Branch '389-ds-base-1.2.11' - ldap/servers
by Mark Reynolds
ldap/servers/slapd/add.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
New commits:
commit 950390bb09512a033a25f40e4f61f7346321a19a
Author: Mark Reynolds <mreynolds(a)redhat.com>
Date: Tue Sep 30 15:18:37 2014 -0400
Ticket 47900 - Adding an entry with an invalid password as
rootDN is incorrectly rejected
Bug Description: Root DN and password administrators should bypass all password
restrictions and syntax checks, but on ADD operations the password
checks were still be applied to root/password admins.
Fix Description: Do not check the password syntax if the bind DN is a rootDN/password admin.
https://fedorahosted.org/389/ticket/47900
Reviewed by: nhosoi(Thanks!)
diff --git a/ldap/servers/slapd/add.c b/ldap/servers/slapd/add.c
index 1ce975a..9b549c3 100644
--- a/ldap/servers/slapd/add.c
+++ b/ldap/servers/slapd/add.c
@@ -457,12 +457,14 @@ static void op_shared_add (Slapi_PBlock *pb)
int proxy_err = LDAP_SUCCESS;
char *errtext = NULL;
Slapi_DN *sdn = NULL;
+ passwdPolicy *pwpolicy;
slapi_pblock_get (pb, SLAPI_OPERATION, &operation);
slapi_pblock_get (pb, SLAPI_ADD_ENTRY, &e);
slapi_pblock_get (pb, SLAPI_IS_REPLICATED_OPERATION, &repl_op);
slapi_pblock_get (pb, SLAPI_IS_LEGACY_REPLICATED_OPERATION, &legacy_op);
internal_op= operation_is_flag_set(operation, OP_FLAG_INTERNAL);
+ pwpolicy = new_passwdPolicy(pb, slapi_entry_get_dn(e));
/* target spec is used to decide which plugins are applicable for the operation */
operation_set_target_spec (operation, slapi_entry_get_sdn (e));
@@ -559,7 +561,8 @@ static void op_shared_add (Slapi_PBlock *pb)
}
/* check password syntax */
- if (check_pw_syntax(pb, slapi_entry_get_sdn_const(e), present_values, NULL, e, 0) == 0)
+ if (!pw_is_pwp_admin(pb, pwpolicy) &&
+ check_pw_syntax(pb, slapi_entry_get_sdn_const(e), present_values, NULL, e, 0) == 0)
{
Slapi_Value **vals= NULL;
valuearray_add_valuearray(&unhashed_password_vals, present_values, 0);
9 years, 2 months
Branch '389-ds-base-1.3.1' - ldap/servers
by Mark Reynolds
ldap/servers/slapd/add.c | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)
New commits:
commit 7b7d0929f2129801edb55b8c480f0b8ea8e4a2dc
Author: Mark Reynolds <mreynolds(a)redhat.com>
Date: Tue Sep 30 10:07:33 2014 -0400
Ticket 47900 - Adding an entry with an invalid password as rootDN is incorrectly rejected
Bug Description: Root DN and password administrators should bypass all password
restrictions and syntax checks, but on ADD operations the password
checks were still be applied to root/password admins.
Fix Description: Do not check the password syntax if the bind DN is a rootDN/password admin.
https://fedorahosted.org/389/ticket/47900
Reviewed by: nhosoi(Thanks!)
(cherry picked from commit 50820f80c2da853c29962485b5e9806e68d5aece)
diff --git a/ldap/servers/slapd/add.c b/ldap/servers/slapd/add.c
index 875ad22..2a89358 100644
--- a/ldap/servers/slapd/add.c
+++ b/ldap/servers/slapd/add.c
@@ -456,12 +456,14 @@ static void op_shared_add (Slapi_PBlock *pb)
int proxy_err = LDAP_SUCCESS;
char *errtext = NULL;
Slapi_DN *sdn = NULL;
+ passwdPolicy *pwpolicy;
slapi_pblock_get (pb, SLAPI_OPERATION, &operation);
slapi_pblock_get (pb, SLAPI_ADD_ENTRY, &e);
slapi_pblock_get (pb, SLAPI_IS_REPLICATED_OPERATION, &repl_op);
slapi_pblock_get (pb, SLAPI_IS_LEGACY_REPLICATED_OPERATION, &legacy_op);
internal_op= operation_is_flag_set(operation, OP_FLAG_INTERNAL);
+ pwpolicy = new_passwdPolicy(pb, slapi_entry_get_dn(e));
/* target spec is used to decide which plugins are applicable for the operation */
operation_set_target_spec (operation, slapi_entry_get_sdn (e));
@@ -577,9 +579,12 @@ static void op_shared_add (Slapi_PBlock *pb)
goto done;
}
- /* check password syntax */
+ /*
+ * Check password syntax, unless this is a pwd admin/rootDN
+ */
present_values = attr_get_present_values(attr);
- if (check_pw_syntax(pb, slapi_entry_get_sdn_const(e),
+ if (!pw_is_pwp_admin(pb, pwpolicy) &&
+ check_pw_syntax(pb, slapi_entry_get_sdn_const(e),
present_values, NULL, e, 0) != 0) {
/* error result is sent from check_pw_syntax */
goto done;
9 years, 2 months
Branch '389-ds-base-1.3.2' - ldap/servers
by Mark Reynolds
ldap/servers/slapd/add.c | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)
New commits:
commit 99b24d4f4ce21be57ef4814f714690a724e863d2
Author: Mark Reynolds <mreynolds(a)redhat.com>
Date: Tue Sep 30 10:07:33 2014 -0400
Ticket 47900 - Adding an entry with an invalid password as rootDN is incorrectly rejected
Bug Description: Root DN and password administrators should bypass all password
restrictions and syntax checks, but on ADD operations the password
checks were still be applied to root/password admins.
Fix Description: Do not check the password syntax if the bind DN is a rootDN/password admin.
https://fedorahosted.org/389/ticket/47900
Reviewed by: nhosoi(Thanks!)
(cherry picked from commit 50820f80c2da853c29962485b5e9806e68d5aece)
diff --git a/ldap/servers/slapd/add.c b/ldap/servers/slapd/add.c
index 875ad22..2a89358 100644
--- a/ldap/servers/slapd/add.c
+++ b/ldap/servers/slapd/add.c
@@ -456,12 +456,14 @@ static void op_shared_add (Slapi_PBlock *pb)
int proxy_err = LDAP_SUCCESS;
char *errtext = NULL;
Slapi_DN *sdn = NULL;
+ passwdPolicy *pwpolicy;
slapi_pblock_get (pb, SLAPI_OPERATION, &operation);
slapi_pblock_get (pb, SLAPI_ADD_ENTRY, &e);
slapi_pblock_get (pb, SLAPI_IS_REPLICATED_OPERATION, &repl_op);
slapi_pblock_get (pb, SLAPI_IS_LEGACY_REPLICATED_OPERATION, &legacy_op);
internal_op= operation_is_flag_set(operation, OP_FLAG_INTERNAL);
+ pwpolicy = new_passwdPolicy(pb, slapi_entry_get_dn(e));
/* target spec is used to decide which plugins are applicable for the operation */
operation_set_target_spec (operation, slapi_entry_get_sdn (e));
@@ -577,9 +579,12 @@ static void op_shared_add (Slapi_PBlock *pb)
goto done;
}
- /* check password syntax */
+ /*
+ * Check password syntax, unless this is a pwd admin/rootDN
+ */
present_values = attr_get_present_values(attr);
- if (check_pw_syntax(pb, slapi_entry_get_sdn_const(e),
+ if (!pw_is_pwp_admin(pb, pwpolicy) &&
+ check_pw_syntax(pb, slapi_entry_get_sdn_const(e),
present_values, NULL, e, 0) != 0) {
/* error result is sent from check_pw_syntax */
goto done;
9 years, 2 months
Branch '389-ds-base-1.3.3' - ldap/servers
by Mark Reynolds
ldap/servers/slapd/add.c | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)
New commits:
commit ab36560c1f43674e6376bd6e4d7fde9e3c62170c
Author: Mark Reynolds <mreynolds(a)redhat.com>
Date: Tue Sep 30 10:07:33 2014 -0400
Ticket 47900 - Adding an entry with an invalid password as rootDN is incorrectly rejected
Bug Description: Root DN and password administrators should bypass all password
restrictions and syntax checks, but on ADD operations the password
checks were still be applied to root/password admins.
Fix Description: Do not check the password syntax if the bind DN is a rootDN/password admin.
https://fedorahosted.org/389/ticket/47900
Reviewed by: nhosoi(Thanks!)
(cherry picked from commit 50820f80c2da853c29962485b5e9806e68d5aece)
diff --git a/ldap/servers/slapd/add.c b/ldap/servers/slapd/add.c
index 875ad22..2a89358 100644
--- a/ldap/servers/slapd/add.c
+++ b/ldap/servers/slapd/add.c
@@ -456,12 +456,14 @@ static void op_shared_add (Slapi_PBlock *pb)
int proxy_err = LDAP_SUCCESS;
char *errtext = NULL;
Slapi_DN *sdn = NULL;
+ passwdPolicy *pwpolicy;
slapi_pblock_get (pb, SLAPI_OPERATION, &operation);
slapi_pblock_get (pb, SLAPI_ADD_ENTRY, &e);
slapi_pblock_get (pb, SLAPI_IS_REPLICATED_OPERATION, &repl_op);
slapi_pblock_get (pb, SLAPI_IS_LEGACY_REPLICATED_OPERATION, &legacy_op);
internal_op= operation_is_flag_set(operation, OP_FLAG_INTERNAL);
+ pwpolicy = new_passwdPolicy(pb, slapi_entry_get_dn(e));
/* target spec is used to decide which plugins are applicable for the operation */
operation_set_target_spec (operation, slapi_entry_get_sdn (e));
@@ -577,9 +579,12 @@ static void op_shared_add (Slapi_PBlock *pb)
goto done;
}
- /* check password syntax */
+ /*
+ * Check password syntax, unless this is a pwd admin/rootDN
+ */
present_values = attr_get_present_values(attr);
- if (check_pw_syntax(pb, slapi_entry_get_sdn_const(e),
+ if (!pw_is_pwp_admin(pb, pwpolicy) &&
+ check_pw_syntax(pb, slapi_entry_get_sdn_const(e),
present_values, NULL, e, 0) != 0) {
/* error result is sent from check_pw_syntax */
goto done;
9 years, 2 months
ldap/servers
by Mark Reynolds
ldap/servers/slapd/add.c | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)
New commits:
commit 50820f80c2da853c29962485b5e9806e68d5aece
Author: Mark Reynolds <mreynolds(a)redhat.com>
Date: Tue Sep 30 10:07:33 2014 -0400
Ticket 47900 - Adding an entry with an invalid password as rootDN is incorrectly rejected
Bug Description: Root DN and password administrators should bypass all password
restrictions and syntax checks, but on ADD operations the password
checks were still be applied to root/password admins.
Fix Description: Do not check the password syntax if the bind DN is a rootDN/password admin.
https://fedorahosted.org/389/ticket/47900
Reviewed by: nhosoi(Thanks!)
diff --git a/ldap/servers/slapd/add.c b/ldap/servers/slapd/add.c
index 875ad22..2a89358 100644
--- a/ldap/servers/slapd/add.c
+++ b/ldap/servers/slapd/add.c
@@ -456,12 +456,14 @@ static void op_shared_add (Slapi_PBlock *pb)
int proxy_err = LDAP_SUCCESS;
char *errtext = NULL;
Slapi_DN *sdn = NULL;
+ passwdPolicy *pwpolicy;
slapi_pblock_get (pb, SLAPI_OPERATION, &operation);
slapi_pblock_get (pb, SLAPI_ADD_ENTRY, &e);
slapi_pblock_get (pb, SLAPI_IS_REPLICATED_OPERATION, &repl_op);
slapi_pblock_get (pb, SLAPI_IS_LEGACY_REPLICATED_OPERATION, &legacy_op);
internal_op= operation_is_flag_set(operation, OP_FLAG_INTERNAL);
+ pwpolicy = new_passwdPolicy(pb, slapi_entry_get_dn(e));
/* target spec is used to decide which plugins are applicable for the operation */
operation_set_target_spec (operation, slapi_entry_get_sdn (e));
@@ -577,9 +579,12 @@ static void op_shared_add (Slapi_PBlock *pb)
goto done;
}
- /* check password syntax */
+ /*
+ * Check password syntax, unless this is a pwd admin/rootDN
+ */
present_values = attr_get_present_values(attr);
- if (check_pw_syntax(pb, slapi_entry_get_sdn_const(e),
+ if (!pw_is_pwp_admin(pb, pwpolicy) &&
+ check_pw_syntax(pb, slapi_entry_get_sdn_const(e),
present_values, NULL, e, 0) != 0) {
/* error result is sent from check_pw_syntax */
goto done;
9 years, 2 months
Branch '389-ds-base-1.3.3' - ldap/servers
by Noriko Hosoi
ldap/servers/slapd/ssl.c | 25 ++++++++++++++++---------
1 file changed, 16 insertions(+), 9 deletions(-)
New commits:
commit 4e347407887589635fe077fb6174d20d3d34c7c8
Author: Noriko Hosoi <nhosoi(a)redhat.com>
Date: Tue Sep 23 14:38:00 2014 -0700
Ticket #47908 - 389-ds 1.3.3.0 does not adjust cipher suite configuration on upgrade, breaks itself and pki-server
Description:
In the given cipher list:
nsSSL3Ciphers: +rsa_fips_3des_sha,+rsa_fips_des_sha,+rsa_3des_sha,
+rsa_rc4_128_md5,+rsa_des_sha,+rsa_rc2_40_md5,+rsa_rc4_40_md5,
+fortezza
there were 2 issues.
1) An old cipher suite name rsa_des_sha was not correctly mapped
to the name supported by NSS (TLS_RSA_WITH_DES_CBC_SHA) in the
mapping table. And the unsupported cipher name was not gracefully
skipped but returned an error. This patch fixes the mapped name
and the behaviour so that it skips the unknown/unsupported cipher.
2) A cipher "fortezza" is deprecated. It's now skipped with the
proper warning message.
Reviewed by rmeggins(a)redhat.com (Thank you, Rich!!)
https://fedorahosted.org/389/ticket/47908
(cherry picked from commit 83a6ceb556e769f0d0a201f4a3d783ae3915c6bc)
diff --git a/ldap/servers/slapd/ssl.c b/ldap/servers/slapd/ssl.c
index 03b5904..4e38308 100644
--- a/ldap/servers/slapd/ssl.c
+++ b/ldap/servers/slapd/ssl.c
@@ -172,7 +172,7 @@ static lookup_cipher _lookup_cipher[] = {
{"tls_rsa_3des_sha", "TLS_RSA_WITH_3DES_EDE_CBC_SHA"},
{"rsa_fips_3des_sha", "SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA"},
{"fips_3des_sha", "SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA"},
- {"rsa_des_sha", "SSL_RSA_WITH_DES_CBC_SHA"},
+ {"rsa_des_sha", "TLS_RSA_WITH_DES_CBC_SHA"},
{"rsa_fips_des_sha", "SSL_RSA_FIPS_WITH_DES_CBC_SHA"},
{"fips_des_sha", "SSL_RSA_FIPS_WITH_DES_CBC_SHA"}, /* ditto */
{"rsa_rc4_40_md5", "TLS_RSA_EXPORT_WITH_RC4_40_MD5"},
@@ -455,7 +455,7 @@ _conf_setciphers(char *ciphers, int flags)
char *raw = ciphers;
char **suplist = NULL;
char **unsuplist = NULL;
- int lookup;
+ PRBool enabledOne = PR_FALSE;
/* #47838: harden the list of ciphers available by default */
/* Default is to activate all of them ==> none of them*/
@@ -474,6 +474,7 @@ _conf_setciphers(char *ciphers, int flags)
* from the console
*/
_conf_setallciphers(CIPHER_SET_ALL|CIPHER_SET_DISABLE_ALLOWSWEAKCIPHER(flags), &suplist, NULL);
+ enabledOne = PR_TRUE;
} else {
/* If "+all" is not in nsSSL3Ciphers value, disable all first,
* then enable specified ciphers. */
@@ -499,7 +500,7 @@ _conf_setciphers(char *ciphers, int flags)
if (strcasecmp(ciphers, "all")) { /* if not all */
PRBool enabled = active ? PR_TRUE : PR_FALSE;
- lookup = 1;
+ int lookup = 1;
for (x = 0; _conf_ciphers[x].name; x++) {
if (!PL_strcasecmp(ciphers, _conf_ciphers[x].name)) {
if (_conf_ciphers[x].flags & CIPHER_IS_WEAK) {
@@ -558,6 +559,9 @@ _conf_setciphers(char *ciphers, int flags)
enabled = cipher_check_fips(x, NULL, &unsuplist);
}
}
+ if (enabled) {
+ enabledOne = PR_TRUE; /* At least one active cipher is set. */
+ }
SSL_CipherPrefSetDefault(_conf_ciphers[x].num, enabled);
break;
}
@@ -566,15 +570,14 @@ _conf_setciphers(char *ciphers, int flags)
}
}
}
- if(!_conf_ciphers[x].name) {
- PR_snprintf(err, sizeof(err), "unknown cipher %s", ciphers);
- slapi_ch_free((void **)&suplist); /* strings inside are static */
- slapi_ch_free((void **)&unsuplist); /* strings inside are static */
- return slapi_ch_strdup(err);
+ if (!lookup && !_conf_ciphers[x].name) { /* If lookup, it's already reported. */
+ slapd_SSL_warn("Cipher suite %s is not available in NSS %d.%d. Ignoring %s",
+ ciphers, NSS_VMAJOR, NSS_VMINOR, ciphers);
}
}
- if(t)
+ if(t) {
ciphers = t;
+ }
}
if (unsuplist && *unsuplist) {
char *strsup = charray2str(suplist, ",");
@@ -592,6 +595,10 @@ _conf_setciphers(char *ciphers, int flags)
slapi_ch_free((void **)&suplist); /* strings inside are static */
slapi_ch_free((void **)&unsuplist); /* strings inside are static */
+ if (!enabledOne) {
+ char *nocipher = PR_smprintf("No active cipher suite is available.");
+ return nocipher;
+ }
_conf_dumpciphers();
return NULL;
9 years, 2 months
ldap/servers
by Noriko Hosoi
ldap/servers/slapd/ssl.c | 25 ++++++++++++++++---------
1 file changed, 16 insertions(+), 9 deletions(-)
New commits:
commit 83a6ceb556e769f0d0a201f4a3d783ae3915c6bc
Author: Noriko Hosoi <nhosoi(a)redhat.com>
Date: Tue Sep 23 14:38:00 2014 -0700
Ticket #47908 - 389-ds 1.3.3.0 does not adjust cipher suite configuration on upgrade, breaks itself and pki-server
Description:
In the given cipher list:
nsSSL3Ciphers: +rsa_fips_3des_sha,+rsa_fips_des_sha,+rsa_3des_sha,
+rsa_rc4_128_md5,+rsa_des_sha,+rsa_rc2_40_md5,+rsa_rc4_40_md5,
+fortezza
there were 2 issues.
1) An old cipher suite name rsa_des_sha was not correctly mapped
to the name supported by NSS (TLS_RSA_WITH_DES_CBC_SHA) in the
mapping table. And the unsupported cipher name was not gracefully
skipped but returned an error. This patch fixes the mapped name
and the behaviour so that it skips the unknown/unsupported cipher.
2) A cipher "fortezza" is deprecated. It's now skipped with the
proper warning message.
Reviewed by rmeggins(a)redhat.com (Thank you, Rich!!)
https://fedorahosted.org/389/ticket/47908
diff --git a/ldap/servers/slapd/ssl.c b/ldap/servers/slapd/ssl.c
index 03b5904..4e38308 100644
--- a/ldap/servers/slapd/ssl.c
+++ b/ldap/servers/slapd/ssl.c
@@ -172,7 +172,7 @@ static lookup_cipher _lookup_cipher[] = {
{"tls_rsa_3des_sha", "TLS_RSA_WITH_3DES_EDE_CBC_SHA"},
{"rsa_fips_3des_sha", "SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA"},
{"fips_3des_sha", "SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA"},
- {"rsa_des_sha", "SSL_RSA_WITH_DES_CBC_SHA"},
+ {"rsa_des_sha", "TLS_RSA_WITH_DES_CBC_SHA"},
{"rsa_fips_des_sha", "SSL_RSA_FIPS_WITH_DES_CBC_SHA"},
{"fips_des_sha", "SSL_RSA_FIPS_WITH_DES_CBC_SHA"}, /* ditto */
{"rsa_rc4_40_md5", "TLS_RSA_EXPORT_WITH_RC4_40_MD5"},
@@ -455,7 +455,7 @@ _conf_setciphers(char *ciphers, int flags)
char *raw = ciphers;
char **suplist = NULL;
char **unsuplist = NULL;
- int lookup;
+ PRBool enabledOne = PR_FALSE;
/* #47838: harden the list of ciphers available by default */
/* Default is to activate all of them ==> none of them*/
@@ -474,6 +474,7 @@ _conf_setciphers(char *ciphers, int flags)
* from the console
*/
_conf_setallciphers(CIPHER_SET_ALL|CIPHER_SET_DISABLE_ALLOWSWEAKCIPHER(flags), &suplist, NULL);
+ enabledOne = PR_TRUE;
} else {
/* If "+all" is not in nsSSL3Ciphers value, disable all first,
* then enable specified ciphers. */
@@ -499,7 +500,7 @@ _conf_setciphers(char *ciphers, int flags)
if (strcasecmp(ciphers, "all")) { /* if not all */
PRBool enabled = active ? PR_TRUE : PR_FALSE;
- lookup = 1;
+ int lookup = 1;
for (x = 0; _conf_ciphers[x].name; x++) {
if (!PL_strcasecmp(ciphers, _conf_ciphers[x].name)) {
if (_conf_ciphers[x].flags & CIPHER_IS_WEAK) {
@@ -558,6 +559,9 @@ _conf_setciphers(char *ciphers, int flags)
enabled = cipher_check_fips(x, NULL, &unsuplist);
}
}
+ if (enabled) {
+ enabledOne = PR_TRUE; /* At least one active cipher is set. */
+ }
SSL_CipherPrefSetDefault(_conf_ciphers[x].num, enabled);
break;
}
@@ -566,15 +570,14 @@ _conf_setciphers(char *ciphers, int flags)
}
}
}
- if(!_conf_ciphers[x].name) {
- PR_snprintf(err, sizeof(err), "unknown cipher %s", ciphers);
- slapi_ch_free((void **)&suplist); /* strings inside are static */
- slapi_ch_free((void **)&unsuplist); /* strings inside are static */
- return slapi_ch_strdup(err);
+ if (!lookup && !_conf_ciphers[x].name) { /* If lookup, it's already reported. */
+ slapd_SSL_warn("Cipher suite %s is not available in NSS %d.%d. Ignoring %s",
+ ciphers, NSS_VMAJOR, NSS_VMINOR, ciphers);
}
}
- if(t)
+ if(t) {
ciphers = t;
+ }
}
if (unsuplist && *unsuplist) {
char *strsup = charray2str(suplist, ",");
@@ -592,6 +595,10 @@ _conf_setciphers(char *ciphers, int flags)
slapi_ch_free((void **)&suplist); /* strings inside are static */
slapi_ch_free((void **)&unsuplist); /* strings inside are static */
+ if (!enabledOne) {
+ char *nocipher = PR_smprintf("No active cipher suite is available.");
+ return nocipher;
+ }
_conf_dumpciphers();
return NULL;
9 years, 2 months
Branch '389-ds-base-1.2.11' - ldap/servers
by Noriko Hosoi
ldap/servers/slapd/tools/ldclt/ldapfct.c | 11 -----------
1 file changed, 11 deletions(-)
New commits:
commit dd62c7582608298297ee104374b88c5d5398e790
Author: Noriko Hosoi <nhosoi(a)redhat.com>
Date: Tue Sep 23 15:22:11 2014 -0700
Ticket #47907 - ldclt: assertion failure with -e "add,counteach" -e "object=<ldif file>,rdn=uid:test[A=INCRNNOLOOP(0;24
Bug Description: In case createMissingNodes is called from doAddEntry,
LDAP handle is unbound which makes the following operation such as
ldap_add fail since the handle is already released.
Fix Description: Rempoving ldap_unbind_ext from createMissingNodes.
Reviewed by rmeggins(a)redhat.com (Thank you, Rich!!)
https://fedorahosted.org/389/ticket/47907
(cherry picked from commit 685607f63d52d54e8bd094bb0694986484a91e34)
(cherry picked from commit 906106b6778fc1cddf49b109765b1d6b4753eab9)
(cherry picked from commit 8c955b1709c041687d981a8a77dde020a4860dc5)
diff --git a/ldap/servers/slapd/tools/ldclt/ldapfct.c b/ldap/servers/slapd/tools/ldclt/ldapfct.c
index b177d7c..8fd3304 100644
--- a/ldap/servers/slapd/tools/ldclt/ldapfct.c
+++ b/ldap/servers/slapd/tools/ldclt/ldapfct.c
@@ -2308,17 +2308,6 @@ createMissingNodes (
if (freeAttrib (attrs) < 0)
return (-1);
- ret = ldap_unbind_ext (cnx, NULL, NULL);
- if (ret != LDAP_SUCCESS)
- {
- fprintf (stderr, "ldclt[%d]: T%03d: cannot ldap_unbind(), error=%d (%s)\n",
- mctx.pid, tttctx->thrdNum, ret, strerror (ret));
- fflush (stderr);
- if (addErrorStat (ret) < 0)
- return (-1);
- return (-1);
- }
-
/*
* Ouf ! End of this function.
*/
9 years, 2 months
Branch '389-ds-base-1.3.2' - ldap/servers
by Noriko Hosoi
ldap/servers/slapd/tools/ldclt/ldapfct.c | 11 -----------
1 file changed, 11 deletions(-)
New commits:
commit 8c955b1709c041687d981a8a77dde020a4860dc5
Author: Noriko Hosoi <nhosoi(a)redhat.com>
Date: Tue Sep 23 15:22:11 2014 -0700
Ticket #47907 - ldclt: assertion failure with -e "add,counteach" -e "object=<ldif file>,rdn=uid:test[A=INCRNNOLOOP(0;24
Bug Description: In case createMissingNodes is called from doAddEntry,
LDAP handle is unbound which makes the following operation such as
ldap_add fail since the handle is already released.
Fix Description: Rempoving ldap_unbind_ext from createMissingNodes.
Reviewed by rmeggins(a)redhat.com (Thank you, Rich!!)
https://fedorahosted.org/389/ticket/47907
(cherry picked from commit 685607f63d52d54e8bd094bb0694986484a91e34)
(cherry picked from commit 906106b6778fc1cddf49b109765b1d6b4753eab9)
diff --git a/ldap/servers/slapd/tools/ldclt/ldapfct.c b/ldap/servers/slapd/tools/ldclt/ldapfct.c
index c57f240..4eadf59 100644
--- a/ldap/servers/slapd/tools/ldclt/ldapfct.c
+++ b/ldap/servers/slapd/tools/ldclt/ldapfct.c
@@ -2308,17 +2308,6 @@ createMissingNodes (
if (freeAttrib (attrs) < 0)
return (-1);
- ret = ldap_unbind_ext (cnx, NULL, NULL);
- if (ret != LDAP_SUCCESS)
- {
- fprintf (stderr, "ldclt[%d]: T%03d: cannot ldap_unbind(), error=%d (%s)\n",
- mctx.pid, tttctx->thrdNum, ret, strerror (ret));
- fflush (stderr);
- if (addErrorStat (ret) < 0)
- return (-1);
- return (-1);
- }
-
/*
* Ouf ! End of this function.
*/
9 years, 2 months
Branch '389-ds-base-1.3.3' - ldap/servers
by Noriko Hosoi
ldap/servers/slapd/tools/ldclt/ldapfct.c | 11 -----------
1 file changed, 11 deletions(-)
New commits:
commit 906106b6778fc1cddf49b109765b1d6b4753eab9
Author: Noriko Hosoi <nhosoi(a)redhat.com>
Date: Tue Sep 23 15:22:11 2014 -0700
Ticket #47907 - ldclt: assertion failure with -e "add,counteach" -e "object=<ldif file>,rdn=uid:test[A=INCRNNOLOOP(0;24
Bug Description: In case createMissingNodes is called from doAddEntry,
LDAP handle is unbound which makes the following operation such as
ldap_add fail since the handle is already released.
Fix Description: Rempoving ldap_unbind_ext from createMissingNodes.
Reviewed by rmeggins(a)redhat.com (Thank you, Rich!!)
https://fedorahosted.org/389/ticket/47907
(cherry picked from commit 685607f63d52d54e8bd094bb0694986484a91e34)
diff --git a/ldap/servers/slapd/tools/ldclt/ldapfct.c b/ldap/servers/slapd/tools/ldclt/ldapfct.c
index 235e20c..26867a6 100644
--- a/ldap/servers/slapd/tools/ldclt/ldapfct.c
+++ b/ldap/servers/slapd/tools/ldclt/ldapfct.c
@@ -2308,17 +2308,6 @@ createMissingNodes (
if (freeAttrib (attrs) < 0)
return (-1);
- ret = ldap_unbind_ext (cnx, NULL, NULL);
- if (ret != LDAP_SUCCESS)
- {
- fprintf (stderr, "ldclt[%d]: T%03d: cannot ldap_unbind(), error=%d (%s)\n",
- mctx.pid, tttctx->thrdNum, ret, strerror (ret));
- fflush (stderr);
- if (addErrorStat (ret) < 0)
- return (-1);
- return (-1);
- }
-
/*
* Ouf ! End of this function.
*/
9 years, 2 months