December 2011 - 389-commits - Fedora Mailing-Lists

by Richard Allen Megginson

admserv/newinst/src/AdminServer.pm.in | 48 ++++++++++++++++++++++++++++++++++ 1 file changed, 48 insertions(+) New commits: commit 3302242bde80530a4f32069ab786249f4a9a1414 Author: Rich Megginson <rmeggins(a)redhat.com> Date: Thu Dec 15 11:59:30 2011 -0700 Bug 767823 - selinux: need to allow admin server to connect to ldap port https://bugzilla.redhat.com/show_bug.cgi?id=767823 Resolves: bug 767823 Bug Description: selinux: need to allow admin server to connect to ldap port Reviewed by: nhosoi (Thanks!) Branch: master Fix Description: Turn on the selinux boolean httpd_can_connect_ldap during setup. Turn it off during removal. Platforms tested: Fedora 16 Flag Day: no Doc impact: no diff --git a/admserv/newinst/src/AdminServer.pm.in b/admserv/newinst/src/AdminServer.pm.in index d9d7427..f2de530 100644 --- a/admserv/newinst/src/AdminServer.pm.in +++ b/admserv/newinst/src/AdminServer.pm.in @@ -678,6 +678,30 @@ sub removeAdminServer { } } } + + # turn off the switch to allow admin server to connect to the ldap port + $? = 0; # clear error + my $cmd = "getsebool httpd_can_connect_ldap"; + my $output = `$cmd 2>&1`; + chomp($output); + if ($output =~ /Error getting active value for httpd_can_connect_ldap/) { + # this version of selinux does not support the boolean value + debug(1, "This version of selinux does not support httpd_can_connect_ldap\n"); + } elsif ($?) { + $setup->msg($SetupLog::WARN, 'error_running_command', $cmd, $output, $!); + } elsif ($output =~ /on$/) { + $cmd = "setsebool -P httpd_can_connect_ldap off"; + $? = 0; # clear error + $output = `$cmd 2>&1`; + chomp($output); + if ($?) { + $setup->msg($SetupLog::WARN, 'error_running_command', $cmd, $output, $!); + } else { + debug(1, "$cmd was successful\n"); + } + } else { + debug(1, "selinux boolean httpd_can_connect_ldap is already off - $output\n"); + } } # remove admin server files in $rundir @@ -755,6 +779,30 @@ sub updateSelinuxPolicy { system("semanage port -a -t http_port_t -p tcp $setup->{inf}->{admin}->{Port}"); } } + + # turn on the switch to allow admin server to connect to the ldap port + $? = 0; # clear error + my $cmd = "getsebool httpd_can_connect_ldap"; + my $output = `$cmd 2>&1`; + chomp($output); + if ($output =~ /Error getting active value for httpd_can_connect_ldap/) { + # this version of selinux does not support the boolean value + debug(1, "This version of selinux does not support httpd_can_connect_ldap\n"); + } elsif ($?) { + $setup->msg($SetupLog::WARN, 'error_running_command', $cmd, $output, $!); + } elsif ($output =~ /off$/) { + $cmd = "setsebool -P httpd_can_connect_ldap on"; + $? = 0; # clear error + $output = `$cmd 2>&1`; + chomp($output); + if ($?) { + $setup->msg($SetupLog::WARN, 'error_running_command', $cmd, $output, $!); + } else { + debug(1, "$cmd was successful\n"); + } + } else { + debug(1, "selinux boolean httpd_can_connect_ldap is already on - $output\n"); + } } }

11 years, 12 months

1
0
0 / 0

Makefile.am Makefile.in

by Richard Allen Megginson

Makefile.am | 12 ++++++++---- Makefile.in | 19 ++++++++++++------- 2 files changed, 20 insertions(+), 11 deletions(-) New commits: commit 91fa21f6af7871d73bb9d5e738ec4e31b5298463 Author: Rich Megginson <rmeggins(a)redhat.com> Date: Wed Dec 14 20:04:48 2011 -0700 Bug 755725 - 389 programs linked against openldap crash during shutdown https://bugzilla.redhat.com/show_bug.cgi?id=755725 Resolves: bug 755725 Bug Description: 389 programs linked against openldap crash during shutdown Reviewed by: nhosoi (Thanks!) Branch: master Fix Description: With recent versions of openldap, you cannot link with both ldap_r and ldap - when the shared object _fini is run, the _fini from the one will stomp on the _fini from the other, and the program will crash. The fix is to link with ldap_r only in a threaded program, and ldap otherwise. Platforms tested: Fedora 16, RHEL6 x86_64 Flag Day: no Doc impact: no diff --git a/Makefile.am b/Makefile.am index f4af8ed..25ae2e5 100644 --- a/Makefile.am +++ b/Makefile.am @@ -45,11 +45,15 @@ endif NSPR_LINK = @nspr_lib@ -lplc4 -lplds4 -lnspr4 NSS_LINK = @nss_lib@ -lssl3 -lnss3 if OPENLDAP -LDAPSDK_LINK = @openldap_lib@ -lldap_r@ol_libver@ -lldap@ol_libver@ @ldap_lib_ldif@ -llber@ol_libver@ +# with recent versions of openldap - if you link with both ldap_r and ldap, the +# shared lib _fini for one will stomp on the other, and the program will crash +LDAPSDK_LINK_NOTHR = @openldap_lib@ -lldap@ol_libver@ @ldap_lib_ldif@ -llber@ol_libver@ +LDAPSDK_LINK = @openldap_lib@ -lldap_r@ol_libver@ @ldap_lib_ldif@ -llber@ol_libver@ ldaplib = openldap ldaplib_defs = -DUSE_OPENLDAP else LDAPSDK_LINK = @ldapsdk_lib@ -lssldap60 -lprldap60 -lldap60 -lldif60 +LDAPSDK_LINK_NOTHR = $(LDAPSDK_LINK) ldaplib = mozldap ldaplib_defs = endif @@ -1229,7 +1233,7 @@ ldap_agent_bin_SOURCES = ldap/servers/snmp/main.c \ ldap/servers/slapd/agtmmap.c ldap_agent_bin_CPPFLAGS = $(AM_CPPFLAGS) @netsnmp_inc@ @openldap_inc@ @ldapsdk_inc@ @nss_inc@ @nspr_inc@ -ldap_agent_bin_LDADD = $(LDAPSDK_LINK) $(SASL_LINK) $(NSS_LINK) $(NSPR_LINK) $(NETSNMP_LINK) $(THREADLIB) +ldap_agent_bin_LDADD = $(LDAPSDK_LINK_NOTHR) $(SASL_LINK) $(NSS_LINK) $(NSPR_LINK) $(NETSNMP_LINK) $(THREADLIB) if SOLARIS ldap_agent_bin_LDADD += -lrt endif @@ -1264,7 +1268,7 @@ ldclt_bin_LDADD = $(NSPR_LINK) $(NSS_LINK) $(LDAPSDK_LINK) $(SASL_LINK) $(LIBNSL ldif_bin_SOURCES = ldap/servers/slapd/tools/ldif.c ldif_bin_CPPFLAGS = $(AM_CPPFLAGS) @openldap_inc@ @ldapsdk_inc@ @nss_inc@ @nspr_inc@ -ldif_bin_LDADD = $(NSPR_LINK) $(NSS_LINK) $(LDAPSDK_LINK) $(SASL_LINK) +ldif_bin_LDADD = $(NSPR_LINK) $(NSS_LINK) $(LDAPSDK_LINK_NOTHR) $(SASL_LINK) #------------------------ # migratecred @@ -1280,7 +1284,7 @@ migratecred_bin_LDADD = libslapd.la $(NSPR_LINK) $(NSS_LINK) $(SVRCORE_LINK) $(L mmldif_bin_SOURCES = ldap/servers/slapd/tools/mmldif.c mmldif_bin_CPPFLAGS = $(AM_CPPFLAGS) @openldap_inc@ @ldapsdk_inc@ @nss_inc@ @nspr_inc@ -mmldif_bin_LDADD = libslapd.la $(NSPR_LINK) $(NSS_LINK) $(SVRCORE_LINK) $(LDAPSDK_LINK) $(SASL_LINK) +mmldif_bin_LDADD = libslapd.la $(NSPR_LINK) $(NSS_LINK) $(SVRCORE_LINK) $(LDAPSDK_LINK_NOTHR) $(SASL_LINK) #------------------------ # ns-slapd diff --git a/Makefile.in b/Makefile.in index bc6a4d5..00b47ce 100644 --- a/Makefile.in +++ b/Makefile.in @@ -825,7 +825,8 @@ am_ldap_agent_bin_OBJECTS = \ ldap/servers/snmp/ldap_agent_bin-ldap-agent.$(OBJEXT) \ ldap/servers/slapd/ldap_agent_bin-agtmmap.$(OBJEXT) ldap_agent_bin_OBJECTS = $(am_ldap_agent_bin_OBJECTS) -ldap_agent_bin_DEPENDENCIES = $(am__DEPENDENCIES_1) \ +@OPENLDAP_FALSE@am__DEPENDENCIES_3 = $(am__DEPENDENCIES_1) +ldap_agent_bin_DEPENDENCIES = $(am__DEPENDENCIES_3) \ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) @@ -866,7 +867,7 @@ am_ldif_bin_OBJECTS = \ ldap/servers/slapd/tools/ldif_bin-ldif.$(OBJEXT) ldif_bin_OBJECTS = $(am_ldif_bin_OBJECTS) ldif_bin_DEPENDENCIES = $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \ - $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) + $(am__DEPENDENCIES_3) $(am__DEPENDENCIES_1) am_makstrdb_OBJECTS = lib/libsi18n/makstrdb-makstrdb.$(OBJEXT) makstrdb_OBJECTS = $(am_makstrdb_OBJECTS) makstrdb_LDADD = $(LDADD) @@ -880,7 +881,7 @@ am_mmldif_bin_OBJECTS = \ mmldif_bin_OBJECTS = $(am_mmldif_bin_OBJECTS) mmldif_bin_DEPENDENCIES = libslapd.la $(am__DEPENDENCIES_1) \ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \ - $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) + $(am__DEPENDENCIES_3) $(am__DEPENDENCIES_1) am__ns_slapd_SOURCES_DIST = ldap/servers/slapd/abandon.c \ ldap/servers/slapd/auth.c ldap/servers/slapd/bind.c \ ldap/servers/slapd/compare.c ldap/servers/slapd/config.c \ @@ -1322,8 +1323,12 @@ PLUGIN_CPPFLAGS = $(AM_CPPFLAGS) @openldap_inc@ @ldapsdk_inc@ @nss_inc@ @nspr_in #------------------------ NSPR_LINK = @nspr_lib@ -lplc4 -lplds4 -lnspr4 NSS_LINK = @nss_lib@ -lssl3 -lnss3 +@OPENLDAP_FALSE@LDAPSDK_LINK_NOTHR = $(LDAPSDK_LINK) +# with recent versions of openldap - if you link with both ldap_r and ldap, the +# shared lib _fini for one will stomp on the other, and the program will crash +@OPENLDAP_TRUE@LDAPSDK_LINK_NOTHR = @openldap_lib@ -lldap@ol_libver@ @ldap_lib_ldif@ -llber@ol_libver@ @OPENLDAP_FALSE@LDAPSDK_LINK = @ldapsdk_lib@ -lssldap60 -lprldap60 -lldap60 -lldif60 -@OPENLDAP_TRUE@LDAPSDK_LINK = @openldap_lib@ -lldap_r@ol_libver@ -lldap@ol_libver@ @ldap_lib_ldif@ -llber@ol_libver@ +@OPENLDAP_TRUE@LDAPSDK_LINK = @openldap_lib@ -lldap_r@ol_libver@ @ldap_lib_ldif@ -llber@ol_libver@ @OPENLDAP_FALSE@ldaplib = mozldap @OPENLDAP_TRUE@ldaplib = openldap @OPENLDAP_FALSE@ldaplib_defs = @@ -2368,7 +2373,7 @@ ldap_agent_bin_SOURCES = ldap/servers/snmp/main.c \ ldap/servers/slapd/agtmmap.c ldap_agent_bin_CPPFLAGS = $(AM_CPPFLAGS) @netsnmp_inc@ @openldap_inc@ @ldapsdk_inc@ @nss_inc@ @nspr_inc@ -ldap_agent_bin_LDADD = $(LDAPSDK_LINK) $(SASL_LINK) $(NSS_LINK) \ +ldap_agent_bin_LDADD = $(LDAPSDK_LINK_NOTHR) $(SASL_LINK) $(NSS_LINK) \ $(NSPR_LINK) $(NETSNMP_LINK) $(THREADLIB) $(am__append_2) #------------------------ @@ -2394,7 +2399,7 @@ ldclt_bin_LDADD = $(NSPR_LINK) $(NSS_LINK) $(LDAPSDK_LINK) $(SASL_LINK) $(LIBNSL #------------------------ ldif_bin_SOURCES = ldap/servers/slapd/tools/ldif.c ldif_bin_CPPFLAGS = $(AM_CPPFLAGS) @openldap_inc@ @ldapsdk_inc@ @nss_inc@ @nspr_inc@ -ldif_bin_LDADD = $(NSPR_LINK) $(NSS_LINK) $(LDAPSDK_LINK) $(SASL_LINK) +ldif_bin_LDADD = $(NSPR_LINK) $(NSS_LINK) $(LDAPSDK_LINK_NOTHR) $(SASL_LINK) #------------------------ # migratecred @@ -2408,7 +2413,7 @@ migratecred_bin_LDADD = libslapd.la $(NSPR_LINK) $(NSS_LINK) $(SVRCORE_LINK) $(L #------------------------ mmldif_bin_SOURCES = ldap/servers/slapd/tools/mmldif.c mmldif_bin_CPPFLAGS = $(AM_CPPFLAGS) @openldap_inc@ @ldapsdk_inc@ @nss_inc@ @nspr_inc@ -mmldif_bin_LDADD = libslapd.la $(NSPR_LINK) $(NSS_LINK) $(SVRCORE_LINK) $(LDAPSDK_LINK) $(SASL_LINK) +mmldif_bin_LDADD = libslapd.la $(NSPR_LINK) $(NSS_LINK) $(SVRCORE_LINK) $(LDAPSDK_LINK_NOTHR) $(SASL_LINK) #------------------------ # ns-slapd

11 years, 12 months

1
0
0 / 0

Changes to 'refs/tags/389-dsgw-1.1.8'

by Richard Allen Megginson

Changes since the dawn of time: Nathan Kinder (3): Added orgchart to dsgw. General templating work for DSGW CGI URI's. Added dsgw.tmpl template Noriko Hosoi (1): openldap porting snapshot Rich Megginson (61): Initial import of code from ldapserver, modified to use autoconf for build cleaned up build and setup scripts update of autotool files based on recent ldapserver and adminserver Initial pass at using adminutil for CGI code Check ldapquery for NULL Still need to unescape some form vars added manuals; fixed code that displays manuals; added initial tests get phonebook and orgchart working; use memmove instead of overlapping strcpy; fix memory error in dsgw_dn_parent Renamed setup to setup-ds-dsgw to be consistent with other setup scripts fix build issues and compiler warnings on HP-UX added CXXLINK stuff for HP-UX add dummy c++ file to force automake to define CXXLINK include config.h in dsgw.h so all of the dsgw code will include it do not check for GNU compatible realloc better method of choosing suffix enhance setup - move to sbin, check for already configured, add reconfig option to force reconfig, add support for users and groups add pthread lib for HP-UX attributes in LDIF may be in mixed case - sed cannot portably do case insensitive matching - just use a simple sed search and replace for ldif attributes added perlpath for bundled installs actually use perlpath in the generated files setup will print messages showing what it is doing - setup will copy in the admin server home page html fragment files to enable using dsgw, phonebook, and orgchart from the admin server home page remove the hp host:port cgi parameter added a lot of tests do not print empty message add domodify tests 1) The old code used a CGI variable called completion_javascript - this variable contained arbitrary javascript code that was eval'd on in the client browser. I have removed this code and put it in the resource file. The dsgw code will set completion_javascript to one of the 3 keywords, and the new function emit_completion_javascript will look up the code in the resource file and output it with any required arguments. It just seems like a really bad idea to execute arbitrary blobs of javascript passed in a CGI argument. 1) There were several places where DSGW would output and eval arbitrary javascript code passed in a CGI parameter. These have been replaced with resource strings. In all cases the values were output escaped, but still, we shouldn't be passing around bits of javascript code to execute. clean up org chart code - added tests for org chart Resolves: bug 171353 Resolves: Bug 146294 additional cleanup - my last org chart commit broke org chart, this fixes it, and cleans up some other stuff, and adds some more tests Resolves: bug 435230 Resolves: bug 435230 Resolves: bug 435230 Resolves: bug 450134 Resolves: bug 450588 Resolves: bug 450894 Resolves: bug 450898 Resolves: bug 450971 Resolves: bug 452018 Resolves: bug 453052 Resolves: bug 171353 Resolves: bug 413531 this is the 1.1.1 release Resolves: bug 471681 Resolves: bug 472092 for the 1.1.2 release rename to 389 remove directory server exception from license bump version to 1.1.3 for fedora review bump version to 1.1.4 - require 389-adminutil - fix adminutil.m4 - fix remaining licensing problems make sure we can find ICU genrb on all platforms port dsgw to use openldap org cannot use LDAP_URL_OPT_SECURE; ldap_sasl_bind result check not correct openldap does not use global MozNSS context Bug 553636 - dsgw and ds has problems in schema look for separate openldap ldif library bump version to 1.1.7 add tmpfiles.d support for the cookiedir bump version to 1.1.8 dsgw does not need libldap_r

11 years, 12 months

1
0
0 / 0

3 commits - configure configure.ac Makefile.am Makefile.in setup-ds-dsgw.in

by Richard Allen Megginson

Makefile.am | 2 +- Makefile.in | 2 +- configure | 20 ++++++++++---------- configure.ac | 2 +- setup-ds-dsgw.in | 7 +++++++ 5 files changed, 20 insertions(+), 13 deletions(-) New commits: commit 742013f578d3cee7ad5f35712432d234eb43fd7f Author: Rich Megginson <rmeggins(a)redhat.com> Date: Wed Dec 14 19:17:23 2011 -0700 dsgw does not need libldap_r diff --git a/Makefile.am b/Makefile.am index 212e6c3..a710cdf 100644 --- a/Makefile.am +++ b/Makefile.am @@ -68,7 +68,7 @@ AM_CPPFLAGS +=-DPROPERTYDIR=\"$(propertydir)\" \ -DCGIURIBASE=\"$(cgiuri)\" -DMANUALSUBDIR=\"$(manualsubdir)\" if OPENLDAP -LDAPSDK_LINK = @openldap_lib@ -lldap_r@ol_libver@ -lldap@ol_libver@ @ldap_lib_ldif@ -llber@ol_libver@ +LDAPSDK_LINK = @openldap_lib@ -lldap@ol_libver@ @ldap_lib_ldif@ -llber@ol_libver@ else LDAPSDK_LINK = @ldapsdk_lib@ -lssldap60 -lprldap60 -lldap60 -lldif60 endif diff --git a/Makefile.in b/Makefile.in index 08cd8cb..0d8f0a3 100644 --- a/Makefile.in +++ b/Makefile.in @@ -486,7 +486,7 @@ AM_CPPFLAGS = -DDSGW_VER_STR=\"$(DSGW_VER_STR)\" $(DEBUG_DEFINES) \ -DMANUALDIR=\"$(manualdir)\" -DCGIURIBASE=\"$(cgiuri)\" \ -DMANUALSUBDIR=\"$(manualsubdir)\" @OPENLDAP_FALSE@LDAPSDK_LINK = @ldapsdk_lib@ -lssldap60 -lprldap60 -lldap60 -lldif60 -@OPENLDAP_TRUE@LDAPSDK_LINK = @openldap_lib@ -lldap_r@ol_libver@ -lldap@ol_libver@ @ldap_lib_ldif@ -llber@ol_libver@ +@OPENLDAP_TRUE@LDAPSDK_LINK = @openldap_lib@ -lldap@ol_libver@ @ldap_lib_ldif@ -llber@ol_libver@ DSGW_LIBS = @adminutil_lib@ -ladmsslutil@adminutil_ver@ -ladminutil@adminutil_ver@ \ @icu_lib@ -licui18n -licuuc -licudata \ $(LDAPSDK_LINK) \ commit 5c425cf879effbe637cfeb97c0570954e7f81131 Author: Rich Megginson <rmeggins(a)redhat.com> Date: Wed Dec 14 14:59:28 2011 -0700 bump version to 1.1.8 diff --git a/configure b/configure index 595f594..04f1906 100755 --- a/configure +++ b/configure @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.63 for dirsrv-gw 1.1.7. +# Generated by GNU Autoconf 2.63 for dirsrv-gw 1.1.8. # # Report bugs to <http://bugzilla.redhat.com/>. # @@ -745,8 +745,8 @@ SHELL=${CONFIG_SHELL-/bin/sh} # Identity of this package. PACKAGE_NAME='dirsrv-gw' PACKAGE_TARNAME='dirsrv-gw' -PACKAGE_VERSION='1.1.7' -PACKAGE_STRING='dirsrv-gw 1.1.7' +PACKAGE_VERSION='1.1.8' +PACKAGE_STRING='dirsrv-gw 1.1.8' PACKAGE_BUGREPORT='http://bugzilla.redhat.com/' ac_unique_file="dsgwutil.c" @@ -1579,7 +1579,7 @@ if test "$ac_init_help" = "long"; then # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures dirsrv-gw 1.1.7 to adapt to many kinds of systems. +\`configure' configures dirsrv-gw 1.1.8 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1649,7 +1649,7 @@ fi if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of dirsrv-gw 1.1.7:";; + short | recursive ) echo "Configuration of dirsrv-gw 1.1.8:";; esac cat <<\_ACEOF @@ -1788,7 +1788,7 @@ fi test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -dirsrv-gw configure 1.1.7 +dirsrv-gw configure 1.1.8 generated by GNU Autoconf 2.63 Copyright (C) 1992, 1993, 1994, 1995, 1996, 1998, 1999, 2000, 2001, @@ -1802,7 +1802,7 @@ cat >config.log <<_ACEOF This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by dirsrv-gw $as_me 1.1.7, which was +It was created by dirsrv-gw $as_me 1.1.8, which was generated by GNU Autoconf 2.63. Invocation command line was $ $0 $@ @@ -2652,7 +2652,7 @@ fi # Define the identity of the package. PACKAGE='dirsrv-gw' - VERSION='1.1.7' + VERSION='1.1.8' cat >>confdefs.h <<_ACEOF @@ -20796,7 +20796,7 @@ exec 6>&1 # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by dirsrv-gw $as_me 1.1.7, which was +This file was extended by dirsrv-gw $as_me 1.1.8, which was generated by GNU Autoconf 2.63. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -20859,7 +20859,7 @@ Report bugs to <bug-autoconf(a)gnu.org>." _ACEOF cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_version="\\ -dirsrv-gw config.status 1.1.7 +dirsrv-gw config.status 1.1.8 configured by $0, generated by GNU Autoconf 2.63, with options \\"`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`\\" diff --git a/configure.ac b/configure.ac index 7a727b6..940c222 100644 --- a/configure.ac +++ b/configure.ac @@ -21,7 +21,7 @@ # Process this file with autoconf to produce a configure script. AC_PREREQ(2.59) -AC_INIT([dirsrv-gw], [1.1.7], [http://bugzilla.redhat.com/]) +AC_INIT([dirsrv-gw], [1.1.8], [http://bugzilla.redhat.com/]) AC_CONFIG_SRCDIR([dsgwutil.c]) AM_INIT_AUTOMAKE([1.9 foreign subdir-objects]) AM_MAINTAINER_MODE commit 7aefc4420bba4b36562a2d883efbd5ba81dd946e Author: Rich Megginson <rmeggins(a)redhat.com> Date: Wed Dec 14 14:58:18 2011 -0700 add tmpfiles.d support for the cookiedir diff --git a/setup-ds-dsgw.in b/setup-ds-dsgw.in index 4e2d6ad..ba1a484 100644 --- a/setup-ds-dsgw.in +++ b/setup-ds-dsgw.in @@ -251,6 +251,13 @@ fi chown $dsgwuser:$dsgwgroup "$cookiedir" chmod 0700 "$cookiedir" +if [ -d /etc/tmpfiles.d -a ! -f /etc/tmpfiles.d/dirsrv-dsgw.conf ] ; then + echo Updating information in /etc/tmpfiles.d/dirsrv-dsgw.conf + parentdir=`dirname $cookiedir` + echo "d $parentdir 0700 $dsgwuser $dsgwgroup" > /etc/tmpfiles.d/dirsrv-dsgw.conf || { echo Error: could not update /etc/tmpfiles.d/dirsrv-dsgw.conf ; echo skipping tmpfiles.d configuration; } + echo "d $cookiedir 0700 $dsgwuser $dsgwgroup" >> /etc/tmpfiles.d/dirsrv-dsgw.conf || { echo Error: could not update /etc/tmpfiles.d/dirsrv-dsgw.conf ; echo skipping tmpfiles.d configuration; } +fi + # tell Apache about the dsgw - must restart Apache echo Adding configuration to httpd config file $httpdconf . . . grep dsgw-httpd.conf "$httpdconf" > /dev/null 2>&1 || (echo "" ; echo "# DSGW configuration" ; echo "Include $dsgwconfigdir/dsgw-httpd.conf") >> $httpdconf

11 years, 12 months

1
0
0 / 0

ldap/admin

by Richard Allen Megginson

ldap/admin/src/scripts/DSCreate.pm.in | 28 +++++++++++++++++++--------- 1 file changed, 19 insertions(+), 9 deletions(-) New commits: commit 255586bdb153aba2e006d5f238662ef33df1841b Author: Rich Megginson <rmeggins(a)redhat.com> Date: Wed Dec 14 13:51:00 2011 -0700 Bug 755754 - Unable to start dirsrv service using systemd https://bugzilla.redhat.com/show_bug.cgi?id=755754 Resolves: bug 755754 Bug Description: Unable to start dirsrv service using systemd Reviewed by: nhosoi (Thanks!) Branch: master Fix Description: Instead of blindly creating symlinks for dirsrv service instances, check to see if there is already a service with that name. Platforms tested: Fedora 16 Flag Day: no Doc impact: no diff --git a/ldap/admin/src/scripts/DSCreate.pm.in b/ldap/admin/src/scripts/DSCreate.pm.in index c2164d1..c60ca89 100644 --- a/ldap/admin/src/scripts/DSCreate.pm.in +++ b/ldap/admin/src/scripts/DSCreate.pm.in @@ -1063,7 +1063,8 @@ sub updateTmpfilesDotD { sub updateSystemD { my $inf = shift; my $unitdir = "@systemdsystemunitdir@"; - my $confdir = "@systemdsystemconfdir@/@systemdgroupname@.wants"; + my $confbasedir = "@systemdsystemconfdir@"; + my $confdir = "$confbasedir/@systemdgroupname@.wants"; if (!$unitdir or !$confdir or ! -d $unitdir or ! -d $confdir) { debug(3, "no systemd - skipping\n"); @@ -1082,15 +1083,24 @@ sub updateSystemD { for my $file (glob("$initconfigdir/$pkgname-*")) { my $inst = $file; $inst =~ s/^.*$pkgname-//; - my $servicelink = "$confdir/$pkgname\(a)$inst.service"; - if (! -l $servicelink) { - if (!symlink($servicefile, $servicelink)) { - debug(1, "error updating link $servicelink to $servicefile - $!\n"); - push @errs, [ 'error_linking_file', $servicefile, $servicelink, $! ]; - } else { - debug(2, "updated link $servicelink to $servicefile\n"); + # see if this is the admin or snmp or some other service + if (-f "$unitdir/$pkgname-$inst.service") { + debug(1, "$unitdir/$pkgname-$inst.service already exists - skipping\n"); + next; + } elsif (-f "$confbasedir/$pkgname-$inst.service") { + debug(1, "$confbasedir/$pkgname-$inst.service already exists - skipping\n"); + next; + } else { + my $servicelink = "$confdir/$pkgname\(a)$inst.service"; + if (! -l $servicelink) { + if (!symlink($servicefile, $servicelink)) { + debug(1, "error updating link $servicelink to $servicefile - $!\n"); + push @errs, [ 'error_linking_file', $servicefile, $servicelink, $! ]; + } else { + debug(2, "updated link $servicelink to $servicefile\n"); + } + $changes++; } - $changes++; } } # next, look for instances that have been removed

11 years, 12 months

1
0
0 / 0

ldap/servers

by Noriko Hosoi

ldap/servers/plugins/usn/usn.c | 50 ++++++++++++++++++++++++- ldap/servers/slapd/back-ldbm/index.c | 35 ++++++++++++++--- ldap/servers/slapd/back-ldbm/ldbm_modify.c | 4 +- ldap/servers/slapd/back-ldbm/ldbm_modrdn.c | 6 +-- ldap/servers/slapd/back-ldbm/proto-back-ldbm.h | 2 - ldap/servers/slapd/entrywsi.c | 12 ++++-- ldap/servers/slapd/slapi-private.h | 4 +- 7 files changed, 95 insertions(+), 18 deletions(-) New commits: commit a360ab7119d764b11b898d212b5405a87f912cd9 Author: Noriko Hosoi <nhosoi(a)redhat.com> Date: Tue Nov 29 13:31:39 2011 -0800 Bug 745259 - Incorrect entryUSN index under high load in replicated environment https://bugzilla.redhat.com/show_bug.cgi?id=745259 Bug Description: When replication conflicts occur in replacing entryusn, dangling entryusn keys pointing the same entryid are generated in the entryusn index file. There is no way to clean them up unless reindexing the entryusn. Fix Description: When replication conflicts occur in the replace op and new entry still contains the old value, then the old value won't be removed from the index file. Also, if the new value is not added to the entry, the new value won't be added to the index file. The failure is informed to entryusn by by setting LDAP_MOD_IGNORE in the mod. Entryusn plugin bepostop_modify uses the info to determine to increment the entryusn or not. diff --git a/ldap/servers/plugins/usn/usn.c b/ldap/servers/plugins/usn/usn.c index 792ea47..b211019 100644 --- a/ldap/servers/plugins/usn/usn.c +++ b/ldap/servers/plugins/usn/usn.c @@ -60,6 +60,7 @@ static int usn_bepreop_delete(Slapi_PBlock *pb); static int usn_bepreop_modify(Slapi_PBlock *pb); static int usn_bepostop(Slapi_PBlock *pb); static int usn_bepostop_delete (Slapi_PBlock *pb); +static int usn_bepostop_modify (Slapi_PBlock *pb); static int usn_start(Slapi_PBlock *pb); static int usn_close(Slapi_PBlock *pb); static int usn_get_attr(Slapi_PBlock *pb, const char* type, void *value); @@ -180,7 +181,7 @@ usn_bepostop_init(Slapi_PBlock *pb) slapi_pblock_set(pb, SLAPI_PLUGIN_BE_POST_DELETE_FN, (void *)usn_bepostop_delete) != 0 || slapi_pblock_set(pb, SLAPI_PLUGIN_BE_POST_MODIFY_FN, - (void *)usn_bepostop) != 0 || + (void *)usn_bepostop_modify) != 0 || slapi_pblock_set(pb, SLAPI_PLUGIN_BE_POST_MODRDN_FN, (void *)usn_bepostop) != 0) { slapi_log_error(SLAPI_LOG_FATAL, USN_PLUGIN_SUBSYSTEM, @@ -518,6 +519,53 @@ bail: } /* count up the counter */ +static int +usn_bepostop_modify (Slapi_PBlock *pb) +{ + int rc = -1; + Slapi_Backend *be = NULL; + LDAPMod **mods = NULL; + int i; + + slapi_log_error(SLAPI_LOG_TRACE, USN_PLUGIN_SUBSYSTEM, + "--> usn_bepostop_mod\n"); + + /* if op is not successful, don't increment the counter */ + slapi_pblock_get(pb, SLAPI_RESULT_CODE, &rc); + if (LDAP_SUCCESS != rc) { + goto bail; + } + + slapi_pblock_get(pb, SLAPI_MODIFY_MODS, &mods); + for (i = 0; mods && mods[i]; i++) { + if (0 == strcasecmp(mods[i]->mod_type, SLAPI_ATTR_ENTRYUSN)) { + if (mods[i]->mod_op & LDAP_MOD_IGNORE) { + slapi_log_error(SLAPI_LOG_TRACE, USN_PLUGIN_SUBSYSTEM, + "usn_bepostop_mod: MOD_IGNORE detected\n"); + goto bail; /* conflict occurred. + skip incrementing the counter. */ + } else { + break; + } + } + } + + slapi_pblock_get(pb, SLAPI_BACKEND, &be); + if (NULL == be) { + rc = LDAP_PARAM_ERROR; + goto bail; + } + + if (be->be_usn_counter) { + slapi_counter_increment(be->be_usn_counter); + } +bail: + slapi_log_error(SLAPI_LOG_TRACE, USN_PLUGIN_SUBSYSTEM, + "<-- usn_bepostop_mod\n"); + return rc; +} + +/* count up the counter */ /* if the op is delete and the op was not successful, remove preventryusn */ static int usn_bepostop_delete (Slapi_PBlock *pb) diff --git a/ldap/servers/slapd/back-ldbm/index.c b/ldap/servers/slapd/back-ldbm/index.c index 08218ad..5f45e0a 100644 --- a/ldap/servers/slapd/back-ldbm/index.c +++ b/ldap/servers/slapd/back-ldbm/index.c @@ -485,7 +485,7 @@ index_addordel_entry( int index_add_mods( backend *be, - const LDAPMod **mods, + LDAPMod **mods, struct backentry *olde, struct backentry *newe, back_txn *txn @@ -580,10 +580,11 @@ index_add_mods( flags |= BE_INDEX_EQUALITY; } } else { - /* Remove duplicate value from deleted value array */ Slapi_Value *rval = valuearray_remove_value(curr_attr, deleted_valueArray, deleted_valueArray[j]); slapi_value_free( &rval ); j--; + /* indicates there was some conflict */ + mods[i]->mod_op |= LDAP_MOD_IGNORE; } } } else { @@ -604,16 +605,38 @@ index_add_mods( if ( mods_valueArray == NULL ) { rc = 0; } else { - rc = index_addordel_values_sv( be, + /* Verify if the value is in newe. + * If it is in, we will add the attr value to the index file. */ + slapi_entry_attr_find( newe->ep_entry, + mods[i]->mod_type, &curr_attr ); + + for (j = 0; mods_valueArray[j] != NULL; j++) { + /* mods_valueArray[j] is in curr_attr ==> return 0 */ + if (slapi_attr_value_find(curr_attr, + slapi_value_get_berval(mods_valueArray[j]))) { + /* The value is NOT in newe, remove it. */ + Slapi_Value *rval = valuearray_remove_value(curr_attr, + mods_valueArray, + mods_valueArray[j]); + slapi_value_free( &rval ); + /* indicates there was some conflict */ + mods[i]->mod_op |= LDAP_MOD_IGNORE; + } + } + if (mods_valueArray) { + rc = index_addordel_values_sv( be, mods[i]->mod_type, mods_valueArray, NULL, id, BE_INDEX_ADD, txn ); + } else { + rc = 0; + } } break; case LDAP_MOD_DELETE: if ( (mods[i]->mod_bvalues == NULL) || - (mods[i]->mod_bvalues[0] == NULL) ) { + (mods[i]->mod_bvalues[0] == NULL) ) { rc = 0; flags = BE_INDEX_DEL; @@ -713,7 +736,7 @@ index_add_mods( } rc = 0; break; - } + } /* switch ( mods[i]->mod_op & ~LDAP_MOD_BVALUES ) */ /* free memory */ slapi_ch_free((void **)&tmp); @@ -724,7 +747,7 @@ index_add_mods( ldbm_nasty(errmsg, 1040, rc); return( rc ); } - } + } /* for ( i = 0; mods[i] != NULL; i++ ) */ return( 0 ); } diff --git a/ldap/servers/slapd/back-ldbm/ldbm_modify.c b/ldap/servers/slapd/back-ldbm/ldbm_modify.c index ba6527f..943a095 100644 --- a/ldap/servers/slapd/back-ldbm/ldbm_modify.c +++ b/ldap/servers/slapd/back-ldbm/ldbm_modify.c @@ -159,7 +159,7 @@ int modify_update_all(backend *be, Slapi_PBlock *pb, } goto error; } - retval = index_add_mods( be, (const LDAPMod **)slapi_mods_get_ldapmods_byref(mc->smods), mc->old_entry, mc->new_entry, txn ); + retval = index_add_mods( be, slapi_mods_get_ldapmods_byref(mc->smods), mc->old_entry, mc->new_entry, txn ); if ( 0 != retval ) { if (DB_LOCK_DEADLOCK != retval) { @@ -456,7 +456,7 @@ ldbm_back_modify( Slapi_PBlock *pb ) goto error_return; } ec_in_cache = 1; - retval = index_add_mods( be, (const LDAPMod**)mods, e, ec, &txn ); + retval = index_add_mods( be, mods, e, ec, &txn ); if (DB_LOCK_DEADLOCK == retval) { /* Abort and re-try */ diff --git a/ldap/servers/slapd/back-ldbm/ldbm_modrdn.c b/ldap/servers/slapd/back-ldbm/ldbm_modrdn.c index ac5c775..2dadefc 100644 --- a/ldap/servers/slapd/back-ldbm/ldbm_modrdn.c +++ b/ldap/servers/slapd/back-ldbm/ldbm_modrdn.c @@ -1432,7 +1432,7 @@ modrdn_rename_entry_update_indexes(back_txn *ptxn, Slapi_PBlock *pb, struct ldbm /* * update the indexes: lastmod, rdn, etc. */ - retval = index_add_mods( be, (const LDAPMod **)slapi_mods_get_ldapmods_byref(smods1), e, ec, ptxn ); + retval = index_add_mods( be, slapi_mods_get_ldapmods_byref(smods1), e, ec, ptxn ); if (DB_LOCK_DEADLOCK == retval) { /* Retry txn */ @@ -1455,7 +1455,7 @@ modrdn_rename_entry_update_indexes(back_txn *ptxn, Slapi_PBlock *pb, struct ldbm /* * update the indexes: lastmod, rdn, etc. */ - retval = index_add_mods( be, (const LDAPMod **)slapi_mods_get_ldapmods_byref(smods2), e, ec, ptxn ); + retval = index_add_mods( be, slapi_mods_get_ldapmods_byref(smods2), e, ec, ptxn ); if (DB_LOCK_DEADLOCK == retval) { /* Retry txn */ @@ -1472,7 +1472,7 @@ modrdn_rename_entry_update_indexes(back_txn *ptxn, Slapi_PBlock *pb, struct ldbm /* * update the indexes: lastmod, rdn, etc. */ - retval = index_add_mods( be, (const LDAPMod **)slapi_mods_get_ldapmods_byref(smods3), e, ec, ptxn ); + retval = index_add_mods( be, slapi_mods_get_ldapmods_byref(smods3), e, ec, ptxn ); if (DB_LOCK_DEADLOCK == retval) { /* Retry txn */ diff --git a/ldap/servers/slapd/back-ldbm/proto-back-ldbm.h b/ldap/servers/slapd/back-ldbm/proto-back-ldbm.h index c30e987..771f0c5 100644 --- a/ldap/servers/slapd/back-ldbm/proto-back-ldbm.h +++ b/ldap/servers/slapd/back-ldbm/proto-back-ldbm.h @@ -278,7 +278,7 @@ int idl_new_compare_dups( * index.c */ int index_addordel_entry( backend *be, struct backentry *e, int flags, back_txn *txn ); -int index_add_mods( backend *be, const LDAPMod**mods, struct backentry *olde, struct backentry *newe, back_txn *txn ); +int index_add_mods( backend *be, /*const*/LDAPMod**mods, struct backentry *olde, struct backentry *newe, back_txn *txn ); int index_addordel_string(backend *be, const char *type, const char *s, ID id, int flags, back_txn *txn); int index_addordel_values_sv( backend *be, const char *type, Slapi_Value **vals, Slapi_Value **evals, ID id, int flags, back_txn *txn ); int index_addordel_values_ext_sv( backend *be, const char *type, Slapi_Value **vals, Slapi_Value **evals, ID id, int flags, back_txn *txn,int *idl_disposition, void *buffer_handle ); diff --git a/ldap/servers/slapd/entrywsi.c b/ldap/servers/slapd/entrywsi.c index 506a1f9..a749cee 100644 --- a/ldap/servers/slapd/entrywsi.c +++ b/ldap/servers/slapd/entrywsi.c @@ -719,11 +719,15 @@ entry_apply_mod_wsi(Slapi_Entry *e, const LDAPMod *mod, const CSN *csn, int urp) retVal = entry_replace_present_values_wsi( e, mod->mod_type, mod->mod_bvalues, csn, urp ); break; } - for ( i = 0; mod->mod_bvalues != NULL && mod->mod_bvalues[i] != NULL; i++ ) - { - LDAPDebug( LDAP_DEBUG_ARGS, " %s: %s\n", mod->mod_type, mod->mod_bvalues[i]->bv_val, 0 ); + if ( LDAPDebugLevelIsSet( LDAP_DEBUG_ARGS )) { + for ( i = 0; + mod->mod_bvalues != NULL && mod->mod_bvalues[i] != NULL; + i++ ) { + LDAPDebug( LDAP_DEBUG_ARGS, " %s: %s\n", + mod->mod_type, mod->mod_bvalues[i]->bv_val, 0 ); + } + LDAPDebug( LDAP_DEBUG_ARGS, " -\n", 0, 0, 0 ); } - LDAPDebug( LDAP_DEBUG_ARGS, " -\n", 0, 0, 0 ); return retVal; } diff --git a/ldap/servers/slapd/slapi-private.h b/ldap/servers/slapd/slapi-private.h index 2b717a0..fda28a2 100644 --- a/ldap/servers/slapd/slapi-private.h +++ b/ldap/servers/slapd/slapi-private.h @@ -440,8 +440,10 @@ unsigned long operation_get_type(Slapi_Operation *op); * #define LDAP_MOD_ADD 0x00 * #define LDAP_MOD_DELETE 0x01 * #define LDAP_MOD_REPLACE 0x02 + * #define LDAP_MOD_INCREMENT 0x03 -- Openldap extension + * #define LDAP_MOD_BVALUES 0x80 */ -#define LDAP_MOD_IGNORE 0x09 +#define LDAP_MOD_IGNORE 0x100 /* dl.c */

12 years

1
0
0 / 0

src/com

by Noriko Hosoi

src/com/netscape/admin/dirserv/panel/EncryptionPanel.java | 51 ++++++++++++++ 1 file changed, 51 insertions(+) New commits: commit 7c3d88a741835757d21824b4d514fba04ff56a4e Author: Noriko Hosoi <nhosoi(a)redhat.com> Date: Thu Dec 1 14:35:52 2011 -0800 Bug 757773 - SSL Port issue in Console https://bugzilla.redhat.com/show_bug.cgi?id=757773 Description: If non-standard SSL ports are set from outside of Console, there is no chance for Console to update nsSecureServerPort in o=netscaperoot. When enabling "Use SSL in Console", if the secure port in cn=config is not the standard SSL port 636, replace nsSecureServerPort in o=netscaperoot with the one read from cn=config. Reviewed by nkinder(a)redhat.com (Thanks!!) diff --git a/src/com/netscape/admin/dirserv/panel/EncryptionPanel.java b/src/com/netscape/admin/dirserv/panel/EncryptionPanel.java index e131bf4..1a6023b 100644 --- a/src/com/netscape/admin/dirserv/panel/EncryptionPanel.java +++ b/src/com/netscape/admin/dirserv/panel/EncryptionPanel.java @@ -619,6 +619,57 @@ public class EncryptionPanel extends BlankPanel _cbConsoleSSL.setEnabled(_configData.sslServerOn && !_rbRequired.isSelected()); _cbSSLCheckHostName.setEnabled(_configData.sslServerOn); + // Get secure port + DSResourceModel model = (DSResourceModel)getModel(); + ConsoleInfo serverInfo = model.getServerInfo(); + LDAPConnection ldc = serverInfo.getLDAPConnection(); + int securePort = -1; + // Read cn=config + String configDn = "cn=config"; + String[] configAttrs = { "nsslapd-secureport" }; + LDAPEntry configEntry = null; + try { + configEntry = ldc.read(configDn, configAttrs); + } + catch(LDAPException x) { + Debug.println(0, + "EncryptionPanel.updateComponentState: failure while reading config data"); + if (Debug.getTrace()) { + x.printStackTrace(); + } + } + + // Parse configEntry + if (configEntry != null) { + String securePortStr = DSUtil.getAttrValue(configEntry, configAttrs[0]); + try { + securePort = Integer.parseInt(securePortStr); + } + catch(NumberFormatException x) { + Debug.println(0, + "EncryptionPanel.updateComponentState: cannot convert nsslapd-secureport to an int !"); + } + + // If securePort is not a default value, set it to NetscapeRoot + if (636 != securePort) { + ConsoleInfo consoleInfo = model.getConsoleInfo(); + LDAPConnection sieldc = consoleInfo.getLDAPConnection(); + String sieDn = consoleInfo.getCurrentDN(); + LDAPAttribute attr = + new LDAPAttribute("nssecureserverport", securePortStr); + try { + sieldc.modify(sieDn, + new LDAPModification(LDAPModification.REPLACE, attr)); + } + catch(LDAPException xx) { + Debug.println(0, + "EncryptionPanel.updateComponentState: failure while modifying console config data"); + if (Debug.getTrace()) { + xx.printStackTrace(); + } + } + } + } }

12 years

1
0
0 / 0

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

389-commits December 2011