ldap/servers
by Noriko Hosoi
ldap/servers/slapd/back-ldbm/ldbm_delete.c | 7 +++++++
1 file changed, 7 insertions(+)
New commits:
commit 98cf4246b6e5c8a99a1e9063eca9aad9560185bd
Author: Ludwig Krispenz <lkrispen(a)redhat.com>
Date: Mon Jun 30 14:15:06 2014 +0200
Ticket #47750 - Creating a glue fails if one above level is a conflict or missing
Description: This commit accidentally removed the code to add entry
back to cache if it was replaced:
Commit: 160cb3f686e433c01532d28770b2977ec957e73e
Ticket #47750 - Creating a glue fails if one above level is a conflict or missing;
Note: This is the cause of Ticket #47830 - usn tombstone entry not properly created
diff --git a/ldap/servers/slapd/back-ldbm/ldbm_delete.c b/ldap/servers/slapd/back-ldbm/ldbm_delete.c
index a365ce5..3c29492 100644
--- a/ldap/servers/slapd/back-ldbm/ldbm_delete.c
+++ b/ldap/servers/slapd/back-ldbm/ldbm_delete.c
@@ -232,6 +232,11 @@ ldbm_back_delete( Slapi_PBlock *pb )
goto error_return;
}
}
+ /* reset original entry in cache */
+ if (!e_in_cache) {
+ CACHE_ADD(&inst->inst_cache, e, NULL);
+ e_in_cache = 1;
+ }
if (ruv_c_init) {
/* reset the ruv txn stuff */
modify_term(&ruv_c, be);
@@ -733,6 +738,8 @@ ldbm_back_delete( Slapi_PBlock *pb )
retval= -1;
DEL_SET_ERROR(ldap_result_code, LDAP_OPERATIONS_ERROR, retry_count);
goto error_return;
+ } else {
+ e_in_cache = 0;
}
} else {
struct backentry *imposter = NULL;
9 years, 9 months
6 commits - ldap/servers
by Noriko Hosoi
ldap/servers/slapd/back-ldbm/dblayer.c | 3 +-
ldap/servers/slapd/ch_malloc.c | 37 +++++++++++++++++++++++++++++++++
ldap/servers/slapd/localhost.c | 3 +-
ldap/servers/slapd/main.c | 13 +++++++++--
ldap/servers/slapd/slapi-plugin.h | 1
ldap/servers/slapd/task.c | 10 +++++---
ldap/servers/slapd/tools/dbscan.c | 14 ++++++++----
ldap/servers/snmp/main.c | 7 ++++--
8 files changed, 73 insertions(+), 15 deletions(-)
New commits:
commit 43c6ff2e7801ff6bbc03961b3161dd60aebf707a
Author: Noriko Hosoi <nhosoi(a)redhat.com>
Date: Tue Jul 1 11:35:37 2014 -0700
Ticket #47835 - Coverity: 12687..12692
12687 - Unbounded source buffer
Description: To solve "Passing string argv[0] of unknown size to
usage, which expects a string of a particular size", get ARG_MAX
and pass it to slapi_ch_strndup.
Reviewed by rmeggins(a)redhat.com (Thanks, Rich!)
https://fedorahosted.org/389/ticket/47835
diff --git a/ldap/servers/slapd/tools/dbscan.c b/ldap/servers/slapd/tools/dbscan.c
index 023fade..bbfcd0e 100644
--- a/ldap/servers/slapd/tools/dbscan.c
+++ b/ldap/servers/slapd/tools/dbscan.c
@@ -1077,16 +1077,17 @@ is_changelog(char *filename)
static void usage(char *argv0)
{
- char *copy = strdup(argv0);
+ long arg_max = sysconf(_SC_ARG_MAX);
+ char *copy = strndup(argv0, arg_max);
char *p0 = NULL, *p1 = NULL;
- if (NULL != copy) {
+ if (copy && (strlen(copy) < arg_max)) {
/* the full path is not needed in the usages */
- p0 = strrchr(argv0, '/');
- if (NULL != p0) {
+ p0 = strrchr(copy, '/');
+ if (p0) {
*p0 = '\0';
p0++;
} else {
- p0 = argv0;
+ p0 = copy;
}
p1 = strrchr(p0, '-'); /* get rid of -bin from the usage */
if (NULL != p1) {
@@ -1124,6 +1125,9 @@ static void usage(char *argv0)
printf(" # display summary of objectclass.db4\n");
printf(" %s -f objectclass.db4\n", p0);
printf("\n");
+ if (copy) {
+ free(copy);
+ }
exit(1);
}
commit 0a546bcb3d4625d6db1dcbb342922b4ddb3bee37
Author: Noriko Hosoi <nhosoi(a)redhat.com>
Date: Tue Jul 1 11:34:58 2014 -0700
Ticket #47835 - Coverity: 12687..12692
12688 - Unbounded source buffer
Description: To solve "Passing string argv[0] of unknown size to
slapi_ch_strdup, which expects a string of a particular size", get
ARG_MAX and pass it to slapi_ch_strndup.
Reviewed by rmeggins(a)redhat.com (Thanks, Rich!)
https://fedorahosted.org/389/ticket/47835
diff --git a/ldap/servers/slapd/main.c b/ldap/servers/slapd/main.c
index d577514..1726e67 100644
--- a/ldap/servers/slapd/main.c
+++ b/ldap/servers/slapd/main.c
@@ -650,6 +650,8 @@ main( int argc, char **argv)
int return_value = 0;
slapdFrontendConfig_t *slapdFrontendConfig = getFrontendConfig();
daemon_ports_t ports_info = {0};
+ long arg_max = 0;
+
#ifndef __LP64__
#if defined(__hpux) && !defined(__ia64)
/* for static constructors */
@@ -722,9 +724,16 @@ main( int argc, char **argv)
#endif /* _WIN32 */
if ( (myname = strrchr( argv[0], '/' )) == NULL ) {
- myname = slapi_ch_strdup( argv[0] );
+ arg_max = sysconf(_SC_ARG_MAX);
+ myname = slapi_ch_strndup( argv[0], arg_max );
} else {
- myname = slapi_ch_strdup( myname + 1 );
+ myname = slapi_ch_strndup( myname + 1, arg_max );
+ }
+ if (strlen(myname) > arg_max) {
+ LDAPDebug(LDAP_DEBUG_ANY,
+ "proc name \"%s\" is longer than the allowed max size: %dB\n",
+ myname, arg_max, 0);
+ exit(1);
}
#if defined( XP_WIN32 )
commit 48f2ea020bca3ee750885a6e5f423fae5e3606ca
Author: Noriko Hosoi <nhosoi(a)redhat.com>
Date: Tue Jul 1 10:52:57 2014 -0700
Ticket #47835 - Coverity: 12687..12692
12689 - Unbounded source buffer
Description: To solve "Passing string getenv("TXN_TEST_INDEXES") of
unknown size to slapi_ch_strdup, which expects a string of a particular
size", set upper limit 4KB to the index list length to duplicate.
Reviewed by rmeggins(a)redhat.com (Thanks, Rich!)
https://fedorahosted.org/389/ticket/47835
diff --git a/ldap/servers/slapd/back-ldbm/dblayer.c b/ldap/servers/slapd/back-ldbm/dblayer.c
index 0fda6d3..9e6c072 100644
--- a/ldap/servers/slapd/back-ldbm/dblayer.c
+++ b/ldap/servers/slapd/back-ldbm/dblayer.c
@@ -4140,6 +4140,7 @@ print_ttilist(txn_test_iter **ttilist, size_t tticnt)
}
#define TXN_TEST_IDX_OK_IF_NULL "nscpEntryDN"
+#define TXN_TEST_MAX_INDEX_LIST_LEN 4096
static void
txn_test_init_cfg(txn_test_cfg *cfg)
@@ -4152,7 +4153,7 @@ txn_test_init_cfg(txn_test_cfg *cfg)
cfg->flags = getenv(TXN_TEST_USE_RMW) ? DB_RMW : 0;
cfg->use_txn = getenv(TXN_TEST_USE_TXN) ? 1 : 0;
if (getenv(TXN_TEST_INDEXES)) {
- indexlist_copy = slapi_ch_strdup(getenv(TXN_TEST_INDEXES));
+ indexlist_copy = slapi_ch_strndup(getenv(TXN_TEST_INDEXES), TXN_TEST_MAX_INDEX_LIST_LEN);
} else {
indexlist_copy = slapi_ch_strdup(indexlist);
}
commit 162604a620ba75f2a5eed3095930a2aaa823a645
Author: Noriko Hosoi <nhosoi(a)redhat.com>
Date: Mon Jun 30 18:22:16 2014 -0700
Ticket #47835 - Coverity: 12687..12692
12690 - Unbounded source buffer
Description: To solve "Passing string hp->h_name of unknown size to
slapi_ch_strdup, which expects a string of a particular size", get
HOST_NAME_MAX and pass it to slapi_ch_strndup, which is added for
passing the maximum size to strndup.
Reviewed by rmeggins(a)redhat.com (Thanks, Rich!)
https://fedorahosted.org/389/ticket/47835
diff --git a/ldap/servers/slapd/ch_malloc.c b/ldap/servers/slapd/ch_malloc.c
index b2afbe0..46aecc0 100644
--- a/ldap/servers/slapd/ch_malloc.c
+++ b/ldap/servers/slapd/ch_malloc.c
@@ -301,6 +301,43 @@ slapi_ch_strdup ( const char* s1)
#endif
return newmem;
}
+
+char*
+slapi_ch_strndup ( const char* s1, size_t n)
+{
+ char* newmem;
+
+ /* strdup pukes on NULL strings...bail out now */
+ if ((NULL == s1) || (0 == n)) {
+ return NULL;
+ }
+ newmem = strndup (s1, n);
+ if (newmem == NULL) {
+ int oserr = errno;
+ oom_occurred();
+
+ slapi_log_error( SLAPI_LOG_FATAL, SLAPD_MODULE,
+ "strdup of %lu characters failed; OS error %d (%s)%s\n",
+ (unsigned long)n, oserr, slapd_system_strerror( oserr ),
+ oom_advice );
+ exit (1);
+ }
+ if(!counters_created)
+ {
+ create_counters();
+ counters_created= 1;
+ }
+ PR_INCREMENT_COUNTER(slapi_ch_counter_strdup);
+ PR_INCREMENT_COUNTER(slapi_ch_counter_created);
+ PR_INCREMENT_COUNTER(slapi_ch_counter_exist);
+#if defined(_WIN32) && defined(DEBUG)
+ if(recording)
+ {
+ add_memory_record(newmem,strlen(s1)+1);
+ }
+#endif
+ return newmem;
+}
#endif /* !MEMPOOL_EXPERIMENTAL */
struct berval*
diff --git a/ldap/servers/slapd/localhost.c b/ldap/servers/slapd/localhost.c
index c946e8d..fc7de23 100644
--- a/ldap/servers/slapd/localhost.c
+++ b/ldap/servers/slapd/localhost.c
@@ -119,8 +119,9 @@ find_localhost_DNS()
return NULL;
}
if (strchr (hp->h_name, '.') != NULL) {
+ long host_name_max = sysconf(_SC_HOST_NAME_MAX);
LDAPDebug (LDAP_DEBUG_CONFIG, "h_name == %s\n", hp->h_name, 0, 0);
- return slapi_ch_strdup (hp->h_name);
+ return slapi_ch_strndup (hp->h_name, host_name_max);
} else if (hp->h_aliases != NULL) {
for (alias = hp->h_aliases; *alias != NULL; ++alias) {
if (strchr (*alias, '.') != NULL &&
diff --git a/ldap/servers/slapd/slapi-plugin.h b/ldap/servers/slapd/slapi-plugin.h
index b83b08a..126200c 100644
--- a/ldap/servers/slapd/slapi-plugin.h
+++ b/ldap/servers/slapd/slapi-plugin.h
@@ -5799,6 +5799,7 @@ char * slapi_ch_malloc( unsigned long size );
char * slapi_ch_realloc( char *block, unsigned long size );
char * slapi_ch_calloc( unsigned long nelem, unsigned long size );
char * slapi_ch_strdup( const char *s );
+char * slapi_ch_strndup( const char *s, size_t size );
void slapi_ch_free( void **ptr );
void slapi_ch_free_string( char **s );
struct berval* slapi_ch_bvdup(const struct berval*);
commit f25c7f1f988783d620171f7b648f946dc6704c81
Author: Noriko Hosoi <nhosoi(a)redhat.com>
Date: Mon Jun 30 18:08:35 2014 -0700
Ticket #47835 - Coverity: 12687..12692
12691 - Unbounded source buffer
Description: To solve "Passing string *argv of unknown size to strdup,
which expects a string of a particular size", get ARG_MAX and pass
it to strndup.
Reviewed by rmeggins(a)redhat.com (Thanks, Rich!)
https://fedorahosted.org/389/ticket/47835
diff --git a/ldap/servers/snmp/main.c b/ldap/servers/snmp/main.c
index 0373877..fd06dd4 100644
--- a/ldap/servers/snmp/main.c
+++ b/ldap/servers/snmp/main.c
@@ -75,6 +75,7 @@ main (int argc, char *argv[]) {
struct stat logdir_s;
pid_t child_pid;
FILE *pid_fp;
+ long arg_max = 0;
/* Load options */
while ((--argc > 0) && ((*++argv)[0] == '-')) {
@@ -90,11 +91,13 @@ main (int argc, char *argv[]) {
}
}
- if (argc != 1)
+ if ((argc != 1) || (NULL == *argv)) {
exit_usage();
+ }
/* load config file */
- if ((config_file = strdup(*argv)) == NULL) {
+ arg_max = sysconf(_SC_ARG_MAX);
+ if ((config_file = strndup(*argv, arg_max)) == NULL) {
printf("ldap-agent: Memory error loading config file\n");
exit(1);
}
commit 8dc3806d75b6e3d4722047e230db68ac20ab3e69
Author: Noriko Hosoi <nhosoi(a)redhat.com>
Date: Mon Jun 30 16:21:52 2014 -0700
Ticket #47835 - Coverity: 12687..12692
12692 - Use of untrusted string value
Description: lines read from the sysconfig reload task's attribute
sysconfigfile (e.g., /etc/sysconfig/dirsrv-localhost) could be tainted.
Check the end of the line more rigorously, and eliminate a chance to
overflow env_var and env_value by copying the characters from read
line.
Reviewed by rmeggins(a)redhat.com (Thanks, Rich!)
https://fedorahosted.org/389/ticket/47835
diff --git a/ldap/servers/slapd/task.c b/ldap/servers/slapd/task.c
index 6340db8..1243492 100644
--- a/ldap/servers/slapd/task.c
+++ b/ldap/servers/slapd/task.c
@@ -1949,6 +1949,8 @@ task_sysconfig_reload_add(Slapi_PBlock *pb, Slapi_Entry *e, Slapi_Entry *eAfter,
if ( file != NULL ){
char line[4096];
char *s = NULL;
+ /* fgets() reads in at most one less than size characters */
+ char *end_of_line = line + sizeof(line) - 1;
if(logchanges){
LDAPDebug(LDAP_DEBUG_ANY, "sysconfig reload task: processing file (%s)\n",
@@ -1960,8 +1962,8 @@ task_sysconfig_reload_add(Slapi_PBlock *pb, Slapi_Entry *e, Slapi_Entry *eAfter,
/* skip comments */
continue;
} else {
- char env_value[4096];
- char env_var[4096];
+ char env_value[sizeof(line)];
+ char env_var[sizeof(line)];
int using_setenv = 0;
int value_index = 0;
int start_value = 0;
@@ -1997,7 +1999,7 @@ task_sysconfig_reload_add(Slapi_PBlock *pb, Slapi_Entry *e, Slapi_Entry *eAfter,
using_setenv = 1;
}
if(strncmp(s, "export ", 7) == 0){
- /* strip off "export " */
+ /* strip off "export " */
s = s + 7;
} else if(strncmp(s, "set ", 4) == 0){
/* strip off "set " */
@@ -2021,7 +2023,7 @@ task_sysconfig_reload_add(Slapi_PBlock *pb, Slapi_Entry *e, Slapi_Entry *eAfter,
/*
* Start parsing the names and values
*/
- for (; s && *s; s++){
+ for (; s && (s < end_of_line) && *s; s++){
/*
* If using "setenv", allow the first space/tab only, and start on the env value
*/
9 years, 9 months
Branch '389-ds-base-1.3.1' - ldap/servers
by Noriko Hosoi
ldap/servers/plugins/posix-winsync/posix-winsync.c | 85 ++++++++++++++++++---
1 file changed, 74 insertions(+), 11 deletions(-)
New commits:
commit 0dd319278267d6fd23d1af1c3cae81856190a914
Author: Noriko Hosoi <nhosoi(a)redhat.com>
Date: Wed Jun 11 14:27:23 2014 -0700
Ticket #47763 - winsync plugin modify is broken
Description: Thanks to Carsten Grzemba for the patch. Made minimum
changes such as replacing the direct access to the bv_len in Slapi_Value
with slapi_value_get_length.
Note: Regarding attr_compare_equal, since there is no strong reason
to switch to this new attr_compare_equal, we continue using the original
code. The newly provided code is in "#if 0".
https://fedorahosted.org/389/ticket/47763
Reviewed by rmeggins(a)redhat.com (Thanks, Rich!)
(cherry picked from commit b6b7199470671315d693ddec8db7c4ffbc4a1ee8)
(cherry picked from commit 7666910670755bab0453d146ff87014833c58c4e)
diff --git a/ldap/servers/plugins/posix-winsync/posix-winsync.c b/ldap/servers/plugins/posix-winsync/posix-winsync.c
index ff092b3..ac88fda 100644
--- a/ldap/servers/plugins/posix-winsync/posix-winsync.c
+++ b/ldap/servers/plugins/posix-winsync/posix-winsync.c
@@ -136,7 +136,7 @@ enum
* -1 - some sort of error
*/
static int
-check_account_lock(Slapi_Entry *ds_entry, int *isvirt)
+_check_account_lock(Slapi_Entry *ds_entry, int *isvirt)
{
int rc = 1;
Slapi_ValueSet *values = NULL;
@@ -155,7 +155,7 @@ check_account_lock(Slapi_Entry *ds_entry, int *isvirt)
}
slapi_ch_free_string(&strval);
slapi_log_error(SLAPI_LOG_PLUGIN, posix_winsync_plugin_name,
- "<-- check_account_lock - entry [%s] has real "
+ "<-- _check_account_lock - entry [%s] has real "
"attribute nsAccountLock and entry %s locked\n",
slapi_entry_get_dn_const(ds_entry), rc ? "is not" : "is");
return rc;
@@ -182,13 +182,13 @@ check_account_lock(Slapi_Entry *ds_entry, int *isvirt)
slapi_vattr_values_free(&values, &actual_type_name, attr_free_flags);
}
slapi_log_error(SLAPI_LOG_PLUGIN, posix_winsync_plugin_name,
- "<-- check_account_lock - entry [%s] has virtual "
+ "<-- _check_account_lock - entry [%s] has virtual "
"attribute nsAccountLock and entry %s locked\n",
slapi_entry_get_dn_const(ds_entry), rc ? "is not" : "is");
} else {
rc = 1; /* no attr == entry is enabled */
slapi_log_error(SLAPI_LOG_PLUGIN, posix_winsync_plugin_name,
- "<-- check_account_lock - entry [%s] does not "
+ "<-- _check_account_lock - entry [%s] does not "
"have attribute nsAccountLock - entry is not locked\n",
slapi_entry_get_dn_const(ds_entry));
}
@@ -225,7 +225,7 @@ sync_acct_disable(void *cbdata, /* the usual domain config data */
int isvirt = 0;
/* get the account lock state of the ds entry */
- if (0 == check_account_lock(ds_entry, &isvirt)) {
+ if (0 == _check_account_lock(ds_entry, &isvirt)) {
ds_is_enabled = 0;
}
if (isvirt)
@@ -372,6 +372,54 @@ sync_acct_disable(void *cbdata, /* the usual domain config data */
return;
}
+#if 0
+/*
+ * attr_compare_equal provided in
+ * https://fedorahosted.org/389/attachment/ticket/47763/0025-posix-winsync.r...
+ * Since there is no strong reason to switch to this new attr_compare_equal,
+ * continue using the original code.
+ */
+/*
+ * Compare the first value of attr a and b.
+ *
+ * If the sizes of each value are equal AND the first values match, return TRUE.
+ * Otherwise, return FALSE.
+ *
+ * NOTE: For now only handle single values
+ */
+static int
+attr_compare_equal(Slapi_Attr *a, Slapi_Attr *b)
+{
+ /* For now only handle single values */
+ Slapi_Value *va = NULL;
+ Slapi_Value *vb = NULL;
+ int num_a = 0;
+ int num_b = 0;
+ int match = 1;
+
+ slapi_attr_get_numvalues(a, &num_a);
+ slapi_attr_get_numvalues(b, &num_b);
+
+ if (num_a == num_b) {
+ slapi_attr_first_value(a, &va);
+ slapi_attr_first_value(b, &vb);
+
+ /* If either val is less than n, then check if the length, then values are
+ * equal. If both are n or greater, then only compare the first n chars.
+ * If n is 0, then just compare the entire attribute. */
+ if (slapi_value_get_length(va) == slapi_value_get_length(vb)) {
+ if (slapi_attr_value_find(b, slapi_value_get_berval(va)) != 0) {
+ match = 0;
+ }
+ } else {
+ match = 0;
+ }
+ } else {
+ match = 0;
+ }
+ return match;
+}
+#else /* Original code */
/* Returns non-zero if the attribute value sets are identical. */
static int
attr_compare_equal(Slapi_Attr *a, Slapi_Attr *b)
@@ -389,6 +437,7 @@ attr_compare_equal(Slapi_Attr *a, Slapi_Attr *b)
}
return 1;
}
+#endif
static int
addNisDomainName(Slapi_Mod *smod, const Slapi_Entry *ds_entry)
@@ -759,6 +808,16 @@ posix_winsync_pre_ds_mod_user_cb(void *cbdata, const Slapi_Entry *rawentry, Slap
windows_attribute_map *attr_map = user_attribute_map;
PRBool posixval = PR_TRUE;
+ slapi_log_error(SLAPI_LOG_PLUGIN, posix_winsync_plugin_name,
+ "--> _pre_ds_mod_user_cb -- begin\n");
+
+ if ((NULL == ad_entry) || (NULL == ds_entry)) {
+ slapi_log_error(SLAPI_LOG_PLUGIN, posix_winsync_plugin_name,
+ "<-- _pre_ds_mod_user_cb -- Empty %s entry.\n",
+ (NULL==ad_entry)?"ad entry":"ds entry");
+ return;
+ }
+
if (posix_winsync_config_get_msSFUSchema())
attr_map = user_mssfu_attribute_map;
@@ -876,7 +935,7 @@ posix_winsync_pre_ds_mod_user_cb(void *cbdata, const Slapi_Entry *rawentry, Slap
}
slapi_value_free(&voc);
}
- sync_acct_disable(cbdata, rawentry, ds_entry, ACCT_DISABLE_TO_DS, NULL, smods, do_modify);
+ sync_acct_disable(cbdata, ad_entry, ds_entry, ACCT_DISABLE_TO_DS, NULL, smods, do_modify);
slapi_log_error(SLAPI_LOG_PLUGIN, posix_winsync_plugin_name, "<-- _pre_ds_mod_user_cb %s %s\n",
slapi_sdn_get_dn(slapi_entry_get_sdn_const(ds_entry)), (do_modify) ? "modified"
: "not modified");
@@ -922,14 +981,16 @@ posix_winsync_pre_ds_mod_group_cb(void *cbdata, const Slapi_Entry *rawentry, Sla
Slapi_Attr *local_attr = NULL;
char *local_type = NULL;
- slapi_log_error(SLAPI_LOG_PLUGIN, posix_winsync_plugin_name, "1.\n");
+ slapi_log_error(SLAPI_LOG_PLUGIN, posix_winsync_plugin_name,
+ "_pre_ds_mod_group_cb -- found AD attr %s\n", type);
slapi_attr_get_valueset(attr, &vs);
local_type = slapi_ch_strdup(attr_map[i].ldap_attribute_name);
slapi_entry_attr_find(ds_entry, local_type, &local_attr);
is_present_local = (NULL == local_attr) ? 0 : 1;
if (is_present_local) {
int values_equal = 0;
- slapi_log_error(SLAPI_LOG_PLUGIN, posix_winsync_plugin_name, "2.\n");
+ slapi_log_error(SLAPI_LOG_PLUGIN, posix_winsync_plugin_name,
+ "_pre_ds_mod_group_cb -- compare with DS attr %s\n", local_type);
values_equal = attr_compare_equal(attr, local_attr);
if (!values_equal) {
slapi_log_error(SLAPI_LOG_PLUGIN, posix_winsync_plugin_name,
@@ -942,13 +1003,15 @@ posix_winsync_pre_ds_mod_group_cb(void *cbdata, const Slapi_Entry *rawentry, Sla
*do_modify = 1;
}
} else {
- slapi_log_error(SLAPI_LOG_PLUGIN, posix_winsync_plugin_name, "3.\n");
+ slapi_log_error(SLAPI_LOG_PLUGIN, posix_winsync_plugin_name,
+ "_pre_ds_mod_group_cb -- add attr\n");
slapi_mods_add_mod_values(smods, LDAP_MOD_ADD, local_type,
valueset_get_valuearray(vs));
*do_modify = do_modify_local = 1;
}
- slapi_log_error(SLAPI_LOG_PLUGIN, posix_winsync_plugin_name, "4.\n");
+ slapi_log_error(SLAPI_LOG_PLUGIN, posix_winsync_plugin_name,
+ "_pre_ds_mod_group_cb -- values compared\n");
slapi_ch_free((void**) &local_type);
slapi_valueset_free(vs);
@@ -1087,7 +1150,7 @@ posix_winsync_pre_ds_add_user_cb(void *cbdata, const Slapi_Entry *rawentry, Slap
}
}
}
- sync_acct_disable(cbdata, rawentry, ds_entry, ACCT_DISABLE_TO_DS, ds_entry, NULL, NULL);
+ sync_acct_disable(cbdata, ad_entry, ds_entry, ACCT_DISABLE_TO_DS, ds_entry, NULL, NULL);
slapi_log_error(SLAPI_LOG_PLUGIN, posix_winsync_plugin_name, "<-- _pre_ds_add_user_cb -- end\n");
return;
9 years, 9 months
Branch '389-ds-base-1.3.2' - ldap/servers
by Noriko Hosoi
ldap/servers/plugins/posix-winsync/posix-winsync.c | 79 +++++++++++++++++----
1 file changed, 66 insertions(+), 13 deletions(-)
New commits:
commit 7666910670755bab0453d146ff87014833c58c4e
Author: Noriko Hosoi <nhosoi(a)redhat.com>
Date: Wed Jun 11 14:27:23 2014 -0700
Ticket #47763 - winsync plugin modify is broken
Description: Thanks to Carsten Grzemba for the patch. Made minimum
changes such as replacing the direct access to the bv_len in Slapi_Value
with slapi_value_get_length.
Note: Regarding attr_compare_equal, since there is no strong reason
to switch to this new attr_compare_equal, we continue using the original
code. The newly provided code is in "#if 0".
https://fedorahosted.org/389/ticket/47763
Reviewed by rmeggins(a)redhat.com (Thanks, Rich!)
(cherry picked from commit b6b7199470671315d693ddec8db7c4ffbc4a1ee8)
diff --git a/ldap/servers/plugins/posix-winsync/posix-winsync.c b/ldap/servers/plugins/posix-winsync/posix-winsync.c
index 129bdac..642ff95 100644
--- a/ldap/servers/plugins/posix-winsync/posix-winsync.c
+++ b/ldap/servers/plugins/posix-winsync/posix-winsync.c
@@ -136,7 +136,7 @@ enum
* -1 - some sort of error
*/
static int
-check_account_lock(Slapi_Entry *ds_entry, int *isvirt)
+_check_account_lock(Slapi_Entry *ds_entry, int *isvirt)
{
int rc = 1;
Slapi_ValueSet *values = NULL;
@@ -155,7 +155,7 @@ check_account_lock(Slapi_Entry *ds_entry, int *isvirt)
}
slapi_ch_free_string(&strval);
slapi_log_error(SLAPI_LOG_PLUGIN, posix_winsync_plugin_name,
- "<-- check_account_lock - entry [%s] has real "
+ "<-- _check_account_lock - entry [%s] has real "
"attribute nsAccountLock and entry %s locked\n",
slapi_entry_get_dn_const(ds_entry), rc ? "is not" : "is");
return rc;
@@ -182,13 +182,13 @@ check_account_lock(Slapi_Entry *ds_entry, int *isvirt)
slapi_vattr_values_free(&values, &actual_type_name, attr_free_flags);
}
slapi_log_error(SLAPI_LOG_PLUGIN, posix_winsync_plugin_name,
- "<-- check_account_lock - entry [%s] has virtual "
+ "<-- _check_account_lock - entry [%s] has virtual "
"attribute nsAccountLock and entry %s locked\n",
slapi_entry_get_dn_const(ds_entry), rc ? "is not" : "is");
} else {
rc = 1; /* no attr == entry is enabled */
slapi_log_error(SLAPI_LOG_PLUGIN, posix_winsync_plugin_name,
- "<-- check_account_lock - entry [%s] does not "
+ "<-- _check_account_lock - entry [%s] does not "
"have attribute nsAccountLock - entry is not locked\n",
slapi_entry_get_dn_const(ds_entry));
}
@@ -225,7 +225,7 @@ sync_acct_disable(void *cbdata, /* the usual domain config data */
int isvirt = 0;
/* get the account lock state of the ds entry */
- if (0 == check_account_lock(ds_entry, &isvirt)) {
+ if (0 == _check_account_lock(ds_entry, &isvirt)) {
ds_is_enabled = 0;
}
if (isvirt)
@@ -372,6 +372,54 @@ sync_acct_disable(void *cbdata, /* the usual domain config data */
return;
}
+#if 0
+/*
+ * attr_compare_equal provided in
+ * https://fedorahosted.org/389/attachment/ticket/47763/0025-posix-winsync.r...
+ * Since there is no strong reason to switch to this new attr_compare_equal,
+ * continue using the original code.
+ */
+/*
+ * Compare the first value of attr a and b.
+ *
+ * If the sizes of each value are equal AND the first values match, return TRUE.
+ * Otherwise, return FALSE.
+ *
+ * NOTE: For now only handle single values
+ */
+static int
+attr_compare_equal(Slapi_Attr *a, Slapi_Attr *b)
+{
+ /* For now only handle single values */
+ Slapi_Value *va = NULL;
+ Slapi_Value *vb = NULL;
+ int num_a = 0;
+ int num_b = 0;
+ int match = 1;
+
+ slapi_attr_get_numvalues(a, &num_a);
+ slapi_attr_get_numvalues(b, &num_b);
+
+ if (num_a == num_b) {
+ slapi_attr_first_value(a, &va);
+ slapi_attr_first_value(b, &vb);
+
+ /* If either val is less than n, then check if the length, then values are
+ * equal. If both are n or greater, then only compare the first n chars.
+ * If n is 0, then just compare the entire attribute. */
+ if (slapi_value_get_length(va) == slapi_value_get_length(vb)) {
+ if (slapi_attr_value_find(b, slapi_value_get_berval(va)) != 0) {
+ match = 0;
+ }
+ } else {
+ match = 0;
+ }
+ } else {
+ match = 0;
+ }
+ return match;
+}
+#else /* Original code */
/* Returns non-zero if the attribute value sets are identical. */
static int
attr_compare_equal(Slapi_Attr *a, Slapi_Attr *b)
@@ -389,6 +437,7 @@ attr_compare_equal(Slapi_Attr *a, Slapi_Attr *b)
}
return 1;
}
+#endif
/* look in the parent nodes of ds_entry for nis domain entry */
char *
@@ -777,10 +826,10 @@ posix_winsync_pre_ds_mod_user_cb(void *cbdata, const Slapi_Entry *rawentry, Slap
slapi_log_error(SLAPI_LOG_PLUGIN, posix_winsync_plugin_name,
"--> _pre_ds_mod_user_cb -- begin\n");
- if ((NULL == rawentry) || (NULL == ad_entry) || (NULL == ds_entry)) {
+ if ((NULL == ad_entry) || (NULL == ds_entry)) {
slapi_log_error(SLAPI_LOG_PLUGIN, posix_winsync_plugin_name,
"<-- _pre_ds_mod_user_cb -- Empty %s entry.\n",
- (NULL==rawentry)?"rawentry":(NULL==ad_entry)?"ad entry":"ds entry");
+ (NULL==ad_entry)?"ad entry":"ds entry");
return;
}
@@ -898,7 +947,7 @@ posix_winsync_pre_ds_mod_user_cb(void *cbdata, const Slapi_Entry *rawentry, Slap
}
slapi_value_free(&voc);
}
- sync_acct_disable(cbdata, rawentry, ds_entry, ACCT_DISABLE_TO_DS, NULL, smods, do_modify);
+ sync_acct_disable(cbdata, ad_entry, ds_entry, ACCT_DISABLE_TO_DS, NULL, smods, do_modify);
slapi_log_error(SLAPI_LOG_PLUGIN, posix_winsync_plugin_name, "<-- _pre_ds_mod_user_cb %s %s\n",
slapi_sdn_get_dn(slapi_entry_get_sdn_const(ds_entry)), (do_modify) ? "modified"
: "not modified");
@@ -944,14 +993,16 @@ posix_winsync_pre_ds_mod_group_cb(void *cbdata, const Slapi_Entry *rawentry, Sla
Slapi_Attr *local_attr = NULL;
char *local_type = NULL;
- slapi_log_error(SLAPI_LOG_PLUGIN, posix_winsync_plugin_name, "1.\n");
+ slapi_log_error(SLAPI_LOG_PLUGIN, posix_winsync_plugin_name,
+ "_pre_ds_mod_group_cb -- found AD attr %s\n", type);
slapi_attr_get_valueset(attr, &vs);
local_type = slapi_ch_strdup(attr_map[i].ldap_attribute_name);
slapi_entry_attr_find(ds_entry, local_type, &local_attr);
is_present_local = (NULL == local_attr) ? 0 : 1;
if (is_present_local) {
int values_equal = 0;
- slapi_log_error(SLAPI_LOG_PLUGIN, posix_winsync_plugin_name, "2.\n");
+ slapi_log_error(SLAPI_LOG_PLUGIN, posix_winsync_plugin_name,
+ "_pre_ds_mod_group_cb -- compare with DS attr %s\n", local_type);
values_equal = attr_compare_equal(attr, local_attr);
if (!values_equal) {
slapi_log_error(SLAPI_LOG_PLUGIN, posix_winsync_plugin_name,
@@ -964,13 +1015,15 @@ posix_winsync_pre_ds_mod_group_cb(void *cbdata, const Slapi_Entry *rawentry, Sla
*do_modify = 1;
}
} else {
- slapi_log_error(SLAPI_LOG_PLUGIN, posix_winsync_plugin_name, "3.\n");
+ slapi_log_error(SLAPI_LOG_PLUGIN, posix_winsync_plugin_name,
+ "_pre_ds_mod_group_cb -- add attr\n");
slapi_mods_add_mod_values(smods, LDAP_MOD_ADD, local_type,
valueset_get_valuearray(vs));
*do_modify = do_modify_local = 1;
}
- slapi_log_error(SLAPI_LOG_PLUGIN, posix_winsync_plugin_name, "4.\n");
+ slapi_log_error(SLAPI_LOG_PLUGIN, posix_winsync_plugin_name,
+ "_pre_ds_mod_group_cb -- values compared\n");
slapi_ch_free((void**) &local_type);
slapi_valueset_free(vs);
@@ -1109,7 +1162,7 @@ posix_winsync_pre_ds_add_user_cb(void *cbdata, const Slapi_Entry *rawentry, Slap
}
}
}
- sync_acct_disable(cbdata, rawentry, ds_entry, ACCT_DISABLE_TO_DS, ds_entry, NULL, NULL);
+ sync_acct_disable(cbdata, ad_entry, ds_entry, ACCT_DISABLE_TO_DS, ds_entry, NULL, NULL);
slapi_log_error(SLAPI_LOG_PLUGIN, posix_winsync_plugin_name, "<-- _pre_ds_add_user_cb -- end\n");
return;
9 years, 9 months
ldap/servers
by Noriko Hosoi
ldap/servers/plugins/posix-winsync/posix-winsync.c | 79 +++++++++++++++++----
1 file changed, 66 insertions(+), 13 deletions(-)
New commits:
commit b6b7199470671315d693ddec8db7c4ffbc4a1ee8
Author: Noriko Hosoi <nhosoi(a)redhat.com>
Date: Wed Jun 11 14:27:23 2014 -0700
Ticket #47763 - winsync plugin modify is broken
Description: Thanks to Carsten Grzemba for the patch. Made minimum
changes such as replacing the direct access to the bv_len in Slapi_Value
with slapi_value_get_length.
Note: Regarding attr_compare_equal, since there is no strong reason
to switch to this new attr_compare_equal, we continue using the original
code. The newly provided code is in "#if 0".
https://fedorahosted.org/389/ticket/47763
Reviewed by rmeggins(a)redhat.com (Thanks, Rich!)
diff --git a/ldap/servers/plugins/posix-winsync/posix-winsync.c b/ldap/servers/plugins/posix-winsync/posix-winsync.c
index 58b6cd8..d43e76d 100644
--- a/ldap/servers/plugins/posix-winsync/posix-winsync.c
+++ b/ldap/servers/plugins/posix-winsync/posix-winsync.c
@@ -143,7 +143,7 @@ enum
* -1 - some sort of error
*/
static int
-check_account_lock(Slapi_Entry *ds_entry, int *isvirt)
+_check_account_lock(Slapi_Entry *ds_entry, int *isvirt)
{
int rc = 1;
Slapi_ValueSet *values = NULL;
@@ -162,7 +162,7 @@ check_account_lock(Slapi_Entry *ds_entry, int *isvirt)
}
slapi_ch_free_string(&strval);
slapi_log_error(SLAPI_LOG_PLUGIN, posix_winsync_plugin_name,
- "<-- check_account_lock - entry [%s] has real "
+ "<-- _check_account_lock - entry [%s] has real "
"attribute nsAccountLock and entry %s locked\n",
slapi_entry_get_dn_const(ds_entry), rc ? "is not" : "is");
return rc;
@@ -189,13 +189,13 @@ check_account_lock(Slapi_Entry *ds_entry, int *isvirt)
slapi_vattr_values_free(&values, &actual_type_name, attr_free_flags);
}
slapi_log_error(SLAPI_LOG_PLUGIN, posix_winsync_plugin_name,
- "<-- check_account_lock - entry [%s] has virtual "
+ "<-- _check_account_lock - entry [%s] has virtual "
"attribute nsAccountLock and entry %s locked\n",
slapi_entry_get_dn_const(ds_entry), rc ? "is not" : "is");
} else {
rc = 1; /* no attr == entry is enabled */
slapi_log_error(SLAPI_LOG_PLUGIN, posix_winsync_plugin_name,
- "<-- check_account_lock - entry [%s] does not "
+ "<-- _check_account_lock - entry [%s] does not "
"have attribute nsAccountLock - entry is not locked\n",
slapi_entry_get_dn_const(ds_entry));
}
@@ -232,7 +232,7 @@ sync_acct_disable(void *cbdata, /* the usual domain config data */
int isvirt = 0;
/* get the account lock state of the ds entry */
- if (0 == check_account_lock(ds_entry, &isvirt)) {
+ if (0 == _check_account_lock(ds_entry, &isvirt)) {
ds_is_enabled = 0;
}
if (isvirt)
@@ -379,6 +379,54 @@ sync_acct_disable(void *cbdata, /* the usual domain config data */
return;
}
+#if 0
+/*
+ * attr_compare_equal provided in
+ * https://fedorahosted.org/389/attachment/ticket/47763/0025-posix-winsync.r...
+ * Since there is no strong reason to switch to this new attr_compare_equal,
+ * continue using the original code.
+ */
+/*
+ * Compare the first value of attr a and b.
+ *
+ * If the sizes of each value are equal AND the first values match, return TRUE.
+ * Otherwise, return FALSE.
+ *
+ * NOTE: For now only handle single values
+ */
+static int
+attr_compare_equal(Slapi_Attr *a, Slapi_Attr *b)
+{
+ /* For now only handle single values */
+ Slapi_Value *va = NULL;
+ Slapi_Value *vb = NULL;
+ int num_a = 0;
+ int num_b = 0;
+ int match = 1;
+
+ slapi_attr_get_numvalues(a, &num_a);
+ slapi_attr_get_numvalues(b, &num_b);
+
+ if (num_a == num_b) {
+ slapi_attr_first_value(a, &va);
+ slapi_attr_first_value(b, &vb);
+
+ /* If either val is less than n, then check if the length, then values are
+ * equal. If both are n or greater, then only compare the first n chars.
+ * If n is 0, then just compare the entire attribute. */
+ if (slapi_value_get_length(va) == slapi_value_get_length(vb)) {
+ if (slapi_attr_value_find(b, slapi_value_get_berval(va)) != 0) {
+ match = 0;
+ }
+ } else {
+ match = 0;
+ }
+ } else {
+ match = 0;
+ }
+ return match;
+}
+#else /* Original code */
/* Returns non-zero if the attribute value sets are identical. */
static int
attr_compare_equal(Slapi_Attr *a, Slapi_Attr *b)
@@ -396,6 +444,7 @@ attr_compare_equal(Slapi_Attr *a, Slapi_Attr *b)
}
return 1;
}
+#endif
/* look in the parent nodes of ds_entry for nis domain entry */
char *
@@ -804,10 +853,10 @@ posix_winsync_pre_ds_mod_user_cb(void *cbdata, const Slapi_Entry *rawentry, Slap
slapi_log_error(SLAPI_LOG_PLUGIN, posix_winsync_plugin_name,
"--> _pre_ds_mod_user_cb -- begin\n");
- if ((NULL == rawentry) || (NULL == ad_entry) || (NULL == ds_entry)) {
+ if ((NULL == ad_entry) || (NULL == ds_entry)) {
slapi_log_error(SLAPI_LOG_PLUGIN, posix_winsync_plugin_name,
"<-- _pre_ds_mod_user_cb -- Empty %s entry.\n",
- (NULL==rawentry)?"rawentry":(NULL==ad_entry)?"ad entry":"ds entry");
+ (NULL==ad_entry)?"ad entry":"ds entry");
plugin_op_finished();
return;
}
@@ -926,7 +975,7 @@ posix_winsync_pre_ds_mod_user_cb(void *cbdata, const Slapi_Entry *rawentry, Slap
}
slapi_value_free(&voc);
}
- sync_acct_disable(cbdata, rawentry, ds_entry, ACCT_DISABLE_TO_DS, NULL, smods, do_modify);
+ sync_acct_disable(cbdata, ad_entry, ds_entry, ACCT_DISABLE_TO_DS, NULL, smods, do_modify);
slapi_log_error(SLAPI_LOG_PLUGIN, posix_winsync_plugin_name, "<-- _pre_ds_mod_user_cb %s %s\n",
slapi_sdn_get_dn(slapi_entry_get_sdn_const(ds_entry)), (do_modify) ? "modified"
: "not modified");
@@ -978,14 +1027,16 @@ posix_winsync_pre_ds_mod_group_cb(void *cbdata, const Slapi_Entry *rawentry, Sla
Slapi_Attr *local_attr = NULL;
char *local_type = NULL;
- slapi_log_error(SLAPI_LOG_PLUGIN, posix_winsync_plugin_name, "1.\n");
+ slapi_log_error(SLAPI_LOG_PLUGIN, posix_winsync_plugin_name,
+ "_pre_ds_mod_group_cb -- found AD attr %s\n", type);
slapi_attr_get_valueset(attr, &vs);
local_type = slapi_ch_strdup(attr_map[i].ldap_attribute_name);
slapi_entry_attr_find(ds_entry, local_type, &local_attr);
is_present_local = (NULL == local_attr) ? 0 : 1;
if (is_present_local) {
int values_equal = 0;
- slapi_log_error(SLAPI_LOG_PLUGIN, posix_winsync_plugin_name, "2.\n");
+ slapi_log_error(SLAPI_LOG_PLUGIN, posix_winsync_plugin_name,
+ "_pre_ds_mod_group_cb -- compare with DS attr %s\n", local_type);
values_equal = attr_compare_equal(attr, local_attr);
if (!values_equal) {
slapi_log_error(SLAPI_LOG_PLUGIN, posix_winsync_plugin_name,
@@ -998,13 +1049,15 @@ posix_winsync_pre_ds_mod_group_cb(void *cbdata, const Slapi_Entry *rawentry, Sla
*do_modify = 1;
}
} else {
- slapi_log_error(SLAPI_LOG_PLUGIN, posix_winsync_plugin_name, "3.\n");
+ slapi_log_error(SLAPI_LOG_PLUGIN, posix_winsync_plugin_name,
+ "_pre_ds_mod_group_cb -- add attr\n");
slapi_mods_add_mod_values(smods, LDAP_MOD_ADD, local_type,
valueset_get_valuearray(vs));
*do_modify = do_modify_local = 1;
}
- slapi_log_error(SLAPI_LOG_PLUGIN, posix_winsync_plugin_name, "4.\n");
+ slapi_log_error(SLAPI_LOG_PLUGIN, posix_winsync_plugin_name,
+ "_pre_ds_mod_group_cb -- values compared\n");
slapi_ch_free((void**) &local_type);
slapi_valueset_free(vs);
@@ -1150,7 +1203,7 @@ posix_winsync_pre_ds_add_user_cb(void *cbdata, const Slapi_Entry *rawentry, Slap
}
}
}
- sync_acct_disable(cbdata, rawentry, ds_entry, ACCT_DISABLE_TO_DS, ds_entry, NULL, NULL);
+ sync_acct_disable(cbdata, ad_entry, ds_entry, ACCT_DISABLE_TO_DS, ds_entry, NULL, NULL);
plugin_op_finished();
slapi_log_error(SLAPI_LOG_PLUGIN, posix_winsync_plugin_name, "<-- _pre_ds_add_user_cb -- end\n");
9 years, 9 months