ldap/servers
by Nathan Kinder
ldap/servers/slapd/log.c | 18 +++++++++++++++---
1 file changed, 15 insertions(+), 3 deletions(-)
New commits:
commit d79ff62e6b750a365dcee0e63a9c4002fe00a7cf
Author: Nathan Kinder <nkinder(a)redhat.com>
Date: Mon Mar 7 11:52:26 2011 -0800
Bug 504803 - Allow maxlogsize to be set if logmaxdiskspace is -1
Both the maxlogsize and logmaxdiskspace parameters are allowed to
have values of -1. If you set logmaxdiskspace to -1 and then
later attempt to set maxlogsize to any other valid value, the
server rejects the change with an operations error.
The problem is that the two parameters are compared to ensure that
maxlogsize is not greater and the logmaxdiskspace. We need to
skip this check if logmaxdiskspace is unlimited (-1). I also found
that we were converting -1 to a smaller negative number when doing
the MB->bytes conversion. This causes other validation errors that
expect -1, but not a smaller negative number. The fix is to skip
the conversion to bytes and just set a value of -1.
diff --git a/ldap/servers/slapd/log.c b/ldap/servers/slapd/log.c
index 98090e8..f5ad2dc 100644
--- a/ldap/servers/slapd/log.c
+++ b/ldap/servers/slapd/log.c
@@ -4162,14 +4162,26 @@ check_log_max_size( char *maxdiskspace_str,
if ( maxdiskspace == -1 ) {
maxdiskspace = current_maxdiskspace;
}
- maxdiskspaceB = (PRInt64)maxdiskspace * LOG_MB_IN_BYTES;
+
+ if ( maxdiskspace == -1 ) {
+ maxdiskspaceB = -1;
+ } else {
+ maxdiskspaceB = (PRInt64)maxdiskspace * LOG_MB_IN_BYTES;
+ }
if ( mlogsize == -1 ) {
mlogsize = current_mlogsize;
}
- mlogsizeB = (PRInt64)mlogsize * LOG_MB_IN_BYTES;
+
+ if ( mlogsize == -1 ) {
+ mlogsizeB = -1;
+ } else {
+ mlogsizeB = (PRInt64)mlogsize * LOG_MB_IN_BYTES;
+ }
- if ( maxdiskspace < mlogsize )
+ /* If maxdiskspace is negative, it is unlimited. There is
+ * no need to compate it to the logsize in this case. */
+ if (( maxdiskspace >= 0 ) && ( maxdiskspace < mlogsize ))
{
/* fail */
PR_snprintf ( returntext, SLAPI_DSE_RETURNTEXT_SIZE,
13 years, 1 month
src/com
by Nathan Kinder
src/com/netscape/admin/dirserv/panel/LogPanel.java | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
New commits:
commit d55444d7439a487857b3a4ad9870eef84123a2f0
Author: Nathan Kinder <nkinder(a)redhat.com>
Date: Mon Mar 7 11:25:42 2011 -0800
Bug 504803 - Allow nsslapd-*-logmaxdiskspace to be set to -1 in UI
It is not currently possible to set the total log maximum disk
space parameter to "-1" in the Console for the access log or the
error log. This is a valid parameter in the server that means
"unlimited".
The problem is that the validation method wants to ensure that the
max disk space is not less than the size configured for a single log
file. We should not perform this check if the max disk space is
unlimited (-1).
diff --git a/src/com/netscape/admin/dirserv/panel/LogPanel.java b/src/com/netscape/admin/dirserv/panel/LogPanel.java
index 6744df3..395085c 100644
--- a/src/com/netscape/admin/dirserv/panel/LogPanel.java
+++ b/src/com/netscape/admin/dirserv/panel/LogPanel.java
@@ -596,7 +596,9 @@ abstract public class LogPanel extends BlankPanel {
try {
int logSizeValue = Integer.parseInt(logSize);
int maxDiskSpaceValue = Integer.parseInt(maxDiskSpace);
- if (logSizeValue > maxDiskSpaceValue) {
+ // If max disk space is unlimited (-1), there's no need to compare
+ // it with the individual log size.
+ if ((maxDiskSpaceValue >= 0) && (logSizeValue > maxDiskSpaceValue)) {
setChangeState(_lLogSize, CHANGE_STATE_ERROR );
setChangeState(_lMaxDiskSpace, CHANGE_STATE_ERROR );
clearValidFlag();
13 years, 1 month
help/en src/com
by Nathan Kinder
help/en/help/configtab_logs.html | 4
src/com/netscape/admin/dirserv/dirserv.properties | 43 ++++---
src/com/netscape/admin/dirserv/panel/AccessLogConfigurePanel.java | 57 +++++++++-
src/com/netscape/admin/dirserv/panel/ErrorLogConfigurePanel.java | 4
4 files changed, 87 insertions(+), 21 deletions(-)
New commits:
commit c8566dadd049f29308ae736bf6a2cff713a2f768
Author: Nathan Kinder <nkinder(a)redhat.com>
Date: Mon Mar 7 10:31:20 2011 -0800
Bug 474113 - Allow access log level to be configured from Console
This adds a log level list to the access log configuration in Console. One can
select what log levels they want to set for the access log and update the configuration
on the server. This was previously only possible for the errors log.
diff --git a/help/en/help/configtab_logs.html b/help/en/help/configtab_logs.html
index a37ada7..ce3721c 100644
--- a/help/en/help/configtab_logs.html
+++ b/help/en/help/configtab_logs.html
@@ -69,3 +69,7 @@ Note that the newly configured access mode will only affect new logs that are cr
<p class="text">
<b>When a file is older than. </b>The server will delete an archived access log when the file is older than the age you specify.
</p>
+
+<p class="text">
+<b>Log Level. </b>Specifies the kinds of access messages the server should store in the access log. By default, the connections, operations, and results option is selected. Multiple levels can be selected at the same time.
+</p>
diff --git a/src/com/netscape/admin/dirserv/dirserv.properties b/src/com/netscape/admin/dirserv/dirserv.properties
index 14e9eca..3aa360a 100644
--- a/src/com/netscape/admin/dirserv/dirserv.properties
+++ b/src/com/netscape/admin/dirserv/dirserv.properties
@@ -971,24 +971,31 @@ log-viewLog-mnemonic=L
# log-viewLog-ttip=Show the current log contents in a dialog box
log-isAuditingEnabled-default=false
log-logLevel-title=Log Level
-log-logLevel-label=Log Level
-log-logLevel-ttip=Specifies the kinds of error and event messages the server should store.
-log-logLevel-default=
-log-logLevel-1=Trace function calls
-log-logLevel-2=Packet handling
-log-logLevel-3=Heavy trace output
-log-logLevel-4=Connection management
-log-logLevel-5=Packets sent/received
-log-logLevel-6=Search filter processing
-log-logLevel-7=Config file processing
-log-logLevel-8=Access control list processing
-log-logLevel-9=Log communications with shell databases
-log-logLevel-10=Log entry parsing
-log-logLevel-11=Housekeeping
-log-logLevel-12=Replication
-log-logLevel-13=Entry cache
-log-logLevel-14=Plug-ins
-log-logLevel-15=Access control summary
+log-errorlogLevel-label=Log Level
+log-errorlogLevel-ttip=Specifies the kinds of error and event messages the server should store.
+log-errorlogLevel-default=
+log-errorlogLevel-1=Trace function calls
+log-errorlogLevel-2=Packet handling
+log-errorlogLevel-3=Heavy trace output
+log-errorlogLevel-4=Connection management
+log-errorlogLevel-5=Packets sent/received
+log-errorlogLevel-6=Search filter processing
+log-errorlogLevel-7=Config file processing
+log-errorlogLevel-8=Access control list processing
+log-errorlogLevel-9=Log communications with shell databases
+log-errorlogLevel-10=Log entry parsing
+log-errorlogLevel-11=Housekeeping
+log-errorlogLevel-12=Replication
+log-errorlogLevel-13=Entry cache
+log-errorlogLevel-14=Plug-ins
+log-errorlogLevel-15=Access control summary
+log-accesslogLevel-label=Log Level
+log-accesslogLevel-ttip=Specifies the kinds of access messages the server should store.
+log-accesslogLevel-default=2
+log-accesslogLevel-1=Internal operations
+log-accesslogLevel-2=Connections, operations, and results
+log-accesslogLevel-3=Entry access and referrals
+log-accesslogLevel-4=Microsecond Timing
log-invalid-filename-title=Error Updating Directory
log-invalid-filename-msg=Invalid file name: %0
log-save-error-title=Error
diff --git a/src/com/netscape/admin/dirserv/panel/AccessLogConfigurePanel.java b/src/com/netscape/admin/dirserv/panel/AccessLogConfigurePanel.java
index ddddb5f..bc54ece 100644
--- a/src/com/netscape/admin/dirserv/panel/AccessLogConfigurePanel.java
+++ b/src/com/netscape/admin/dirserv/panel/AccessLogConfigurePanel.java
@@ -63,12 +63,67 @@ public class AccessLogConfigurePanel extends LogPanel
super.init();
createEnableArea();
createConfigArea();
- addBottomGlue ();
+ createLevelArea();
+ addBottomGlue ();
enableFields( _cbEnabled.isSelected() );
super.postInit();
}
+ private void createLevelArea() {
+ _liLogLevel = makeJList("log","accesslogLevel", "");
+ JScrollPane spLogLevel = new JScrollPane(_liLogLevel);
+ DSEntrySet entries = getDSEntrySet();
+ DSEntryBitList logLevelDSEntry = new DSEntryBitList(_liLogLevel, _masks);
+
+ entries.add(LOG_DN, ACCESS_LEVEL_ATTR_NAME, logLevelDSEntry);
+ setComponentTable(_liLogLevel, logLevelDSEntry);
+
+ JPanel grid = new GroupPanel(_resource.getString( _section,
+ "logLevel-title" ));
+ grid.setLayout(new GridBagLayout());
+ GridBagConstraints gbc = new GridBagConstraints();
+
+ gbc.gridwidth = gbc.REMAINDER;
+ gbc.fill = gbc.HORIZONTAL;
+ gbc.anchor = gbc.CENTER;
+ gbc.ipady = 0;
+ gbc.weightx = 1.0;
+ gbc.weighty = 0.0;
+ gbc.gridx = gbc.RELATIVE;
+ gbc.gridy = gbc.RELATIVE;
+ gbc.insets = getComponentInsets();
+ gbc.insets.bottom = UIFactory.getDifferentSpace();
+ _myPanel.add(grid, gbc);
+
+ gbc.gridwidth = 1;
+ gbc.gridheight = 1;
+ gbc.anchor = gbc.CENTER;
+ gbc.ipady = 0;
+ gbc.weighty = 0.0;
+ gbc.insets = getComponentInsets();
+ gbc.anchor = gbc.WEST;
+ gbc.gridwidth = gbc.REMAINDER;
+ gbc.weightx = 1.0;
+ gbc.fill = gbc.HORIZONTAL;
+ grid.add(spLogLevel,gbc);
+ }
+
+ protected void enableFields( boolean enable ) {
+ if ( _liLogLevel != null )
+ _liLogLevel.setEnabled(enable);
+ super.enableFields( enable );
+ }
+
LogContentPanel getViewerPanel() {
return new AccessLogContentPanel( getModel() );
}
+
+ static final String ACCESS_LEVEL_ATTR_NAME = "nsslapd-accesslog-level";
+ private JList _liLogLevel;
+
+ // The log level to mask mapping is sparse, unfortunately
+ private static final int[] _masks = { 0x0004,
+ 0x0100,
+ 0x0200,
+ 0x20000 };
}
diff --git a/src/com/netscape/admin/dirserv/panel/ErrorLogConfigurePanel.java b/src/com/netscape/admin/dirserv/panel/ErrorLogConfigurePanel.java
index f9d6f2d..a3a9a65 100644
--- a/src/com/netscape/admin/dirserv/panel/ErrorLogConfigurePanel.java
+++ b/src/com/netscape/admin/dirserv/panel/ErrorLogConfigurePanel.java
@@ -61,13 +61,13 @@ public class ErrorLogConfigurePanel extends LogPanel {
createEnableArea();
createConfigArea();
createLevelArea();
- addBottomGlue ();
+ addBottomGlue ();
enableFields( _cbEnabled.isSelected() );
super.postInit();
}
private void createLevelArea() {
- _liLogLevel = makeJList("log","logLevel", "");
+ _liLogLevel = makeJList("log","errorlogLevel", "");
JScrollPane spLogLevel = new JScrollPane(_liLogLevel);
DSEntrySet entries = getDSEntrySet();
13 years, 1 month
Branch '389-ds-base-1.2.8' - ldap/servers
by Richard Allen Megginson
ldap/servers/slapd/test-plugins/testbind.c | 1 +
1 file changed, 1 insertion(+)
New commits:
commit c1bfc3e05a402059b8a95f57897b4622bd7b3813
Author: Rich Megginson <rmeggins(a)redhat.com>
Date: Mon Mar 7 11:24:39 2011 -0700
Bug 644784 - Memory leak in "testbind.c" plugin
https://bugzilla.redhat.com/show_bug.cgi?id=644784
Resolves: bug 644784
Bug Description: Memory leak in "testbind.c" plugin
Reviewed by: rmeggins (submitted by paolo.campegiani(a)gmail.com)
Branch: 389-ds-base-1.2.8
Fix Description: Free the entry
Platforms tested: RHEL6 x86_64
Flag Day: no
Doc impact: no
diff --git a/ldap/servers/slapd/test-plugins/testbind.c b/ldap/servers/slapd/test-plugins/testbind.c
index a065279..9e44a31 100644
--- a/ldap/servers/slapd/test-plugins/testbind.c
+++ b/ldap/servers/slapd/test-plugins/testbind.c
@@ -216,6 +216,7 @@ test_bind( Slapi_PBlock *pb )
break;
}
+ slapi_entry_free( e );
slapi_send_ldap_result( pb, rc, NULL, NULL, 0, NULL );
return( 1 );
}
13 years, 1 month
ldap/servers
by Richard Allen Megginson
ldap/servers/slapd/test-plugins/testbind.c | 1 +
1 file changed, 1 insertion(+)
New commits:
commit df575d3d65a31237bed4cb89db165ed00c0331a7
Author: Rich Megginson <rmeggins(a)redhat.com>
Date: Mon Mar 7 11:24:39 2011 -0700
Bug 644784 - Memory leak in "testbind.c" plugin
https://bugzilla.redhat.com/show_bug.cgi?id=644784
Resolves: bug 644784
Bug Description: Memory leak in "testbind.c" plugin
Reviewed by: rmeggins (submitted by paolo.campegiani(a)gmail.com)
Branch: master
Fix Description: Free the entry
Platforms tested: RHEL6 x86_64
Flag Day: no
Doc impact: no
diff --git a/ldap/servers/slapd/test-plugins/testbind.c b/ldap/servers/slapd/test-plugins/testbind.c
index a065279..9e44a31 100644
--- a/ldap/servers/slapd/test-plugins/testbind.c
+++ b/ldap/servers/slapd/test-plugins/testbind.c
@@ -216,6 +216,7 @@ test_bind( Slapi_PBlock *pb )
break;
}
+ slapi_entry_free( e );
slapi_send_ldap_result( pb, rc, NULL, NULL, 0, NULL );
return( 1 );
}
13 years, 1 month
console/src/com/netscape/management/client/security CertInstallSetTrustPage.java, 1.1.1.1, 1.2 CertificateDialog.java, 1.1.1.1, 1.2
by Noriko Hosoi
Author: nhosoi
Update of /cvs/dirsec/console/src/com/netscape/management/client/security
In directory cvs01.phx2.fedoraproject.org:/tmp/cvs-serv5197/src/com/netscape/management/client/security
Modified Files:
CertInstallSetTrustPage.java CertificateDialog.java
Log Message:
Bug 158926 - Unable to install CA certificate when using hardware token
( LunaSA )
https://bugzilla.redhat.com/show_bug.cgi?id=158926
Description: CertificateDialog passes the token name selected from the
Security Device menu to ServerCertificatePane, but NOT to CACertificatePane.
Due to this, when a hardware token was selected as a Security Device on
CACertificatePane, installing CA cert was not forwarded to the hardware
token. Also, it was missing to send a passowrd for the Security Device on
CACertificatePane, which caused the install fail with an error "Password".
This patch solves the problems.
Index: CertInstallSetTrustPage.java
===================================================================
RCS file: /cvs/dirsec/console/src/com/netscape/management/client/security/CertInstallSetTrustPage.java,v
retrieving revision 1.1.1.1
retrieving revision 1.2
diff -u -r1.1.1.1 -r1.2
--- CertInstallSetTrustPage.java 18 Jul 2005 00:34:15 -0000 1.1.1.1
+++ CertInstallSetTrustPage.java 4 Mar 2011 17:18:58 -0000 1.2
@@ -33,6 +33,7 @@
class CertInstallSetTrustPage extends WizardPage implements SuiConstants {
JCheckBox clientTrust, serverTrust;
+ Hashtable pwdCache = new Hashtable();
public boolean nextInvoked() {
boolean canProceed = false;
@@ -56,6 +57,10 @@
args.put("dercert" , dataCollectionModel.getValue("dercert"));
args.put("certtype" , dataCollectionModel.getValue("certtype"));
args.put("certname" , dataCollectionModel.getValue("certname"));
+ for (Enumeration e=pwdCache.keys(); e.hasMoreElements();) {
+ Object tokenPwd = e.nextElement();
+ args.put(tokenPwd, pwdCache.get(tokenPwd));
+ }
int t = (clientTrust.isSelected()?EditTrustDialog.TRUSTED_CLIENT_CA:0) |
(serverTrust.isSelected()?EditTrustDialog.TRUSTED_CA:0);
@@ -70,6 +75,8 @@
consoleInfo.getAuthenticationDN(),
consoleInfo.getAuthenticationPassword());
+ SecurityUtil.execWithPwdInput(admTask, args, pwdCache);
+
admTask.setArguments(args);
admTask.exec();
Index: CertificateDialog.java
===================================================================
RCS file: /cvs/dirsec/console/src/com/netscape/management/client/security/CertificateDialog.java,v
retrieving revision 1.1.1.1
retrieving revision 1.2
diff -u -r1.1.1.1 -r1.2
--- CertificateDialog.java 18 Jul 2005 00:34:16 -0000 1.1.1.1
+++ CertificateDialog.java 4 Mar 2011 17:18:58 -0000 1.2
@@ -285,6 +285,7 @@
}
CertificateDialog.this.serverCertificatePane.setTokenName(token.toString());
+ CertificateDialog.this.caCertificatePane.setTokenName(token.toString());
SwingUtilities.invokeLater(new Runnable() {
public void run() {
13 years, 1 month
admserv/cgi-src40
by Noriko Hosoi
admserv/cgi-src40/security.c | 100 +++++++++++++++++++++++++++----------------
1 file changed, 63 insertions(+), 37 deletions(-)
New commits:
commit f7554f273e9919890732bc6253297ada56c76d08
Author: Noriko Hosoi <nhosoi(a)redhat.com>
Date: Thu Mar 3 15:51:47 2011 -0800
Bug 158926 - Unable to install CA certificate when using
hardware token ( LunaSA )
https://bugzilla.redhat.com/show_bug.cgi?id=158926
Description: Installing/Importing CA cert to the hardware token
was not correctly supported in the security CGI. This patch
passes hardware token name to the installCACert helper function
and get the correct slot for the hardware token. Then, import
the cert to the slot.
diff --git a/admserv/cgi-src40/security.c b/admserv/cgi-src40/security.c
index c53f065..2941eb3 100644
--- a/admserv/cgi-src40/security.c
+++ b/admserv/cgi-src40/security.c
@@ -1311,8 +1311,9 @@ static void printDERCert(int isCACert) {
/*
* Install a server certificate.
*/
-static void installServerCert(char *tokenName, char *certname) {
-
+static void
+installServerCert(char *tokenName, char *certname)
+{
SECStatus rv;
CERTCertificate *cert;
CERTCertTrust trust;
@@ -1397,43 +1398,66 @@ static void installServerCert(char *tokenName, char *certname) {
/*
* Install a CA cert and set its trust
*/
-static void installCACert(char *certname) {
-
- /* need to decode der cert */
- char *derCertBase64 = getParameter("dercert",getResourceString(DBT_DER_CERT));
- CERTDERCerts *collectArgs = decodeDERCert(derCertBase64);
-
- /* remove leading space in certificate name */
- if (certname) {
- while (isspace(*certname)) ++certname;
- }
-
- /* Import CA Cert and set trust */
- {
+static void
+installCACert(char *tokenName, char *certname)
+{
+ /* need to decode der cert */
+ CERTCertificate *cert;
+ char *derCertBase64 = NULL;
+ CERTDERCerts *collectArgs = NULL;
+ PK11SlotInfo *slot = NULL;
CERTCertificate **retCerts = 0;
PRBool keepCerts = PR_TRUE;
PRBool caOnly = PR_TRUE;
- char *nickname = certname;
- char *truststr = getParameter("trust_flag",getResourceString(DBT_TRUST));
+ char *nickname = certname;
+ char *truststr = NULL;
+ char *endptr = NULL;
+ int trustflag;
int trustedCA;
- char *endptr = NULL;
- int trustflag = strtol(truststr, &endptr, 0);
+ SECStatus rc = 0;
- if ((*truststr == '\0') || !endptr || (*endptr != '\0')) {
- /* invalid trust flags */
- errorRpt(GENERAL_FAILURE, getResourceString(DBT_TRUST_SET_FAIL));
- }
- trustedCA = (trustflag & CERTDB_TRUSTED_CA);
- CERT_ImportCerts(certdb,(trustedCA ? certUsageSSLCA : certUsageAnyCA),
+ derCertBase64 = getParameter("dercert",getResourceString(DBT_DER_CERT));
+ collectArgs = decodeDERCert(derCertBase64);
+
+ truststr = getParameter("trust_flag",getResourceString(DBT_TRUST));
+ trustflag = strtol(truststr, &endptr, 0);
+ if (tokenName) {
+ slot = PK11_FindSlotByName(tokenName);
+ } else {
+ slot = PK11_GetInternalKeySlot();
+ }
+ /* remove leading space in certificate name */
+ if (certname) {
+ while (isspace(*certname)) ++certname;
+ }
+
+ /* Import CA Cert and set trust */
+ if ((*truststr == '\0') || !endptr || (*endptr != '\0')) {
+ /* invalid trust flags */
+ errorRpt(GENERAL_FAILURE, getResourceString(DBT_TRUST_SET_FAIL));
+ }
+ trustedCA = (trustflag & CERTDB_TRUSTED_CA);
+ rc = CERT_ImportCerts(certdb, (trustedCA ? certUsageSSLCA : certUsageAnyCA),
collectArgs->numcerts, &collectArgs->rawCerts,
&retCerts, keepCerts, caOnly, nickname);
+ CERT_FindCertByDERCert(certdb, collectArgs->rawCerts);
+ cert = retCerts[0];
+ rc = PK11_ImportCert(slot, cert, CK_INVALID_HANDLE, certname, PR_FALSE);
+ if (rc != SECSuccess) {
+ char *tmpLine = (char *)PR_Malloc(PR_GetErrorTextLength()+1);
+ PR_GetErrorText(tmpLine);
+ PR_snprintf(line, sizeof(line), "%d:%s", PR_GetError(), tmpLine);
+ PR_Free(tmpLine);
+ /* if unable to import report error */
+ rpt_err(SYSTEM_ERROR, getResourceString(DBT_INTERNAL_ERROR),
+ getResourceString(DBT_INSTALL_FAIL), line);
+ }
- if(!CERT_FindCertByDERCert(certdb, collectArgs->rawCerts)) {
- errorRpt(GENERAL_FAILURE, getResourceString(DBT_INSTALL_FAIL));
+ if(NULL == PK11_FindCertInSlot(slot, cert, NULL)) {
+ errorRpt(GENERAL_FAILURE, getResourceString(DBT_INSTALL_FAIL));
}
setTrust(processNullString(getMD5Fingerprint(retCerts[0])), trustflag);
- }
}
@@ -1965,18 +1989,21 @@ static void keyCertMigrate() {
int main(int argc, char *argv[])
{
/* cgi env setup */
- int _ai = ADMUTIL_Init();
- char * m = getenv("REQUEST_METHOD");
+ char *m = NULL;
char msg[BIG_LINE];
AdmldapInfo ldapInfo; /* our config */
int rc = 0;
char *sie;
- char *configdir = util_get_conf_dir();
- const char *secdir = util_get_security_dir();
+ char *configdir = NULL;
+ const char *secdir = NULL;
#if 0
CGI_Debug("security");
#endif
+ ADMUTIL_Init();
+ m = getenv("REQUEST_METHOD");
+ configdir = util_get_conf_dir();
+ secdir = util_get_security_dir();
/*setup i18n stuff*/
{
@@ -2013,7 +2040,6 @@ int main(int argc, char *argv[])
}
securitydir = getSecurityDir(ldapInfo, sie);
-
{
char* operation = getParameter("formop",getResourceString(DBT_OP));
@@ -2079,11 +2105,11 @@ int main(int argc, char *argv[])
else { /* install a certificate */
char *certName = get_cgi_var("certname", NULL, NULL);
+ char *tokenName =
+ getParameter("tokenname",getResourceString(DBT_TOKEN_NAME));
if (isCACert) {
- installCACert(certName);
- }
- else {
- char *tokenName = getParameter("tokenname",getResourceString(DBT_TOKEN_NAME));
+ installCACert(tokenName, certName);
+ } else {
installServerCert(tokenName, certName);
}
}
13 years, 1 month
esc/win32 build.sh,1.16,1.17
by Jack Magne
Author: jmagne
Update of /cvs/dirsec/esc/win32
In directory cvs01.phx2.fedoraproject.org:/tmp/cvs-serv11465
Modified Files:
build.sh
Log Message:
Bump xulrunner version.
Index: build.sh
===================================================================
RCS file: /cvs/dirsec/esc/win32/build.sh,v
retrieving revision 1.16
retrieving revision 1.17
diff -u -r1.16 -r1.17
--- build.sh 22 Jan 2011 04:35:32 -0000 1.16
+++ build.sh 3 Mar 2011 21:55:51 -0000 1.17
@@ -100,9 +100,9 @@
XULRUNNER_DIR=xulrunner
XULRUNNER_FTP_PATH=http://releases.mozilla.org/pub/mozilla.org/
-XULRUNNER_PATH=xulrunner/releases/1.9.2.13/runtimes/
+XULRUNNER_PATH=xulrunner/releases/1.9.2.14/runtimes/
-XULRUNNER_ARCHIVE=xulrunner-1.9.2.13.en-US.win32.zip
+XULRUNNER_ARCHIVE=xulrunner-1.9.2.14.en-US.win32.zip
#Base Dirctory calc
13 years, 1 month
Branch '389-ds-base-1.2.8' - ldap/servers
by Nathan Kinder
ldap/servers/plugins/replication/windows_protocol_util.c | 41 +++++++++++++--
1 file changed, 37 insertions(+), 4 deletions(-)
New commits:
commit b6c75e3535fb5084be0ebe3b481885e83e2256d0
Author: Nathan Kinder <nkinder(a)redhat.com>
Date: Thu Mar 3 12:10:47 2011 -0800
Bug 680558 - Winsync plugin fails to restrain itself to the configured subtree
When an operation against an entry that is in the same database that is used
by a sync agreement, but falls outside of the sync agreement, a message is
logged at the fatal error level stating that the local entry could not be
fetched. The issue is that the sync code searches for the entry by uniqueid
within the sync agreement scope, which fails to find the entry. This search
is fine, but we should not log it as a fatal message.
The fix is to only log a fatal message when we fail to fetch a local entry
that falls within the sync agreement. This patch adds a new helper to check
if a DN is within the sync agreement scope, which is used to determine if a
fatal error should be logged.
diff --git a/ldap/servers/plugins/replication/windows_protocol_util.c b/ldap/servers/plugins/replication/windows_protocol_util.c
index 428f5f1..dc3754b 100644
--- a/ldap/servers/plugins/replication/windows_protocol_util.c
+++ b/ldap/servers/plugins/replication/windows_protocol_util.c
@@ -64,6 +64,7 @@ static void extract_guid_from_entry_bv(Slapi_Entry *e, const struct berval **bv)
#endif
static void windows_map_mods_for_replay(Private_Repl_Protocol *prp,LDAPMod **original_mods, LDAPMod ***returned_mods, int is_user, char** password);
static int is_subject_of_agreement_local(const Slapi_Entry *local_entry,const Repl_Agmt *ra);
+static int is_dn_subject_of_agreement_local(const Slapi_DN *sdn, const Repl_Agmt *ra);
static int windows_create_remote_entry(Private_Repl_Protocol *prp,Slapi_Entry *original_entry, Slapi_DN *remote_sdn, Slapi_Entry **remote_entry, char** password);
static int windows_get_local_entry(const Slapi_DN* local_dn,Slapi_Entry **local_entry);
static int windows_get_local_entry_by_uniqueid(Private_Repl_Protocol *prp,const char* uniqueid,Slapi_Entry **local_entry, int is_global);
@@ -1411,10 +1412,21 @@ windows_replay_update(Private_Repl_Protocol *prp, slapi_operation_parameters *op
op->operation_type = SLAPI_OPERATION_DELETE;
is_ours_force = 1;
} else {
- slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name,
- "%s: windows_replay_update: failed to fetch local entry for %s operation dn=\"%s\"\n",
- agmt_get_long_name(prp->agmt),
- op2string(op->operation_type), op->target_address.dn);
+ /* We only searched within the subtree in the agreement, so we should not print
+ * an error if we didn't find the entry and the DN is outside of the agreement scope. */
+ if (is_dn_subject_of_agreement_local(local_dn, prp->agmt)) {
+ slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name,
+ "%s: windows_replay_update: failed to fetch local entry for %s operation dn=\"%s\"\n",
+ agmt_get_long_name(prp->agmt),
+ op2string(op->operation_type), op->target_address.dn);
+ } else {
+ slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name,
+ "%s: windows_replay_update: Looking at %s operation local dn=\"%s\" (%s)\n",
+ agmt_get_long_name(prp->agmt),
+ op2string(op->operation_type), op->target_address.dn, is_ours ? "ours" : "not ours");
+ }
+ /* Just bail on this change. We don't want to do any
+ * further checks since we don't have a local entry. */
goto error;
}
}
@@ -3725,6 +3737,27 @@ error:
return retval;
}
+/* Tests if a DN is within the scope of our agreement */
+static int
+is_dn_subject_of_agreement_local(const Slapi_DN *sdn, const Repl_Agmt *ra)
+{
+ int retval = 0;
+ const Slapi_DN *agreement_subtree = NULL;
+
+ /* Get the subtree from the agreement */
+ agreement_subtree = windows_private_get_directory_subtree(ra);
+ if (NULL == agreement_subtree)
+ {
+ goto error;
+ }
+
+ /* Check if the DN is within the subtree */
+ retval = slapi_sdn_scope_test(sdn, agreement_subtree, LDAP_SCOPE_SUBTREE);
+
+error:
+ return retval;
+}
+
/* Tests if the entry is subject to our agreement (i.e. is it in the sync'ed subtree in AD and either a user or a group ?) */
static int
is_subject_of_agreement_remote(Slapi_Entry *e, const Repl_Agmt *ra)
13 years, 1 month
ldap/servers
by Nathan Kinder
ldap/servers/plugins/replication/windows_protocol_util.c | 41 +++++++++++++--
1 file changed, 37 insertions(+), 4 deletions(-)
New commits:
commit 4f30419596e8aaf411dc5cb9ab9bf88ddb4b791f
Author: Nathan Kinder <nkinder(a)redhat.com>
Date: Thu Mar 3 12:10:47 2011 -0800
Bug 680558 - Winsync plugin fails to restrain itself to the configured subtree
When an operation against an entry that is in the same database that is used
by a sync agreement, but falls outside of the sync agreement, a message is
logged at the fatal error level stating that the local entry could not be
fetched. The issue is that the sync code searches for the entry by uniqueid
within the sync agreement scope, which fails to find the entry. This search
is fine, but we should not log it as a fatal message.
The fix is to only log a fatal message when we fail to fetch a local entry
that falls within the sync agreement. This patch adds a new helper to check
if a DN is within the sync agreement scope, which is used to determine if a
fatal error should be logged.
diff --git a/ldap/servers/plugins/replication/windows_protocol_util.c b/ldap/servers/plugins/replication/windows_protocol_util.c
index 428f5f1..dc3754b 100644
--- a/ldap/servers/plugins/replication/windows_protocol_util.c
+++ b/ldap/servers/plugins/replication/windows_protocol_util.c
@@ -64,6 +64,7 @@ static void extract_guid_from_entry_bv(Slapi_Entry *e, const struct berval **bv)
#endif
static void windows_map_mods_for_replay(Private_Repl_Protocol *prp,LDAPMod **original_mods, LDAPMod ***returned_mods, int is_user, char** password);
static int is_subject_of_agreement_local(const Slapi_Entry *local_entry,const Repl_Agmt *ra);
+static int is_dn_subject_of_agreement_local(const Slapi_DN *sdn, const Repl_Agmt *ra);
static int windows_create_remote_entry(Private_Repl_Protocol *prp,Slapi_Entry *original_entry, Slapi_DN *remote_sdn, Slapi_Entry **remote_entry, char** password);
static int windows_get_local_entry(const Slapi_DN* local_dn,Slapi_Entry **local_entry);
static int windows_get_local_entry_by_uniqueid(Private_Repl_Protocol *prp,const char* uniqueid,Slapi_Entry **local_entry, int is_global);
@@ -1411,10 +1412,21 @@ windows_replay_update(Private_Repl_Protocol *prp, slapi_operation_parameters *op
op->operation_type = SLAPI_OPERATION_DELETE;
is_ours_force = 1;
} else {
- slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name,
- "%s: windows_replay_update: failed to fetch local entry for %s operation dn=\"%s\"\n",
- agmt_get_long_name(prp->agmt),
- op2string(op->operation_type), op->target_address.dn);
+ /* We only searched within the subtree in the agreement, so we should not print
+ * an error if we didn't find the entry and the DN is outside of the agreement scope. */
+ if (is_dn_subject_of_agreement_local(local_dn, prp->agmt)) {
+ slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name,
+ "%s: windows_replay_update: failed to fetch local entry for %s operation dn=\"%s\"\n",
+ agmt_get_long_name(prp->agmt),
+ op2string(op->operation_type), op->target_address.dn);
+ } else {
+ slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name,
+ "%s: windows_replay_update: Looking at %s operation local dn=\"%s\" (%s)\n",
+ agmt_get_long_name(prp->agmt),
+ op2string(op->operation_type), op->target_address.dn, is_ours ? "ours" : "not ours");
+ }
+ /* Just bail on this change. We don't want to do any
+ * further checks since we don't have a local entry. */
goto error;
}
}
@@ -3725,6 +3737,27 @@ error:
return retval;
}
+/* Tests if a DN is within the scope of our agreement */
+static int
+is_dn_subject_of_agreement_local(const Slapi_DN *sdn, const Repl_Agmt *ra)
+{
+ int retval = 0;
+ const Slapi_DN *agreement_subtree = NULL;
+
+ /* Get the subtree from the agreement */
+ agreement_subtree = windows_private_get_directory_subtree(ra);
+ if (NULL == agreement_subtree)
+ {
+ goto error;
+ }
+
+ /* Check if the DN is within the subtree */
+ retval = slapi_sdn_scope_test(sdn, agreement_subtree, LDAP_SCOPE_SUBTREE);
+
+error:
+ return retval;
+}
+
/* Tests if the entry is subject to our agreement (i.e. is it in the sync'ed subtree in AD and either a user or a group ?) */
static int
is_subject_of_agreement_remote(Slapi_Entry *e, const Repl_Agmt *ra)
13 years, 1 month