VERSION.sh | 2 -
ldap/servers/plugins/deref/deref.c | 2 +
ldap/servers/slapd/pw.c | 15 +++++--------
ldap/servers/slapd/pw_retry.c | 42 +++++++++++++++++++++----------------
4 files changed, 33 insertions(+), 28 deletions(-)
New commits:
commit 998d02e8dc2dc2b21edf3f86e820dad14a816f1f
Author: Rich Megginson <rmeggins(a)redhat.com>
Date: Wed Jun 27 11:05:18 2012 -0600
bump version to 1.2.10.12
diff --git a/VERSION.sh b/VERSION.sh
index 7dc03d0..8fe4140 100644
--- a/VERSION.sh
+++ b/VERSION.sh
@@ -10,7 +10,7 @@ vendor="389 Project"
# PACKAGE_VERSION is constructed from these
VERSION_MAJOR=1
VERSION_MINOR=2
-VERSION_MAINT=10.11
+VERSION_MAINT=10.12
# if this is a PRERELEASE, set VERSION_PREREL
# otherwise, comment it out
# be sure to include the dot prefix in the prerel
commit 3384faff2e1de9632f86423617c16db1fa87c6fd
Author: Rich Megginson <rmeggins(a)redhat.com>
Date: Wed Jun 27 10:32:38 2012 -0600
Ticket 378 - unhashed#user#password visible after changing password
declare is_type_forbidden in deref.c
(cherry picked from commit 4bf9444a082f25f289a973128c243583831cc848)
(cherry picked from commit a97f7050fbbd9318d9840dbac7aeeaf91867d73c)
diff --git a/ldap/servers/plugins/deref/deref.c b/ldap/servers/plugins/deref/deref.c
index 772601c..698a758 100644
--- a/ldap/servers/plugins/deref/deref.c
+++ b/ldap/servers/plugins/deref/deref.c
@@ -46,6 +46,8 @@
#include "deref.h"
#include <nspr.h>
+int is_type_forbidden(const char *type); /* from proto-slap.h */
+
#ifndef DN_SYNTAX_OID
#define DN_SYNTAX_OID "1.3.6.1.4.1.1466.115.121.1.12"
#endif
commit 2595af78e74913608b087d26079e5363e6b9f0b1
Author: Noriko Hosoi <nhosoi(a)redhat.com>
Date: Tue Jun 26 16:56:19 2012 -0700
Trac Ticket 396 - Account Usability Control Not Working [Bug 835238]
https://fedorahosted.org/389/ticket/396
Fix Description: Commit 003812911f56619f0db58ba627037644fb0f68fb
broke the feature. This patch is backing off the change so that
get_entry accepts NULL pblock, which is necessary for the
Account Usability plugin.
diff --git a/ldap/servers/slapd/pw.c b/ldap/servers/slapd/pw.c
index 2a7b29b..b3843b8 100644
--- a/ldap/servers/slapd/pw.c
+++ b/ldap/servers/slapd/pw.c
@@ -1533,23 +1533,20 @@ new_passwdPolicy(Slapi_PBlock *pb, const char *dn)
char ebuf[ BUFSIZ ];
int optype = -1;
- /* RFE - is there a way to make this work for non-existent entries
- * when we don't pass in pb? We'll need to do this if we add support
- * for password policy plug-ins. */
- if (NULL == pb) {
- LDAPDebug0Args(LDAP_DEBUG_ANY,
- "new_passwdPolicy: NULL pblock was passed.\n");
- return NULL;
- }
slapdFrontendConfig = getFrontendConfig();
pwdpolicy = (passwdPolicy *)slapi_ch_calloc(1, sizeof(passwdPolicy));
- slapi_pblock_get( pb, SLAPI_OPERATION_TYPE, &optype );
+ if (pb) {
+ slapi_pblock_get( pb, SLAPI_OPERATION_TYPE, &optype );
+ }
if (dn && (slapdFrontendConfig->pwpolicy_local == 1)) {
/* If we're doing an add, COS does not apply yet so we check
parents for the pwdpolicysubentry. We look only for virtual
attributes, because real ones are for single-target policy. */
+ /* RFE - is there a way to make this work for non-existent entries
+ * when we don't pass in pb? We'll need to do this if we add support
+ * for password policy plug-ins. */
if (optype == SLAPI_OPERATION_ADD) {
char *parentdn = slapi_ch_strdup(dn);
char *nextdn = NULL;
diff --git a/ldap/servers/slapd/pw_retry.c b/ldap/servers/slapd/pw_retry.c
index 48849fb..9b7c18c 100644
--- a/ldap/servers/slapd/pw_retry.c
+++ b/ldap/servers/slapd/pw_retry.c
@@ -206,45 +206,51 @@ void set_retry_cnt ( Slapi_PBlock *pb, int count)
}
+/*
+ * If "dn" is passed, get_entry returns an entry which dn is "dn".
+ * If "dn" is not passed, it returns an entry which dn is set in
+ * SLAPI_TARGET_SDN in pblock.
+ * Note: pblock is not mandatory for get_entry (e.g., new_passwdPolicy).
+ */
Slapi_Entry *get_entry ( Slapi_PBlock *pb, const char *dn)
{
int search_result = 0;
Slapi_Entry *retentry = NULL;
Slapi_DN *target_sdn = NULL;
+ char *target_dn = (char *)dn;
Slapi_DN sdn;
void *txn = NULL;
- if (NULL == pb) {
- LDAPDebug(LDAP_DEBUG_ANY, "get_entry - no pblock specified.\n",
- 0, 0, 0);
- goto bail;
- }
-
- slapi_pblock_get( pb, SLAPI_TARGET_SDN, &target_sdn );
slapi_pblock_get( pb, SLAPI_TXN, &txn );
-
- if (dn == NULL) {
- dn = slapi_sdn_get_dn(target_sdn);
+ if (pb) {
+ slapi_pblock_get( pb, SLAPI_TARGET_SDN, &target_sdn );
+ if (target_dn == NULL) {
+ target_dn = slapi_sdn_get_dn(target_sdn);
+ }
}
- if (dn == NULL) {
- LDAPDebug (LDAP_DEBUG_TRACE, "WARNING: 'get_entry' - no dn
specified.\n", 0, 0, 0);
+ if (target_dn == NULL) {
+ LDAPDebug0Args(LDAP_DEBUG_TRACE,
+ "WARNING: 'get_entry' - no dn specified.\n");
goto bail;
}
- slapi_sdn_init_dn_byref(&sdn, dn);
-
- if (slapi_sdn_compare(&sdn, target_sdn)) { /* does not match */
- target_sdn = &sdn;
+ if (target_dn == dn) { /* target_dn is NOT from target_sdn */
+ slapi_sdn_init_dn_byref(&sdn, target_dn);
+ target_sdn = &sdn;
}
search_result = slapi_search_internal_get_entry_ext(target_sdn, NULL,
&retentry,
pw_get_componentID(), txn);
if (search_result != LDAP_SUCCESS) {
- LDAPDebug (LDAP_DEBUG_TRACE, "WARNING: 'get_entry' can't find entry
'%s', err %d\n", dn, search_result, 0);
+ LDAPDebug2Args(LDAP_DEBUG_TRACE,
+ "WARNING: 'get_entry' can't find entry '%s',
err %d\n",
+ target_dn, search_result);
+ }
+ if (target_dn == dn) { /* target_dn is NOT from target_sdn */
+ slapi_sdn_done(&sdn);
}
- slapi_sdn_done(&sdn);
bail:
return retentry;
}