initconfig script. - unless(open(INFILE,"@initconfigdir@/@package_name@-$serv_id")) { - print("Couldn't open @initconfigdir@/@package_name@-$serv_id "); return 0; - } - while($line = <INFILE>) { - if ($line =~ /RUN_DIR=/g) { - my @rundir_line=split(/RUN_DIR=+/, $line); - @rundir_line=split(/;/, $rundir_line[1]); - $run_dir = $rundir_line[0]; - chop($run_dir); - } elsif ($line =~ /PRODUCT_NAME=/g) { - my @product_line=split(/PRODUCT_NAME=+/, $line); - @product_line=split(/;/, $product_line[1]); - $product_name = $product_line[0]; - chop($product_name); - } - } - close(INFILE); - # Construct the pidfile name as follows: # PIDFILE=$RUN_DIR/$PRODUCT_NAME-$SERV_ID.pid # STARTPIDFILE=$RUN_DIR/$PRODUCT_NAME-$SERV_ID.startpid diff --git a/ldap/admin/src/scripts/remove-ds.pl.in b/ldap/admin/src/scripts/remove-ds.pl.in index 1d10a91..5eee37d 100755 --- a/ldap/admin/src/scripts/remove-ds.pl.in +++ b/ldap/admin/src/scripts/remove-ds.pl.in @@ -23,10 +23,14 @@ use strict; use File::Basename; use File::Path; +use Getopt::Long; use DSUtil; use Resource; use DSCreate qw(removeDSInstance); +# process command line options +Getopt::Long::Configure(qw(bundling)); # bundling allows -ddddd + my $res = new Resource("@propertydir(a)/setup-ds.res"); sub usage { @@ -36,24 +40,16 @@ sub usage { print(STDERR " -d - turn on debugging output\n"); } -my $i = 0; my $force = ""; my $instname = ""; +my $initconfig_dir = ""; -# load args from the command line -while ($i <= $#ARGV) { - if ( "$ARGV[$i]" eq "-f" ) { - $force = 1; - } elsif ("$ARGV[$i]" eq "-i") { - $i++; - $instname = $ARGV[$i]; - } elsif ("$ARGV[$i]" eq "-d") { - $DSUtil::debuglevel++; - } else { - &usage; exit(1); - } - $i++; -} +GetOptions('help|h|?' => sub { &usage; exit(1); }, + 'debug|d+' => \$DSUtil::debuglevel, + 'instance|i=s' => \$instname, + 'initconfig_dir|c=s' => \$initconfig_dir, + 'force|f' => \$force + ); # Make sure the instance name option was provided. unless ($instname) { @@ -67,7 +63,7 @@ unless ($inst) { exit 1; } -my @errs = removeDSInstance($inst, $force); +my @errs = removeDSInstance($inst, $force, $initconfig_dir); if (@errs) { print STDERR "The following errors occurred during removal:\n"; for (@errs) { diff --git a/ldap/admin/src/scripts/restart-dirsrv.in b/ldap/admin/src/scripts/restart-dirsrv.in index 29203fd..76fb176 100644 --- a/ldap/admin/src/scripts/restart-dirsrv.in +++ b/ldap/admin/src/scripts/restart-dirsrv.in @@ -11,7 +11,7 @@ restart_instance() { SERV_ID=$1 server_already_stopped=0 - @sbindir@/stop-dirsrv $SERV_ID + @sbindir@/stop-dirsrv -d $initconfig_dir $SERV_ID status=$? if [ $status -eq 1 ] ; then return 3; @@ -20,7 +20,7 @@ restart_instance() { server_already_stopped=1 fi fi - @sbindir@/start-dirsrv $SERV_ID + @sbindir@/start-dirsrv -d $initconfig_dir $SERV_ID status=$? if [ $server_already_stopped -eq 1 ] && [ $status -eq 0 ] ; then return 2; @@ -28,11 +28,28 @@ restart_instance() { return $status } +while getopts "d:" flag +do + case "$flag" in + d) initconfig_dir="$OPTARG";; + esac +done +shift $(($OPTIND-1)) + +if [ "$initconfig_dir" = "" ]; then + if [ $USER = root ] ; then + initconfig_dir=@initconfigdir@ + else + initconfig_dir=$HOME/.@package_name@ + fi +fi + if [ "$#" -eq 0 ]; then # We're restarting all instances. ret=0 - for i in @initconfigdir@/@package_name@-*; do - inst=`echo $i | sed -e 's,@initconfigdir@/@package_name@-,,g'` + for i in $initconfig_dir/@package_name@-*; do + regex=s,$initconfig_dir/@package_name@-,,g + inst=`echo $i | sed -e $regex` echo Restarting instance \"$inst\" restart_instance $inst if [ "$?" -ne 0 ]; then diff --git a/ldap/admin/src/scripts/start-dirsrv.in b/ldap/admin/src/scripts/start-dirsrv.in index 46c48d7..4e95785 100755 --- a/ldap/admin/src/scripts/start-dirsrv.in +++ b/ldap/admin/src/scripts/start-dirsrv.in @@ -14,8 +14,8 @@ start_instance() { shift # source env. for this instance - if [ -f @initconfigdir@/@package_name@-$SERV_ID ] ; then - . @initconfigdir@/@package_name@-$SERV_ID + if [ -f $initconfig_dir/@package_name@-$SERV_ID ] ; then + . $initconfig_dir/@package_name@-$SERV_ID else echo Instance $SERV_ID not found. return 1 @@ -93,11 +93,28 @@ start_instance() { # source env. for all instances [ -f @initconfigdir@/@package_name@ ] && . @initconfigdir@/@package_name@ +while getopts "d:" flag +do + case "$flag" in + d) initconfig_dir="$OPTARG";; + esac +done +shift $(($OPTIND-1)) + +if [ "$initconfig_dir" = "" ]; then + if [ $USER = root ] ; then + initconfig_dir=@initconfigdir@ + else + initconfig_dir=$HOME/.@package_name@ + fi +fi + if [ "$#" -eq 0 ]; then # We're starting all instances. ret=0 - for i in @initconfigdir@/@package_name@-*; do - inst=`echo $i | sed -e 's,@initconfigdir@/@package_name@-,,g'` + for i in $initconfig_dir/@package_name@-*; do + regex=s,$initconfig_dir/@package_name@-,,g + inst=`echo $i | sed -e $regex` echo Starting instance \"$inst\" start_instance $inst if [ "$?" -ne 0 ]; then @@ -107,6 +124,6 @@ if [ "$#" -eq 0 ]; then exit $ret else # We're starting a single instance. - start_instance $* + start_instance $@ exit $? fi diff --git a/ldap/admin/src/scripts/stop-dirsrv.in b/ldap/admin/src/scripts/stop-dirsrv.in index 8ba8d5d..4d88585 100755 --- a/ldap/admin/src/scripts/stop-dirsrv.in +++ b/ldap/admin/src/scripts/stop-dirsrv.in @@ -10,8 +10,8 @@ stop_instance() { SERV_ID=$1 # source env. for this instance - if [ -f @initconfigdir@/@package_name@-$SERV_ID ]; then - . @initconfigdir@/@package_name@-$SERV_ID + if [ -f $initconfig_dir/@package_name@-$SERV_ID ] ; then + . $initconfig_dir/@package_name@-$SERV_ID else echo Instance $SERV_ID not found. return 1 @@ -53,11 +53,28 @@ stop_instance() { return 1 } +while getopts "d:" flag +do + case "$flag" in + d) initconfig_dir="$OPTARG";; + esac +done +shift $(($OPTIND-1)) + +if [ "$initconfig_dir" = "" ]; then + if [ $USER = root ] ; then + initconfig_dir=@initconfigdir@ + else + initconfig_dir=$HOME/.@package_name@ + fi +fi + if [ "$#" -eq 0 ]; then # We're stopping all instances. ret=0 - for i in @initconfigdir@/@package_name@-*; do - inst=`echo $i | sed -e 's,@initconfigdir@/@package_name@-,,g'` + for i in $initconfig_dir/@package_name@-*; do + regex=s,$initconfig_dir/@package_name@-,,g + inst=`echo $i | sed -e $regex` echo Stopping instance \"$inst\" stop_instance $inst if [ "$?" -ne 0 ]; then @@ -67,6 +84,6 @@ if [ "$#" -eq 0 ]; then exit $ret else # We're stopping a single instance. - stop_instance $* + stop_instance $@ exit $? fi diff --git a/ldap/admin/src/scripts/template-restart-slapd.in b/ldap/admin/src/scripts/template-restart-slapd.in index 19e2414..e30fca8 100644 --- a/ldap/admin/src/scripts/template-restart-slapd.in +++ b/ldap/admin/src/scripts/template-restart-slapd.in @@ -7,5 +7,5 @@ # 2: Server started successfully (was not running) # 3: Server could not be stopped -@sbindir@/restart-dirsrv {{SERV-ID}} "$@" +@sbindir@/restart-dirsrv -d {{INITCONFIG-DIR}} {{SERV-ID}} "$@" exit $? diff --git a/ldap/admin/src/scripts/template-start-slapd.in b/ldap/admin/src/scripts/template-start-slapd.in index 7608d37..444a37f 100755 --- a/ldap/admin/src/scripts/template-start-slapd.in +++ b/ldap/admin/src/scripts/template-start-slapd.in @@ -6,5 +6,5 @@ # 1: Server could not be started # 2: Server already running -@sbindir@/start-dirsrv {{SERV-ID}} "$@" +@sbindir@/start-dirsrv -d {{INITCONFIG-DIR}} {{SERV-ID}} "$@" exit $? diff --git a/ldap/admin/src/scripts/template-stop-slapd.in b/ldap/admin/src/scripts/template-stop-slapd.in index 3531464..1c10986 100755 --- a/ldap/admin/src/scripts/template-stop-slapd.in +++ b/ldap/admin/src/scripts/template-stop-slapd.in @@ -6,5 +6,5 @@ # 1: Server could not be stopped # 2: Server was not running -@sbindir@/stop-dirsrv {{SERV-ID}} "$@" +@sbindir@/stop-dirsrv -d {{INITCONFIG-DIR}} {{SERV-ID}} "$@" exit $?

14 years, 1 month

1
0
0 / 0

ldap/schema ldap/servers

by Richard Allen Megginson

ldap/schema/60qmail.ldif | 4 ++-- ldap/servers/plugins/syntaxes/ces.c | 9 +++++---- 2 files changed, 7 insertions(+), 6 deletions(-) New commits: commit 2db1f5a13b7198de00b2b14232110ab42fc361ac Author: Rich Megginson <rmeggins(a)redhat.com> Date: Mon Mar 8 20:53:49 2010 -0700 Add support for additional schema/matching rules included with 389 https://bugzilla.redhat.com/show_bug.cgi?id=559315 Resolves: bug 559315 Bug Description: Searching some attributes are now case sensitive when they were previously case-insensitive Reviewed by: nhosoi (Thanks!) Fix Description: 1) The 60qmail.ldif schema we ship used integerMatch and IA5 syntax because we used not to support numericString syntax and matching rules - these have been changed to use the standard qmail definitions 2) Allow IA5String syntax to use caseExactSubstringsMatch - this is required by krbPrincipalName diff --git a/ldap/schema/60qmail.ldif b/ldap/schema/60qmail.ldif index 8a62548..c118bef 100644 --- a/ldap/schema/60qmail.ldif +++ b/ldap/schema/60qmail.ldif @@ -134,8 +134,8 @@ attributeTypes: ( 1.3.6.1.4.1.7914.1.2.1.13 NAME 'qmailAccountPurge' DESC 'The earliest date when a mailMessageStore will be purged' - EQUALITY integerMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + EQUALITY numericStringMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.36 SINGLE-VALUE ) # diff --git a/ldap/servers/plugins/syntaxes/ces.c b/ldap/servers/plugins/syntaxes/ces.c index 07abcd5..c0855d6 100644 --- a/ldap/servers/plugins/syntaxes/ces.c +++ b/ldap/servers/plugins/syntaxes/ces.c @@ -85,12 +85,13 @@ static const char *caseExactOrderingMatch_names[] = {"caseExactOrderingMatch", " static const char *caseExactSubstringsMatch_names[] = {"caseExactSubstringsMatch", "2.5.13.7", NULL}; static const char *caseExactIA5SubstringsMatch_names[] = {"caseExactIA5SubstringsMatch", CASEEXACTIA5SUBSTRINGSMATCH_OID, NULL}; -static char *dirString_syntaxes[] = {COUNTRYSTRING_SYNTAX_OID, - DIRSTRING_SYNTAX_OID, - PRINTABLESTRING_SYNTAX_OID,NULL}; static char *dirStringCompat_syntaxes[] = {COUNTRYSTRING_SYNTAX_OID, PRINTABLESTRING_SYNTAX_OID,NULL}; static char *ia5String_syntaxes[] = {IA5STRING_SYNTAX_OID,NULL}; +static char *caseExactSubstrings_syntaxes[] = {IA5STRING_SYNTAX_OID, /* allow IA5 to use cesubstrs e.g. krbPrincipalName */ + COUNTRYSTRING_SYNTAX_OID, + DIRSTRING_SYNTAX_OID, + PRINTABLESTRING_SYNTAX_OID,NULL}; /* for some reason vendorName and vendorVersion are dirstring but want to use EQUALITY caseExactIA5Match ???? RFC 3045 @@ -171,7 +172,7 @@ DIRSTRING_SYNTAX_OID, 0, dirStringCompat_syntaxes}, /* matching rule desc */ "comparison, characters are not case folded in the Map preparation " "step, and only Insignificant Space Handling is applied in the " "Insignificant Character Handling step.", -"1.3.6.1.4.1.1466.115.121.1.58", 0, dirString_syntaxes}, /* matching rule desc */ +"1.3.6.1.4.1.1466.115.121.1.58", 0, caseExactSubstrings_syntaxes}, /* matching rule desc */ {"caseExactSubstringsMatch-mr", VENDOR, DS_PACKAGE_VERSION, "caseExactSubstringsMatch matching rule plugin"}, /* plugin desc */ caseExactSubstringsMatch_names, /* matching rule name/oid/aliases */ NULL, NULL, NULL, ces_filter_sub, ces_values2keys,

14 years, 1 month

1
0
0 / 0

Branch 'Directory_Server_8_2_Branch' - ldap/servers

by Richard Allen Megginson

ldap/servers/plugins/syntaxes/cis.c | 28 ++++++++++++++++------------ 1 file changed, 16 insertions(+), 12 deletions(-) New commits: commit 5962d965030a70a1cbf31081ed92d5f933e89c00 Author: Rich Megginson <rmeggins(a)redhat.com> Date: Mon Mar 8 14:35:17 2010 -0700 Bug 570905 - postalAddress syntax should allow empty lines (should allow $$) https://bugzilla.redhat.com/show_bug.cgi?id=570905 Resolves: bug 570905 Bug Description: postalAddress syntax should allow empty lines (should allow $$) Reviewed by: nhosoi (Thanks!) Branch: Directory_Server_8_2_Branch Fix Description: Even though RFC 4517 says a postal address syntax value should not contain empty lines (e.g. $$), most, if not all, current applications expect to be able to store $$. This adds an internal switch to allow support for $$ for now. Platforms tested: RHEL5 x86_64 Flag Day: no Doc impact: no (cherry picked from commit b8ff06dd240df947fee972fe13bb2826ebb02048) diff --git a/ldap/servers/plugins/syntaxes/cis.c b/ldap/servers/plugins/syntaxes/cis.c index 4a15e5e..284210f 100644 --- a/ldap/servers/plugins/syntaxes/cis.c +++ b/ldap/servers/plugins/syntaxes/cis.c @@ -79,6 +79,15 @@ static int oid_validate(struct berval *val); static int printable_validate(struct berval *val); /* + Even though the official RFC 4517 says that the postal syntax + line values must contain at least 1 character (i.e. no $$), it + seems that most, if not all, address book and other applications that + use postal address syntax values expect to be able to store empty + lines/values - so for now, allow it +*/ +static const int postal_allow_empty_lines = 1; + +/* * Attribute syntaxes. We treat all of these the same for now, even though * the specifications (e.g., RFC 2252) impose various constraints on the * the format for each of these. @@ -759,19 +768,14 @@ static int postal_validate( } else if (*p == '$') { /* This signifies the end of a line. We need * to ensure that the line is not empty. */ - if (p == start) { - rc = 1; - goto exit; - } - /* make sure the value doesn't end with a '$' */ - if (p == end) { - rc = 1; - goto exit; - } - - /* Make sure the line (start to p) is valid UTF-8. */ - if ((rc = utf8string_validate(start, p, NULL)) != 0) { + if ((p == start) || (p == end)) { + if (!postal_allow_empty_lines) { + rc = 1; + goto exit; + } /* else allow it */ + } else if ((rc = utf8string_validate(start, p, NULL)) != 0) { + /* Make sure the line (start to p) is valid UTF-8. */ goto exit; }

14 years, 1 month

1
0
0 / 0

ldap/servers

by Richard Allen Megginson

ldap/servers/plugins/syntaxes/cis.c | 28 ++++++++++++++++------------ 1 file changed, 16 insertions(+), 12 deletions(-) New commits: commit b8ff06dd240df947fee972fe13bb2826ebb02048 Author: Rich Megginson <rmeggins(a)redhat.com> Date: Mon Mar 8 14:35:17 2010 -0700 Bug 570905 - postalAddress syntax should allow empty lines (should allow $$) https://bugzilla.redhat.com/show_bug.cgi?id=570905 Resolves: bug 570905 Bug Description: postalAddress syntax should allow empty lines (should allow $$) Reviewed by: nhosoi (Thanks!) Branch: HEAD Fix Description: Even though RFC 4517 says a postal address syntax value should not contain empty lines (e.g. $$), most, if not all, current applications expect to be able to store $$. This adds an internal switch to allow support for $$ for now. Platforms tested: RHEL5 x86_64 Flag Day: no Doc impact: no diff --git a/ldap/servers/plugins/syntaxes/cis.c b/ldap/servers/plugins/syntaxes/cis.c index 77f6d55..bc4f72e 100644 --- a/ldap/servers/plugins/syntaxes/cis.c +++ b/ldap/servers/plugins/syntaxes/cis.c @@ -79,6 +79,15 @@ static int oid_validate(struct berval *val); static int printable_validate(struct berval *val); /* + Even though the official RFC 4517 says that the postal syntax + line values must contain at least 1 character (i.e. no $$), it + seems that most, if not all, address book and other applications that + use postal address syntax values expect to be able to store empty + lines/values - so for now, allow it +*/ +static const int postal_allow_empty_lines = 1; + +/* * Attribute syntaxes. We treat all of these the same for now, even though * the specifications (e.g., RFC 2252) impose various constraints on the * the format for each of these. @@ -989,19 +998,14 @@ static int postal_validate( } else if (*p == '$') { /* This signifies the end of a line. We need * to ensure that the line is not empty. */ - if (p == start) { - rc = 1; - goto exit; - } - /* make sure the value doesn't end with a '$' */ - if (p == end) { - rc = 1; - goto exit; - } - - /* Make sure the line (start to p) is valid UTF-8. */ - if ((rc = utf8string_validate(start, p, NULL)) != 0) { + if ((p == start) || (p == end)) { + if (!postal_allow_empty_lines) { + rc = 1; + goto exit; + } /* else allow it */ + } else if ((rc = utf8string_validate(start, p, NULL)) != 0) { + /* Make sure the line (start to p) is valid UTF-8. */ goto exit; }

14 years, 1 month

1
0
0 / 0

Branch 'Directory_Server_8_2_Branch' - ldap/servers

by Noriko Hosoi

ldap/servers/plugins/replication/repl5.h | 6 ++++ ldap/servers/plugins/replication/repl5_protocol.c | 28 ++++++++++++++++++++++ ldap/servers/plugins/replication/repl_extop.c | 24 ++++++++++++++++++ 3 files changed, 58 insertions(+) New commits: commit 73a74244437da7bc20fb34618318e8437c8ae9c8 Author: Noriko Hosoi <nhosoi(a)redhat.com> Date: Mon Mar 8 15:14:14 2010 -0800 570667 - MMR: simultaneous total updates on the masters cause deadlock and data loss https://bugzilla.redhat.com/show_bug.cgi?id=570667 Description: In the MMR topology, if a master receives a total update request to initialize the other master and being initialized by the other master at the same time, the 2 replication threads hang and the replicated backend instance could be wiped out. To prevent the server running the total update supplier and the consumer at the same time, REPLICA_TOTAL_EXCL_SEND and _RECV bits have been introduced. If the server is sending the total update to other replicas, the server rejects the total update request on the backend. But the server can send multiple total updates to other replicas at the same time. If the total update from other master is in progress on the server, the server rejects another total update from yet another master as well as a request to initialize other replicas. diff --git a/ldap/servers/plugins/replication/repl5.h b/ldap/servers/plugins/replication/repl5.h index 97ce556..c6859dd 100644 --- a/ldap/servers/plugins/replication/repl5.h +++ b/ldap/servers/plugins/replication/repl5.h @@ -521,6 +521,12 @@ void replica_write_ruv (Replica *r); #define REPLICA_INCREMENTAL_IN_PROGRESS 2 /* Set only between start and stop inc */ #define REPLICA_TOTAL_IN_PROGRESS 4 /* Set only between start and stop total */ #define REPLICA_AGREEMENTS_DISABLED 8 /* Replica is offline */ +#define REPLICA_TOTAL_EXCL_SEND 16 /* The server is either sending or receiving + the total update. Introducing it if SEND + is active, RECV should back off. And + vice versa. But SEND can coexist. */ +#define REPLICA_TOTAL_EXCL_RECV 32 /* ditto */ + PRBool replica_is_state_flag_set(Replica *r, PRInt32 flag); void replica_set_state_flag (Replica *r, PRUint32 flag, PRBool clear); void replica_set_tombstone_reap_stop(Replica *r, PRBool val); diff --git a/ldap/servers/plugins/replication/repl5_protocol.c b/ldap/servers/plugins/replication/repl5_protocol.c index 927c450..efb3271 100644 --- a/ldap/servers/plugins/replication/repl5_protocol.c +++ b/ldap/servers/plugins/replication/repl5_protocol.c @@ -317,6 +317,28 @@ prot_thread_main(void *arg) dev_debug("prot_thread_main(STATE_PERFORMING_INCREMENTAL_UPDATE): end"); break; case STATE_PERFORMING_TOTAL_UPDATE: + { + Slapi_DN *dn = agmt_get_replarea(agmt); + Replica *replica = NULL; + Object *replica_obj = replica_get_replica_from_dn(dn); + if (replica_obj) + { + replica = (Replica*) object_get_data (replica_obj); + /* If total update against this replica is in progress, + * we should not initiate the total update to other replicas. */ + if (replica_is_state_flag_set(replica, REPLICA_TOTAL_EXCL_RECV)) + { + object_release(replica_obj); + slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name, + "%s: total update on the replica is in progress. Cannot initiate the total update.\n", agmt_get_long_name(rp->agmt)); + break; + } + else + { + replica_set_state_flag (replica, REPLICA_TOTAL_EXCL_SEND, 0); + } + } + PR_Lock(rp->lock); /* stop incremental protocol if running */ @@ -332,7 +354,13 @@ prot_thread_main(void *arg) replica initialization is completed. */ agmt_replica_init_done (agmt); + if (replica_obj) + { + replica_set_state_flag (replica, REPLICA_TOTAL_EXCL_SEND, 1); + object_release(replica_obj); + } break; + } case STATE_FINISHED: dev_debug("prot_thread_main(STATE_FINISHED): exiting prot_thread_main"); done = 1; diff --git a/ldap/servers/plugins/replication/repl_extop.c b/ldap/servers/plugins/replication/repl_extop.c index b65c6c8..c47ea93 100644 --- a/ldap/servers/plugins/replication/repl_extop.c +++ b/ldap/servers/plugins/replication/repl_extop.c @@ -678,6 +678,25 @@ multimaster_extop_StartNSDS50ReplicationRequest(Slapi_PBlock *pb) goto send_response; } + if (REPL_PROTOCOL_50_TOTALUPDATE == connext->repl_protocol_version) + { + /* If total update has been initiated against other replicas or + * this replica is already being initialized, we should return + * an error immediately. */ + if (replica_is_state_flag_set(replica, + REPLICA_TOTAL_EXCL_SEND|REPLICA_TOTAL_EXCL_RECV)) + { + slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name, + "%s: total update on is initiated on the replica. Cannot execute the total update from other master.\n", repl_root); + response = NSDS50_REPL_REPLICA_BUSY; + goto send_response; + } + else + { + replica_set_state_flag (replica, REPLICA_TOTAL_EXCL_RECV, 0); + } + } + /* check that this replica is not a 4.0 consumer */ if (replica_is_legacy_consumer (replica)) { @@ -861,6 +880,11 @@ multimaster_extop_StartNSDS50ReplicationRequest(Slapi_PBlock *pb) slapi_pblock_get(pb, SLAPI_CONNECTION, &connext->connection); send_response: + if (connext && replica && + (REPL_PROTOCOL_50_TOTALUPDATE == connext->repl_protocol_version)) + { + replica_set_state_flag (replica, REPLICA_TOTAL_EXCL_RECV, 1); + } if (response != NSDS50_REPL_REPLICA_READY) { int resp_log_level = SLAPI_LOG_FATAL;

14 years, 1 month

1
0
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

389-commits March 2010