Branch '389-ds-base-1.3.4' - dirsrvtests/tests
by Mark Reynolds
dirsrvtests/tests/tickets/ticket48745_test.py | 2 +-
dirsrvtests/tests/tickets/ticket48746_test.py | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
New commits:
commit 7600d88527e0a107003ea68adbd446e0ddd599b1
Author: Mark Reynolds <mreynolds(a)redhat.com>
Date: Tue May 10 16:18:53 2016 -0400
CI tests - uncomment "#import pytest"
Reviewed by: mreynolds (one line commit rule)
diff --git a/dirsrvtests/tests/tickets/ticket48745_test.py b/dirsrvtests/tests/tickets/ticket48745_test.py
index bfbaf03..adea76f 100644
--- a/dirsrvtests/tests/tickets/ticket48745_test.py
+++ b/dirsrvtests/tests/tickets/ticket48745_test.py
@@ -3,7 +3,7 @@ import sys
import time
import ldap
import logging
-#import pytest
+import pytest
from lib389 import DirSrv, Entry, tools, tasks
from lib389.tools import DirSrvTools
from lib389._constants import *
diff --git a/dirsrvtests/tests/tickets/ticket48746_test.py b/dirsrvtests/tests/tickets/ticket48746_test.py
index 5ee0b9e..ce766ae 100644
--- a/dirsrvtests/tests/tickets/ticket48746_test.py
+++ b/dirsrvtests/tests/tickets/ticket48746_test.py
@@ -3,7 +3,7 @@ import sys
import time
import ldap
import logging
-#import pytest
+import pytest
from lib389 import DirSrv, Entry, tools, tasks
from lib389.tools import DirSrvTools
from lib389._constants import *
7 years, 6 months
- 1
- 0
dirsrvtests/tests
by Mark Reynolds
dirsrvtests/tests/tickets/ticket48270_test.py | 4 ++--
dirsrvtests/tests/tickets/ticket48745_test.py | 2 +-
dirsrvtests/tests/tickets/ticket48746_test.py | 2 +-
3 files changed, 4 insertions(+), 4 deletions(-)
New commits:
commit e72a9ea63cc3e7835a59d4ebe84a924888930032
Author: Mark Reynolds <mreynolds(a)redhat.com>
Date: Tue May 10 16:13:00 2016 -0400
CI Tests - uncomment "#import pytest"
Reviewed by: mreynolds(one line commit rule)
diff --git a/dirsrvtests/tests/tickets/ticket48270_test.py b/dirsrvtests/tests/tickets/ticket48270_test.py
index a1822f2..6523379 100644
--- a/dirsrvtests/tests/tickets/ticket48270_test.py
+++ b/dirsrvtests/tests/tickets/ticket48270_test.py
@@ -3,7 +3,7 @@ import sys
import time
import ldap
import logging
-#import pytest
+import pytest
from lib389 import DirSrv, Entry, tools, tasks
from lib389.tools import DirSrvTools
from lib389._constants import *
@@ -174,4 +174,4 @@ if __name__ == '__main__':
test_ticket48270_extensible_search(topo)
# CURRENT_FILE = os.path.realpath(__file__)
-# pytest.main("-s %s" % CURRENT_FILE)
\ No newline at end of file
+# pytest.main("-s %s" % CURRENT_FILE)
diff --git a/dirsrvtests/tests/tickets/ticket48745_test.py b/dirsrvtests/tests/tickets/ticket48745_test.py
index bfbaf03..adea76f 100644
--- a/dirsrvtests/tests/tickets/ticket48745_test.py
+++ b/dirsrvtests/tests/tickets/ticket48745_test.py
@@ -3,7 +3,7 @@ import sys
import time
import ldap
import logging
-#import pytest
+import pytest
from lib389 import DirSrv, Entry, tools, tasks
from lib389.tools import DirSrvTools
from lib389._constants import *
diff --git a/dirsrvtests/tests/tickets/ticket48746_test.py b/dirsrvtests/tests/tickets/ticket48746_test.py
index 5ee0b9e..ce766ae 100644
--- a/dirsrvtests/tests/tickets/ticket48746_test.py
+++ b/dirsrvtests/tests/tickets/ticket48746_test.py
@@ -3,7 +3,7 @@ import sys
import time
import ldap
import logging
-#import pytest
+import pytest
from lib389 import DirSrv, Entry, tools, tasks
from lib389.tools import DirSrvTools
from lib389._constants import *
7 years, 6 months
- 1
- 0
Branch '389-ds-base-1.3.4' - dirsrvtests/tests
by Mark Reynolds
dirsrvtests/tests/tickets/ticket48497_test.py | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
New commits:
commit c6ebe12e937c10774ef066b1a6c07a36c16d69ce
Author: Mark Reynolds <mreynolds(a)redhat.com>
Date: Tue May 10 14:45:52 2016 -0400
Ticket 48497 - uncomment pytest from CI test
Description: For some reason "import pytest" was commented out - this
broke the tests.
https://fedorahosted.org/389/ticket/48497
Reviewed by: mreynolds (1 line commit rule)
(cherry picked from commit 6575db8af1a6d44a0fd9c8cf8e27ca0950a97faf)
diff --git a/dirsrvtests/tests/tickets/ticket48497_test.py b/dirsrvtests/tests/tickets/ticket48497_test.py
index dd02f4c..f82e842 100644
--- a/dirsrvtests/tests/tickets/ticket48497_test.py
+++ b/dirsrvtests/tests/tickets/ticket48497_test.py
@@ -3,7 +3,7 @@ import sys
import time
import ldap
import logging
-#import pytest
+import pytest
from lib389 import DirSrv, Entry, tools, tasks
from lib389.tools import DirSrvTools
from lib389._constants import *
@@ -174,4 +174,4 @@ if __name__ == '__main__':
# test_ticket48497_homeDirectory_index_run(topo)
CURRENT_FILE = os.path.realpath(__file__)
- pytest.main("-s %s" % CURRENT_FILE)
\ No newline at end of file
+ pytest.main("-s %s" % CURRENT_FILE)
7 years, 6 months
- 1
- 0
dirsrvtests/tests
by Mark Reynolds
dirsrvtests/tests/tickets/ticket48497_test.py | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
New commits:
commit 6575db8af1a6d44a0fd9c8cf8e27ca0950a97faf
Author: Mark Reynolds <mreynolds(a)redhat.com>
Date: Tue May 10 14:45:52 2016 -0400
Ticket 48497 - uncomment pytest from CI test
Description: For some reason "import pytest" was commented out - this
broke the tests.
https://fedorahosted.org/389/ticket/48497
Reviewed by: mreynolds (1 line commit rule)
diff --git a/dirsrvtests/tests/tickets/ticket48497_test.py b/dirsrvtests/tests/tickets/ticket48497_test.py
index dd02f4c..f82e842 100644
--- a/dirsrvtests/tests/tickets/ticket48497_test.py
+++ b/dirsrvtests/tests/tickets/ticket48497_test.py
@@ -3,7 +3,7 @@ import sys
import time
import ldap
import logging
-#import pytest
+import pytest
from lib389 import DirSrv, Entry, tools, tasks
from lib389.tools import DirSrvTools
from lib389._constants import *
@@ -174,4 +174,4 @@ if __name__ == '__main__':
# test_ticket48497_homeDirectory_index_run(topo)
CURRENT_FILE = os.path.realpath(__file__)
- pytest.main("-s %s" % CURRENT_FILE)
\ No newline at end of file
+ pytest.main("-s %s" % CURRENT_FILE)
7 years, 6 months
- 1
- 0
ldap/admin
by Noriko Hosoi
ldap/admin/src/scripts/db2ldif.in | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
New commits:
commit 4fc76f2bcbf339531aa96ef37406aa2efa524346
Author: German Parente <gparente(a)redhat.com>
Date: Mon May 9 17:50:47 2016 -0700
Ticket #48828 - db2ldif is not taking into account multiple suffixes or backends
https://fedorahosted.org/389/ticket/48828
Bug Description:
db2ldif script is not considering multiple options for include suffix,
exclude suffix and backend
Fix Description:
cumulate the multiple values so as to be taken into account
Reviewed by: nhosoi(a)redhat.com
Branch: master
Doc impact: no
diff --git a/ldap/admin/src/scripts/db2ldif.in b/ldap/admin/src/scripts/db2ldif.in
index e9f7f7e..b311590 100755
--- a/ldap/admin/src/scripts/db2ldif.in
+++ b/ldap/admin/src/scripts/db2ldif.in
@@ -104,11 +104,11 @@ do
h) usage
exit 0;;
Z) servid=$OPTARG;;
- n) benameopt="-n $OPTARG"
+ n) benameopt=$benameopt" -n $OPTARG"
required_param="yes";;
- s) includeSuffix="-s \"$OPTARG\""
+ s) includeSuffix=$includeSuffix" -s \"$OPTARG\""
required_param="yes";;
- x) excludeSuffix="-x \"$OPTARG\"";;
+ x) excludeSuffix=$excludeSuffix" -x \"$OPTARG\"";;
a) outputFile="-a \"$OPTARG\"";;
d) args=$args" -d \"$OPTARG\"";;
D) args=$args" -D \"$OPTARG\"";;
7 years, 7 months
- 1
- 0
3 commits - ldap/admin m4/systemd.m4
by William Brown
ldap/admin/src/scripts/52updateAESplugin.pl | 3 +-
ldap/admin/src/scripts/DSCreate.pm.in | 7 +++---
ldap/admin/src/scripts/start-dirsrv.in | 10 ++++----
m4/systemd.m4 | 32 +++++++++++++---------------
4 files changed, 26 insertions(+), 26 deletions(-)
New commits:
commit cbb8bf4b261a001f0183ff4abae49a8055a85ad3
Author: William Brown <firstyear(a)redhat.com>
Date: Mon May 9 11:47:28 2016 +1000
Ticket 48818 - Fix case where return code is always -1
Bug Description: Due to the docker process fixes, this made certain scripts
return the wrong code.
Fix Description: Fix the location where we get the return code.
In addition, this fix showed an issue in the start-dirsrv script that has
existed for a long time. This corrects that issue also.
https://fedorahosted.org/389/ticket/48818
Author: wibrown
Review by: mreynolds (Thanks!)
diff --git a/ldap/admin/src/scripts/DSCreate.pm.in b/ldap/admin/src/scripts/DSCreate.pm.in
index 8c3fd04..cdbad35 100644
--- a/ldap/admin/src/scripts/DSCreate.pm.in
+++ b/ldap/admin/src/scripts/DSCreate.pm.in
@@ -719,16 +719,17 @@ sub startServer {
# We have to do this because docker is incapable of sane process management
# Sadly we have to sacrifice output collection, because of perl issues
my $cpid = open(my $output, "-|", "$startcmd 2>&1");
+ my $code = -512;
if ($cpid) {
# Parent process
waitpid($cpid,0);
+ $code = $?;
}
close($output);
- my $code = $?;
if ($code) {
- debug(0, "Process returned $code");
+ debug(0, "Process returned $code\n");
} else {
- debug(1, "Process returned $code");
+ debug(1, "Process returned $code\n");
}
# try to open the server error log
diff --git a/ldap/admin/src/scripts/start-dirsrv.in b/ldap/admin/src/scripts/start-dirsrv.in
index 410786b..e3c46e3 100755
--- a/ldap/admin/src/scripts/start-dirsrv.in
+++ b/ldap/admin/src/scripts/start-dirsrv.in
@@ -80,15 +80,15 @@ start_instance() {
loop_counter=`expr $loop_counter + 1`
if test -f $PIDFILE ; then
PID=`cat $PIDFILE`
- return 0;
- else
- # I'm not sure what this meant to achieve, but $PID is 0 here.
- if kill -s 0 $PID > /dev/null 2>&1 ; then
- sleep 1
+ # if kill -s 0 $PID > /dev/null 2>&1 ; then
+ if kill -s 0 $PID ; then
+ return 0;
else
echo Server failed to start !!! Please check errors log for problems
return 1
fi
+ else
+ sleep 1
fi
done
echo Server not running!! Failed to start ns-slapd process. Please check the errors log for problems.
commit d18fa559549350fc3d24a87093bd8a37ffb7cfd6
Author: William Brown <firstyear(a)redhat.com>
Date: Mon May 9 13:35:09 2016 +1000
Ticket 48826 - 52updateAESplugin.pl may fail on older versions of perl
Bug Description: The warning class for warnings 'experimental::smartmatch';
does not exist on EL7
Fix Description: Check the perl version before attempting the warning.
https://fedorahosted.org/389/ticket/48826
Author: wibrown
Review by: mreynolds (Thanks!)
diff --git a/ldap/admin/src/scripts/52updateAESplugin.pl b/ldap/admin/src/scripts/52updateAESplugin.pl
index ae258b6..9a27729 100644
--- a/ldap/admin/src/scripts/52updateAESplugin.pl
+++ b/ldap/admin/src/scripts/52updateAESplugin.pl
@@ -6,7 +6,8 @@ use File::Basename;
use File::Copy;
use DSUtil qw(debug serverIsRunning);
-no warnings 'experimental::smartmatch';
+# no warnings 'experimental::smartmatch';
+no if $] >= 5.017011, warnings => 'experimental::smartmatch';
#
# Check if there is a DES plugin and make sure the AES plugin contains the same attributes
commit 5400067e770457a09e0415adbba691e67f03a38d
Author: William Brown <firstyear(a)redhat.com>
Date: Mon May 9 10:32:35 2016 +1000
Ticket 48825 - Configure make generate invalid makefile
Bug Description: In some cases it was possible for configure to generate an
invalid makefile. This was in the case that systemd was enabled,
Fix Description: Remove the optional test around the groupname check. It should
always have a default.
https://fedorahosted.org/389/ticket/48825
Author: wibrown
Review by: mreynolds (Thanks!)
diff --git a/m4/systemd.m4 b/m4/systemd.m4
index 939af4f..a6dd302 100644
--- a/m4/systemd.m4
+++ b/m4/systemd.m4
@@ -103,24 +103,22 @@ if test "$with_systemd" = yes; then
fi
AC_SUBST(with_systemdsystemconfdir)
- if test -n "$with_systemdsystemunitdir" -o -n "$with_systemdsystemconfdir" ; then
- if test -z "$with_systemdgroupname" ; then
- with_systemdgroupname=$PACKAGE_NAME.target
- fi
- AC_MSG_CHECKING(for --with-systemdgroupname)
- AC_ARG_WITH([systemdgroupname],
- AS_HELP_STRING([--with-systemdgroupname=NAME],
- [Name of group target for all instances (default: $with_systemdgroupname)])
- )
- if test "$with_systemdgroupname" = yes ; then
- AC_MSG_ERROR([You must specify --with-systemdgroupname=name.of.group])
- elif test "$with_systemdgroupname" = no ; then
- AC_MSG_ERROR([You must specify --with-systemdgroupname=name.of.group])
- else
- AC_MSG_RESULT([$with_systemdgroupname])
- fi
- AC_SUBST(with_systemdgroupname)
+ if test -z "$with_systemdgroupname" ; then
+ with_systemdgroupname=$PACKAGE_NAME.target
fi
+ AC_MSG_CHECKING(for --with-systemdgroupname)
+ AC_ARG_WITH([systemdgroupname],
+ AS_HELP_STRING([--with-systemdgroupname=NAME],
+ [Name of group target for all instances (default: $with_systemdgroupname)])
+ )
+ if test "$with_systemdgroupname" = yes ; then
+ AC_MSG_ERROR([You must specify --with-systemdgroupname=name.of.group])
+ elif test "$with_systemdgroupname" = no ; then
+ AC_MSG_ERROR([You must specify --with-systemdgroupname=name.of.group])
+ else
+ AC_MSG_RESULT([$with_systemdgroupname])
+ fi
+ AC_SUBST(with_systemdgroupname)
fi
7 years, 7 months
- 1
- 0
VERSION.sh
by Noriko Hosoi
VERSION.sh | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
New commits:
commit 0e4b06145c842c3b2c77a20f83142ed2cf3f87e2
Author: Noriko Hosoi <nhosoi(a)redhat.com>
Date: Sat May 7 15:55:12 2016 -0700
bump version to 1.3.5.3
diff --git a/VERSION.sh b/VERSION.sh
index 0cede25..75bac70 100644
--- a/VERSION.sh
+++ b/VERSION.sh
@@ -10,7 +10,7 @@ vendor="389 Project"
# PACKAGE_VERSION is constructed from these
VERSION_MAJOR=1
VERSION_MINOR=3
-VERSION_MAINT=5.2
+VERSION_MAINT=5.3
# NOTE: VERSION_PREREL is automatically set for builds made out of a git tree
VERSION_PREREL=
VERSION_DATE=`date -u +%Y%m%d%H%M%S`
7 years, 7 months
- 1
- 0
6 commits - ldap/admin ldap/servers man/man8
by Noriko Hosoi
ldap/admin/src/scripts/status-dirsrv.in | 10 -
ldap/servers/plugins/acl/aclutil.c | 8 -
ldap/servers/plugins/referint/referint.c | 5
ldap/servers/plugins/retrocl/retrocl.c | 2
ldap/servers/slapd/add.c | 4
ldap/servers/slapd/attr.c | 8 -
ldap/servers/slapd/back-ldbm/ldbm_config.c | 40 ++---
ldap/servers/slapd/back-ldbm/ldbm_index_config.c | 2
ldap/servers/slapd/back-ldbm/ldbm_instance_config.c | 4
ldap/servers/slapd/back-ldbm/ldif2ldbm.c | 10 -
ldap/servers/slapd/bind.c | 8 -
ldap/servers/slapd/compare.c | 2
ldap/servers/slapd/delete.c | 2
ldap/servers/slapd/extendop.c | 4
ldap/servers/slapd/libglobs.c | 154 ++++++++++----------
ldap/servers/slapd/log.c | 34 ++--
ldap/servers/slapd/mapping_tree.c | 48 +++---
ldap/servers/slapd/modify.c | 6
ldap/servers/slapd/modrdn.c | 2
ldap/servers/slapd/opshared.c | 2
ldap/servers/slapd/plugin.c | 2
ldap/servers/slapd/proto-slap.h | 4
ldap/servers/slapd/pw.c | 26 +--
ldap/servers/slapd/pw.h | 6
ldap/servers/slapd/saslbind.c | 2
ldap/servers/slapd/schema.c | 3
ldap/servers/slapd/slapi-private.h | 8 -
ldap/servers/slapd/ssl.c | 26 ++-
ldap/servers/slapd/util.c | 3
man/man8/status-dirsrv.8 | 6
30 files changed, 233 insertions(+), 208 deletions(-)
New commits:
commit 6ec814a0e5dcfd8cf011f046695cb23b46e92551
Author: Noriko Hosoi <nhosoi(a)redhat.com>
Date: Fri May 6 13:15:35 2016 -0700
Ticket #48144 - Add /usr/sbin/status-dirsrv script to get the status of the directory server instance.
Description: Additional feature for the return value/exit status.
EXIT STATUS
status-dirsrv returns 0 if all Directory Server instances are running.
Otherwise, it returns a positive value which represents the number of
server instances which are not running.
If a single Directory Server instance is specified, 0 is returned if
the instance is running; 1 is returned if the instance is not running;
255 is returned if the instance does not exist.
https://fedorahosted.org/389/ticket/48144
Reviewed by mreynolds(a)redhat.com (Thank you, Mark!)
diff --git a/ldap/admin/src/scripts/status-dirsrv.in b/ldap/admin/src/scripts/status-dirsrv.in
index 02fcc0d..0f01eaa 100755
--- a/ldap/admin/src/scripts/status-dirsrv.in
+++ b/ldap/admin/src/scripts/status-dirsrv.in
@@ -40,7 +40,7 @@ status_instance() {
@bindir@/systemctl status @package_name@(a)$SERV_ID.service
rv=$?
if [ $rv -ne 0 ]; then
- return $rv
+ return 1
fi
fi
return 0
@@ -64,7 +64,7 @@ fi
found=0
if [ $# -eq 0 ]; then
# We're reporting the status of all instances.
- ret=-1
+ ret=0
@bindir@/systemctl status @package_name@.target
initfiles=`get_initconfig_files $initconfig_dir` || { echo No instances found in $initconfig_dir ; exit 1 ; }
for i in $initfiles; do
@@ -73,10 +73,8 @@ if [ $# -eq 0 ]; then
status_instance $inst
rv=$?
#if one of them is successful, return 0.
- if [ $ret -gt -1 ]; then
- ret=`expr $ret \& $rv`
- else
- ret=$rv
+ if [ $rv -ne 0 ]; then
+ ret=`expr $ret + 1`
fi
done
exit $ret
diff --git a/man/man8/status-dirsrv.8 b/man/man8/status-dirsrv.8
index 0198670..83844b3 100644
--- a/man/man8/status-dirsrv.8
+++ b/man/man8/status-dirsrv.8
@@ -37,10 +37,10 @@ Sample usage:
.TP
.B status-dirsrv example
.br
-.SH EXIST STATUS
-status-dirsrv returns 0 if all Directory Server instances are running. Otherwise, a non-zero failure code returned from systemctl is returned.
+.SH EXIT STATUS
+status-dirsrv returns 0 if all Directory Server instances are running. Otherwise, it returns a positive value which represents the number of server instances which are not running.
-If a single Directory Server instance is specified, 0 is returned if the instance is running; a non-zero failure code returned from systemctl is returned if the instance is not running; 255 is returned if the instance does not exist.
+If a single Directory Server instance is specified, 0 is returned if the instance is running; 1 is returned if the instance is not running; 255 is returned if the instance does not exist.
.br
.SH AUTHOR
status\-dirsrv was written by the 389 Project.
commit adc4cf311c9d4d191372273cb5296b118b690e61
Author: Noriko Hosoi <nhosoi(a)redhat.com>
Date: Thu May 5 14:05:00 2016 -0700
Ticket #48822 - (389-ds-base-1.3.5) Fixing coverity issues.
Description: Invalid Dereference
- FORWARD_NULL: slapd/schema.c:4758:5: deref_parm: Directly dereferencing
parameter "oc".
==> Fixed so that null oc never be passed to parse_objclass_str.
- FORWARD_NULL: slapd/pw.c:2880: var_deref_op: Dereferencing null pointer "e".
==> Fixed the logic error.
- REVERSE_INULL: slapd/extendop.c:384: check_after_deref: Null-checking
"be_pb" suggests that it may be null, but it has already been dereferenced
on all paths leading to the check.
==> Removed the unnecessary NULL check.
- FORWARD_NULL: slapd/entry.c:2118:2: deref_parm: Directly dereferencing
parameter "e".
==> Fixed so that null e never be passed to referint_validate_config.
- FORWARD_NULL: slapd/back-ldbm/ldif2ldbm.c:1166: var_deref_op: Dereferencing
null pointer "be".
==> Added a null check for be.
- REVERSE_INULL: plugins/acl/aclutil.c:221: check_after_deref: Null-checking
"dn" suggests that it may be null, but it has already been dereferenced on
all paths leading to the check.
==> Moved the null dn check prior to all the dn access.
https://fedorahosted.org/389/ticket/48822
Reviewed by wibrown(a)redhat.com (Thank you, William!!)
diff --git a/ldap/servers/plugins/acl/aclutil.c b/ldap/servers/plugins/acl/aclutil.c
index b0e9d71..5915e88 100644
--- a/ldap/servers/plugins/acl/aclutil.c
+++ b/ldap/servers/plugins/acl/aclutil.c
@@ -217,8 +217,12 @@ aclutil_print_err (int rv , const Slapi_DN *sdn, const struct berval* val,
{
size_t newsize;
const char *dn = slapi_sdn_get_dn(sdn);
- newsize = strlen(dn) + strlen(str) + 200;
- if (dn && (newsize > sizeof(line))) {
+ if (dn) {
+ newsize = strlen(dn) + strlen(str) + 200;
+ } else {
+ newsize = strlen(str) + 208; /* for "NULL" */
+ }
+ if (newsize > sizeof(line)) {
/*
* if (str_length + dn_length + 200 char message) > (BUFSIZ + 200) line
* we have to make space for a bigger line...
diff --git a/ldap/servers/plugins/referint/referint.c b/ldap/servers/plugins/referint/referint.c
index 0478515..5885a76 100644
--- a/ldap/servers/plugins/referint/referint.c
+++ b/ldap/servers/plugins/referint/referint.c
@@ -1699,6 +1699,11 @@ referint_validate_config(Slapi_PBlock *pb)
slapi_pblock_get(pb, SLAPI_TARGET_SDN, &sdn);
slapi_pblock_get(pb, SLAPI_ENTRY_PRE_OP, &pre_entry);
+ if (!pre_entry) {
+ slapi_log_error(SLAPI_LOG_FATAL, REFERINT_PLUGIN_SUBSYSTEM, "referint_validate_config: Null pre op entry.\n");
+ rc = LDAP_OPERATIONS_ERROR;
+ goto bail;
+ }
if (referint_sdn_config_cmp(sdn) == 0 && slapi_sdn_compare(sdn, referint_get_plugin_area()) ){
/*
diff --git a/ldap/servers/slapd/back-ldbm/ldif2ldbm.c b/ldap/servers/slapd/back-ldbm/ldif2ldbm.c
index c59d559..0b2eab2 100644
--- a/ldap/servers/slapd/back-ldbm/ldif2ldbm.c
+++ b/ldap/servers/slapd/back-ldbm/ldif2ldbm.c
@@ -1163,10 +1163,14 @@ ldbm_back_ldbm2ldif( Slapi_PBlock *pb )
slapi_pblock_set(pb, SLAPI_BACKEND, be);
} else {
slapi_pblock_get(pb, SLAPI_BACKEND, &be);
+ if (!be) {
+ LDAPDebug0Args(LDAP_DEBUG_ANY, "No backend\n");
+ return_value = -1;
+ goto bye;
+ }
inst = (ldbm_instance *)be->be_instance_info;
-
- if (NULL == inst) {
- LDAPDebug(LDAP_DEBUG_ANY, "Unknown ldbm instance\n", 0, 0, 0);
+ if (!inst) {
+ LDAPDebug0Args(LDAP_DEBUG_ANY, "Unknown ldbm instance\n");
return_value = -1;
goto bye;
}
diff --git a/ldap/servers/slapd/extendop.c b/ldap/servers/slapd/extendop.c
index 5154602..0a6a739 100644
--- a/ldap/servers/slapd/extendop.c
+++ b/ldap/servers/slapd/extendop.c
@@ -381,9 +381,7 @@ do_extended( Slapi_PBlock *pb )
slapi_log_error(SLAPI_LOG_FATAL, NULL, "extendop.c abort with result %d \n", txn_rc);
}
} /* txn_rc */
- if (be_pb != NULL) {
- slapi_pblock_destroy(be_pb); /* Clean up after ourselves */
- }
+ slapi_pblock_destroy(be_pb); /* Clean up after ourselves */
} /* if be */
}
diff --git a/ldap/servers/slapd/pw.c b/ldap/servers/slapd/pw.c
index 703c9e9..17938b5 100644
--- a/ldap/servers/slapd/pw.c
+++ b/ldap/servers/slapd/pw.c
@@ -2879,7 +2879,7 @@ add_shadow_ext_password_attrs(Slapi_PBlock *pb, Slapi_Entry **e)
char *shexp = NULL;
int rc = 0;
- if (!e && !*e) {
+ if (!e || !*e) {
return rc;
}
dn = slapi_entry_get_ndn(*e);
diff --git a/ldap/servers/slapd/schema.c b/ldap/servers/slapd/schema.c
index 52c1495..7689aa9 100644
--- a/ldap/servers/slapd/schema.c
+++ b/ldap/servers/slapd/schema.c
@@ -4506,6 +4506,9 @@ parse_objclass_str ( const char *input, struct objclass **oc, char *errorbuf,
int i, j;
int rc = 0;
+ if (!oc) {
+ return LDAP_PARAM_ERROR;
+ }
if (config_get_enquote_sup_oc()) {
parser_flags |= LDAP_SCHEMA_ALLOW_QUOTED;
} else if (getenv("LDAP_SCHEMA_ALLOW_QUOTED")) {
commit 75f0b8de9c9cb858e8121ce7031dbbee2790fe1b
Author: Noriko Hosoi <nhosoi(a)redhat.com>
Date: Thu May 5 11:19:52 2016 -0700
Ticket #48822 - (389-ds-base-1.3.5) Fixing coverity issues.
Description: RESOURCE_LEAK
slapd/ssl.c:3156: leaked_storage: Variable "personality" going out of
scope leaks the storage it points to.
slapd/ssl.c:2807: leaked_storage: Variable "certdir" going out of scope
leaks the storage it points to.
slapd/ssl.c:2701: leaked_storage: Variable "certdir" going out of scope
leaks the storage it points to.
Freeing the variables with slapi_ch_free_string.
https://fedorahosted.org/389/ticket/48822
Reviewed by wibrown(a)redhat.com (Thank you, William!!)
diff --git a/ldap/servers/slapd/ssl.c b/ldap/servers/slapd/ssl.c
index 9096cb5..12a0360 100644
--- a/ldap/servers/slapd/ssl.c
+++ b/ldap/servers/slapd/ssl.c
@@ -2676,11 +2676,12 @@ gen_pem_path(char *filename)
char *pempath = NULL;
char *dname = NULL;
char *bname = NULL;
- char *certdir = config_get_certdir();
+ char *certdir = NULL;
if (!filename) {
goto bail;
}
+ certdir = config_get_certdir();
pem = PL_strstr(filename, PEMEXT);
if (pem) {
*pem = '\0';
@@ -2698,6 +2699,7 @@ gen_pem_path(char *filename)
pempath = slapi_ch_smprintf("%s/%s/%s%s", certdir, dname, bname, PEMEXT);
}
bail:
+ slapi_ch_free_string(&certdir);
return pempath;
}
@@ -2705,7 +2707,7 @@ static int
slapd_extract_cert(Slapi_Entry *entry, int isCA)
{
CERTCertDBHandle *certHandle;
- char *certdir = config_get_certdir();
+ char *certdir = NULL;
CERTCertListNode *node;
CERTCertList *list = PK11_ListCerts(PK11CertListAll, NULL);
PRFileDesc *outFile = NULL;
@@ -2733,6 +2735,7 @@ slapd_extract_cert(Slapi_Entry *entry, int isCA)
CACertPemFile = certfile;
}
+ certdir = config_get_certdir();
certHandle = CERT_GetDefaultCertDB();
for (node = CERT_LIST_HEAD(list); !CERT_LIST_END(node, list);
node = CERT_LIST_NEXT(node)) {
@@ -2805,6 +2808,7 @@ bail:
slapi_ch_free_string(&certfile);
}
slapi_ch_free_string(&personality);
+ slapi_ch_free_string(&certdir);
if (outFile) {
PR_Close(outFile);
}
@@ -2982,7 +2986,7 @@ slapd_extract_key(Slapi_Entry *entry, char *token, PK11SlotInfo *slot)
char *b64 = NULL;
PRUint32 total = 0;
PRUint32 numBytes = 0;
- char *certdir = config_get_certdir();
+ char *certdir = NULL;
#if defined(ENCRYPTEDKEY)
char *keyEncPwd = NULL;
SVRCOREError err = SVRCORE_Success;
@@ -3040,6 +3044,7 @@ slapd_extract_key(Slapi_Entry *entry, char *token, PK11SlotInfo *slot)
"nsSSLPersonalitySSL value not found.\n");
goto bail;
}
+ certdir = config_get_certdir();
keyfile = gen_pem_path(KeyExtractFile);
if (!keyfile) {
char buf[BUFSIZ];
@@ -3141,6 +3146,7 @@ bail:
slapi_ch_free_string(&certdir);
slapi_ch_free_string(&KeyExtractFile);
slapi_ch_free_string(&keyfile);
+ slapi_ch_free_string(&personality);
if (outFile) {
PR_Close(outFile);
}
commit d1023d843c69abbe72e7759ab738c3ab661205bc
Author: Noriko Hosoi <nhosoi(a)redhat.com>
Date: Wed May 4 19:05:07 2016 -0700
Ticket #48822 - (389-ds-base-1.3.5) Fixing coverity issues.
Description: Buffer Overflow
BAD_SIZEOF -- slapd/ssl.c:3021: bad_sizeof: Taking the size of "randomPassword",
which is the address of an object, is suspicious. Removed unnecessary cast.
SIZEOF_MISMATCH -- slapd/mapping_tree.c:2229: suspicious_sizeof: Passing
argument "errorbuf" of type "char *" and argument "8U /* sizeof (errorbuf) */"
to function "PL_strncpyz" is suspicious.
A pointer of an array is passed to a function, in which it tried to get the the
array size with sizeof, which does not work. Changed the API to pass the size
of the array.
https://fedorahosted.org/389/ticket/48822
Reviewed by wibrown(a)redhat.com (Thank you, William!!)
diff --git a/ldap/servers/plugins/retrocl/retrocl.c b/ldap/servers/plugins/retrocl/retrocl.c
index 427448a..0b336d5 100644
--- a/ldap/servers/plugins/retrocl/retrocl.c
+++ b/ldap/servers/plugins/retrocl/retrocl.c
@@ -203,7 +203,7 @@ static int retrocl_select_backend(void)
slapi_pblock_set(pb,SLAPI_OPERATION, op);
- err = slapi_mapping_tree_select(pb,&be,&referral,errbuf);
+ err = slapi_mapping_tree_select(pb, &be, &referral, errbuf, sizeof(errbuf));
slapi_entry_free(referral);
if (err != LDAP_SUCCESS || be == NULL || be == defbackend_get_backend()) {
diff --git a/ldap/servers/slapd/add.c b/ldap/servers/slapd/add.c
index 1d34d95..629017e 100644
--- a/ldap/servers/slapd/add.c
+++ b/ldap/servers/slapd/add.c
@@ -152,7 +152,7 @@ do_add( Slapi_PBlock *pb )
if ( !normtype || !*normtype ) {
char ebuf[SLAPI_DSE_RETURNTEXT_SIZE];
rc = LDAP_INVALID_SYNTAX;
- slapi_create_errormsg(ebuf, 0, "invalid type '%s'", type);
+ slapi_create_errormsg(ebuf, sizeof(ebuf), "invalid type '%s'", type);
op_shared_log_error_access (pb, "ADD", slapi_sdn_get_dn (slapi_entry_get_sdn_const(e)), ebuf);
send_ldap_result( pb, rc, NULL, ebuf, 0, NULL );
slapi_ch_free_string(&type);
@@ -487,7 +487,7 @@ static void op_shared_add (Slapi_PBlock *pb)
* We could be serving multiple database backends. Select the
* appropriate one.
*/
- if ((err = slapi_mapping_tree_select(pb, &be, &referral, errorbuf)) != LDAP_SUCCESS) {
+ if ((err = slapi_mapping_tree_select(pb, &be, &referral, errorbuf, sizeof(errorbuf))) != LDAP_SUCCESS) {
send_ldap_result(pb, err, NULL, errorbuf, 0, NULL);
be = NULL;
goto done;
diff --git a/ldap/servers/slapd/attr.c b/ldap/servers/slapd/attr.c
index 06fa6a4..7da1bab 100644
--- a/ldap/servers/slapd/attr.c
+++ b/ldap/servers/slapd/attr.c
@@ -938,7 +938,7 @@ int attr_replace(Slapi_Attr *a, Slapi_Value **vals)
}
int
-attr_check_onoff ( const char *attr_name, char *value, long minval, long maxval, char *errorbuf )
+attr_check_onoff ( const char *attr_name, char *value, long minval, long maxval, char *errorbuf, size_t ebuflen )
{
int retVal = LDAP_SUCCESS;
@@ -948,7 +948,7 @@ attr_check_onoff ( const char *attr_name, char *value, long minval, long maxval,
strcasecmp ( value, "0" ) != 0 &&
strcasecmp ( value, "true" ) != 0 &&
strcasecmp ( value, "false" ) != 0 ) {
- slapi_create_errormsg(errorbuf, 0, "%s: invalid value \"%s\".", attr_name, value);
+ slapi_create_errormsg(errorbuf, ebuflen, "%s: invalid value \"%s\".", attr_name, value);
retVal = LDAP_CONSTRAINT_VIOLATION;
}
@@ -956,7 +956,7 @@ attr_check_onoff ( const char *attr_name, char *value, long minval, long maxval,
}
int
-attr_check_minmax ( const char *attr_name, char *value, long minval, long maxval, char *errorbuf )
+attr_check_minmax ( const char *attr_name, char *value, long minval, long maxval, char *errorbuf, size_t ebuflen )
{
int retVal = LDAP_SUCCESS;
long val;
@@ -964,7 +964,7 @@ attr_check_minmax ( const char *attr_name, char *value, long minval, long maxval
val = strtol(value, NULL, 0);
if ( (minval != -1 ? (val < minval ? 1 : 0) : 0) ||
(maxval != -1 ? (val > maxval ? 1 : 0) : 0) ) {
- slapi_create_errormsg(errorbuf, 0, "%s: invalid value \"%s\".", attr_name, value);
+ slapi_create_errormsg(errorbuf, ebuflen, "%s: invalid value \"%s\".", attr_name, value);
retVal = LDAP_CONSTRAINT_VIOLATION;
}
diff --git a/ldap/servers/slapd/back-ldbm/ldbm_config.c b/ldap/servers/slapd/back-ldbm/ldbm_config.c
index 58ab9a0..37ce02d 100644
--- a/ldap/servers/slapd/back-ldbm/ldbm_config.c
+++ b/ldap/servers/slapd/back-ldbm/ldbm_config.c
@@ -425,7 +425,7 @@ static int ldbm_config_dbcachesize_set(void *arg, void *value, char *errorbuf, i
} else if (val > li->li_dbcachesize) {
delta = val - li->li_dbcachesize;
if (!util_is_cachesize_sane(&delta)){
- slapi_create_errormsg(errorbuf, 0, "Error: dbcachememsize value is too large.");
+ slapi_create_errormsg(errorbuf, SLAPI_DSE_RETURNTEXT_SIZE, "Error: dbcachememsize value is too large.");
LDAPDebug0Args(LDAP_DEBUG_ANY,"Error: dbcachememsize value is too large.\n");
return LDAP_UNWILLING_TO_PERFORM;
}
@@ -497,7 +497,7 @@ static int ldbm_config_dbncache_set(void *arg, void *value, char *errorbuf, int
if (val > li->li_dbncache) {
delta = val - li->li_dbncache;
if (!util_is_cachesize_sane(&delta)){
- slapi_create_errormsg(errorbuf, 0, "Error: dbncache size value is too large.");
+ slapi_create_errormsg(errorbuf, SLAPI_DSE_RETURNTEXT_SIZE, "Error: dbncache size value is too large.");
LDAPDebug1Arg(LDAP_DEBUG_ANY,"Error: dbncache size value is too large.\n", val);
return LDAP_UNWILLING_TO_PERFORM;
}
@@ -780,7 +780,7 @@ static int ldbm_config_db_old_idl_maxids_set(void *arg, void *value, char *error
if(val >= 0){
li->li_old_idl_maxids = val;
} else {
- slapi_create_errormsg(errorbuf, 0,
+ slapi_create_errormsg(errorbuf, SLAPI_DSE_RETURNTEXT_SIZE,
"Error: Invalid value for %s (%d). Value must be equal or greater than zero.",
CONFIG_DB_OLD_IDL_MAXIDS, val);
return LDAP_UNWILLING_TO_PERFORM;
@@ -844,7 +844,7 @@ static int ldbm_config_db_trickle_percentage_set(void *arg, void *value, char *e
int val = (int) ((uintptr_t)value);
if (val < 0 || val > 100) {
- slapi_create_errormsg(errorbuf, 0, "Error: Invalid value for %s (%d). Must be between 0 and 100\n",
+ slapi_create_errormsg(errorbuf, SLAPI_DSE_RETURNTEXT_SIZE, "Error: Invalid value for %s (%d). Must be between 0 and 100\n",
CONFIG_DB_TRICKLE_PERCENTAGE, val);
LDAPDebug2Args(LDAP_DEBUG_ANY, "Error: Invalid value for %s (%d). Must be between 0 and 100\n",
CONFIG_DB_TRICKLE_PERCENTAGE, val);
@@ -1078,7 +1078,7 @@ static int ldbm_config_db_cache_set(void *arg, void *value, char *errorbuf, int
if (val > li->li_dblayer_private->dblayer_cache_config) {
delta = val - li->li_dblayer_private->dblayer_cache_config;
if (!util_is_cachesize_sane(&delta)){
- slapi_create_errormsg(errorbuf, 0, "Error: db cachesize value is too large");
+ slapi_create_errormsg(errorbuf, SLAPI_DSE_RETURNTEXT_SIZE, "Error: db cachesize value is too large");
LDAPDebug1Arg(LDAP_DEBUG_ANY,"Error: db cachesize value is too large.\n", val);
return LDAP_UNWILLING_TO_PERFORM;
}
@@ -1209,7 +1209,7 @@ static int ldbm_config_import_cachesize_set(void *arg, void *value, char *errorb
if (val > li->li_import_cachesize) {
delta = val - li->li_import_cachesize;
if (!util_is_cachesize_sane(&delta)){
- slapi_create_errormsg(errorbuf, 0, "Error: import cachesize value is too large.");
+ slapi_create_errormsg(errorbuf, SLAPI_DSE_RETURNTEXT_SIZE, "Error: import cachesize value is too large.");
LDAPDebug0Args(LDAP_DEBUG_ANY,"Error: import cachesize value is too large.\n");
return LDAP_UNWILLING_TO_PERFORM;
}
@@ -1471,7 +1471,7 @@ static int ldbm_config_db_deadlock_policy_set(void *arg, void *value, char *erro
u_int32_t val = (u_int32_t) ((uintptr_t)value);
if (val > DB_LOCK_YOUNGEST) {
- slapi_create_errormsg(errorbuf, 0,
+ slapi_create_errormsg(errorbuf, SLAPI_DSE_RETURNTEXT_SIZE,
"Error: Invalid value for %s (%d). Must be between %d and %d inclusive",
CONFIG_DB_DEADLOCK_POLICY, val, DB_LOCK_DEFAULT, DB_LOCK_YOUNGEST);
LDAPDebug(LDAP_DEBUG_ANY, "Error: Invalid value for deadlock policy (%d). Must be between %d and %d inclusive",
@@ -1479,7 +1479,7 @@ static int ldbm_config_db_deadlock_policy_set(void *arg, void *value, char *erro
return LDAP_UNWILLING_TO_PERFORM;
}
if (val == DB_LOCK_NORUN) {
- slapi_create_errormsg(errorbuf, 0,
+ slapi_create_errormsg(errorbuf, SLAPI_DSE_RETURNTEXT_SIZE,
"Warning: Setting value for %s to (%d) will disable deadlock detection",
CONFIG_DB_DEADLOCK_POLICY, val);
LDAPDebug2Args(LDAP_DEBUG_ANY, "Warning: Setting value for %s to (%d) will disable deadlock detection",
@@ -1902,7 +1902,7 @@ int ldbm_config_set(void *arg, char *attr_name, config_info *config_array, struc
config = get_config_info(config_array, attr_name);
if (NULL == config) {
LDAPDebug(LDAP_DEBUG_CONFIG, "Unknown config attribute %s\n", attr_name, 0, 0);
- slapi_create_errormsg(err_buf, 0, "Unknown config attribute %s\n", attr_name);
+ slapi_create_errormsg(err_buf, SLAPI_DSE_RETURNTEXT_SIZE, "Unknown config attribute %s\n", attr_name);
return LDAP_SUCCESS; /* Ignore unknown attributes */
}
@@ -1910,7 +1910,7 @@ int ldbm_config_set(void *arg, char *attr_name, config_info *config_array, struc
if (phase == CONFIG_PHASE_RUNNING &&
!(config->config_flags & CONFIG_FLAG_ALLOW_RUNNING_CHANGE)) {
LDAPDebug1Arg(LDAP_DEBUG_ANY, "%s can't be modified while the server is running.\n", attr_name);
- slapi_create_errormsg(err_buf, 0, "%s can't be modified while the server is running.\n", attr_name);
+ slapi_create_errormsg(err_buf, SLAPI_DSE_RETURNTEXT_SIZE, "%s can't be modified while the server is running.\n", attr_name);
return LDAP_UNWILLING_TO_PERFORM;
}
@@ -1928,7 +1928,7 @@ int ldbm_config_set(void *arg, char *attr_name, config_info *config_array, struc
previously set to a non-default value */
if (SLAPI_IS_MOD_ADD(mod_op) && apply_mod &&
(config->config_flags & CONFIG_FLAG_PREVIOUSLY_SET)) {
- slapi_create_errormsg(err_buf, 0, "cannot add a value to single valued attribute %s.\n", attr_name);
+ slapi_create_errormsg(err_buf, SLAPI_DSE_RETURNTEXT_SIZE, "cannot add a value to single valued attribute %s.\n", attr_name);
return LDAP_OBJECT_CLASS_VIOLATION;
}
}
@@ -1939,7 +1939,7 @@ int ldbm_config_set(void *arg, char *attr_name, config_info *config_array, struc
char buf[BUFSIZ];
ldbm_config_get(arg, config, buf);
if (PL_strncmp(buf, bval->bv_val, bval->bv_len)) {
- slapi_create_errormsg(err_buf, 0,
+ slapi_create_errormsg(err_buf, SLAPI_DSE_RETURNTEXT_SIZE,
"value [%s] for attribute %s does not match existing value [%s].\n", bval->bv_val, attr_name, buf);
return LDAP_NO_SUCH_ATTRIBUTE;
}
@@ -1956,19 +1956,19 @@ int ldbm_config_set(void *arg, char *attr_name, config_info *config_array, struc
llval = db_atoi(str_val, &err);
/* check for parsing error (e.g. not a number) */
if (err) {
- slapi_create_errormsg(err_buf, 0, "Error: value %s for attr %s is not a number\n", str_val, attr_name);
+ slapi_create_errormsg(err_buf, SLAPI_DSE_RETURNTEXT_SIZE, "Error: value %s for attr %s is not a number\n", str_val, attr_name);
LDAPDebug2Args(LDAP_DEBUG_ANY, "Error: value %s for attr %s is not a number\n", str_val, attr_name);
return LDAP_UNWILLING_TO_PERFORM;
/* check for overflow */
} else if (LL_CMP(llval, >, llmaxint)) {
- slapi_create_errormsg(err_buf, 0, "Error: value %s for attr %s is greater than the maximum %d\n",
+ slapi_create_errormsg(err_buf, SLAPI_DSE_RETURNTEXT_SIZE, "Error: value %s for attr %s is greater than the maximum %d\n",
str_val, attr_name, maxint);
LDAPDebug(LDAP_DEBUG_ANY, "Error: value %s for attr %s is greater than the maximum %d\n",
str_val, attr_name, maxint);
return LDAP_UNWILLING_TO_PERFORM;
/* check for underflow */
} else if (LL_CMP(llval, <, llminint)) {
- slapi_create_errormsg(err_buf, 0, "Error: value %s for attr %s is less than the minimum %d\n",
+ slapi_create_errormsg(err_buf, SLAPI_DSE_RETURNTEXT_SIZE, "Error: value %s for attr %s is less than the minimum %d\n",
str_val, attr_name, minint);
LDAPDebug(LDAP_DEBUG_ANY, "Error: value %s for attr %s is less than the minimum %d\n",
str_val, attr_name, minint);
@@ -1996,21 +1996,21 @@ int ldbm_config_set(void *arg, char *attr_name, config_info *config_array, struc
llval = db_atoi(str_val, &err);
/* check for parsing error (e.g. not a number) */
if (err) {
- slapi_create_errormsg(err_buf, 0, "Error: value %s for attr %s is not a number\n",
+ slapi_create_errormsg(err_buf, SLAPI_DSE_RETURNTEXT_SIZE, "Error: value %s for attr %s is not a number\n",
str_val, attr_name);
LDAPDebug2Args(LDAP_DEBUG_ANY, "Error: value %s for attr %s is not a number\n",
str_val, attr_name);
return LDAP_UNWILLING_TO_PERFORM;
/* check for overflow */
} else if (LL_CMP(llval, >, llmaxint)) {
- slapi_create_errormsg(err_buf, 0, "Error: value %s for attr %s is greater than the maximum %d\n",
+ slapi_create_errormsg(err_buf, SLAPI_DSE_RETURNTEXT_SIZE, "Error: value %s for attr %s is greater than the maximum %d\n",
str_val, attr_name, maxint);
LDAPDebug(LDAP_DEBUG_ANY, "Error: value %s for attr %s is greater than the maximum %d\n",
str_val, attr_name, maxint);
return LDAP_UNWILLING_TO_PERFORM;
/* check for underflow */
} else if (LL_CMP(llval, <, llminint)) {
- slapi_create_errormsg(err_buf, 0, "Error: value %s for attr %s is less than the minimum %d\n",
+ slapi_create_errormsg(err_buf, SLAPI_DSE_RETURNTEXT_SIZE, "Error: value %s for attr %s is less than the minimum %d\n",
str_val, attr_name, minint);
LDAPDebug(LDAP_DEBUG_ANY, "Error: value %s for attr %s is less than the minimum %d\n",
str_val, attr_name, minint);
@@ -2032,14 +2032,14 @@ int ldbm_config_set(void *arg, char *attr_name, config_info *config_array, struc
/* check for parsing error (e.g. not a number) */
if (err == EINVAL) {
- slapi_create_errormsg(err_buf, 0, "Error: value %s for attr %s is not a number\n",
+ slapi_create_errormsg(err_buf, SLAPI_DSE_RETURNTEXT_SIZE, "Error: value %s for attr %s is not a number\n",
str_val, attr_name);
LDAPDebug2Args(LDAP_DEBUG_ANY, "Error: value %s for attr %s is not a number\n",
str_val, attr_name);
return LDAP_UNWILLING_TO_PERFORM;
/* check for overflow */
} else if (err == ERANGE) {
- slapi_create_errormsg(err_buf, 0, "Error: value %s for attr %s is outside the range of representable values\n",
+ slapi_create_errormsg(err_buf, SLAPI_DSE_RETURNTEXT_SIZE, "Error: value %s for attr %s is outside the range of representable values\n",
str_val, attr_name);
LDAPDebug2Args(LDAP_DEBUG_ANY, "Error: value %s for attr %s is outside the range of representable values\n",
str_val, attr_name);
diff --git a/ldap/servers/slapd/back-ldbm/ldbm_index_config.c b/ldap/servers/slapd/back-ldbm/ldbm_index_config.c
index 42c8ffe..3e59e72 100644
--- a/ldap/servers/slapd/back-ldbm/ldbm_index_config.c
+++ b/ldap/servers/slapd/back-ldbm/ldbm_index_config.c
@@ -146,7 +146,7 @@ ldbm_instance_index_config_delete_callback(Slapi_PBlock *pb, Slapi_Entry* e, Sla
if ((slapi_counter_get_value(inst->inst_ref_count) > 0) ||
/* check if the backend is ON or not.
* If offline or being deleted, non SUCCESS is returned. */
- (slapi_mapping_tree_select(pb, &be, NULL, returntext) != LDAP_SUCCESS)) {
+ (slapi_mapping_tree_select(pb, &be, NULL, returntext, SLAPI_DSE_RETURNTEXT_SIZE) != LDAP_SUCCESS)) {
*returncode = LDAP_UNAVAILABLE;
rc = SLAPI_DSE_CALLBACK_ERROR;
goto bail;
diff --git a/ldap/servers/slapd/back-ldbm/ldbm_instance_config.c b/ldap/servers/slapd/back-ldbm/ldbm_instance_config.c
index 2506261..9302410 100644
--- a/ldap/servers/slapd/back-ldbm/ldbm_instance_config.c
+++ b/ldap/servers/slapd/back-ldbm/ldbm_instance_config.c
@@ -109,7 +109,7 @@ ldbm_instance_config_cachememsize_set(void *arg, void *value, char *errorbuf, in
if (val > inst->inst_cache.c_maxsize) {
delta = val - inst->inst_cache.c_maxsize;
if (!util_is_cachesize_sane(&delta)){
- slapi_create_errormsg(errorbuf, 0, "Error: cachememsize value is too large.");
+ slapi_create_errormsg(errorbuf, SLAPI_DSE_RETURNTEXT_SIZE, "Error: cachememsize value is too large.");
LDAPDebug0Args(LDAP_DEBUG_ANY, "Error: cachememsize value is too large.\n");
return LDAP_UNWILLING_TO_PERFORM;
}
@@ -151,7 +151,7 @@ ldbm_instance_config_dncachememsize_set(void *arg, void *value, char *errorbuf,
if (val > inst->inst_dncache.c_maxsize) {
delta = val - inst->inst_dncache.c_maxsize;
if (!util_is_cachesize_sane(&delta)){
- slapi_create_errormsg(errorbuf, 0, "Error: dncachememsize value is too large.");
+ slapi_create_errormsg(errorbuf, SLAPI_DSE_RETURNTEXT_SIZE, "Error: dncachememsize value is too large.");
LDAPDebug0Args(LDAP_DEBUG_ANY,"Error: dncachememsize value is too large.\n");
return LDAP_UNWILLING_TO_PERFORM;
}
diff --git a/ldap/servers/slapd/bind.c b/ldap/servers/slapd/bind.c
index 00795c4..1ffec4e 100644
--- a/ldap/servers/slapd/bind.c
+++ b/ldap/servers/slapd/bind.c
@@ -655,7 +655,7 @@ do_bind( Slapi_PBlock *pb )
}
/* We could be serving multiple database backends. Select the appropriate one */
- if (slapi_mapping_tree_select(pb, &be, &referral, NULL) != LDAP_SUCCESS) {
+ if (slapi_mapping_tree_select(pb, &be, &referral, NULL, 0) != LDAP_SUCCESS) {
send_nobackend_ldap_result( pb );
be = NULL;
goto free_and_return;
@@ -685,7 +685,7 @@ do_bind( Slapi_PBlock *pb )
Slapi_DN *pb_sdn;
slapi_pblock_get(pb, SLAPI_BIND_TARGET_SDN, &pb_sdn);
if (!pb_sdn) {
- slapi_create_errormsg(errorbuf, 0, "Pre-bind plug-in set NULL dn\n");
+ slapi_create_errormsg(errorbuf, sizeof(errorbuf), "Pre-bind plug-in set NULL dn\n");
send_ldap_result(pb, LDAP_OPERATIONS_ERROR, NULL, errorbuf, 0, NULL);
goto free_and_return;
} else if ((pb_sdn != sdn) || (sdn_updated = slapi_sdn_compare(original_sdn, pb_sdn))) {
@@ -696,7 +696,7 @@ do_bind( Slapi_PBlock *pb )
sdn = pb_sdn;
dn = slapi_sdn_get_dn(sdn);
if (!dn) {
- slapi_create_errormsg(errorbuf, 0, "Pre-bind plug-in set corrupted dn\n");
+ slapi_create_errormsg(errorbuf, sizeof(errorbuf), "Pre-bind plug-in set corrupted dn\n");
send_ldap_result(pb, LDAP_OPERATIONS_ERROR, NULL, errorbuf, 0, NULL);
goto free_and_return;
}
@@ -710,7 +710,7 @@ do_bind( Slapi_PBlock *pb )
slapi_be_Rlock(be);
slapi_pblock_set( pb, SLAPI_BACKEND, be );
} else {
- slapi_create_errormsg(errorbuf, 0, "No matching backend for %s\n", dn);
+ slapi_create_errormsg(errorbuf, sizeof(errorbuf), "No matching backend for %s\n", dn);
send_ldap_result(pb, LDAP_OPERATIONS_ERROR, NULL, errorbuf, 0, NULL);
goto free_and_return;
}
diff --git a/ldap/servers/slapd/compare.c b/ldap/servers/slapd/compare.c
index 36a5be8..3977452 100644
--- a/ldap/servers/slapd/compare.c
+++ b/ldap/servers/slapd/compare.c
@@ -119,7 +119,7 @@ do_compare( Slapi_PBlock *pb )
* We could be serving multiple database backends. Select the
* appropriate one.
*/
- if ((err = slapi_mapping_tree_select(pb, &be, &referral, errorbuf)) != LDAP_SUCCESS) {
+ if ((err = slapi_mapping_tree_select(pb, &be, &referral, errorbuf, sizeof(errorbuf))) != LDAP_SUCCESS) {
send_ldap_result(pb, err, NULL, errorbuf, 0, NULL);
be = NULL;
goto free_and_return;
diff --git a/ldap/servers/slapd/delete.c b/ldap/servers/slapd/delete.c
index b2d8408..6b7488d 100644
--- a/ldap/servers/slapd/delete.c
+++ b/ldap/servers/slapd/delete.c
@@ -290,7 +290,7 @@ static void op_shared_delete (Slapi_PBlock *pb)
* We could be serving multiple database backends. Select the
* appropriate one.
*/
- if ((err = slapi_mapping_tree_select(pb, &be, &referral, errorbuf)) != LDAP_SUCCESS) {
+ if ((err = slapi_mapping_tree_select(pb, &be, &referral, errorbuf, sizeof(errorbuf))) != LDAP_SUCCESS) {
send_ldap_result(pb, err, NULL, errorbuf, 0, NULL);
be = NULL;
goto free_and_return;
diff --git a/ldap/servers/slapd/libglobs.c b/ldap/servers/slapd/libglobs.c
index dffd67e..a9334e4 100644
--- a/ldap/servers/slapd/libglobs.c
+++ b/ldap/servers/slapd/libglobs.c
@@ -1814,7 +1814,7 @@ config_value_is_null( const char *attrname, const char *value, char *errorbuf,
int or_zero_length )
{
if ( NULL == value || ( or_zero_length && *value == '\0' )) {
- slapi_create_errormsg(errorbuf, 0, "%s: deleting the value is not allowed.", attrname);
+ slapi_create_errormsg(errorbuf, SLAPI_DSE_RETURNTEXT_SIZE, "%s: deleting the value is not allowed.", attrname);
return 1;
}
@@ -1869,7 +1869,7 @@ config_set_disk_threshold( const char *attrname, char *value, char *errorbuf, in
errno = 0;
threshold = strtoll(value, &endp, 10);
if ( *endp != '\0' || threshold <= 4096 || errno == ERANGE ) {
- slapi_create_errormsg(errorbuf, 0,
+ slapi_create_errormsg(errorbuf, SLAPI_DSE_RETURNTEXT_SIZE,
"%s: \"%s\" is invalid, threshold must be greater than 4096 and less then %lld",
attrname, value, (long long int)LONG_MAX);
retVal = LDAP_OPERATIONS_ERROR;
@@ -1910,7 +1910,7 @@ config_set_disk_grace_period( const char *attrname, char *value, char *errorbuf,
period = strtol(value, &endp, 10);
if ( *endp != '\0' || period < 1 || errno == ERANGE ) {
- slapi_create_errormsg(errorbuf, 0,
+ slapi_create_errormsg(errorbuf, SLAPI_DSE_RETURNTEXT_SIZE,
"%s: \"%s\" is invalid, grace period must be at least 1 minute", attrname, value);
retVal = LDAP_OPERATIONS_ERROR;
return retVal;
@@ -1947,7 +1947,7 @@ config_set_ndn_cache_max_size(const char *attrname, char *value, char *errorbuf,
size = strtol(value, &endp, 10);
if ( *endp != '\0' || errno == ERANGE){
retVal = LDAP_OPERATIONS_ERROR;
- slapi_create_errormsg(errorbuf, 0, "(%s) value (%s) is invalid\n", attrname, value);
+ slapi_create_errormsg(errorbuf, SLAPI_DSE_RETURNTEXT_SIZE, "(%s) value (%s) is invalid\n", attrname, value);
return retVal;
}
@@ -1955,7 +1955,7 @@ config_set_ndn_cache_max_size(const char *attrname, char *value, char *errorbuf,
size = 0; /* same as -1 */
}
if(size > 0 && size < 1024000){
- slapi_create_errormsg(errorbuf, 0,
+ slapi_create_errormsg(errorbuf, SLAPI_DSE_RETURNTEXT_SIZE,
"ndn_cache_max_size too low(%d), changing to %d bytes.\n",(int)size, NDN_DEFAULT_SIZE);
size = NDN_DEFAULT_SIZE;
}
@@ -1980,12 +1980,12 @@ config_set_sasl_maxbufsize(const char *attrname, char *value, char *errorbuf, in
size = strtol(value, &endp, 10);
if ( *endp != '\0' || errno == ERANGE){
retVal = LDAP_OPERATIONS_ERROR;
- slapi_create_errormsg(errorbuf, 0, "(%s) value (%s) is invalid\n", attrname, value);
+ slapi_create_errormsg(errorbuf, SLAPI_DSE_RETURNTEXT_SIZE, "(%s) value (%s) is invalid\n", attrname, value);
return retVal;
}
if(size < default_size){
- slapi_create_errormsg(errorbuf, 0,
+ slapi_create_errormsg(errorbuf, SLAPI_DSE_RETURNTEXT_SIZE,
"nsslapd-sasl-max-buffer-size is too low (%ld), setting to default value (%ld).\n",
size, default_size);
size = default_size;
@@ -2025,7 +2025,7 @@ config_set_port( const char *attrname, char *port, char *errorbuf, int apply ) {
nPort = strtol(port, &endp, 10);
if ( *endp != '\0' || errno == ERANGE || nPort > LDAP_PORT_MAX || nPort < 0 ) {
retVal = LDAP_OPERATIONS_ERROR;
- slapi_create_errormsg(errorbuf, 0,
+ slapi_create_errormsg(errorbuf, SLAPI_DSE_RETURNTEXT_SIZE,
"%s: \"%s\" is invalid, ports must range from 0 to %d", attrname, port, LDAP_PORT_MAX);
return retVal;
}
@@ -2060,7 +2060,7 @@ config_set_secureport( const char *attrname, char *port, char *errorbuf, int app
nPort = strtol(port, &endp, 10);
if (*endp != '\0' || errno == ERANGE || nPort > LDAP_PORT_MAX || nPort <= 0 ) {
retVal = LDAP_OPERATIONS_ERROR;
- slapi_create_errormsg(errorbuf, 0,
+ slapi_create_errormsg(errorbuf, SLAPI_DSE_RETURNTEXT_SIZE,
"%s: \"%s\" is invalid, ports must range from 1 to %d", attrname, port, LDAP_PORT_MAX);
}
@@ -2089,7 +2089,7 @@ config_set_SSLclientAuth( const char *attrname, char *value, char *errorbuf, int
strcasecmp (value, "allowed") != 0 &&
strcasecmp (value, "required")!= 0 ) {
retVal = LDAP_OPERATIONS_ERROR;
- slapi_create_errormsg(errorbuf, 0, "%s: unsupported value: %s", attrname, value);
+ slapi_create_errormsg(errorbuf, SLAPI_DSE_RETURNTEXT_SIZE, "%s: unsupported value: %s", attrname, value);
return retVal;
}
else if ( !apply ) {
@@ -2110,7 +2110,7 @@ config_set_SSLclientAuth( const char *attrname, char *value, char *errorbuf, int
}
else {
retVal = LDAP_OPERATIONS_ERROR;
- slapi_create_errormsg(errorbuf, 0, "%s: unsupported value: %s", attrname, value);
+ slapi_create_errormsg(errorbuf, SLAPI_DSE_RETURNTEXT_SIZE, "%s: unsupported value: %s", attrname, value);
}
CFG_UNLOCK_WRITE(slapdFrontendConfig);
@@ -2190,7 +2190,7 @@ config_set_snmp_index(const char *attrname, char *value, char *errorbuf, int app
snmp_index = strtol(value, &endp, 10);
if (*endp != '\0' || errno == ERANGE || snmp_index < snmp_index_disable) {
- slapi_create_errormsg(errorbuf, 0,
+ slapi_create_errormsg(errorbuf, SLAPI_DSE_RETURNTEXT_SIZE,
"%s: invalid value \"%s\", %s must be greater or equal to %lu (%lu means disabled)",
attrname, value, CONFIG_SNMP_INDEX_ATTRIBUTE, snmp_index_disable, snmp_index_disable);
retVal = LDAP_OPERATIONS_ERROR;
@@ -2454,7 +2454,7 @@ config_set_sizelimit( const char *attrname, char *value, char *errorbuf, int app
sizelimit = strtol(value, &endp, 10);
if ( *endp != '\0' || errno == ERANGE || sizelimit < -1 ) {
- slapi_create_errormsg(errorbuf, 0, "%s: \"%s\" is invalid, sizelimit must range from -1 to %lld",
+ slapi_create_errormsg(errorbuf, SLAPI_DSE_RETURNTEXT_SIZE, "%s: \"%s\" is invalid, sizelimit must range from -1 to %lld",
attrname, value, (long long int)LONG_MAX );
retVal = LDAP_OPERATIONS_ERROR;
return retVal;
@@ -2498,7 +2498,7 @@ config_set_pagedsizelimit( const char *attrname, char *value, char *errorbuf, in
pagedsizelimit = strtol(value, &endp, 10);
if ( *endp != '\0' || errno == ERANGE || pagedsizelimit < -1 ) {
- slapi_create_errormsg(errorbuf, 0,
+ slapi_create_errormsg(errorbuf, SLAPI_DSE_RETURNTEXT_SIZE,
"%s: \"%s\" is invalid, pagedsizelimit must range from -1 to %lld",
attrname, value, (long long int)LONG_MAX );
retVal = LDAP_OPERATIONS_ERROR;
@@ -2540,10 +2540,10 @@ config_set_pw_storagescheme( const char *attrname, char *value, char *errorbuf,
new_scheme = pw_name2scheme(value);
if ( new_scheme == NULL) {
if ( scheme_list != NULL ) {
- slapi_create_errormsg(errorbuf, 0, "%s: invalid scheme - %s. Valid schemes are: %s",
+ slapi_create_errormsg(errorbuf, SLAPI_DSE_RETURNTEXT_SIZE, "%s: invalid scheme - %s. Valid schemes are: %s",
attrname, value, scheme_list );
} else {
- slapi_create_errormsg(errorbuf, 0,
+ slapi_create_errormsg(errorbuf, SLAPI_DSE_RETURNTEXT_SIZE,
"%s: invalid scheme - %s (no pwdstorage scheme plugin loaded)",
attrname, value);
}
@@ -2559,7 +2559,7 @@ config_set_pw_storagescheme( const char *attrname, char *value, char *errorbuf,
they are in clear. We don't take it */
if (scheme_list) {
- slapi_create_errormsg(errorbuf, 0,
+ slapi_create_errormsg(errorbuf, SLAPI_DSE_RETURNTEXT_SIZE,
"pw_storagescheme: invalid encoding scheme - %s\nValid values are: %s\n", value, scheme_list);
}
retVal = LDAP_UNWILLING_TO_PERFORM;
@@ -2720,7 +2720,7 @@ config_set_pw_minlength( const char *attrname, char *value, char *errorbuf, int
minLength = strtol(value, &endp, 10);
if ( *endp != '\0' || errno == ERANGE || minLength < 2 || minLength > 512 ) {
- slapi_create_errormsg(errorbuf, 0,
+ slapi_create_errormsg(errorbuf, SLAPI_DSE_RETURNTEXT_SIZE,
"password minimum length \"%s\" is invalid. The minimum length must range from 2 to 512.", value);
retVal = LDAP_OPERATIONS_ERROR;
return retVal;
@@ -2753,7 +2753,7 @@ config_set_pw_mindigits( const char *attrname, char *value, char *errorbuf, int
minDigits = strtol(value, &endp, 10);
if ( *endp != '\0' || errno == ERANGE || minDigits < 0 || minDigits > 64 ) {
- slapi_create_errormsg(errorbuf, 0,
+ slapi_create_errormsg(errorbuf, SLAPI_DSE_RETURNTEXT_SIZE,
"password minimum number of digits \"%s\" is invalid. "
"The minimum number of digits must range from 0 to 64.", value);
retVal = LDAP_OPERATIONS_ERROR;
@@ -2787,7 +2787,7 @@ config_set_pw_minalphas( const char *attrname, char *value, char *errorbuf, int
minAlphas = strtol(value, &endp, 10);
if ( *endp != '\0' || errno == ERANGE || minAlphas < 0 || minAlphas > 64 ) {
- slapi_create_errormsg(errorbuf, 0,
+ slapi_create_errormsg(errorbuf, SLAPI_DSE_RETURNTEXT_SIZE,
"password minimum number of alphas \"%s\" is invalid. "
"The minimum number of alphas must range from 0 to 64.", value);
retVal = LDAP_OPERATIONS_ERROR;
@@ -2821,7 +2821,7 @@ config_set_pw_minuppers( const char *attrname, char *value, char *errorbuf, int
minUppers = strtol(value, &endp, 10);
if ( *endp != '\0' || errno == ERANGE || minUppers < 0 || minUppers > 64 ) {
- slapi_create_errormsg(errorbuf, 0,
+ slapi_create_errormsg(errorbuf, SLAPI_DSE_RETURNTEXT_SIZE,
"password minimum number of uppercase characters \"%s\" is invalid. "
"The minimum number of uppercase characters must range from 0 to 64.", value);
retVal = LDAP_OPERATIONS_ERROR;
@@ -2855,7 +2855,7 @@ config_set_pw_minlowers( const char *attrname, char *value, char *errorbuf, int
minLowers = strtol(value, &endp, 10);
if ( *endp != '\0' || errno == ERANGE || minLowers < 0 || minLowers > 64 ) {
- slapi_create_errormsg(errorbuf, 0,
+ slapi_create_errormsg(errorbuf, SLAPI_DSE_RETURNTEXT_SIZE,
"password minimum number of lowercase characters \"%s\" is invalid. "
"The minimum number of lowercase characters must range from 0 to 64.", value);
retVal = LDAP_OPERATIONS_ERROR;
@@ -2889,7 +2889,7 @@ config_set_pw_minspecials( const char *attrname, char *value, char *errorbuf, in
minSpecials = strtol(value, &endp, 10);
if ( *endp != '\0' || errno == ERANGE || minSpecials < 0 || minSpecials > 64 ) {
- slapi_create_errormsg(errorbuf, 0,
+ slapi_create_errormsg(errorbuf, SLAPI_DSE_RETURNTEXT_SIZE,
"password minimum number of special characters \"%s\" is invalid. "
"The minimum number of special characters must range from 0 to 64.", value);
retVal = LDAP_OPERATIONS_ERROR;
@@ -2923,7 +2923,7 @@ config_set_pw_min8bit( const char *attrname, char *value, char *errorbuf, int ap
min8bit = strtol(value, &endp, 10);
if ( *endp != '\0' || errno == ERANGE || min8bit < 0 || min8bit > 64 ) {
- slapi_create_errormsg(errorbuf, 0,
+ slapi_create_errormsg(errorbuf, SLAPI_DSE_RETURNTEXT_SIZE,
"password minimum number of 8-bit characters \"%s\" is invalid. "
"The minimum number of 8-bit characters must range from 0 to 64.", value);
retVal = LDAP_OPERATIONS_ERROR;
@@ -2957,7 +2957,7 @@ config_set_pw_maxrepeats( const char *attrname, char *value, char *errorbuf, int
maxRepeats = strtol(value, &endp, 10);
if ( *endp != '\0' || errno == ERANGE || maxRepeats < 0 || maxRepeats > 64 ) {
- slapi_create_errormsg(errorbuf, 0,
+ slapi_create_errormsg(errorbuf, SLAPI_DSE_RETURNTEXT_SIZE,
"password maximum number of repeated characters \"%s\" is invalid. "
"The maximum number of repeated characters must range from 0 to 64.", value);
retVal = LDAP_OPERATIONS_ERROR;
@@ -2991,7 +2991,7 @@ config_set_pw_mincategories( const char *attrname, char *value, char *errorbuf,
minCategories = strtol(value, &endp, 10);
if ( *endp != '\0' || errno == ERANGE || minCategories < 1 || minCategories > 5 ) {
- slapi_create_errormsg(errorbuf, 0,
+ slapi_create_errormsg(errorbuf, SLAPI_DSE_RETURNTEXT_SIZE,
"password minimum number of categories \"%s\" is invalid. "
"The minimum number of categories must range from 1 to 5.", value);
retVal = LDAP_OPERATIONS_ERROR;
@@ -3025,7 +3025,7 @@ config_set_pw_mintokenlength( const char *attrname, char *value, char *errorbuf,
minTokenLength = strtol(value, &endp, 10);
if ( *endp != '\0' || errno == ERANGE || minTokenLength < 1 || minTokenLength > 64 ) {
- slapi_create_errormsg(errorbuf, 0,
+ slapi_create_errormsg(errorbuf, SLAPI_DSE_RETURNTEXT_SIZE,
"password minimum token length \"%s\" is invalid. "
"The minimum token length must range from 1 to 64.", value);
retVal = LDAP_OPERATIONS_ERROR;
@@ -3059,7 +3059,7 @@ config_set_pw_maxfailure( const char *attrname, char *value, char *errorbuf, int
maxFailure = strtol(value, &endp, 10);
if ( *endp != '\0' || errno == ERANGE || maxFailure <= 0 || maxFailure > 32767 ) {
- slapi_create_errormsg(errorbuf, 0,
+ slapi_create_errormsg(errorbuf, SLAPI_DSE_RETURNTEXT_SIZE,
"password maximum retry \"%s\" is invalid. Password maximum failure must range from 1 to 32767", value);
retVal = LDAP_OPERATIONS_ERROR;
return retVal;
@@ -3094,7 +3094,7 @@ config_set_pw_inhistory( const char *attrname, char *value, char *errorbuf, int
history = strtol(value, &endp, 10);
if ( *endp != '\0' || errno == ERANGE || history < 1 || history > 24 ) {
- slapi_create_errormsg(errorbuf, 0,
+ slapi_create_errormsg(errorbuf, SLAPI_DSE_RETURNTEXT_SIZE,
"password history length \"%s\" is invalid. The password history must range from 1 to 24", value);
retVal = LDAP_OPERATIONS_ERROR;
return retVal;
@@ -3128,7 +3128,7 @@ config_set_pw_lockduration( const char *attrname, char *value, char *errorbuf, i
duration = parse_duration(value);
if ( errno == ERANGE || duration <= 0 || duration > (MAX_ALLOWED_TIME_IN_SECS - current_time()) ) {
- slapi_create_errormsg(errorbuf, 0, "password lockout duration \"%s\" is invalid. ", value);
+ slapi_create_errormsg(errorbuf, SLAPI_DSE_RETURNTEXT_SIZE, "password lockout duration \"%s\" is invalid. ", value);
retVal = LDAP_OPERATIONS_ERROR;
return retVal;
}
@@ -3157,7 +3157,7 @@ config_set_pw_resetfailurecount( const char *attrname, char *value, char *errorb
duration = parse_duration(value);
if ( errno == ERANGE || duration < 0 || duration > (MAX_ALLOWED_TIME_IN_SECS - current_time()) ) {
- slapi_create_errormsg(errorbuf, 0, "password reset count duration \"%s\" is invalid. ", value);
+ slapi_create_errormsg(errorbuf, SLAPI_DSE_RETURNTEXT_SIZE, "password reset count duration \"%s\" is invalid. ", value);
retVal = LDAP_OPERATIONS_ERROR;
return retVal;
}
@@ -3299,7 +3299,7 @@ config_set_pw_gracelimit( const char *attrname, char *value, char *errorbuf, int
gracelimit = strtol(value, &endp, 10);
if ( *endp != '\0' || errno == ERANGE || gracelimit < 0 ) {
- slapi_create_errormsg(errorbuf, 0,
+ slapi_create_errormsg(errorbuf, SLAPI_DSE_RETURNTEXT_SIZE,
"password grace limit \"%s\" is invalid, password grace limit must range from 0 to %lld",
value , (long long int)LONG_MAX);
retVal = LDAP_OPERATIONS_ERROR;
@@ -3522,7 +3522,7 @@ config_set_onoff(const char *attrname, char *value, int *configvalue, char *erro
CFG_ONOFF_LOCK_WRITE(slapdFrontendConfig);
if (strcasecmp(value, "on") && strcasecmp(value, "off")) {
- slapi_create_errormsg(errorbuf, 0,
+ slapi_create_errormsg(errorbuf, SLAPI_DSE_RETURNTEXT_SIZE,
"%s: invalid value \"%s\". Valid values are \"on\" or \"off\".", attrname, value);
retVal = LDAP_OPERATIONS_ERROR;
}
@@ -3725,7 +3725,7 @@ config_set_rootpw( const char *attrname, char *value, char *errorbuf, int apply
/* pwd enc func returns slapi_ch_malloc memory */
slapdFrontendConfig->rootpw = (slapdFrontendConfig->rootpwstoragescheme->pws_enc)(value);
} else {
- slapi_create_errormsg(errorbuf, 0,
+ slapi_create_errormsg(errorbuf, SLAPI_DSE_RETURNTEXT_SIZE,
"%s: password scheme mismatch (passwd scheme is %s; password is clear text)",
attrname, slapdFrontendConfig->rootpwstoragescheme->pws_name);
retVal = LDAP_PARAM_ERROR;
@@ -3751,10 +3751,10 @@ config_set_rootpwstoragescheme( const char *attrname, char *value, char *errorbu
if (errorbuf) {
char * scheme_list = plugin_get_pwd_storage_scheme_list(PLUGIN_LIST_PWD_STORAGE_SCHEME);
if ( scheme_list ) {
- slapi_create_errormsg(errorbuf, 0, "%s: invalid scheme - %s. Valid schemes are: %s",
+ slapi_create_errormsg(errorbuf, SLAPI_DSE_RETURNTEXT_SIZE, "%s: invalid scheme - %s. Valid schemes are: %s",
attrname, value, scheme_list );
} else {
- slapi_create_errormsg(errorbuf, 0,
+ slapi_create_errormsg(errorbuf, SLAPI_DSE_RETURNTEXT_SIZE,
"%s: invalid scheme - %s (no pwdstorage scheme plugin loaded)", attrname, value);
}
slapi_ch_free_string(&scheme_list);
@@ -3834,12 +3834,12 @@ config_set_workingdir( const char *attrname, char *value, char *errorbuf, int ap
}
if ( PR_Access ( value, PR_ACCESS_EXISTS ) != 0 ) {
- slapi_create_errormsg(errorbuf, 0, "Working directory \"%s\" does not exist.", value);
+ slapi_create_errormsg(errorbuf, SLAPI_DSE_RETURNTEXT_SIZE, "Working directory \"%s\" does not exist.", value);
retVal = LDAP_OPERATIONS_ERROR;
return retVal;
}
if ( PR_Access ( value, PR_ACCESS_WRITE_OK ) != 0 ) {
- slapi_create_errormsg(errorbuf, 0, "Working directory \"%s\" is not writeable.", value);
+ slapi_create_errormsg(errorbuf, SLAPI_DSE_RETURNTEXT_SIZE, "Working directory \"%s\" is not writeable.", value);
retVal = LDAP_OPERATIONS_ERROR;
return retVal;
}
@@ -3889,7 +3889,7 @@ config_set_threadnumber( const char *attrname, char *value, char *errorbuf, int
threadnum = strtol(value, &endp, 10);
if ( *endp != '\0' || errno == ERANGE || threadnum < 1 || threadnum > 65535 ) {
- slapi_create_errormsg(errorbuf, 0,
+ slapi_create_errormsg(errorbuf, SLAPI_DSE_RETURNTEXT_SIZE,
"%s: invalid value \"%s\", maximum thread number must range from 1 to 65535", attrname, value);
retVal = LDAP_OPERATIONS_ERROR;
}
@@ -3919,7 +3919,7 @@ config_set_maxthreadsperconn( const char *attrname, char *value, char *errorbuf,
maxthreadnum = strtol(value, &endp, 10);
if ( *endp != '\0' || errno == ERANGE || maxthreadnum < 1 || maxthreadnum > 65535 ) {
- slapi_create_errormsg(errorbuf, 0,
+ slapi_create_errormsg(errorbuf, SLAPI_DSE_RETURNTEXT_SIZE,
"%s: invalid value \"%s\", maximum thread number per connection must range from 1 to 65535",
attrname, value);
retVal = LDAP_OPERATIONS_ERROR;
@@ -3960,7 +3960,7 @@ config_set_maxdescriptors( const char *attrname, char *value, char *errorbuf, in
nValue = strtol(value, &endp, 10);
if ( *endp != '\0' || errno == ERANGE || nValue < 1 || nValue > maxVal ) {
- slapi_create_errormsg(errorbuf, 0,
+ slapi_create_errormsg(errorbuf, SLAPI_DSE_RETURNTEXT_SIZE,
"%s: invalid value \"%s\", maximum file descriptors must range from 1 to %d (the current process limit). "
"Server will use a setting of %d.", attrname, value, maxVal, maxVal);
if ( nValue > maxVal ) {
@@ -4001,7 +4001,7 @@ config_set_conntablesize( const char *attrname, char *value, char *errorbuf, int
nValue = strtol(value, &endp, 0);
if ( *endp != '\0' || errno == ERANGE || nValue < 1 || nValue > maxVal ) {
- slapi_create_errormsg(errorbuf, 0,
+ slapi_create_errormsg(errorbuf, SLAPI_DSE_RETURNTEXT_SIZE,
"%s: invalid value \"%s\", connection table size must range from 1 to %d (the current process maxdescriptors limit). "
"Server will use a setting of %d.", attrname, value, maxVal, maxVal );
if ( nValue > maxVal) {
@@ -4043,7 +4043,7 @@ config_set_reservedescriptors( const char *attrname, char *value, char *errorbuf
nValue = strtol(value, &endp, 10);
if ( *endp != '\0' || errno == ERANGE || nValue < 1 || nValue > maxVal ) {
- slapi_create_errormsg(errorbuf, 0,
+ slapi_create_errormsg(errorbuf, SLAPI_DSE_RETURNTEXT_SIZE,
"%s: invalid value \"%s\", reserved file descriptors must range from 1 to %d (the current process maxdescriptors limit). "
"Server will use a setting of %d.", attrname, value, maxVal, maxVal);
if ( nValue > maxVal) {
@@ -4079,7 +4079,7 @@ config_set_ioblocktimeout( const char *attrname, char *value, char *errorbuf, in
nValue = strtol(value, &endp, 10);
if ( *endp != '\0' || errno == ERANGE || nValue < 0 ) {
- slapi_create_errormsg(errorbuf, 0, "%s: invalid value \"%s\", I/O block timeout must range from 0 to %lld",
+ slapi_create_errormsg(errorbuf, SLAPI_DSE_RETURNTEXT_SIZE, "%s: invalid value \"%s\", I/O block timeout must range from 0 to %lld",
attrname, value, (long long int)LONG_MAX);
retVal = LDAP_OPERATIONS_ERROR;
return retVal;
@@ -4115,7 +4115,7 @@ config_set_idletimeout( const char *attrname, char *value, char *errorbuf, int a
nValue = strtol(value, &endp, 10);
if (*endp != '\0' || errno == ERANGE || nValue < 0 ) {
- slapi_create_errormsg(errorbuf, 0, "%s: invalid value \"%s\", idle timeout must range from 0 to %lld",
+ slapi_create_errormsg(errorbuf, SLAPI_DSE_RETURNTEXT_SIZE, "%s: invalid value \"%s\", idle timeout must range from 0 to %lld",
attrname, value, (long long int)LONG_MAX);
retVal = LDAP_OPERATIONS_ERROR;
return retVal;
@@ -4148,7 +4148,7 @@ config_set_groupevalnestlevel( const char *attrname, char * value, char *errorbu
nValue = strtol(value, &endp, 10);
if ( *endp != '\0' || errno == ERANGE || nValue < 0 || nValue > 5 ) {
- slapi_create_errormsg(errorbuf, 0,
+ slapi_create_errormsg(errorbuf, SLAPI_DSE_RETURNTEXT_SIZE,
"%s: invalid value \"%s\", group eval nest level must range from 0 to 5", attrname, value);
retVal = LDAP_OPERATIONS_ERROR;
return retVal;
@@ -4214,7 +4214,7 @@ config_set_timelimit( const char *attrname, char *value, char *errorbuf, int app
nVal = strtol(value, &endp, 10);
if ( *endp != '\0' || errno == ERANGE || nVal < -1 ) {
- slapi_create_errormsg(errorbuf, 0,
+ slapi_create_errormsg(errorbuf, SLAPI_DSE_RETURNTEXT_SIZE,
"%s: invalid value \"%s\", time limit must range from -1 to %lld",
attrname, value, (long long int)LONG_MAX );
retVal = LDAP_OPERATIONS_ERROR;
@@ -4268,7 +4268,7 @@ config_set_accesslog( const char *attrname, char *value, char *errorbuf, int app
retVal = log_update_accesslogdir ( value, apply );
if (retVal != LDAP_SUCCESS) {
- slapi_create_errormsg(errorbuf, 0,
+ slapi_create_errormsg(errorbuf, SLAPI_DSE_RETURNTEXT_SIZE,
"Cannot open accesslog directory \"%s\", client accesses will not be logged.", value);
}
@@ -4293,7 +4293,7 @@ config_set_errorlog( const char *attrname, char *value, char *errorbuf, int appl
retVal = log_update_errorlogdir ( value, apply );
if ( retVal != LDAP_SUCCESS ) {
- slapi_create_errormsg(errorbuf, 0,
+ slapi_create_errormsg(errorbuf, SLAPI_DSE_RETURNTEXT_SIZE,
"Cannot open errorlog file \"%s\", errors cannot be logged. Exiting...", value);
syslog(LOG_ERR,
"Cannot open errorlog file \"%s\", errors cannot be logged. Exiting...", value);
@@ -4321,7 +4321,7 @@ config_set_auditlog( const char *attrname, char *value, char *errorbuf, int appl
retVal = log_update_auditlogdir ( value, apply );
if (retVal != LDAP_SUCCESS) {
- slapi_create_errormsg(errorbuf, 0, "Cannot open auditlog directory \"%s\"", value);
+ slapi_create_errormsg(errorbuf, SLAPI_DSE_RETURNTEXT_SIZE, "Cannot open auditlog directory \"%s\"", value);
}
if ( apply ) {
@@ -4345,7 +4345,7 @@ config_set_auditfaillog( const char *attrname, char *value, char *errorbuf, int
retVal = log_update_auditfaillogdir ( value, apply );
if (retVal != LDAP_SUCCESS) {
- slapi_create_errormsg(errorbuf, 0, "Cannot open auditfaillog directory \"%s\"", value);
+ slapi_create_errormsg(errorbuf, SLAPI_DSE_RETURNTEXT_SIZE, "Cannot open auditfaillog directory \"%s\"", value);
}
if ( apply ) {
@@ -4373,7 +4373,7 @@ config_set_pw_maxage( const char *attrname, char *value, char *errorbuf, int app
age = parse_duration(value);
if ( age <= 0 || age > (MAX_ALLOWED_TIME_IN_SECS - current_time()) ) {
- slapi_create_errormsg(errorbuf, 0, "%s: password maximum age \"%s\" is invalid.", attrname, value);
+ slapi_create_errormsg(errorbuf, SLAPI_DSE_RETURNTEXT_SIZE, "%s: password maximum age \"%s\" is invalid.", attrname, value);
retVal = LDAP_OPERATIONS_ERROR;
return retVal;
}
@@ -4398,7 +4398,7 @@ config_set_pw_minage( const char *attrname, char *value, char *errorbuf, int app
/* age in seconds */
age = parse_duration(value);
if ( age < 0 || age > (MAX_ALLOWED_TIME_IN_SECS - current_time()) ) {
- slapi_create_errormsg(errorbuf, 0, "%s: password minimum age \"%s\" is invalid.", attrname, value);
+ slapi_create_errormsg(errorbuf, SLAPI_DSE_RETURNTEXT_SIZE, "%s: password minimum age \"%s\" is invalid.", attrname, value);
retVal = LDAP_OPERATIONS_ERROR;
return retVal;
}
@@ -4425,7 +4425,7 @@ config_set_pw_warning( const char *attrname, char *value, char *errorbuf, int ap
sec = parse_duration(value);
if (errno == ERANGE || sec < 0) {
- slapi_create_errormsg(errorbuf, 0,
+ slapi_create_errormsg(errorbuf, SLAPI_DSE_RETURNTEXT_SIZE,
"%s: password warning age \"%s\" is invalid, password warning "
"age must range from 0 to %lld seconds",
attrname, value, (long long int)LONG_MAX );
@@ -4457,7 +4457,7 @@ config_set_errorlog_level( const char *attrname, char *value, char *errorbuf, in
level = strtol(value, &endp, 10);
if ( *endp != '\0' || errno == ERANGE || level < 0 ) {
- slapi_create_errormsg(errorbuf, 0, "%s: error log level \"%s\" is invalid,"
+ slapi_create_errormsg(errorbuf, SLAPI_DSE_RETURNTEXT_SIZE, "%s: error log level \"%s\" is invalid,"
" error log level must range from 0 to %lld",
attrname, value, (long long int)LONG_MAX);
retVal = LDAP_OPERATIONS_ERROR;
@@ -4492,7 +4492,7 @@ config_set_accesslog_level( const char *attrname, char *value, char *errorbuf, i
level = strtol(value, &endp, 10);
if ( *endp != '\0' || errno == ERANGE || level < 0 ) {
- slapi_create_errormsg(errorbuf, 0, "%s: access log level \"%s\" is invalid,"
+ slapi_create_errormsg(errorbuf, SLAPI_DSE_RETURNTEXT_SIZE, "%s: access log level \"%s\" is invalid,"
" access log level must range from 0 to %lld",
attrname, value, (long long int)LONG_MAX);
retVal = LDAP_OPERATIONS_ERROR;
@@ -4516,7 +4516,7 @@ int config_set_referral_mode(const char *attrname, char *url, char *errorbuf, in
slapdFrontendConfig->refer_mode=REFER_MODE_OFF;
if ((!url) || (!url[0])) {
- slapi_create_errormsg(errorbuf, 0, "referral url must have a value");
+ slapi_create_errormsg(errorbuf, SLAPI_DSE_RETURNTEXT_SIZE, "referral url must have a value");
return LDAP_OPERATIONS_ERROR;
}
if (apply) {
@@ -4533,7 +4533,7 @@ config_set_versionstring( const char *attrname, char *version, char *errorbuf, i
slapdFrontendConfig_t *slapdFrontendConfig = getFrontendConfig();
if ((!version) || (!version[0])) {
- slapi_create_errormsg(errorbuf, 0, "versionstring must have a value");
+ slapi_create_errormsg(errorbuf, SLAPI_DSE_RETURNTEXT_SIZE, "versionstring must have a value");
return LDAP_OPERATIONS_ERROR;
}
if (apply) {
@@ -5909,7 +5909,7 @@ config_set_maxbersize( const char *attrname, char *value, char *errorbuf, int ap
errno = 0;
size = strtol(value, &endp, 10);
if ( *endp != '\0' || errno == ERANGE){
- slapi_create_errormsg(errorbuf, 0, "(%s) value (%s) is invalid\n",attrname, value);
+ slapi_create_errormsg(errorbuf, SLAPI_DSE_RETURNTEXT_SIZE, "(%s) value (%s) is invalid\n",attrname, value);
retVal = LDAP_OPERATIONS_ERROR;
return retVal;
}
@@ -5974,7 +5974,7 @@ config_set_maxsasliosize( const char *attrname, char *value, char *errorbuf, int
}
if (retVal != LDAP_SUCCESS) {
- slapi_create_errormsg(errorbuf, 0,
+ slapi_create_errormsg(errorbuf, SLAPI_DSE_RETURNTEXT_SIZE,
"%s: \"%s\" is invalid. Value must range from -1 to %lld",
attrname, value, (long long int)LONG_MAX);
} else if (apply) {
@@ -6028,7 +6028,7 @@ config_set_localssf( const char *attrname, char *value, char *errorbuf, int appl
}
if (retVal != LDAP_SUCCESS) {
- slapi_create_errormsg(errorbuf, 0,
+ slapi_create_errormsg(errorbuf, SLAPI_DSE_RETURNTEXT_SIZE,
"%s: \"%s\" is invalid. Value must range from 0 to %d", attrname, value, INT_MAX);
} else if (apply) {
CFG_LOCK_WRITE(slapdFrontendConfig);
@@ -6070,7 +6070,7 @@ config_set_minssf( const char *attrname, char *value, char *errorbuf, int apply
}
if (retVal != LDAP_SUCCESS) {
- slapi_create_errormsg(errorbuf, 0,
+ slapi_create_errormsg(errorbuf, SLAPI_DSE_RETURNTEXT_SIZE,
"%s: \"%s\" is invalid. Value must range from 0 to %d", attrname, value, INT_MAX);
} else if (apply) {
CFG_LOCK_WRITE(slapdFrontendConfig);
@@ -6147,7 +6147,7 @@ config_set_max_filter_nest_level( const char *attrname, char *value,
errno = 0;
level = strtol(value, &endp, 10);
if ( *endp != '\0' || errno == ERANGE){
- slapi_create_errormsg(errorbuf, 0, "(%s) value (%s) " "is invalid\n",attrname, value);
+ slapi_create_errormsg(errorbuf, SLAPI_DSE_RETURNTEXT_SIZE, "(%s) value (%s) " "is invalid\n",attrname, value);
retVal = LDAP_OPERATIONS_ERROR;
return retVal;
}
@@ -6836,7 +6836,7 @@ config_set_schemareplace( const char *attrname, char *value, char *errorbuf, int
0 != strcasecmp( value, CONFIG_SCHEMAREPLACE_STR_ON ) &&
0 != strcasecmp( value, CONFIG_SCHEMAREPLACE_STR_REPLICATION_ONLY )) {
retVal = LDAP_OPERATIONS_ERROR;
- slapi_create_errormsg(errorbuf, 0, "unsupported value: %s", value);
+ slapi_create_errormsg(errorbuf, SLAPI_DSE_RETURNTEXT_SIZE, "unsupported value: %s", value);
}
}
@@ -6868,7 +6868,7 @@ config_set_outbound_ldap_io_timeout( const char *attrname, char *value,
errno = 0;
timeout = strtol(value, &endp, 10);
if ( *endp != '\0' || errno == ERANGE){
- slapi_create_errormsg(errorbuf, 0, "(%s) value (%s) is invalid\n",attrname, value);
+ slapi_create_errormsg(errorbuf, SLAPI_DSE_RETURNTEXT_SIZE, "(%s) value (%s) is invalid\n",attrname, value);
return LDAP_OPERATIONS_ERROR;
}
@@ -6926,7 +6926,7 @@ config_set_anon_access_switch( const char *attrname, char *value,
if ((strcasecmp(value, "on") != 0) && (strcasecmp(value, "off") != 0) &&
(strcasecmp(value, "rootdse") != 0)) {
- slapi_create_errormsg(errorbuf, 0,
+ slapi_create_errormsg(errorbuf, SLAPI_DSE_RETURNTEXT_SIZE,
"%s: invalid value \"%s\". Valid values are \"on\", \"off\", or \"rootdse\".", attrname, value);
retVal = LDAP_OPERATIONS_ERROR;
}
@@ -6963,7 +6963,7 @@ config_set_validate_cert_switch( const char *attrname, char *value,
if ((strcasecmp(value, "on") != 0) && (strcasecmp(value, "off") != 0) &&
(strcasecmp(value, "warn") != 0)) {
- slapi_create_errormsg(errorbuf, 0,
+ slapi_create_errormsg(errorbuf, SLAPI_DSE_RETURNTEXT_SIZE,
"%s: invalid value \"%s\". Valid values are \"on\", \"off\", or \"warn\".", attrname, value);
retVal = LDAP_OPERATIONS_ERROR;
}
@@ -7217,7 +7217,7 @@ config_set_default_naming_context(const char *attrname,
int in_init = 0;
suffix = slapi_create_dn_string("%s", value);
if (NULL == suffix) {
- slapi_create_errormsg(errorbuf, 0, "%s is not a valid suffix.", value);
+ slapi_create_errormsg(errorbuf, SLAPI_DSE_RETURNTEXT_SIZE, "%s is not a valid suffix.", value);
return LDAP_INVALID_DN_SYNTAX;
}
sdn = slapi_get_first_suffix(&node, 0);
@@ -7232,7 +7232,7 @@ config_set_default_naming_context(const char *attrname,
sdn = slapi_get_next_suffix(&node, 0);
}
if (!in_init && (NULL == sdn)) { /* not in startup && no match */
- slapi_create_errormsg(errorbuf, 0, "%s is not an existing suffix.", value);
+ slapi_create_errormsg(errorbuf, SLAPI_DSE_RETURNTEXT_SIZE, "%s is not an existing suffix.", value);
slapi_ch_free_string(&suffix);
return LDAP_NO_SUCH_OBJECT;
}
@@ -7273,7 +7273,7 @@ config_set_unhashed_pw_switch(const char *attrname, char *value,
if ((strcasecmp(value, "on") != 0) && (strcasecmp(value, "off") != 0) &&
(strcasecmp(value, "nolog") != 0)) {
- slapi_create_errormsg(errorbuf, 0,
+ slapi_create_errormsg(errorbuf, SLAPI_DSE_RETURNTEXT_SIZE,
"%s: invalid value \"%s\". Valid values are \"on\", \"off\", or \"nolog\".", attrname, value);
retVal = LDAP_OPERATIONS_ERROR;
}
@@ -7464,7 +7464,7 @@ config_set_connection_buffer( const char *attrname, char *value,
if ((strcasecmp(value, "0") != 0) && (strcasecmp(value, "1") != 0) &&
(strcasecmp(value, "2") != 0)) {
- slapi_create_errormsg(errorbuf, 0,
+ slapi_create_errormsg(errorbuf, SLAPI_DSE_RETURNTEXT_SIZE,
"%s: invalid value \"%s\". Valid values are \"0\", \"1\", or \"2\".", attrname, value);
retVal = LDAP_OPERATIONS_ERROR;
}
@@ -7492,7 +7492,7 @@ config_set_listen_backlog_size( const char *attrname, char *value,
errno = 0;
size = strtol(value, &endp, 10);
if ( *endp != '\0' || errno == ERANGE){
- slapi_create_errormsg(errorbuf, 0, "(%s) value (%s) is invalid\n", attrname, value);
+ slapi_create_errormsg(errorbuf, SLAPI_DSE_RETURNTEXT_SIZE, "(%s) value (%s) is invalid\n", attrname, value);
return LDAP_OPERATIONS_ERROR;
}
@@ -7573,7 +7573,7 @@ config_set(const char *attr, struct berval **values, char *errorbuf, int apply)
#if 0
debugHashTable(attr);
#endif
- slapi_create_errormsg(errorbuf, 0, "Unknown attribute %s will be ignored", attr);
+ slapi_create_errormsg(errorbuf, SLAPI_DSE_RETURNTEXT_SIZE, "Unknown attribute %s will be ignored", attr);
slapi_log_error(SLAPI_LOG_FATAL, "config_set", "Unknown attribute %s will be ignored", attr);
return LDAP_NO_SUCH_ATTRIBUTE;
}
@@ -8007,7 +8007,7 @@ config_set_maxsimplepaged_per_conn( const char *attrname, char *value, char *err
errno = 0;
size = strtol(value, &endp, 10);
if ( *endp != '\0' || errno == ERANGE){
- slapi_create_errormsg(errorbuf, 0, "(%s) value (%s) is invalid\n", attrname, value);
+ slapi_create_errormsg(errorbuf, SLAPI_DSE_RETURNTEXT_SIZE, "(%s) value (%s) is invalid\n", attrname, value);
return LDAP_OPERATIONS_ERROR;
}
@@ -8068,7 +8068,7 @@ config_set_malloc_mxfast(const char *attrname, char *value, char *errorbuf, int
errno = 0;
mxfast = strtol(value, &endp, 10);
if ((*endp != '\0') || (errno == ERANGE)) {
- slapi_create_errormsg(errorbuf, 0, "limit \"%s\" is invalid, %s must range from 0 to %d",
+ slapi_create_errormsg(errorbuf, SLAPI_DSE_RETURNTEXT_SIZE, "limit \"%s\" is invalid, %s must range from 0 to %d",
value, CONFIG_MALLOC_MXFAST, max);
return LDAP_OPERATIONS_ERROR;
}
@@ -8109,7 +8109,7 @@ config_set_malloc_trim_threshold(const char *attrname, char *value, char *errorb
errno = 0;
trim_threshold = strtol(value, &endp, 10);
if ((*endp != '\0') || (errno == ERANGE)) {
- slapi_create_errormsg(errorbuf, 0, "limit \"%s\" is invalid, %s must range from 0 to %lld",
+ slapi_create_errormsg(errorbuf, SLAPI_DSE_RETURNTEXT_SIZE, "limit \"%s\" is invalid, %s must range from 0 to %lld",
value, CONFIG_MALLOC_TRIM_THRESHOLD, (long long int)LONG_MAX);
return LDAP_OPERATIONS_ERROR;
}
@@ -8158,7 +8158,7 @@ config_set_malloc_mmap_threshold(const char *attrname, char *value, char *errorb
errno = 0;
mmap_threshold = strtol(value, &endp, 10);
if ((*endp != '\0') || (errno == ERANGE)) {
- slapi_create_errormsg(errorbuf, 0, "limit \"%s\" is invalid, %s must range from 0 to %d",
+ slapi_create_errormsg(errorbuf, SLAPI_DSE_RETURNTEXT_SIZE, "limit \"%s\" is invalid, %s must range from 0 to %d",
value, CONFIG_MALLOC_MMAP_THRESHOLD, max);
return LDAP_OPERATIONS_ERROR;
}
diff --git a/ldap/servers/slapd/log.c b/ldap/servers/slapd/log.c
index d26b8ac..a16c395 100644
--- a/ldap/servers/slapd/log.c
+++ b/ldap/servers/slapd/log.c
@@ -310,7 +310,7 @@ log_set_logging(const char *attrname, char *value, int logtype, char *errorbuf,
slapdFrontendConfig_t *fe_cfg = getFrontendConfig();
if ( NULL == value ) {
- slapi_create_errormsg(errorbuf, 0, "%s: NULL value; valid values are \"on\" or \"off\"", attrname);
+ slapi_create_errormsg(errorbuf, SLAPI_DSE_RETURNTEXT_SIZE, "%s: NULL value; valid values are \"on\" or \"off\"", attrname);
return LDAP_OPERATIONS_ERROR;
}
@@ -321,7 +321,7 @@ log_set_logging(const char *attrname, char *value, int logtype, char *errorbuf,
v = 0;
}
else {
- slapi_create_errormsg(errorbuf, 0, "%s: invalid value \"%s\", valid values are \"on\" or \"off\"",
+ slapi_create_errormsg(errorbuf, SLAPI_DSE_RETURNTEXT_SIZE, "%s: invalid value \"%s\", valid values are \"on\" or \"off\"",
attrname, value);
return LDAP_OPERATIONS_ERROR;
}
@@ -759,7 +759,7 @@ log_set_mode (const char *attrname, char *value, int logtype, char *errorbuf, in
slapdFrontendConfig_t *fe_cfg = getFrontendConfig();
if ( NULL == value ) {
- slapi_create_errormsg(errorbuf, 0,
+ slapi_create_errormsg(errorbuf, SLAPI_DSE_RETURNTEXT_SIZE,
"%s: null value; valid values are are of the format \"yz-yz-yz-\" where y could be 'r' or '-',"
" and z could be 'w' or '-'", attrname );
return LDAP_OPERATIONS_ERROR;
@@ -777,7 +777,7 @@ log_set_mode (const char *attrname, char *value, int logtype, char *errorbuf, in
if (loginfo.log_access_file &&
( chmod( loginfo.log_access_file, v ) != 0) ) {
int oserr = errno;
- slapi_create_errormsg(errorbuf, 0,
+ slapi_create_errormsg(errorbuf, SLAPI_DSE_RETURNTEXT_SIZE,
"%s: Failed to chmod access log file to %s: errno %d (%s)",
attrname, value, oserr, slapd_system_strerror(oserr));
retval = LDAP_UNWILLING_TO_PERFORM;
@@ -793,7 +793,7 @@ log_set_mode (const char *attrname, char *value, int logtype, char *errorbuf, in
if (loginfo.log_error_file &&
( chmod( loginfo.log_error_file, v ) != 0) ) {
int oserr = errno;
- slapi_create_errormsg(errorbuf, 0,
+ slapi_create_errormsg(errorbuf, SLAPI_DSE_RETURNTEXT_SIZE,
"%s: Failed to chmod error log file to %s: errno %d (%s)",
attrname, value, oserr, slapd_system_strerror(oserr));
retval = LDAP_UNWILLING_TO_PERFORM;
@@ -809,7 +809,7 @@ log_set_mode (const char *attrname, char *value, int logtype, char *errorbuf, in
if (loginfo.log_audit_file &&
( chmod( loginfo.log_audit_file, v ) != 0) ) {
int oserr = errno;
- slapi_create_errormsg(errorbuf, 0,
+ slapi_create_errormsg(errorbuf, SLAPI_DSE_RETURNTEXT_SIZE,
"%s: Failed to chmod audit log file to %s: errno %d (%s)",
attrname, value, oserr, slapd_system_strerror(oserr));
retval = LDAP_UNWILLING_TO_PERFORM;
@@ -1014,7 +1014,7 @@ log_set_rotationsync_enabled(const char *attrname, char *value, int logtype, cha
slapdFrontendConfig_t *fe_cfg = getFrontendConfig();
if ( NULL == value ) {
- slapi_create_errormsg(errorbuf, 0,
+ slapi_create_errormsg(errorbuf, SLAPI_DSE_RETURNTEXT_SIZE,
"%s: NULL value; valid values are \"on\" or \"off\"", attrname);
return LDAP_OPERATIONS_ERROR;
}
@@ -1026,7 +1026,7 @@ log_set_rotationsync_enabled(const char *attrname, char *value, int logtype, cha
v = LDAP_OFF;
}
else {
- slapi_create_errormsg(errorbuf, 0,
+ slapi_create_errormsg(errorbuf, SLAPI_DSE_RETURNTEXT_SIZE,
"%s: invalid value \"%s\", valid values are \"on\" or \"off\"", attrname, value);
return LDAP_OPERATIONS_ERROR;
}
@@ -1304,7 +1304,7 @@ int log_set_rotationtimeunit(const char *attrname, char *runit, int logtype, cha
logtype != SLAPD_ERROR_LOG &&
logtype != SLAPD_AUDIT_LOG &&
logtype != SLAPD_AUDITFAIL_LOG ) {
- slapi_create_errormsg(errorbuf, 0, "%s: invalid log type: %d", attrname, logtype);
+ slapi_create_errormsg(errorbuf, SLAPI_DSE_RETURNTEXT_SIZE, "%s: invalid log type: %d", attrname, logtype);
return LDAP_OPERATIONS_ERROR;
}
@@ -1315,7 +1315,7 @@ int log_set_rotationtimeunit(const char *attrname, char *runit, int logtype, cha
(strcasecmp(runit, "minute") == 0)) {
/* all good values */
} else {
- slapi_create_errormsg(errorbuf, 0, "%s: unknown unit \"%s\"", attrname, runit);
+ slapi_create_errormsg(errorbuf, SLAPI_DSE_RETURNTEXT_SIZE, "%s: unknown unit \"%s\"", attrname, runit);
rv = LDAP_OPERATIONS_ERROR;
}
@@ -1423,7 +1423,7 @@ log_set_maxdiskspace(const char *attrname, char *maxdiskspace_str, int logtype,
logtype != SLAPD_ERROR_LOG &&
logtype != SLAPD_AUDIT_LOG &&
logtype != SLAPD_AUDITFAIL_LOG ) {
- slapi_create_errormsg(errorbuf, 0, "%s: invalid log type: %d", attrname, logtype);
+ slapi_create_errormsg(errorbuf, SLAPI_DSE_RETURNTEXT_SIZE, "%s: invalid log type: %d", attrname, logtype);
return LDAP_OPERATIONS_ERROR;
}
@@ -1456,7 +1456,7 @@ log_set_maxdiskspace(const char *attrname, char *maxdiskspace_str, int logtype,
maxdiskspace = -1;
} else if (maxdiskspace < mlogsize) {
rv = LDAP_OPERATIONS_ERROR;
- slapi_create_errormsg(errorbuf, 0,
+ slapi_create_errormsg(errorbuf, SLAPI_DSE_RETURNTEXT_SIZE,
"%s: \"%d (MB)\" is less than max log size \"%d (MB)\"",
attrname, s_maxdiskspace, (int)(mlogsize/LOG_MB_IN_BYTES));
}
@@ -1513,7 +1513,7 @@ log_set_mindiskspace(const char *attrname, char *minfreespace_str, int logtype,
logtype != SLAPD_ERROR_LOG &&
logtype != SLAPD_AUDIT_LOG &&
logtype != SLAPD_AUDITFAIL_LOG ) {
- slapi_create_errormsg(errorbuf, 0, "%s: invalid log type: %d", attrname, logtype);
+ slapi_create_errormsg(errorbuf, SLAPI_DSE_RETURNTEXT_SIZE, "%s: invalid log type: %d", attrname, logtype);
rv = LDAP_OPERATIONS_ERROR;
}
@@ -1578,7 +1578,7 @@ log_set_expirationtime(const char *attrname, char *exptime_str, int logtype, cha
logtype != SLAPD_ERROR_LOG &&
logtype != SLAPD_AUDIT_LOG &&
logtype != SLAPD_AUDITFAIL_LOG ) {
- slapi_create_errormsg(errorbuf, 0, "%s: invalid log type: %d", attrname, logtype);
+ slapi_create_errormsg(errorbuf, SLAPI_DSE_RETURNTEXT_SIZE, "%s: invalid log type: %d", attrname, logtype);
rv = LDAP_OPERATIONS_ERROR;
}
@@ -1684,12 +1684,12 @@ log_set_expirationtimeunit(const char *attrname, char *expunit, int logtype, cha
logtype != SLAPD_ERROR_LOG &&
logtype != SLAPD_AUDIT_LOG &&
logtype != SLAPD_AUDITFAIL_LOG ) {
- slapi_create_errormsg(errorbuf, 0, "%s: invalid log type: %d", attrname, logtype);
+ slapi_create_errormsg(errorbuf, SLAPI_DSE_RETURNTEXT_SIZE, "%s: invalid log type: %d", attrname, logtype);
return LDAP_OPERATIONS_ERROR;
}
if ( NULL == expunit ) {
- slapi_create_errormsg(errorbuf, 0, "%s: NULL value", attrname);
+ slapi_create_errormsg(errorbuf, SLAPI_DSE_RETURNTEXT_SIZE, "%s: NULL value", attrname);
return LDAP_OPERATIONS_ERROR;
}
@@ -1698,7 +1698,7 @@ log_set_expirationtimeunit(const char *attrname, char *expunit, int logtype, cha
(strcasecmp(expunit, "day") == 0)) {
/* we have good values */
} else {
- slapi_create_errormsg(errorbuf, 0, "%s: invalid time unit \"%s\"", attrname, expunit);
+ slapi_create_errormsg(errorbuf, SLAPI_DSE_RETURNTEXT_SIZE, "%s: invalid time unit \"%s\"", attrname, expunit);
rv = LDAP_OPERATIONS_ERROR;;
}
diff --git a/ldap/servers/slapd/mapping_tree.c b/ldap/servers/slapd/mapping_tree.c
index ed0b510..df66f30 100644
--- a/ldap/servers/slapd/mapping_tree.c
+++ b/ldap/servers/slapd/mapping_tree.c
@@ -120,7 +120,7 @@ static void mtn_free_node (mapping_tree_node **node);
static int mtn_get_be_distributed(Slapi_PBlock *pb,
mapping_tree_node * target_node, Slapi_DN *target_sdn, int * flag_stop);
static int mtn_get_be(mapping_tree_node *target_node, Slapi_PBlock *pb,
- Slapi_Backend **be, int * index, Slapi_Entry **referral, char *errorbuf);
+ Slapi_Backend **be, int * index, Slapi_Entry **referral, char *errorbuf, size_t ebuflen);
static mapping_tree_node * mtn_get_next_node(mapping_tree_node * node,
mapping_tree_node * node_list, int scope);
static mapping_tree_node * mtn_get_first_node(mapping_tree_node * node,
@@ -1872,7 +1872,7 @@ mtn_get_first_node(mapping_tree_node * node, int scope)
int slapi_mtn_get_first_be(mapping_tree_node * node_list,
mapping_tree_node ** node, Slapi_PBlock *pb, Slapi_Backend **be,
- int * be_index, Slapi_Entry **referral, char *errorbuf, int scope)
+ int * be_index, Slapi_Entry **referral, char *errorbuf, size_t ebuflen, int scope)
{
*node = mtn_get_first_node(node_list, scope);
if (scope == LDAP_SCOPE_BASE)
@@ -1880,12 +1880,12 @@ int slapi_mtn_get_first_be(mapping_tree_node * node_list,
else
*be_index = 0;
- return mtn_get_be(*node, pb, be, be_index, referral, errorbuf);
+ return mtn_get_be(*node, pb, be, be_index, referral, errorbuf, ebuflen);
}
int slapi_mtn_get_next_be(mapping_tree_node * node_list,
mapping_tree_node ** node, Slapi_PBlock *pb, Slapi_Backend **be,
- int * be_index, Slapi_Entry **referral, char *errorbuf, int scope)
+ int * be_index, Slapi_Entry **referral, char *errorbuf, size_t ebuflen, int scope)
{
int rc;
@@ -1908,7 +1908,7 @@ int slapi_mtn_get_next_be(mapping_tree_node * node_list,
return 0;
}
- rc = mtn_get_be(*node, pb, be, be_index, referral, errorbuf);
+ rc = mtn_get_be(*node, pb, be, be_index, referral, errorbuf, ebuflen);
if (rc != LDAP_SUCCESS)
{
@@ -1925,7 +1925,7 @@ int slapi_mtn_get_next_be(mapping_tree_node * node_list,
return 0;
}
*be_index = 0;
- return mtn_get_be(*node, pb, be, be_index, referral, errorbuf);
+ return mtn_get_be(*node, pb, be, be_index, referral, errorbuf, ebuflen);
}
return LDAP_SUCCESS;
@@ -2135,7 +2135,7 @@ int slapi_dn_write_needs_referral(Slapi_DN *target_sdn, Slapi_Entry **referral)
* Returns:
* LDAP_SUCCESS on success, other LDAP result codes if there is a problem.
*/
-int slapi_mapping_tree_select(Slapi_PBlock *pb, Slapi_Backend **be, Slapi_Entry **referral, char *errorbuf)
+int slapi_mapping_tree_select(Slapi_PBlock *pb, Slapi_Backend **be, Slapi_Entry **referral, char *errorbuf, size_t ebuflen)
{
Slapi_DN *target_sdn = NULL;
mapping_tree_node *target_node;
@@ -2204,7 +2204,7 @@ int slapi_mapping_tree_select(Slapi_PBlock *pb, Slapi_Backend **be, Slapi_Entry
* used for BASE search, ADD, DELETE, MODIFY
*/
index = -1;
- ret = mtn_get_be(target_node, pb, be, &index, referral, errorbuf);
+ ret = mtn_get_be(target_node, pb, be, &index, referral, errorbuf, ebuflen);
slapi_pblock_set(pb, SLAPI_BACKEND_COUNT, &index);
mtn_unlock();
@@ -2227,7 +2227,7 @@ int slapi_mapping_tree_select(Slapi_PBlock *pb, Slapi_Backend **be, Slapi_Entry
{
if (errorbuf) {
PL_strncpyz(errorbuf, slapi_config_get_readonly() ?
- "Server is read-only" : "database is read-only", sizeof(errorbuf));
+ "Server is read-only" : "database is read-only", ebuflen);
}
ret = LDAP_UNWILLING_TO_PERFORM;
slapi_be_Unlock(*be);
@@ -2239,7 +2239,7 @@ int slapi_mapping_tree_select(Slapi_PBlock *pb, Slapi_Backend **be, Slapi_Entry
}
int slapi_mapping_tree_select_all(Slapi_PBlock *pb, Slapi_Backend **be_list,
- Slapi_Entry **referral_list, char *errorbuf)
+ Slapi_Entry **referral_list, char *errorbuf, size_t ebuflen)
{
Slapi_DN *target_sdn = NULL;
mapping_tree_node *node_list;
@@ -2306,7 +2306,7 @@ int slapi_mapping_tree_select_all(Slapi_PBlock *pb, Slapi_Backend **be_list,
return ret_code;
}
- ret = slapi_mtn_get_first_be(node_list, &node, pb, &be, &index, &referral, errorbuf, scope);
+ ret = slapi_mtn_get_first_be(node_list, &node, pb, &be, &index, &referral, errorbuf, ebuflen, scope);
while ((node) && (be_index <= BE_LIST_SIZE))
{
@@ -2335,7 +2335,7 @@ int slapi_mapping_tree_select_all(Slapi_PBlock *pb, Slapi_Backend **be_list,
if (be && !be_isdeleted(be))
{
if (be_index == BE_LIST_SIZE) { /* error - too many backends */
- slapi_create_errormsg(errorbuf, 0,
+ slapi_create_errormsg(errorbuf, ebuflen,
"Error: too many backends match search request - cannot proceed");
slapi_log_error(SLAPI_LOG_FATAL, "mapping_tree",
"Error: too many backends match search request - cannot proceed");
@@ -2363,7 +2363,7 @@ int slapi_mapping_tree_select_all(Slapi_PBlock *pb, Slapi_Backend **be_list,
}
ret = slapi_mtn_get_next_be(node_list, &node, pb, &be, &index,
- &referral, errorbuf, scope);
+ &referral, errorbuf, ebuflen, scope);
}
mtn_unlock();
be_list[be_index] = NULL;
@@ -2424,7 +2424,7 @@ void slapi_mapping_tree_free_all(Slapi_Backend **be_list, Slapi_Entry **referral
/* same as slapi_mapping_tree_select() but will also check that the supplied
* newdn is in the same backend
*/
-int slapi_mapping_tree_select_and_check(Slapi_PBlock *pb,char *newdn, Slapi_Backend **be, Slapi_Entry **referral, char *errorbuf)
+int slapi_mapping_tree_select_and_check(Slapi_PBlock *pb,char *newdn, Slapi_Backend **be, Slapi_Entry **referral, char *errorbuf, size_t ebuflen)
{
Slapi_DN *target_sdn = NULL;
Slapi_DN dn_newdn;
@@ -2446,7 +2446,7 @@ int slapi_mapping_tree_select_and_check(Slapi_PBlock *pb,char *newdn, Slapi_Back
target_sdn = operation_get_target_spec (op);
* referral = NULL;
- ret = slapi_mapping_tree_select(pb, be, referral, errorbuf);
+ ret = slapi_mapping_tree_select(pb, be, referral, errorbuf, ebuflen);
if (ret)
goto unlock_and_return;
@@ -2460,7 +2460,7 @@ int slapi_mapping_tree_select_and_check(Slapi_PBlock *pb,char *newdn, Slapi_Back
if (target_node == NULL)
target_node = mapping_tree_root;
index = -1;
- ret = mtn_get_be(target_node, pb, &new_be, &index, &new_referral, errorbuf);
+ ret = mtn_get_be(target_node, pb, &new_be, &index, &new_referral, errorbuf, ebuflen);
if (ret)
goto unlock_and_return;
@@ -2470,7 +2470,7 @@ int slapi_mapping_tree_select_and_check(Slapi_PBlock *pb,char *newdn, Slapi_Back
const Slapi_DN *suffix = slapi_get_suffix_by_dn(target_sdn);
if ((*be != def_be) && (NULL == suffix))
{
- slapi_create_errormsg(errorbuf, 0,
+ slapi_create_errormsg(errorbuf, ebuflen,
"Target entry \"%s\" does not exist\n", slapi_sdn_get_dn(target_sdn));
ret = LDAP_NO_SUCH_OBJECT;
goto unlock_and_return;
@@ -2484,25 +2484,25 @@ int slapi_mapping_tree_select_and_check(Slapi_PBlock *pb,char *newdn, Slapi_Back
if (!slapi_be_exist((const Slapi_DN *)&dn_newdn))
{
/* new_be is an empty backend */
- slapi_create_errormsg(errorbuf, 0, "Backend for suffix \"%s\" does not exist\n", newdn);
+ slapi_create_errormsg(errorbuf, ebuflen, "Backend for suffix \"%s\" does not exist\n", newdn);
ret = LDAP_NO_SUCH_OBJECT;
goto unlock_and_return;
}
if (0 == slapi_sdn_compare(&dn_newdn, new_suffix))
{
ret = LDAP_ALREADY_EXISTS;
- slapi_create_errormsg(errorbuf, 0, "Suffix \"%s\" already exists\n", newdn);
+ slapi_create_errormsg(errorbuf, ebuflen, "Suffix \"%s\" already exists\n", newdn);
goto unlock_and_return;
}
ret = LDAP_NAMING_VIOLATION;
- slapi_create_errormsg(errorbuf, 0, "Cannot rename suffix \"%s\"\n", slapi_sdn_get_dn(target_sdn));
+ slapi_create_errormsg(errorbuf, ebuflen, "Cannot rename suffix \"%s\"\n", slapi_sdn_get_dn(target_sdn));
goto unlock_and_return;
}
else
{
if ((*be != new_be) || mtn_sdn_has_child(target_sdn))
{
- slapi_create_errormsg(errorbuf, 0, "Cannot move entries across backends\n");
+ slapi_create_errormsg(errorbuf, ebuflen, "Cannot move entries across backends\n");
ret = LDAP_AFFECTS_MULTIPLE_DSAS;
goto unlock_and_return;
}
@@ -2613,7 +2613,7 @@ mtn_get_be_distributed(Slapi_PBlock *pb, mapping_tree_node * target_node,
* that position must be returned
*/
static int mtn_get_be(mapping_tree_node *target_node, Slapi_PBlock *pb,
- Slapi_Backend **be, int * index, Slapi_Entry **referral, char *errorbuf)
+ Slapi_Backend **be, int * index, Slapi_Entry **referral, char *errorbuf, size_t ebuflen)
{
Slapi_DN *target_sdn;
Slapi_Operation *op;
@@ -2633,7 +2633,7 @@ static int mtn_get_be(mapping_tree_node *target_node, Slapi_PBlock *pb,
target_sdn = operation_get_target_spec (op);
if (target_node->mtn_state == MTN_DISABLED) {
- slapi_create_errormsg(errorbuf, 0,
+ slapi_create_errormsg(errorbuf, ebuflen,
"Warning: Operation attempted on a disabled node : %s\n",
slapi_sdn_get_dn(target_node->mtn_subtree));
result = LDAP_OPERATIONS_ERROR;
@@ -2767,7 +2767,7 @@ static int mtn_get_be(mapping_tree_node *target_node, Slapi_PBlock *pb,
}
(*index)++;
if (NULL == target_node->mtn_referral_entry) {
- slapi_create_errormsg(errorbuf, 0, "Mapping tree node for %s is set to return a referral,"
+ slapi_create_errormsg(errorbuf, ebuflen, "Mapping tree node for %s is set to return a referral,"
" but no referral is configured for it", slapi_sdn_get_ndn(target_node->mtn_subtree));
result = LDAP_OPERATIONS_ERROR;
} else {
diff --git a/ldap/servers/slapd/modify.c b/ldap/servers/slapd/modify.c
index b0c474b..438c925 100644
--- a/ldap/servers/slapd/modify.c
+++ b/ldap/servers/slapd/modify.c
@@ -66,7 +66,7 @@ mod_op_image (int op)
#endif
/* an AttrCheckFunc function should return an LDAP result code (LDAP_SUCCESS if all goes well). */
-typedef int (*AttrCheckFunc)(const char *attr_name, char *value, long minval, long maxval, char *errorbuf);
+typedef int (*AttrCheckFunc)(const char *attr_name, char *value, long minval, long maxval, char *errorbuf, size_t ebuflen);
static struct attr_value_check {
const char *attr_name; /* the name of the attribute */
@@ -711,7 +711,7 @@ static void op_shared_modify (Slapi_PBlock *pb, int pw_change, char *old_pw)
* appropriate one.
*/
errorbuf[0] = '\0';
- if ((err = slapi_mapping_tree_select(pb, &be, &referral, errorbuf)) != LDAP_SUCCESS) {
+ if ((err = slapi_mapping_tree_select(pb, &be, &referral, errorbuf, sizeof(errorbuf))) != LDAP_SUCCESS) {
send_ldap_result(pb, err, NULL, errorbuf, 0, NULL);
be = NULL;
goto free_and_return;
@@ -766,7 +766,7 @@ static void op_shared_modify (Slapi_PBlock *pb, int pw_change, char *old_pw)
*/
if ( (err = AttrValueCheckList[i].checkfunc (AttrValueCheckList[i].attr_name,
(*tmpmods)->mod_bvalues[0]->bv_val, AttrValueCheckList[i].minval,
- AttrValueCheckList[i].maxval, errorbuf))
+ AttrValueCheckList[i].maxval, errorbuf, sizeof(errorbuf)))
!= LDAP_SUCCESS)
{
/* return error */
diff --git a/ldap/servers/slapd/modrdn.c b/ldap/servers/slapd/modrdn.c
index 4edd07e..992700a 100644
--- a/ldap/servers/slapd/modrdn.c
+++ b/ldap/servers/slapd/modrdn.c
@@ -572,7 +572,7 @@ op_shared_rename(Slapi_PBlock *pb, int passin_args)
/* slapi_mapping_tree_select_and_check ignores the case of newdn
* which is generated using newrdn above. */
errorbuf[0] = '\0';
- if ((err = slapi_mapping_tree_select_and_check(pb, newdn, &be, &referral, errorbuf)) != LDAP_SUCCESS)
+ if ((err = slapi_mapping_tree_select_and_check(pb, newdn, &be, &referral, errorbuf, sizeof(errorbuf))) != LDAP_SUCCESS)
{
send_ldap_result(pb, err, NULL, errorbuf, 0, NULL);
goto free_and_return_nolock;
diff --git a/ldap/servers/slapd/opshared.c b/ldap/servers/slapd/opshared.c
index 98505e9..29a1d84 100644
--- a/ldap/servers/slapd/opshared.c
+++ b/ldap/servers/slapd/opshared.c
@@ -437,7 +437,7 @@ op_shared_search (Slapi_PBlock *pb, int send_result)
/* no specific backend was requested, use the mapping tree
*/
errorbuf[0] = '\0';
- err_code = slapi_mapping_tree_select_all(pb, be_list, referral_list, errorbuf);
+ err_code = slapi_mapping_tree_select_all(pb, be_list, referral_list, errorbuf, sizeof(errorbuf));
if (((err_code != LDAP_SUCCESS) && (err_code != LDAP_OPERATIONS_ERROR) && (err_code != LDAP_REFERRAL))
|| ((err_code == LDAP_OPERATIONS_ERROR) && (be_list[0] == NULL))) {
send_ldap_result(pb, err_code, NULL, errorbuf, 0, NULL);
diff --git a/ldap/servers/slapd/proto-slap.h b/ldap/servers/slapd/proto-slap.h
index 6c43817..b8d7b86 100644
--- a/ldap/servers/slapd/proto-slap.h
+++ b/ldap/servers/slapd/proto-slap.h
@@ -38,8 +38,8 @@ void do_add( Slapi_PBlock *pb );
void attr_done(Slapi_Attr *a);
int attr_add_valuearray(Slapi_Attr *a, Slapi_Value **vals, const char *dn);
int attr_replace(Slapi_Attr *a, Slapi_Value **vals);
-int attr_check_onoff ( const char *attr_name, char *value, long minval, long maxval, char *errorbuf );
-int attr_check_minmax ( const char *attr_name, char *value, long minval, long maxval, char *errorbuf );
+int attr_check_onoff(const char *attr_name, char *value, long minval, long maxval, char *errorbuf, size_t ebuflen);
+int attr_check_minmax(const char *attr_name, char *value, long minval, long maxval, char *errorbuf, size_t ebuflen);
/**
* Returns the function which can be used to compare (like memcmp/strcmp)
* two values of this type of attribute. The comparison function will use
diff --git a/ldap/servers/slapd/pw.c b/ldap/servers/slapd/pw.c
index 4500e0d..703c9e9 100644
--- a/ldap/servers/slapd/pw.c
+++ b/ldap/servers/slapd/pw.c
@@ -2197,22 +2197,22 @@ pw_boolean_str2value (const char *str)
}
int
-check_pw_duration_value( const char *attr_name, char *value,
- long minval, long maxval, char *errorbuf )
+check_pw_duration_value(const char *attr_name, char *value,
+ long minval, long maxval, char *errorbuf, size_t ebuflen)
{
int retVal = LDAP_SUCCESS;
long age;
age = parse_duration(value);
if (-1 == age) {
- slapi_create_errormsg(errorbuf, 0, "password minimum age \"%s\" is invalid. ", value);
+ slapi_create_errormsg(errorbuf, ebuflen, "password minimum age \"%s\" is invalid. ", value);
retVal = LDAP_CONSTRAINT_VIOLATION;
} else if (0 == strcasecmp(CONFIG_PW_LOCKDURATION_ATTRIBUTE, attr_name)) {
if ( (age <= 0) ||
(age > (MAX_ALLOWED_TIME_IN_SECS - current_time())) ||
((-1 != minval) && (age < minval)) ||
((-1 != maxval) && (age > maxval))) {
- slapi_create_errormsg(errorbuf, 0, "%s: \"%s\" seconds is invalid. ", attr_name, value);
+ slapi_create_errormsg(errorbuf, ebuflen, "%s: \"%s\" seconds is invalid. ", attr_name, value);
retVal = LDAP_CONSTRAINT_VIOLATION;
}
} else {
@@ -2220,7 +2220,7 @@ check_pw_duration_value( const char *attr_name, char *value,
(age > (MAX_ALLOWED_TIME_IN_SECS - current_time())) ||
((-1 != minval) && (age < minval)) ||
((-1 != maxval) && (age > maxval))) {
- slapi_create_errormsg(errorbuf, 0, "%s: \"%s\" seconds is invalid. ", attr_name, value);
+ slapi_create_errormsg(errorbuf, ebuflen, "%s: \"%s\" seconds is invalid. ", attr_name, value);
retVal = LDAP_CONSTRAINT_VIOLATION;
}
}
@@ -2229,7 +2229,8 @@ check_pw_duration_value( const char *attr_name, char *value,
}
int
-check_pw_resetfailurecount_value( const char *attr_name, char *value, long minval, long maxval, char *errorbuf )
+check_pw_resetfailurecount_value(const char *attr_name, char *value,
+ long minval, long maxval, char *errorbuf, size_t ebuflen)
{
int retVal = LDAP_SUCCESS;
long duration = 0; /* in minutes */
@@ -2237,7 +2238,7 @@ check_pw_resetfailurecount_value( const char *attr_name, char *value, long minva
/* in seconds */
duration = strtol (value, NULL, 0);
if ( duration < 0 || duration > (MAX_ALLOWED_TIME_IN_SECS - current_time()) ) {
- slapi_create_errormsg(errorbuf, 0, "password reset count duration \"%s\" seconds is invalid.", value);
+ slapi_create_errormsg(errorbuf, ebuflen, "password reset count duration \"%s\" seconds is invalid.", value);
retVal = LDAP_CONSTRAINT_VIOLATION;
}
@@ -2245,7 +2246,8 @@ check_pw_resetfailurecount_value( const char *attr_name, char *value, long minva
}
int
-check_pw_storagescheme_value( const char *attr_name, char *value, long minval, long maxval, char *errorbuf )
+check_pw_storagescheme_value(const char *attr_name, char *value,
+ long minval, long maxval, char *errorbuf, size_t ebuflen)
{
int retVal = LDAP_SUCCESS;
struct pw_scheme *new_scheme = NULL;
@@ -2255,10 +2257,10 @@ check_pw_storagescheme_value( const char *attr_name, char *value, long minval, l
new_scheme = pw_name2scheme(value);
if ( new_scheme == NULL) {
if ( scheme_list != NULL ) {
- slapi_create_errormsg(errorbuf, 0, "%s: invalid scheme - %s. Valid schemes are: %s",
+ slapi_create_errormsg(errorbuf, ebuflen, "%s: invalid scheme - %s. Valid schemes are: %s",
CONFIG_PW_STORAGESCHEME_ATTRIBUTE, value, scheme_list );
} else {
- slapi_create_errormsg(errorbuf, 0, "%s: invalid scheme - %s (no pwdstorage scheme plugin loaded)",
+ slapi_create_errormsg(errorbuf, ebuflen, "%s: invalid scheme - %s (no pwdstorage scheme plugin loaded)",
CONFIG_PW_STORAGESCHEME_ATTRIBUTE, value);
}
retVal = LDAP_CONSTRAINT_VIOLATION;
@@ -2272,7 +2274,7 @@ check_pw_storagescheme_value( const char *attr_name, char *value, long minval, l
*/
if (scheme_list) {
- slapi_create_errormsg(errorbuf, 0, "%s: invalid encoding scheme - %s\nValid values are: %s\n",
+ slapi_create_errormsg(errorbuf, ebuflen, "%s: invalid encoding scheme - %s\nValid values are: %s\n",
CONFIG_PW_STORAGESCHEME_ATTRIBUTE, value, scheme_list );
}
diff --git a/ldap/servers/slapd/pw.h b/ldap/servers/slapd/pw.h
index 2cd7f7c..58e7441 100644
--- a/ldap/servers/slapd/pw.h
+++ b/ldap/servers/slapd/pw.h
@@ -36,9 +36,9 @@ struct passwordpolicyarray *new_passwdPolicy ( Slapi_PBlock *pb, const char *dn
void delete_passwdPolicy( struct passwordpolicyarray **pwpolicy);
/* function for checking the values of fine grained password policy attributes */
-int check_pw_duration_value( const char *attr_name, char *value, long minval, long maxval, char *errorbuf );
-int check_pw_resetfailurecount_value( const char *attr_name, char *value, long minval, long maxval, char *errorbuf );
-int check_pw_storagescheme_value( const char *attr_name, char *value, long minval, long maxval, char *errorbuf );
+int check_pw_duration_value(const char *attr_name, char *value, long minval, long maxval, char *errorbuf, size_t ebuflen);
+int check_pw_resetfailurecount_value(const char *attr_name, char *value, long minval, long maxval, char *errorbuf, size_t ebuflen);
+int check_pw_storagescheme_value(const char *attr_name, char *value, long minval, long maxval, char *errorbuf, size_t ebuflen);
int pw_is_pwp_admin(Slapi_PBlock *pb, struct passwordpolicyarray *pwp);
/*
diff --git a/ldap/servers/slapd/saslbind.c b/ldap/servers/slapd/saslbind.c
index 6528a93..eb68209 100644
--- a/ldap/servers/slapd/saslbind.c
+++ b/ldap/servers/slapd/saslbind.c
@@ -955,7 +955,7 @@ sasl_check_result:
slapi_add_auth_response_control(pb, normdn);
}
- if (slapi_mapping_tree_select(pb, &be, &referral, NULL) != LDAP_SUCCESS) {
+ if (slapi_mapping_tree_select(pb, &be, &referral, NULL, 0) != LDAP_SUCCESS) {
send_nobackend_ldap_result( pb );
be = NULL;
LDAPDebug( LDAP_DEBUG_TRACE, "<= ids_sasl_check_bind\n", 0, 0, 0 );
diff --git a/ldap/servers/slapd/slapi-private.h b/ldap/servers/slapd/slapi-private.h
index 2550620..a5efdda 100644
--- a/ldap/servers/slapd/slapi-private.h
+++ b/ldap/servers/slapd/slapi-private.h
@@ -681,14 +681,14 @@ PRBool slapi_mapping_tree_node_is_set (const mapping_tree_node *node,
PRUint32 flag);
Slapi_DN* slapi_mtn_get_dn(mapping_tree_node *node);
int slapi_mapping_tree_select_and_check(Slapi_PBlock *pb,char *newdn,
- Slapi_Backend **be, Slapi_Entry **referral, char *errorbuf);
+ Slapi_Backend **be, Slapi_Entry **referral, char *errorbuf, size_t ebuflen);
int slapi_mapping_tree_select_all(Slapi_PBlock *pb, Slapi_Backend **be_list,
- Slapi_Entry **referral_list, char *errorbuf);
+ Slapi_Entry **referral_list, char *errorbuf, size_t ebuflen);
void slapi_mapping_tree_free_all(Slapi_Backend **be_list,
Slapi_Entry **referral_list);
/* Mapping Tree */
-int slapi_mapping_tree_select(Slapi_PBlock *pb, Slapi_Backend **be, Slapi_Entry **referral, char *error_string);
+int slapi_mapping_tree_select(Slapi_PBlock *pb, Slapi_Backend **be, Slapi_Entry **referral, char *error_string, size_t ebuflen);
char ** slapi_mtn_get_referral(const Slapi_DN *sdn);
int slapi_mtn_set_referral(const Slapi_DN *sdn, char ** referral);
int slapi_mtn_set_state(const Slapi_DN *sdn, char *state);
diff --git a/ldap/servers/slapd/ssl.c b/ldap/servers/slapd/ssl.c
index 675b763..9096cb5 100644
--- a/ldap/servers/slapd/ssl.c
+++ b/ldap/servers/slapd/ssl.c
@@ -3022,7 +3022,7 @@ slapd_extract_key(Slapi_Entry *entry, char *token, PK11SlotInfo *slot)
* password to get NSS to export an encrypted
* key which we will decrypt.
*/
- rv = PK11_GenerateRandom(randomPassword, sizeof((const char *)randomPassword) - 1);
+ rv = PK11_GenerateRandom(randomPassword, sizeof(randomPassword) - 1);
if (rv != SECSuccess) {
slapi_log_error(SLAPI_LOG_FATAL, "slapd_extract_key", "Failed to generate random.\n");
goto bail;
commit 33e2db261f6edaa606d742e2d5ea7d47cc71bed0
Author: Noriko Hosoi <nhosoi(a)redhat.com>
Date: Wed May 4 15:35:21 2016 -0700
Ticket #48822 - (389-ds-base-1.3.5) Fixing coverity issues.
Description: RETURN_LOCAL -- slapd/util.c:232: return_local_addr_
identity: Returning result of calling "do_escape_string".
A buffer used for the escape needed to be prepared by the caller of
escape_string_for_filename since the return value is the pointer to
the buffer.
https://fedorahosted.org/389/ticket/48822
Reviewed by wibrown(a)redhat.com (Thank you, William!!)
diff --git a/ldap/servers/slapd/slapi-private.h b/ldap/servers/slapd/slapi-private.h
index dc70fdf..2550620 100644
--- a/ldap/servers/slapd/slapi-private.h
+++ b/ldap/servers/slapd/slapi-private.h
@@ -1160,7 +1160,7 @@ char* slapd_get_tmp_dir( void );
#include <stdio.h> /* GGOODREPL - For BUFSIZ, below, gak */
const char* escape_string (const char* str, char buf[BUFSIZ]);
const char* escape_string_with_punctuation(const char* str, char buf[BUFSIZ]);
-const char* escape_string_for_filename(const char* str);
+const char* escape_string_for_filename(const char* str, char buf[BUFSIZ]);
void strcpy_unescape_value( char *d, const char *s );
char *slapi_berval_get_string_copy(const struct berval *bval);
diff --git a/ldap/servers/slapd/ssl.c b/ldap/servers/slapd/ssl.c
index 7da18f0..675b763 100644
--- a/ldap/servers/slapd/ssl.c
+++ b/ldap/servers/slapd/ssl.c
@@ -2746,7 +2746,9 @@ slapd_extract_cert(Slapi_Entry *entry, int isCA)
PK11SlotInfo *slot = slapd_pk11_getInternalKeySlot();
slapi_log_error(SLAPI_LOG_FATAL, "slapd_extract_cert", "CA CERT NAME: %s\n", cert->nickname);
if (!certfile) {
- certfile = slapi_ch_smprintf("%s/%s%s", certdir, escape_string_for_filename(cert->nickname), PEMEXT);
+ char buf[BUFSIZ];
+ certfile = slapi_ch_smprintf("%s/%s%s", certdir,
+ escape_string_for_filename(cert->nickname, buf), PEMEXT);
entrySetValue(slapi_entry_get_sdn(entry), "CACertExtractFile", certfile);
slapi_set_cacertfile(certfile);
}
@@ -2771,7 +2773,9 @@ slapd_extract_cert(Slapi_Entry *entry, int isCA)
PK11SlotInfo *slot = slapd_pk11_getInternalKeySlot();
slapi_log_error(SLAPI_LOG_FATAL, "slapd_extract_cert", "SERVER CERT NAME: %s\n", cert->nickname);
if (!certfile) {
- certfile = slapi_ch_smprintf("%s/%s%s", certdir, escape_string_for_filename(cert->nickname), PEMEXT);
+ char buf[BUFSIZ];
+ certfile = slapi_ch_smprintf("%s/%s%s", certdir,
+ escape_string_for_filename(cert->nickname, buf), PEMEXT);
}
if (!outFile) {
outFile = PR_Open(certfile, PR_CREATE_FILE | PR_RDWR | PR_TRUNCATE, 00660);
@@ -3038,7 +3042,9 @@ slapd_extract_key(Slapi_Entry *entry, char *token, PK11SlotInfo *slot)
}
keyfile = gen_pem_path(KeyExtractFile);
if (!keyfile) {
- keyfile = slapi_ch_smprintf("%s/%s-Key%s", certdir, escape_string_for_filename(personality), PEMEXT);
+ char buf[BUFSIZ];
+ keyfile = slapi_ch_smprintf("%s/%s-Key%s", certdir,
+ escape_string_for_filename(personality, buf), PEMEXT);
}
outFile = PR_Open(keyfile, PR_CREATE_FILE | PR_RDWR | PR_TRUNCATE, 00660);
if (!outFile) {
diff --git a/ldap/servers/slapd/util.c b/ldap/servers/slapd/util.c
index 1ac7a52..f297176 100644
--- a/ldap/servers/slapd/util.c
+++ b/ldap/servers/slapd/util.c
@@ -226,9 +226,8 @@ escape_string_with_punctuation(const char* str, char buf[BUFSIZ])
}
const char*
-escape_string_for_filename(const char *str)
+escape_string_for_filename(const char *str, char buf[BUFSIZ])
{
- char buf[BUFSIZ];
return do_escape_string(str,-1,buf,special_filename, DOESCAPE_FLAGS_HEX_NOESC);
}
commit 2ecc93781abc786be6a8b8443faf2598a6c30f97
Author: Noriko Hosoi <nhosoi(a)redhat.com>
Date: Wed May 4 14:44:30 2016 -0700
Ticket #48822 - (389-ds-base-1.3.5) Fixing coverity issues.
Description: DEADCODE -- slapd/plugin.c:541: dead_error_line: Execution
cannot reach the expression "rc != 0" inside this statement: "if (lderr
== -2 || rc != 0)...".
(lderr == SLAPI_PLUGIN_EXTENDED_NOT_HANDLED) is always true, thus if
rc == LDAP_SUCCESS, the value is returned instead of the default error
code SLAPI_PLUGIN_EXTENDED_NOT_HANDLED.
https://fedorahosted.org/389/ticket/48822
Reviewed by wibrown(a)redhat.com (Thank you, William!!)
diff --git a/ldap/servers/slapd/plugin.c b/ldap/servers/slapd/plugin.c
index 5b81779..f196d2c 100644
--- a/ldap/servers/slapd/plugin.c
+++ b/ldap/servers/slapd/plugin.c
@@ -538,7 +538,7 @@ plugin_call_exop_plugins( Slapi_PBlock *pb, struct slapdplugin *p )
/*
* simple merge: report last real error
*/
- if ( lderr == SLAPI_PLUGIN_EXTENDED_NOT_HANDLED || rc != LDAP_SUCCESS ) {
+ if ( rc != LDAP_SUCCESS ) {
lderr = rc;
}
}
7 years, 7 months
- 1
- 0
rpm/389-ds-base.spec.in rpm.mk
by Mark Reynolds
rpm.mk | 14 ++-------
rpm/389-ds-base.spec.in | 70 ++++++++++--------------------------------------
2 files changed, 18 insertions(+), 66 deletions(-)
New commits:
commit 347b3fee61f77623b9e88855b5618d46660d7ed5
Author: Mark Reynolds <mreynolds(a)redhat.com>
Date: Fri May 6 17:28:27 2016 -0400
Ticket 48824 - Cleanup rpm.mk and 389 specfile
Description: Removed the jeamlloc bundling code.
Set a version requirement for srvcore.
Set ASAN to off by default.
Removed incorrect comparison: %if %0{?VAR:1} which only
checks if the VAR is defined, not what it is set to. So
those checks always returned true, even if the VAR was set
to 0.
https://fedorahosted.org/389/ticket/48824
Reviewed by: nhosoi(Thanks!)
diff --git a/rpm.mk b/rpm.mk
index c58c365..a880e62 100644
--- a/rpm.mk
+++ b/rpm.mk
@@ -4,12 +4,10 @@ RPM_RELEASE ?= $(shell $(PWD)/rpm/rpmverrel.sh release)
PACKAGE = 389-ds-base
RPM_NAME_VERSION = $(PACKAGE)-$(RPM_VERSION)
TARBALL = $(RPM_NAME_VERSION).tar.bz2
-NUNC_STANS_URL ?= $(shell rpmspec -P -D 'use_nunc_stans 1' $(RPMBUILD)/SPECS/389-ds-base.spec | awk '/^Source4:/ {print $$2}')
+NUNC_STANS_URL ?= $(shell rpmspec -P -D 'use_nunc_stans 1' $(RPMBUILD)/SPECS/389-ds-base.spec | awk '/^Source3:/ {print $$2}')
NUNC_STANS_TARBALL ?= $(shell basename "$(NUNC_STANS_URL)")
-JEMALLOC_URL ?= $(shell rpmspec -P $(RPMBUILD)/SPECS/389-ds-base.spec | awk '/^Source3:/ {print $$2}')
-JEMALLOC_TARBALL ?= $(shell basename "$(JEMALLOC_URL)")
NUNC_STANS_ON = 1
-BUNDLE_JEMALLOC = 0
+ASAN_ON = 0
clean:
rm -rf dist
@@ -27,9 +25,6 @@ tarballs: local-archive
if [ $(NUNC_STANS_ON) -eq 1 ]; then \
wget $(NUNC_STANS_URL) ; \
fi ; \
- if [ $(BUNDLE_JEMALLOC) -eq 1 ]; then \
- wget $(JEMALLOC_URL) ; \
- fi
rpmroot:
rm -rf $(RPMBUILD)
@@ -40,7 +35,7 @@ rpmroot:
mkdir -p $(RPMBUILD)/SRPMS
sed -e s/__VERSION__/$(RPM_VERSION)/ -e s/__RELEASE__/$(RPM_RELEASE)/ \
-e s/__NUNC_STANS_ON__/$(NUNC_STANS_ON)/ \
- -e s/__BUNDLE_JEMALLOC__/$(BUNDLE_JEMALLOC)/ \
+ -e s/__ASAN_ON__/$(ASAN_ON)/ \
rpm/$(PACKAGE).spec.in > $(RPMBUILD)/SPECS/$(PACKAGE).spec
rpmdistdir:
@@ -54,9 +49,6 @@ rpmbuildprep:
if [ $(NUNC_STANS_ON) -eq 1 ]; then \
cp dist/sources/$(NUNC_STANS_TARBALL) $(RPMBUILD)/SOURCES/ ; \
fi
- if [ $(BUNDLE_JEMALLOC) -eq 1 ]; then \
- cp dist/sources/$(JEMALLOC_TARBALL) $(RPMBUILD)/SOURCES/ ; \
- fi
cp rpm/$(PACKAGE)-* $(RPMBUILD)/SOURCES/
diff --git a/rpm/389-ds-base.spec.in b/rpm/389-ds-base.spec.in
index e3f7e1d..02b188d 100644
--- a/rpm/389-ds-base.spec.in
+++ b/rpm/389-ds-base.spec.in
@@ -17,24 +17,16 @@
# nunc-stans only builds on x86_64 for now
# To build without nunc-stans, set use_nunc_stans to 0.
%global use_nunc_stans __NUNC_STANS_ON__
-%if 0%{?use_nunc_stans:1}
+%if %{use_nunc_stans}
%global nunc_stans_ver 0.1.8
%endif
-# Are we bundling jemalloc?
-%global bundle_jemalloc __BUNDLE_JEMALLOC__
-%if 0%{?bundle_jemalloc:1}
-# The version used in the source tarball
-%global jemalloc_ver 3.6.0
-%endif
-
# This enables an ASAN build. This should not go to production, so we rename.
%global use_asan __ASAN_ON__
-%if 0%{?use_asan:1}
+%if %{use_asan}
%global variant base-asan
%endif
-
# fedora 15 and later uses tmpfiles.d
# otherwise, comment this out
%{!?with_tmpfiles_d: %global with_tmpfiles_d %{_sysconfdir}/tmpfiles.d}
@@ -60,7 +52,7 @@ Provides: ldif2ldbm
BuildRequires: nspr-devel
BuildRequires: nss-devel
-BuildRequires: svrcore-devel
+BuildRequires: svrcore-devel >= 4.1.2
%if %{use_openldap}
BuildRequires: openldap-devel
%else
@@ -89,7 +81,7 @@ BuildRequires: tcp_wrappers
BuildRequires: pam-devel
BuildRequires: systemd-units
BuildRequires: systemd-devel
-%if 0%{?use_asan:1}
+%if %{use_asan}
BuildRequires: libasan
%endif
@@ -138,7 +130,7 @@ Requires: perl-Socket
Requires: perl-NetAddr-IP
Requires: systemd-libs
-%if 0%{?use_asan:1}
+%if %{use_asan}
Requires: libasan
Requires: llvm
%endif
@@ -147,15 +139,11 @@ Source0: http://port389.org/sources/%{name}-%{version}%{?prerel}.tar.bz
# 389-ds-git.sh should be used to generate the source tarball from git
Source1: %{name}-git.sh
Source2: %{name}-devel.README
-
-%if 0%{?bundle_jemalloc:1}
-Source3: http://www.port389.org/binaries/jemalloc-%{jemalloc_ver}.tar.bz2
-%endif
-%if 0%{?use_nunc_stans:1}
-Source4: https://git.fedorahosted.org/cgit/nunc-stans.git/snapshot/nunc-stans-%{nu...
+%if %{use_nunc_stans}
+Source3: https://git.fedorahosted.org/cgit/nunc-stans.git/snapshot/nunc-stans-%{nu...
%endif
-%if 0%{?use_asan:1}
+%if %{use_asan}
%description
389 Directory Server is an LDAPv3 compliant server. The base package includes
the LDAP server and command line utilities for server administration.
@@ -187,17 +175,11 @@ BuildRequires: libdb-devel
BuildRequires: cyrus-sasl-devel
BuildRequires: libicu-devel
BuildRequires: pcre-devel
-%if 0%{?use_nunc_stans:1}
+%if %{use_nunc_stans}
BuildRequires: libtalloc-devel
BuildRequires: libevent-devel
BuildRequires: libtevent-devel
%endif
-%if 0%{?bundle_jemalloc:1}
-BuildRequires: /usr/bin/xsltproc
-%ifnarch s390
-BuildRequires: valgrind-devel
-%endif
-%endif
BuildRequires: systemd-devel
%description libs
@@ -240,16 +222,13 @@ The lib389 CI tests that can be run against the Directory Server.
%prep
%setup -q -n %{name}-%{version}%{?prerel}
-%if 0%{?bundle_jemalloc:1}
+%if %{use_nunc_stans}
%setup -q -n %{name}-%{version}%{?prerel} -T -D -b 3
%endif
-%if 0%{?use_nunc_stans:1}
-%setup -q -n %{name}-%{version}%{?prerel} -T -D -b 4
-%endif
cp %{SOURCE2} README.devel
%build
-%if 0%{?use_nunc_stans:1}
+%if %{use_nunc_stans}
pushd ../nunc-stans-%{nunc_stans_ver}
%configure --with-fhs --libdir=%{_libdir}/%{pkgname}
make %{?_smp_mflags}
@@ -260,13 +239,6 @@ cp nunc-stans.h include/nunc-stans/nunc-stans.h
popd
%endif
-%if 0%{?bundle_jemalloc:1}
-pushd ../jemalloc-%{jemalloc_ver}
-%configure CFLAGS='%{optflags} -msse2' --libdir=%{_libdir}/%{pkgname}
-make %{?_smp_mflags}
-popd
-%endif
-
%if %{use_openldap}
OPENLDAP_FLAG="--with-openldap"
%endif
@@ -278,7 +250,7 @@ NSSARGS="--with-svrcore-inc=%{_includedir} --with-svrcore-lib=%{_libdir} --with-
NUNC_STANS_FLAGS="--enable-nunc-stans --with-nunc-stans=../nunc-stans-%{nunc_stans_ver}"
%endif
-%if 0%{?use_asan:1}
+%if %{use_asan}
ASAN_FLAGS="--enable-asan --enable-debug"
%endif
@@ -301,7 +273,7 @@ make %{?_smp_mflags}
%install
rm -rf $RPM_BUILD_ROOT
-%if 0%{?use_nunc_stans:1}
+%if %{use_nunc_stans}
pushd ../nunc-stans-%{nunc_stans_ver}
make DESTDIR="$RPM_BUILD_ROOT" install
rm -rf $RPM_BUILD_ROOT%{_includedir} $RPM_BUILD_ROOT%{_datadir} \
@@ -309,12 +281,6 @@ rm -rf $RPM_BUILD_ROOT%{_includedir} $RPM_BUILD_ROOT%{_datadir} \
popd
%endif
-%if 0%{?bundle_jemalloc:1}
-pushd ../jemalloc-%{jemalloc_ver}
-cp --preserve=links lib/libjemalloc.so* $RPM_BUILD_ROOT%{_libdir}/%{pkgname}
-popd
-%endif
-
make DESTDIR="$RPM_BUILD_ROOT" install
mkdir -p $RPM_BUILD_ROOT/var/log/%{pkgname}
@@ -474,12 +440,9 @@ fi
%doc LICENSE LICENSE.GPLv3+ LICENSE.openssl README.devel
%{_includedir}/%{pkgname}
%{_libdir}/%{pkgname}/libslapd.so
-%if 0%{?use_nunc_stans:1}
+%if %{use_nunc_stans}
%{_libdir}/%{pkgname}/libnunc-stans.so
%endif
-%if 0%{?bundle_jemalloc:1}
-%{_libdir}/%{pkgname}/libjemalloc.so
-%endif
%{_libdir}/pkgconfig/*
%files libs
@@ -488,12 +451,9 @@ fi
%dir %{_libdir}/%{pkgname}
%{_libdir}/%{pkgname}/libslapd.so.*
%{_libdir}/%{pkgname}/libns-dshttpd.so*
-%if 0%{?use_nunc_stans:1}
+%if %{use_nunc_stans}
%{_libdir}/%{pkgname}/libnunc-stans.so*
%endif
-%if 0%{?bundle_jemalloc:1}
-%{_libdir}/%{pkgname}/libjemalloc.so*
-%endif
%files tests
%defattr(-,root,root,-)
7 years, 7 months
- 1
- 0
Branch '389-ds-base-1.3.4' - dirsrvtests/tests
by Simon Pichugin
dirsrvtests/tests/suites/paged_results/paged_results_test.py | 1017 ++++++++++-
dirsrvtests/tests/suites/paged_results/sss_control.py | 127 +
2 files changed, 1113 insertions(+), 31 deletions(-)
New commits:
commit 67da9832567c46ae1c9fc61313dc53a6c95b5429
Author: Simon Pichugin <spichugi(a)redhat.com>
Date: Tue Mar 29 11:49:50 2016 +0200
Ticket 48078 - CI test - paged_results - TET part
Description: Add test cases to Simple Paged Results test suite.
These test cases were ported from TET. Also test plans in RST format
were added.
https://fedorahosted.org/389/ticket/48078
Reviewed by: mreynolds, amsharma, vashirov (Thanks!)
(cherry picked from commit e00684266db15d3e75405220782496895761e45f)
diff --git a/dirsrvtests/tests/suites/paged_results/paged_results_test.py b/dirsrvtests/tests/suites/paged_results/paged_results_test.py
index 54782bc..6fec5c7 100644
--- a/dirsrvtests/tests/suites/paged_results/paged_results_test.py
+++ b/dirsrvtests/tests/suites/paged_results/paged_results_test.py
@@ -1,28 +1,31 @@
# --- BEGIN COPYRIGHT BLOCK ---
-# Copyright (C) 2015 Red Hat, Inc.
+# Copyright (C) 2016 Red Hat, Inc.
# All rights reserved.
#
# License: GPL (version 3 or any later version).
-# See LICENSE for details.
+# See LICENSE for details.
# --- END COPYRIGHT BLOCK ---
#
-import os
-import sys
import time
import ldap
import logging
import pytest
+from random import sample
+from ldap.controls import SimplePagedResultsControl
from lib389 import DirSrv, Entry, tools, tasks
from lib389.tools import DirSrvTools
from lib389._constants import *
from lib389.properties import *
from lib389.tasks import *
from lib389.utils import *
+from sss_control import SSSRequestControl
logging.getLogger(__name__).setLevel(logging.DEBUG)
log = logging.getLogger(__name__)
-installation1_prefix = None
+TEST_USER_NAME = 'simplepaged_test'
+TEST_USER_DN = 'uid=%s,%s' % (TEST_USER_NAME, DEFAULT_SUFFIX)
+TEST_USER_PWD = 'simplepaged_test'
class TopologyStandalone(object):
@@ -33,10 +36,6 @@ class TopologyStandalone(object):
@pytest.fixture(scope="module")
def topology(request):
- global installation1_prefix
- if installation1_prefix:
- args_instance[SER_DEPLOYED_DIR] = installation1_prefix
-
# Creating standalone instance ...
standalone = DirSrv(verbose=False)
args_instance[SER_HOST] = HOST_STANDALONE
@@ -51,43 +50,999 @@ def topology(request):
standalone.create()
standalone.open()
+ # Delete each instance in the end
+ def fin():
+ standalone.delete()
+ request.addfinalizer(fin)
+
# Clear out the tmp dir
standalone.clearTmpDir(__file__)
return TopologyStandalone(standalone)
-def test_paged_results_init(topology):
- '''
- Write any test suite initialization here(if needed)
- '''
+(a)pytest.fixture(scope="module")
+def test_user(topology):
+ """User for binding operation"""
- return
+ try:
+ topology.standalone.add_s(Entry((TEST_USER_DN, {
+ 'objectclass': 'top person'.split(),
+ 'objectclass': 'organizationalPerson',
+ 'objectclass': 'inetorgperson',
+ 'cn': TEST_USER_NAME,
+ 'sn': TEST_USER_NAME,
+ 'userpassword': TEST_USER_PWD,
+ 'mail': '%s(a)redhat.com' % TEST_USER_NAME,
+ 'uid': TEST_USER_NAME
+ })))
+ except ldap.LDAPError as e:
+ log.error('Failed to add user (%s): error (%s)' % (TEST_USER_DN,
+ e.message['desc']))
+ raise e
-def test_paged_results_(topology):
- '''
- Write a single test here...
- '''
+def add_users(topology, users_num):
+ """Add users to the default suffix
- return
+ Return the list of added user DNs.
+ """
+ users_list = []
+ log.info('Adding %d users' % users_num)
+ for num in sample(range(1000), users_num):
+ num_ran = int(round(num))
+ USER_NAME = 'test%05d' % num_ran
+ USER_DN = 'uid=%s,%s' % (USER_NAME, DEFAULT_SUFFIX)
+ users_list.append(USER_DN)
+ try:
+ topology.standalone.add_s(Entry((USER_DN, {
+ 'objectclass': 'top person'.split(),
+ 'objectclass': 'organizationalPerson',
+ 'objectclass': 'inetorgperson',
+ 'cn': USER_NAME,
+ 'sn': USER_NAME,
+ 'userpassword': 'pass%s' % num_ran,
+ 'mail': '%s(a)redhat.com' % USER_NAME,
+ 'uid': USER_NAME})))
+ except ldap.LDAPError as e:
+ log.error('Failed to add user (%s): error (%s)' % (USER_DN,
+ e.message['desc']))
+ raise e
+ return users_list
-def test_paged_results_final(topology):
- topology.standalone.delete()
- log.info('paged_results test suite PASSED')
+def del_users(topology, users_list):
+ """Delete users with DNs from given list"""
-def run_isolated():
- global installation1_prefix
- installation1_prefix = None
+ log.info('Deleting %d users' % len(users_list))
+ for user_dn in users_list:
+ try:
+ topology.standalone.delete_s(user_dn)
+ except ldap.LDAPError as e:
+ log.error('Failed to delete user (%s): error (%s)' % (user_dn,
+ e.message['desc']))
+ raise e
- topo = topology(True)
- test_paged_results_init(topo)
- test_paged_results_(topo)
- test_paged_results_final(topo)
+def change_conf_attr(topology, suffix, attr_name, attr_value):
+ """Change configurational attribute in the given suffix.
-if __name__ == '__main__':
- run_isolated()
+ Returns previous attribute value.
+ """
+
+ try:
+ entries = topology.standalone.search_s(suffix, ldap.SCOPE_BASE,
+ 'objectclass=top',
+ [attr_name])
+ attr_value_bck = entries[0].data.get(attr_name)
+ log.info('Set %s to %s. Previous value - %s. Modified suffix - %s.' % (
+ attr_name, attr_value, attr_value_bck, suffix))
+ if attr_value is None:
+ topology.standalone.modify_s(suffix, [(ldap.MOD_DELETE,
+ attr_name,
+ attr_value)])
+ else:
+ topology.standalone.modify_s(suffix, [(ldap.MOD_REPLACE,
+ attr_name,
+ attr_value)])
+ except ldap.LDAPError as e:
+ log.error('Failed to change attr value (%s): error (%s)' % (attr_name,
+ e.message['desc']))
+ raise e
+
+ return attr_value_bck
+
+
+def paged_search(topology, controls, search_flt, searchreq_attrlist):
+ """Search at the DEFAULT_SUFFIX with ldap.SCOPE_SUBTREE
+ using Simple Paged Control(should the first item in the
+ list controls.
+ Assert that no cookie left at the end.
+
+ Return the list with results summarized from all pages.
+ """
+
+ pages = 0
+ pctrls = []
+ all_results = []
+ req_ctrl = controls[0]
+ msgid = topology.standalone.search_ext(DEFAULT_SUFFIX,
+ ldap.SCOPE_SUBTREE,
+ search_flt,
+ searchreq_attrlist,
+ serverctrls=controls)
+ while True:
+ log.info('Getting page %d' % (pages,))
+ rtype, rdata, rmsgid, rctrls = topology.standalone.result3(msgid)
+ all_results.extend(rdata)
+ pages += 1
+ pctrls = [
+ c
+ for c in rctrls
+ if c.controlType == SimplePagedResultsControl.controlType
+ ]
+
+ if pctrls:
+ if pctrls[0].cookie:
+ # Copy cookie from response control to request control
+ req_ctrl.cookie = pctrls[0].cookie
+ msgid = topology.standalone.search_ext(DEFAULT_SUFFIX,
+ ldap.SCOPE_SUBTREE,
+ search_flt,
+ searchreq_attrlist,
+ serverctrls=controls)
+ else:
+ break # No more pages available
+ else:
+ break
+
+ assert not pctrls[0].cookie
+ return all_results
+
+
+(a)pytest.mark.parametrize("page_size,users_num",
+ [(6, 5), (5, 5), (5, 25)])
+def test_search_success(topology, test_user, page_size, users_num):
+ """Verify that search with a simple paged results control
+ returns all entries it should without errors.
+
+ @Feature: Simple paged results
+
+ @Setup: Standalone instance, test user for binding,
+ variated number of users for the search base
+
+ @Steps:
+ 1. Bind as test user
+ 2. Search through added users with a simple paged control
+
+ @Assert: All users should be found
+ """
+
+ users_list = add_users(topology, users_num)
+ search_flt = r'(uid=test*)'
+ searchreq_attrlist = ['dn', 'sn']
+
+ try:
+ log.info('Set user bind')
+ topology.standalone.simple_bind_s(TEST_USER_DN, TEST_USER_PWD)
+
+ log.info('Create simple paged results control instance')
+ req_ctrl = SimplePagedResultsControl(True, size=page_size, cookie='')
+
+ all_results = paged_search(topology, [req_ctrl],
+ search_flt, searchreq_attrlist)
+
+ log.info('%d results' % len(all_results))
+ assert len(all_results) == len(users_list)
+ finally:
+ log.info('Set Directory Manager bind back')
+ topology.standalone.simple_bind_s(DN_DM, PASSWORD)
+ del_users(topology, users_list)
+
+
+(a)pytest.mark.parametrize("page_size,users_num,suffix,attr_name,attr_value,expected_err", [
+ (50, 200, 'cn=config,%s' % DN_LDBM, 'nsslapd-idlistscanlimit', '100',
+ ldap.UNWILLING_TO_PERFORM),
+ (5, 15, DN_CONFIG, 'nsslapd-timelimit', '20',
+ ldap.UNAVAILABLE_CRITICAL_EXTENSION),
+ (21, 50, DN_CONFIG, 'nsslapd-sizelimit', '20',
+ ldap.SIZELIMIT_EXCEEDED),
+ (21, 50, DN_CONFIG, 'nsslapd-pagedsizelimit', '5',
+ ldap.SIZELIMIT_EXCEEDED),
+ (5, 50, 'cn=config,%s' % DN_LDBM, 'nsslapd-lookthroughlimit', '20',
+ ldap.ADMINLIMIT_EXCEEDED)])
+def test_search_limits_fail(topology, test_user, page_size, users_num,
+ suffix, attr_name, attr_value, expected_err):
+ """Verify that search with a simple paged results control
+ throws expected exceptoins when corresponding limits are
+ exceeded.
+
+ @Feature: Simple paged results
+
+ @Setup: Standalone instance, test user for binding,
+ variated number of users for the search base
+
+ @Steps:
+ 1. Bind as test user
+ 2. Set limit attribute to the value that will cause
+ an expected exception
+ 3. Search through added users with a simple paged control
+
+ @Assert: Should fail with appropriate exception
+ """
+
+ users_list = add_users(topology, users_num)
+ attr_value_bck = change_conf_attr(topology, suffix, attr_name, attr_value)
+ conf_param_dict = {attr_name: attr_value}
+ search_flt = r'(uid=test*)'
+ searchreq_attrlist = ['dn', 'sn']
+ controls = []
+
+ try:
+ log.info('Set user bind')
+ topology.standalone.simple_bind_s(TEST_USER_DN, TEST_USER_PWD)
+
+ log.info('Create simple paged results control instance')
+ req_ctrl = SimplePagedResultsControl(True, size=page_size, cookie='')
+ controls.append(req_ctrl)
+ if attr_name == 'nsslapd-idlistscanlimit':
+ sort_ctrl = SSSRequestControl(True, ['sn'])
+ controls.append(sort_ctrl)
+ log.info('Initiate ldapsearch with created control instance')
+ msgid = topology.standalone.search_ext(DEFAULT_SUFFIX,
+ ldap.SCOPE_SUBTREE,
+ search_flt,
+ searchreq_attrlist,
+ serverctrls=controls)
+
+ time_val = conf_param_dict.get('nsslapd-timelimit')
+ if time_val:
+ time.sleep(int(time_val) + 10)
+
+ pages = 0
+ all_results = []
+ pctrls = []
+ while True:
+ log.info('Getting page %d' % (pages,))
+ if pages == 0 and (time_val or attr_name in ('nsslapd-lookthroughlimit',
+ 'nsslapd-pagesizelimit')):
+ rtype, rdata, rmsgid, rctrls = topology.standalone.result3(msgid)
+ else:
+ with pytest.raises(expected_err):
+ rtype, rdata, rmsgid, rctrls = topology.standalone.result3(msgid)
+ all_results.extend(rdata)
+ pages += 1
+ pctrls = [
+ c
+ for c in rctrls
+ if c.controlType == SimplePagedResultsControl.controlType
+ ]
+
+ if pctrls:
+ if pctrls[0].cookie:
+ # Copy cookie from response control to request control
+ req_ctrl.cookie = pctrls[0].cookie
+ msgid = topology.standalone.search_ext(DEFAULT_SUFFIX,
+ ldap.SCOPE_SUBTREE,
+ search_flt,
+ searchreq_attrlist,
+ serverctrls=controls)
+ else:
+ break # No more pages available
+ else:
+ break
+ finally:
+ if expected_err == ldap.UNAVAILABLE_CRITICAL_EXTENSION:
+ topology.standalone.open()
+
+ log.info('Set Directory Manager bind back')
+ topology.standalone.simple_bind_s(DN_DM, PASSWORD)
+ del_users(topology, users_list)
+ change_conf_attr(topology, suffix, attr_name, attr_value_bck)
+
+
+def test_search_sort_success(topology, test_user):
+ """Verify that search with a simple paged results control
+ and a server side sort control returns all entries
+ it should without errors.
+
+ @Feature: Simple paged results
+
+ @Setup: Standalone instance, test user for binding,
+ variated number of users for the search base
+
+ @Steps:
+ 1. Bind as test user
+ 2. Search through added users with a simple paged control
+ and a server side sort control
+
+ @Assert: All users should be found and sorted
+ """
+
+ users_num = 50
+ page_size = 5
+ users_list = add_users(topology, users_num)
+ search_flt = r'(uid=test*)'
+ searchreq_attrlist = ['dn', 'sn']
+
+ try:
+ log.info('Set user bind')
+ topology.standalone.simple_bind_s(TEST_USER_DN, TEST_USER_PWD)
+
+ log.info('Create simple paged results control instance')
+ req_ctrl = SimplePagedResultsControl(True, size=page_size, cookie='')
+ sort_ctrl = SSSRequestControl(True, ['sn'])
+
+ log.info('Initiate ldapsearch with created control instance')
+ log.info('Collect data with sorting')
+ controls = [req_ctrl, sort_ctrl]
+ results_sorted = paged_search(topology, controls,
+ search_flt, searchreq_attrlist)
+
+ log.info('Substring numbers from user DNs')
+ r_nums = map(lambda x: int(x[0][8:13]), results_sorted)
+
+ log.info('Assert that list is sorted')
+ assert all(r_nums[i] <= r_nums[i+1] for i in range(len(r_nums)-1))
+ finally:
+ log.info('Set Directory Manager bind back')
+ topology.standalone.simple_bind_s(DN_DM, PASSWORD)
+ del_users(topology, users_list)
+
+
+def test_search_abandon(topology, test_user):
+ """Verify that search with simple paged results control
+ can be abandon
+
+ @Feature: Simple paged results
+
+ @Setup: Standalone instance, test user for binding,
+ variated number of users for the search base
+
+ @Steps:
+ 1. Bind as test user
+ 2. Search through added users with a simple paged control
+ 3. Abandon the search
+
+ @Assert: It will throw an ldap.TIMEOUT exception, while trying
+ to get the rest of the search results
+ """
+
+ users_num = 10
+ page_size = 2
+ users_list = add_users(topology, users_num)
+ search_flt = r'(uid=test*)'
+ searchreq_attrlist = ['dn', 'sn']
+
+ try:
+ log.info('Set user bind')
+ topology.standalone.simple_bind_s(TEST_USER_DN, TEST_USER_PWD)
+
+ log.info('Create simple paged results control instance')
+ req_ctrl = SimplePagedResultsControl(True, size=page_size, cookie='')
+ controls = [req_ctrl]
+
+ log.info('Initiate a search with a paged results control')
+ msgid = topology.standalone.search_ext(DEFAULT_SUFFIX,
+ ldap.SCOPE_SUBTREE,
+ search_flt,
+ searchreq_attrlist,
+ serverctrls=controls)
+ log.info('Abandon the search')
+ topology.standalone.abandon(msgid)
+
+ log.info('Expect an ldap.TIMEOUT exception, while trying to get the search results')
+ with pytest.raises(ldap.TIMEOUT):
+ topology.standalone.result3(msgid, timeout=5)
+ finally:
+ log.info('Set Directory Manager bind back')
+ topology.standalone.simple_bind_s(DN_DM, PASSWORD)
+ del_users(topology, users_list)
+
+
+def test_search_with_timelimit(topology, test_user):
+ """Verify that after performing multiple simple paged searches
+ to completion, each with a timelimit, it wouldn't fail, if we sleep
+ for a time more than the timelimit.
+
+ @Feature: Simple paged results
+
+ @Setup: Standalone instance, test user for binding,
+ variated number of users for the search base
+
+ @Steps:
+ 1. Bind as test user
+ 2. Search through added users with a simple paged control
+ and timelimit set to 5
+ 3. When the returned cookie is empty, wait 10 seconds
+ 4. Perform steps 2 and 3 three times in a row
+
+ @Assert: No error happens
+ """
+
+ users_num = 100
+ page_size = 50
+ timelimit = 5
+ users_list = add_users(topology, users_num)
+ search_flt = r'(uid=test*)'
+ searchreq_attrlist = ['dn', 'sn']
+
+ try:
+ log.info('Set user bind')
+ topology.standalone.simple_bind_s(TEST_USER_DN, TEST_USER_PWD)
+
+ log.info('Create simple paged results control instance')
+ req_ctrl = SimplePagedResultsControl(True, size=page_size, cookie='')
+ controls = [req_ctrl]
+
+ for ii in range(3):
+ log.info('Iteration %d' % ii)
+ msgid = topology.standalone.search_ext(DEFAULT_SUFFIX,
+ ldap.SCOPE_SUBTREE,
+ search_flt,
+ searchreq_attrlist,
+ serverctrls=controls,
+ timeout=timelimit)
+
+ pages = 0
+ pctrls = []
+ while True:
+ log.info('Getting page %d' % (pages,))
+ rtype, rdata, rmsgid, rctrls = topology.standalone.result3(msgid)
+ pages += 1
+ pctrls = [
+ c
+ for c in rctrls
+ if c.controlType == SimplePagedResultsControl.controlType
+ ]
+
+ if pctrls:
+ if pctrls[0].cookie:
+ # Copy cookie from response control to request control
+ req_ctrl.cookie = pctrls[0].cookie
+ msgid = topology.standalone.search_ext(DEFAULT_SUFFIX,
+ ldap.SCOPE_SUBTREE,
+ search_flt,
+ searchreq_attrlist,
+ serverctrls=controls,
+ timeout=timelimit)
+ else:
+ log.info('Done with this search - sleeping %d seconds' % (
+ timelimit * 2))
+ time.sleep(timelimit * 2)
+ break # No more pages available
+ else:
+ break
+ finally:
+ log.info('Set Directory Manager bind back')
+ topology.standalone.simple_bind_s(DN_DM, PASSWORD)
+ del_users(topology, users_list)
+
+
+(a)pytest.mark.parametrize('aci_subject',
+ ('dns = "localhost.localdomain"',
+ 'ip = "::1"'))
+def test_search_dns_ip_aci(topology, test_user, aci_subject):
+ """Verify that after performing multiple simple paged searches
+ to completion on the suffix with DNS or IP based ACI
+
+ @Feature: Simple paged results
+
+ @Setup: Standalone instance, test user for binding,
+ variated number of users for the search base
+
+ @Steps:
+ 1. Back up and remove all previous ACI from suffix
+ 2. Add an anonymous ACI for DNS check
+ 3. Bind as test user
+ 4. Search through added users with a simple paged control
+ 5. Perform steps 4 three times in a row
+ 6. Return ACI to the initial state
+ 7. Go through all steps onece again, but use IP subjectdn
+ insted of DNS
+
+ @Assert: No error happens, all users should be found and sorted
+ """
+
+ users_num = 100
+ page_size = 5
+ users_list = add_users(topology, users_num)
+ search_flt = r'(uid=test*)'
+ searchreq_attrlist = ['dn', 'sn']
+
+ try:
+ log.info('Back up current suffix ACI')
+ acis_bck = topology.standalone.aci.list(DEFAULT_SUFFIX, ldap.SCOPE_BASE)
+
+ log.info('Add test ACI')
+ ACI_TARGET = '(targetattr != "userPassword")'
+ ACI_ALLOW = '(version 3.0;acl "Anonymous access within domain"; allow (read,compare,search)'
+ ACI_SUBJECT = '(userdn = "ldap:///anyone") and (%s);)' % aci_subject
+ ACI_BODY = ACI_TARGET + ACI_ALLOW + ACI_SUBJECT
+ try:
+ topology.standalone.modify_s(DEFAULT_SUFFIX, [(ldap.MOD_REPLACE,
+ 'aci',
+ ACI_BODY)])
+ except ldap.LDAPError as e:
+ log.fatal('Failed to add ACI: error (%s)' % (e.message['desc']))
+ raise e
+ log.info('Set user bind')
+ topology.standalone.simple_bind_s(TEST_USER_DN, TEST_USER_PWD)
+
+ log.info('Create simple paged results control instance')
+ req_ctrl = SimplePagedResultsControl(True, size=page_size, cookie='')
+ controls = [req_ctrl]
+
+ log.info('Initiate three searches with a paged results control')
+ for ii in range(3):
+ log.info('%d search' % (ii + 1))
+ all_results = paged_search(topology, controls,
+ search_flt, searchreq_attrlist)
+ log.info('%d results' % len(all_results))
+ assert len(all_results) == len(users_list)
+ log.info('If we are here, then no error has happened. We are good.')
+
+ finally:
+ log.info('Set Directory Manager bind back')
+ topology.standalone.simple_bind_s(DN_DM, PASSWORD)
+ log.info('Restore ACI')
+ topology.standalone.modify_s(DEFAULT_SUFFIX, [(ldap.MOD_DELETE,
+ 'aci',
+ None)])
+ for aci in acis_bck:
+ topology.standalone.modify_s(DEFAULT_SUFFIX, [(ldap.MOD_ADD,
+ 'aci',
+ aci.getRawAci())])
+ del_users(topology, users_list)
+
+
+def test_search_multiple_paging(topology, test_user):
+ """Verify that after performing multiple simple paged searches
+ on a single connection without a complition, it wouldn't fail.
+
+ @Feature: Simple paged results
+
+ @Setup: Standalone instance, test user for binding,
+ variated number of users for the search base
+
+ @Steps:
+ 1. Bind as test user
+ 2. Initiate the search with a simple paged control
+ 3. Acquire the returned cookie only one time
+ 4. Perform steps 2 and 3 three times in a row
+
+ @Assert: No error happens
+ """
+
+ users_num = 100
+ page_size = 30
+ users_list = add_users(topology, users_num)
+ search_flt = r'(uid=test*)'
+ searchreq_attrlist = ['dn', 'sn']
+
+ try:
+ log.info('Set user bind')
+ topology.standalone.simple_bind_s(TEST_USER_DN, TEST_USER_PWD)
+
+ log.info('Create simple paged results control instance')
+ req_ctrl = SimplePagedResultsControl(True, size=page_size, cookie='')
+ controls = [req_ctrl]
+
+ for ii in range(3):
+ log.info('Iteration %d' % ii)
+ msgid = topology.standalone.search_ext(DEFAULT_SUFFIX,
+ ldap.SCOPE_SUBTREE,
+ search_flt,
+ searchreq_attrlist,
+ serverctrls=controls)
+ rtype, rdata, rmsgid, rctrls = topology.standalone.result3(msgid)
+ pctrls = [
+ c
+ for c in rctrls
+ if c.controlType == SimplePagedResultsControl.controlType
+ ]
+
+ # Copy cookie from response control to request control
+ req_ctrl.cookie = pctrls[0].cookie
+ msgid = topology.standalone.search_ext(DEFAULT_SUFFIX,
+ ldap.SCOPE_SUBTREE,
+ search_flt,
+ searchreq_attrlist,
+ serverctrls=controls)
+ finally:
+ log.info('Set Directory Manager bind back')
+ topology.standalone.simple_bind_s(DN_DM, PASSWORD)
+ del_users(topology, users_list)
+
+
+(a)pytest.mark.parametrize("invalid_cookie", [1000, -1])
+def test_search_invalid_cookie(topology, test_user, invalid_cookie):
+ """Verify that using invalid cookie while performing
+ search with the simple paged results control throws
+ a TypeError exception
+
+ @Feature: Simple paged results
+
+ @Setup: Standalone instance, test user for binding,
+ variated number of users for the search base
+
+ @Steps:
+ 1. Bind as test user
+ 2. Initiate the search with a simple paged control
+ 3. Put an invalid cookie (-1, 1000) to the control
+ 4. Continue the search
+
+ @Assert: It will throw an TypeError exception
+ """
+
+ users_num = 100
+ page_size = 50
+ users_list = add_users(topology, users_num)
+ search_flt = r'(uid=test*)'
+ searchreq_attrlist = ['dn', 'sn']
+
+ try:
+ log.info('Set user bind')
+ topology.standalone.simple_bind_s(TEST_USER_DN, TEST_USER_PWD)
+
+ log.info('Create simple paged results control instance')
+ req_ctrl = SimplePagedResultsControl(True, size=page_size, cookie='')
+ controls = [req_ctrl]
+
+ msgid = topology.standalone.search_ext(DEFAULT_SUFFIX,
+ ldap.SCOPE_SUBTREE,
+ search_flt,
+ searchreq_attrlist,
+ serverctrls=controls)
+ rtype, rdata, rmsgid, rctrls = topology.standalone.result3(msgid)
+
+ log.info('Put an invalid cookie (%d) to the control. TypeError is expected' %
+ invalid_cookie)
+ req_ctrl.cookie = invalid_cookie
+ with pytest.raises(TypeError):
+ msgid = topology.standalone.search_ext(DEFAULT_SUFFIX,
+ ldap.SCOPE_SUBTREE,
+ search_flt,
+ searchreq_attrlist,
+ serverctrls=controls)
+ finally:
+ log.info('Set Directory Manager bind back')
+ topology.standalone.simple_bind_s(DN_DM, PASSWORD)
+ del_users(topology, users_list)
+
+
+def test_search_abandon_with_zero_size(topology, test_user):
+ """Verify that search with simple paged results control
+ can be abandon using page_size = 0
+
+ @Feature: Simple paged results
+
+ @Setup: Standalone instance, test user for binding,
+ variated number of users for the search base
+
+ @Steps:
+ 1. Bind as test user
+ 2. Search through added users with a simple paged control
+ and page_size = 0
+
+ @Assert: No cookie should be returned at all
+ """
+
+ users_num = 10
+ page_size = 0
+ users_list = add_users(topology, users_num)
+ search_flt = r'(uid=test*)'
+ searchreq_attrlist = ['dn', 'sn']
+
+ try:
+ log.info('Set user bind')
+ topology.standalone.simple_bind_s(TEST_USER_DN, TEST_USER_PWD)
+
+ log.info('Create simple paged results control instance')
+ req_ctrl = SimplePagedResultsControl(True, size=page_size, cookie='')
+ controls = [req_ctrl]
+
+ msgid = topology.standalone.search_ext(DEFAULT_SUFFIX,
+ ldap.SCOPE_SUBTREE,
+ search_flt,
+ searchreq_attrlist,
+ serverctrls=controls)
+ rtype, rdata, rmsgid, rctrls = topology.standalone.result3(msgid)
+ pctrls = [
+ c
+ for c in rctrls
+ if c.controlType == SimplePagedResultsControl.controlType
+ ]
+ assert not pctrls[0].cookie
+ finally:
+ log.info('Set Directory Manager bind back')
+ topology.standalone.simple_bind_s(DN_DM, PASSWORD)
+ del_users(topology, users_list)
+
+
+def test_search_pagedsizelimit_success(topology, test_user):
+ """Verify that search with a simple paged results control
+ returns all entries it should without errors while
+ valid value set to nsslapd-pagedsizelimit.
+
+ @Feature: Simple paged results
+
+ @Setup: Standalone instance, test user for binding,
+ 10 users for the search base
+
+ @Steps:
+ 1. Set nsslapd-pagedsizelimit: 20
+ 2. Bind as test user
+ 3. Search through added users with a simple paged control
+ using page_size = 10
+
+ @Assert: All users should be found
+ """
+
+ users_num = 10
+ page_size = 10
+ attr_name = 'nsslapd-pagedsizelimit'
+ attr_value = '20'
+ attr_value_bck = change_conf_attr(topology, DN_CONFIG,
+ attr_name, attr_value)
+ users_list = add_users(topology, users_num)
+ search_flt = r'(uid=test*)'
+ searchreq_attrlist = ['dn', 'sn']
+
+ try:
+ log.info('Set user bind')
+ topology.standalone.simple_bind_s(TEST_USER_DN, TEST_USER_PWD)
+
+ log.info('Create simple paged results control instance')
+ req_ctrl = SimplePagedResultsControl(True, size=page_size, cookie='')
+ controls = [req_ctrl]
+
+ all_results = paged_search(topology, controls,
+ search_flt, searchreq_attrlist)
+
+ log.info('%d results' % len(all_results))
+ assert len(all_results) == len(users_list)
+
+ finally:
+ log.info('Set Directory Manager bind back')
+ topology.standalone.simple_bind_s(DN_DM, PASSWORD)
+ del_users(topology, users_list)
+ change_conf_attr(topology, DN_CONFIG,
+ 'nsslapd-pagedsizelimit', attr_value_bck)
+
+
+(a)pytest.mark.parametrize('conf_attr,user_attr,expected_rs',
+ (('5', '15', 'PASS'), ('15', '5', ldap.SIZELIMIT_EXCEEDED)))
+def test_search_nspagedsizelimit(topology, test_user,
+ conf_attr, user_attr, expected_rs):
+ """Verify that nsPagedSizeLimit attribute overrides
+ nsslapd-pagedsizelimit while performing search with
+ the simple paged results control.
+
+ @Feature: Simple paged results
+
+ @Setup: Standalone instance, test user for binding,
+ 10 users for the search base
+
+ @Steps:
+ 1. Set nsslapd-pagedsizelimit: 5
+ 2. Set nsPagedSizeLimit: 15
+ 3. Bind as test user
+ 4. Search through added users with a simple paged control
+ using page_size = 10
+ 5. Bind as Directory Manager
+ 6. Restore all values
+ 7. Set nsslapd-pagedsizelimit: 15
+ 8. Set nsPagedSizeLimit: 5
+ 9. Bind as test user
+ 10. Search through added users with a simple paged control
+ using page_size = 10
+
+ @Assert: After the steps 1-4, it should PASS.
+ After the steps 7-10, it should throw SIZELIMIT_EXCEEDED exception
+ """
+
+ users_num = 10
+ page_size = 10
+ users_list = add_users(topology, users_num)
+ search_flt = r'(uid=test*)'
+ searchreq_attrlist = ['dn', 'sn']
+ conf_attr_bck = change_conf_attr(topology, DN_CONFIG,
+ 'nsslapd-pagedsizelimit', conf_attr)
+ user_attr_bck = change_conf_attr(topology, TEST_USER_DN,
+ 'nsPagedSizeLimit', user_attr)
+
+ try:
+ log.info('Set user bind')
+ topology.standalone.simple_bind_s(TEST_USER_DN, TEST_USER_PWD)
+
+ log.info('Create simple paged results control instance')
+ req_ctrl = SimplePagedResultsControl(True, size=page_size, cookie='')
+ controls = [req_ctrl]
+
+ if expected_rs == ldap.SIZELIMIT_EXCEEDED:
+ log.info('Expect to fail with SIZELIMIT_EXCEEDED')
+ with pytest.raises(expected_rs):
+ all_results = paged_search(topology, controls,
+ search_flt, searchreq_attrlist)
+ elif expected_rs == 'PASS':
+ log.info('Expect to pass')
+ all_results = paged_search(topology, controls,
+ search_flt, searchreq_attrlist)
+ log.info('%d results' % len(all_results))
+ assert len(all_results) == len(users_list)
+
+ finally:
+ log.info('Set Directory Manager bind back')
+ topology.standalone.simple_bind_s(DN_DM, PASSWORD)
+ del_users(topology, users_list)
+ change_conf_attr(topology, DN_CONFIG,
+ 'nsslapd-pagedsizelimit', conf_attr_bck)
+ change_conf_attr(topology, TEST_USER_DN,
+ 'nsPagedSizeLimit', user_attr_bck)
+
+
+(a)pytest.mark.parametrize('conf_attr_values,expected_rs',
+ ((('5000', '100', '100'), ldap.ADMINLIMIT_EXCEEDED),
+ (('5000', '120', '122'), 'PASS')))
+def test_search_paged_limits(topology, test_user, conf_attr_values, expected_rs):
+ """Verify that nsslapd-idlistscanlimit and
+ nsslapd-lookthroughlimit can limit the administrator
+ search abilities.
+
+ @Feature: Simple paged results
+
+ @Setup: Standalone instance, test user for binding,
+ 10 users for the search base
+
+ @Steps:
+ 1. Set nsslapd-sizelimit and nsslapd-pagedsizelimit to 5000
+ 2. Set nsslapd-idlistscanlimit: 120
+ 3. Set nsslapd-lookthroughlimit: 122
+ 4. Bind as test user
+ 5. Search through added users with a simple paged control
+ using page_size = 10
+ 6. Bind as Directory Manager
+ 7. Set nsslapd-idlistscanlimit: 100
+ 8. Set nsslapd-lookthroughlimit: 100
+ 9. Bind as test user
+ 10. Search through added users with a simple paged control
+ using page_size = 10
+
+ @Assert: After the steps 1-4, it should PASS.
+ After the steps 7-10, it should throw ADMINLIMIT_EXCEEDED exception
+ """
+
+ users_num = 101
+ page_size = 10
+ users_list = add_users(topology, users_num)
+ search_flt = r'(uid=test*)'
+ searchreq_attrlist = ['dn', 'sn']
+ size_attr_bck = change_conf_attr(topology, DN_CONFIG,
+ 'nsslapd-sizelimit', conf_attr_values[0])
+ pagedsize_attr_bck = change_conf_attr(topology, DN_CONFIG,
+ 'nsslapd-pagedsizelimit', conf_attr_values[0])
+ idlistscan_attr_bck = change_conf_attr(topology, 'cn=config,%s' % DN_LDBM,
+ 'nsslapd-idlistscanlimit', conf_attr_values[1])
+ lookthrough_attr_bck = change_conf_attr(topology, 'cn=config,%s' % DN_LDBM,
+ 'nsslapd-lookthroughlimit', conf_attr_values[2])
+
+ try:
+ log.info('Set user bind')
+ topology.standalone.simple_bind_s(TEST_USER_DN, TEST_USER_PWD)
+
+ log.info('Create simple paged results control instance')
+ req_ctrl = SimplePagedResultsControl(True, size=page_size, cookie='')
+ controls = [req_ctrl]
+
+ if expected_rs == ldap.ADMINLIMIT_EXCEEDED:
+ log.info('Expect to fail with ADMINLIMIT_EXCEEDED')
+ with pytest.raises(expected_rs):
+ all_results = paged_search(topology, controls,
+ search_flt, searchreq_attrlist)
+ elif expected_rs == 'PASS':
+ log.info('Expect to pass')
+ all_results = paged_search(topology, controls,
+ search_flt, searchreq_attrlist)
+ log.info('%d results' % len(all_results))
+ assert len(all_results) == len(users_list)
+ finally:
+ log.info('Set Directory Manager bind back')
+ topology.standalone.simple_bind_s(DN_DM, PASSWORD)
+ del_users(topology, users_list)
+ change_conf_attr(topology, DN_CONFIG,
+ 'nsslapd-sizelimit', size_attr_bck)
+ change_conf_attr(topology, DN_CONFIG,
+ 'nsslapd-pagedsizelimit', pagedsize_attr_bck)
+ change_conf_attr(topology, 'cn=config,%s' % DN_LDBM,
+ 'nsslapd-lookthroughlimit', lookthrough_attr_bck)
+ change_conf_attr(topology, 'cn=config,%s' % DN_LDBM,
+ 'nsslapd-idlistscanlimit', idlistscan_attr_bck)
+
+
+(a)pytest.mark.parametrize('conf_attr_values,expected_rs',
+ ((('1000', '100', '100'), ldap.ADMINLIMIT_EXCEEDED),
+ (('1000', '120', '122'), 'PASS')))
+def test_search_paged_user_limits(topology, test_user, conf_attr_values, expected_rs):
+ """Verify that nsPagedIDListScanLimit and nsPagedLookthroughLimit
+ override nsslapd-idlistscanlimit and nsslapd-lookthroughlimit
+ while performing search with the simple paged results control.
+
+ @Feature: Simple paged results
+
+ @Setup: Standalone instance, test user for binding,
+ 10 users for the search base
+
+ @Steps:
+ 1. Set nsslapd-idlistscanlimit: 1000
+ 2. Set nsslapd-lookthroughlimit: 1000
+ 3. Set nsPagedIDListScanLimit: 120
+ 4. Set nsPagedLookthroughLimit: 122
+ 5. Bind as test user
+ 6. Search through added users with a simple paged control
+ using page_size = 10
+ 7. Bind as Directory Manager
+ 8. Set nsPagedIDListScanLimit: 100
+ 9. Set nsPagedLookthroughLimit: 100
+ 10. Bind as test user
+ 11. Search through added users with a simple paged control
+ using page_size = 10
+
+ @Assert: After the steps 1-4, it should PASS.
+ After the steps 8-11, it should throw ADMINLIMIT_EXCEEDED exception
+ """
+
+ users_num = 101
+ page_size = 10
+ users_list = add_users(topology, users_num)
+ search_flt = r'(uid=test*)'
+ searchreq_attrlist = ['dn', 'sn']
+ lookthrough_attr_bck = change_conf_attr(topology, 'cn=config,%s' % DN_LDBM,
+ 'nsslapd-lookthroughlimit', conf_attr_values[0])
+ idlistscan_attr_bck = change_conf_attr(topology, 'cn=config,%s' % DN_LDBM,
+ 'nsslapd-idlistscanlimit', conf_attr_values[0])
+ user_idlistscan_attr_bck = change_conf_attr(topology, TEST_USER_DN,
+ 'nsPagedIDListScanLimit', conf_attr_values[1])
+ user_lookthrough_attr_bck = change_conf_attr(topology, TEST_USER_DN,
+ 'nsPagedLookthroughLimit', conf_attr_values[2])
+
+ try:
+ log.info('Set user bind')
+ topology.standalone.simple_bind_s(TEST_USER_DN, TEST_USER_PWD)
+
+ log.info('Create simple paged results control instance')
+ req_ctrl = SimplePagedResultsControl(True, size=page_size, cookie='')
+ controls = [req_ctrl]
+
+ if expected_rs == ldap.ADMINLIMIT_EXCEEDED:
+ log.info('Expect to fail with ADMINLIMIT_EXCEEDED')
+ with pytest.raises(expected_rs):
+ all_results = paged_search(topology, controls,
+ search_flt, searchreq_attrlist)
+ elif expected_rs == 'PASS':
+ log.info('Expect to pass')
+ all_results = paged_search(topology, controls,
+ search_flt, searchreq_attrlist)
+ log.info('%d results' % len(all_results))
+ assert len(all_results) == len(users_list)
+ finally:
+ log.info('Set Directory Manager bind back')
+ topology.standalone.simple_bind_s(DN_DM, PASSWORD)
+ del_users(topology, users_list)
+ change_conf_attr(topology, 'cn=config,%s' % DN_LDBM,
+ 'nsslapd-lookthroughlimit', lookthrough_attr_bck)
+ change_conf_attr(topology, 'cn=config,%s' % DN_LDBM,
+ 'nsslapd-idlistscanlimit', idlistscan_attr_bck)
+ change_conf_attr(topology, TEST_USER_DN,
+ 'nsPagedIDListScanLimit', user_idlistscan_attr_bck)
+ change_conf_attr(topology, TEST_USER_DN,
+ 'nsPagedLookthroughLimit', user_lookthrough_attr_bck)
+
+
+if __name__ == '__main__':
+ # Run isolated
+ # -s for DEBUG mode
+ CURRENT_FILE = os.path.realpath(__file__)
+ pytest.main("-s %s" % CURRENT_FILE)
diff --git a/dirsrvtests/tests/suites/paged_results/sss_control.py b/dirsrvtests/tests/suites/paged_results/sss_control.py
new file mode 100644
index 0000000..58cd6c5
--- /dev/null
+++ b/dirsrvtests/tests/suites/paged_results/sss_control.py
@@ -0,0 +1,127 @@
+# -*- coding: utf-8 -*-
+"""
+ldap.controls.sss - classes for Server Side Sorting
+(see RFC 2891)
+See http://www.python-ldap.org/ for project details.
+$Id: sss.py,v 1.2 2015/10/24 15:52:23 stroeder Exp $
+"""
+
+__all__ = [
+ 'SSSRequestControl',
+ 'SSSResponseControl',
+]
+
+
+import ldap
+from ldap.ldapobject import LDAPObject
+from ldap.controls import (RequestControl, ResponseControl,
+ KNOWN_RESPONSE_CONTROLS, DecodeControlTuples)
+
+from pyasn1.type import univ, namedtype, tag, namedval, constraint
+from pyasn1.codec.ber import encoder, decoder
+
+
+# SortKeyList ::= SEQUENCE OF SEQUENCE {
+# attributeType AttributeDescription,
+# orderingRule [0] MatchingRuleId OPTIONAL,
+# reverseOrder [1] BOOLEAN DEFAULT FALSE }
+
+
+class SortKeyType(univ.Sequence):
+ componentType = namedtype.NamedTypes(
+ namedtype.NamedType('attributeType', univ.OctetString()),
+ namedtype.OptionalNamedType('orderingRule',
+ univ.OctetString().subtype(
+ implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0)
+ )
+ ),
+ namedtype.DefaultedNamedType('reverseOrder', univ.Boolean(False).subtype(
+ implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))))
+
+
+class SortKeyListType(univ.SequenceOf):
+ componentType = SortKeyType()
+
+
+class SSSRequestControl(RequestControl):
+ '''Order result server side
+ >>> s = SSSRequestControl('-cn')
+ '''
+ controlType = '1.2.840.113556.1.4.473'
+
+ def __init__(
+ self,
+ criticality=False,
+ ordering_rules=None,
+ ):
+ RequestControl.__init__(self,self.controlType,criticality)
+ self.ordering_rules = ordering_rules
+ if isinstance(ordering_rules, basestring):
+ ordering_rules = [ordering_rules]
+ for rule in ordering_rules:
+ rule = rule.split(':')
+ assert len(rule) < 3, 'syntax for ordering rule: [-]<attribute-type>[:ordering-rule]'
+
+ def asn1(self):
+ p = SortKeyListType()
+ for i, rule in enumerate(self.ordering_rules):
+ q = SortKeyType()
+ reverse_order = rule.startswith('-')
+ if reverse_order:
+ rule = rule[1:]
+ if ':' in rule:
+ attribute_type, ordering_rule = rule.split(':')
+ else:
+ attribute_type, ordering_rule = rule, None
+ q.setComponentByName('attributeType', attribute_type)
+ if ordering_rule:
+ q.setComponentByName('orderingRule', ordering_rule)
+ if reverse_order:
+ q.setComponentByName('reverseOrder', 1)
+ p.setComponentByPosition(i, q)
+ return p
+
+ def encodeControlValue(self):
+ return encoder.encode(self.asn1())
+
+
+class SortResultType(univ.Sequence):
+ componentType = namedtype.NamedTypes(
+ namedtype.NamedType('sortResult', univ.Enumerated().subtype(
+ namedValues=namedval.NamedValues(
+ ('success', 0),
+ ('operationsError', 1),
+ ('timeLimitExceeded', 3),
+ ('strongAuthRequired', 8),
+ ('adminLimitExceeded', 11),
+ ('noSuchAttribute', 16),
+ ('inappropriateMatching', 18),
+ ('insufficientAccessRights', 50),
+ ('busy', 51),
+ ('unwillingToPerform', 53),
+ ('other', 80)),
+ subtypeSpec=univ.Enumerated.subtypeSpec + constraint.SingleValueConstraint(
+ 0, 1, 3, 8, 11, 16, 18, 50, 51, 53, 80))),
+ namedtype.OptionalNamedType('attributeType',
+ univ.OctetString().subtype(
+ implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0)
+ )
+ ))
+
+
+class SSSResponseControl(ResponseControl):
+ controlType = '1.2.840.113556.1.4.474'
+
+ def __init__(self,criticality=False):
+ ResponseControl.__init__(self,self.controlType,criticality)
+
+ def decodeControlValue(self, encoded):
+ p, rest = decoder.decode(encoded, asn1Spec=SortResultType())
+ assert not rest, 'all data could not be decoded'
+ self.result = int(p.getComponentByName('sortResult'))
+ self.result_code = p.getComponentByName('sortResult').prettyOut(self.result)
+ self.attribute_type_error = p.getComponentByName('attributeType')
+
+
+KNOWN_RESPONSE_CONTROLS[SSSRequestControl.controlType] = SSSRequestControl
+KNOWN_RESPONSE_CONTROLS[SSSResponseControl.controlType] = SSSResponseControl
7 years, 7 months
- 1
- 0