[Fedora-directory-commits] ldapserver/ldap/admin/src upgradeServer, 1.5.2.1, 1.5.2.2
by Doctor Conrad
Author: nhosoi
Update of /cvs/dirsec/ldapserver/ldap/admin/src
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv28687
Modified Files:
Tag: Directory71RtmBranch
upgradeServer
Log Message:
Resolves: #429071
Summary: RHDS7.1SP4: Don't Allow * To Be Inserted Into SASL Mapping Search
Problem description: when upgrade from existing 7.1 to 7.1 sp4, the server
instances loses the default sasl mapping, which used be hardcoded and now
defined in the config file.
Fix description: upgradeServer scripts adds the basic set of sasl mapping
entries.
Index: upgradeServer
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/admin/src/upgradeServer,v
retrieving revision 1.5.2.1
retrieving revision 1.5.2.2
diff -u -r1.5.2.1 -r1.5.2.2
--- upgradeServer 7 Sep 2005 00:51:53 -0000 1.5.2.1
+++ upgradeServer 22 Feb 2008 01:12:57 -0000 1.5.2.2
@@ -149,15 +149,37 @@
my $isOID = 0;
my $isJPEG = 0;
my $isSpInSt = 0;
- my $reqNameChange = 0;
+ my $reqNameChange = 0;
+
+ my $kerberosUidMapping = 0;
+ my $rfc2829dn = 0;
+ my $rfc2829u = 0;
+ my $uidMapping = 0;
+
+ my $userroot = 0;
+ my $suffix = "";
open( DSE, "$dse_ldiffile" ) || die "Can't open $dse_ldiffile: $!\n";
- my $new_filename = "$dse_ldiffile"."_new";
+ my $new_filename = "$dse_ldiffile"."_new";
open( OUTFILE, "> $new_filename" );
while($line = <DSE>) {
$isOID = 1 if ( $line =~ /^dn:\s*cn=OID Syntax,\s*cn=plugins,\s*cn=config/i);
$isJPEG = 1 if ( $line =~ /^dn:\s*cn=JPEG Syntax,\s*cn=plugins,\s*cn=config/i);
$isSpInSt = 1 if ( $line =~ /^dn:\s*cn=Space Insensitive String Syntax,\s*cn=plugins,\s*cn=config/i);
+
+ $kerberosUidMapping = 1 if ( $line =~ /^dn:\s*cn=Kerberos uid mapping,\s*cn=mapping,\s*cn=sasl,\s*cn=config/i);
+ $rfc2829dn = 1 if ( $line =~ /^dn:\s*cn=rfc 2829 dn syntax,\s*cn=mapping,\s*cn=sasl,\s*cn=config/i);
+ $rfc2829u = 1 if ( $line =~ /^dn:\s*cn=rfc 2829 u syntax,\s*cn=mapping,\s*cn=sasl,\s*cn=config/i);
+ $uidMapping = 1 if ( $line =~ /^dn:\s*cn=uid mapping,\s*cn=mapping,\s*cn=sasl,\s*cn=config/i);
+
+ $userroot = 1 if ( $line =~ /^dn:\scn=userRoot,\s*cn=ldbm database,\s*cn=plugins,\s*cn=config/i);
+
+ if ( $userroot && $line =~ /^nsslapd-suffix: /i ) {
+ (my $attr, $suffix) = split(' ', $line, 2);
+ chomp($suffix);
+ $userroot = 0;
+ }
+
if( ($line =~ s/uid uniqueness/attribute uniqueness/) ||
($line =~ s/uid-plugin/attr-unique-plugin/) ){
# the plugin name has changed
@@ -169,9 +191,10 @@
}
close( DSE );
- close(OUTFILE);
+ close( OUTFILE );
- if ($isOID && $isJPEG && $isSpInSt && !$reqNameChange) {
+ if ( $isOID && $isJPEG && $isSpInSt && !$reqNameChange &&
+ $kerberosUidMapping && $rfc2829dn && $rfc2829u && $uidMapping ) {
# nothing to be done - just return
unlink($new_filename);
return;
@@ -187,7 +210,7 @@
close( DSE );
close(OUTFILE);
}
- unlink($new_filename) or die "Cannot unlink $new_filename \n";
+ unlink($new_filename) or die "Cannot unlink $new_filename \n";
open( DSE, ">>$dse_ldiffile" ) || die "Can't open $dse_ldiffile: $!\n";
@@ -246,6 +269,50 @@
print DSE "\n";
}
+ unless ($kerberosUidMapping) {
+ print DSE "dn: cn=Kerberos uid mapping,cn=mapping,cn=sasl,cn=config\n";
+ print DSE "objectClass: top\n";
+ print DSE "objectClass: nsSaslMapping\n";
+ print DSE "cn: Kerberos uid mapping\n";
+ print DSE "nsSaslMapRegexString: \\(.*\\)(a)\\(.*\\)\\.\\(.*\\)\n";
+ print DSE "nsSaslMapBaseDNTemplate: dc=\\2,dc=\\3\n";
+ print DSE "nsSaslMapFilterTemplate: (uid=\\1)\n";
+ print DSE "\n";
+ }
+
+ unless ($rfc2829dn) {
+ print DSE "dn: cn=rfc 2829 dn syntax,cn=mapping,cn=sasl,cn=config\n";
+ print DSE "objectClass: top\n";
+ print DSE "objectClass: nsSaslMapping\n";
+ print DSE "cn: rfc 2829 dn syntax\n";
+ print DSE "nsSaslMapRegexString: ^dn:\\(.*\\)\n";
+ print DSE "nsSaslMapBaseDNTemplate: \\1\n";
+ print DSE "nsSaslMapFilterTemplate: (objectclass=*)\n";
+ print DSE "\n";
+ }
+
+ unless ($rfc2829u) {
+ print DSE "dn: cn=rfc 2829 u syntax,cn=mapping,cn=sasl,cn=config\n";
+ print DSE "objectClass: top\n";
+ print DSE "objectClass: nsSaslMapping\n";
+ print DSE "cn: rfc 2829 u syntax\n";
+ print DSE "nsSaslMapRegexString: ^u:\\(.*\\)\n";
+ print DSE "nsSaslMapBaseDNTemplate: $suffix\n";
+ print DSE "nsSaslMapFilterTemplate: (uid=\\1)\n";
+ print DSE "\n";
+ }
+
+ unless ($uidMapping) {
+ print DSE "dn: cn=uid mapping,cn=mapping,cn=sasl,cn=config\n";
+ print DSE "objectClass: top\n";
+ print DSE "objectClass: nsSaslMapping\n";
+ print DSE "cn: uid mapping\n";
+ print DSE "nsSaslMapRegexString: ^[^:@]+\$\n";
+ print DSE "nsSaslMapBaseDNTemplate: $suffix\n";
+ print DSE "nsSaslMapFilterTemplate: (uid=&)\n";
+ print DSE "\n";
+ }
+
close( DSE );
}
16 years, 2 months
[Fedora-directory-commits] dsgw/tests/domodify testpost.10, NONE, 1.1 testpost.11, NONE, 1.1 testpost.12, NONE, 1.1 testpost.13, NONE, 1.1 testpost.14, NONE, 1.1 testpost.15, NONE, 1.1 testpost.16, NONE, 1.1 testpost.17, NONE, 1.1
by Doctor Conrad
Author: rmeggins
Update of /cvs/dirsec/dsgw/tests/domodify
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv23811/dsgw/tests/domodify
Added Files:
testpost.10 testpost.11 testpost.12 testpost.13 testpost.14
testpost.15 testpost.16 testpost.17
Log Message:
1) The old code used a CGI variable called completion_javascript - this variable contained arbitrary javascript code that was eval'd on in the client browser. I have removed this code and put it in the resource file. The dsgw code will set completion_javascript to one of the 3 keywords, and the new function emit_completion_javascript will look up the code in the resource file and output it with any required arguments. It just seems like a really bad idea to execute arbitrary blobs of javascript passed in a CGI argument.
2) Make the checking for the template file names stricter.
3) Added many new tests.
4) When removing unused or duplicate LDAP Mods, if we remove the last one, just free the entire array.
--- NEW FILE testpost.10 ---
changetype=modify&dn=uid=scarter,ou=people,dc=example,dc=com&quiet=&verbose=true&changed_DN=true&replace_DN_uid=changeduid
--- NEW FILE testpost.11 ---
changetype=modify&dn=uid=changeduid,ou=people,dc=example,dc=com&quiet=&verbose=true&changed_DN=true&replace_DN_uid=scarter
--- NEW FILE testpost.12 ---
changetype=modify&dn=uid=scarter,ou=people,dc=example,dc=com&quiet=&verbose=true&changed_nosuchattr=true
--- NEW FILE testpost.13 ---
changetype=modify&dn=uid=scarter,ou=people,dc=example,dc=com&quiet=&verbose=true&delete_nosuchattr=1&changed_nosuchattr=true
--- NEW FILE testpost.14 ---
changetype=modify&dn=uid=scarter,ou=people,dc=example,dc=com&quiet=&verbose=true&delete_nosuchattr=1&changed_nosuchattr=false
--- NEW FILE testpost.15 ---
changetype=modify&dn=uid=scarter,ou=people,dc=example,dc=com&quiet=&verbose=true&delete_nosuchattr=1&delete_nosuchattr1=1&changed_nosuchattr=false
--- NEW FILE testpost.16 ---
changetype=modify&dn=uid=scarter,ou=people,dc=example,dc=com&quiet=&verbose=true&add_ou=
Test OU Foo
Test OU Bar
Test OU Baz
Test OU Biff
&add_mls_description=multiline
$$$$$$$$$$$$$$$$\\\\\\\\\\\\\\\\\\\\\
$$$$$$$$$$$$$$$$\\\\\\\\\\\\\\\\\\\\\
$$$$$$$$$$$$$$$$\\\\\\\\\\\\\\\\\\\\\
$$$$$$$$$$$$$$$$\\\\\\\\\\\\\\\\\\\\\
$$$$$$$$$$$$$$$$\\\\\\\\\\\\\\\\\\\\\
$$$$$$$$$$$$$$$$\\\\\\\\\\\\\\\\\\\\\
description$that$has\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\many\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\lines&add_unique_cn=Test Unique CN
--- NEW FILE testpost.17 ---
changetype=modify&dn=uid=scarter,ou=people,dc=example,dc=com&quiet=&verbose=true&replace_ou=Accounting&replace_ou=People&replace_ou=Test OU&completion_javascript=NOTFOUND
16 years, 2 months
[Fedora-directory-commits] dsgw/tests/dnedit testget.1, NONE, 1.1 testget.2, NONE, 1.1 testget.3, NONE, 1.1
by Doctor Conrad
Author: rmeggins
Update of /cvs/dirsec/dsgw/tests/dnedit
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv23811/dsgw/tests/dnedit
Added Files:
testget.1 testget.2 testget.3
Log Message:
1) The old code used a CGI variable called completion_javascript - this variable contained arbitrary javascript code that was eval'd on in the client browser. I have removed this code and put it in the resource file. The dsgw code will set completion_javascript to one of the 3 keywords, and the new function emit_completion_javascript will look up the code in the resource file and output it with any required arguments. It just seems like a really bad idea to execute arbitrary blobs of javascript passed in a CGI argument.
2) Make the checking for the template file names stricter.
3) Added many new tests.
4) When removing unused or duplicate LDAP Mods, if we remove the last one, just free the entire array.
--- NEW FILE testget.1 ---
--- NEW FILE testget.2 ---
dn=uid=scarter,ou=people,dc=example,dc=com&template=template&attr=attr&desc=desc
--- NEW FILE testget.3 ---
dn=uid=scarter,ou=people,dc=example,dc=com&template=template&attr='</SCRIPT>You've just been p0wned&desc=desc
16 years, 2 months
[Fedora-directory-commits] dsgw/config display-dnedit.html.in, 1.1, 1.2 display-dneditpeople.html.in, 1.1, 1.2
by Doctor Conrad
Author: rmeggins
Update of /cvs/dirsec/dsgw/config
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv23811/dsgw/config
Modified Files:
display-dnedit.html.in display-dneditpeople.html.in
Log Message:
1) The old code used a CGI variable called completion_javascript - this variable contained arbitrary javascript code that was eval'd on in the client browser. I have removed this code and put it in the resource file. The dsgw code will set completion_javascript to one of the 3 keywords, and the new function emit_completion_javascript will look up the code in the resource file and output it with any required arguments. It just seems like a really bad idea to execute arbitrary blobs of javascript passed in a CGI argument.
2) Make the checking for the template file names stricter.
3) Added many new tests.
4) When removing unused or duplicate LDAP Mods, if we remove the last one, just free the entire array.
Index: display-dnedit.html.in
===================================================================
RCS file: /cvs/dirsec/dsgw/config/display-dnedit.html.in,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- display-dnedit.html.in 14 Jan 2008 22:31:17 -0000 1.1
+++ display-dnedit.html.in 19 Feb 2008 15:20:21 -0000 1.2
@@ -108,7 +108,7 @@
<!-- DS_HELPBUTTON "topic=EDIT_GROUPMEM" -->
</TD></TR></TABLE></CENTER>
-<INPUT TYPE=hidden NAME=completion_javascript VALUE='parent.updateList(parent.controlFrame.document.searchForm.faMode.value, parent.dnlist, parent.stagingFrame.dnlist, parent.outputFrame);parent.controlFrame.document.searchForm.faMode.value="add";'>
+<INPUT TYPE=hidden NAME=completion_javascript VALUE='ADD'>
<!-- DS_END_DNSEARCHFORM -->
<!-- DS_ENTRYEND -->
Index: display-dneditpeople.html.in
===================================================================
RCS file: /cvs/dirsec/dsgw/config/display-dneditpeople.html.in,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- display-dneditpeople.html.in 14 Jan 2008 22:31:17 -0000 1.1
+++ display-dneditpeople.html.in 19 Feb 2008 15:20:21 -0000 1.2
@@ -106,7 +106,7 @@
<!-- DS_HELPBUTTON "topic=EDIT_PERSON_REF" -->
</TD></TR></TABLE></CENTER>
-<INPUT TYPE=hidden NAME=completion_javascript VALUE='parent.updateList(parent.controlFrame.document.searchForm.faMode.value, parent.dnlist, parent.stagingFrame.dnlist, parent.outputFrame);parent.controlFrame.document.searchForm.faMode.value="add";'>
+<INPUT TYPE=hidden NAME=completion_javascript VALUE='ADD'>
<!-- DS_END_DNSEARCHFORM -->
<!-- DS_ENTRYEND -->
16 years, 2 months
[Fedora-directory-commits] dsgw/tests setup.sh,1.3,1.4
by Doctor Conrad
Author: rmeggins
Update of /cvs/dirsec/dsgw/tests
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv23811/dsgw/tests
Modified Files:
setup.sh
Log Message:
1) The old code used a CGI variable called completion_javascript - this variable contained arbitrary javascript code that was eval'd on in the client browser. I have removed this code and put it in the resource file. The dsgw code will set completion_javascript to one of the 3 keywords, and the new function emit_completion_javascript will look up the code in the resource file and output it with any required arguments. It just seems like a really bad idea to execute arbitrary blobs of javascript passed in a CGI argument.
2) Make the checking for the template file names stricter.
3) Added many new tests.
4) When removing unused or duplicate LDAP Mods, if we remove the last one, just free the entire array.
Index: setup.sh
===================================================================
RCS file: /cvs/dirsec/dsgw/tests/setup.sh,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- setup.sh 9 Feb 2008 18:24:23 -0000 1.3
+++ setup.sh 19 Feb 2008 15:20:22 -0000 1.4
@@ -1,14 +1,14 @@
#!/bin/sh
testdir="$1"
-sroot=/home/$USER/11srv
+sroot=/NotBackedUp/$USER/11srv
port=1100
secport=1101
rootdn="cn=directory manager"
-rootpw=password
+rootpw=secret12
adminpw=admin
#needinstance=1
-#needdata=1
+needdata=1
#usessl=1
PATH=/usr/lib64/mozldap:/usr/lib/mozldap:$PATH
export PATH
@@ -32,7 +32,7 @@
fi
if [ "$needdata" ] ; then
-$sroot/lib/dirsrv/slapd-localhost/ldif2db.pl -D "$rootdn" -w "$rootpw" -n userRoot -i $testdir/nsroot.ldif
+$sroot/lib/dirsrv/slapd-localhost/ldif2db.pl -D "$rootdn" -w "$rootpw" -n userRoot -i $sroot/share/dirsrv/data/Example.ldif
sleep 10
fi
@@ -40,7 +40,7 @@
mkdir testtmp
if [ "$usessl" ] ; then
- ldapurl="ldaps://$hostname:$secport/$suffix"
+ ldapurl="ldaps://$hostname:$secport"
# grab CA cert
certutil -L -d $sroot/etc/dirsrv/$inst -n "CA certificate" -a > testtmp/cacert.asc
# pin file
@@ -51,7 +51,7 @@
certutil -A -d testtmp -n "CA certificate" -t "CT,," -a -i testtmp/cacert.asc
port=$secport
else
- ldapurl="ldap://localhost:$port/$suffix"
+ ldapurl="ldap://localhost:$port"
hostname=localhost
fi
@@ -88,21 +88,21 @@
pwpfile=/tmp/pwp.$$
cat > $pwpfile <<EOF
-User: admin
-Password: $adminpw
+User: directory manager
+Password: $rootpw
-UserDN: uid=admin, ou=Administrators, ou=TopologyManagement, o=NetscapeRoot
-SIEPWD: $adminpw
+UserDN: cn=directory manager
+SIEPWD: $rootpw
EOF
#VGPREFIX="valgrind --tool=memcheck --leak-check=yes --suppressions=$HOME/valgrind.supp --num-callers=40 --suppressions=$testdir/valgrind.supp "
# These are CGI programs - they assume they will run for a very short period of time - they use exit() instead of free() :P
VGPREFIX="valgrind --tool=memcheck --leak-check=no --suppressions=$HOME/valgrind.supp --num-callers=40 --suppressions=$testdir/valgrind.supp "
-GDB="gdb -x .gdbinit "
+#GDB="gdb -x .gdbinit "
DEBUGCMD=VALGRIND
#DEBUGCMD="$GDB"
-PROGS="domodify"
+PROGS="dnedit"
# use scripts for orgchart perl scripts
SCRIPTS=""
@@ -186,15 +186,15 @@
prog="$1" # test must be in dir of same name
shift
getlist=/tmp/gettests.$$
- find $testdir/$prog -name testget.\* -print 2> /dev/null | sort -n > $getlist
+ find $testdir/$prog -name skip -prune -o -name testget.\* -print 2> /dev/null | sort -n > $getlist
for test in `cat $getlist` ; do
runATest "$prog" GET "$test"
ctxnum=1
for ctx in "" "/" "." "../../../" "somebogusvalue" "pb" "dsgw" ; do
if [ -s "$test" ] ; then
- runATest "$prog" GET "$test" .$ctxnum "&context=$ctx"
+ runATest "$prog" GET "$test" .$ctxnum "&context=$ctx&binddn=$rootdn&passwd=$rootpw"
else
- runATest "$prog" GET "$test" .$ctxnum "context=$ctx"
+ runATest "$prog" GET "$test" .$ctxnum "context=$ctx&binddn=$rootdn&passwd=$rootpw"
fi
ctxnum=`expr $ctxnum + 1`
done
@@ -206,12 +206,12 @@
prog="$1" # test must be in dir of same name
shift
postlist=/tmp/posttests.$$
- find $testdir/$prog -name testpost.\* -print 2> /dev/null | sort -n > $postlist
+ find $testdir/$prog -name skip -prune -o -name testpost.\* -print 2> /dev/null | sort -n > $postlist
for test in `cat $postlist` ; do
runATest "$prog" POST "$test"
ctxnum=1
for ctx in "" "/" "." "../../../" "somebogusvalue" "pb" "dsgw" ; do
- runATest "$prog" POST "$test" .$ctxnum "&context=$ctx"
+ runATest "$prog" POST "$test" .$ctxnum "&context=$ctx&binddn=$rootdn&passwd=$rootpw"
ctxnum=`expr $ctxnum + 1`
done
done
16 years, 2 months
[Fedora-directory-commits] dsgw/tests/csearch testpost.1, NONE, 1.1 testpost.10, NONE, 1.1 testpost.11, NONE, 1.1 testpost.12, NONE, 1.1 testpost.13, NONE, 1.1 testpost.14, NONE, 1.1 testpost.15, NONE, 1.1 testpost.2, NONE, 1.1 testpost.3, NONE, 1.1 testpost.4, NONE, 1.1 testpost.5, NONE, 1.1 testpost.6, NONE, 1.1 testpost.7, NONE, 1.1 testpost.8, NONE, 1.1 testpost.9, NONE, 1.1
by Doctor Conrad
Author: rmeggins
Update of /cvs/dirsec/dsgw/tests/csearch
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv23811/dsgw/tests/csearch
Added Files:
testpost.1 testpost.10 testpost.11 testpost.12 testpost.13
testpost.14 testpost.15 testpost.2 testpost.3 testpost.4
testpost.5 testpost.6 testpost.7 testpost.8 testpost.9
Log Message:
1) The old code used a CGI variable called completion_javascript - this variable contained arbitrary javascript code that was eval'd on in the client browser. I have removed this code and put it in the resource file. The dsgw code will set completion_javascript to one of the 3 keywords, and the new function emit_completion_javascript will look up the code in the resource file and output it with any required arguments. It just seems like a really bad idea to execute arbitrary blobs of javascript passed in a CGI argument.
2) Make the checking for the template file names stricter.
3) Added many new tests.
4) When removing unused or duplicate LDAP Mods, if we remove the last one, just free the entire array.
--- NEW FILE testpost.1 ---
--- NEW FILE testpost.10 ---
file=match
--- NEW FILE testpost.11 ---
file=string
--- NEW FILE testpost.12 ---
file=base
--- NEW FILE testpost.13 ---
file=attr&searchType=">You've just been p0wnd
--- NEW FILE testpost.14 ---
file=attr&searchType=People
--- NEW FILE testpost.15 ---
file=match&searchType=People&searchAttr=full name
--- NEW FILE testpost.2 ---
file=/
--- NEW FILE testpost.3 ---
file=.
--- NEW FILE testpost.4 ---
file=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
--- NEW FILE testpost.5 ---
file=../aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
--- NEW FILE testpost.6 ---
file=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/..
--- NEW FILE testpost.7 ---
file=../../../../
--- NEW FILE testpost.8 ---
file=type
--- NEW FILE testpost.9 ---
file=attr
16 years, 2 months
[Fedora-directory-commits] dsgw dbtdsgw.h, 1.1.1.1, 1.2 dnedit.c, 1.3, 1.4 domodify.c, 1.2, 1.3 dsgw.h, 1.6, 1.7 dsgwutil.c, 1.8, 1.9 edit.c, 1.3, 1.4 entrydisplay.c, 1.5, 1.6 htmlout.c, 1.2, 1.3 ldaputil.c, 1.2, 1.3
by Doctor Conrad
Author: rmeggins
Update of /cvs/dirsec/dsgw
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv23811/dsgw
Modified Files:
dbtdsgw.h dnedit.c domodify.c dsgw.h dsgwutil.c edit.c
entrydisplay.c htmlout.c ldaputil.c
Log Message:
1) The old code used a CGI variable called completion_javascript - this variable contained arbitrary javascript code that was eval'd on in the client browser. I have removed this code and put it in the resource file. The dsgw code will set completion_javascript to one of the 3 keywords, and the new function emit_completion_javascript will look up the code in the resource file and output it with any required arguments. It just seems like a really bad idea to execute arbitrary blobs of javascript passed in a CGI argument.
2) Make the checking for the template file names stricter.
3) Added many new tests.
4) When removing unused or duplicate LDAP Mods, if we remove the last one, just free the entire array.
Index: dbtdsgw.h
===================================================================
RCS file: /cvs/dirsec/dsgw/dbtdsgw.h,v
retrieving revision 1.1.1.1
retrieving revision 1.2
diff -u -r1.1.1.1 -r1.2
--- dbtdsgw.h 1 Jun 2006 19:43:40 -0000 1.1.1.1
+++ dbtdsgw.h 19 Feb 2008 15:20:21 -0000 1.2
@@ -464,5 +464,20 @@
ResDef( DBT_missingArgumentForOrgChartSearchAttr_ , 413, "Missing argument for \"orgchart-attrib-farleft-rdn\" directive\n" )/*extracted from config.c*/
ResDef( DBT_theCharsetIsNotSupported , 414, "The charset is not supported\n" )
ResDef( DBT_invalidTemplateVarLen, 415, "The string length %d of template variable \"%s\" is too long\n" )
+ ResDef( DBT_completionJavascriptAdd, 416, "parent.updateList(parent.controlFrame.document.searchForm.faMode.value, parent.dnlist, parent.stagingFrame.dnlist, parent.outputFrame);parent.controlFrame.document.searchForm.faMode.value=\"add\";" )
+ ResDef( DBT_completionJavascriptStd, 417,
+ "if (dsmodify_dn.length == 0) "
+ "document.writeln( \\'<FONT SIZE=+1>\\' + dsmodify_info +"
+ " \\'</FONT>\\' );"
+ " else "
+ "parent.document.location.href=\\'edit?tmplname=%s"
+ "&context=%s&dn=\\' + dsmodify_dn + \\'&info=\\' + escape(dsmodify_info)\n"
+ )
+ ResDef( DBT_completionJavascriptCu, 418,
+ "var comp_js = 'var cu=\\\\\\\'edit?context=%s&dn=%s\\\\\\\'; this.document.location.href=cu;'\n"
+ )
+ ResDef( DBT_unknownValueForCompletionJavascript, 419,
+ "Invalid value '%s' for variable completion_javascript" )
+
END_STR(dsgw)
Index: dnedit.c
===================================================================
RCS file: /cvs/dirsec/dsgw/dnedit.c,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- dnedit.c 15 Jan 2008 18:23:43 -0000 1.3
+++ dnedit.c 19 Feb 2008 15:20:21 -0000 1.4
@@ -115,8 +115,10 @@
*
* Moral of the story - next time someone asks you to write C code which
* writes JavaScript code which writes JavaScript code... just say "no".
+ *
+ * I feel your pain, so I have removed the pain.
*/
- "var comp_js = 'var cu=\\\\\\\'%s?context=%s&dn=%s\\\\\\\'; this.document.location.href=cu;'\n",
+ "var comp_js = 'CU'\n",
dsgw_getvp( DSGW_CGINUM_EDIT ), context, edn );
dsgw_emits("var dnlist = new Array;\n" );
for ( i = 0; attrvals && attrvals[ i ] != NULL; i++ ) {
@@ -403,3 +405,11 @@
"</HTML>\n" );
return 0;
}
+
+/*
+ emacs settings
+ Local Variables:
+ indent-tabs-mode: t
+ tab-width: 8
+ End:
+*/
Index: domodify.c
===================================================================
RCS file: /cvs/dirsec/dsgw/domodify.c,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- domodify.c 28 Jan 2008 21:22:47 -0000 1.2
+++ domodify.c 19 Feb 2008 15:20:21 -0000 1.3
@@ -348,8 +348,10 @@
dsgw_emitf( "dsmodify_dn = '%s';\n",
( changetype == DSGW_CHANGETYPE_DELETE ) ? "":
encodeddn );
- dsgw_emitf( "eval('%s');\n", jscomp );
dsgw_emits( "</SCRIPT>\n" );
+ dsgw_emit_completion_javascript(jscomp,
+ ( changetype == DSGW_CHANGETYPE_DELETE ) ? "":
+ encodeddn );
}
} else {
jscomp = NULL;
@@ -468,6 +470,11 @@
if ( pmods != NULL ) {
remove_modifyops( pmods, attr );
+ if (!pmods[0]) {
+ /* removed the last one, so just free all of them */
+ free(pmods);
+ pmods = NULL;
+ }
}
}
}
Index: dsgw.h
===================================================================
RCS file: /cvs/dirsec/dsgw/dsgw.h,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- dsgw.h 31 Jan 2008 03:03:33 -0000 1.6
+++ dsgw.h 19 Feb 2008 15:20:21 -0000 1.7
@@ -793,6 +793,8 @@
char *dsgw_get_auth_cookie();
void dsgw_emit_helpbutton( char *topic );
void dsgw_emit_homebutton();
+void dsgw_emit_completion_javascript( const char *key_str, const char *dn );
+
char *dsgw_build_urlprefix();
void dsgw_init_searchprefs( struct ldap_searchobj **solistp );
void dsgw_addtemplate( dsgwtmpl **tlpp, char *template, int count,
@@ -827,7 +829,7 @@
unsigned long options );
void dsgw_display_entry( dsgwtmplinfo *tip, LDAP *ld, LDAPMessage *entry,
LDAPMessage *attrsonly_entry, char *dn );
-void dsgw_display_done( dsgwtmplinfo *tip );
+void dsgw_display_done( dsgwtmplinfo *tip, char *dn );
char *dsgw_mls_convertlines( char *val, char *sep, int *linesp, int emitlines,
int quote_html_specials );
void dsgw_set_searchdesc( dsgwtmplinfo *tip, char*, char*, char*);
Index: dsgwutil.c
===================================================================
RCS file: /cvs/dirsec/dsgw/dsgwutil.c,v
retrieving revision 1.8
retrieving revision 1.9
diff -u -r1.8 -r1.9
--- dsgwutil.c 1 Feb 2008 17:04:22 -0000 1.8
+++ dsgwutil.c 19 Feb 2008 15:20:21 -0000 1.9
@@ -262,8 +262,7 @@
char *path, *pattern;
int len;
- if ( strstr( filename, "//" ) != NULL ||
- strstr( filename, ".." ) != NULL ) {
+ if ( !dsgw_valid_docname(filename) ) {
dsgw_error( DSGW_ERR_BADFILEPATH, filename, DSGW_ERROPT_EXIT, 0, NULL );
}
Index: edit.c
===================================================================
RCS file: /cvs/dirsec/dsgw/edit.c,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- edit.c 28 Jan 2008 21:22:47 -0000 1.3
+++ edit.c 19 Feb 2008 15:20:21 -0000 1.4
@@ -233,7 +233,7 @@
tip = dsgw_display_init( DSGW_TMPLTYPE_DISPLAY, tmplname, options );
dsgw_display_entry( tip, ld, NULL, NULL, dn );
- dsgw_display_done( tip );
+ dsgw_display_done( tip, dn );
}
}
Index: entrydisplay.c
===================================================================
RCS file: /cvs/dirsec/dsgw/entrydisplay.c,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- entrydisplay.c 1 Feb 2008 17:04:22 -0000 1.5
+++ entrydisplay.c 19 Feb 2008 15:20:21 -0000 1.6
@@ -681,7 +681,7 @@
void
-dsgw_display_done( dsgwtmplinfo *tip )
+dsgw_display_done( dsgwtmplinfo *tip, char *dn )
{
char line[ BIG_LINE ], *jscomp;
@@ -700,6 +700,7 @@
jscomp = dsgw_get_cgi_var( "completion_javascript",
DSGW_CGIVAR_OPTIONAL );
if ( jscomp != NULL ) {
+ dsgw_emit_completion_javascript(jscomp, dn ? dn : "");
dsgw_emits( "<SCRIPT LANGUAGE=\"JavaScript\">\n" );
dsgw_emitf( "eval('%s');\n", jscomp );
dsgw_emits( "</SCRIPT>\n" );
@@ -2853,14 +2854,10 @@
{
if ( template != NULL ) {
dsgw_emitf(
- "<INPUT TYPE=\"hidden\" NAME=\"completion_javascript\" VALUE=\""
- "if (dsmodify_dn.length == 0) "
- "document.writeln( \\'<FONT SIZE=+1>\\' + dsmodify_info +"
- " \\'</FONT>\\' );"
- " else "
- "parent.document.location.href=\\'%s?tmplname=%s"
- "&context=%s&dn=\\' + dsmodify_dn + \\'&info=\\' + escape(dsmodify_info)\">\n",
- dsgw_getvp( DSGW_CGINUM_EDIT ), template, context );
+ "<INPUT TYPE=\"hidden\" NAME=\"compjs_tmplname\" VALUE=\"%s\">\n",
+ template);
+ dsgw_emits(
+ "<INPUT TYPE=\"hidden\" NAME=\"completion_javascript\" VALUE=\"STD\">\n");
}
}
Index: htmlout.c
===================================================================
RCS file: /cvs/dirsec/dsgw/htmlout.c,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- htmlout.c 14 Jan 2008 22:58:30 -0000 1.2
+++ htmlout.c 19 Feb 2008 15:20:21 -0000 1.3
@@ -458,6 +458,62 @@
dsgw_emits ( "document.confirmForm.submit();\n");
}
+void
+dsgw_emit_completion_javascript(
+ const char *key_str,
+ const char *dn
+)
+{
+ char *tmplname = NULL;
+ char *context = dsgw_get_cgi_var("context", DSGW_CGIVAR_OPTIONAL);
+ int key;
+ char *msg = NULL;
+
+ if (!key_str) {
+ return;
+ }
+
+ if (!strcasecmp(key_str, "ADD")) {
+ key = DBT_completionJavascriptAdd;
+ } else if (!strcasecmp(key_str, "STD")) {
+ key = DBT_completionJavascriptStd;
+ } else if (!strcasecmp(key_str, "CU")) {
+ key = DBT_completionJavascriptCu;
+ } else {
+ char *fmt = XP_GetClientStr(DBT_unknownValueForCompletionJavascript);
+ msg = PR_smprintf(fmt, key_str);
+ dsgw_error( DSGW_ERR_BADFORMDATA, msg, DSGW_ERROPT_EXIT, 0, NULL );
+ return;
+ }
+
+ msg = XP_GetClientStr(key);
+
+ dsgw_emits( "<SCRIPT LANGUAGE=\"JavaScript\">\n" );
+ switch (key) {
+ case DBT_completionJavascriptAdd:
+ dsgw_emits(msg);
+ break;
+ case DBT_completionJavascriptStd:
+ tmplname = dsgw_get_cgi_var("compjs_tmplname", DSGW_CGIVAR_REQUIRED);
+ if (!dsgw_valid_docname(tmplname)) {
+ dsgw_error( DSGW_ERR_BADFILEPATH, tmplname,
+ DSGW_ERROPT_EXIT, 0, NULL );
+ } else {
+ dsgw_emitf(msg, tmplname, context);
+ }
+ break;
+ case DBT_completionJavascriptCu:
+ dsgw_emitf(msg, context, dn);
+ break;
+ default:
+ /* error unknown key %d for completion javascript handling */
+ break;
+ }
+ dsgw_emits( "</SCRIPT>\n" );
+
+ return;
+}
+
/*
emacs settings
Local Variables:
Index: ldaputil.c
===================================================================
RCS file: /cvs/dirsec/dsgw/ldaputil.c,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- ldaputil.c 28 Jan 2008 21:22:47 -0000 1.2
+++ ldaputil.c 19 Feb 2008 15:20:21 -0000 1.3
@@ -793,7 +793,7 @@
}
}
- dsgw_display_done( tip );
+ dsgw_display_done( tip, NULL );
}
@@ -930,7 +930,7 @@
} else {
/* use template to create a nicely formatted display */
dsgw_display_entry( tip, ld, entry, aoentry, NULL );
- dsgw_display_done( tip );
+ dsgw_display_done( tip, dn );
}
if ( attr0 != NULL ) {
16 years, 2 months