[prev in list] [next in list] [prev in thread] [next in thread]
List: fedora-directory-commits
Subject: [389-commits] 2 commits - ldap/admin ldap/servers
From: Richard Allen Megginson <rmeggins () fedoraproject ! org>
Date: 2010-04-26 23:45:45
Message-ID: 20100426234545.736311B032B () lists ! fedorahosted ! org
[Download RAW message or body]
ldap/admin/src/scripts/DSCreate.pm.in | 3 +
ldap/admin/src/scripts/DSDialogs.pm | 4 -
ldap/admin/src/scripts/setup-ds.res.in | 2
ldap/servers/slapd/plugin.c | 82 +++++++++++++++++++++++++++------
ldap/servers/slapd/slap.h | 8 ++-
5 files changed, 81 insertions(+), 18 deletions(-)
New commits:
commit 1d7f7f52485922e9fa992de0e74ede1d44b81097
Author: Endi S. Dewata <edewata@redhat.com>
Date: Sat Apr 17 00:08:35 2010 -0500
Bug 145181 - Plugin target/bind subtrees only take 1 value.
https://bugzilla.redhat.com/show_bug.cgi?id=145181
Resolves: bug 145181
Bug Description: Plugin target/bind subtrees only take 1 value.
Fix Description: New attributes nsslapd-exclude-targetSubtree and
nsslapd-exclude-bindSubtree have been added to specify excluded subtrees.
The set_plugin_config_from_entry() has been modified to read multiple
subtrees. The plugin_invoke_plugin_sdn() and plugin_allow_internal_op()
have been modified to check for excluded subtrees.
Reviewed by: rmeggins (and pushed)
diff --git a/ldap/servers/slapd/plugin.c b/ldap/servers/slapd/plugin.c
index 84dbcfe..658fcf4 100644
--- a/ldap/servers/slapd/plugin.c
+++ b/ldap/servers/slapd/plugin.c
@@ -1726,6 +1726,8 @@ set_plugin_config_from_entry(
{
struct pluginconfig *config = &plugin->plg_conf;
char *value = 0;
+ char **values = 0;
+ int i = 0;
int status = 0;
PRBool target_seen = PR_FALSE;
PRBool bind_seen = PR_FALSE;
@@ -1782,39 +1784,73 @@ set_plugin_config_from_entry(
slapi_ch_free((void**)&value);
}
- if ((value = slapi_entry_attr_get_charptr(plugin_entry,
- ATTR_PLUGIN_TARGET_SUBTREE)) != NULL)
+ values = slapi_entry_attr_get_charray(plugin_entry,
+ ATTR_PLUGIN_TARGET_SUBTREE);
+ for (i=0; values && values[i]; i++)
{
- if (plugin_set_subtree_config(&(config->plgc_target_subtrees), value))
+ if (plugin_set_subtree_config(&(config->plgc_target_subtrees), values[i]))
{
LDAPDebug(LDAP_DEBUG_PLUGIN, "Error: invalid value %s for attribute %s "
- "from entry %s\n", value, ATTR_PLUGIN_TARGET_SUBTREE,
+ "from entry %s\n", values[i], ATTR_PLUGIN_TARGET_SUBTREE,
slapi_entry_get_dn_const(plugin_entry));
status = 1;
+ break;
}
else
{
target_seen = PR_TRUE;
}
- slapi_ch_free((void**)&value);
}
+ slapi_ch_array_free(values);
- if ((value = slapi_entry_attr_get_charptr(plugin_entry,
- ATTR_PLUGIN_BIND_SUBTREE)) != NULL)
+ values = slapi_entry_attr_get_charray(plugin_entry,
+ ATTR_PLUGIN_EXCLUDE_TARGET_SUBTREE);
+ for (i=0; values && values[i]; i++)
+ {
+ if (plugin_set_subtree_config(&(config->plgc_excluded_target_subtrees), \
values[i])) + {
+ LDAPDebug(LDAP_DEBUG_PLUGIN, "Error: invalid value %s for attribute %s "
+ "from entry %s\n", values[i], ATTR_PLUGIN_EXCLUDE_TARGET_SUBTREE,
+ slapi_entry_get_dn_const(plugin_entry));
+ status = 1;
+ break;
+ }
+ }
+ slapi_ch_array_free(values);
+
+ values = slapi_entry_attr_get_charray(plugin_entry,
+ ATTR_PLUGIN_BIND_SUBTREE);
+ for (i=0; values && values[i]; i++)
{
- if (plugin_set_subtree_config(&(config->plgc_bind_subtrees), value))
+ if (plugin_set_subtree_config(&(config->plgc_bind_subtrees), values[i]))
{
LDAPDebug(LDAP_DEBUG_PLUGIN, "Error: invalid value %s for attribute %s "
- "from entry %s\n", value, ATTR_PLUGIN_BIND_SUBTREE,
+ "from entry %s\n", values[i], ATTR_PLUGIN_BIND_SUBTREE,
slapi_entry_get_dn_const(plugin_entry));
status = 1;
+ break;
}
else
{
bind_seen = PR_TRUE;
}
- slapi_ch_free((void**)&value);
}
+ slapi_ch_array_free(values);
+
+ values = slapi_entry_attr_get_charray(plugin_entry,
+ ATTR_PLUGIN_EXCLUDE_BIND_SUBTREE);
+ for (i=0; values && values[i]; i++)
+ {
+ if (plugin_set_subtree_config(&(config->plgc_excluded_bind_subtrees), values[i]))
+ {
+ LDAPDebug(LDAP_DEBUG_PLUGIN, "Error: invalid value %s for attribute %s "
+ "from entry %s\n", values[i], ATTR_PLUGIN_EXCLUDE_BIND_SUBTREE,
+ slapi_entry_get_dn_const(plugin_entry));
+ status = 1;
+ break;
+ }
+ }
+ slapi_ch_array_free(values);
/* set target subtree default - allow access to all data */
if (!target_seen)
@@ -2274,7 +2310,9 @@ plugin_config_init (struct pluginconfig *config)
PR_ASSERT (config);
ptd_init (&config->plgc_target_subtrees);
+ ptd_init (&config->plgc_excluded_target_subtrees);
ptd_init (&config->plgc_bind_subtrees);
+ ptd_init (&config->plgc_excluded_bind_subtrees);
config->plgc_schema_check = PLGC_ON;
config->plgc_invoke_for_replop = PLGC_ON;
/* currently, we leave it up to plugin, but don't actually tell plugins that they \
can choose. @@ -2319,7 +2357,9 @@ plugin_config_cleanup (struct pluginconfig *config)
PR_ASSERT (config);
ptd_cleanup (&config->plgc_target_subtrees);
+ ptd_cleanup (&config->plgc_excluded_target_subtrees);
ptd_cleanup (&config->plgc_bind_subtrees);
+ ptd_cleanup (&config->plgc_excluded_bind_subtrees);
}
#if 0
@@ -2380,13 +2420,13 @@ PRBool
plugin_invoke_plugin_sdn (struct slapdplugin *plugin, int operation, Slapi_PBlock \
*pb, Slapi_DN *target_spec) {
PluginTargetData *ptd;
+ PluginTargetData *excludedPtd;
struct pluginconfig *config;
Slapi_Backend *be;
int isroot;
PRBool islocal;
PRBool bindop;
unsigned long op;
- PRBool rc;
int method = -1;
PR_ASSERT (plugin);
@@ -2453,15 +2493,19 @@ plugin_invoke_plugin_sdn (struct slapdplugin *plugin, int \
operation, Slapi_PBloc if (bindop)
{
ptd = &(config->plgc_bind_subtrees);
+ excludedPtd = &(config->plgc_excluded_bind_subtrees);
}
else
{
ptd = &(config->plgc_target_subtrees);
+ excludedPtd = &(config->plgc_excluded_target_subtrees);
}
- rc = plugin_matches_operation (target_spec, ptd, bindop, isroot, islocal, method);
+ if (plugin_matches_operation (target_spec, excludedPtd, bindop, isroot, islocal, \
method) == PR_TRUE) { + return PR_FALSE;
+ }
- return rc;
+ return plugin_matches_operation (target_spec, ptd, bindop, isroot, islocal, \
method); }
/* this interface is exposed to be used by internal operations.
@@ -2528,6 +2572,9 @@ PRBool plugin_allow_internal_op (Slapi_DN *target_spec, struct \
slapdplugin *plug Slapi_Backend *be;
int islocal;
+ if (plugin_is_global (&config->plgc_excluded_target_subtrees))
+ return PR_FALSE;
+
if (plugin_is_global (&config->plgc_target_subtrees))
return PR_TRUE;
@@ -2545,7 +2592,14 @@ PRBool plugin_allow_internal_op (Slapi_DN *target_spec, struct \
slapdplugin *plug } else {
islocal = be != defbackend_get_backend();
}
- /* SIMPLE auth method sends us through original code path in \
plugin_mathches_operation */ +
+ /* SIMPLE auth method sends us through original code path in \
plugin_mathches_operation */ +
+ if (plugin_matches_operation (target_spec, &config->plgc_excluded_target_subtrees,
+ PR_FALSE, PR_FALSE, islocal, LDAP_AUTH_SIMPLE) == PR_TRUE) {
+ return PR_FALSE;
+ }
+
return plugin_matches_operation (target_spec, &config->plgc_target_subtrees,
PR_FALSE, PR_FALSE, islocal, LDAP_AUTH_SIMPLE);
}
diff --git a/ldap/servers/slapd/slap.h b/ldap/servers/slapd/slap.h
index aa5a88b..ba550c7 100644
--- a/ldap/servers/slapd/slap.h
+++ b/ldap/servers/slapd/slap.h
@@ -707,7 +707,9 @@ struct matchingRuleList {
#define ATTR_PLUGIN_LOG_ACCESS "nsslapd-logAccess"
#define ATTR_PLUGIN_LOG_AUDIT "nsslapd-logAudit"
#define ATTR_PLUGIN_TARGET_SUBTREE "nsslapd-targetSubtree"
+#define ATTR_PLUGIN_EXCLUDE_TARGET_SUBTREE "nsslapd-exclude-targetSubtree"
#define ATTR_PLUGIN_BIND_SUBTREE "nsslapd-bindSubtree"
+#define ATTR_PLUGIN_EXCLUDE_BIND_SUBTREE "nsslapd-exclude-bindSubtree"
#define ATTR_PLUGIN_INVOKE_FOR_REPLOP "nsslapd-invokeForReplOp"
#define ATTR_PLUGIN_LOAD_NOW "nsslapd-pluginLoadNow"
#define ATTR_PLUGIN_LOAD_GLOBAL "nsslapd-pluginLoadGlobal"
@@ -752,8 +754,10 @@ typedef struct target_data
}PluginTargetData;
struct pluginconfig{
- PluginTargetData plgc_target_subtrees; /* list of subtrees accessible by the plugin \
*/
- PluginTargetData plgc_bind_subtrees; /* the list of subtrees for which plugin in \
invoked during bind operation */ + PluginTargetData plgc_target_subtrees; /* list of \
subtrees accessible by the plugin */ + PluginTargetData \
plgc_excluded_target_subtrees; /* list of subtrees inaccessible by the plugin */ \
+ PluginTargetData plgc_bind_subtrees; /* the list of subtrees for which plugin is \
invoked during bind operation */ + PluginTargetData plgc_excluded_bind_subtrees; /* \
the list of subtrees for which plugin is not invoked during bind operation */ \
PRBool plgc_schema_check; /* inidcates whether schema check is performed \
during internal op */ PRBool plgc_log_change; /* indicates whether changes \
are logged during internal op */ PRBool plgc_log_access; /* indicates whether \
internal op is recorded in access log */
commit a7b2cdc8c3ee5fcc23155d791cafc48f554008f2
Author: Endi S. Dewata <edewata@redhat.com>
Date: Fri Apr 16 11:26:32 2010 -0500
Bug 542570 - Directory Server port number is not validated in the beginning.
https://bugzilla.redhat.com/show_bug.cgi?id=542570
Resolves: bug 542570
Bug Description: Directory Server port number is not validated in the beginning.
Fix Description: The code has been modified to validate the port value from the
beginning of the string to the end to ensure that it only contains digits and to
generate the appropriate error message.
Reviewed by: rmeggins (and pushed)
diff --git a/ldap/admin/src/scripts/DSCreate.pm.in \
b/ldap/admin/src/scripts/DSCreate.pm.in index dcd55af..a156f10 100644
--- a/ldap/admin/src/scripts/DSCreate.pm.in
+++ b/ldap/admin/src/scripts/DSCreate.pm.in
@@ -82,6 +82,9 @@ sub checkPort {
}
}
+ if ($inf->{slapd}->{ServerPort} !~ /^\d+$/) {
+ return ('error_port_invalid', $inf->{slapd}->{ServerPort});
+ }
if (!portAvailable($inf->{slapd}->{ServerPort})) {
return ('error_port_available', $inf->{slapd}->{ServerPort}, $!);
}
diff --git a/ldap/admin/src/scripts/DSDialogs.pm \
b/ldap/admin/src/scripts/DSDialogs.pm index 6583ff9..60bc115 100644
--- a/ldap/admin/src/scripts/DSDialogs.pm
+++ b/ldap/admin/src/scripts/DSDialogs.pm
@@ -64,8 +64,8 @@ my $dsport = new Dialog (
my $self = shift;
my $ans = shift;
my $res = $DialogManager::SAME;
- if ($ans !~ /\d+/) {
- $self->{manager}->alert("dialog_dsport_error", $ans);
+ if ($ans !~ /^\d+$/) {
+ $self->{manager}->alert("dialog_dsport_invalid", $ans);
} elsif (!portAvailable($ans)) {
$self->{manager}->alert("dialog_dsport_error", $ans);
} else {
diff --git a/ldap/admin/src/scripts/setup-ds.res.in \
b/ldap/admin/src/scripts/setup-ds.res.in index af9080d..ca7b6e7 100644
--- a/ldap/admin/src/scripts/setup-ds.res.in
+++ b/ldap/admin/src/scripts/setup-ds.res.in
@@ -55,6 +55,7 @@ dialog_ssgroup_no_user = The system user '%s' does not belong to \
the group '%s'. dialog_dsport_text = The standard directory server network port \
number is 389. However, if\nyou are not logged as the superuser, or port 389 is in \
use, the\ndefault value will be a random unused port number greater than 1024.\nIf \
you want to use port 389, make sure that you are logged in as the\nsuperuser, that \
port 389 is not in use.\n\n dialog_dsport_prompt = Directory server network port
dialog_dsport_error = The port %s is in use or not available. Please choose another \
port.\n\n +dialog_dsport_invalid = The port %s is not a valid port. Please choose a \
valid port.\n\n
# ----------- DS server ID Dialog Resource ----------------
dialog_dsserverid_text = Each instance of a directory server requires a unique \
identifier.\nThis identifier is used to name the various\ninstance specific files and \
directories in the file system,\nas well as for other uses as a server instance \
identifier.\n\n @@ -103,6 +104,7 @@ error_adding_entry = Error adding entry '%s'. \
Error: %s\n error_updating_entry = Error updating entry '%s'. Error: %s\n
error_invalid_param = The parameter '%s' has an invalid value '%s'.\n
+error_port_invalid = The port %s is not a valid port. Please choose a valid port.\n
error_port_available = The port number '%s' is not available for use. This may be \
due to an\ invalid port number, or the port already being in use by another\
program, or low port restriction. Please choose another value for\
--
389 commits mailing list
389-commits@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-commits
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic