[Pkg-fedora-ds-maintainers] 389-ds-base: Changes to 'debian-unstable'
Timo Aaltonen
tjaalton-guest at alioth.debian.org
Wed Feb 6 11:19:38 UTC 2013
Makefile.am | 1
VERSION.sh | 2
configure.ac | 2
debian/changelog | 4
debian/patches/default_user | 8
debian/patches/fix-cve-2012-4450.diff | 366 ----
debian/patches/series | 1
ldap/ldif/50posix-winsync-plugin.ldif | 1
ldap/schema/01core389.ldif | 32
ldap/schema/02common.ldif | 5
ldap/schema/60posix-winsync-plugin.ldif | 44
ldap/servers/plugins/acl/acl.c | 77 -
ldap/servers/plugins/acl/acl.h | 5
ldap/servers/plugins/acl/aclgroup.c | 2
ldap/servers/plugins/acl/acllist.c | 48
ldap/servers/plugins/automember/automember.c | 44
ldap/servers/plugins/dna/dna.c | 53
ldap/servers/plugins/memberof/memberof.c | 7
ldap/servers/plugins/posix-winsync/posix-group-func.c | 854 +++++++++--
ldap/servers/plugins/posix-winsync/posix-group-func.h | 2
ldap/servers/plugins/posix-winsync/posix-group-task.c | 250 ++-
ldap/servers/plugins/posix-winsync/posix-winsync-config.c | 16
ldap/servers/plugins/posix-winsync/posix-winsync.c | 199 ++
ldap/servers/plugins/posix-winsync/posix-wsp-ident.h | 4
ldap/servers/plugins/replication/cl5_api.c | 18
ldap/servers/plugins/replication/repl5.h | 29
ldap/servers/plugins/replication/repl5_agmt.c | 99 -
ldap/servers/plugins/replication/repl5_agmtlist.c | 11
ldap/servers/plugins/replication/repl5_connection.c | 6
ldap/servers/plugins/replication/repl5_init.c | 69
ldap/servers/plugins/replication/repl5_replica.c | 132 -
ldap/servers/plugins/replication/repl5_replica_config.c | 1057 +++++++++-----
ldap/servers/plugins/replication/repl_extop.c | 323 +++-
ldap/servers/plugins/replication/replutil.c | 47
ldap/servers/plugins/replication/windows_connection.c | 2
ldap/servers/slapd/abandon.c | 10
ldap/servers/slapd/add.c | 56
ldap/servers/slapd/back-ldbm/back-ldbm.h | 5
ldap/servers/slapd/back-ldbm/dblayer.c | 4
ldap/servers/slapd/back-ldbm/idl.c | 7
ldap/servers/slapd/back-ldbm/index.c | 39
ldap/servers/slapd/back-ldbm/ldbm_config.c | 23
ldap/servers/slapd/back-ldbm/ldbm_config.h | 1
ldap/servers/slapd/back-ldbm/ldbm_delete.c | 7
ldap/servers/slapd/back-ldbm/ldbm_modify.c | 7
ldap/servers/slapd/back-ldbm/ldbm_modrdn.c | 11
ldap/servers/slapd/back-ldbm/misc.c | 2
ldap/servers/slapd/back-ldbm/proto-back-ldbm.h | 2
ldap/servers/slapd/back-ldbm/start.c | 9
ldap/servers/slapd/back-ldbm/vlv.c | 8
ldap/servers/slapd/connection.c | 4
ldap/servers/slapd/daemon.c | 2
ldap/servers/slapd/dn.c | 2
ldap/servers/slapd/entry.c | 10
ldap/servers/slapd/errormap.c | 10
ldap/servers/slapd/log.c | 63
ldap/servers/slapd/mapping_tree.c | 2
ldap/servers/slapd/opshared.c | 25
ldap/servers/slapd/pagedresults.c | 167 +-
ldap/servers/slapd/pblock.c | 6
ldap/servers/slapd/plugin_acl.c | 30
ldap/servers/slapd/proto-slap.h | 9
ldap/servers/slapd/pw.c | 5
ldap/servers/slapd/slap.h | 15
ldap/servers/slapd/slapi-plugin.h | 75
ldap/servers/slapd/slapi-private.h | 12
lib/libaccess/acltools.cpp | 1
67 files changed, 2864 insertions(+), 1585 deletions(-)
New commits:
commit 5a4d41e3ef0e7b338b640d022107e13c472dbc24
Author: Timo Aaltonen <tjaalton at ubuntu.com>
Date: Tue Dec 11 14:42:08 2012 +0200
fix-cve-2012-4450.diff: Remove, upstream.
diff --git a/debian/changelog b/debian/changelog
index 08d020c..9ce5255 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -2,6 +2,7 @@
* New upstream release.
* watch: Add a comment about the upstream git tree.
+ * fix-cve-2012-4450.diff: Remove, upstream.
-- Timo Aaltonen <tjaalton at ubuntu.com> Sat, 01 Dec 2012 14:22:13 +0200
diff --git a/debian/patches/default_user b/debian/patches/default_user
index a1e4966..2e94700 100644
--- a/debian/patches/default_user
+++ b/debian/patches/default_user
@@ -1,11 +1,9 @@
Description: Run the daemon using "dirsrv" user and group
Author: Michele Baldessari <michele at acksyn.org>
-Index: 389-ds-base/configure.ac
-===================================================================
---- 389-ds-base.orig/configure.ac 2011-09-30 01:18:51.582181551 +0300
-+++ 389-ds-base/configure.ac 2011-10-10 11:02:23.765296773 +0300
-@@ -289,8 +289,8 @@
+--- a/configure.ac
++++ b/configure.ac
+@@ -306,8 +306,8 @@ configdir=/$PACKAGE_NAME/config
schemadir=/$PACKAGE_NAME/schema
# default user, group
diff --git a/debian/patches/fix-cve-2012-4450.diff b/debian/patches/fix-cve-2012-4450.diff
deleted file mode 100644
index 35a6a45..0000000
--- a/debian/patches/fix-cve-2012-4450.diff
+++ /dev/null
@@ -1,366 +0,0 @@
-commit 7399cbd53d6289df592d3414a84972eacb4dc97d
-Author: Noriko Hosoi <nhosoi at totoro.usersys.redhat.com>
-Date: Fri Sep 21 12:35:18 2012 -0700
-
- Trac Ticket #340 - Change on SLAPI_MODRDN_NEWSUPERIOR is not
- evaluated in acl
-
- https://fedorahosted.org/389/ticket/340
-
- Bug Description: When modrdn operation was executed, only newrdn
- change was passed to the acl plugin. Also, the change was used
- only for the acl search, but not for the acl target in the items
- in the acl cache.
-
- Fix Description: This patch also passes the newsuperior update
- to the acl plugin. And the modrdn updates are applied to the
- acl target in the acl cache.
- (cherry picked from commit 5beb93d42efb807838c09c5fab898876876f8d09)
-
-diff --git a/ldap/servers/plugins/acl/acl.c b/ldap/servers/plugins/acl/acl.c
-index 15e474e..3389404 100644
---- a/ldap/servers/plugins/acl/acl.c
-+++ b/ldap/servers/plugins/acl/acl.c
-@@ -170,9 +170,9 @@ acl_access_allowed_modrdn(
- * Test if have access to make the first rdn of dn in entry e.
- */
-
--static int check_rdn_access( Slapi_PBlock *pb, Slapi_Entry *e, const char *dn,
-- int access) {
--
-+static int
-+check_rdn_access( Slapi_PBlock *pb, Slapi_Entry *e, const char *dn, int access)
-+{
- char **dns;
- char **rdns;
- int retCode = LDAP_INSUFFICIENT_ACCESS;
-@@ -655,7 +655,8 @@ cleanup_and_ret:
-
- }
-
--static void print_access_control_summary( char *source, int ret_val, char *clientDn,
-+static void
-+print_access_control_summary( char *source, int ret_val, char *clientDn,
- struct acl_pblock *aclpb,
- char *right,
- char *attr,
-@@ -1524,11 +1525,12 @@ acl_check_mods(
- *
- **************************************************************************/
- extern void
--acl_modified (Slapi_PBlock *pb, int optype, char *n_dn, void *change)
-+acl_modified (Slapi_PBlock *pb, int optype, Slapi_DN *e_sdn, void *change)
- {
- struct berval **bvalue;
- char **value;
- int rv=0; /* returned value */
-+ const char* n_dn;
- char* new_RDN;
- char* parent_DN;
- char* new_DN;
-@@ -1537,10 +1539,12 @@ acl_modified (Slapi_PBlock *pb, int optype, char *n_dn, void *change)
- int j;
- Slapi_Attr *attr = NULL;
- Slapi_Entry *e = NULL;
-- Slapi_DN *e_sdn;
- aclUserGroup *ugroup = NULL;
-
-- e_sdn = slapi_sdn_new_normdn_byval ( n_dn );
-+ if (NULL == e_sdn) {
-+ return;
-+ }
-+ n_dn = slapi_sdn_get_dn(e_sdn);
- /* Before we proceed, Let's first check if we are changing any groups.
- ** If we are, then we need to change the signature
- */
-@@ -1768,45 +1772,64 @@ acl_modified (Slapi_PBlock *pb, int optype, char *n_dn, void *change)
- }
-
- break;
-- }/* case op is modify*/
-+ }/* case op is modify*/
-
-- case SLAPI_OPERATION_MODRDN:
--
-- new_RDN = (char*) change;
-- slapi_log_error (SLAPI_LOG_ACL, plugin_name,
-- "acl_modified (MODRDN %s => \"%s\"\n",
-- n_dn, new_RDN);
-+ case SLAPI_OPERATION_MODRDN:
-+ {
-+ char **rdn_parent;
-+ rdn_parent = (char **)change;
-+ new_RDN = rdn_parent[0];
-+ parent_DN = rdn_parent[1];
-
- /* compute new_DN: */
-- parent_DN = slapi_dn_parent (n_dn);
-- if (parent_DN == NULL) {
-- new_DN = new_RDN;
-+ if (NULL == parent_DN) {
-+ parent_DN = slapi_dn_parent(n_dn);
-+ }
-+ if (NULL == parent_DN) {
-+ if (NULL == new_RDN) {
-+ slapi_log_error (SLAPI_LOG_ACL, plugin_name,
-+ "acl_modified (MODRDN %s => \"no change\"\n",
-+ n_dn);
-+ break;
-+ } else {
-+ new_DN = new_RDN;
-+ }
- } else {
-- new_DN = slapi_create_dn_string("%s,%s", new_RDN, parent_DN);
-+ if (NULL == new_RDN) {
-+ Slapi_RDN *rdn= slapi_rdn_new();
-+ slapi_sdn_get_rdn(e_sdn, rdn);
-+ new_DN = slapi_create_dn_string("%s,%s", slapi_rdn_get_rdn(rdn),
-+ parent_DN);
-+ slapi_rdn_free(&rdn);
-+ } else {
-+ new_DN = slapi_create_dn_string("%s,%s", new_RDN, parent_DN);
-+ }
- }
-+ slapi_log_error (SLAPI_LOG_ACL, plugin_name,
-+ "acl_modified (MODRDN %s => \"%s\"\n", n_dn, new_RDN);
-
- /* Change the acls */
-- acllist_acicache_WRITE_LOCK();
-+ acllist_acicache_WRITE_LOCK();
- /* acllist_moddn_aci_needsLock expects normalized new_DN,
- * which is no need to be case-ignored */
- acllist_moddn_aci_needsLock ( e_sdn, new_DN );
- acllist_acicache_WRITE_UNLOCK();
-
- /* deallocat the parent_DN */
-- if (parent_DN != NULL) {
-- slapi_ch_free ( (void **) &new_DN );
-- slapi_ch_free ( (void **) &parent_DN );
-+ if (parent_DN != NULL) {
-+ slapi_ch_free_string(&new_DN);
-+ if (parent_DN != rdn_parent[1]) {
-+ slapi_ch_free_string(&parent_DN);
-+ }
- }
- break;
--
-- default:
-+ } /* case op is modrdn */
-+ default:
- /* print ERROR */
- break;
- } /*optype switch */
--
-- slapi_sdn_free ( &e_sdn );
--
- }
-+
- /***************************************************************************
- *
- * acl__scan_for_acis
-diff --git a/ldap/servers/plugins/acl/acl.h b/ldap/servers/plugins/acl/acl.h
-index 4fa3e3f..28c38e7 100644
---- a/ldap/servers/plugins/acl/acl.h
-+++ b/ldap/servers/plugins/acl/acl.h
-@@ -796,7 +796,8 @@ int acl_read_access_allowed_on_attr ( Slapi_PBlock *pb, Slapi_Entry *e, char
- struct berval *val, int access);
- void acl_set_acllist (Slapi_PBlock *pb, int scope, char *base);
- void acl_gen_err_msg(int access, char *edn, char *attr, char **errbuf);
--void acl_modified ( Slapi_PBlock *pb, int optype, char *dn, void *change);
-+void acl_modified (Slapi_PBlock *pb, int optype, Slapi_DN *e_sdn, void *change);
-+
- int acl_access_allowed_disjoint_resource( Slapi_PBlock *pb, Slapi_Entry *e,
- char *attr, struct berval *val, int access );
- int acl_access_allowed_main ( Slapi_PBlock *pb, Slapi_Entry *e, char **attrs,
-@@ -866,7 +867,7 @@ void acllist_print_tree ( Avlnode *root, int *depth, char *start, char *side);
- AciContainer *acllist_get_aciContainer_new ( );
- void acllist_done_aciContainer ( AciContainer *);
-
--aclUserGroup* aclg_find_userGroup (char *n_dn);
-+aclUserGroup* aclg_find_userGroup (const char *n_dn);
- void aclg_regen_ugroup_signature( aclUserGroup *ugroup);
- void aclg_markUgroupForRemoval ( aclUserGroup *u_group );
- void aclg_reader_incr_ugroup_refcnt(aclUserGroup* u_group);
-diff --git a/ldap/servers/plugins/acl/aclgroup.c b/ldap/servers/plugins/acl/aclgroup.c
-index c694293..2231304 100644
---- a/ldap/servers/plugins/acl/aclgroup.c
-+++ b/ldap/servers/plugins/acl/aclgroup.c
-@@ -213,7 +213,7 @@ aclg_reset_userGroup ( struct acl_pblock *aclpb )
- */
-
- aclUserGroup*
--aclg_find_userGroup(char *n_dn)
-+aclg_find_userGroup(const char *n_dn)
- {
- aclUserGroup *u_group = NULL;
- int i;
-diff --git a/ldap/servers/plugins/acl/acllist.c b/ldap/servers/plugins/acl/acllist.c
-index 9b5363a..e8198af 100644
---- a/ldap/servers/plugins/acl/acllist.c
-+++ b/ldap/servers/plugins/acl/acllist.c
-@@ -600,7 +600,6 @@ void
- acllist_init_scan (Slapi_PBlock *pb, int scope, const char *base)
- {
- Acl_PBlock *aclpb;
-- int i;
- AciContainer *root;
- char *basedn = NULL;
- int index;
-@@ -671,11 +670,6 @@ acllist_init_scan (Slapi_PBlock *pb, int scope, const char *base)
- aclpb->aclpb_state &= ~ACLPB_SEARCH_BASED_ON_LIST ;
-
- acllist_acicache_READ_UNLOCK();
--
-- i = 0;
-- while ( i < aclpb_max_selected_acls && aclpb->aclpb_base_handles_index[i] != -1 ) {
-- i++;
-- }
- }
-
- /*
-@@ -893,34 +887,50 @@ acllist_acicache_WRITE_LOCK( )
- int
- acllist_moddn_aci_needsLock ( Slapi_DN *oldsdn, char *newdn )
- {
--
--
- AciContainer *aciListHead;
- AciContainer *head;
-+ aci_t *acip;
-+ const char *oldndn;
-
- /* first get the container */
-
- aciListHead = acllist_get_aciContainer_new ( );
- slapi_sdn_free(&aciListHead->acic_sdn);
-- aciListHead->acic_sdn = oldsdn;
--
-+ aciListHead->acic_sdn = oldsdn;
-
- if ( NULL == (head = (AciContainer *) avl_find( acllistRoot, aciListHead,
-- (IFP) __acllist_aciContainer_node_cmp ) ) ) {
-+ (IFP) __acllist_aciContainer_node_cmp ) ) ) {
-
- slapi_log_error ( SLAPI_PLUGIN_ACL, plugin_name,
-- "Can't find the acl in the tree for moddn operation:olddn%s\n",
-- slapi_sdn_get_ndn ( oldsdn ));
-+ "Can't find the acl in the tree for moddn operation:olddn%s\n",
-+ slapi_sdn_get_ndn ( oldsdn ));
- aciListHead->acic_sdn = NULL;
- __acllist_free_aciContainer ( &aciListHead );
-- return 1;
-+ return 1;
- }
-
--
-- /* Now set the new DN */
-- slapi_sdn_done ( head->acic_sdn );
-- slapi_sdn_set_normdn_byval ( head->acic_sdn, newdn );
--
-+ /* Now set the new DN */
-+ slapi_sdn_set_normdn_byval(head->acic_sdn, newdn);
-+
-+ /* If necessary, reset the target DNs, as well. */
-+ oldndn = slapi_sdn_get_ndn(oldsdn);
-+ for (acip = head->acic_list; acip; acip = acip->aci_next) {
-+ const char *ndn = slapi_sdn_get_ndn(acip->aci_sdn);
-+ char *p = PL_strstr(ndn, oldndn);
-+ if (p) {
-+ if (p == ndn) {
-+ /* target dn is identical, replace it with new DN*/
-+ slapi_sdn_set_normdn_byval(acip->aci_sdn, newdn);
-+ } else {
-+ /* target dn is a descendent of olddn, merge it with new DN*/
-+ char *mynewdn;
-+ *p = '\0';
-+ mynewdn = slapi_ch_smprintf("%s%s", ndn, newdn);
-+ slapi_sdn_set_normdn_passin(acip->aci_sdn, mynewdn);
-+ }
-+ }
-+ }
-+
- aciListHead->acic_sdn = NULL;
- __acllist_free_aciContainer ( &aciListHead );
-
-diff --git a/ldap/servers/slapd/dn.c b/ldap/servers/slapd/dn.c
-index 568871f..35c0700 100644
---- a/ldap/servers/slapd/dn.c
-+++ b/ldap/servers/slapd/dn.c
-@@ -2037,7 +2037,7 @@ slapi_sdn_set_normdn_byval(Slapi_DN *sdn, const char *normdn)
- slapi_sdn_done(sdn);
- sdn->flag = slapi_setbit_uchar(sdn->flag, FLAG_DN);
- if(normdn == NULL) {
-- sdn->dn = slapi_ch_strdup(normdn);
-+ sdn->dn = NULL;
- sdn->ndn_len = 0;
- } else {
- sdn->dn = slapi_ch_strdup(normdn);
-diff --git a/ldap/servers/slapd/plugin_acl.c b/ldap/servers/slapd/plugin_acl.c
-index b878156..3bc3f21 100644
---- a/ldap/servers/slapd/plugin_acl.c
-+++ b/ldap/servers/slapd/plugin_acl.c
-@@ -134,11 +134,10 @@ int
- plugin_call_acl_mods_update ( Slapi_PBlock *pb, int optype )
- {
- struct slapdplugin *p;
-- char *dn;
- int rc = 0;
-- void *change = NULL;
-- Slapi_Entry *te = NULL;
-- Slapi_DN *sdn = NULL;
-+ void *change = NULL;
-+ Slapi_Entry *te = NULL;
-+ Slapi_DN *sdn = NULL;
- Operation *operation;
-
- slapi_pblock_get (pb, SLAPI_OPERATION, &operation);
-@@ -146,7 +145,7 @@ plugin_call_acl_mods_update ( Slapi_PBlock *pb, int optype )
- (void)slapi_pblock_get( pb, SLAPI_TARGET_SDN, &sdn );
-
- switch ( optype ) {
-- case SLAPI_OPERATION_MODIFY:
-+ case SLAPI_OPERATION_MODIFY:
- (void)slapi_pblock_get( pb, SLAPI_MODIFY_MODS, &change );
- break;
- case SLAPI_OPERATION_ADD:
-@@ -158,11 +157,27 @@ plugin_call_acl_mods_update ( Slapi_PBlock *pb, int optype )
- }
- break;
- case SLAPI_OPERATION_MODRDN:
-+ {
-+ void *mychange[2];
-+ char *newrdn = NULL;
-+ Slapi_DN *psdn = NULL;
-+ char *pdn = NULL;
-+
- /* newrdn: "change" is normalized but not case-ignored */
- /* The acl plugin expects normalized newrdn, but no need to be case-
- * ignored. */
-- (void)slapi_pblock_get( pb, SLAPI_MODRDN_NEWRDN, &change );
-+ (void)slapi_pblock_get( pb, SLAPI_MODRDN_NEWRDN, &newrdn );
-+ (void)slapi_pblock_get( pb, SLAPI_MODRDN_NEWSUPERIOR_SDN, &psdn );
-+ if (psdn) {
-+ pdn = (char *)slapi_sdn_get_dn(psdn);
-+ } else {
-+ (void)slapi_pblock_get( pb, SLAPI_MODRDN_NEWSUPERIOR, &pdn );
-+ }
-+ mychange[0] = newrdn;
-+ mychange[1] = pdn;
-+ change = mychange;
- break;
-+ }
- }
-
- if (NULL == sdn) {
-@@ -172,10 +187,9 @@ plugin_call_acl_mods_update ( Slapi_PBlock *pb, int optype )
- }
-
- /* call the global plugins first and then the backend specific */
-- dn = (char*)slapi_sdn_get_ndn(sdn); /* jcm - Had to cast away const */
- for ( p = get_plugin_list(PLUGIN_LIST_ACL); p != NULL; p = p->plg_next ) {
- if (plugin_invoke_plugin_sdn(p, SLAPI_PLUGIN_ACL_MODS_UPDATE, pb, sdn)){
-- rc = (*p->plg_acl_mods_update)(pb, optype, dn, change );
-+ rc = (*p->plg_acl_mods_update)(pb, optype, sdn, change );
- if ( rc != LDAP_SUCCESS ) break;
- }
- }
diff --git a/debian/patches/series b/debian/patches/series
index 498a070..4c983c0 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1,2 +1 @@
default_user
-fix-cve-2012-4450.diff
commit bd6670974280451facb7fc8ef13654b90cfa6d25
Author: Timo Aaltonen <tjaalton at ubuntu.com>
Date: Tue Dec 11 14:30:55 2012 +0200
update the changelog
diff --git a/debian/changelog b/debian/changelog
index 755e21b..08d020c 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,5 +1,6 @@
-389-ds-base (1.2.11.15-2) UNRELEASED; urgency=low
+389-ds-base (1.2.11.17-1) UNRELEASED; urgency=low
+ * New upstream release.
* watch: Add a comment about the upstream git tree.
-- Timo Aaltonen <tjaalton at ubuntu.com> Sat, 01 Dec 2012 14:22:13 +0200
commit 85261ef0161df156ea3991a77046aabda6c34cf4
Author: Mark Reynolds <mreynolds at redhat.com>
Date: Thu Dec 6 14:52:40 2012 -0500
Ticket 527 - ns-slapd segfaults if it cannot rename the logs
Bug Description: If we can not rename a log file, triggered by log rotation,
we try and log a message stating this error, but trying to
log this new message triggers log rotation again. This leads
to an infinite loop and a stack overflow.
Fix Description: Created a new logging function that does not do a rotation check.
We use this new function for all emergency error logging.
https://fedorahosted.org/389/ticket/527
Reviewed by: richm(Thanks!)
(cherry picked from commit 4e9aab8a172c8636ea78a9d1230c78c76268efd7)
diff --git a/ldap/servers/slapd/log.c b/ldap/servers/slapd/log.c
index e622485..e65b247 100644
--- a/ldap/servers/slapd/log.c
+++ b/ldap/servers/slapd/log.c
@@ -138,6 +138,7 @@ static void log_append_buffer2(time_t tnl, LogBufferInfo *lbi, char *msg1, size_
static void log_flush_buffer(LogBufferInfo *lbi, int type, int sync_now);
static void log_write_title(LOGFD fp);
static void log__error_emergency(const char *errstr, int reopen, int locked);
+static void vslapd_log_emergency_error(LOGFD fp, const char *msg, int locked);
static int
slapd_log_error_proc_internal(
@@ -1834,6 +1835,57 @@ slapd_log_error_proc_internal(
return( rc );
}
+/*
+ * Directly write the already formatted message to the error log
+ */
+static void
+vslapd_log_emergency_error(LOGFD fp, const char *msg, int locked)
+{
+ time_t tnl;
+ long tz;
+ struct tm *tmsp, tms;
+ char tbuf[ TBUFSIZE ];
+ char buffer[SLAPI_LOG_BUFSIZ];
+ char sign;
+ int size;
+
+ tnl = current_time();
+#ifdef _WIN32
+ {
+ struct tm *pt = localtime( &tnl );
+ tmsp = &tms;
+ memcpy(&tms, pt, sizeof(struct tm) );
+ }
+#else
+ (void)localtime_r( &tnl, &tms );
+ tmsp = &tms;
+#endif
+#ifdef BSD_TIME
+ tz = tmsp->tm_gmtoff;
+#else /* BSD_TIME */
+ tz = - timezone;
+ if ( tmsp->tm_isdst ) {
+ tz += 3600;
+ }
+#endif /* BSD_TIME */
+ sign = ( tz >= 0 ? '+' : '-' );
+ if ( tz < 0 ) {
+ tz = -tz;
+ }
+ (void)strftime( tbuf, (size_t)TBUFSIZE, "%d/%b/%Y:%H:%M:%S", tmsp);
+ sprintf( buffer, "[%s %c%02d%02d] - %s", tbuf, sign, (int)( tz / 3600 ), (int)( tz % 3600 ), msg);
+ size = strlen(buffer);
+
+ if(!locked)
+ LOG_ERROR_LOCK_WRITE();
+
+ slapi_write_buffer((fp), (buffer), (size));
+ PR_Sync(fp);
+
+ if(!locked)
+ LOG_ERROR_UNLOCK_WRITE();
+}
+
static int
vslapd_log_error(
LOGFD fp,
@@ -3102,9 +3154,6 @@ char rootpath[4];
PR_snprintf(buffer, sizeof(buffer),
"log__enough_freespace: Unable to get the free space (errno:%d)\n",
errno);
- /* This function could be called in the ERROR WRITE LOCK,
- * which causes the self deadlock if you call LDAPDebug for logging.
- * Thus, instead of LDAPDebug, call log__error_emergency with locked == 1. */
log__error_emergency(buffer, 0, 1);
return 1;
} else {
@@ -3351,9 +3400,6 @@ delete_logfile:
PR_snprintf (buffer, sizeof(buffer), "%s.%s", loginfo.log_error_file, tbuf);
if (PR_Delete(buffer) != PR_SUCCESS) {
PRErrorCode prerr = PR_GetError();
- /* This function could be called in the ERROR WRITE LOCK,
- * which causes the self deadlock if you call LDAPDebug for logging.
- * Thus, instead of LDAPDebug, call log__error_emergency with locked == 1. */
PR_snprintf(buffer, sizeof(buffer),
"LOGINFO:Unable to remove file:%s.%s error %d (%s)\n",
loginfo.log_error_file, tbuf, prerr, slapd_pr_strerror(prerr));
@@ -3713,10 +3759,7 @@ log__error_emergency(const char *errstr, int reopen, int locked)
PRErrorCode prerr = PR_GetError();
syslog(LOG_ERR, "Failed to reopen errors log file, " SLAPI_COMPONENT_NAME_NSPR " error %d (%s)\n", prerr, slapd_pr_strerror(prerr));
} else {
- /* LDAPDebug locks ERROR_LOCK_WRITE internally */
- if (locked) LOG_ERROR_UNLOCK_WRITE();
- LDAPDebug(LDAP_DEBUG_ANY, "%s\n", errstr, 0, 0);
- if (locked) LOG_ERROR_LOCK_WRITE( );
+ vslapd_log_emergency_error(loginfo.log_error_fdes, errstr, locked);
}
return;
}
commit 39b0938b43a5dbfdc566b343e504585bad7de859
Author: Mark Reynolds <mreynolds at redhat.com>
Date: Thu Dec 6 11:41:29 2012 -0500
Coverity Issues for 1.2.11
Reviewed by: richm(Thanks!)
diff --git a/ldap/servers/plugins/memberof/memberof.c b/ldap/servers/plugins/memberof/memberof.c
index 598f4d9..a3f875d 100644
--- a/ldap/servers/plugins/memberof/memberof.c
+++ b/ldap/servers/plugins/memberof/memberof.c
@@ -1105,6 +1105,13 @@ memberof_modop_one_replace_r(Slapi_PBlock *pb, MemberOfConfig *config,
const char *op_this = slapi_sdn_get_ndn(op_this_sdn);
Slapi_Value *to_dn_val = slapi_value_new_string(op_to);
Slapi_Value *this_dn_val = slapi_value_new_string(op_this);
+
+ if(this_dn_val == NULL || to_dn_val == NULL){
+ slapi_log_error( SLAPI_LOG_FATAL, MEMBEROF_PLUGIN_SUBSYSTEM,
+ "memberof_modop_one_replace_r: failed to get DN values (NULL)\n");
+ goto bail;
+ }
+
/* op_this and op_to are both case-normalized */
slapi_value_set_flags(this_dn_val, SLAPI_ATTR_FLAG_NORMALIZED_CIS);
slapi_value_set_flags(to_dn_val, SLAPI_ATTR_FLAG_NORMALIZED_CIS);
diff --git a/ldap/servers/slapd/back-ldbm/dblayer.c b/ldap/servers/slapd/back-ldbm/dblayer.c
index 02cb3fd..804543b 100644
--- a/ldap/servers/slapd/back-ldbm/dblayer.c
+++ b/ldap/servers/slapd/back-ldbm/dblayer.c
@@ -1910,6 +1910,8 @@ dblayer_get_id2entry_size(ldbm_instance *inst)
ID2ENTRY LDBM_FILENAME_SUFFIX);
rc = PR_GetFileInfo(id2entry_file, &info);
slapi_ch_free_string(&id2entry_file);
+ if (inst_dirp != inst_dir)
+ slapi_ch_free_string(&inst_dirp);
if (rc) {
return 0;
}
diff --git a/lib/libaccess/acltools.cpp b/lib/libaccess/acltools.cpp
index 69d0c2e..df08658 100644
--- a/lib/libaccess/acltools.cpp
+++ b/lib/libaccess/acltools.cpp
@@ -1415,6 +1415,7 @@ char *errmsg;
eid = ACLERR1500;
errmsg = system_errmsg();
nserrGenerate(errp, rv, eid, ACL_Program, 2, "buffer", errmsg);
+ PERM_FREE(errmsg);
}
}
commit 77f126b85db760f0ad8e56575a8bac135b15fe49
Author: Mark Reynolds <mreynolds at redhat.com>
Date: Thu Nov 29 10:49:33 2012 -0500
Ticket 216 - disable replication agreements
Bug Description: Objectclass violation when trying to add "nsds5ReplicaEnabled"
to a winSync agmt.
Fix Description: Add this attribute to the "MAY" list for objectclass: nsDSWindowsReplicationAgreement
https://fedorahosted.org/389/ticket/216
Reviewed by: richm(Thanks)
(cherry picked from commit b3a2f4010d4eae7bd62a0c09576b1a643eca3901)
diff --git a/ldap/schema/02common.ldif b/ldap/schema/02common.ldif
index c6cc6b8..ffec7ce 100644
--- a/ldap/schema/02common.ldif
+++ b/ldap/schema/02common.ldif
@@ -180,7 +180,7 @@ objectClasses: ( 2.16.840.1.113730.3.2.99 NAME 'cosSuperDefinition' DESC 'Netsca
objectClasses: ( 2.16.840.1.113730.3.2.100 NAME 'cosClassicDefinition' DESC 'Netscape defined objectclass' SUP cosSuperDefinition MAY ( cosTemplateDn $ cosspecifier ) X-ORIGIN 'Netscape Directory Server' )
objectClasses: ( 2.16.840.1.113730.3.2.101 NAME 'cosPointerDefinition' DESC 'Netscape defined objectclass' SUP cosSuperDefinition MAY ( cosTemplateDn ) X-ORIGIN 'Netscape Directory Server' )
objectClasses: ( 2.16.840.1.113730.3.2.102 NAME 'cosIndirectDefinition' DESC 'Netscape defined objectclass' SUP cosSuperDefinition MAY ( cosIndirectSpecifier ) X-ORIGIN 'Netscape Directory Server' )
-objectClasses: ( 2.16.840.1.113730.3.2.503 NAME 'nsDSWindowsReplicationAgreement' DESC 'Netscape defined objectclass' SUP top MUST ( cn ) MAY ( nsDS5ReplicaHost $ nsDS5ReplicaPort $ nsDS5ReplicaTransportInfo $ nsDS5ReplicaBindDN $ nsDS5ReplicaCredentials $ nsDS5ReplicaBindMethod $ nsDS5ReplicaRoot $ nsDS5ReplicatedAttributeList $ nsDS5ReplicaUpdateSchedule $ nsds5BeginReplicaRefresh $ description $ nsds50ruv $ nsruvReplicaLastModified $ nsds5ReplicaTimeout $ nsds5replicaChangesSentSinceStartup $ nsds5replicaLastUpdateEnd $ nsds5replicaLastUpdateStart $ nsds5replicaLastUpdateStatus $ nsds5replicaUpdateInProgress $ nsds5replicaLastInitEnd $ nsds5replicaLastInitStart $ nsds5replicaLastInitStatus $ nsds5debugreplicatimeout $ nsds5replicaBusyWaitTime $ nsds5replicaSessionPauseTime $ nsds7WindowsReplicaSubtree $ nsds7DirectoryReplicaSubtree $ nsds7NewWinUserSyncEnabled $ nsds7NewWinGroupSyncEnabled $ nsds7WindowsDomain $ nsds7DirsyncCookie $ winSyncInterval $ oneWaySync $ winSyncMoveAction) X-ORIGIN 'Netscape Directory Server' )
+objectClasses: ( 2.16.840.1.113730.3.2.503 NAME 'nsDSWindowsReplicationAgreement' DESC 'Netscape defined objectclass' SUP top MUST ( cn ) MAY ( nsDS5ReplicaHost $ nsDS5ReplicaPort $ nsDS5ReplicaTransportInfo $ nsDS5ReplicaBindDN $ nsDS5ReplicaCredentials $ nsDS5ReplicaBindMethod $ nsDS5ReplicaRoot $ nsDS5ReplicatedAttributeList $ nsDS5ReplicaUpdateSchedule $ nsds5BeginReplicaRefresh $ description $ nsds50ruv $ nsruvReplicaLastModified $ nsds5ReplicaTimeout $ nsds5replicaChangesSentSinceStartup $ nsds5replicaLastUpdateEnd $ nsds5replicaLastUpdateStart $ nsds5replicaLastUpdateStatus $ nsds5replicaUpdateInProgress $ nsds5replicaLastInitEnd $ nsds5replicaLastInitStart $ nsds5replicaLastInitStatus $ nsds5debugreplicatimeout $ nsds5replicaBusyWaitTime $ nsds5replicaSessionPauseTime $ nsds7WindowsReplicaSubtree $ nsds7DirectoryReplicaSubtree $ nsds7NewWinUserSyncEnabled $ nsds7NewWinGroupSyncEnabled $ nsds7WindowsDomain $ nsds7DirsyncCookie $ winSyncInterval $ oneWaySync $ winSyncMoveAction $ nsds5ReplicaEnabled ) X-ORIGIN 'Netscape Directory Server' )
objectClasses: ( 2.16.840.1.113730.3.2.128 NAME 'costemplate' DESC 'Netscape defined objectclass' SUP top MAY ( cn $ cospriority ) X-ORIGIN 'Netscape Directory Server' )
objectClasses: ( 2.16.840.1.113730.3.2.304 NAME 'nsView' DESC 'Netscape defined objectclass' SUP top AUXILIARY MAY ( nsViewFilter $ description ) X-ORIGIN 'Netscape Directory Server' )
objectClasses: ( 2.16.840.1.113730.3.2.316 NAME 'nsAttributeEncryption' DESC 'Netscape defined objectclass' SUP top MUST ( cn $ nsEncryptionAlgorithm ) X-ORIGIN 'Netscape Directory Server' )
commit bf2bfaab8e61f335442e4341ff33521a822bd830
Author: Mark Reynolds <mreynolds at redhat.com>
Date: Tue Nov 27 10:24:02 2012 -0500
Ticket 20 - Allow automember to work on entries that have already been added
Bug Description: If the server can not open a ldif for reading(mapping task), an
incorrect error and file name is returned.
Fix Description: Report the correct file name, and correctly grab the OS error/string.
Also made slapd_pr_strerr() and slapd_system_strerr() public, so I
refactored the function names to be "slapi_" - so a lot of files are
touched but the main change for this ticket is still in automember.c
https://fedorahosted.org/389/ticket/20
Reviewed by: richm(Thanks)
diff --git a/ldap/servers/plugins/automember/automember.c b/ldap/servers/plugins/automember/automember.c
index a11909f..424b507 100644
--- a/ldap/servers/plugins/automember/automember.c
+++ b/ldap/servers/plugins/automember/automember.c
@@ -2333,6 +2333,7 @@ void automember_export_task_thread(void *arg){
task_data *td = NULL;
PRFileDesc *ldif_fd;
int i = 0;
+ int rc = 0;
td = (task_data *)slapi_task_get_data(task);
slapi_task_begin(task, 1);
@@ -2341,13 +2342,14 @@ void automember_export_task_thread(void *arg){
/* make sure we can open the ldif file */
if (( ldif_fd = PR_Open( td->ldif_out, PR_CREATE_FILE | PR_WRONLY, DEFAULT_FILE_MODE )) == NULL ){
- slapi_task_log_notice(task, "Automember export task could not open ldif file \"%s\" for writing %d\n",
- td->ldif_out, PR_GetError() );
- slapi_task_log_status(task, "Automember export task could not open ldif file \"%s\" for writing %d\n",
- td->ldif_out, PR_GetError() );
+ rc = PR_GetOSError();
+ slapi_task_log_notice(task, "Automember export task could not open ldif file \"%s\" for writing, error %d (%s)\n",
+ td->ldif_out, rc, slapi_system_strerror(rc));
+ slapi_task_log_status(task, "Automember export task could not open ldif file \"%s\" for writing, error %d (%s)\n",
+ td->ldif_out, rc, slapi_system_strerror(rc) );
slapi_log_error( SLAPI_LOG_FATAL, AUTOMEMBER_PLUGIN_SUBSYSTEM,
- "Could not open ldif file \"%s\" for writing %d\n",
- td->ldif_out, PR_GetError() );
+ "Could not open ldif file \"%s\" for writing, error %d (%s)\n",
+ td->ldif_out, rc, slapi_system_strerror(rc) );
result = SLAPI_DSE_CALLBACK_ERROR;
goto out;
}
@@ -2516,6 +2518,7 @@ void automember_map_task_thread(void *arg){
task_data *td = NULL;
PRFileDesc *ldif_fd_out = NULL;
char *entrystr = NULL;
+ char *errstr = NULL;
#if defined(USE_OPENLDAP)
int buflen = 0;
LDIFFP *ldif_fd_in = NULL;
@@ -2534,29 +2537,34 @@ void automember_map_task_thread(void *arg){
/* make sure we can open the ldif files */
if(( ldif_fd_out = PR_Open( td->ldif_out, PR_CREATE_FILE | PR_WRONLY, DEFAULT_FILE_MODE )) == NULL ){
- slapi_task_log_notice(task, "The ldif file %s could not be accessed, error %d. Aborting task.\n",
- td->ldif_out, rc);
- slapi_task_log_status(task, "The ldif file %s could not be accessed, error %d. Aborting task.\n",
- td->ldif_out, rc);
+ rc = PR_GetOSError();
+ slapi_task_log_notice(task, "The ldif file %s could not be accessed, error %d (%s). Aborting task.\n",
+ td->ldif_out, rc, slapi_system_strerror(rc));
+ slapi_task_log_status(task, "The ldif file %s could not be accessed, error %d (%s). Aborting task.\n",
+ td->ldif_out, rc, slapi_system_strerror(rc));
slapi_log_error( SLAPI_LOG_FATAL, AUTOMEMBER_PLUGIN_SUBSYSTEM,
- "Could not open ldif file \"%s\" for writing %d\n",
- td->ldif_out, PR_GetError() );
+ "Could not open ldif file \"%s\" for writing, error %d (%s)\n",
+ td->ldif_out, rc, slapi_system_strerror(rc) );
result = SLAPI_DSE_CALLBACK_ERROR;
goto out;
}
#if defined(USE_OPENLDAP)
if(( ldif_fd_in = ldif_open(td->ldif_in, "r")) == NULL ){
+ rc = errno;
+ errstr = strerror(rc);
#else
if(( ldif_fd_in = PR_Open( td->ldif_in, PR_RDONLY, DEFAULT_FILE_MODE )) == NULL ){
+ rc = PR_GetOSError();
+ errstr = slapi_system_strerror(rc);
#endif
- slapi_task_log_notice(task, "The ldif file %s could not be accessed, error %d. Aborting task.\n",
- td->ldif_in, rc);
- slapi_task_log_status(task, "The ldif file %s could not be accessed, error %d. Aborting task.\n",
- td->ldif_in, rc);
+ slapi_task_log_notice(task, "The ldif file %s could not be accessed, error %d (%s). Aborting task.\n",
+ td->ldif_in, rc, errstr);
+ slapi_task_log_status(task, "The ldif file %s could not be accessed, error %d (%s). Aborting task.\n",
+ td->ldif_in, rc, errstr);
slapi_log_error( SLAPI_LOG_FATAL, AUTOMEMBER_PLUGIN_SUBSYSTEM,
- "Could not open ldif file \"%s\" for reading %d\n",
- td->ldif_out, PR_GetError() );
+ "Could not open ldif file \"%s\" for reading, error %d (%s)\n",
+ td->ldif_in, rc, errstr );
result = SLAPI_DSE_CALLBACK_ERROR;
goto out;
}
diff --git a/ldap/servers/slapd/errormap.c b/ldap/servers/slapd/errormap.c
index d05e495..c585d25 100644
--- a/ldap/servers/slapd/errormap.c
+++ b/ldap/servers/slapd/errormap.c
@@ -73,6 +73,11 @@ slapd_pr_strerror( const int prerrno )
return( s );
}
+char *
+slapi_pr_strerror( const int prerrno )
+{
+ return slapd_pr_strerror(prerrno);
+}
/*
* return the string equivalent of a system error
@@ -92,6 +97,11 @@ slapd_system_strerror( const int syserrno )
return( s );
}
+const char *
+slapi_system_strerror( const int syserrno )
+{
+ return slapd_system_strerror(syserrno);
+}
/*
* return the string equivalent of an NSPR error. If "prerrno" is not
diff --git a/ldap/servers/slapd/slapi-plugin.h b/ldap/servers/slapd/slapi-plugin.h
index 4316833..4962b2a 100644
--- a/ldap/servers/slapd/slapi-plugin.h
+++ b/ldap/servers/slapd/slapi-plugin.h
@@ -65,6 +65,7 @@ extern "C" {
#include "prtypes.h"
#include "ldap.h"
#include "prprf.h"
+#include "nspr.h"
NSPR_API(PRUint32) PR_snprintf(char *out, PRUint32 outlen, const char *fmt, ...)
#ifdef __GNUC__
__attribute__ ((format (printf, 3, 4)));
@@ -7156,6 +7157,80 @@ uint64_t slapi_str_to_u64(const char *s);
void slapi_set_plugin_open_rootdn_bind(Slapi_PBlock *pb);
+/*
+ * Public entry extension getter/setter functions
+ *
+ * Currently, only slapi_pw_get/set_entry_ext is implemented.
+ * The functions are in pw.c. Detailed usage of the factory
+ * is found in the comments at the top of factory.c.
+ *
+ * When you plan to add other entry extension code AND
+ * the type-value pair is managed via ordinary mod,
+ * setter, getter and copy function having the same API
+ * are supposed to be implemented, then add the set to
+ * attrs_in_extension list in entry.c. The set is called
+ * in slapi_entry_apply_mod_extension.
+ *
+ * Note: setter and getter are public, but copy function
+ * is not. (for the copy function, see pw_copy_entry_ext in pw.c)
+ */
+/* operation used in the entry extension setter */
+#define SLAPI_EXT_SET_ADD 0
+#define SLAPI_EXT_SET_REPLACE 1
+
+/**
+ * Get entry extension
+ *
+ * \param entry is the entry to retrieve the extension from
+ * \param vals is the array of (Slapi_Value *), which directly refers the extension. Caller must duplicate it to use it for other than referring.
+ *
+ * \return LDAP_SUCCESS if successful.
+ * \return non-zero otherwise.
+ */
+int slapi_pw_get_entry_ext(Slapi_Entry *entry, Slapi_Value ***vals);
+
+/**
+ * Set entry extension
+ *
+ * \param entry is the entry to set the extension to
+ * \param vals is the array of (Slapi_Value *), which is consumed in slapi_pw_set_ext if the call is successful.
+ * \param flags: SLAPI_EXT_SET_ADD -- add vals to the existing extension if any.
+ * SLAPI_EXT_SET_REPLACE -- replace vals with the existing extension if any.
+ * No difference if there is no extension in the entry.
+ *
+ * \return LDAP_SUCCESS if successful.
+ * \return non-zero otherwise.
+ */
+int slapi_pw_set_entry_ext(Slapi_Entry *entry, Slapi_Value **vals, int flags);
+
+/**
+ * Get stashed clear password.
+ * If multiple of them are in the extension, the first one is returned.
+ *
+ * \param entry is the entry to retrieve the extension from
+ *
+ * \return a pointer to the clear password string. Caller is responsible to free the string.
+ */
+char *slapi_get_first_clear_text_pw(Slapi_Entry *entry);
+
+/**
+ * Return the string equivalent of an NSPR error
+ * *
+ * \param a NSPR error code
+ *
+ * \return a pointer to the error code string.
+ */
+char *slapi_pr_strerror( const PRErrorCode prerrno );
+
+/**
+ * Return the string equivalent of an OS error
+ *
+ * \param a OS error code
+ *
+ * \return a pointer to the system error code string.
+ */
+const char *slapi_system_strerror( const int syserrno );
+
#ifdef __cplusplus
}
#endif
commit 7d22bc2eca8d71ac212879fb28d39c8a31a7be58
Author: Mark Reynolds <mreynolds at redhat.com>
Date: Mon Nov 26 11:04:36 2012 -0500
Coverity Fixes
12626
13030
13114
13115
13116
Reviewed by: richm (Thanks Rich!)
(cherry picked from commit 4850b2720a6d2a1cf65b2cbfa296e37f04f85c5d)
diff --git a/ldap/servers/plugins/replication/cl5_api.c b/ldap/servers/plugins/replication/cl5_api.c
index 6c94b3d..175eb80 100644
--- a/ldap/servers/plugins/replication/cl5_api.c
+++ b/ldap/servers/plugins/replication/cl5_api.c
@@ -6554,9 +6554,6 @@ cl5CleanRUV(ReplicaId rid){
ruv_delete_replica(file->maxRUV, rid);
obj = objset_next_obj(s_cl5Desc.dbFiles, obj);
}
- if(obj){
- object_release (obj);
- }
slapi_rwlock_unlock (s_cl5Desc.stLock);
}
diff --git a/ldap/servers/plugins/replication/repl5_replica_config.c b/ldap/servers/plugins/replication/repl5_replica_config.c
index 0fd785b..e234c15 100644
--- a/ldap/servers/plugins/replication/repl5_replica_config.c
+++ b/ldap/servers/plugins/replication/repl5_replica_config.c
@@ -1743,7 +1743,7 @@ check_replicas_are_done_cleaning(cleanruv_data *data )
{
Object *agmt_obj;
Repl_Agmt *agmt;
- char csnstr[CSN_STRSIZE];
+ char *csnstr = NULL;
char *filter = NULL;
int not_all_cleaned = 1;
int interval = 10;
@@ -1786,6 +1786,7 @@ check_replicas_are_done_cleaning(cleanruv_data *data )
interval = 14400;
}
}
+ slapi_ch_free_string(&csnstr);
slapi_ch_free_string(&filter);
}
@@ -2356,7 +2357,7 @@ delete_cleaned_rid_config(cleanruv_data *clean_data)
struct berval *vals[2];
struct berval val;
char data[CSN_STRSIZE + 15];
- char csnstr[CSN_STRSIZE];
+ char *csnstr = NULL;
char *dn;
int rc;
@@ -2399,6 +2400,7 @@ delete_cleaned_rid_config(cleanruv_data *clean_data)
}
slapi_pblock_destroy (pb);
More information about the Pkg-fedora-ds-maintainers
mailing list