[prev in list] [next in list] [prev in thread] [next in thread]
List: fedora-directory-commits
Subject: [389-commits] Branch '389-ds-base-1.2.6' - 14 commits - ldap/servers VERSION.sh
From: Richard Allen Megginson <rmeggins () fedoraproject ! org>
Date: 2012-01-27 23:52:30
Message-ID: 20120127235230.232015CC () lists ! fedorahosted ! org
[Download RAW message or body]
VERSION.sh | 2
ldap/servers/plugins/acl/acleffectiverights.c | 3
ldap/servers/plugins/linkedattrs/linked_attrs.c | 3
ldap/servers/plugins/replication/repl5_inc_protocol.c | 2
ldap/servers/plugins/replication/repl5_tot_protocol.c | 2
ldap/servers/plugins/usn/usn.c | 4
ldap/servers/slapd/back-ldbm/ldbm_entryrdn.c | 14 +-
ldap/servers/slapd/back-ldbm/monitor.c | 14 +-
ldap/servers/slapd/dn.c | 59 +++++++++-
ldap/servers/slapd/mapping_tree.c | 5
ldap/servers/slapd/modrdn.c | 48 ++++++++
ldap/servers/slapd/opshared.c | 4
ldap/servers/slapd/sasl_io.c | 101 ++++++++++--------
ldap/servers/slapd/utf8compare.c | 2
ldap/servers/slapd/util.c | 46 +++++---
15 files changed, 222 insertions(+), 87 deletions(-)
New commits:
commit 3a07aea6ec4250b080d023099fe8c0e889291a2b
Author: Noriko Hosoi <nhosoi@redhat.com>
Date: Tue Oct 5 15:40:10 2010 -0700
Bug 640027 - Naming attribute with a special char sequence parsing bug
https://bugzilla.redhat.com/show_bug.cgi?id=640027
Description: When DN is made from RDNs containing escaped plus
"\+", the dn normalizer considers the value could be nested multi-
valued RDNs. (e.g., cn=C\=Z\+A\=X\+B\=Y\,o\=O,o=OO)
In that case, multi-valued RDNs are sorted by the normalizer.
(==> cn=A\=X\+B\=Y\+C\=Z\,o\=O,o=OO)
The sample DN provided by Andrey Ivanov contains "\+", but that
is not a separator for the multi-valued RDNs:
cn=mytest\+\=-123'\;456,dc=example,dc=com
The dn normalizer should have checked the possibility, as well.
The check is added in this patch.
Also, sorting was not triggered if multi-valued RDNs are located
at the end of the value. (e.g., cn=C\=X\,B\=Y\+A\=Z,o=OO)
The bug was fixed, as well.
(cherry picked from commit 9a00a444cea117d0950bef3bb9327bd05e9d11bb)
Branch: 389-ds-base-1.2.6
diff --git a/ldap/servers/slapd/dn.c b/ldap/servers/slapd/dn.c
index 172a829..6edf06e 100644
--- a/ldap/servers/slapd/dn.c
+++ b/ldap/servers/slapd/dn.c
@@ -116,6 +116,11 @@ hexchar2int( char c )
#define ISCLOSEBRACKET(c) (((c) == ')') || ((c) == ']'))
+#define MAYBEDN(eq) ( \
+ (eq) && ((eq) != subtypestart) && \
+ ((eq) != subtypestart + strlen(subtypestart) - 3) \
+)
+
#define B4TYPE 0
#define INTYPE 1
#define B4EQUAL 2
@@ -648,8 +653,19 @@ slapi_dn_normalize_ext(char *src, size_t src_len, char **dest, \
size_t *dest_len)
*/
if (subtypestart &&
(ISPLUS(*(s+1)) || subrdn_av_count > 0)) {
- add_rdn_av(subtypestart, d, &subrdn_av_count,
- &subrdn_avs, subinitial_rdn_av_stack);
+ /* if subtypestart is not valid DN,
+ * we do not do sorting.*/
+ char *p = PL_strcasestr(subtypestart, "\\3d");
+ if (MAYBEDN(p)) {
+ add_rdn_av(subtypestart, d,
+ &subrdn_av_count,
+ &subrdn_avs,
+ subinitial_rdn_av_stack);
+ } else {
+ reset_rdn_avs(&subrdn_avs,
+ &subrdn_av_count);
+ subtypestart = NULL;
+ }
}
if (!ISPLUS(*(s+1))) { /* at end of this RDN */
if (subrdn_av_count > 1) {
@@ -671,8 +687,7 @@ slapi_dn_normalize_ext(char *src, size_t src_len, char **dest, \
size_t *dest_len) /* next type start of multi values */
/* should not be a escape char AND should be
* followed by \\= or \\3D */
- if (!ISESCAPE(*s) &&
- (PL_strnstr(s, "\\=", ends - s) ||
+ if ((PL_strnstr(s, "\\=", ends - s) ||
PL_strncaserstr(s, "\\3D", ends - s))) {
subtypestart = d;
} else {
@@ -719,8 +734,16 @@ slapi_dn_normalize_ext(char *src, size_t src_len, char **dest, \
size_t *dest_len)
*/
if (subtypestart &&
(ISPLUSSTR(s+1) || subrdn_av_count > 0)) {
- add_rdn_av(subtypestart, d, &subrdn_av_count,
+ /* if subtypestart is not valid DN,
+ * we do not do sorting.*/
+ char *p = PL_strcasestr(subtypestart, "\\3d");
+ if (MAYBEDN(p)) {
+ add_rdn_av(subtypestart, d, &subrdn_av_count,
&subrdn_avs, subinitial_rdn_av_stack);
+ } else {
+ reset_rdn_avs( &subrdn_avs, &subrdn_av_count );
+ subtypestart = NULL;
+ }
}
if (!ISPLUSSTR(s+1)) { /* at end of this RDN */
if (subrdn_av_count > 1) {
@@ -860,8 +883,16 @@ slapi_dn_normalize_ext(char *src, size_t src_len, char **dest, \
size_t *dest_len)
*/
if (subtypestart &&
(ISPLUS(*s) || subrdn_av_count > 0)) {
- add_rdn_av(subtypestart, d, &subrdn_av_count,
+ /* if subtypestart is not valid DN,
+ * we do not do sorting.*/
+ char *p = PL_strcasestr(subtypestart, "\\3d");
+ if (MAYBEDN(p)) {
+ add_rdn_av(subtypestart, d, &subrdn_av_count,
&subrdn_avs, subinitial_rdn_av_stack);
+ } else {
+ reset_rdn_avs( &subrdn_avs, &subrdn_av_count );
+ subtypestart = NULL;
+ }
}
if (!ISPLUS(*s)) { /* at end of this RDN */
if (subrdn_av_count > 1) {
@@ -906,6 +937,11 @@ slapi_dn_normalize_ext(char *src, size_t src_len, char **dest, \
size_t *dest_len) add_rdn_av(typestart, d, &rdn_av_count,
&rdn_avs, initial_rdn_av_stack);
}
+ /* Sub type sorting might be also ongoing */
+ if (subtypestart && subrdn_av_count > 0) {
+ add_rdn_av(subtypestart, d, &subrdn_av_count,
+ &subrdn_avs, subinitial_rdn_av_stack);
+ }
if (!ISPLUS(*s)) { /* at end of this RDN */
if (rdn_av_count > 1) {
sort_rdn_avs( rdn_avs, rdn_av_count, 0 );
@@ -914,6 +950,14 @@ slapi_dn_normalize_ext(char *src, size_t src_len, char **dest, \
size_t *dest_len) reset_rdn_avs( &rdn_avs, &rdn_av_count );
typestart = NULL;
}
+ /* If in the middle of sub type sorting, finish it. */
+ if (subrdn_av_count > 1) {
+ sort_rdn_avs( subrdn_avs, subrdn_av_count, 1 );
+ }
+ if (subrdn_av_count > 0) {
+ reset_rdn_avs( &subrdn_avs, &subrdn_av_count );
+ subtypestart = NULL;
+ }
}
*d++ = (ISPLUS(*s++)) ? '+' : ',';
commit 15271d747ef62d1a74ddec4cf89bc7987e65a643
Author: Noriko Hosoi <nhosoi@redhat.com>
Date: Fri Aug 27 17:01:11 2010 -0700
Bug 627738 - The cn=monitor statistics entries for the dnentry cache do not \
change or change very rarely
https://bugzilla.redhat.com/show_bug.cgi?id=627738
Description:
1) id2entry_add_ext replaces an dn instance in the dn cache even if
the DN value is identical. Replace it only when they don't match.
2) Modifying the dn cache related labels:
dnEntrycachehits
dnEntrycachetries
dnEntrycachehitratio
dnCurrententrycachesize
dnMaxentrycachesize
dnCurrententrycachecount
dnMaxentrycachecount
===>
dncachehits
dncachetries
dncachehitratio
currentdncachesize
maxdncachesize
currentdncachecount
maxdncachecount
diff --git a/ldap/servers/slapd/back-ldbm/monitor.c \
b/ldap/servers/slapd/back-ldbm/monitor.c index 265021c..075a48f 100644
--- a/ldap/servers/slapd/back-ldbm/monitor.c
+++ b/ldap/servers/slapd/back-ldbm/monitor.c
@@ -131,19 +131,19 @@ int ldbm_back_monitor_instance_search(Slapi_PBlock *pb, \
Slapi_Entry *e, cache_get_stats(&(inst->inst_dncache), &hits, &tries,
&nentries, &maxentries, &size, &maxsize);
sprintf(buf, "%" NSPRIu64, hits);
- MSET("dnEntryCacheHits");
+ MSET("dnCacheHits");
sprintf(buf, "%" NSPRIu64, tries);
- MSET("dnEntryCacheTries");
+ MSET("dnCacheTries");
sprintf(buf, "%lu", (unsigned long)(100.0*(double)hits / (double)(tries > 0 \
? tries : 1)));
- MSET("dnEntryCacheHitRatio");
+ MSET("dnCacheHitRatio");
sprintf(buf, "%lu", size);
- MSET("dnCurrentEntryCacheSize");
+ MSET("currentDnCacheSize");
sprintf(buf, "%lu", maxsize);
- MSET("dnMaxEntryCacheSize");
+ MSET("maxDnCacheSize");
sprintf(buf, "%ld", nentries);
- MSET("dnCurrentEntryCacheCount");
+ MSET("currentDnCacheCount");
sprintf(buf, "%ld", maxentries);
- MSET("dnMaxEntryCacheCount");
+ MSET("maxDnCacheCount");
}
#ifdef DEBUG
commit 84264ea9caea02029438e6d631cde7bcd6aab417
Author: Noriko Hosoi <nhosoi@redhat.com>
Date: Tue Sep 14 18:05:56 2010 -0700
Bug 625014 - SubTree Renames: ModRDN operation fails and the server hangs if the \
entry is moved to "under" the same DN.
https://bugzilla.redhat.com/show_bug.cgi?id=625014
Description: adding a check if the newsuperior is the entry itself
or its descendent. If it is, modrdn returns LDAP_UNWILLING_TO_PERFORM.
(cherry picked from commit 20d1e7c8e9280e2175ca843f60a50addc096f134)
Branch: 389-ds-base-1.2.6
diff --git a/ldap/servers/slapd/modrdn.c b/ldap/servers/slapd/modrdn.c
index 6951fb0..77450ed 100644
--- a/ldap/servers/slapd/modrdn.c
+++ b/ldap/servers/slapd/modrdn.c
@@ -79,6 +79,11 @@ do_modrdn( Slapi_PBlock *pb )
int err = 0, deloldrdn = 0;
ber_len_t len = 0;
size_t dnlen = 0;
+ char *newdn = NULL;
+ char *parent = NULL;
+ Slapi_DN sdn = {0};
+ Slapi_DN snewdn = {0};
+ Slapi_DN snewsuperior = {0};
LDAPDebug( LDAP_DEBUG_TRACE, "do_modrdn\n", 0, 0, 0 );
@@ -223,6 +228,38 @@ do_modrdn( Slapi_PBlock *pb )
}
/*
+ * If newsuperior is myself or my descendent, the modrdn should fail.
+ * Note: need to check the case newrdn is given, and newsuperior
+ * uses the newrdn, as well.
+ */
+ /* Both newrdn and dn are already normalized. */
+ parent = slapi_dn_parent(dn);
+ newdn = slapi_ch_smprintf("%s,%s", newrdn, parent);
+ slapi_sdn_set_dn_byref(&sdn, dn);
+ slapi_sdn_set_dn_byref(&snewdn, newdn);
+ slapi_sdn_set_dn_byref(&snewsuperior, newsuperior);
+ if (0 == slapi_sdn_compare(&sdn, &snewsuperior) ||
+ 0 == slapi_sdn_compare(&snewdn, &snewsuperior)) {
+ op_shared_log_error_access(pb, "MODRDN", rawnewsuperior,
+ "new superior is identical to the entry dn");
+ send_ldap_result(pb, LDAP_UNWILLING_TO_PERFORM, NULL,
+ "new superior is identical to the entry dn", 0, NULL);
+ goto free_and_return;
+ }
+ if (slapi_sdn_issuffix(&snewsuperior, &sdn) ||
+ slapi_sdn_issuffix(&snewsuperior, &snewdn)) {
+ /* E.g.,
+ * newsuperior: ou=sub,ou=people,dc=example,dc=com
+ * dn: ou=people,dc=example,dc=com
+ */
+ op_shared_log_error_access(pb, "MODRDN", rawnewsuperior,
+ "new superior is descendent of the entry");
+ send_ldap_result(pb, LDAP_UNWILLING_TO_PERFORM, NULL,
+ "new superior is descendent of the entry", 0, NULL);
+ goto free_and_return;
+ }
+
+ /*
* in LDAPv3 there can be optional control extensions on
* the end of an LDAPMessage. we need to read them in and
* pass them to the backend.
@@ -244,12 +281,19 @@ do_modrdn( Slapi_PBlock *pb )
slapi_pblock_set( pb, SLAPI_MODRDN_DELOLDRDN, &deloldrdn );
op_shared_rename(pb, 1 /* pass in ownership of string arguments */ );
- return;
+ goto ok_return;
free_and_return:
slapi_ch_free_string( &dn );
slapi_ch_free_string( &newrdn );
slapi_ch_free_string( &newsuperior );
+ok_return:
+ slapi_sdn_done(&sdn);
+ slapi_sdn_done(&snewdn);
+ slapi_sdn_done(&snewsuperior);
+ slapi_ch_free_string(&parent);
+ slapi_ch_free_string(&newdn);
+
return;
}
@@ -387,7 +431,7 @@ op_shared_rename(Slapi_PBlock *pb, int passin_args)
char **rdns;
int deloldrdn;
Slapi_Backend *be = NULL;
- Slapi_DN sdn;
+ Slapi_DN sdn = {0};
Slapi_Mods smods;
char dnbuf[BUFSIZ];
char newrdnbuf[BUFSIZ];
commit 2e7494f527d35c79de2ca9e481d967d68fc2746f
Author: Noriko Hosoi <nhosoi@redhat.com>
Date: Wed Aug 11 17:06:41 2010 -0700
Bug 623118 - Simplepaged results going in infinite loop
if a sub suffix exists in the domain
https://bugzilla.redhat.com/show_bug.cgi?id=623118
Description: When paging is done on a backend, and if there are
more sub backends to be searched and paged, simple paged code is
supposed to set the next backend to connection->c_current_be.
The setting was missing.
(cherry picked from commit b44e8f4f2f5b399698e97e47e6fd211932e96719)
Branch: 389-ds-base-1.2.6
diff --git a/ldap/servers/slapd/opshared.c b/ldap/servers/slapd/opshared.c
index 29bb3ce..af6bede 100644
--- a/ldap/servers/slapd/opshared.c
+++ b/ldap/servers/slapd/opshared.c
@@ -571,6 +571,10 @@ op_shared_search (Slapi_PBlock *pb, int send_result)
curr_search_count = -1;
} else {
curr_search_count = pnentries;
+ /* no more entries, but at least another backend */
+ if (pagedresults_set_current_be(pb->pb_conn, next_be) < 0) {
+ goto free_and_return;
+ }
}
} else {
curr_search_count = pnentries;
commit 5af5b5de59522a14c52b0273e6cef0b49e0758cb
Author: Nathan Kinder <nkinder@redhat.com>
Date: Fri Oct 1 14:11:20 2010 -0700
Bug 522055 - Scope check for managed attribute fails
When using the linked attribute plug-in, an entry that is renamed
that is outside of the scope of the plug-in will cause the forward
links in other entries to be updated if they contain a managed
attribute type.
We need to check if the new DN of the renamed entry is within the
scope of the configured linked attributes before updating forward
links.
(cherry picked from commit a82f61269d69882d19b15def70de68906ed5740e)
Branch: 389-ds-base-1.2.6
diff --git a/ldap/servers/plugins/linkedattrs/linked_attrs.c \
b/ldap/servers/plugins/linkedattrs/linked_attrs.c index 822f6c0..5ac731c 100644
--- a/ldap/servers/plugins/linkedattrs/linked_attrs.c
+++ b/ldap/servers/plugins/linkedattrs/linked_attrs.c
@@ -1928,7 +1928,8 @@ linked_attrs_modrdn_post_op(Slapi_PBlock *pb)
linked_attrs_find_config_reverse(slapi_value_get_string(val),
type, &config);
- if (config) {
+ /* If the new DN is within scope, we should fixup the forward links. \
*/ + if (config && slapi_dn_issuffix(new_dn, (config->scope))) {
Slapi_ValueSet *vals = slapi_valueset_new();
slapi_valueset_add_value(vals, val);
commit 9a95211bfc3e45fa72e3229f3c64e59fa42eced2
Author: Nathan Kinder <nkinder@redhat.com>
Date: Mon Oct 18 09:33:11 2010 -0700
Bug 643937 - Initialize replication version flags
The flags used to identity the replication protocol versions for
7.1 and 9.0 are not being initialized. This can cause the wrong
protocol to be used when replicating to another server. This
patch initializes the flags to 0 when the structures are created.
(cherry picked from commit 52632d7cfbb74b98fc807a7c5b831f0f2f428c57)
Branch: 389-ds-base-1.2.6
diff --git a/ldap/servers/plugins/replication/repl5_inc_protocol.c \
b/ldap/servers/plugins/replication/repl5_inc_protocol.c index 6475eb8..b82ca8b 100644
--- a/ldap/servers/plugins/replication/repl5_inc_protocol.c
+++ b/ldap/servers/plugins/replication/repl5_inc_protocol.c
@@ -2101,6 +2101,8 @@ Repl_5_Inc_Protocol_new(Repl_Protocol *rp)
prp->private = (void *)rip;
prp->replica_acquired = PR_FALSE;
prp->repl50consumer = 0;
+ prp->repl71consumer = 0;
+ prp->repl90consumer = 0;
return prp;
loser:
repl5_inc_delete(&prp);
diff --git a/ldap/servers/plugins/replication/repl5_tot_protocol.c \
b/ldap/servers/plugins/replication/repl5_tot_protocol.c index 8e26f47..0f66eef 100644
--- a/ldap/servers/plugins/replication/repl5_tot_protocol.c
+++ b/ldap/servers/plugins/replication/repl5_tot_protocol.c
@@ -578,6 +578,8 @@ Repl_5_Tot_Protocol_new(Repl_Protocol *rp)
prp->private = (void *)rip;
prp->replica_acquired = PR_FALSE;
prp->repl50consumer = 0;
+ prp->repl71consumer = 0;
+ prp->repl90consumer = 0;
return prp;
loser:
repl5_tot_delete(&prp);
commit 54150f2102c26981a135ea3aa7461e9bcdceecdc
Author: Rich Megginson <rmeggins@redhat.com>
Date: Mon Sep 13 14:28:46 2010 -0600
Only check modrdn ops for backend/suffix correctness if not the default backend
The function slapi_mapping_tree_select_and_check() is only called for
modrdn operations, to make sure we are not attempting to rename a suffix
or move an entry from one backend to another. This defeats datainterop
plugins that may want to perform some other operation in these cases. If
the target suffix/backend is not found, the default backend is used. If
the default backend is being used, don't check for all errors, just allow
the operation to pass through to the preop plugins.
Need to make sure this doesn't cause problems if
1) null suffix is not used - entry really is bogus or doesn't exist
2) null suffix is being used but entry belongs to another null suffix or
is really bogus
Reviewed by: nhosoi (Thanks!)
Tested on: Fedora 14 x86_64
Branch: 389_1.2.6
(cherry picked from commit 09baba59e5b457efe8e0f44fc8cc7bc850ddb50c)
diff --git a/ldap/servers/slapd/mapping_tree.c b/ldap/servers/slapd/mapping_tree.c
index a67ec2a..57e214e 100644
--- a/ldap/servers/slapd/mapping_tree.c
+++ b/ldap/servers/slapd/mapping_tree.c
@@ -2291,6 +2291,7 @@ int slapi_mapping_tree_select_and_check(Slapi_PBlock *pb,char \
*newdn, Slapi_Back Slapi_DN *target_sdn = NULL;
Slapi_DN dn_newdn;
Slapi_Backend * new_be = NULL;
+ Slapi_Backend * def_be = defbackend_get_backend();
Slapi_Entry * new_referral = NULL;
mapping_tree_node *target_node;
int index;
@@ -2329,7 +2330,7 @@ int slapi_mapping_tree_select_and_check(Slapi_PBlock *pb,char \
*newdn, Slapi_Back {
/* suffix is a part of mapping tree. We should not free it */
const Slapi_DN *suffix = slapi_get_suffix_by_dn(target_sdn);
- if (NULL == suffix)
+ if ((*be != def_be) && (NULL == suffix))
{
ret = LDAP_NO_SUCH_OBJECT;
PR_snprintf(errorbuf, BUFSIZ,
@@ -2337,7 +2338,7 @@ int slapi_mapping_tree_select_and_check(Slapi_PBlock *pb,char \
*newdn, Slapi_Back slapi_sdn_get_dn(target_sdn));
goto unlock_and_return;
}
- if (0 == slapi_sdn_compare(target_sdn, suffix))
+ if (suffix && (0 == slapi_sdn_compare(target_sdn, suffix)))
{
/* target_sdn is a suffix */
const Slapi_DN *new_suffix = NULL;
commit b2921c914b7cd18569c9812dfd27b19e8a57bfe9
Author: Noriko Hosoi <nhosoi@redhat.com>
Date: Thu Sep 2 14:15:09 2010 -0700
Bug 629710 - escape_string does not check '\<HEX><HEX>'
https://bugzilla.redhat.com/show_bug.cgi?id=629710
Resolves: 629710
Description: do_escape_string (core of escape_string) converts
'\\ (backslash)' to '\5C' even if the following 2 characters are
hex digits. That is, the character is already escaped. This
patch checks the case and if it is, it does not escape it further.
(cherry picked from commit 34c0dfe8e862d86591823004150e777b1e035b6e)
Branch: 389-ds-base-1.2.6
diff --git a/ldap/servers/slapd/util.c b/ldap/servers/slapd/util.c
index fccee11..8d91813 100644
--- a/ldap/servers/slapd/util.c
+++ b/ldap/servers/slapd/util.c
@@ -73,19 +73,23 @@
static int special_np(unsigned char c)
{
- if(c < 32 || c > 126) {
- return UTIL_ESCAPE_HEX;
- } else if ((c== '"') || (c=='\\'))
- {
- return UTIL_ESCAPE_HEX;
- }
+ if (c == '\\') {
+ return UTIL_ESCAPE_BACKSLASH;
+ }
+ if (c < 32 || c > 126 || c == '"') {
+ return UTIL_ESCAPE_HEX;
+ }
return UTIL_ESCAPE_NONE;
}
static int special_np_and_punct(unsigned char c)
{
- if (c < 32 || c > 126 || c == '*') return UTIL_ESCAPE_HEX;
- if (c == '\\' || c == '"') return UTIL_ESCAPE_BACKSLASH;
+ if (c == '\\') {
+ return UTIL_ESCAPE_BACKSLASH;
+ }
+ if (c < 32 || c > 126 || c == '"' || c == '*') {
+ return UTIL_ESCAPE_HEX;
+ }
return UTIL_ESCAPE_NONE;
}
@@ -142,16 +146,26 @@ do_escape_string (
break;
}
do {
- *bufNext++ = '\\'; --bufSpace;
- if (bufSpace < 2) {
- memcpy (bufNext, "..", 2);
- bufNext += 2;
- goto bail;
- }
if (esc == UTIL_ESCAPE_BACKSLASH) {
- *bufNext++ = *s; --bufSpace;
+ /* *s is '\\' */
+ /* If *(s+1) and *(s+2) are both hex digits,
+ * the char is already escaped. */
+ if (isxdigit(*(s+1)) && isxdigit(*(s+2))) {
+ memcpy(bufNext, s, 3);
+ bufNext += 3;
+ bufSpace -= 3;
+ s += 2;
+ } else {
+ *bufNext++ = *s; --bufSpace;
+ }
} else { /* UTIL_ESCAPE_HEX */
- sprintf (bufNext, "%02x", (unsigned)*(unsigned char*)s);
+ *bufNext++ = '\\'; --bufSpace;
+ if (bufSpace < 3) {
+ memcpy(bufNext, "..", 2);
+ bufNext += 2;
+ goto bail;
+ }
+ PR_snprintf(bufNext, 3, "%02x", *(unsigned char*)s);
bufNext += 2; bufSpace -= 2;
}
} while (++s <= last &&
commit 483da62ad4ebc39faf74610f2a6fcfe3334a2b19
Author: Rich Megginson <rmeggins@redhat.com>
Date: Thu Sep 2 12:06:25 2010 -0600
use slapi_mods_init_passin/get_ldapmods_passout if modifying the smods
When using slapi_mods_init_byref/get_ldapmods_byref, the slapi_mods code
expects the Slapi_Mods to be read-only. Since the usn code adds a mod
to the list, it needs to use the slapi_mods_init_passin/get_ldapmods_passout
APIs. This avoids an assertion when using --enable-debug.
(cherry picked from commit 3c4185bb9fad50b44dc86b961d2e85535afe5e56)
Branch: 389-ds-base-1.2.6
diff --git a/ldap/servers/plugins/usn/usn.c b/ldap/servers/plugins/usn/usn.c
index 992a9ae..7dc9051 100644
--- a/ldap/servers/plugins/usn/usn.c
+++ b/ldap/servers/plugins/usn/usn.c
@@ -373,12 +373,12 @@ _usn_mod_next_usn(LDAPMod ***mods, Slapi_Backend *be)
bvals[0] = &usn_berval;
bvals[1] = NULL;
- slapi_mods_init_byref(&smods, *mods);
+ slapi_mods_init_passin(&smods, *mods);
/* bvals is duplicated by ber_bvdup in slapi_mods_add_modbvps */
slapi_mods_add_modbvps(&smods, LDAP_MOD_REPLACE | LDAP_MOD_BVALUES,
SLAPI_ATTR_ENTRYUSN, bvals);
- *mods = slapi_mods_get_ldapmods_byref(&smods);
+ *mods = slapi_mods_get_ldapmods_passout(&smods);
slapi_log_error(SLAPI_LOG_TRACE, USN_PLUGIN_SUBSYSTEM,
"<-- _usn_mod_next_usn\n");
commit 71a8c8c137ed2c5a374864390da7ca8e08cd7769
Author: Rich Megginson <rmeggins@redhat.com>
Date: Thu Aug 26 11:13:48 2010 -0600
ger should support both "dn" and "distinguishedName"
the name "dn" is being deprecated - the standard attribute name is
"distinguishedName" - ger should support both of these
(cherry picked from commit 8db7b8aa30e9cca9ab3bea380de2e81c85bb05fb)
Branch: 389-ds-base-1.2.6
diff --git a/ldap/servers/plugins/acl/acleffectiverights.c \
b/ldap/servers/plugins/acl/acleffectiverights.c index 013c088..5edce85 100644
--- a/ldap/servers/plugins/acl/acleffectiverights.c
+++ b/ldap/servers/plugins/acl/acleffectiverights.c
@@ -702,7 +702,8 @@ _ger_get_attrs_rights (
{
if (charray_inlist(allattrs, attrs[i]) ||
charray_inlist(opattrs, attrs[i]) ||
- (0 == strcasecmp(attrs[i], "dn")))
+ (0 == strcasecmp(attrs[i], "dn")) ||
+ (0 == strcasecmp(attrs[i], "distinguishedName")))
{
_ger_get_attr_rights ( gerpb, e, subjectndn, attrs[i],
gerstr, gerstrsize, gerstrcap, isfirstattr, errbuf );
commit 577d0067856879a2c38be0e9324108ce45b6d686
Author: Noriko Hosoi <nhosoi@redhat.com>
Date: Fri Oct 15 15:17:52 2010 -0700
Bug 643532 - Incorrect DNs sometimes returned on searches
https://bugzilla.redhat.com/show_bug.cgi?id=643532
Description: Some of the functions in ldbm_entryrdn.c uses
static memory for reading data from the entryrdn index, where
the static initializer should not have been used since the
memory cannot be shared among threads. This patch fixes it.
(cherry picked from commit f39aab7b4fc39a2c0797424314cfc638c33f482e)
diff --git a/ldap/servers/slapd/back-ldbm/ldbm_entryrdn.c \
b/ldap/servers/slapd/back-ldbm/ldbm_entryrdn.c index 36fbe93..4b2bad1 100644
--- a/ldap/servers/slapd/back-ldbm/ldbm_entryrdn.c
+++ b/ldap/servers/slapd/back-ldbm/ldbm_entryrdn.c
@@ -1006,7 +1006,6 @@ entryrdn_lookup_dn(backend *be,
DBC *cursor = NULL;
DB_TXN *db_txn = (txn != NULL) ? txn->back_txn_txn : NULL;
DBT key, data;
- static char buffer[RDN_BULK_FETCH_BUFFER_SIZE];
char *keybuf = NULL;
Slapi_RDN *srdn = NULL;
char *orignrdn = NULL;
@@ -1064,10 +1063,7 @@ entryrdn_lookup_dn(backend *be,
/* Setting the bulk fetch buffer */
memset(&data, 0, sizeof(data));
- data.ulen = sizeof(buffer);
- data.size = sizeof(buffer);
- data.data = buffer;
- data.flags = DB_DBT_USERMEM;
+ data.flags = DB_DBT_MALLOC;
do {
/* Setting up a key for the node to get its parent */
@@ -1131,6 +1127,7 @@ retry_get1:
workid = id_stored_to_internal(elem->rdn_elem_id);
/* 1 is byref, and the dup'ed rdn is freed with srdn */
slapi_rdn_add_rdn_to_all_rdns(srdn, slapi_ch_strdup(RDN_ADDR(elem)), 1);
+ slapi_ch_free(&data.data);
} while (workid);
if (0 == workid) {
@@ -1138,6 +1135,7 @@ retry_get1:
}
bail:
+ slapi_ch_free(&data.data);
/* Close the cursor */
if (cursor) {
int myrc = cursor->c_close(cursor);
@@ -1764,7 +1762,7 @@ _entryrdn_replace_suffix_id(DBC *cursor, DBT *key, DBT \
*adddata, char *keybuf = NULL;
char *realkeybuf = NULL;
DBT realkey;
- static char buffer[RDN_BULK_FETCH_BUFFER_SIZE];
+ char buffer[RDN_BULK_FETCH_BUFFER_SIZE];
DBT data;
DBT moddata;
rdn_elem **childelems = NULL;
@@ -2679,7 +2677,7 @@ _entryrdn_index_read(backend *be,
/* get the child elems */
if (childelems) {
- static char buffer[RDN_BULK_FETCH_BUFFER_SIZE];
+ char buffer[RDN_BULK_FETCH_BUFFER_SIZE];
slapi_ch_free_string(&keybuf);
keybuf = slapi_ch_smprintf("%c%u:%s", RDN_INDEX_CHILD, id, nrdn);
@@ -2768,7 +2766,7 @@ _entryrdn_append_childidl(DBC *cursor,
/* E.g., C5:ou=accounting */
char *keybuf = slapi_ch_smprintf("%c%u:%s", RDN_INDEX_CHILD, id, nrdn);
DBT key, data;
- static char buffer[RDN_BULK_FETCH_BUFFER_SIZE];
+ char buffer[RDN_BULK_FETCH_BUFFER_SIZE];
int rc = 0;
key.data = keybuf;
commit fc52c78f1f47371fec6f8cfd16ae491d89db0eae
Author: Rich Megginson <rmeggins@redhat.com>
Date: Thu Oct 14 17:27:46 2010 -0600
bump to version 1.2.6.2
diff --git a/VERSION.sh b/VERSION.sh
index af18f3c..19df189 100644
--- a/VERSION.sh
+++ b/VERSION.sh
@@ -10,7 +10,7 @@ vendor="389 Project"
# PACKAGE_VERSION is constructed from these
VERSION_MAJOR=1
VERSION_MINOR=2
-VERSION_MAINT=6.1
+VERSION_MAINT=6.2
# if this is a PRERELEASE, set VERSION_PREREL
# otherwise, comment it out
# be sure to include the dot prefix in the prerel
commit 998ce61617bd24b696df827fc684c9c192240702
Author: Noriko Hosoi <nhosoi@redhat.com>
Date: Mon Oct 11 16:39:54 2010 -0700
Bug 637852 - sasl_io_start_packet: failed - read only 3 bytes
of sasl packet length on connection 4
https://bugzilla.redhat.com/show_bug.cgi?id=637852
Description: A SASL packet is made from the 4 byte length and
the length size of payload. When the first 4 bytes were not
successfully received by one PR_Recv call, sasl_io_start_packet
in sasl_io.c considered an error occurred and set PR_IO_ERROR,
which terminates the SASL IO session.
To give clients a chance to send the rest of the length in the
next packet, this patch sets PR_WOULD_BLOCK_ERROR to the nspr
error code and EWOULDBLOCK/EAGAIN to errno and once the succeeding
packet comes in, it appends it to the previous incomplete length
data and continues the SASL IO.
Branch: 389-ds-base-1.2.6
cherry picked from master 310c056b2f39c534701b1ee1d1ec4755d4192f70
diff --git a/ldap/servers/slapd/sasl_io.c b/ldap/servers/slapd/sasl_io.c
index b831a86..ac0694f 100644
--- a/ldap/servers/slapd/sasl_io.c
+++ b/ldap/servers/slapd/sasl_io.c
@@ -209,11 +209,13 @@ sasl_io_start_packet(PRFileDesc *fd, PRIntn flags, \
PRIntervalTime timeout, PRInt size_t saslio_limit;
sasl_io_private *sp = sasl_get_io_private(fd);
Connection *c = sp->conn;
+ PRInt32 amount = sizeof(buffer);
*err = 0;
debug_print_layers(fd);
+ amount -= sp->encrypted_buffer_offset;
/* first we need the length bytes */
- ret = PR_Recv(fd->lower, buffer, sizeof(buffer), flags, timeout);
+ ret = PR_Recv(fd->lower, buffer, amount, flags, timeout);
LDAPDebug( LDAP_DEBUG_CONNS,
"read sasl packet length returned %d on connection %" NSPRIu64 "\n", \
ret, c->c_connid, 0 ); if (ret <= 0) {
@@ -228,49 +230,57 @@ sasl_io_start_packet(PRFileDesc *fd, PRIntn flags, \
PRIntervalTime timeout, PRInt return ret;
}
/*
- * NOTE: A better way to do this would be to read the bytes and add them to
- * sp->encrypted_buffer - if offset < 4, tell caller we didn't read enough
- * bytes yet - if offset >= 4, decode the length and proceed. However, it
- * is highly unlikely that a request to read 4 bytes will return < 4 bytes,
- * perhaps only in error conditions, in which case the ret < 0 case above
- * will run
+ * Read the bytes and add them to sp->encrypted_buffer
+ * - if offset < 4, tell caller we didn't read enough bytes yet
+ * - if offset >= 4, decode the length and proceed.
*/
if (ret < sizeof(buffer)) {
- LDAPDebug( LDAP_DEBUG_ANY,
- "sasl_io_start_packet: failed - read only %d bytes of sasl packet \
length on connection %" NSPRIu64 "\n", ret, c->c_connid, 0 );
- PR_SetError(PR_IO_ERROR, 0);
- return -1;
+ memcpy(sp->encrypted_buffer + sp->encrypted_buffer_offset, buffer, ret);
+ sp->encrypted_buffer_offset += ret;
+ if (sp->encrypted_buffer_offset < sizeof(buffer)) {
+ LDAPDebug2Args( LDAP_DEBUG_CONNS,
+ "sasl_io_start_packet: read only %d bytes of sasl packet "
+ "length on connection %" NSPRIu64 "\n", ret, c->c_connid );
+#if defined(EWOULDBLOCK)
+ errno = EWOULDBLOCK;
+#elif defined(EAGAIN)
+ errno = EAGAIN;
+#endif
+ PR_SetError(PR_WOULD_BLOCK_ERROR, errno);
+ return PR_FAILURE;
+ }
+ } else {
+ memcpy(sp->encrypted_buffer, buffer, sizeof(buffer));
+ sp->encrypted_buffer_offset = sizeof(buffer);
}
- if (ret == sizeof(buffer)) {
- /* Decode the length (could use ntohl here ??) */
- packet_length = buffer[0] << 24 | buffer[1] << 16 | buffer[2] << 8 | \
buffer[3];
- /* add length itself (for Cyrus SASL library) */
- packet_length += 4;
-
- LDAPDebug( LDAP_DEBUG_CONNS,
- "read sasl packet length %ld on connection %" NSPRIu64 "\n", \
packet_length, c->c_connid, 0 ); + /* At this point, sp->encrypted_buffer_offset \
== sizeof(buffer) */ + /* Decode the length */
+ packet_length = ntohl(*(uint32_t *)sp->encrypted_buffer);
+ /* add length itself (for Cyrus SASL library) */
+ packet_length += sizeof(uint32_t);
- /* Check if the packet length is larger than our max allowed. A
- * setting of -1 means that we allow any size SASL IO packet. */
- saslio_limit = config_get_maxsasliosize();
- if(((long)saslio_limit != -1) && (packet_length > saslio_limit)) {
- LDAPDebug( LDAP_DEBUG_ANY,
+ LDAPDebug2Args( LDAP_DEBUG_CONNS,
+ "read sasl packet length %ld on connection %" NSPRIu64 "\n",
+ packet_length, c->c_connid );
+
+ /* Check if the packet length is larger than our max allowed. A
+ * setting of -1 means that we allow any size SASL IO packet. */
+ saslio_limit = config_get_maxsasliosize();
+ if(((long)saslio_limit != -1) && (packet_length > saslio_limit)) {
+ LDAPDebug2Args( LDAP_DEBUG_ANY,
"SASL encrypted packet length exceeds maximum allowed limit \
(length=%ld, limit=%ld)."
" Change the nsslapd-maxsasliosize attribute in cn=config to \
increase limit.\n",
- packet_length, config_get_maxsasliosize(), 0);
- PR_SetError(PR_BUFFER_OVERFLOW_ERROR, 0);
- *err = PR_BUFFER_OVERFLOW_ERROR;
- return -1;
- }
-
- sasl_io_resize_encrypted_buffer(sp, packet_length);
- /* Cyrus SASL implementation expects to have the length at the first
- 4 bytes */
- memcpy(sp->encrypted_buffer, buffer, 4);
- sp->encrypted_buffer_count = packet_length;
- sp->encrypted_buffer_offset = 4;
+ packet_length, config_get_maxsasliosize() );
+ PR_SetError(PR_BUFFER_OVERFLOW_ERROR, 0);
+ *err = PR_BUFFER_OVERFLOW_ERROR;
+ return -1;
}
+ sasl_io_resize_encrypted_buffer(sp, packet_length);
+ /* Cyrus SASL implementation expects to have the length at the first
+ 4 bytes */
+ sp->encrypted_buffer_count = packet_length;
+
return 1;
}
@@ -344,7 +354,12 @@ sasl_io_recv(PRFileDesc *fd, void *buf, PRInt32 len, PRIntn \
flags, if (!sasl_io_finished_packet(sp)) {
LDAPDebug( LDAP_DEBUG_CONNS,
"sasl_io_recv for connection %" NSPRIu64 " - not finished \
reading packet yet\n", c->c_connid, 0, 0 );
- PR_SetError(PR_WOULD_BLOCK_ERROR, 0);
+#if defined(EWOULDBLOCK)
+ errno = EWOULDBLOCK;
+#elif defined(EAGAIN)
+ errno = EAGAIN;
+#endif
+ PR_SetError(PR_WOULD_BLOCK_ERROR, errno);
return PR_FAILURE;
}
/* We have the full encrypted buffer now - decrypt it */
@@ -355,6 +370,9 @@ sasl_io_recv(PRFileDesc *fd, void *buf, PRInt32 len, PRIntn \
flags,
"sasl_io_recv finished reading packet for connection %" \
NSPRIu64 "\n", c->c_connid ); /* Now decode it */
ret = sasl_decode(c->c_sasl_conn,sp->encrypted_buffer,sp->encrypted_buffer_count,&output_buffer,&output_length);
+ /* even if decode fails, need re-initialize the encrypted_buffer */
+ sp->encrypted_buffer_offset = 0;
+ sp->encrypted_buffer_count = 0;
if (SASL_OK == ret) {
LDAPDebug2Args( LDAP_DEBUG_CONNS,
"sasl_io_recv decoded packet length %d for connection %" \
NSPRIu64 "\n", output_length, c->c_connid ); @@ -363,8 +381,6 @@ \
sasl_io_recv(PRFileDesc *fd, void *buf, PRInt32 len, PRIntn flags,
memcpy(sp->decrypted_buffer,output_buffer,output_length);
sp->decrypted_buffer_count = output_length;
sp->decrypted_buffer_offset = 0;
- sp->encrypted_buffer_offset = 0;
- sp->encrypted_buffer_count = 0;
bytes_in_buffer = output_length;
}
} else {
@@ -460,7 +476,12 @@ sasl_io_send(PRFileDesc *fd, const void *buf, PRInt32 amount,
(sp->send_size - sp->send_offset) );
sp->send_offset += ret;
ret = PR_FAILURE;
- PR_SetError(PR_WOULD_BLOCK_ERROR, 0);
+#if defined(EWOULDBLOCK)
+ errno = EWOULDBLOCK;
+#elif defined(EAGAIN)
+ errno = EAGAIN;
+#endif
+ PR_SetError(PR_WOULD_BLOCK_ERROR, errno);
}
/* else - ret is error - caller will handle */
} else {
commit 009b9dd1277d2522778d1da3931e8aded01321cc
Author: Noriko Hosoi <nhosoi@redhat.com>
Date: Tue Oct 5 09:31:15 2010 -0700
Bug 639289 - Adding a new CN entry with UpperCase UTF-8 Character
https://bugzilla.redhat.com/show_bug.cgi?id=639289
Description:
There was a bug in the utf8 uppe2Lower table:
Character İ (LATIN CAPITAL LETTER I WITH DOT ABOVE) did not map
to the corresponding LATIN SMALL LETTER DOTLESS I (2 bytes) but
to ascii 'i' (1 byte). The shortened DN tailed with a garbage
character and the entry was treated as an orphan entry which does
not belong to any suffix.
This patch fixes the mapping table mismatch as well as adds a code
to dn_ignore_case_to_end to force to NULL terminate the converted
string.
Branch: 389-ds-base-1.2.6
(cherry picked from commit 76c33394c21a64a7c20047f72196b31dfdf233f0)
diff --git a/ldap/servers/slapd/dn.c b/ldap/servers/slapd/dn.c
index e50ec76..172a829 100644
--- a/ldap/servers/slapd/dn.c
+++ b/ldap/servers/slapd/dn.c
@@ -1240,6 +1240,9 @@ dn_ignore_case_to_end( char *dn, char *end )
s += ssz, d += dsz) {
slapi_utf8ToLower( s, d, &ssz, &dsz );
}
+ if (d) {
+ *d = '\0'; /* utf8ToLower result may be shorter than the original */
+ }
return( dn );
}
diff --git a/ldap/servers/slapd/utf8compare.c b/ldap/servers/slapd/utf8compare.c
index 5d28b8c..12cdf22 100644
--- a/ldap/servers/slapd/utf8compare.c
+++ b/ldap/servers/slapd/utf8compare.c
@@ -133,7 +133,7 @@ UpperLowerTbl_t Upper2LowerTbl21[] = {
{"\304\252", "\304\253", 2},
{"\304\254", "\304\255", 2},
{"\304\256", "\304\257", 2},
- {"\304\260", "\151", 1},
+ {"\304\260", "\304\261", 2},
{"\304\262", "\304\263", 2},
{"\304\264", "\304\265", 2},
{"\304\266", "\304\267", 2},
[Attachment #3 (text/plain)]
--
389 commits mailing list
389-commits@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-commits
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic