[Fedora-directory-commits] dsgw/tests/edit testget.13,1.1,1.2
by Doctor Conrad
Author: rmeggins
Update of /cvs/dirsec/dsgw/tests/edit
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv30811/dsgw/tests/edit
Modified Files:
testget.13
Log Message:
1) There were several places where DSGW would output and eval arbitrary javascript code passed in a CGI parameter. These have been replaced with resource strings. In all cases the values were output escaped, but still, we shouldn't be passing around bits of javascript code to execute.
2) ICU provides a function which can parse the HTTP_ACCEPT_LANGUAGE string and return the most appropriate locale, so we should use that for date calculation.
3) Found a couple of places where uninitialized values could be used, and fixed them.
4) Used PR_smprintf to simplify some strlen+malloc+strcpy+strcat code.
5) dsgw_get_cgi_var will check for NULL input
6) Do not pass in the ldap host and port in form parameters. Always just use the values from the config file.
7) Added many new tests and valgrind suppressions (almost all from ICU)
Index: testget.13
===================================================================
RCS file: /cvs/dirsec/dsgw/tests/edit/testget.13,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- testget.13 7 Feb 2008 22:46:57 -0000 1.1
+++ testget.13 27 Feb 2008 03:36:53 -0000 1.2
@@ -1 +1 @@
-info=&dn=uid=newuser,ou=people,dc=example,dc=com&dnattr=uid&dndesc=u i d&add=1&tmplname=person
\ No newline at end of file
+info=<SCRIPT language=JavaScript>You've just been p0wned!</SCRIPT>&dn=uid=newuser,ou=people,dc=example,dc=com&dnattr=uid&dndesc=u i d&add=1&tmplname=person
\ No newline at end of file
16 years, 1 month
[Fedora-directory-commits] dsgw/tests/dosearch testget.1, NONE, 1.1 testget.10, NONE, 1.1 testget.2, NONE, 1.1 testget.3, NONE, 1.1 testget.4, NONE, 1.1 testget.5, NONE, 1.1 testget.6, NONE, 1.1 testget.7, NONE, 1.1 testget.8, NONE, 1.1 testget.9, NONE, 1.1 testpost.1, NONE, 1.1 testpost.2, NONE, 1.1 testpost.3, NONE, 1.1 testpost.4, NONE, 1.1 testpost.5, NONE, 1.1 testpost.6, NONE, 1.1 testpost.7, NONE, 1.1 testpost.8, NONE, 1.1
by Doctor Conrad
Author: rmeggins
Update of /cvs/dirsec/dsgw/tests/dosearch
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv30811/dsgw/tests/dosearch
Added Files:
testget.1 testget.10 testget.2 testget.3 testget.4 testget.5
testget.6 testget.7 testget.8 testget.9 testpost.1 testpost.2
testpost.3 testpost.4 testpost.5 testpost.6 testpost.7
testpost.8
Log Message:
1) There were several places where DSGW would output and eval arbitrary javascript code passed in a CGI parameter. These have been replaced with resource strings. In all cases the values were output escaped, but still, we shouldn't be passing around bits of javascript code to execute.
2) ICU provides a function which can parse the HTTP_ACCEPT_LANGUAGE string and return the most appropriate locale, so we should use that for date calculation.
3) Found a couple of places where uninitialized values could be used, and fixed them.
4) Used PR_smprintf to simplify some strlen+malloc+strcpy+strcat code.
5) dsgw_get_cgi_var will check for NULL input
6) Do not pass in the ldap host and port in form parameters. Always just use the values from the config file.
7) Added many new tests and valgrind suppressions (almost all from ICU)
--- NEW FILE testget.1 ---
--- NEW FILE testget.10 ---
dn=cn=monitor&displaytemplate=person
--- NEW FILE testget.2 ---
ldq=foo?bar?baz?biff
--- NEW FILE testget.3 ---
ldq=objectclass
--- NEW FILE testget.4 ---
dn=cn=config
--- NEW FILE testget.5 ---
dn=entrydoesnotexist
--- NEW FILE testget.6 ---
dn=cn=config&ldq=?sub?(objectclass=nsbackendinstance)
--- NEW FILE testget.7 ---
dn=cn=config&ldq=?&sub=?(&objectclass=%3Dnsbackendinstance)
--- NEW FILE testget.8 ---
dn=cn=config&ldq=objectclass,cn,modifyTimestamp
--- NEW FILE testget.9 ---
dn=cn=monitor&displaytemplate=doesnotexist
--- NEW FILE testpost.1 ---
--- NEW FILE testpost.2 ---
mode=unknownmode&searchstring=searchstring&type=type&base=cn=config&listifone=true&editable=true&link2edit=true&dnlist_js=true
--- NEW FILE testpost.3 ---
mode=auth&searchstring=scarter&type=type&base=cn=config&listifone=true&editable=true&link2edit=true&dnlist_js=true
--- NEW FILE testpost.4 ---
mode=pattern&searchstring=scarter&type=person&base=dc=example,dc=com&listifone=true&editable=true&link2edit=true&dnlist_js=true&attr=objectclass&filterpattern=*
--- NEW FILE testpost.5 ---
mode=pattern&searchstring=scarter&type=People&base=dc=example,dc=com&listifone=true&editable=true&link2edit=true&dnlist_js=true&attr=objectclass&filterpattern=*
--- NEW FILE testpost.6 ---
mode=pattern&searchstring=scarter&type=People&base=dc=example,dc=com&listifone=true&editable=true&link2edit=true&dnlist_js=true&attr=user id&filterpattern=uid=scarter&filterprefix=(|(&filtersuffix=)(objectclass=top))&searchdesc=This is the searchdesc field
--- NEW FILE testpost.7 ---
mode=smart&searchstring=scarter&type=People&base=dc=example,dc=com&listifone=true&editable=true&link2edit=true&dnlist_js=true
--- NEW FILE testpost.8 ---
mode=complex&searchstring=scarter&type=People&base=dc=example,dc=com&listifone=true&editable=true&link2edit=true&dnlist_js=true&attr=user id&match=is&searchdesc=This is the searchdesc field
16 years, 1 month
[Fedora-directory-commits] dsgw/tests/doauth testpost.4,1.1,1.2
by Doctor Conrad
Author: rmeggins
Update of /cvs/dirsec/dsgw/tests/doauth
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv30811/dsgw/tests/doauth
Modified Files:
testpost.4
Log Message:
1) There were several places where DSGW would output and eval arbitrary javascript code passed in a CGI parameter. These have been replaced with resource strings. In all cases the values were output escaped, but still, we shouldn't be passing around bits of javascript code to execute.
2) ICU provides a function which can parse the HTTP_ACCEPT_LANGUAGE string and return the most appropriate locale, so we should use that for date calculation.
3) Found a couple of places where uninitialized values could be used, and fixed them.
4) Used PR_smprintf to simplify some strlen+malloc+strcpy+strcat code.
5) dsgw_get_cgi_var will check for NULL input
6) Do not pass in the ldap host and port in form parameters. Always just use the values from the config file.
7) Added many new tests and valgrind suppressions (almost all from ICU)
Index: testpost.4
===================================================================
RCS file: /cvs/dirsec/dsgw/tests/doauth/testpost.4,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- testpost.4 7 Feb 2008 22:46:57 -0000 1.1
+++ testpost.4 27 Feb 2008 03:36:51 -0000 1.2
@@ -1 +1 @@
-authdesturl=_authdesturl_param_
\ No newline at end of file
+authdesturl=http://badhost
\ No newline at end of file
16 years, 1 month
[Fedora-directory-commits] dsgw/tests setup.sh, 1.4, 1.5 valgrind.supp, 1.1, 1.2
by Doctor Conrad
Author: rmeggins
Update of /cvs/dirsec/dsgw/tests
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv30811/dsgw/tests
Modified Files:
setup.sh valgrind.supp
Log Message:
1) There were several places where DSGW would output and eval arbitrary javascript code passed in a CGI parameter. These have been replaced with resource strings. In all cases the values were output escaped, but still, we shouldn't be passing around bits of javascript code to execute.
2) ICU provides a function which can parse the HTTP_ACCEPT_LANGUAGE string and return the most appropriate locale, so we should use that for date calculation.
3) Found a couple of places where uninitialized values could be used, and fixed them.
4) Used PR_smprintf to simplify some strlen+malloc+strcpy+strcat code.
5) dsgw_get_cgi_var will check for NULL input
6) Do not pass in the ldap host and port in form parameters. Always just use the values from the config file.
7) Added many new tests and valgrind suppressions (almost all from ICU)
Index: setup.sh
===================================================================
RCS file: /cvs/dirsec/dsgw/tests/setup.sh,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -r1.4 -r1.5
--- setup.sh 19 Feb 2008 15:20:22 -0000 1.4
+++ setup.sh 27 Feb 2008 03:36:51 -0000 1.5
@@ -1,7 +1,7 @@
#!/bin/sh
testdir="$1"
-sroot=/NotBackedUp/$USER/11srv
+sroot=/home/$USER/11srv
port=1100
secport=1101
rootdn="cn=directory manager"
@@ -32,7 +32,7 @@
fi
if [ "$needdata" ] ; then
-$sroot/lib/dirsrv/slapd-localhost/ldif2db.pl -D "$rootdn" -w "$rootpw" -n userRoot -i $sroot/share/dirsrv/data/Example.ldif
+$sroot/lib/dirsrv/slapd-vmhost/ldif2db.pl -D "$rootdn" -w "$rootpw" -n userRoot -i $sroot/share/dirsrv/data/Example.ldif
sleep 10
fi
@@ -81,8 +81,6 @@
#export ADMSERV_CONF_DIR
#ADMSERV_LOG_DIR=$dir/testtmp
#export ADMSERV_LOG_DIR
-HTTP_ACCEPT_LANGUAGE=en
-export HTTP_ACCEPT_LANGUAGE
SERVER_URL=http://localhost
export SERVER_URL
@@ -98,17 +96,19 @@
#VGPREFIX="valgrind --tool=memcheck --leak-check=yes --suppressions=$HOME/valgrind.supp --num-callers=40 --suppressions=$testdir/valgrind.supp "
# These are CGI programs - they assume they will run for a very short period of time - they use exit() instead of free() :P
VGPREFIX="valgrind --tool=memcheck --leak-check=no --suppressions=$HOME/valgrind.supp --num-callers=40 --suppressions=$testdir/valgrind.supp "
-#GDB="gdb -x .gdbinit "
+GDB="gdb -x .gdbinit "
DEBUGCMD=VALGRIND
#DEBUGCMD="$GDB"
-PROGS="dnedit"
+PROGS="lang"
# use scripts for orgchart perl scripts
SCRIPTS=""
#ClientLanguage=en_US ; export ClientLanguage
HTTP_ACCEPT_LANGUAGE=en_US ; export HTTP_ACCEPT_LANGUAGE
+#HTTP_COOKIE='nsdsgwauth=rndstr:cn=directory manager' ; export HTTP_COOKIE
+
runATest() {
prog="$1"
shift
@@ -146,6 +146,7 @@
if [ -f /tmp/$prog.debug.$basetest ] ; then
echo "break main" > .gdbinit
else
+ echo no match /tmp/$prog.debug.$basetest
rm -f .gdbinit
fi
if [ $type = "POST" ] ; then
@@ -192,9 +193,9 @@
ctxnum=1
for ctx in "" "/" "." "../../../" "somebogusvalue" "pb" "dsgw" ; do
if [ -s "$test" ] ; then
- runATest "$prog" GET "$test" .$ctxnum "&context=$ctx&binddn=$rootdn&passwd=$rootpw"
+ runATest "$prog" GET "$test" .$ctxnum "&context=$ctx&binddn=$rootdn&passwd=$rootpw&password=$rootpw"
else
- runATest "$prog" GET "$test" .$ctxnum "context=$ctx&binddn=$rootdn&passwd=$rootpw"
+ runATest "$prog" GET "$test" .$ctxnum "context=$ctx&binddn=$rootdn&passwd=$rootpw&password=$rootpw"
fi
ctxnum=`expr $ctxnum + 1`
done
@@ -211,7 +212,7 @@
runATest "$prog" POST "$test"
ctxnum=1
for ctx in "" "/" "." "../../../" "somebogusvalue" "pb" "dsgw" ; do
- runATest "$prog" POST "$test" .$ctxnum "&context=$ctx&binddn=$rootdn&passwd=$rootpw"
+ runATest "$prog" POST "$test" .$ctxnum "&context=$ctx&binddn=$rootdn&passwd=$rootpw&password=$rootpw"
ctxnum=`expr $ctxnum + 1`
done
done
Index: valgrind.supp
===================================================================
RCS file: /cvs/dirsec/dsgw/tests/valgrind.supp,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- valgrind.supp 9 Feb 2008 18:24:23 -0000 1.1
+++ valgrind.supp 27 Feb 2008 03:36:51 -0000 1.2
@@ -4,7 +4,13 @@
fun:__strcpy_chk
fun:entryOpen
fun:ures_open_3_6
- fun:res_getstring
+}
+{
+ Problem with ICU
+ Memcheck:Cond
+ fun:__strcpy_chk
+ obj:/usr/lib64/libicuuc.so.36.0
+ fun:ures_open_3_6
}
{
Problem with ICU
@@ -14,7 +20,6 @@
fun:findFirstExisting
fun:entryOpen
fun:ures_open_3_6
- fun:res_getstring
}
{
Problem with ICU
@@ -23,7 +28,6 @@
fun:init_entry
fun:entryOpen
fun:ures_open_3_6
- fun:res_getstring
}
{
Problem with ICU
@@ -31,7 +35,6 @@
fun:dsgw_vxprintf
fun:dsgw_emitfv
fun:dsgw_emitf
- fun:dsgw_html_begin
}
{
Problem with sasl
@@ -40,3 +43,60 @@
fun:_sasl_load_plugins
fun:sasl_client_init
}
+{
+ Problem with ICU
+ Memcheck:Cond
+ fun:__strcpy_chk
+ fun:entryOpen
+ fun:ures_open_3_6
+ fun:ucol_open_internal_3_6
+ fun:ucol_open_3_6
+}
+{
+ Problem with ICU
+ Memcheck:Cond
+ fun:u_strlen_3_6
+ fun:dsgw_strkeygen
+ fun:dsgw_keygen
+}
+{
+ Problem with ICU
+ Memcheck:Cond
+ fun:__strcpy_chk
+ fun:init_entry
+ fun:findFirstExisting
+ fun:entryOpen
+ fun:ures_openDirect_3_6
+}
+{
+ Problem with ICU
+ Memcheck:Cond
+ fun:__strcpy_chk
+ obj:/usr/lib64/libicuuc.so.36.0
+ obj:/usr/lib64/libicuuc.so.36.0
+ obj:/usr/lib64/libicuuc.so.36.0
+ fun:ures_openDirect_3_6
+}
+{
+ Problem with ICU
+ Memcheck:Cond
+ fun:__strcpy_chk
+ fun:ures_getFunctionalEquivalent_3_6
+}
+{
+ Problem with ICU
+ Memcheck:Cond
+ fun:__strcpy_chk
+ obj:/usr/lib64/libicuuc.so.36.0
+ obj:/usr/lib64/libicuuc.so.36.0
+ obj:/usr/lib64/libicuuc.so.36.0
+ fun:ures_open_3_6
+}
+{
+ Problem with ICU
+ Memcheck:Cond
+ fun:__strcpy_chk
+ obj:/usr/lib64/libicuuc.so.36.0
+ obj:/usr/lib64/libicuuc.so.36.0
+ fun:ures_open_3_6
+}
16 years, 1 month
[Fedora-directory-commits] dsgw/pbconfig list-Auth.html.in,1.1,1.2
by Doctor Conrad
Author: rmeggins
Update of /cvs/dirsec/dsgw/pbconfig
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv30811/dsgw/pbconfig
Modified Files:
list-Auth.html.in
Log Message:
1) There were several places where DSGW would output and eval arbitrary javascript code passed in a CGI parameter. These have been replaced with resource strings. In all cases the values were output escaped, but still, we shouldn't be passing around bits of javascript code to execute.
2) ICU provides a function which can parse the HTTP_ACCEPT_LANGUAGE string and return the most appropriate locale, so we should use that for date calculation.
3) Found a couple of places where uninitialized values could be used, and fixed them.
4) Used PR_smprintf to simplify some strlen+malloc+strcpy+strcat code.
5) dsgw_get_cgi_var will check for NULL input
6) Do not pass in the ldap host and port in form parameters. Always just use the values from the config file.
7) Added many new tests and valgrind suppressions (almost all from ICU)
Index: list-Auth.html.in
===================================================================
RCS file: /cvs/dirsec/dsgw/pbconfig/list-Auth.html.in,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- list-Auth.html.in 14 Jan 2008 22:31:23 -0000 1.1
+++ list-Auth.html.in 27 Feb 2008 03:36:50 -0000 1.2
@@ -76,6 +76,9 @@
<INPUT TYPE="hidden" NAME="authdesturl"
<!-- DS_POSTEDVALUE "name=authdesturl" "within=VALUE=%22--value--%22" -->
>
+<INPUT TYPE="hidden" NAME="authdestdn"
+<!-- DS_POSTEDVALUE "name=authdestdn" "within=VALUE=%22--value--%22" -->
+>
<!-- PCONTEXT -->
</FORM>
16 years, 1 month
[Fedora-directory-commits] dsgw/tests/dnedit testget.4,NONE,1.1
by Doctor Conrad
Author: rmeggins
Update of /cvs/dirsec/dsgw/tests/dnedit
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv30811/dsgw/tests/dnedit
Added Files:
testget.4
Log Message:
1) There were several places where DSGW would output and eval arbitrary javascript code passed in a CGI parameter. These have been replaced with resource strings. In all cases the values were output escaped, but still, we shouldn't be passing around bits of javascript code to execute.
2) ICU provides a function which can parse the HTTP_ACCEPT_LANGUAGE string and return the most appropriate locale, so we should use that for date calculation.
3) Found a couple of places where uninitialized values could be used, and fixed them.
4) Used PR_smprintf to simplify some strlen+malloc+strcpy+strcat code.
5) dsgw_get_cgi_var will check for NULL input
6) Do not pass in the ldap host and port in form parameters. Always just use the values from the config file.
7) Added many new tests and valgrind suppressions (almost all from ICU)
--- NEW FILE testget.4 ---
dn=uid=scarter,ou=people,dc=example,dc=com&template=template&attr=ou&desc=Description of OU attribute
16 years, 1 month
[Fedora-directory-commits] dsgw cgiutil.c, 1.4, 1.5 csearch.c, 1.4, 1.5 dbtdsgw.h, 1.2, 1.3 dnedit.c, 1.4, 1.5 doauth.c, 1.3, 1.4 dosearch.c, 1.4, 1.5 dsgw.h, 1.7, 1.8 dsgwgetlang.c, 1.5, 1.6 dsgwi18n.h, 1.1.1.1, 1.2 dsgwutil.c, 1.9, 1.10 emitauth.c, 1.2, 1.3 entrydisplay.c, 1.6, 1.7 htmlout.c, 1.3, 1.4 htmlparse.c, 1.2, 1.3 lang.c, 1.3, 1.4 ldaputil.c, 1.3, 1.4 newentry.c, 1.2, 1.3 search.c, 1.2, 1.3
by Doctor Conrad
Author: rmeggins
Update of /cvs/dirsec/dsgw
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv30811/dsgw
Modified Files:
cgiutil.c csearch.c dbtdsgw.h dnedit.c doauth.c dosearch.c
dsgw.h dsgwgetlang.c dsgwi18n.h dsgwutil.c emitauth.c
entrydisplay.c htmlout.c htmlparse.c lang.c ldaputil.c
newentry.c search.c
Log Message:
1) There were several places where DSGW would output and eval arbitrary javascript code passed in a CGI parameter. These have been replaced with resource strings. In all cases the values were output escaped, but still, we shouldn't be passing around bits of javascript code to execute.
2) ICU provides a function which can parse the HTTP_ACCEPT_LANGUAGE string and return the most appropriate locale, so we should use that for date calculation.
3) Found a couple of places where uninitialized values could be used, and fixed them.
4) Used PR_smprintf to simplify some strlen+malloc+strcpy+strcat code.
5) dsgw_get_cgi_var will check for NULL input
6) Do not pass in the ldap host and port in form parameters. Always just use the values from the config file.
7) Added many new tests and valgrind suppressions (almost all from ICU)
Index: cgiutil.c
===================================================================
RCS file: /cvs/dirsec/dsgw/cgiutil.c,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -r1.4 -r1.5
--- cgiutil.c 30 Jan 2008 17:16:45 -0000 1.4
+++ cgiutil.c 27 Feb 2008 03:36:50 -0000 1.5
@@ -202,7 +202,14 @@
char *
dsgw_get_cgi_var(char *varname, int required)
{
- char *ans = get_cgi_var(varname, NULL, NULL);
+ char **vars = get_input_ptr();
+ char *ans = NULL;
+
+ if (!vars) {
+ return ans;
+ }
+
+ ans = get_cgi_var(varname, NULL, NULL);
if (!ans) { /* try all uppercase varname */
char *upvarname = dsgw_utf8StrToUpper(varname);
ans = get_cgi_var(upvarname, NULL, NULL);
Index: csearch.c
===================================================================
RCS file: /cvs/dirsec/dsgw/csearch.c,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -r1.4 -r1.5
--- csearch.c 30 Jan 2008 02:22:46 -0000 1.4
+++ csearch.c 27 Feb 2008 03:36:50 -0000 1.5
@@ -285,13 +285,11 @@
dsgw_emitf ("\n"
"<INPUT TYPE=hidden NAME=mode VALUE=\"complex\">\n"
"<INPUT TYPE=hidden NAME=base VALUE=\"%s\">\n"
- "<INPUT TYPE=hidden NAME=ldapserver VALUE=\"%s\">\n"
- "<INPUT TYPE=hidden NAME=ldapport VALUE=\"%d\">\n"
"<INPUT TYPE=hidden NAME=type>\n"
"<INPUT TYPE=hidden NAME=attr>\n"
"<INPUT TYPE=hidden NAME=match>\n"
"<INPUT TYPE=hidden NAME=context VALUE=\"%s\">\n",
- gc->gc_ldapsearchbase, gc->gc_ldapserver, gc->gc_ldapport, context);
+ gc->gc_ldapsearchbase, context);
} else if ( dsgw_directive_is( line, "DS_CSEARCH_TYPE_SELECT" )) {
dsgw_emitf ("<SELECT NAME=searchType "
Index: dbtdsgw.h
===================================================================
RCS file: /cvs/dirsec/dsgw/dbtdsgw.h,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- dbtdsgw.h 19 Feb 2008 15:20:21 -0000 1.2
+++ dbtdsgw.h 27 Feb 2008 03:36:50 -0000 1.3
@@ -474,10 +474,20 @@
"&context=%s&dn=\\' + dsmodify_dn + \\'&info=\\' + escape(dsmodify_info)\n"
)
ResDef( DBT_completionJavascriptCu, 418,
- "var comp_js = 'var cu=\\\\\\\'edit?context=%s&dn=%s\\\\\\\'; this.document.location.href=cu;'\n"
+ "this.document.location.href='edit?context=%s&dn=%s';\n"
)
ResDef( DBT_unknownValueForCompletionJavascript, 419,
"Invalid value '%s' for variable completion_javascript" )
+ ResDef( DBT_confirmValue1, 420,
+ "opener.document.location.href = opener.completion_url;" )
+ ResDef( DBT_confirmValue2, 421,
+ "opener.submitModify(opener.changetype);" )
+ ResDef( DBT_confirmValue3, 422,
+ "opener.location.href = opener.DNEditURL;" )
+ ResDef( DBT_confirmValue4, 423,
+ "opener.top.close();" )
+ ResDef( DBT_confirmValue5, 424,
+ "opener.confirmedForm.submit();" )
END_STR(dsgw)
Index: dnedit.c
===================================================================
RCS file: /cvs/dirsec/dsgw/dnedit.c,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -r1.4 -r1.5
--- dnedit.c 19 Feb 2008 15:20:21 -0000 1.4
+++ dnedit.c 27 Feb 2008 03:36:50 -0000 1.5
@@ -333,7 +333,7 @@
" document.location = completion_url;\n"
" } else {\n");
dsgw_emit_confirm ("controlFrame",
- "opener.document.location.href = opener.completion_url;",
+ "CONFIRMVALUE1",
NULL /* no */,
XP_GetClientStr(DBT_discardChangesWindow_), 1,
XP_GetClientStr(DBT_discardChanges_));
Index: doauth.c
===================================================================
RCS file: /cvs/dirsec/dsgw/doauth.c,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- doauth.c 28 Jan 2008 21:22:47 -0000 1.3
+++ doauth.c 27 Feb 2008 03:36:50 -0000 1.4
@@ -195,7 +195,10 @@
"<!-- Hide from non-JavaScript browsers\n" );
if ( authdesturl != NULL && strlen( authdesturl ) > 0 ) {
- dsgw_emitf( "var authdesturl=\"%s\";\n", authdesturl );
+ char *authdestdn = dsgw_get_cgi_var( "authdestdn", DSGW_CGIVAR_OPTIONAL );
+ dsgw_emitf( "var authdesturl='%s?context=%s&dn=%s';\n",
+ dsgw_getvp( DSGW_CGINUM_EDIT ), context,
+ authdestdn ? authdestdn : "" );
} else {
dsgw_emitf( "var authdesturl=null;\n" );
}
Index: dosearch.c
===================================================================
RCS file: /cvs/dirsec/dsgw/dosearch.c,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -r1.4 -r1.5
--- dosearch.c 1 Feb 2008 17:04:22 -0000 1.4
+++ dosearch.c 27 Feb 2008 03:36:50 -0000 1.5
@@ -44,6 +44,30 @@
static void get_request(char *dn, char *ldapquery);
static void post_request();
+static char *ignore_cgi_var_list[] = {
+ "context", "ldq", "dn",
+ "binddn", "password", "passwd",
+ "ldapsizelimit", "ldaptimelimit"
+};
+static size_t ignore_cgi_var_list_size = sizeof(ignore_cgi_var_list)/sizeof(ignore_cgi_var_list[0]);
+
+static int
+ignore_cgi_var(const char *varname)
+{
+ int ii;
+
+ if (!varname || !*varname) {
+ return 1;
+ }
+
+ for (ii = 0; ii < ignore_cgi_var_list_size; ++ii) {
+ if (!strcasecmp(varname, ignore_cgi_var_list[ii])) {
+ return 1;
+ }
+ }
+
+ return 0;
+}
int main( argc, argv, env )
int argc;
@@ -76,16 +100,15 @@
* tack it onto the end of ldapquery.
*/
while ( (varname = dsgw_next_cgi_var( &index, &val )) != NULL) {
- if (!strcmp(varname, "context") || !strcmp(varname, "ldq") ||
- !strcmp(varname, "dn")) {
+ if (ignore_cgi_var(varname)) {
continue;
}
if (ldapquery != NULL) {
- ldapquery = dsgw_ch_realloc(ldapquery, sizeof(char *) * (strlen(ldapquery) + strlen(varname) + 1));
+ ldapquery = dsgw_ch_realloc(ldapquery, sizeof(char *) * (strlen(ldapquery) + strlen(varname) + 2));
+ PL_strcat(ldapquery, "&");
PL_strcat(ldapquery, varname);
if (val && *val) {
- ldapquery = dsgw_ch_realloc(ldapquery, sizeof(char *) * (strlen(ldapquery) + strlen(val) + 2));
- PL_strcat(ldapquery, "=");
+ ldapquery = dsgw_ch_realloc(ldapquery, sizeof(char *) * (strlen(ldapquery) + strlen(val) + 1));
PL_strcat(ldapquery, val);
}
}
@@ -204,6 +227,7 @@
mode = DSGW_SRCHMODE_PATTERN_ID;
} else {
dsgw_error( DSGW_ERR_SEARCHMODE, modestr, 0, 0, NULL );
+ mode = 0;
}
if ( mode != DSGW_SRCHMODE_PATTERN_ID
Index: dsgw.h
===================================================================
RCS file: /cvs/dirsec/dsgw/dsgw.h,v
retrieving revision 1.7
retrieving revision 1.8
diff -u -r1.7 -r1.8
--- dsgw.h 19 Feb 2008 15:20:21 -0000 1.7
+++ dsgw.h 27 Feb 2008 03:36:50 -0000 1.8
@@ -92,9 +92,15 @@
#define UNICODE_ENCODING_UTF_8 "UTF-8"
#define ISO_8859_1_ENCODING "ISO_8859-1"
+/* The context is really the application (dsgw, pb) we are running.
+ This is used to look for a file called /etc/dirsrv/dsgw/context.conf
+ e.g. dsgw.conf or pb.conf. If no config file is found, the file
+ default.conf will be used. If that is not available, an error
+ will occur. You can create a new web app by using a different
+ context that uses different html files, templates, etc. and just
+ make sure the urls in that app use the new context.
+*/
extern char *context ;
-extern char *langwich; /* The language chosen by libsi18n. */
-extern char *countri; /* The language chosen by libsi18n. */
/*
* define DSGW_DEBUG to cause extensive debugging output to be written
@@ -794,6 +800,7 @@
void dsgw_emit_helpbutton( char *topic );
void dsgw_emit_homebutton();
void dsgw_emit_completion_javascript( const char *key_str, const char *dn );
+void dsgw_emit_confirm_script();
char *dsgw_build_urlprefix();
void dsgw_init_searchprefs( struct ldap_searchobj **solistp );
Index: dsgwgetlang.c
===================================================================
RCS file: /cvs/dirsec/dsgw/dsgwgetlang.c,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- dsgwgetlang.c 30 Jan 2008 02:22:46 -0000 1.5
+++ dsgwgetlang.c 27 Feb 2008 03:36:50 -0000 1.6
@@ -45,6 +45,12 @@
#include "libadminutil/resource.h"
#include "dsgwi18n.h"
+#include "unicode/utypes.h"
+#include "unicode/udat.h"
+#include "unicode/ucal.h"
+#include "unicode/unum.h"
+#include "unicode/ures.h"
+
static char *database_name;
static Resource *i18nResource;
@@ -336,7 +342,7 @@
resstring = res_getstring(i18nResource, keybuf, lang,
NULL, 0, &rc);
if (rc) {
- dsgw_emitf("The message keyword id [%d] was not found\n", key);
+ fprintf(stderr, "The message keyword id [%d] was not found\n", key);
}
return resstring;
}
@@ -351,3 +357,43 @@
SetLanguage(ADMIN_LANGUAGE, "");
SetLanguage(DEFAULT_LANGUAGE, "");
}
+
+/*
+ This function will return the appropriate locale to use
+ for ICU functions based on the HTTP_ACCEPT_LANGUAGE
+*/
+char *
+dsgw_get_locale_from_accept_language()
+{
+ UErrorCode err = U_ZERO_ERROR;
+ UEnumeration *available = ures_openAvailableLocales(NULL, &err);
+ UAcceptResult outResult;
+ char *returnlocale = NULL;
+ int32_t needlen = 0;
+
+ if (U_FAILURE(err)) {
+ fprintf(stderr, "Error: ures_openAvailableLocales(): %d:%s\n", err, u_errorName(err));
+ return NULL;
+ }
+
+ needlen = 20;
+ returnlocale = (char *)malloc(sizeof(char) * needlen);
+ needlen = uloc_acceptLanguageFromHTTP(returnlocale, needlen, &outResult, GetClientLanguage(),
+ available, &err);
+
+ if(err == U_BUFFER_OVERFLOW_ERROR) {
+ err = U_ZERO_ERROR;
+ returnlocale = (char *)realloc(returnlocale, sizeof(char) * (needlen + 1));
+ needlen = uloc_acceptLanguageFromHTTP(returnlocale, needlen, &outResult, GetClientLanguage(),
+ available, &err);
+ }
+
+ if (U_FAILURE(err)) {
+ free(returnlocale);
+ returnlocale = NULL;
+ fprintf(stderr, "Error: uloc_acceptLanguageFromHTTP(%s): %d:%s\n", GetClientLanguage(), err, u_errorName(err));
+ return NULL;
+ }
+
+ return returnlocale;
+}
Index: dsgwi18n.h
===================================================================
RCS file: /cvs/dirsec/dsgw/dsgwi18n.h,v
retrieving revision 1.1.1.1
retrieving revision 1.2
diff -u -r1.1.1.1 -r1.2
--- dsgwi18n.h 1 Jun 2006 19:43:42 -0000 1.1.1.1
+++ dsgwi18n.h 27 Feb 2008 03:36:50 -0000 1.2
@@ -143,6 +143,12 @@
PR_EXTERN( void )
XP_InitStringDatabase(const char *path, const char *dbname);
+/* Return the most appropriate locale to use based on
+ the HTTP_ACCEPT_LANGUAGE setting - return memory is
+ malloced and should be freed after use
+*/
+char *dsgw_get_locale_from_accept_language();
+
#ifdef __cplusplus
}
#endif
Index: dsgwutil.c
===================================================================
RCS file: /cvs/dirsec/dsgw/dsgwutil.c,v
retrieving revision 1.9
retrieving revision 1.10
diff -u -r1.9 -r1.10
--- dsgwutil.c 19 Feb 2008 15:20:21 -0000 1.9
+++ dsgwutil.c 27 Feb 2008 03:36:50 -0000 1.10
@@ -64,14 +64,8 @@
/*Global context variable, telling the CGI's where to look for the config file*/
char *context = NULL; /* Gotten from the QUERY_STRING */
-char *langwich = NULL; /* The language that libsi18n
- picks from acceptlang*/
-char *countri = NULL; /* The country that libsi18n
- picks from acceptlang*/
-static void figure_out_langwich(void);
-
/*
* dsgw_init -- initialize a dsgw CGI program:
* set "progname" global based on "progpath" (normally argv[0])
@@ -173,21 +167,6 @@
s = &((*s)->dsgwsubst_next);
}
}
-
- /* Figure out the language that libsi18n is using */
- figure_out_langwich();
-
- /* Get the port and servername */
- if (method == DSGW_METHOD_POST) {
- if (( s = dsgw_get_cgi_var( "ldapport", DSGW_CGIVAR_OPTIONAL )) != NULL ) {
- gc->gc_ldapport = atoi( s );
- free( s );
- }
- if (( s = dsgw_get_cgi_var( "ldapserver", DSGW_CGIVAR_OPTIONAL )) != NULL ) {
- gc->gc_ldapserver = s;
- }
-
- }
if (( s = getenv( "HTTPS" )) == NULL || strcasecmp( s, "on" ) == 0 ||
( s = getenv( "HTTPS_KEYSIZE" )) == NULL ) {
@@ -1137,53 +1116,6 @@
}
/*
- * Function: figure_out_langwich
- *
- * Returns: nothing
- *
- * Description: figures out the language/locale that libsi18n will
- * use. This is so that non libsi18n functions can display
- * stuff in the same language.
- *
- * Author: RJP
- *
- */
-static void
-figure_out_langwich(void)
-{
- char *path = NULL;
- char *iter = NULL;
- char *p = NULL;
- char *before = NULL;
-
- /* Get a path to the html directory */
- path = dsgw_file2path( gc->gc_configdir, "dsgwfilter.conf");
-
- before = path;
-
- /* Find the lang subdirectory part */
- for ( p = ldap_utf8strtok_r( path, DSGW_PATHSEP_STR, &iter );
- p != NULL && *p != '\0' && strcmp(p, "dsgwfilter.conf") != 0;
- p = ldap_utf8strtok_r( NULL, DSGW_PATHSEP_STR, &iter )){
- before = p;
- }
-
- /* If there is one, copy it. */
- if (before != NULL && *before != '\0') {
- langwich = dsgw_ch_strdup(before);
- }
-
- iter = NULL;
-
- /* split off any country specification */
- ldap_utf8strtok_r( langwich, "-", &iter );
- countri = iter;
-
- free (path);
-
-}
-
-/*
* Accept-Language = "Accept-Language" ":"
* 1#( language-range [ ";" "q" "=" qvalue ] )
* language-range = ( ( 1*8ALPHA *( "-" 1*8ALPHA ) ) | "*" )
Index: emitauth.c
===================================================================
RCS file: /cvs/dirsec/dsgw/emitauth.c,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- emitauth.c 28 Jan 2008 21:22:47 -0000 1.2
+++ emitauth.c 27 Feb 2008 03:36:50 -0000 1.3
@@ -137,6 +137,13 @@
auto char line[ BIG_LINE ];
auto int argc;
auto char **argv, *escaped_dn;
+ char *authdestdn = NULL;
+
+ if (authdesturl) {
+ if (!(authdestdn = dsgw_get_cgi_var( "authdestdn", DSGW_CGIVAR_OPTIONAL ))) {
+ authdestdn = "";
+ }
+ }
if ( user != NULL ) {
escaped_dn = dsgw_strdup_escaped( user );
@@ -198,6 +205,8 @@
if ( authdesturl != NULL ) {
dsgw_emitf ("<INPUT TYPE=hidden NAME=authdesturl VALUE=\"%s\">\n",
authdesturl);
+ dsgw_emitf ("<INPUT TYPE=hidden NAME=authdestdn VALUE=\"%s\">\n",
+ authdestdn);
}
} else if ( dsgw_directive_is( line, "DS_AUTH_SEARCH_NAME" )) {
@@ -228,6 +237,8 @@
if ( authdesturl != NULL ) {
dsgw_emitf ("<INPUT TYPE=hidden NAME=authdesturl VALUE=\"%s\">\n",
authdesturl );
+ dsgw_emitf ("<INPUT TYPE=hidden NAME=authdestdn VALUE=\"%s\">\n",
+ authdestdn );
}
} else if ( dsgw_directive_is( line, "DS_AUTH_PASSWORD_SCRIPT" )) {
@@ -260,11 +271,15 @@
if ( authdesturl != NULL ) {
dsgw_emitf ("<INPUT type=hidden name=authdesturl value=\"%s\">\n",
authdesturl );
+ dsgw_emitf ("<INPUT type=hidden name=authdestdn value=\"%s\">\n",
+ authdestdn );
}
} else if ( dsgw_directive_is( line, "DS_AUTH_PASSWORD_NAME" )) {
auto char** xdn = ldap_explode_dn( user, 1 );
- dsgw_emits( xdn[ 0 ] );
+ if (xdn && xdn[0]) {
+ dsgw_emits( xdn[ 0 ] );
+ }
ldap_value_free( xdn );
} else if ( dsgw_directive_is( line, "DS_AUTH_PASSWORD_BUTTONS" )) {
Index: entrydisplay.c
===================================================================
RCS file: /cvs/dirsec/dsgw/entrydisplay.c,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- entrydisplay.c 19 Feb 2008 15:20:21 -0000 1.6
+++ entrydisplay.c 27 Feb 2008 03:36:50 -0000 1.7
@@ -701,9 +701,6 @@
DSGW_CGIVAR_OPTIONAL );
if ( jscomp != NULL ) {
dsgw_emit_completion_javascript(jscomp, dn ? dn : "");
- dsgw_emits( "<SCRIPT LANGUAGE=\"JavaScript\">\n" );
- dsgw_emitf( "eval('%s');\n", jscomp );
- dsgw_emits( "</SCRIPT>\n" );
}
fflush( stdout );
@@ -769,7 +766,8 @@
dsgw_quote_emits (QUOTATION_JAVASCRIPT, urlprefix);
dsgw_emits( ";\n"
" } else {\n"
- "\tdocument.editEntryForm.authdesturl.value = editURL;\n"
+ "\tdocument.editEntryForm.authdesturl.value = 'edit';\n"
+ "\tdocument.editEntryForm.authdestdn.value = encodeddn;\n"
"\ta = open(");
dsgw_quote_emits (QUOTATION_JAVASCRIPT, urlprefix);
@@ -816,7 +814,7 @@
dsgw_emits( "var changetype = '';\n\n" );
dsgw_emits( "function confirmModify(ctype, prompt)\n{\n" );
dsgw_emits( " changetype = ctype;\n" );
- dsgw_emit_confirm (NULL, "opener.submitModify(opener.changetype);", NULL/*no*/,
+ dsgw_emit_confirm (NULL, "CONFIRMVALUE2", NULL/*no*/,
NULL /* options */, 0, "prompt");
dsgw_emits( "}\n" );
@@ -847,7 +845,7 @@
dsgw_getvp( DSGW_CGINUM_DNEDIT ), encodeddn, context );
dsgw_emits( " if( !changesMade() ) window.location.href = DNEditURL;\n"
" else {\n");
- dsgw_emit_confirm( NULL, "opener.location.href = opener.DNEditURL;", NULL/*no*/,
+ dsgw_emit_confirm( NULL, "CONFIRMVALUE3", NULL/*no*/,
XP_GetClientStr(DBT_continueWithoutSavingWindow_), 1,
XP_GetClientStr(DBT_continueWithoutSaving_));
dsgw_emits( " }\n");
@@ -866,7 +864,7 @@
dsgw_emits( "function closeIfOK()\n{\n"
" if ( !changesMade() ) top.close();\n"
" else {\n" );
- dsgw_emit_confirm( NULL, "opener.top.close();", NULL/*no*/,
+ dsgw_emit_confirm( NULL, "CONFIRMVALUE4", NULL/*no*/,
XP_GetClientStr(DBT_discardChangesWindow_), 1,
XP_GetClientStr(DBT_discardChanges_));
dsgw_emits( " }\n}\n" );
@@ -2015,14 +2013,8 @@
}
if (( adip->adi_opts & DSGW_ATTROPT_LINK2EDIT ) != 0 ) {
- auto const char* vp = dsgw_getvp( DSGW_CGINUM_EDIT );
- /* urlprefix = vp + "?&context=CONTEXT&dn=": */
- auto const size_t vplen = strlen (vp);
- urlprefix = dsgw_ch_malloc (vplen + 6 + strlen(context) + 9);
- memcpy( urlprefix, vp, vplen );
- strcat( urlprefix, "?&context=");
- strcat( urlprefix, context);
- strcat( urlprefix, "&dn=");
+ urlprefix = PR_smprintf("%s?context=%s&dn=",
+ dsgw_getvp( DSGW_CGINUM_EDIT ), context);
} else {
urlprefix = dsgw_build_urlprefix();
}
@@ -2131,7 +2123,7 @@
dsgw_emits( "</SCRIPT>\n" );
}
- free( urlprefix );
+ PR_smprintf_free( urlprefix );
}
@@ -2587,6 +2579,7 @@
}
dsgw_emitf( "<INPUT TYPE=\"hidden\" NAME=\"authdesturl\">\n"
+ "<INPUT TYPE=\"hidden\" NAME=\"authdestdn\">\n"
"<INPUT TYPE=\"button\" VALUE=\"%s\" "
"onClick=\"authOrEdit('%s')\">\n", buttonlabel, encodeddn );
}
@@ -3127,11 +3120,7 @@
int32_t myStrlen = 0;
/* Create a Date/Time Format using the locale */
- if (countri) {
- locale = PR_smprintf("%s_%s", langwich, countri);
- } else {
- locale = PR_smprintf("%s", langwich);
- }
+ locale = dsgw_get_locale_from_accept_language();
edatefmt = udat_open(
UDAT_DEFAULT, /* default date style for locale */
@@ -3141,24 +3130,10 @@
NULL, 0, /* no pattern */
&err);
- PR_smprintf_free(locale);
+ free(locale);
locale = NULL;
if (!edatefmt || (err != U_ZERO_ERROR)) {
- if (edatefmt) {
- udat_close(edatefmt);
- }
- err = U_ZERO_ERROR;
- edatefmt = udat_open(
- UDAT_DEFAULT, /* default date style for locale */
- UDAT_DEFAULT, /* default time style for locale */
- gc->gc_DefaultLanguage, /* default language */
- NULL, 0, /* use default timezone */
- NULL, 0, /* no pattern */
- &err);
- }
-
- if (!edatefmt || (err != U_ZERO_ERROR)) {
dsgw_error( DSGW_ERR_LDAPGENERAL, NULL, DSGW_ERROPT_EXIT, err, NULL );
/*fprintf(stderr, "ERROR: NLS_NewDateTimeFormat(0): %d\n", err);*/
}
Index: htmlout.c
===================================================================
RCS file: /cvs/dirsec/dsgw/htmlout.c,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- htmlout.c 19 Feb 2008 15:20:21 -0000 1.3
+++ htmlout.c 27 Feb 2008 03:36:50 -0000 1.4
@@ -514,6 +514,47 @@
return;
}
+void
+dsgw_emit_confirm_script()
+{
+ char *yes_key_str = dsgw_get_cgi_var("YES", DSGW_CGIVAR_OPTIONAL);
+/* char *no_key_str = dsgw_get_cgi_var("NO", DSGW_CGIVAR_OPTIONAL); unused apparently */
+ int yes_key, no_key;
+ char *yes = NULL, *no = NULL;
+
+ if (!yes_key_str) {
+ yes_key = 0;
+ } else if (!strcasecmp(yes_key_str, "CONFIRMVALUE1")) {
+ yes_key = DBT_confirmValue1;
+ } else if (!strcasecmp(yes_key_str, "CONFIRMVALUE2")) {
+ yes_key = DBT_confirmValue2;
+ } else if (!strcasecmp(yes_key_str, "CONFIRMVALUE3")) {
+ yes_key = DBT_confirmValue3;
+ } else if (!strcasecmp(yes_key_str, "CONFIRMVALUE4")) {
+ yes_key = DBT_confirmValue4;
+ } else if (!strcasecmp(yes_key_str, "CONFIRMVALUE5")) {
+ yes_key = DBT_confirmValue5;
+ }
+ no_key = 0; /* unused apparently */
+
+ yes = XP_GetClientStr(yes_key);
+
+ dsgw_emitf ("<SCRIPT LANGUAGE=JavaScript><!--\n"
+ "function OK() {\n");
+ if (yes) dsgw_emitf (" %s\n", yes);
+ dsgw_emits (" top.close();\n"
+ "}\n"
+ "\n"
+ "function Cancel() {\n");
+ if (no) dsgw_emitf (" %s\n", no);
+ dsgw_emits (" top.close();\n"
+ "}\n"
+ "// -->\n"
+ "</SCRIPT>\n");
+
+ return;
+}
+
/*
emacs settings
Local Variables:
Index: htmlparse.c
===================================================================
RCS file: /cvs/dirsec/dsgw/htmlparse.c,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- htmlparse.c 14 Jan 2008 22:58:30 -0000 1.2
+++ htmlparse.c 27 Feb 2008 03:36:50 -0000 1.3
@@ -439,7 +439,7 @@
dsgw_emits ("<SCRIPT language=JavaScript><!--\n"
"function verify(form)\n{\n"
" window.confirmedForm = form;\n");
- dsgw_emit_confirm (NULL, "opener.confirmedForm.submit();", NULL /* no */,
+ dsgw_emit_confirm (NULL, "CONFIRMVALUE5", NULL /* no */,
XP_GetClientStr(DBT_doYouReallyWantToWindow_), 1,
XP_GetClientStr(DBT_doYouReallyWantTo_), vars[0]);
dsgw_emits ("}\n"
Index: lang.c
===================================================================
RCS file: /cvs/dirsec/dsgw/lang.c,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- lang.c 16 Jan 2008 22:56:02 -0000 1.3
+++ lang.c 27 Feb 2008 03:36:50 -0000 1.4
@@ -95,23 +95,7 @@
dsgw_emit_button (argc, argv, "onClick=\"top.close()\"");
} else if ( dsgw_directive_is( line, "DS_CONFIRM_SCRIPT" )) {
- {
- auto char* yes = dsgw_get_cgi_var ("YES", DSGW_CGIVAR_OPTIONAL);
- auto char* no = dsgw_get_cgi_var ("NO", DSGW_CGIVAR_OPTIONAL);
- dsgw_emitf ("<SCRIPT LANGUAGE=JavaScript><!--\n"
- "function OK() {\n");
- if (yes) dsgw_emitf (" %s\n", yes);
- dsgw_emits (" top.close();\n"
- "}\n"
- "\n"
- "function Cancel() {\n");
- if (no) dsgw_emitf (" %s\n", no);
- dsgw_emits (" top.close();\n"
- "}\n"
- "// -->\n"
- "</SCRIPT>\n");
- }
-
+ dsgw_emit_confirm_script();
} else if ( dsgw_directive_is( line, "DS_CONFIRM_BUTTON_OK" )) {
dsgw_emitf ("<INPUT TYPE=BUTTON VALUE=\"%s\" onClick=\"parent.OK()\">\n",
XP_GetClientStr(DBT_ok_2));
Index: ldaputil.c
===================================================================
RCS file: /cvs/dirsec/dsgw/ldaputil.c,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- ldaputil.c 19 Feb 2008 15:20:21 -0000 1.3
+++ ldaputil.c 27 Feb 2008 03:36:50 -0000 1.4
@@ -535,10 +535,9 @@
void
dsgw_ldapurl_search( LDAP *ld, char *ldapurl )
{
- int rc, ec, saveport, did_init_ldap;
+ int rc, ec, did_init_ldap;
LDAPMessage *msgp;
LDAPURLDesc *ludp;
- char *saveserver;
unsigned long no_options = 0;
int one_attr = 0;
@@ -562,10 +561,6 @@
}
if ( ld == NULL ) {
- saveserver = gc->gc_ldapserver;
- gc->gc_ldapserver = ludp->lud_host;
- saveport = gc->gc_ldapport;
- gc->gc_ldapport = ludp->lud_port;
one_attr = ( ludp->lud_attrs != NULL && ludp->lud_attrs[ 0 ] != NULL && ludp->lud_attrs[ 1 ] == NULL );
(void)dsgw_init_ldap( &ld, NULL, 0, one_attr );
did_init_ldap = 1;
@@ -593,8 +588,6 @@
if ( did_init_ldap ) {
ldap_unbind( ld );
- gc->gc_ldapserver = saveserver;
- gc->gc_ldapport = saveport;
}
}
Index: newentry.c
===================================================================
RCS file: /cvs/dirsec/dsgw/newentry.c,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- newentry.c 14 Jan 2008 22:58:30 -0000 1.2
+++ newentry.c 27 Feb 2008 03:36:50 -0000 1.3
@@ -251,57 +251,29 @@
static char*
compute_newurl()
{
- char *tmplname = "tmplname=";
- size_t tmplnamelen = strlen(tmplname);
- auto char* entryType = dsgw_get_cgi_var( "entrytype", DSGW_CGIVAR_REQUIRED );
- auto char* entryName = dsgw_get_cgi_var( "entryname", DSGW_CGIVAR_REQUIRED );
- auto char* rdnTag = dsgw_get_cgi_var( "rdntag", DSGW_CGIVAR_REQUIRED );
- auto char* dnSuffix = dsgw_get_cgi_var( "selectLocation", DSGW_CGIVAR_OPTIONAL );
- auto size_t entryTypeLen = strlen (entryType);
- auto size_t entryNameLen = strlen (entryName);
- auto size_t rdnTagLen = strlen (rdnTag);
- auto size_t dnSuffixLen;
- auto char* dn;
- auto char* newurl = NULL;
+ char* entryType = dsgw_get_cgi_var( "entrytype", DSGW_CGIVAR_REQUIRED );
+ char* entryName = dsgw_get_cgi_var( "entryname", DSGW_CGIVAR_REQUIRED );
+ char* rdnTag = dsgw_get_cgi_var( "rdntag", DSGW_CGIVAR_REQUIRED );
+ char* dnSuffix = dsgw_get_cgi_var( "selectLocation", DSGW_CGIVAR_OPTIONAL );
+ char* dn;
+ char* edn;
+ char* newurl = NULL;
+ int escapeName = (strchr (entryName, ',') || strchr (entryName, ';'));
if (!dnSuffix || !*dnSuffix) {
dnSuffix = dsgw_get_cgi_var( "dnsuffix", DSGW_CGIVAR_REQUIRED );
}
- dnSuffixLen = strlen (dnSuffix);
- dn = dsgw_ch_malloc (rdnTagLen + 1 + entryNameLen + 2 + 1 + dnSuffixLen + 1);
- memcpy (dn, rdnTag, rdnTagLen + 1);
- strcat (dn, "=");
- if ( strchr (entryName, ',') || strchr (entryName, ';') ) {
- strcat (dn, "\"");
- strcat (dn, entryName);
- strcat (dn, "\"");
- } else {
- strcat (dn, entryName);
- }
- strcat (dn, ",");
- strcat (dn, dnSuffix);
- {
- auto char* edn = dsgw_strdup_escaped (dn);
- auto const char* const prefix = DSGW_URLPREFIX_CGI_HTTP "edit?";
- auto const char* const suffix = "&ADD=1";
- auto const size_t ednLen = strlen (edn);
- auto const size_t prefixLen = strlen (prefix);
- auto const size_t suffixLen = strlen (suffix);
- auto const size_t contextLen = strlen (context) + 9;
-
- newurl = dsgw_ch_malloc (prefixLen + tmplnamelen + entryTypeLen + contextLen + suffixLen + 4 + ednLen + 1);
-
- memcpy (newurl, prefix, prefixLen + 1);
- strcat (newurl, tmplname);
- strcat (newurl, entryType);
- strcat (newurl, "&context=");
- strcat (newurl, context);
- strcat (newurl, suffix);
- strcat (newurl, "&dn=");
- strcat (newurl, edn);
- free (edn);
- }
- free (dn);
+ dn = PR_smprintf("%s=%s%s%s,%s",
+ rdnTag, escapeName ? "\"" : "",
+ entryName, escapeName ? "\"" : "",
+ dnSuffix);
+ edn = dsgw_strdup_escaped (dn);
+ free(dn);
+
+ newurl = PR_smprintf(DSGW_URLPREFIX_CGI_HTTP "%s?tmplname=%s&context=%s&ADD=1&dn=%s",
+ dsgw_getvp( DSGW_CGINUM_EDIT ), entryType, context, edn);
+ free(edn);
+
return newurl;
}
@@ -357,7 +329,7 @@
static void
post_request()
{
- auto char* newurl = compute_newurl();
+ char* newurl = compute_newurl();
if (client_is_authenticated()) {
/* Direct the client to GET newurl */
dsgw_emits ("<HTML>" );
@@ -416,3 +388,11 @@
}
exit( 0 );
}
+
+/*
+ emacs settings
+ Local Variables:
+ indent-tabs-mode: t
+ tab-width: 8
+ End:
+*/
Index: search.c
===================================================================
RCS file: /cvs/dirsec/dsgw/search.c,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- search.c 14 Jan 2008 22:58:30 -0000 1.2
+++ search.c 27 Feb 2008 03:36:50 -0000 1.3
@@ -150,10 +150,8 @@
argc > 0 ? argv[0] : "");
dsgw_emitf ("\n"
"<INPUT TYPE=hidden NAME=\"mode\" VALUE=\"smart\">\n"
- "<INPUT TYPE=hidden NAME=\"base\" VALUE=\"%s\">\n"
- "<INPUT TYPE=hidden NAME=\"ldapserver\" VALUE=\"%s\">\n"
- "<INPUT TYPE=hidden NAME=\"ldapport\" VALUE=\"%d\">\n",
- gc->gc_ldapsearchbase, gc->gc_ldapserver, gc->gc_ldapport );
+ "<INPUT TYPE=hidden NAME=\"base\" VALUE=\"%s\">\n",
+ gc->gc_ldapsearchbase );
} else if ( dsgw_directive_is( line, "DS_SEARCH_BASE" )) {
#ifdef NOTFORNOW
/* ldap_dn2ufn currently gobbles up 'dc' so don't use */
@@ -201,3 +199,11 @@
}
dsgw_emits( "</SELECT>\n" );
}
+
+/*
+ emacs settings
+ Local Variables:
+ indent-tabs-mode: t
+ tab-width: 8
+ End:
+*/
16 years, 1 month
[Fedora-directory-commits] dsgw/config list-Auth.html.in,1.1,1.2
by Doctor Conrad
Author: rmeggins
Update of /cvs/dirsec/dsgw/config
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv30811/dsgw/config
Modified Files:
list-Auth.html.in
Log Message:
1) There were several places where DSGW would output and eval arbitrary javascript code passed in a CGI parameter. These have been replaced with resource strings. In all cases the values were output escaped, but still, we shouldn't be passing around bits of javascript code to execute.
2) ICU provides a function which can parse the HTTP_ACCEPT_LANGUAGE string and return the most appropriate locale, so we should use that for date calculation.
3) Found a couple of places where uninitialized values could be used, and fixed them.
4) Used PR_smprintf to simplify some strlen+malloc+strcpy+strcat code.
5) dsgw_get_cgi_var will check for NULL input
6) Do not pass in the ldap host and port in form parameters. Always just use the values from the config file.
7) Added many new tests and valgrind suppressions (almost all from ICU)
Index: list-Auth.html.in
===================================================================
RCS file: /cvs/dirsec/dsgw/config/list-Auth.html.in,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- list-Auth.html.in 14 Jan 2008 22:31:17 -0000 1.1
+++ list-Auth.html.in 27 Feb 2008 03:36:50 -0000 1.2
@@ -54,6 +54,9 @@
<INPUT TYPE="hidden" NAME="authdesturl"
<!-- DS_POSTEDVALUE "name=authdesturl" "within=VALUE=%22--value--%22" -->
>
+<INPUT TYPE="hidden" NAME="authdestdn"
+<!-- DS_POSTEDVALUE "name=authdestdn" "within=VALUE=%22--value--%22" -->
+>
<!-- PCONTEXT -->
</FORM>
16 years, 1 month