[Fedora-directory-commits] dsgw/config orgchart.tmpl,NONE,1.1
by Doctor Conrad
Author: nkinder
Update of /cvs/dirsec/dsgw/config
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv20288/config
Added Files:
orgchart.tmpl
Log Message:
Added orgchart to dsgw.
--- NEW FILE orgchart.tmpl ---
#
# BEGIN COPYRIGHT BLOCK
# This Program is free software; you can redistribute it and/or modify it under
# the terms of the GNU General Public License as published by the Free Software
# Foundation; version 2 of the License.
#
# This Program is distributed in the hope that it will be useful, but WITHOUT
# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
# FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License along with
# this Program; if not, write to the Free Software Foundation, Inc., 59 Temple
# Place, Suite 330, Boston, MA 02111-1307 USA.
#
# In addition, as a special exception, Red Hat, Inc. gives You the additional
# right to link the code of this Program with code not covered under the GNU
# General Public License ("Non-GPL Code") and to distribute linked combinations
# including the two, subject to the limitations in this paragraph. Non-GPL Code
# permitted under this exception must only link to the code of this Program
# through those well defined interfaces identified in the file named EXCEPTION
# found in the source code files (the "Approved Interfaces"). The files of
# Non-GPL Code may instantiate templates or use macros or inline functions from
# the Approved Interfaces without causing the resulting work to be covered by
# the GNU General Public License. Only Red Hat, Inc. may make changes or
# additions to the list of Approved Interfaces. You must obey the GNU General
# Public License in all respects for all of the Program code and other code used
# in conjunction with the Program except the Non-GPL Code covered by this
# exception. If you modify this file, you may extend this exception to your
# version of the file, but you are not obligated to do so. If you do not wish to
# provide this exception without modification, you must delete this exception
# statement from your version and license this file solely under the GPL without
# exception.
#
#
# Copyright (C) 2005 Red Hat, Inc.
# All rights reserved.
# END COPYRIGHT BLOCK
#
#############
#
#
# Configuration file for Directory Server Org Chart
# ----------------------------------------------------------
#
#
#############
#
# Blank lines in this file, as well as lines that
# start with at least one "#" character, are both ignored.
#
#
# Name/Value pairs below are (and need to be) separated with
# one or more tabs (or spaces)
#
#ldap-host localhost
#ldap-port 389
#ldap-search-base dc=example,dc=com
ldap-host @host@
ldap-port @port@
ldap-search-base @suffix@
#
# If you would like to have the phonebook icon visible, you must
# supply the partial phonebook URL below, which will have each
# given user's DN attribute value concatenated to the end.
#
# For example, you could specify below something close to:
#
# url-phonebook-base http://hostname.domain.com/dsgw/bin/dosearch?context=default&hp=localhost...
#
#
# A name that has no value after it equates to "" for the value,
# like the two below settings.
#
# Not listing an entire name/value pair at all in this file
# sets its value to "" as well.
#
# So the below two names therefore don't even need to be in this file
# (but are here to show them as possible options that can be changed).
#
# Having no value below for "ldap-bind-dn" and "ldap-bind-pass"
# indicates that you want anonymous binding to the LDAP server.
#
ldap-bind-dn
ldap-bind-pass
#
# Allowed values for below icon-related setting:
#
# forefront means show this icon next to the person's name
# layer means show this icon inside the person's floating layer
# no means never show this icon anywhere, but MyOrgChart settings can override this setting.
# disabled means never show this icon. Period. So MyOrgChart will not even show this icon as a setting.
#
icons-aim-visible disabled
icons-email-visible layer
#icons-phonebook-visible forefront
icons-phonebook-visible disabled
icons-locator-visible disabled
#
# There is also the same concept below for a person-locator
# type application, to show graphically where a given employee's office is located.
# You also specify the partial URL, up until where the user's URL-
# encoded cn value will be concatenated.
#
# url-locator-base http://hostname.domain.com/submit.cgi?empfullname=
#
#
# This is where you specify which specific LDAP attributes
# from your LDAP server that you would like used for both org chart
# generation as well as final display values.
#
# The value of the attribute specified for "attrib-job-title" will
# be listed below anybody's name that is listed in their own box.
# If you don't specify this setting in this file, the default used
# will be "title".
#
# For "attrib-farleft-rdn", this specifies which attribute you are
# using as the leftmost RDN for the DN's of your user entries.
#
attrib-job-title title
attrib-manager manager
attrib-farleft-rdn uid
#
# This is where you specify the maximum levels that are allowed
# to be generated for any given org chart, and the MyOrgChart version
# of this setting will never be allowed to be higher than the below.
#
# A "level" is defined as a reporting level, meaning that if you
# generate an org chart for a given director, all direct reports to him
# (whether they have people below them or not) are level 1, people below
# any of them are level 2, etc.
#
# So a setting of 1 would list the full name of the user entered, and
# then just people that directly report to that person only.
#
# The purpose of having this configuration setting is to give you
# control over users that may try to generate an org chart on the
# CEO of a company, and heavily tax the LDAP server to generate
# an org chart that may be thousands of people deep.
#
# If this setting is not listed below, the default is 3.
#
# The valid range of values for this setting would be a minimum of 1,
# with no hard-coded maximum.
#
max-levels-drawn 3
#
# The below setting relates to whether a specific assumption should be made
# on all values that you currently have stored for your manager LDAP attribute.
#
# The assumption: That all user entries are stored in LDAP on the
# same flat level location, at least for a given
# group of people that org charts will be generated for.
#
# So when you enter:
#
# Steve Jones
#
# to generate an org chart on, which let's say equates to this DN:
#
# uid=sjones, ou=People, dc=acme, dc=com
#
# then should this application assume that the manager attrib value
# of this entry is in this same location as Steve Jones:
#
# manager = "uid=XXXXXX, ou=People, dc=acme, dc=com"
#
# or is it possible that the manager's LDAP entry is at another level?
#
#
# The below two options for this setting specifies one of two scenarios,
# based on how you have configured your directory information tree:
#
#
# Either the value:
#
# same This means assume the same location (such as
# "ou=People, dc=acme, dc=com" above) that the inital
# user entry is found at for all subsequent entries
# involved in drawing that given org chart.
#
# In other words, this setting assumes a totally
# flat namespace, at least for all users that will
# be in a given generated org chart.
#
# search This means there is no guarantee that other entries
# that need to be discovered to draw the org chart
# are in the same area of the directory tree, so when
# searching the manager attribute DN values for a given
# exact uid, search like this instead:
#
# manager = "uid=sjones,*"
#
# This will be much more expensive of a search, so
# if you fit this scenario, at least make sure on your LDAP
# server that you have the substring index created for your
# manager attribute, to make drawing the org chart as fast
# as possible.
#
# Default value (if this setting is not listed in this file): same
#
manager-DN-location same
#
# This setting helps you configure against users entering LDAP
# queries for "A" or "MI" and then taxing the LDAP server by asking
# for thousands of search results back.
#
# The value you specify below for "min-chars-searchstring" means
# that the user must enter AT LEAST this many characters for
# their request to even make it to the LDAP server. If they type
# less characters than this setting, they will get a message that
# they need to enter at least X characters to search, where X will
# be the below value.
#
# NOTE: This setting purposely does not apply to allowing a user
# to search for an exact UID (to avoid search results). The logic
# is that:
#
# [1] Search LDAP for an equality search of (uid=XXXX), regardless
# of both this below setting / how many characters were entered.
#
# [2] If this single LDAP entry was not found, then make sure the
# number of characters entered for the search are at least the below
# number of characters, before sending a broader search to LDAP.
#
# If this setting is not configured below (the line is absent),
# the default value used is 4.
min-chars-searchstring 4
# Allowed characters in search filters. If the user enters a search that
# contains a character not in the allowed-filter-chars list, the user
# will be notified the search needs to be modified.
allowed-filter-chars abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789 _-
16 years, 5 months
[Fedora-directory-commits] ldapserver/ldap/servers/slapd attrsyntax.c, 1.4, 1.4.2.1 dn.c, 1.6.2.2, 1.6.2.3 libslapd.def, 1.11.2.3, 1.11.2.4 slapi-plugin.h, 1.8.2.1, 1.8.2.2
by Doctor Conrad
Author: nhosoi
Update of /cvs/dirsec/ldapserver/ldap/servers/slapd
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv10506/slapd
Modified Files:
Tag: Directory71RtmBranch
attrsyntax.c dn.c libslapd.def slapi-plugin.h
Log Message:
Resolves: #288321
Summary: ns-slapd aborts during updating attribute values which contain +
characters with nothing after them
Description: applied the patch to Directory71RtmBranch
Index: attrsyntax.c
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/attrsyntax.c,v
retrieving revision 1.4
retrieving revision 1.4.2.1
diff -u -r1.4 -r1.4.2.1
--- attrsyntax.c 19 Apr 2005 22:07:36 -0000 1.4
+++ attrsyntax.c 11 Jan 2008 20:52:46 -0000 1.4.2.1
@@ -726,6 +726,22 @@
}
}
+/* Returns the oid of the syntax of the Slapi_Attr that's passed in.
+ * The caller must dispose of oid by calling slapi_ch_free_string(). */
+int
+slapi_attr_get_syntax_oid_copy( const Slapi_Attr *a, char **oidp )
+{
+ void *pi = NULL;
+
+ if (a && (slapi_attr_type2plugin(a->a_type, &pi) == 0)) {
+ *oidp = slapi_ch_strdup(plugin_syntax2oid(pi));
+ return( 0 );
+ } else {
+ *oidp = NULL;
+ return( -1 );
+ }
+}
+
#ifdef ATTR_LDAP_DEBUG
PRIntn
Index: dn.c
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/dn.c,v
retrieving revision 1.6.2.2
retrieving revision 1.6.2.3
diff -u -r1.6.2.2 -r1.6.2.3
--- dn.c 2 Mar 2006 01:12:25 -0000 1.6.2.2
+++ dn.c 11 Jan 2008 20:52:46 -0000 1.6.2.3
@@ -337,7 +337,13 @@
/*
* Track and sort attribute values within multivalued RDNs.
*/
- if ( rdn_av_count > 0 ) {
+ /* We may still be in an unexpected state, such as B4TYPE if
+ * we encountered something odd like a '+' at the end of the
+ * rdn. If this is the case, we don't want to add this bogus
+ * rdn to our list to sort. We should only be in the INVALUE
+ * or B4SEPARATOR state if we have a valid rdn component to
+ * be added. */
+ if ((rdn_av_count > 0) && ((state == INVALUE) || (state == B4SEPARATOR))) {
add_rdn_av( typestart, d, &rdn_av_count,
&rdn_avs, initial_rdn_av_stack );
}
@@ -347,7 +353,6 @@
if ( rdn_av_count > 0 ) {
reset_rdn_avs( &rdn_avs, &rdn_av_count );
}
-
/* Trim trailing spaces */
while ( d != dn && *(d - 1) == ' ' ) d--; /* XXX 518524 */
Index: libslapd.def
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/libslapd.def,v
retrieving revision 1.11.2.3
retrieving revision 1.11.2.4
diff -u -r1.11.2.3 -r1.11.2.4
--- libslapd.def 19 Mar 2006 21:20:45 -0000 1.11.2.3
+++ libslapd.def 11 Jan 2008 20:52:46 -0000 1.11.2.4
@@ -1180,3 +1180,4 @@
sasl_map_done @1179
slapd_SECITEM_FreeItem @1180
slapi_op_type_to_string @1181
+ slapi_attr_get_syntax_oid_copy @1182
Index: slapi-plugin.h
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/slapi-plugin.h,v
retrieving revision 1.8.2.1
retrieving revision 1.8.2.2
diff -u -r1.8.2.1 -r1.8.2.2
--- slapi-plugin.h 2 Mar 2006 01:12:25 -0000 1.8.2.1
+++ slapi-plugin.h 11 Jan 2008 20:52:46 -0000 1.8.2.2
@@ -391,6 +391,7 @@
int slapi_attr_type2plugin( const char *type, void **pi );
int slapi_attr_get_type( Slapi_Attr *attr, char **type );
int slapi_attr_get_oid_copy( const Slapi_Attr *attr, char **oidp );
+int slapi_attr_get_syntax_oid_copy( const Slapi_Attr *a, char **oidp );
int slapi_attr_get_flags( const Slapi_Attr *attr, unsigned long *flags );
int slapi_attr_flag_is_set( const Slapi_Attr *attr, unsigned long flag );
int slapi_attr_value_cmp( const Slapi_Attr *attr, const struct berval *v1, const struct berval *v2 );
16 years, 5 months
[Fedora-directory-commits] ldapserver/ldap/servers/plugins/acl acl.c, 1.6, 1.6.2.1
by Doctor Conrad
Author: nhosoi
Update of /cvs/dirsec/ldapserver/ldap/servers/plugins/acl
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv10506/plugins/acl
Modified Files:
Tag: Directory71RtmBranch
acl.c
Log Message:
Resolves: #288321
Summary: ns-slapd aborts during updating attribute values which contain +
characters with nothing after them
Description: applied the patch to Directory71RtmBranch
Index: acl.c
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/servers/plugins/acl/acl.c,v
retrieving revision 1.6
retrieving revision 1.6.2.1
diff -u -r1.6 -r1.6.2.1
--- acl.c 19 Apr 2005 22:07:28 -0000 1.6
+++ acl.c 11 Jan 2008 20:52:46 -0000 1.6.2.1
@@ -107,7 +107,7 @@
Slapi_PBlock *pb,
Slapi_Entry *e, /* The Slapi_Entry */
char *attr, /* Attribute of the entry */
- struct berval *val, /* value of attr. NOT USED */
+ struct berval *val, /* value of attr */
int access /* requested access rights */
)
{
@@ -337,20 +337,32 @@
TNF_PROBE_0_DEBUG(acl_aclpbinit_end,"ACL","");
- /* Here we mean if "I am trying to add/delete "myself" ? " */
+ /* Here we mean if "I am trying to add/delete "myself" to a group, etc." We
+ * basically just want to see if the value matches the DN of the user that
+ * we're checking access for */
if (val && (access & SLAPI_ACL_WRITE) && (val->bv_len > 0) ) {
- /* should use slapi_sdn_compare() but that'a an extra malloc/free */
+ Slapi_Attr *sa = slapi_attr_new();
+ char *oid = NULL;
- char *dn_val_to_write =
- slapi_dn_normalize(slapi_ch_strdup(val->bv_val));
+ slapi_attr_init(sa, attr);
+ slapi_attr_get_syntax_oid_copy(sa, &oid);
- if ( aclpb->aclpb_authorization_sdn &&
- slapi_utf8casecmp((ACLUCHP)dn_val_to_write, (ACLUCHP)
- slapi_sdn_get_ndn(aclpb->aclpb_authorization_sdn)) == 0) {
- access |= SLAPI_ACL_SELF;
- }
+ /* We only want to perform this check if the attribute is
+ * defined using the DN syntax. */
+ if (oid && (strcasecmp(oid, DN_SYNTAX_OID) == 0)) {
+ /* should use slapi_sdn_compare() but that'a an extra malloc/free */
+ char *dn_val_to_write = slapi_dn_normalize(slapi_ch_strdup(val->bv_val));
+ if ( aclpb->aclpb_authorization_sdn &&
+ slapi_utf8casecmp((ACLUCHP)dn_val_to_write, (ACLUCHP)
+ slapi_sdn_get_ndn(aclpb->aclpb_authorization_sdn)) == 0) {
+ access |= SLAPI_ACL_SELF;
+ }
- slapi_ch_free( (void **)&dn_val_to_write);
+ slapi_ch_free_string(&dn_val_to_write);
+ }
+
+ slapi_ch_free_string(&oid);
+ slapi_attr_free(&sa);
}
/* Convert access to string of rights eg SLAPI_ACL_ADD->"add". */
16 years, 5 months
[Fedora-directory-commits] ldapserver/ldap/servers/slapd/back-ldbm index.c, 1.5.2.1, 1.5.2.2
by Doctor Conrad
Author: nhosoi
Update of /cvs/dirsec/ldapserver/ldap/servers/slapd/back-ldbm
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv8765/slapd/back-ldbm
Modified Files:
Tag: Directory71RtmBranch
index.c
Log Message:
Resolves: #219586
Summary: Slapi_Value memory leak in index code
Description: applied the patch to Directory71RtmBranch
Index: index.c
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/back-ldbm/index.c,v
retrieving revision 1.5.2.1
retrieving revision 1.5.2.2
diff -u -r1.5.2.1 -r1.5.2.2
--- index.c 26 Aug 2005 15:44:36 -0000 1.5.2.1
+++ index.c 11 Jan 2008 20:05:14 -0000 1.5.2.2
@@ -527,7 +527,8 @@
slapi_entry_attr_find( olde->ep_entry, mods[i]->mod_type, &curr_attr );
if ( mods_valueArray != NULL ) {
for ( j = 0; mods_valueArray[j] != NULL; j++ ) {
- valuearray_remove_value(curr_attr, evals, mods_valueArray[j]);
+ Slapi_Value *rval = valuearray_remove_value(curr_attr, evals, mods_valueArray[j]);
+ slapi_value_free( &rval );
}
}
@@ -541,7 +542,8 @@
}
} else {
/* Remove duplicate value from deleted value array */
- valuearray_remove_value(curr_attr, deleted_valueArray, deleted_valueArray[j]);
+ Slapi_Value *rval = valuearray_remove_value(curr_attr, deleted_valueArray, deleted_valueArray[j]);
+ slapi_value_free( &rval );
j--;
}
}
@@ -607,7 +609,8 @@
}
} else {
/* Remove duplicate value from the mod list */
- valuearray_remove_value(curr_attr, deleted_valueArray, deleted_valueArray[j]);
+ Slapi_Value *rval = valuearray_remove_value(curr_attr, deleted_valueArray, deleted_valueArray[j]);
+ slapi_value_free( &rval );
j--;
}
}
16 years, 5 months
[Fedora-directory-commits] ldapserver/ldap/servers/slapd/back-ldbm ldbm_search.c, 1.6.2.1, 1.6.2.2
by Doctor Conrad
Author: nhosoi
Update of /cvs/dirsec/ldapserver/ldap/servers/slapd/back-ldbm
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv554/slapd/back-ldbm
Modified Files:
Tag: Directory71RtmBranch
ldbm_search.c
Log Message:
Resolves: #204808
Summary: spurious search timeouts
Description: applied the patch to Directory71RtmBranch
Index: ldbm_search.c
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/back-ldbm/ldbm_search.c,v
retrieving revision 1.6.2.1
retrieving revision 1.6.2.2
diff -u -r1.6.2.1 -r1.6.2.2
--- ldbm_search.c 24 May 2006 20:46:45 -0000 1.6.2.1
+++ ldbm_search.c 11 Jan 2008 19:20:24 -0000 1.6.2.2
@@ -422,7 +422,7 @@
if (sort && (NULL != candidates))
{
time_t optime = 0;
- time_t tlimit = 0;
+ int tlimit = 0;
slapi_pblock_get( pb, SLAPI_SEARCH_TIMELIMIT, &tlimit );
slapi_pblock_get( pb, SLAPI_OPINITIATED_TIME, &optime );
16 years, 5 months
[Fedora-directory-commits] ldapserver/ldap/servers/plugins/chainingdb cb_search.c, 1.5, 1.5.2.1
by Doctor Conrad
Author: nhosoi
Update of /cvs/dirsec/ldapserver/ldap/servers/plugins/chainingdb
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv554/plugins/chainingdb
Modified Files:
Tag: Directory71RtmBranch
cb_search.c
Log Message:
Resolves: #204808
Summary: spurious search timeouts
Description: applied the patch to Directory71RtmBranch
Index: cb_search.c
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/servers/plugins/chainingdb/cb_search.c,v
retrieving revision 1.5
retrieving revision 1.5.2.1
diff -u -r1.5 -r1.5.2.1
--- cb_search.c 19 Apr 2005 22:07:29 -0000 1.5
+++ cb_search.c 11 Jan 2008 19:20:23 -0000 1.5.2.1
@@ -179,7 +179,7 @@
slapi_pblock_set( pb, SLAPI_SEARCH_RESULT_ENTRY, NULL );
return 1;
}
- timeout.tv_sec=timelimit-(now-optime);
+ timeout.tv_sec=(time_t)timelimit-(now-optime);
timeout.tv_usec=0;
}
@@ -414,7 +414,10 @@
{
char *target;
- int sizelimit,timelimit, rc, parse_rc, optime,i,retcode, attrsonly;
+ int sizelimit, timelimit;
+ int rc, parse_rc, retcode;
+ int i, attrsonly;
+ time_t optime;
LDAPMessage *res=NULL;
char *matched_msg,*error_msg;
cb_searchContext *ctx=NULL;
16 years, 5 months
[Fedora-directory-commits] ldapserver/ldap/servers/slapd/back-ldif search.c, 1.4, 1.4.2.1
by Doctor Conrad
Author: nhosoi
Update of /cvs/dirsec/ldapserver/ldap/servers/slapd/back-ldif
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv554/slapd/back-ldif
Modified Files:
Tag: Directory71RtmBranch
search.c
Log Message:
Resolves: #204808
Summary: spurious search timeouts
Description: applied the patch to Directory71RtmBranch
Index: search.c
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/back-ldif/search.c,v
retrieving revision 1.4
retrieving revision 1.4.2.1
diff -u -r1.4 -r1.4.2.1
--- search.c 19 Apr 2005 22:07:39 -0000 1.4
+++ search.c 11 Jan 2008 19:20:24 -0000 1.4.2.1
@@ -143,7 +143,7 @@
/*Make sure we're not exceeding our time limit...*/
currtime = time(&dummy);
- if ((tlimit > 0) && ((currtime - optime) > tlimit)){
+ if ((tlimit > 0) && ((currtime - optime) > (time_t)tlimit)){
slapi_send_ldap_result( pb, LDAP_TIMELIMIT_EXCEEDED, NULL, NULL, nentries, NULL);
/*We "hit" the cache*/
16 years, 5 months
[Fedora-directory-commits] ldapserver/ldap/servers/slapd pblock.c, 1.4, 1.4.2.1
by Doctor Conrad
Author: nhosoi
Update of /cvs/dirsec/ldapserver/ldap/servers/slapd
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv554/slapd
Modified Files:
Tag: Directory71RtmBranch
pblock.c
Log Message:
Resolves: #204808
Summary: spurious search timeouts
Description: applied the patch to Directory71RtmBranch
Index: pblock.c
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/pblock.c,v
retrieving revision 1.4
retrieving revision 1.4.2.1
diff -u -r1.4 -r1.4.2.1
--- pblock.c 19 Apr 2005 22:07:36 -0000 1.4
+++ pblock.c 11 Jan 2008 19:20:24 -0000 1.4.2.1
@@ -338,7 +338,7 @@
(*(int *)value) = pblock->pb_op->o_params.operation_type;
break;
case SLAPI_OPINITIATED_TIME:
- (*(int *)value) = pblock->pb_op->o_time;
+ (*(time_t *)value) = pblock->pb_op->o_time;
break;
case SLAPI_REQUESTOR_ISROOT:
(*(int *)value) = pblock->pb_requestor_isroot;
16 years, 5 months