ldap/servers
by Noriko Hosoi
ldap/servers/plugins/uiduniq/7bit.c | 15 ++++++++++++++-
1 file changed, 14 insertions(+), 1 deletion(-)
New commits:
commit 67b248ed88a064364406c9b64ebd84c90195506b
Author: Anupam Jain <anjain(a)localhost.localdomain>
Date: Wed Jul 17 14:58:42 2013 -0700
Ticket #47370 - DS crashes with some 7-bit check plugin configurations
Bug description: DS crashed when some nsslapd-pluginarg were
missing. The crash was resolved with the fix to #47340 but
the correct error messages were not logged in some cases
Fix description: This patch ensures that correct error messages
are logged in the server error log
https://fedorahosted.org/389/ticket/47370
Reviewed by nhosoi.
diff --git a/ldap/servers/plugins/uiduniq/7bit.c b/ldap/servers/plugins/uiduniq/7bit.c
index a83122e..b6d164b 100644
--- a/ldap/servers/plugins/uiduniq/7bit.c
+++ b/ldap/servers/plugins/uiduniq/7bit.c
@@ -719,7 +719,7 @@ NS7bitAttr_Init(Slapi_PBlock *pb)
int attr_count = 0;
int argc;
char **argv;
-
+ int valid_suffix = 0;
/* Declare plugin version */
err = slapi_pblock_set(pb, SLAPI_PLUGIN_VERSION,
@@ -756,11 +756,20 @@ NS7bitAttr_Init(Slapi_PBlock *pb)
argv++; argc--;
if(argc == 0){ err = -5; break; } /* no suffix */
for(;argc > 0;argc--, argv++) {
+ err = slapi_dn_syntax_check(pb, *argv, 1);
+ if (err) {
+ slapi_log_error(SLAPI_LOG_FATAL, "NS7bitAttr_Init",
+ "Invalid suffix: %s\n", *argv);
+ continue;
+ }
+ if (!valid_suffix)
+ valid_suffix = 1;
char *normdn = slapi_create_dn_string_case("%s", *argv);
slapi_ch_free_string(argv);
*argv = normdn;
}
+ if (!valid_suffix) { err = -6; break; } /* Invalid suffix list */
/* Provide descriptive information */
err = slapi_pblock_set(pb, SLAPI_PLUGIN_DESCRIPTION,
(void*)&pluginDesc);
@@ -793,7 +802,11 @@ NS7bitAttr_Init(Slapi_PBlock *pb)
} else if(err == -5){
slapi_log_error(SLAPI_LOG_FATAL, "NS7bitAttr_Init",
"Invalid plugin arguments - missing suffix\n");
+ } else if(err == -6){
+ slapi_log_error(SLAPI_LOG_FATAL, "NS7bitAttr_Init",
+ "Invalid plugin arguments - Invalid suffix list\n");
}
+
err = -1;
}
else
10 years, 9 months
ldap/schema ldap/servers
by Noriko Hosoi
ldap/schema/01core389.ldif | 16 ++++++++
ldap/servers/slapd/plugin.c | 87 +++++++++++++++++++++++++++++++++++++++++---
2 files changed, 99 insertions(+), 4 deletions(-)
New commits:
commit d2c5b35e20578043117f84e928d96d296bdfc046
Author: Anupam Jain <anjain(a)localhost.localdomain>
Date: Tue Jul 16 18:16:27 2013 -0700
Ticket #47431 - Duplicate values for the attribute nsslapd-pluginarg are not handled correctly
Fix description: Added the attributes nsslapd-pluginarg0 to
nsslapd-pluginarg15 in the schema file with the condition that
they must be singlevalued. This solves the issue of incorrect
handling of duplicate and multiple values of these attributes.
This fix also solves the problem of non-continuous numbers in
the nsslapd-pluginarg attributes and makes them continuous if
they are not.
https://fedorahosted.org/389/ticket/47431
Reviewed by nhosoi.
diff --git a/ldap/schema/01core389.ldif b/ldap/schema/01core389.ldif
index 8ef702d..8c49918 100644
--- a/ldap/schema/01core389.ldif
+++ b/ldap/schema/01core389.ldif
@@ -153,6 +153,22 @@ attributeTypes: ( 2.16.840.1.113730.3.1.2152 NAME 'nsds5ReplicaProtocolTimeout'
attributeTypes: ( 2.16.840.1.113730.3.1.2154 NAME 'nsds5ReplicaBackoffMin' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )
attributeTypes: ( 2.16.840.1.113730.3.1.2155 NAME 'nsds5ReplicaBackoffMax' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )
attributeTypes: ( 2.16.840.1.113730.3.1.2156 NAME 'nsslapd-sasl-max-buffer-size' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )
+attributeTypes: ( 2.16.840.1.113730.3.1.2161 NAME 'nsslapd-pluginArg0' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )
+attributeTypes: ( 2.16.840.1.113730.3.1.2162 NAME 'nsslapd-pluginArg1' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )
+attributeTypes: ( 2.16.840.1.113730.3.1.2163 NAME 'nsslapd-pluginArg2' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )
+attributeTypes: ( 2.16.840.1.113730.3.1.2164 NAME 'nsslapd-pluginArg3' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )
+attributeTypes: ( 2.16.840.1.113730.3.1.2165 NAME 'nsslapd-pluginArg4' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )
+attributeTypes: ( 2.16.840.1.113730.3.1.2166 NAME 'nsslapd-pluginArg5' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )
+attributeTypes: ( 2.16.840.1.113730.3.1.2167 NAME 'nsslapd-pluginArg6' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )
+attributeTypes: ( 2.16.840.1.113730.3.1.2168 NAME 'nsslapd-pluginArg7' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )
+attributeTypes: ( 2.16.840.1.113730.3.1.2169 NAME 'nsslapd-pluginArg8' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )
+attributeTypes: ( 2.16.840.1.113730.3.1.2170 NAME 'nsslapd-pluginArg9' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )
+attributeTypes: ( 2.16.840.1.113730.3.1.2171 NAME 'nsslapd-pluginArg10' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )
+attributeTypes: ( 2.16.840.1.113730.3.1.2172 NAME 'nsslapd-pluginArg11' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )
+attributeTypes: ( 2.16.840.1.113730.3.1.2173 NAME 'nsslapd-pluginArg12' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )
+attributeTypes: ( 2.16.840.1.113730.3.1.2174 NAME 'nsslapd-pluginArg13' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )
+attributeTypes: ( 2.16.840.1.113730.3.1.2175 NAME 'nsslapd-pluginArg14' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )
+attributeTypes: ( 2.16.840.1.113730.3.1.2176 NAME 'nsslapd-pluginArg15' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )
#
# objectclasses
#
diff --git a/ldap/servers/slapd/plugin.c b/ldap/servers/slapd/plugin.c
index 52b9c3c..d9b925c 100644
--- a/ldap/servers/slapd/plugin.c
+++ b/ldap/servers/slapd/plugin.c
@@ -54,6 +54,11 @@
#define ROOT_BIND "directory manager"
#define ANONYMOUS_BIND "anonymous"
+/* This defines the maximum number that an nsslapd-pluginArg attribute can have.
+ * A plugin can have 16 arguments nsslapd-pluginArg0 to nsslapd-pluginArg15
+ */
+#define MAX_PLUGINARG_NUM 15
+
/* Forward Declarations */
static int plugin_call_list (struct slapdplugin *list, int operation, Slapi_PBlock *pb);
static int plugin_call_one (struct slapdplugin *list, int operation, Slapi_PBlock *pb);
@@ -2097,8 +2102,19 @@ plugin_setup(Slapi_Entry *plugin_entry, struct slapi_componentid *group,
int status = 0;
int enabled = 1;
char *configdir = 0;
+ int diff = 0;
+ int index_prev = 0;
+ char attr_prev[BUFSIZ];
+ int rc = 0;
+ int num_args = 0;
+ Slapi_Attr *newattr = 0;
+ int arg_length = 0;
+ char *attrnamenum = NULL;
+ char *attr_prevnum = NULL;
+ int numsize = 0;
attrname[0] = '\0';
+ attr_prev[0] = '\0';
if (!slapi_entry_get_sdn_const(plugin_entry))
{
@@ -2278,15 +2294,78 @@ plugin_setup(Slapi_Entry *plugin_entry, struct slapi_componentid *group,
}
/* add the plugin arguments */
+ rc = 0;
+ arg_length = strlen(ATTR_PLUGIN_ARG);
+
+ for (rc = slapi_entry_first_attr(plugin_entry, &newattr); !rc && newattr; rc = slapi_entry_next_attr(plugin_entry, newattr, &newattr))
+ {
+ char *type = NULL;
+ slapi_attr_get_type(newattr, &type);
+ if (strncasecmp(type, ATTR_PLUGIN_ARG, arg_length) == 0)
+ {
+ char *ptr = type;
+ ptr += arg_length;
+ int numdigits = 0;
+ char *ptr_num = ptr;
+ if ((*ptr == '\0') || ((*ptr == '0') && (*(ptr+1) != '\0')))
+ {
+ slapi_log_error( SLAPI_LOG_FATAL, plugin->plg_dn, "Invalid Plugin argument: %s. Argument ignored\n", type);
+ continue;
+ }
+ while(*ptr != '\0')
+ {
+ if (!isdigit(*ptr))
+ {
+ slapi_log_error( SLAPI_LOG_FATAL, plugin->plg_dn, "Invalid Plugin argument: %s. Argument ignored\n", type);
+ break;
+ }
+ numdigits++;
+ ptr++;
+ }
+ if (*ptr == '\0')
+ {
+ if ((numdigits < 3) && (atoi(ptr_num) <= MAX_PLUGINARG_NUM))
+ num_args++;
+ else
+ {
+ slapi_log_error( SLAPI_LOG_FATAL, plugin->plg_dn, "Plugin argument value nsslapd-pluginArg%s exceeded maximum allowed value nsslapd-pluginArg%d\n", ptr_num, MAX_PLUGINARG_NUM);
+ status = -1;
+ goto PLUGIN_CLEANUP;
+ }
+ }
+ }
+ }
+
+ PR_snprintf(attrname, sizeof(attrname), "%s", ATTR_PLUGIN_ARG);
+ PR_snprintf(attr_prev, sizeof(attr_prev), "%s", ATTR_PLUGIN_ARG);
+ attrnamenum = attrname + sizeof(ATTR_PLUGIN_ARG) -1;
+ attr_prevnum = attr_prev + sizeof(ATTR_PLUGIN_ARG) -1;
+ numsize = sizeof(attrname) - sizeof(ATTR_PLUGIN_ARG);
value = 0;
ii = 0;
- PR_snprintf(attrname, sizeof(attrname), "%s%d", ATTR_PLUGIN_ARG, ii);
- while ((value = slapi_entry_attr_get_charptr(plugin_entry, attrname)) != NULL)
+ while (plugin->plg_argc < num_args)
{
+ PR_snprintf(attrnamenum, numsize, "%d", ii);
+ if (diff == 0)
+ {
+ strcpy(attr_prev, attrname);
+ index_prev = ii;
+ }
+ while ((value = slapi_entry_attr_get_charptr(plugin_entry, attrname)) == NULL)
+ {
+ PR_snprintf(attrnamenum, numsize, "%d", ++ii);
+ }
+
+ if(strcmp(attrname, attr_prev) != 0)
+ {
+ slapi_entry_add_string(plugin_entry, attr_prev, value);
+ slapi_entry_attr_delete(plugin_entry, attrname);
+ diff = 1;
+ PR_snprintf(attr_prevnum, numsize, "%d", ++index_prev);
+ }
charray_add(&plugin->plg_argv, value);
plugin->plg_argc++;
++ii;
- PR_snprintf(attrname, sizeof(attrname), "%s%d", ATTR_PLUGIN_ARG, ii);
}
memset((char *)&pb, '\0', sizeof(pb));
@@ -3233,4 +3312,4 @@ slapi_disordely_shutdown(PRBool set)
is_disordely_shutdown = PR_TRUE;
}
return (is_disordely_shutdown);
-}
\ No newline at end of file
+}
10 years, 9 months
ldap/servers
by Noriko Hosoi
ldap/servers/slapd/fedse.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
New commits:
commit 1cd68bbd54e84c962b0e343515f0cd1f57326667
Author: Noriko Hosoi <nhosoi(a)redhat.com>
Date: Tue Jul 2 18:41:28 2013 -0700
Ticket #47384 - Plugin library path validation
Description: commit a4b81c0ae59a4246d2d44790efea093a62fc972c
only checks the invalid plugin path when the value is modified.
This patch adds the check when a plugin entry is added.
diff --git a/ldap/servers/slapd/fedse.c b/ldap/servers/slapd/fedse.c
index ab6ee62..6363a7a 100644
--- a/ldap/servers/slapd/fedse.c
+++ b/ldap/servers/slapd/fedse.c
@@ -1814,7 +1814,7 @@ setup_internal_backends(char *configdir)
dse_register_callback(pfedse,SLAPI_OPERATION_MODIFY,DSE_FLAG_PREOP,&root,LDAP_SCOPE_BASE,"(objectclass=*)",modify_root_dse,NULL);
dse_register_callback(pfedse,SLAPI_OPERATION_MODIFY,DSE_FLAG_PREOP,&saslmapping,LDAP_SCOPE_SUBTREE,"(objectclass=nsSaslMapping)",sasl_map_config_modify,NULL);
dse_register_callback(pfedse,SLAPI_OPERATION_MODIFY,DSE_FLAG_PREOP,&plugins,LDAP_SCOPE_SUBTREE,"(objectclass=nsSlapdPlugin)",check_plugin_path,NULL);
-
+
/* Delete */
dse_register_callback(pfedse,SLAPI_OPERATION_DELETE,DSE_FLAG_PREOP,&config,LDAP_SCOPE_BASE,"(objectclass=*)",dont_allow_that,NULL);
dse_register_callback(pfedse,SLAPI_OPERATION_DELETE,DSE_FLAG_PREOP,&monitor,LDAP_SCOPE_BASE,"(objectclass=*)",dont_allow_that,NULL);
@@ -1829,6 +1829,7 @@ setup_internal_backends(char *configdir)
/* Add */
dse_register_callback(pfedse,SLAPI_OPERATION_ADD,DSE_FLAG_PREOP,&saslmapping,LDAP_SCOPE_SUBTREE,"(objectclass=nsSaslMapping)",sasl_map_config_add,NULL);
+ dse_register_callback(pfedse,SLAPI_OPERATION_ADD,DSE_FLAG_PREOP,&plugins,LDAP_SCOPE_SUBTREE,"(objectclass=nsSlapdPlugin)",check_plugin_path,NULL);
be = be_new_internal(pfedse, "DSE", DSE_BACKEND);
be_addsuffix(be,&root);
@@ -1923,6 +1924,11 @@ check_plugin_path(Slapi_PBlock *pb,
int plugindir_len = sizeof(PLUGINDIR)-1;
int j = 0;
int rc = SLAPI_DSE_CALLBACK_OK;
+
+ if (NULL == vals) {
+ /* ADD case, entryBefore is used for the new entry */
+ vals = slapi_entry_attr_get_charray (entryBefore, ATTR_PLUGIN_PATH);
+ }
for (j = 0; vals && vals[j]; j++) {
char *full_path = NULL;
char *resolved_path = NULL;
10 years, 9 months
ldap/servers
by Ludwig Krispenz
ldap/servers/slapd/attrsyntax.c | 1 +
1 file changed, 1 insertion(+)
New commits:
commit ec6ebc0b0f085a82041d993ab2450a3922ef5502
Author: Ludwig Krispenz <lkrispen(a)redhat.com>
Date: Wed Jul 17 10:35:32 2013 +0200
Fix compiler warning
diff --git a/ldap/servers/slapd/attrsyntax.c b/ldap/servers/slapd/attrsyntax.c
index cc4ff28..7ce4264 100644
--- a/ldap/servers/slapd/attrsyntax.c
+++ b/ldap/servers/slapd/attrsyntax.c
@@ -859,6 +859,7 @@ attr_syntax_create_default( const char *name, const char *oid,
&default_asi );
if ( rc == 0 && default_asi->asi_plugin == 0)
default_asi->asi_plugin = attr_syntax_default_plugin (syntax );
+ return (rc);
}
/*
10 years, 9 months
Branch '389-ds-base-1.3.1' - ldap/servers
by Ludwig Krispenz
ldap/servers/slapd/attrsyntax.c | 187 ++++++++++++++++++++++++++++++++++++++++
1 file changed, 187 insertions(+)
New commits:
commit 62d0dbf548e1d2b0d7f7e09809456393034e34a5
Author: Ludwig Krispenz <lkrispen(a)redhat.com>
Date: Wed Jul 17 10:28:47 2013 +0200
Ticket 47369 version2 - provide default syntax plugin
Bug Description: syntax plugins are laoded during bootstrapping, but
in that phase already attributes are handled
eg in dse.ldif and schema files and no proper way
to normalize or comare values is provided.
This became visible with teh fix for ticket #346
where large attribute sets will be sorted
Fix Description: when the first attribute syntax init is done, create a plugin
for directory string syntax and register it with a dummy
attribute name. if for any attribute the syntax lookup fails
fall back to using this plugin.
It will only be used until the syntax plugins are loaded
and in the startup phase it is acceptable to use directory
string.
The impelemenation of the default plugin is reduce to the
necessary minimum not to duplicate the code of the syntax
plugins.
A more rigorus solution would be to refactor the code and
and move the common code from the syntax plugin to the
slapd level and reuse it in the default plugin.
But this would be a major change and should only be done
with a review of the syntax plugin code, whic could probabyly
be optimized.
https://fedorahosted.org/389/ticket/47369
Reviewed by: RichM
diff --git a/ldap/servers/slapd/attrsyntax.c b/ldap/servers/slapd/attrsyntax.c
index 4326f03..0759d61 100644
--- a/ldap/servers/slapd/attrsyntax.c
+++ b/ldap/servers/slapd/attrsyntax.c
@@ -75,6 +75,7 @@ static int asi_locking = 1;
#define AS_UNLOCK_WRITE(l) if (asi_locking) { slapi_rwlock_unlock(l); }
+static struct asyntaxinfo *default_asi = NULL;
static void *attr_syntax_get_plugin_by_name_with_default( const char *type );
static void attr_syntax_delete_no_lock( struct asyntaxinfo *asip,
@@ -308,6 +309,8 @@ struct asyntaxinfo *asi = NULL;
asi = attr_syntax_get_by_name_locking_optional(name, PR_TRUE);
if (asi == NULL)
asi = attr_syntax_get_by_name(ATTR_WITH_OCTETSTRING_SYNTAX);
+ if ( asi == NULL )
+ asi = default_asi;
return asi;
}
@@ -545,6 +548,154 @@ attr_syntax_exists(const char *attr_name)
return 0;
}
+static void default_dirstring_normalize_int(char *s, int trim_spaces);
+
+static
+int default_dirstring_filter_ava( struct berval *bvfilter, Slapi_Value **bvals,int ftype, Slapi_Value **retVal )
+{
+ return(0);
+}
+
+static
+int default_dirstring_values2keys( Slapi_PBlock *pb, Slapi_Value **bvals,Slapi_Value ***ivals, int ftype )
+{
+ int numbvals = 0;
+ Slapi_Value **nbvals, **nbvlp;
+ Slapi_Value **bvlp;
+ char *c;
+
+ if (NULL == ivals) {
+ return 1;
+ }
+ *ivals = NULL;
+ if (NULL == bvals) {
+ return 1;
+ }
+ switch ( ftype ) {
+ case LDAP_FILTER_EQUALITY:
+ /* allocate a new array for the normalized values */
+ for ( bvlp = bvals; bvlp && *bvlp; bvlp++ ) {
+ numbvals++;
+ }
+ nbvals = (Slapi_Value **) slapi_ch_calloc( (numbvals + 1), sizeof(Slapi_Value *));
+
+ for ( bvlp = bvals, nbvlp = nbvals; bvlp && *bvlp; bvlp++, nbvlp++ ) {
+ c = slapi_ch_strdup(slapi_value_get_string(*bvlp));
+ default_dirstring_normalize_int( c, 1 );
+ *nbvlp = slapi_value_new_string_passin(c);
+ c = NULL;
+ }
+ *ivals = nbvals;
+ break;
+
+ case LDAP_FILTER_APPROX:
+ case LDAP_FILTER_SUBSTRINGS:
+ default:
+ /* default plugin only handles equality so far */
+ LDAPDebug( LDAP_DEBUG_ANY,
+ "default_dirstring_values2keys: unsupported ftype 0x%x\n",
+ ftype, 0, 0 );
+ break;
+ }
+ return(0);
+}
+
+static
+int default_dirstring_assertion2keys_ava(Slapi_PBlock *pb,Slapi_Value *val,Slapi_Value ***ivals,int ftype )
+{
+ return(0);
+}
+
+static
+int default_dirstring_cmp(struct berval *v1,struct berval *v2, int normalize)
+{
+ return(0);
+}
+
+static
+void default_dirstring_normalize(Slapi_PBlock *pb, char *s, int trim_spaces, char **alt)
+{
+ default_dirstring_normalize_int(s, trim_spaces);
+}
+
+static
+void default_dirstring_normalize_int(char *s, int trim_spaces)
+{
+ char *head = s;
+ char *d;
+ int prevspace, curspace;
+
+ if (NULL == s) {
+ return;
+ }
+ d = s;
+ if (trim_spaces) {
+ /* strip leading blanks */
+ while (ldap_utf8isspace(s)) {
+ LDAP_UTF8INC(s);
+ }
+ }
+
+ /* handle value of all spaces - turn into single space */
+ if ( *s == '\0' && s != d ) {
+ *d++ = ' ';
+ *d = '\0';
+ return;
+ }
+ prevspace = 0;
+ while ( *s ) {
+ int ssz, dsz;
+ curspace = ldap_utf8isspace(s);
+
+ /* compress multiple blanks */
+ if ( prevspace && curspace ) {
+ LDAP_UTF8INC(s);
+ continue;
+ }
+ prevspace = curspace;
+ slapi_utf8ToLower((unsigned char*)s, (unsigned char *)d, &ssz, &dsz);
+ s += ssz;
+ d += dsz;
+ }
+ *d = '\0';
+ /* strip trailing blanks */
+ if (prevspace && trim_spaces) {
+ char *nd;
+
+ nd = ldap_utf8prev(d);
+ while (nd && nd >= head && ldap_utf8isspace(nd)) {
+ d = nd;
+ nd = ldap_utf8prev(d);
+ *d = '\0';
+ }
+ }
+}
+
+static struct slapdplugin *
+attr_syntax_default_plugin ( const char *nameoroid )
+{
+
+ struct slapdplugin *pi = NULL;
+ /*
+ * create a new plugin structure and
+ * set the plugin function pointers.
+ */
+ pi = (struct slapdplugin *)slapi_ch_calloc(1, sizeof(struct slapdplugin));
+
+ pi->plg_dn = slapi_ch_strdup("default plugin for directory string syntax");
+ pi->plg_closed = 0;
+ pi->plg_syntax_oid = slapi_ch_strdup(nameoroid);
+
+
+ pi->plg_syntax_filter_ava = (IFP) default_dirstring_filter_ava;
+ pi->plg_syntax_values2keys = (IFP) default_dirstring_values2keys;
+ pi->plg_syntax_assertion2keys_ava = (IFP) default_dirstring_assertion2keys_ava;
+ pi->plg_syntax_compare = (IFP) default_dirstring_cmp;
+ pi->plg_syntax_normalize = (VFPV) default_dirstring_normalize;
+
+ return (pi);
+
+}
/* check syntax */
static void *
@@ -563,11 +714,14 @@ attr_syntax_get_plugin_by_name_with_default( const char *type )
* attribute type that has that syntax.
*/
asi = attr_syntax_get_by_name(ATTR_WITH_OCTETSTRING_SYNTAX);
+ if (asi == NULL)
+ asi = default_asi;
}
if ( NULL != asi ) {
plugin = asi->asi_plugin;
attr_syntax_return( asi );
}
+
return( plugin );
}
@@ -681,6 +835,31 @@ cleanup_and_return:
return rc;
}
+static int
+attr_syntax_create_default( const char *name, const char *oid,
+ const char *syntax, unsigned long extraflags )
+{
+ int rc = 0;
+ char *names[2];
+ unsigned long std_flags = SLAPI_ATTR_FLAG_STD_ATTR | SLAPI_ATTR_FLAG_OPATTR;
+
+ names[0] = (char *)name;
+ names[1] = NULL;
+
+ if (default_asi)
+ return (rc);
+
+ rc = attr_syntax_create( oid, names, 1,
+ "internal server defined attribute type",
+ NULL, /* superior */
+ NULL, NULL, NULL, /* matching rules */
+ NULL, syntax,
+ SLAPI_SYNTAXLENGTH_NONE,
+ std_flags | extraflags,
+ &default_asi );
+ if ( rc == 0 && default_asi->asi_plugin == 0)
+ default_asi->asi_plugin = attr_syntax_default_plugin (syntax );
+}
/*
* Returns an LDAP result code.
@@ -1142,6 +1321,8 @@ attr_syntax_delete_all_for_schemareload(unsigned long flag)
(void *)&fi);
}
+#define ATTR_DEFAULT_SYNTAX_OID "1.1"
+#define ATTR_DEFAULT_SYNTAX "defaultdirstringsyntax"
static int
attr_syntax_init(void)
{
@@ -1176,6 +1357,12 @@ attr_syntax_init(void)
"slapi_new_rwlock() for oid2asi lock failed\n" );
return 1;
}
+ /* add a default syntax plugin as fallback, required during startup
+ */
+ attr_syntax_create_default( ATTR_DEFAULT_SYNTAX,
+ ATTR_DEFAULT_SYNTAX_OID,
+ DIRSTRING_SYNTAX_OID,
+ SLAPI_ATTR_FLAG_NOUSERMOD| SLAPI_ATTR_FLAG_NOEXPOSE);
}
return 0;
}
10 years, 9 months
ldap/servers
by Ludwig Krispenz
ldap/servers/slapd/attrsyntax.c | 187 ++++++++++++++++++++++++++++++++++++++++
1 file changed, 187 insertions(+)
New commits:
commit d779853f5fa6eeeea436627801718070824ca795
Author: Ludwig Krispenz <lkrispen(a)redhat.com>
Date: Tue Jul 16 11:07:00 2013 +0200
Ticket 47369 version2 - provide default syntax plugin
Bug Description: syntax plugins are laoded during bootstrapping, but
in that phase already attributes are handled
eg in dse.ldif and schema files and no proper way
to normalize or comare values is provided.
This became visible with teh fix for ticket #346
where large attribute sets will be sorted
Fix Description: when the first attribute syntax init is done, create a plugin
for directory string syntax and register it with a dummy
attribute name. if for any attribute the syntax lookup fails
fall back to using this plugin.
It will only be used until the syntax plugins are loaded
and in the startup phase it is acceptable to use directory
string.
The impelemenation of the default plugin is reduce to the
necessary minimum not to duplicate the code of the syntax
plugins.
A more rigorus solution would be to refactor the code and
and move the common code from the syntax plugin to the
slapd level and reuse it in the default plugin.
But this would be a major change and should only be done
with a review of the syntax plugin code, whic could probabyly
be optimized.
https://fedorahosted.org/389/ticket/47369
Reviewed by: RichM
diff --git a/ldap/servers/slapd/attrsyntax.c b/ldap/servers/slapd/attrsyntax.c
index 82adad4..cc4ff28 100644
--- a/ldap/servers/slapd/attrsyntax.c
+++ b/ldap/servers/slapd/attrsyntax.c
@@ -75,6 +75,7 @@ static int asi_locking = 1;
#define AS_UNLOCK_WRITE(l) if (asi_locking) { slapi_rwlock_unlock(l); }
+static struct asyntaxinfo *default_asi = NULL;
static void *attr_syntax_get_plugin_by_name_with_default( const char *type );
static void attr_syntax_delete_no_lock( struct asyntaxinfo *asip,
@@ -308,6 +309,8 @@ struct asyntaxinfo *asi = NULL;
asi = attr_syntax_get_by_name_locking_optional(name, PR_TRUE);
if (asi == NULL)
asi = attr_syntax_get_by_name(ATTR_WITH_OCTETSTRING_SYNTAX);
+ if ( asi == NULL )
+ asi = default_asi;
return asi;
}
@@ -545,6 +548,154 @@ attr_syntax_exists(const char *attr_name)
return 0;
}
+static void default_dirstring_normalize_int(char *s, int trim_spaces);
+
+static
+int default_dirstring_filter_ava( struct berval *bvfilter, Slapi_Value **bvals,int ftype, Slapi_Value **retVal )
+{
+ return(0);
+}
+
+static
+int default_dirstring_values2keys( Slapi_PBlock *pb, Slapi_Value **bvals,Slapi_Value ***ivals, int ftype )
+{
+ int numbvals = 0;
+ Slapi_Value **nbvals, **nbvlp;
+ Slapi_Value **bvlp;
+ char *c;
+
+ if (NULL == ivals) {
+ return 1;
+ }
+ *ivals = NULL;
+ if (NULL == bvals) {
+ return 1;
+ }
+ switch ( ftype ) {
+ case LDAP_FILTER_EQUALITY:
+ /* allocate a new array for the normalized values */
+ for ( bvlp = bvals; bvlp && *bvlp; bvlp++ ) {
+ numbvals++;
+ }
+ nbvals = (Slapi_Value **) slapi_ch_calloc( (numbvals + 1), sizeof(Slapi_Value *));
+
+ for ( bvlp = bvals, nbvlp = nbvals; bvlp && *bvlp; bvlp++, nbvlp++ ) {
+ c = slapi_ch_strdup(slapi_value_get_string(*bvlp));
+ default_dirstring_normalize_int( c, 1 );
+ *nbvlp = slapi_value_new_string_passin(c);
+ c = NULL;
+ }
+ *ivals = nbvals;
+ break;
+
+ case LDAP_FILTER_APPROX:
+ case LDAP_FILTER_SUBSTRINGS:
+ default:
+ /* default plugin only handles equality so far */
+ LDAPDebug( LDAP_DEBUG_ANY,
+ "default_dirstring_values2keys: unsupported ftype 0x%x\n",
+ ftype, 0, 0 );
+ break;
+ }
+ return(0);
+}
+
+static
+int default_dirstring_assertion2keys_ava(Slapi_PBlock *pb,Slapi_Value *val,Slapi_Value ***ivals,int ftype )
+{
+ return(0);
+}
+
+static
+int default_dirstring_cmp(struct berval *v1,struct berval *v2, int normalize)
+{
+ return(0);
+}
+
+static
+void default_dirstring_normalize(Slapi_PBlock *pb, char *s, int trim_spaces, char **alt)
+{
+ default_dirstring_normalize_int(s, trim_spaces);
+}
+
+static
+void default_dirstring_normalize_int(char *s, int trim_spaces)
+{
+ char *head = s;
+ char *d;
+ int prevspace, curspace;
+
+ if (NULL == s) {
+ return;
+ }
+ d = s;
+ if (trim_spaces) {
+ /* strip leading blanks */
+ while (ldap_utf8isspace(s)) {
+ LDAP_UTF8INC(s);
+ }
+ }
+
+ /* handle value of all spaces - turn into single space */
+ if ( *s == '\0' && s != d ) {
+ *d++ = ' ';
+ *d = '\0';
+ return;
+ }
+ prevspace = 0;
+ while ( *s ) {
+ int ssz, dsz;
+ curspace = ldap_utf8isspace(s);
+
+ /* compress multiple blanks */
+ if ( prevspace && curspace ) {
+ LDAP_UTF8INC(s);
+ continue;
+ }
+ prevspace = curspace;
+ slapi_utf8ToLower((unsigned char*)s, (unsigned char *)d, &ssz, &dsz);
+ s += ssz;
+ d += dsz;
+ }
+ *d = '\0';
+ /* strip trailing blanks */
+ if (prevspace && trim_spaces) {
+ char *nd;
+
+ nd = ldap_utf8prev(d);
+ while (nd && nd >= head && ldap_utf8isspace(nd)) {
+ d = nd;
+ nd = ldap_utf8prev(d);
+ *d = '\0';
+ }
+ }
+}
+
+static struct slapdplugin *
+attr_syntax_default_plugin ( const char *nameoroid )
+{
+
+ struct slapdplugin *pi = NULL;
+ /*
+ * create a new plugin structure and
+ * set the plugin function pointers.
+ */
+ pi = (struct slapdplugin *)slapi_ch_calloc(1, sizeof(struct slapdplugin));
+
+ pi->plg_dn = slapi_ch_strdup("default plugin for directory string syntax");
+ pi->plg_closed = 0;
+ pi->plg_syntax_oid = slapi_ch_strdup(nameoroid);
+
+
+ pi->plg_syntax_filter_ava = (IFP) default_dirstring_filter_ava;
+ pi->plg_syntax_values2keys = (IFP) default_dirstring_values2keys;
+ pi->plg_syntax_assertion2keys_ava = (IFP) default_dirstring_assertion2keys_ava;
+ pi->plg_syntax_compare = (IFP) default_dirstring_cmp;
+ pi->plg_syntax_normalize = (VFPV) default_dirstring_normalize;
+
+ return (pi);
+
+}
/* check syntax */
static void *
@@ -563,11 +714,14 @@ attr_syntax_get_plugin_by_name_with_default( const char *type )
* attribute type that has that syntax.
*/
asi = attr_syntax_get_by_name(ATTR_WITH_OCTETSTRING_SYNTAX);
+ if (asi == NULL)
+ asi = default_asi;
}
if ( NULL != asi ) {
plugin = asi->asi_plugin;
attr_syntax_return( asi );
}
+
return( plugin );
}
@@ -681,6 +835,31 @@ cleanup_and_return:
return rc;
}
+static int
+attr_syntax_create_default( const char *name, const char *oid,
+ const char *syntax, unsigned long extraflags )
+{
+ int rc = 0;
+ char *names[2];
+ unsigned long std_flags = SLAPI_ATTR_FLAG_STD_ATTR | SLAPI_ATTR_FLAG_OPATTR;
+
+ names[0] = (char *)name;
+ names[1] = NULL;
+
+ if (default_asi)
+ return (rc);
+
+ rc = attr_syntax_create( oid, names,
+ "internal server defined attribute type",
+ NULL, /* superior */
+ NULL, NULL, NULL, /* matching rules */
+ NULL, syntax,
+ SLAPI_SYNTAXLENGTH_NONE,
+ std_flags | extraflags,
+ &default_asi );
+ if ( rc == 0 && default_asi->asi_plugin == 0)
+ default_asi->asi_plugin = attr_syntax_default_plugin (syntax );
+}
/*
* Returns an LDAP result code.
@@ -1144,6 +1323,8 @@ attr_syntax_delete_all_for_schemareload(unsigned long flag)
(void *)&fi);
}
+#define ATTR_DEFAULT_SYNTAX_OID "1.1"
+#define ATTR_DEFAULT_SYNTAX "defaultdirstringsyntax"
static int
attr_syntax_init(void)
{
@@ -1178,6 +1359,12 @@ attr_syntax_init(void)
"slapi_new_rwlock() for oid2asi lock failed\n" );
return 1;
}
+ /* add a default syntax plugin as fallback, required during startup
+ */
+ attr_syntax_create_default( ATTR_DEFAULT_SYNTAX,
+ ATTR_DEFAULT_SYNTAX_OID,
+ DIRSTRING_SYNTAX_OID,
+ SLAPI_ATTR_FLAG_NOUSERMOD| SLAPI_ATTR_FLAG_NOEXPOSE);
}
return 0;
}
10 years, 9 months
passwordsync/wix
by Noriko Hosoi
passwordsync/wix/PassSync.wxs | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
New commits:
commit c7052e61b7fb06fd0e695afb3d6cbad43db10b2a
Author: Noriko Hosoi <nhosoi(a)redhat.com>
Date: Thu Jul 11 11:53:16 2013 -0700
Bug 980432 - Password Synchronization Service cannot be upgraded
Bug description: The Product ID defined in PassSync.wxs (WIX file)
was not updated although the verion was updated from 1.1.4 to 1.1.5.
Fix description: Instead of using Property_ProductCode variable,
set wildcard (*) to Product ID directly.
https://bugzilla.redhat.com/show_bug.cgi?id=980432
diff --git a/passwordsync/wix/PassSync.wxs b/passwordsync/wix/PassSync.wxs
index 1836c9d..6200643 100644
--- a/passwordsync/wix/PassSync.wxs
+++ b/passwordsync/wix/PassSync.wxs
@@ -36,7 +36,6 @@
All rights reserved.
END COPYRIGHT BLOCK -->
-<?define Property_ProductCode = "ffac8b42-c505-4046-9028-f44f6353668a" ?>
<?if $(var.USE64)=1 ?>
<?define Property_SysFolder = "System64Folder" ?>
<?define Property_PFilesFolder = "ProgramFiles64Folder" ?>
@@ -51,7 +50,7 @@
<Wix xmlns='http://schemas.microsoft.com/wix/2006/wi'>
<Product Name='$(var.BRAND) Directory Password Sync'
- Id='$(var.Property_ProductCode)'
+ Id='*'
Language='1033' Codepage='1252' UpgradeCode='698B3A4E-17D4-449f-9ACB-DE8BF43394C1'
Version='$(var.VERSION)' Manufacturer='$(var.VENDOR)'>
10 years, 10 months
2 commits - ldap/ldif ldap/servers
by Noriko Hosoi
ldap/ldif/template-dse.ldif.in | 5 +---
ldap/servers/plugins/uiduniq/7bit.c | 37 ++++++++++++++++++++++++++----------
2 files changed, 29 insertions(+), 13 deletions(-)
New commits:
commit 2c88c960df07c7f6a1cc9b6504b03aef80da9550
Author: Anupam Jain <anjain(a)localhost.localdomain>
Date: Fri Jul 5 16:32:29 2013 -0700
Ticket #47363 - 7-bit checking is not necessary for userPassword
Fix description: removed userpassword attribute from the 7-bit
checking list
https://fedorahosted.org/389/ticket/47363
Reviewed by nhosoi.
diff --git a/ldap/ldif/template-dse.ldif.in b/ldap/ldif/template-dse.ldif.in
index 11595aa..189c4aa 100644
--- a/ldap/ldif/template-dse.ldif.in
+++ b/ldap/ldif/template-dse.ldif.in
@@ -630,9 +630,8 @@ nsslapd-plugintype: betxnpreoperation
nsslapd-pluginenabled: on
nsslapd-pluginarg0: uid
nsslapd-pluginarg1: mail
-nsslapd-pluginarg2: userpassword
-nsslapd-pluginarg3: ,
-nsslapd-pluginarg4: %ds_suffix%
+nsslapd-pluginarg2: ,
+nsslapd-pluginarg3: %ds_suffix%
nsslapd-plugin-depends-on-type: database
dn: cn=Account Usability Plugin,cn=plugins,cn=config
commit d804aaf7ee15841ac1aeaf831879fe56da23931d
Author: Anupam Jain <anjain(a)localhost.localdomain>
Date: Wed Jul 10 17:18:03 2013 -0700
Ticket #47423 - 7-bit check plugin does not work for userpassword attribute
Bug description: 7-bit check plugin fails to validate userpassword
attribute
Fix description: This patch corrects the validation code for userpassword
attribute. It fetches the unhashed userpassword from the extension
instead of the entry attribute value
https://fedorahosted.org/389/ticket/47423
Reviewed by nhosoi.
diff --git a/ldap/servers/plugins/uiduniq/7bit.c b/ldap/servers/plugins/uiduniq/7bit.c
index ca9792b..a83122e 100644
--- a/ldap/servers/plugins/uiduniq/7bit.c
+++ b/ldap/servers/plugins/uiduniq/7bit.c
@@ -218,7 +218,8 @@ preop_add(Slapi_PBlock *pb)
{
int result;
char *violated = NULL;
-
+ char *pwd = NULL;
+ char *origpwd = NULL;
#ifdef DEBUG
slapi_log_error(SLAPI_LOG_PLUGIN, plugin_name, "ADD begin\n");
#endif
@@ -236,12 +237,14 @@ preop_add(Slapi_PBlock *pb)
const char *dn;
Slapi_DN *sdn = NULL;
Slapi_Entry *e;
- Slapi_Attr *attr;
char **firstSubtree;
char **subtreeDN;
int subtreeCnt;
int is_replicated_operation;
-
+ struct berval *vals[2];
+ struct berval val;
+ vals[0] = &val;
+ vals[1] = NULL;
/*
* Get the arguments
*/
@@ -288,19 +291,26 @@ preop_add(Slapi_PBlock *pb)
for (attrName = argv; strcmp(*attrName, ",") != 0; attrName++ )
{
/*
- * if the attribute is userpassword, check unhashed#user#password
+ * if the attribute is userpassword, check unhashed user password
* instead. "userpassword" is encoded; it will always pass the 7bit
* check.
*/
- char *attr_name;
+ char *attr_name = NULL;
+ Slapi_Attr *attr = NULL;
if ( strcasecmp(*attrName, "userpassword") == 0 )
{
- attr_name = "unhashed#user#password";
+ origpwd = pwd = slapi_get_first_clear_text_pw(e);
+ if (pwd == NULL)
+ {
+ continue;
+ }
+ val.bv_val = pwd;
+ val.bv_len = strlen(val.bv_val);
} else {
attr_name = *attrName;
+ err = slapi_entry_attr_find(e, attr_name, &attr);
+ if (err) continue; /* break;*/ /* no 7-bit attribute */
}
- err = slapi_entry_attr_find(e, attr_name, &attr);
- if (err) continue; /* break;*/ /* no 7-bit attribute */
/*
* For each DN in the managed list, do 7-bit checking if
@@ -323,7 +333,14 @@ preop_add(Slapi_PBlock *pb)
/*
* Check if the value is 7-bit clean
*/
- result = bit_check(attr, NULL, &violated);
+ if(pwd)
+ {
+ result = bit_check(attr, vals, &violated);
+ if(!result)
+ pwd = NULL;
+ }
+ else
+ result = bit_check(attr, NULL, &violated);
if (result) break;
}
}
@@ -335,7 +352,7 @@ preop_add(Slapi_PBlock *pb)
if (result) {
issue_error(pb, result, "ADD", violated);
}
-
+ slapi_ch_free_string(&origpwd);
return (result==LDAP_SUCCESS)?0:-1;
}
10 years, 10 months
Branch '389-ds-base-1.3.1' - ldap/servers
by Richard Allen Megginson
ldap/servers/slapd/libglobs.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
New commits:
commit 1b7135cc79114a41be147d6bac7f4353207623f1
Author: Rich Megginson <rmeggins(a)redhat.com>
Date: Thu Jul 11 10:58:07 2013 -0600
Ticket 47427 - Overflow in nsslapd-disk-monitoring-threshold
Bug Description: The threshold setting was being stored as an "int" instead
of a PRUint64. Config setting validation was also incomplete.
Fix Description: Fix build warning caused by previous commit.
https://fedorahosted.org/389/ticket/47427
(cherry picked from commit 5724e02c7f30ef1130764c79b30edd04954663a7)
diff --git a/ldap/servers/slapd/libglobs.c b/ldap/servers/slapd/libglobs.c
index c294eea..b55576c 100644
--- a/ldap/servers/slapd/libglobs.c
+++ b/ldap/servers/slapd/libglobs.c
@@ -1662,7 +1662,7 @@ config_set_disk_threshold( const char *attrname, char *value, char *errorbuf, in
if ( *endp != '\0' || threshold <= 4096 || errno == ERANGE ) {
PR_snprintf ( errorbuf, SLAPI_DSE_RETURNTEXT_SIZE,
- "%s: \"%s\" is invalid, threshold must be greater than 4096 and less then %llu",
+ "%s: \"%s\" is invalid, threshold must be greater than 4096 and less then %lu",
attrname, value, LONG_MAX );
retVal = LDAP_OPERATIONS_ERROR;
return retVal;
10 years, 10 months
Branch '389-ds-base-1.2.11' - ldap/servers
by Richard Allen Megginson
ldap/servers/slapd/libglobs.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
New commits:
commit 52a0cc593d0b6d018f3e17afdadcec737679f175
Author: Rich Megginson <rmeggins(a)redhat.com>
Date: Thu Jul 11 10:58:07 2013 -0600
Ticket 47427 - Overflow in nsslapd-disk-monitoring-threshold
Bug Description: The threshold setting was being stored as an "int" instead
of a PRUint64. Config setting validation was also incomplete.
Fix Description: Fix build warning caused by previous commit.
https://fedorahosted.org/389/ticket/47427
(cherry picked from commit 5724e02c7f30ef1130764c79b30edd04954663a7)
(cherry picked from commit 1b7135cc79114a41be147d6bac7f4353207623f1)
(cherry picked from commit b95142f08de7e3b7f66a395640709b80e7735bfd)
diff --git a/ldap/servers/slapd/libglobs.c b/ldap/servers/slapd/libglobs.c
index e3f3b93..59879f7 100644
--- a/ldap/servers/slapd/libglobs.c
+++ b/ldap/servers/slapd/libglobs.c
@@ -1252,7 +1252,7 @@ config_set_disk_threshold( const char *attrname, char *value, char *errorbuf, in
if ( *endp != '\0' || threshold <= 4096 || errno == ERANGE ) {
PR_snprintf ( errorbuf, SLAPI_DSE_RETURNTEXT_SIZE,
- "%s: \"%s\" is invalid, threshold must be greater than 4096 and less then %llu",
+ "%s: \"%s\" is invalid, threshold must be greater than 4096 and less then %lu",
attrname, value, LONG_MAX );
retVal = LDAP_OPERATIONS_ERROR;
return retVal;
10 years, 10 months