dirsrvtests/tickets/ticket548_test.py | 131 +++++++++++++++++++++----- ldap/servers/slapd/modify.c | 2 ldap/servers/slapd/opshared.c | 6 + ldap/servers/slapd/proto-slap.h | 3 ldap/servers/slapd/pw.c | 170 +++++++++++++++++++++------------- ldap/servers/slapd/result.c | 18 +-- ldap/servers/slapd/slap.h | 1 7 files changed, 235 insertions(+), 96 deletions(-)
New commits: commit 097239c506183c749613e1f936b274bd37a01420 Author: Noriko Hosoi nhosoi@redhat.com Date: Tue Jan 19 13:48:57 2016 -0800
Ticket #548 - CI test: added test cases for ticket 548
Description: RFE: Allow AD password sync to update shadowLastChange
1) Use DEFAULT_SUFFIX_ESCAPED for the escaped DEFAULT_SUFFIX. 2) Check USER1's shadow values are adjusted by changing the password policy. First, the default values. Next, Global password policy then fine-grained password policy is added. 3) Checks changes to the global pw policy are reflected on pw change 3) Checks changes to the subtree pw policy are reflected on pw change
Author: nhosoi, wibrown
Review: nhosoi, wibrown
diff --git a/dirsrvtests/tickets/ticket548_test.py b/dirsrvtests/tickets/ticket548_test.py index 030ff4f..d29fa53 100644 --- a/dirsrvtests/tickets/ticket548_test.py +++ b/dirsrvtests/tickets/ticket548_test.py @@ -26,9 +26,9 @@ installation_prefix = None # Assuming DEFAULT_SUFFIX is "dc=example,dc=com", otherwise it does not work... :( SUBTREE_CONTAINER = 'cn=nsPwPolicyContainer,' + DEFAULT_SUFFIX SUBTREE_PWPDN = 'cn=nsPwPolicyEntry,' + DEFAULT_SUFFIX -SUBTREE_PWP = 'cn=cn\3DnsPwPolicyEntry\2Cdc\3Dexample\2Cdc\3Dcom,' + SUBTREE_CONTAINER +SUBTREE_PWP = 'cn=cn\3DnsPwPolicyEntry\2C' + DEFAULT_SUFFIX_ESCAPED + ',' + SUBTREE_CONTAINER SUBTREE_COS_TMPLDN = 'cn=nsPwTemplateEntry,' + DEFAULT_SUFFIX -SUBTREE_COS_TMPL = 'cn=cn\3DnsPwTemplateEntry\2Cdc\3Dexample\2Cdc\3Dcom,' + SUBTREE_CONTAINER +SUBTREE_COS_TMPL = 'cn=cn\3DnsPwTemplateEntry\2C' + DEFAULT_SUFFIX_ESCAPED + ',' + SUBTREE_CONTAINER SUBTREE_COS_DEF = 'cn=nsPwPolicy_CoS,' + DEFAULT_SUFFIX
USER1_DN = 'uid=user1,' + DEFAULT_SUFFIX @@ -72,8 +72,12 @@ def topology(request):
return TopologyStandalone(standalone)
+def days_to_secs(days): + # Value of 60 * 60 * 24 + return days * 86400
-def set_global_pwpolicy(topology): +# Values are in days +def set_global_pwpolicy(topology, min_=1, max_=10, warn=3): log.info(" +++++ Enable global password policy +++++\n") # Enable password policy try: @@ -82,47 +86,64 @@ def set_global_pwpolicy(topology): log.error('Failed to set pwpolicy-local: error ' + e.message['desc']) assert False
- log.info(" Set global password Min Age -- 1 day\n") + # Convert our values to seconds + min_secs = days_to_secs(min_) + max_secs = days_to_secs(max_) + warn_secs = days_to_secs(warn) + + log.info(" Set global password Min Age -- %s day\n"% min_) try: - topology.standalone.modify_s(DN_CONFIG, [(ldap.MOD_REPLACE, 'passwordMinAge', '86400')]) + topology.standalone.modify_s(DN_CONFIG, [(ldap.MOD_REPLACE, 'passwordMinAge', '%s' % min_secs)]) except ldap.LDAPError as e: log.error('Failed to set passwordMinAge: error ' + e.message['desc']) assert False
- log.info(" Set global password Max Age -- 10 days\n") + log.info(" Set global password Max Age -- %s days\n" % max_) try: - topology.standalone.modify_s(DN_CONFIG, [(ldap.MOD_REPLACE, 'passwordMaxAge', '864000')]) + topology.standalone.modify_s(DN_CONFIG, [(ldap.MOD_REPLACE, 'passwordMaxAge', '%s' % max_secs)]) except ldap.LDAPError as e: log.error('Failed to set passwordMaxAge: error ' + e.message['desc']) assert False
- log.info(" Set global password Warning -- 3 days\n") + log.info(" Set global password Warning -- %s days\n" % warn) try: - topology.standalone.modify_s(DN_CONFIG, [(ldap.MOD_REPLACE, 'passwordWarning', '259200')]) + topology.standalone.modify_s(DN_CONFIG, [(ldap.MOD_REPLACE, 'passwordWarning', '%s' % warn_secs)]) except ldap.LDAPError as e: log.error('Failed to set passwordWarning: error ' + e.message['desc']) assert False
-def set_subtree_pwpolicy(topology): +def set_subtree_pwpolicy(topology, min_=2, max_=20, warn=6): log.info(" +++++ Enable subtree level password policy +++++\n") + + # Convert our values to seconds + min_secs = days_to_secs(min_) + max_secs = days_to_secs(max_) + warn_secs = days_to_secs(warn) + log.info(" Add the container") try: topology.standalone.add_s(Entry((SUBTREE_CONTAINER, {'objectclass': 'top nsContainer'.split(), 'cn': 'nsPwPolicyContainer'}))) except ldap.LDAPError as e: log.error('Failed to add subtree container: error ' + e.message['desc']) - assert False + #assert False
- log.info(" Add the password policy subentry {passwordMustChange: on, passwordMinAge: 2, passwordMaxAge: 20, passwordWarning: 6}") + try: + # Purge the old policy + topology.standalone.delete_s(SUBTREE_PWP) + except: + pass + + log.info(" Add the password policy subentry {passwordMustChange: on, passwordMinAge: %s, passwordMaxAge: %s, passwordWarning: %s}" % (min_, max_, warn)) try: topology.standalone.add_s(Entry((SUBTREE_PWP, {'objectclass': 'top ldapsubentry passwordpolicy'.split(), 'cn': SUBTREE_PWPDN, 'passwordMustChange': 'on', 'passwordExp': 'on', - 'passwordMinAge': '172800', - 'passwordMaxAge': '1728000', - 'passwordWarning': '518400', + 'passwordMinAge': '%s' % min_secs, + 'passwordMaxAge': '%s' % max_secs, + 'passwordWarning': '%s' % warn_secs, 'passwordChange': 'on', 'passwordStorageScheme': 'clear'}))) except ldap.LDAPError as e: @@ -138,7 +159,7 @@ def set_subtree_pwpolicy(topology): 'pwdpolicysubentry': SUBTREE_PWP}))) except ldap.LDAPError as e: log.error('Failed to add COS template: error ' + e.message['desc']) - assert False + #assert False
log.info(" Add the COS definition") try: @@ -148,11 +169,10 @@ def set_subtree_pwpolicy(topology): 'cosAttribute': 'pwdpolicysubentry default operational-default'}))) except ldap.LDAPError as e: log.error('Failed to add COS def: error ' + e.message['desc']) - assert False + #assert False
time.sleep(1)
- def update_passwd(topology, user, passwd, newpasswd): log.info(" Bind as {%s,%s}" % (user, passwd)) topology.standalone.simple_bind_s(user, passwd) @@ -195,7 +215,7 @@ def test_ticket548_test_with_no_policy(topology): 'cn': 'user 1', 'uid': 'user1', 'givenname': 'user', - 'mail': 'user1@example.com', + 'mail': 'user1@' + DEFAULT_SUFFIX, 'userpassword': USER_PW}))) except ldap.LDAPError as e: log.fatal('test_ticket548: Failed to add user' + USER1_DN + ': error ' + e.message['desc']) @@ -231,16 +251,33 @@ def test_ticket548_test_global_policy(topology): 'cn': 'user 2', 'uid': 'user2', 'givenname': 'user', - 'mail': 'user2@example.com', + 'mail': 'user2@' + DEFAULT_SUFFIX, 'userpassword': USER_PW}))) except ldap.LDAPError as e: log.fatal('test_ticket548: Failed to add user' + USER2_DN + ': error ' + e.message['desc']) assert False
+ edate = int(time.time() / (60 * 60 * 24)) + + log.info("Bind as %s" % USER1_DN) + topology.standalone.simple_bind_s(USER1_DN, USER_PW) + + log.info('Search entry %s' % USER1_DN) + entry = topology.standalone.getEntry(USER1_DN, ldap.SCOPE_BASE, "(objectclass=*)") + check_shadow_attr_value(entry, 'shadowLastChange', edate, USER1_DN) + + # passwordMinAge -- 1 day + check_shadow_attr_value(entry, 'shadowMin', 1, USER1_DN) + + # passwordMaxAge -- 10 days + check_shadow_attr_value(entry, 'shadowMax', 10, USER1_DN) + + # passwordWarning -- 3 days + check_shadow_attr_value(entry, 'shadowWarning', 3, USER1_DN) + log.info("Bind as %s" % USER2_DN) topology.standalone.simple_bind_s(USER2_DN, USER_PW)
- edate = int(time.time() / (60 * 60 * 24)) log.info('Search entry %s' % USER2_DN) entry = topology.standalone.getEntry(USER2_DN, ldap.SCOPE_BASE, "(objectclass=*)") check_shadow_attr_value(entry, 'shadowLastChange', edate, USER2_DN) @@ -254,6 +291,34 @@ def test_ticket548_test_global_policy(topology): # passwordWarning -- 3 days check_shadow_attr_value(entry, 'shadowWarning', 3, USER2_DN)
+ # Bind as DM again, change policy + log.info("Bind as %s" % DN_DM) + topology.standalone.simple_bind_s(DN_DM, PASSWORD) + set_global_pwpolicy(topology, 3, 30, 9) + + # change the user password, then check again. + log.info("Bind as %s" % USER2_DN) + topology.standalone.simple_bind_s(USER2_DN, USER_PW) + + newpasswd = USER_PW + '2' + update_passwd(topology, USER2_DN, USER_PW, newpasswd) + + log.info("Re-bind as %s with new password" % USER2_DN) + topology.standalone.simple_bind_s(USER2_DN, newpasswd) + + ## This tests if we update the shadow values on password change. + log.info('Search entry %s' % USER2_DN) + entry = topology.standalone.getEntry(USER2_DN, ldap.SCOPE_BASE, "(objectclass=*)") + + # passwordMinAge -- 1 day + check_shadow_attr_value(entry, 'shadowMin', 3, USER2_DN) + + # passwordMaxAge -- 10 days + check_shadow_attr_value(entry, 'shadowMax', 30, USER2_DN) + + # passwordWarning -- 3 days + check_shadow_attr_value(entry, 'shadowWarning', 9, USER2_DN) + log.info("Check shadowAccount with global policy was successfully verified.")
@@ -266,8 +331,9 @@ def test_ticket548_test_subtree_policy(topology):
log.info("Bind as %s" % DN_DM) topology.standalone.simple_bind_s(DN_DM, PASSWORD) + # Check the global policy values
- set_subtree_pwpolicy(topology) + set_subtree_pwpolicy(topology, 2, 20, 6)
log.info('Add an entry' + USER3_DN) try: @@ -276,7 +342,7 @@ def test_ticket548_test_subtree_policy(topology): 'cn': 'user 3', 'uid': 'user3', 'givenname': 'user', - 'mail': 'user3@example.com', + 'mail': 'user3@' + DEFAULT_SUFFIX, 'userpassword': USER_PW}))) except ldap.LDAPError as e: log.fatal('test_ticket548: Failed to add user' + USER3_DN + ': error ' + e.message['desc']) @@ -312,6 +378,12 @@ def test_ticket548_test_subtree_policy(topology): log.info("Bind as %s and updating the password with a new one" % USER3_DN) topology.standalone.simple_bind_s(USER3_DN, USER_PW)
+ # Bind as DM again, change policy + log.info("Bind as %s" % DN_DM) + topology.standalone.simple_bind_s(DN_DM, PASSWORD) + + set_subtree_pwpolicy(topology, 4, 40, 12) + newpasswd = USER_PW + '0' update_passwd(topology, USER3_DN, USER_PW, newpasswd)
@@ -329,6 +401,19 @@ def test_ticket548_test_subtree_policy(topology): log.info('Expecting shadowLastChange %d once userPassword is updated', edate) check_shadow_attr_value(entry2, 'shadowLastChange', edate, USER3_DN)
+ log.info('Search entry %s' % USER3_DN) + entry = topology.standalone.getEntry(USER3_DN, ldap.SCOPE_BASE, "(objectclass=*)") + check_shadow_attr_value(entry, 'shadowLastChange', edate, USER3_DN) + + # passwordMinAge -- 1 day + check_shadow_attr_value(entry, 'shadowMin', 4, USER3_DN) + + # passwordMaxAge -- 10 days + check_shadow_attr_value(entry, 'shadowMax', 40, USER3_DN) + + # passwordWarning -- 3 days + check_shadow_attr_value(entry, 'shadowWarning', 12, USER3_DN) + log.info("Check shadowAccount with subtree level policy was successfully verified.")
commit 7f63e4c1671d931bdf7e5291726311d43265c6f1 Author: Noriko Hosoi nhosoi@redhat.com Date: Tue Jan 19 11:16:37 2016 -0800
Ticket #548 - RFE: Allow AD password sync to update shadowLastChange
Description: When passwordMinAge, passwordMaxAge, passwordWarning, etc. are changed in a password policy, the corresponding shadow values are also adjusted.
See this comment for more details. https://fedorahosted.org/389/ticket/548#comment:19
This patch checks the current shadow values with the one from the password policy, and if they don't match, it replaces the shadow value with the one from the password policy.
Author: nhosoi
Review: wibrown
diff --git a/ldap/servers/slapd/modify.c b/ldap/servers/slapd/modify.c index 4c0becc..28d3055 100644 --- a/ldap/servers/slapd/modify.c +++ b/ldap/servers/slapd/modify.c @@ -496,7 +496,7 @@ slapi_modify_internal_set_pb_ext(Slapi_PBlock *pb, const Slapi_DN *sdn, if (pb == NULL || sdn == NULL || mods == NULL) { slapi_log_error(SLAPI_LOG_FATAL, NULL, - "slapi_modify_internal_set_pb: NULL parameter\n"); + "slapi_modify_internal_set_pb_ext: NULL parameter\n"); return; }
diff --git a/ldap/servers/slapd/opshared.c b/ldap/servers/slapd/opshared.c index 0237264..41a1b37 100644 --- a/ldap/servers/slapd/opshared.c +++ b/ldap/servers/slapd/opshared.c @@ -1454,10 +1454,12 @@ iterate(Slapi_PBlock *pb, Slapi_Backend *be, int send_result, continue; } /* Adding shadow password attrs. */ - add_shadow_ext_password_attrs(pb, e); + add_shadow_ext_password_attrs(pb, &e); if (process_entry(pb, e, send_result)) { /* shouldn't send this entry */ + slapi_entry_free(pb->pb_pw_entry); + pb->pb_pw_entry = NULL; continue; }
@@ -1483,6 +1485,8 @@ iterate(Slapi_PBlock *pb, Slapi_Backend *be, int send_result, pb->pb_op->o_status = SLAPI_OP_STATUS_ABANDONED; break; } + slapi_entry_free(pb->pb_pw_entry); + pb->pb_pw_entry = NULL; if (pagesize == *pnentries) { /* PAGED RESULTS: reached the pagesize */ diff --git a/ldap/servers/slapd/proto-slap.h b/ldap/servers/slapd/proto-slap.h index 2c6a7af..7a2ddde 100644 --- a/ldap/servers/slapd/proto-slap.h +++ b/ldap/servers/slapd/proto-slap.h @@ -937,7 +937,8 @@ void add_password_attrs( Slapi_PBlock *pb, Operation *op, Slapi_Entry *e ); void mod_allowchange_aci(char *val); void pw_mod_allowchange_aci(int pw_prohibit_change); void pw_add_allowchange_aci(Slapi_Entry *e, int pw_prohibit_change); -void add_shadow_ext_password_attrs(Slapi_PBlock *pb, Slapi_Entry *e); + +int add_shadow_ext_password_attrs(Slapi_PBlock *pb, Slapi_Entry **e);
/* * pw_retry.c diff --git a/ldap/servers/slapd/pw.c b/ldap/servers/slapd/pw.c index a6574ac..f728e10 100644 --- a/ldap/servers/slapd/pw.c +++ b/ldap/servers/slapd/pw.c @@ -2843,108 +2843,156 @@ pw_get_ext_size(Slapi_Entry *entry, size_t *size) return LDAP_SUCCESS; }
-void -add_shadow_ext_password_attrs(Slapi_PBlock *pb, Slapi_Entry *e) +int +add_shadow_ext_password_attrs(Slapi_PBlock *pb, Slapi_Entry **e) { const char *dn = NULL; passwdPolicy *pwpolicy = NULL; time_t shadowval = 0; time_t exptime = 0; - struct berval bv; - struct berval *bvals[2]; - - if (!e) { - return; + Slapi_Mods *smods = NULL; + LDAPMod **mods; + long sval; + int mod_num = 0; + char *shmin = NULL; + char *shmax = NULL; + char *shwarn = NULL; + char *shexp = NULL; + int rc = 0; + + if (!e && !*e) { + return rc; } - dn = slapi_entry_get_ndn(e); + dn = slapi_entry_get_ndn(*e); if (!dn) { - return; + return rc; } - if (!slapi_entry_attr_hasvalue(e, SLAPI_ATTR_OBJECTCLASS, "shadowAccount")) { + if (!slapi_entry_attr_hasvalue(*e, SLAPI_ATTR_OBJECTCLASS, "shadowAccount")) { /* Not a shadowAccount; nothing to do. */ - return; + return rc; } if (operation_is_flag_set(pb->pb_op, OP_FLAG_INTERNAL)) { /* external only */ - return; + return rc; } pwpolicy = new_passwdPolicy(pb, dn); if (!pwpolicy) { - return; + return rc; }
LDAPDebug0Args(LDAP_DEBUG_TRACE, "--> add_shadow_password_attrs\n");
- bvals[0] = &bv; - bvals[1] = NULL; - /* shadowMin - the minimum number of days required between password changes. */ - if (!slapi_entry_attr_exists(e, "shadowMin")) { - if (pwpolicy->pw_minage > 0) { - shadowval = pwpolicy->pw_minage / _SEC_PER_DAY; - } else { - shadowval = 0; + if (pwpolicy->pw_minage > 0) { + shadowval = pwpolicy->pw_minage / _SEC_PER_DAY; + } else { + shadowval = 0; + } + shmin = slapi_entry_attr_get_charptr(*e, "shadowMin"); + if (shmin) { + sval = strtol(shmin, NULL, 0); + if (sval != shadowval) { + slapi_ch_free_string(&shmin); + shmin = slapi_ch_smprintf("%ld", shadowval); + mod_num++; } - bv.bv_val = slapi_ch_smprintf("%ld", shadowval); - bv.bv_len = strlen(bv.bv_val); - slapi_entry_attr_merge(e, "shadowMin", bvals); - slapi_ch_free_string(&bv.bv_val); + } else { + mod_num++; + shmin = slapi_ch_smprintf("%ld", shadowval); }
/* shadowMax - the maximum number of days for which the user password remains valid. */ - if (!slapi_entry_attr_exists(e, "shadowMax")) { - if (pwpolicy->pw_maxage > 0) { - shadowval = pwpolicy->pw_maxage / _SEC_PER_DAY; - exptime = time_plus_sec(current_time(), pwpolicy->pw_maxage); - } else { - shadowval = 99999; + if (pwpolicy->pw_maxage > 0) { + shadowval = pwpolicy->pw_maxage / _SEC_PER_DAY; + exptime = time_plus_sec(current_time(), pwpolicy->pw_maxage); + } else { + shadowval = 99999; + } + shmax = slapi_entry_attr_get_charptr(*e, "shadowMax"); + if (shmax) { + sval = strtol(shmax, NULL, 0); + if (sval != shadowval) { + slapi_ch_free_string(&shmax); + shmax = slapi_ch_smprintf("%ld", shadowval); + mod_num++; } - bv.bv_val = slapi_ch_smprintf("%ld", shadowval); - bv.bv_len = strlen(bv.bv_val); - slapi_entry_attr_replace(e, "shadowMax", bvals); - slapi_ch_free_string(&bv.bv_val); + } else { + mod_num++; + shmax = slapi_ch_smprintf("%ld", shadowval); }
/* shadowWarning - the number of days of advance warning given to the user before the user password expires. */ - if (!slapi_entry_attr_exists(e, "shadowWarning")) { - if (pwpolicy->pw_warning > 0) { - shadowval = pwpolicy->pw_warning / _SEC_PER_DAY; - } else { - shadowval = 0; + if (pwpolicy->pw_warning > 0) { + shadowval = pwpolicy->pw_warning / _SEC_PER_DAY; + } else { + shadowval = 0; + } + shwarn = slapi_entry_attr_get_charptr(*e, "shadowWarning"); + if (shwarn) { + sval = strtol(shwarn, NULL, 0); + if (sval != shadowval) { + slapi_ch_free_string(&shwarn); + shwarn = slapi_ch_smprintf("%ld", shadowval); + mod_num++; } - bv.bv_val = slapi_ch_smprintf("%ld", shadowval); - bv.bv_len = strlen(bv.bv_val); - slapi_entry_attr_replace(e, "shadowWarning", bvals); - slapi_ch_free_string(&bv.bv_val); + } else { + mod_num++; + shwarn = slapi_ch_smprintf("%ld", shadowval); }
/* shadowExpire - the date on which the user login will be disabled. */ - if (exptime && !slapi_entry_attr_exists(e, "shadowExpire")) { + if (exptime) { + shexp = slapi_entry_attr_get_charptr(*e, "shadowExpire"); exptime /= _SEC_PER_DAY; - bv.bv_val = slapi_ch_smprintf("%ld", exptime); - bv.bv_len = strlen(bv.bv_val); - slapi_entry_attr_replace(e, "shadowExpire", bvals); - slapi_ch_free_string(&bv.bv_val); + if (shexp) { + sval = strtol(shexp, NULL, 0); + if (sval != exptime) { + slapi_ch_free_string(&shexp); + shexp = slapi_ch_smprintf("%ld", shadowval); + mod_num++; + } + } else { + mod_num++; + shexp = slapi_ch_smprintf("%ld", exptime); + } + } + smods = slapi_mods_new(); + slapi_mods_init(smods, mod_num); + if (shmin) { + slapi_mods_add(smods, LDAP_MOD_REPLACE, "shadowMin", strlen(shmin), shmin); + slapi_ch_free_string(&shmin); + } + if (shmax) { + slapi_mods_add(smods, LDAP_MOD_REPLACE, "shadowMax", strlen(shmax), shmax); + slapi_ch_free_string(&shmax); + } + if (shwarn) { + slapi_mods_add(smods, LDAP_MOD_REPLACE, "shadowWarning", strlen(shwarn), shwarn); + slapi_ch_free_string(&shwarn); + } + if (shexp) { + slapi_mods_add(smods, LDAP_MOD_REPLACE, "shadowExpire", strlen(shexp), shexp); + slapi_ch_free_string(&shexp); + } + /* Apply the mods to create the resulting entry. */ + mods = slapi_mods_get_ldapmods_byref(smods); + if (mods) { + Slapi_Entry *sentry = slapi_entry_dup(*e); + rc = slapi_entry_apply_mods(sentry, mods); + pb->pb_pw_entry = sentry; + *e = sentry; } + slapi_mods_free(&smods);
#if 0 /* These 2 attributes are no need (or not able) to auto-fill. */ /* * shadowInactive - the number of days of inactivity allowed for the user. * Password Policy does not have the corresponding parameter. + * + * shadowFlag - not currently in use. */ - shadowval = 0; - bv.bv_val = slapi_ch_smprintf("%ld", shadowval); - bv.bv_len = strlen(bv.bv_val); - slapi_entry_attr_replace(e, "shadowInactive", bvals); - slapi_ch_free_string(&bv.bv_val); - - /* shadowFlag - not currently in use. */ - bv.bv_val = slapi_ch_smprintf("%d", 0); - bv.bv_len = strlen(bv.bv_val); - slapi_entry_attr_replace(e, "shadowFlag", bvals); - slapi_ch_free_string(&bv.bv_val); #endif
LDAPDebug0Args(LDAP_DEBUG_TRACE, "<-- add_shadow_password_attrs\n"); - return; + return rc; } diff --git a/ldap/servers/slapd/result.c b/ldap/servers/slapd/result.c index cd58f50..5acff94 100644 --- a/ldap/servers/slapd/result.c +++ b/ldap/servers/slapd/result.c @@ -238,7 +238,7 @@ int send_ldap_intermediate( Slapi_PBlock *pb, LDAPControl **ectrls, rc = ber_put_seq( ber ); } if ( rc == LBER_ERROR ) { - LDAPDebug( LDAP_DEBUG_ANY, "ber_printf failed\n", 0, 0, 0 ); + LDAPDebug( LDAP_DEBUG_ANY, "ber_printf failed 0\n", 0, 0, 0 ); ber_free( ber, 1 /* freebuf */ ); goto log_and_return; } @@ -595,7 +595,7 @@ send_ldap_result_ext( }
if ( rc == LBER_ERROR ) { - LDAPDebug( LDAP_DEBUG_ANY, "ber_printf failed\n", 0, 0, 0 ); + LDAPDebug( LDAP_DEBUG_ANY, "ber_printf failed 1\n", 0, 0, 0 ); if (flush_ber_element == 1) { /* we alloced the ber */ ber_free( ber, 1 /* freebuf */ ); @@ -857,13 +857,13 @@ send_ldapv3_referral( rc = ber_printf( ber, "s", urls[i]->bv_val ); } if ( rc == LBER_ERROR ) { - LDAPDebug( LDAP_DEBUG_ANY, "ber_printf failed\n", 0, 0, 0 ); + LDAPDebug( LDAP_DEBUG_ANY, "ber_printf failed 2\n", 0, 0, 0 ); send_ldap_result( pb, LDAP_OPERATIONS_ERROR, NULL, "ber_printf", 0, NULL ); return( -1 ); } if ( ber_printf( ber, "}}" ) == LBER_ERROR ) { - LDAPDebug( LDAP_DEBUG_ANY, "ber_printf failed\n", 0, 0, 0 ); + LDAPDebug( LDAP_DEBUG_ANY, "ber_printf failed 3\n", 0, 0, 0 ); send_ldap_result( pb, LDAP_OPERATIONS_ERROR, NULL, "ber_printf", 0, NULL ); return( -1 ); @@ -980,7 +980,7 @@ encode_attr_2( #endif
if (ber_printf(ber, "{s[", returned_type?returned_type:attribute_type) == -1) { - LDAPDebug( LDAP_DEBUG_ANY, "ber_printf failed\n", 0, 0, 0 ); + LDAPDebug( LDAP_DEBUG_ANY, "ber_printf failed 4\n", 0, 0, 0 ); ber_free( ber, 1 ); send_ldap_result(pb, LDAP_OPERATIONS_ERROR, NULL, "ber_printf type", 0, NULL); @@ -994,7 +994,7 @@ encode_attr_2( if ( ber_printf( ber, "o", v->bv.bv_val,v->bv.bv_len ) == -1 ) { LDAPDebug( LDAP_DEBUG_ANY, - "ber_printf failed\n", 0, 0, 0 ); + "ber_printf failed 5\n", 0, 0, 0 ); ber_free( ber, 1 ); send_ldap_result( pb, LDAP_OPERATIONS_ERROR, NULL, "ber_printf value", 0, NULL ); @@ -1005,7 +1005,7 @@ encode_attr_2( }
if ( ber_printf( ber, "]}" ) == -1 ) { - LDAPDebug( LDAP_DEBUG_ANY, "ber_printf failed\n", 0, 0, 0 ); + LDAPDebug( LDAP_DEBUG_ANY, "ber_printf failed 6\n", 0, 0, 0 ); ber_free( ber, 1 ); send_ldap_result( pb, LDAP_OPERATIONS_ERROR, NULL, "ber_printf type end", 0, NULL ); @@ -1549,7 +1549,7 @@ send_ldap_search_entry_ext( LDAP_RES_SEARCH_ENTRY, slapi_entry_get_dn_const(e) );
if ( rc == -1 ) { - LDAPDebug( LDAP_DEBUG_ANY, "ber_printf failed\n", 0, 0, 0 ); + LDAPDebug( LDAP_DEBUG_ANY, "ber_printf failed 7\n", 0, 0, 0 ); send_ldap_result( pb, LDAP_OPERATIONS_ERROR, NULL, "ber_printf dn", 0, NULL ); goto cleanup; @@ -1663,7 +1663,7 @@ send_ldap_search_entry_ext( }
if ( rc == -1 ) { - LDAPDebug( LDAP_DEBUG_ANY, "ber_printf failed\n", 0, 0, 0 ); + LDAPDebug( LDAP_DEBUG_ANY, "ber_printf failed 8\n", 0, 0, 0 ); send_ldap_result( pb, LDAP_OPERATIONS_ERROR, NULL, "ber_printf entry end", 0, NULL ); goto cleanup; diff --git a/ldap/servers/slapd/slap.h b/ldap/servers/slapd/slap.h index c4bae76..5bb9252 100644 --- a/ldap/servers/slapd/slap.h +++ b/ldap/servers/slapd/slap.h @@ -1735,6 +1735,7 @@ typedef struct slapi_pblock { /* For ACI Target Check */ int pb_aci_target_check; /* this flag prevents duplicate checking of ACI's target existence */
+ struct slapi_entry *pb_pw_entry; /* stash dup'ed entry that shadow info is added/replaced */ } slapi_pblock;
/* index if substrlens */
389-commits@lists.fedoraproject.org