From fedora-directory-commits at redhat.com Wed Mar 1 14:55:04 2006
From: fedora-directory-commits at redhat.com (Richard Allen Megginson (rmeggins))
Date: Wed, 1 Mar 2006 09:55:04 -0500
Subject: [Fedora-directory-commits] adminserver/admserv/cfgstuff
admserv-conf-tmpl.patch, NONE, 1.1
Message-ID: <200603011455.k21Et495016200@cvs-int.fedora.redhat.com>
Author: rmeggins
Update of /cvs/dirsec/adminserver/admserv/cfgstuff
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv16178
Added Files:
admserv-conf-tmpl.patch
Log Message:
patch file for upgrading from 1.0.1 - fixes the use of admpw for basic auth
admserv-conf-tmpl.patch:
--- NEW FILE admserv-conf-tmpl.patch ---
--- shared/config/template/admserv.conf.tmpl 23 Feb 2006 01:12:11 -0000 1.13
+++ shared/config/template/admserv.conf.tmpl 28 Feb 2006 22:29:39 -0000 1.14
@@ -146,17 +146,17 @@
Order allow,deny
Allow from all
# Handle Stop, Start, Restart, Instance Creation - invoke mod_restartd
# need to add instance creation because you may want to create an instance
# of DS on a low port, and instance creation starts the instance as well
- AuthUserFile /home/rich/72srv/admin-serv/config/admpw
+ AuthUserFile %%%sroot%%%/admin-serv/config/admpw
AuthType basic
AuthName "Admin Server"
Require valid-user
## turn off the password pipe when using mod_restartd
AdminSDK off
Options +ExecCGI
RetainPerms on
Order allow,deny
From fedora-directory-commits at redhat.com Wed Mar 1 14:57:12 2006
From: fedora-directory-commits at redhat.com (Richard Allen Megginson (rmeggins))
Date: Wed, 1 Mar 2006 09:57:12 -0500
Subject: [Fedora-directory-commits] adminserver/admserv pkgadmin.mk, 1.40,
1.41
Message-ID: <200603011457.k21EvCua016246@cvs-int.fedora.redhat.com>
Author: rmeggins
Update of /cvs/dirsec/adminserver/admserv
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv16229
Modified Files:
pkgadmin.mk
Log Message:
added patch file for upgrading from 1.0.1 - fixes the use of admpw for basic auth
Index: pkgadmin.mk
===================================================================
RCS file: /cvs/dirsec/adminserver/admserv/pkgadmin.mk,v
retrieving revision 1.40
retrieving revision 1.41
diff -u -r1.40 -r1.41
--- pkgadmin.mk 23 Feb 2006 04:05:13 -0000 1.40
+++ pkgadmin.mk 1 Mar 2006 14:57:04 -0000 1.41
@@ -296,6 +296,8 @@
cp -p $(BUILD_ROOT)/admserv/cfgstuff/adminserver-httpd-moduleorder.patch $(ADMIN_DIR)/setup
# The patch file that fixes console ld libpath
cp -p $(BUILD_ROOT)/admserv/cfgstuff/console-ld-libpath.patch $(ADMIN_DIR)/setup
+# The patch file that fixes the use of admpw for basic auth
+ cp -p $(BUILD_ROOT)/admserv/cfgstuff/admserv-conf-tmpl.patch $(ADMIN_DIR)/setup
cp -p $(BUILD_ROOT)/admserv/newinst/common/config/not_installed.html $(ADMIN_DIR)/clients
From fedora-directory-commits at redhat.com Wed Mar 1 14:58:35 2006
From: fedora-directory-commits at redhat.com (Richard Allen Megginson (rmeggins))
Date: Wed, 1 Mar 2006 09:58:35 -0500
Subject: [Fedora-directory-commits] ldapserver ldapserver.spec.tmpl, 1.25,
1.26
Message-ID: <200603011458.k21EwZqf016289@cvs-int.fedora.redhat.com>
Author: rmeggins
Update of /cvs/dirsec/ldapserver
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv16272
Modified Files:
ldapserver.spec.tmpl
Log Message:
added patch file for upgrading from 1.0.1 - fixes the use of admpw for basic auth
Index: ldapserver.spec.tmpl
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldapserver.spec.tmpl,v
retrieving revision 1.25
retrieving revision 1.26
diff -u -r1.25 -r1.26
--- ldapserver.spec.tmpl 23 Feb 2006 19:30:23 -0000 1.25
+++ ldapserver.spec.tmpl 1 Mar 2006 14:58:27 -0000 1.26
@@ -139,6 +139,10 @@
if [ -f $RPM_INSTALL_PREFIX/setup/adminserver-httpd-moduleorder.patch ] ; then
patch -s -f -d $RPM_INSTALL_PREFIX -p0 < $RPM_INSTALL_PREFIX/setup/adminserver-httpd-moduleorder.patch > /dev/null 2>&1
fi
+# patch file to fix use of admpw for basic auth
+ if [ -f $RPM_INSTALL_PREFIX/setup/admserv-conf-tmpl.patch ] ; then
+ patch -s -f -d $RPM_INSTALL_PREFIX -p0 < $RPM_INSTALL_PREFIX/setup/admserv-conf-tmpl.patch > /dev/null 2>&1
+ fi
# fix up file permissions
testfile=$RPM_INSTALL_PREFIX/admin-serv/config/nss.conf
if [ ! -f $testfile ] ; then
@@ -172,6 +176,9 @@
fi
%changelog
+* Wed Mar 1 2006 Rich Megginson - 1.0.2-1
+- Added admserv-conf-tmpl.patch to fix the use of admpw for basic auth
+
* Wed Feb 22 2006 Rich Megginson - 1.0.2-1
- Add patch to fix admin server httpd module load order; you
- must now run setup after an upgrade; copy in the new 00core.ldif
From fedora-directory-commits at redhat.com Wed Mar 1 15:16:39 2006
From: fedora-directory-commits at redhat.com (Richard Allen Megginson (rmeggins))
Date: Wed, 1 Mar 2006 10:16:39 -0500
Subject: [Fedora-directory-commits] adminserver/admserv/cfgstuff
admserv-conf-admpw.patch, NONE, 1.1
Message-ID: <200603011516.k21FGdVl018200@cvs-int.fedora.redhat.com>
Author: rmeggins
Update of /cvs/dirsec/adminserver/admserv/cfgstuff
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv18182
Added Files:
admserv-conf-admpw.patch
Log Message:
this patch fixes the use of admpw in the actual config file - the previous patch only fixes the template
admserv-conf-admpw.patch:
--- NEW FILE admserv-conf-admpw.patch ---
--- admin-serv/config/admserv.conf.orig 2006-03-01 08:11:57.000000000 -0700
+++ admin-serv/config/admserv.conf 2006-03-01 08:12:56.000000000 -0700
@@ -146,17 +146,17 @@
Order allow,deny
Allow from all
# Handle Stop, Start, Restart, Instance Creation - invoke mod_restartd
# need to add instance creation because you may want to create an instance
# of DS on a low port, and instance creation starts the instance as well
- AuthUserFile /home/rich/72srv/admin-serv/config/admpw
+ AuthUserFile /opt/fedora-ds/admin-serv/config/admpw
AuthType basic
AuthName "Admin Server"
Require valid-user
## turn off the password pipe when using mod_restartd
AdminSDK off
Options +ExecCGI
RetainPerms on
Order allow,deny
From fedora-directory-commits at redhat.com Wed Mar 1 15:19:08 2006
From: fedora-directory-commits at redhat.com (Richard Allen Megginson (rmeggins))
Date: Wed, 1 Mar 2006 10:19:08 -0500
Subject: [Fedora-directory-commits] adminserver/admserv pkgadmin.mk, 1.41,
1.42
Message-ID: <200603011519.k21FJ8jh018279@cvs-int.fedora.redhat.com>
Author: rmeggins
Update of /cvs/dirsec/adminserver/admserv
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv18252
Modified Files:
pkgadmin.mk
Log Message:
added admserv-conf-admpw.patch to patch the real config file - the previous patch only patches the template config file
Index: pkgadmin.mk
===================================================================
RCS file: /cvs/dirsec/adminserver/admserv/pkgadmin.mk,v
retrieving revision 1.41
retrieving revision 1.42
diff -u -r1.41 -r1.42
--- pkgadmin.mk 1 Mar 2006 14:57:04 -0000 1.41
+++ pkgadmin.mk 1 Mar 2006 15:19:00 -0000 1.42
@@ -296,8 +296,10 @@
cp -p $(BUILD_ROOT)/admserv/cfgstuff/adminserver-httpd-moduleorder.patch $(ADMIN_DIR)/setup
# The patch file that fixes console ld libpath
cp -p $(BUILD_ROOT)/admserv/cfgstuff/console-ld-libpath.patch $(ADMIN_DIR)/setup
-# The patch file that fixes the use of admpw for basic auth
+# The patch file that fixes the use of admpw for basic auth in the template file
cp -p $(BUILD_ROOT)/admserv/cfgstuff/admserv-conf-tmpl.patch $(ADMIN_DIR)/setup
+# The patch file that fixes the use of admpw for basic auth in the real config file
+ cp -p $(BUILD_ROOT)/admserv/cfgstuff/admserv-conf-admpw.patch $(ADMIN_DIR)/setup
cp -p $(BUILD_ROOT)/admserv/newinst/common/config/not_installed.html $(ADMIN_DIR)/clients
From fedora-directory-commits at redhat.com Wed Mar 1 15:21:54 2006
From: fedora-directory-commits at redhat.com (Richard Allen Megginson (rmeggins))
Date: Wed, 1 Mar 2006 10:21:54 -0500
Subject: [Fedora-directory-commits] ldapserver ldapserver.spec.tmpl, 1.26,
1.27
Message-ID: <200603011521.k21FLs6T018322@cvs-int.fedora.redhat.com>
Author: rmeggins
Update of /cvs/dirsec/ldapserver
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv18305
Modified Files:
ldapserver.spec.tmpl
Log Message:
Added admserv-conf-admpw.patch to fix the use of admpw for basic auth in the actual config file
Index: ldapserver.spec.tmpl
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldapserver.spec.tmpl,v
retrieving revision 1.26
retrieving revision 1.27
diff -u -r1.26 -r1.27
--- ldapserver.spec.tmpl 1 Mar 2006 14:58:27 -0000 1.26
+++ ldapserver.spec.tmpl 1 Mar 2006 15:21:47 -0000 1.27
@@ -139,10 +139,14 @@
if [ -f $RPM_INSTALL_PREFIX/setup/adminserver-httpd-moduleorder.patch ] ; then
patch -s -f -d $RPM_INSTALL_PREFIX -p0 < $RPM_INSTALL_PREFIX/setup/adminserver-httpd-moduleorder.patch > /dev/null 2>&1
fi
-# patch file to fix use of admpw for basic auth
+# patch file to fix use of admpw for basic auth in the template file
if [ -f $RPM_INSTALL_PREFIX/setup/admserv-conf-tmpl.patch ] ; then
patch -s -f -d $RPM_INSTALL_PREFIX -p0 < $RPM_INSTALL_PREFIX/setup/admserv-conf-tmpl.patch > /dev/null 2>&1
fi
+# patch file to fix use of admpw for basic auth in the real config file
+ if [ -f $RPM_INSTALL_PREFIX/setup/admserv-conf-admpw.patch ] ; then
+ patch -s -f -d $RPM_INSTALL_PREFIX -p0 < $RPM_INSTALL_PREFIX/setup/admserv-conf-admpw.patch > /dev/null 2>&1
+ fi
# fix up file permissions
testfile=$RPM_INSTALL_PREFIX/admin-serv/config/nss.conf
if [ ! -f $testfile ] ; then
@@ -177,7 +181,7 @@
%changelog
* Wed Mar 1 2006 Rich Megginson - 1.0.2-1
-- Added admserv-conf-tmpl.patch to fix the use of admpw for basic auth
+- Added admserv-conf-tmpl.patch and admserv-conf-admpw.patch to fix the use of admpw for basic auth
* Wed Feb 22 2006 Rich Megginson - 1.0.2-1
- Add patch to fix admin server httpd module load order; you
From fedora-directory-commits at redhat.com Wed Mar 1 17:35:47 2006
From: fedora-directory-commits at redhat.com (Noriko Hosoi (nhosoi))
Date: Wed, 1 Mar 2006 12:35:47 -0500
Subject: [Fedora-directory-commits] ldapserver internal_comp_deps.mk, 1.36,
1.37
Message-ID: <200603011735.k21HZl24024941@cvs-int.fedora.redhat.com>
Author: nhosoi
Update of /cvs/dirsec/ldapserver
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv24924
Modified Files:
internal_comp_deps.mk
Log Message:
fixing the 64-bit Solaris build
1) removing the 32-bit NSS related files
2) removing an extra _64 tag from the libdb path
Index: internal_comp_deps.mk
===================================================================
RCS file: /cvs/dirsec/ldapserver/internal_comp_deps.mk,v
retrieving revision 1.36
retrieving revision 1.37
diff -u -r1.36 -r1.37
--- internal_comp_deps.mk 28 Feb 2006 20:46:12 -0000 1.36
+++ internal_comp_deps.mk 1 Mar 2006 17:35:39 -0000 1.37
@@ -104,42 +104,6 @@
else
SECURITY_DEP = $(SECURITY_LIBPATH)/libssl3.$(DLL_SUFFIX)
endif
-# if building 64 bit version, also need the 32 bit version of nssckbi.so
-# rename it as nssckbi32.so
-ifeq ($(USE_64), 1)
-# assumes there is a 32 bit version
- SHARED32_BUILD_DIR = $(NSCP_DISTDIR_FULL_RTL)/shared32
- NSS32_IMPORT = $(subst $(NS64TAG),,$(SECURITY_IMPORT))
- NSS32_BINNAMES = modutil
- NSS32_LIBNAMES = $(SECURITY_LIBNAMES.pkg)
- NSS32_NEED_CHK = $(SECURITY_NEED_CHK)
- ifeq ($(ARCH), SOLARIS)
- NSS32_LIBNAMES += freebl_hybrid_3 freebl_pure32_3
-# these libs have a corresponding .chk file
- NSS32_NEED_CHK += freebl_hybrid_3 freebl_pure32_3
- endif
- ifeq ($(ARCH), HPUX)
- NSS32_LIBNAMES += freebl_hybrid_3 freebl_pure32_3
-# these libs have a corresponding .chk file
- NSS32_NEED_CHK += freebl_hybrid_3 freebl_pure32_3
- endif
- NSSCKBI_FILE = $(LIB_PREFIX)nssckbi.$(DLL_SUFFIX)
- NSSCKBI32_FILE = $(LIB_PREFIX)nssckbi32.$(DLL_SUFFIX)
- NSS32_PULLFILES = bin/modutil lib/$(NSSCKBI_FILE) $(addprefix lib/$(LIB_PREFIX),$(addsuffix .$(DLL_SUFFIX),$(NSS32_LIBNAMES))) $(addprefix lib/$(LIB_PREFIX),$(addsuffix .chk,$(NSS32_NEED_CHK)))
-
- NSPR32_IMPORT = $(subst $(NS64TAG),,$(NSPR_IMPORT))
- NSPR32_LIBNAMES = $(NSPR_LIBNAMES)
- NSPR32_PULLFILES = lib/$(LIB_PREFIX)$(subst $(SPACE),$(COMMA)lib/$(LIB_PREFIX),$(addsuffix .$(DLL_SUFFIX),$(NSPR_LIBNAMES)))
-
-# we need to package the root cert file in the alias directory
- PACKAGE_SRC_DEST += $(SHARED32_BUILD_DIR)/lib/$(NSSCKBI32_FILE) alias
-# all other files go under shared32/bin or /lib
- PACKAGE_SRC_DEST += $(SHARED32_BUILD_DIR)/bin/modutil shared32/bin
-
-# do not need redundant copy of nssckbi
- NSS32_NSPR32_SRC_LIBS = $(filter-out $(SHARED32_BUILD_DIR)/lib/$(NSSCKBI32_FILE),$(wildcard $(SHARED32_BUILD_DIR)/lib/*))
- PACKAGE_SRC_DEST += $(addsuffix $(SPACE)shared32/lib,$(NSS32_NSPR32_SRC_LIBS))
-endif # USE_64
ifdef VSFTPD_HACK
SECURITY_FILES=lib,bin/$(subst $(SPACE),$(COMMA)bin/,$(SECURITY_TOOLS))
@@ -163,20 +127,6 @@
-objdir $(SECURITY_BUILD_DIR) -componentdir $(COMPONENTS_DIR)/nss/$(SECURITY_RELDATE) \
-files include
endif
-# if building 64 bit version, also need the 32 bit version of nssckbi.so
-# rename it as nssckbi32.so
-# also need the 32 bit modutil, other NSS shared libraries and NSPR shared libraries
-ifeq ($(USE_64), 1)
- mkdir -p $(SHARED32_BUILD_DIR)/bin
- mkdir -p $(SHARED32_BUILD_DIR)/lib
- $(FTP_PULL) -method $(SECURITY_PULL_METHOD) \
- -objdir $(SHARED32_BUILD_DIR) -componentdir $(NSPR32_IMPORT) \
- -files $(NSPR32_PULLFILES)
- $(FTP_PULL) -method $(SECURITY_PULL_METHOD) \
- -objdir $(SHARED32_BUILD_DIR) -componentdir $(NSS32_IMPORT) \
- -files $(subst $(SPACE),$(COMMA),$(NSS32_PULLFILES))
- mv $(SHARED32_BUILD_DIR)/lib/$(NSSCKBI_FILE) $(SHARED32_BUILD_DIR)/lib/$(NSSCKBI32_FILE)
-endif # USE_64
endif # COMPONENT_DEPS
- at if [ ! -f $@ ] ; \
then echo "Error: could not get component NSS file $@" ; \
@@ -298,7 +248,7 @@
# define the paths to the component parts
db_components_share=$(COMPONENTS_DIR)/$(db_component_name)
MY_NSOBJDIR_TAG=$(NSOBJDIR_TAG).OBJ
-db_release_config =$(db_components_share)/$(DB_VERSION)/$(NSCONFIG_NOTAG)$(NS64TAG)$(MY_NSOBJDIR_TAG)
+db_release_config =$(db_components_share)/$(DB_VERSION)/$(NSCONFIG_NOTAG)$(MY_NSOBJDIR_TAG)
# add ",bin" to DB_FILES if you want the programs like db_verify, db_recover, etc.
DB_FILES=include,lib,bin
From fedora-directory-commits at redhat.com Wed Mar 1 18:43:59 2006
From: fedora-directory-commits at redhat.com (Nathan Kinder (nkinder))
Date: Wed, 1 Mar 2006 13:43:59 -0500
Subject: [Fedora-directory-commits] mod_admserv mod_admserv.c,1.20,1.21
Message-ID: <200603011843.k21IhxqU027189@cvs-int.fedora.redhat.com>
Author: nkinder
Update of /cvs/dirsec/mod_admserv
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv27172
Modified Files:
mod_admserv.c
Log Message:
Updated the module hook registration order to deal with the proper Apache 2.2 module name (mod_auth_basic)
Index: mod_admserv.c
===================================================================
RCS file: /cvs/dirsec/mod_admserv/mod_admserv.c,v
retrieving revision 1.20
retrieving revision 1.21
diff -u -r1.20 -r1.21
--- mod_admserv.c 24 Feb 2006 16:19:23 -0000 1.20
+++ mod_admserv.c 1 Mar 2006 18:43:51 -0000 1.21
@@ -2680,7 +2680,13 @@
static void register_hooks(apr_pool_t *p)
{
/* Do basic auth after our own auth */
+#ifdef AP_SERVER_MAJORVERSION_NUMBER
+ /* Apache 2.2+ */
+ static const char * const aszPost[] = { "mod_auth_basic.c", NULL };
+#else
+ /* Apache 2.0 and earlier uses a different module name than 2.2+ */
static const char * const aszPost[] = { "mod_auth.c", NULL };
+#endif
/* Make sure mod_nss has been configured before us */
static const char * const aszPre[] = { "mod_nss.c", NULL };
From fedora-directory-commits at redhat.com Wed Mar 1 18:54:27 2006
From: fedora-directory-commits at redhat.com (Richard Allen Megginson (rmeggins))
Date: Wed, 1 Mar 2006 13:54:27 -0500
Subject: [Fedora-directory-commits] dsbuild/ds/mod_admserv checksums, 1.3,
1.4
Message-ID: <200603011854.k21IsRq3027445@cvs-int.fedora.redhat.com>
Author: rmeggins
Update of /cvs/dirsec/dsbuild/ds/mod_admserv
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv27398/ds/mod_admserv
Modified Files:
checksums
Log Message:
updated checksums
Index: checksums
===================================================================
RCS file: /cvs/dirsec/dsbuild/ds/mod_admserv/checksums,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- checksums 24 Feb 2006 17:23:49 -0000 1.3
+++ checksums 1 Mar 2006 18:54:19 -0000 1.4
@@ -1 +1 @@
-55b569f178f1dbbe1ca5a5eec6f05470 download/mod_admserv-1.0.2.tar.gz
+0390005e25b172868c574c76af59fafa download/mod_admserv-1.0.2.tar.gz
From fedora-directory-commits at redhat.com Wed Mar 1 18:54:16 2006
From: fedora-directory-commits at redhat.com (Richard Allen Megginson (rmeggins))
Date: Wed, 1 Mar 2006 13:54:16 -0500
Subject: [Fedora-directory-commits] dsbuild/ds/adminserver checksums, 1.5,
1.6
Message-ID: <200603011854.k21IskMD027448@cvs-int.fedora.redhat.com>
Author: rmeggins
Update of /cvs/dirsec/dsbuild/ds/adminserver
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv27398/ds/adminserver
Modified Files:
checksums
Log Message:
updated checksums
Index: checksums
===================================================================
RCS file: /cvs/dirsec/dsbuild/ds/adminserver/checksums,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- checksums 28 Feb 2006 23:26:30 -0000 1.5
+++ checksums 1 Mar 2006 18:54:08 -0000 1.6
@@ -1 +1 @@
-3dddb676c33a2580ff459d158a321e40 download/fedora-adminserver-1.0.2.tar.gz
+ab7b4809b135e28f114c8367264e9394 download/fedora-adminserver-1.0.2.tar.gz
From fedora-directory-commits at redhat.com Wed Mar 1 18:54:21 2006
From: fedora-directory-commits at redhat.com (Richard Allen Megginson (rmeggins))
Date: Wed, 1 Mar 2006 13:54:21 -0500
Subject: [Fedora-directory-commits] dsbuild/ds/ldapserver checksums,1.5,1.6
Message-ID: <200603011854.k21Isq2O027451@cvs-int.fedora.redhat.com>
Author: rmeggins
Update of /cvs/dirsec/dsbuild/ds/ldapserver
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv27398/ds/ldapserver
Modified Files:
checksums
Log Message:
updated checksums
Index: checksums
===================================================================
RCS file: /cvs/dirsec/dsbuild/ds/ldapserver/checksums,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- checksums 25 Feb 2006 03:27:39 -0000 1.5
+++ checksums 1 Mar 2006 18:54:14 -0000 1.6
@@ -1 +1 @@
-3ccdf3f3613bd8cb547a9b088fe3d3d9 download/fedora-ds-1.0.2.tar.gz
+d8bd5b68087229b4bb2e3867cb92ba85 download/fedora-ds-1.0.2.tar.gz
From fedora-directory-commits at redhat.com Wed Mar 1 23:44:09 2006
From: fedora-directory-commits at redhat.com (Noriko Hosoi (nhosoi))
Date: Wed, 1 Mar 2006 18:44:09 -0500
Subject: [Fedora-directory-commits] adminutil component_versions.mk, 1.3,
1.4 components.mk, 1.3, 1.4 internal_comp_deps.mk, 1.3, 1.4
Message-ID: <200603012344.k21Ni9C0006537@cvs-int.fedora.redhat.com>
Author: nhosoi
Update of /cvs/dirsec/adminutil
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv6515
Modified Files:
component_versions.mk components.mk internal_comp_deps.mk
Log Message:
upgraded LDAP C SDK: v5.16 -> v5.17
Index: component_versions.mk
===================================================================
RCS file: /cvs/dirsec/adminutil/component_versions.mk,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- component_versions.mk 22 Feb 2006 21:45:17 -0000 1.3
+++ component_versions.mk 1 Mar 2006 23:44:01 -0000 1.4
@@ -44,7 +44,7 @@
# LDAP SDK
ifndef LDAP_RELDATE
- LDAP_RELDATE = v5.16
+ LDAP_RELDATE = v5.17
endif
ifndef LDAPCOMP_DIR
LDAPCOMP_DIR=ldapsdk50
Index: components.mk
===================================================================
RCS file: /cvs/dirsec/adminutil/components.mk,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- components.mk 22 Feb 2006 21:45:17 -0000 1.3
+++ components.mk 1 Mar 2006 23:44:01 -0000 1.4
@@ -124,7 +124,7 @@
else
LDAPSDK_LIBPATH = $(LDAP_ROOT)/lib
LDAPSDK_INCDIR = $(LDAP_ROOT)/include
- LDAPSDK_BINPATH = $(LDAP_ROOT)/tools
+ LDAPSDK_BINPATH = $(LDAP_ROOT)/bin
endif
LDAPSDK_INCLUDE = -I$(LDAPSDK_INCDIR)
Index: internal_comp_deps.mk
===================================================================
RCS file: /cvs/dirsec/adminutil/internal_comp_deps.mk,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- internal_comp_deps.mk 22 Feb 2006 21:45:17 -0000 1.3
+++ internal_comp_deps.mk 1 Mar 2006 23:44:01 -0000 1.4
@@ -117,7 +117,7 @@
mkdir -p $(LDAP_LIBPATH)
$(FTP_PULL) -method $(LDAPSDK_PULL_METHOD) \
-objdir $(LDAP_ROOT) -componentdir $(LDAP_RELEASE) \
- -files include,$(LDAPSDK_PULL_LIBS),tools
+ -files include,$(LDAPSDK_PULL_LIBS),bin
endif
- at if [ ! -f $@ ] ; \
then echo "Error: could not get component LDAPSDK file $@" ; \
From fedora-directory-commits at redhat.com Thu Mar 2 01:12:39 2006
From: fedora-directory-commits at redhat.com (Noriko Hosoi (nhosoi))
Date: Wed, 1 Mar 2006 20:12:39 -0500
Subject: [Fedora-directory-commits] ldapserver/ldap/servers/slapd/back-ldbm
dn2entry.c, 1.4, 1.4.2.1 import-threads.c, 1.8.2.1,
1.8.2.2 sort.c, 1.5, 1.5.2.1
Message-ID: <200603020112.k221CdbE011428@cvs-int.fedora.redhat.com>
Author: nhosoi
Update of /cvs/dirsec/ldapserver/ldap/servers/slapd/back-ldbm
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv11336/ldap/servers/slapd/back-ldbm
Modified Files:
Tag: Directory71RtmBranch
dn2entry.c import-threads.c sort.c
Log Message:
[159328] Tracking bug for Directory Server 7.1 Service Packs; Comment #50
ported internal diffs to the external CVS
Index: dn2entry.c
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/back-ldbm/dn2entry.c,v
retrieving revision 1.4
retrieving revision 1.4.2.1
diff -u -r1.4 -r1.4.2.1
--- dn2entry.c 19 Apr 2005 22:07:38 -0000 1.4
+++ dn2entry.c 2 Mar 2006 01:12:31 -0000 1.4.2.1
@@ -109,58 +109,12 @@
}
/*
- * dn2entry_or_ancestor - look up dn in the cache/indexes and return the
- * corresponding entry. If the entry is not found, this function returns NULL
- * and sets ancestordn to the DN of highest entry in the tree matched.
- *
- * ancestordn should be initialized before calling this function.
- *
- * When the caller is finished with the entry returned, it should return it
- * to the cache:
- * e = dn2entry_or_ancestor( ... );
- * if ( NULL != e ) {
- * cache_return( &inst->inst_cache, &e );
- * }
- */
-struct backentry *
-dn2entry_or_ancestor(
- Slapi_Backend *be,
- const Slapi_DN *sdn,
- Slapi_DN *ancestordn,
- back_txn *txn,
- int *err
-)
-{
- struct backentry *e;
-
- LDAPDebug( LDAP_DEBUG_TRACE, "=> dn2entry_or_ancestor \"%s\"\n", slapi_sdn_get_dn(sdn), 0, 0 );
-
- /*
- * Fetch the entry asked for.
- */
-
- e= dn2entry(be,sdn,txn,err);
-
- if(e==NULL)
- {
- /*
- * could not find the entry named. crawl back up the dn and
- * stop at the first ancestor that does exist, or when we get
- * to the suffix.
- */
- e= dn2ancestor(be,sdn,ancestordn,txn,err);
- }
-
- LDAPDebug( LDAP_DEBUG_TRACE, "<= dn2entry_or_ancestor %p\n", e, 0, 0 );
- return( e );
-}
-
-/*
* Use the DN to fetch the parent of the entry.
* If the parent entry doesn't exist, keep working
* up the DN until we hit "" or an backend suffix.
*
- * ancestordn should be initialized before calling this function.
+ * ancestordn should be initialized before calling this function, and
+ * should be empty
*
* Returns NULL for no entry found.
*
@@ -184,18 +138,64 @@
LDAPDebug( LDAP_DEBUG_TRACE, "=> dn2ancestor \"%s\"\n", slapi_sdn_get_dn(sdn), 0, 0 );
- /* stop when we get to "", or a backend suffix point */
- slapi_sdn_done(ancestordn); /* free any previous contents */
- slapi_sdn_get_backend_parent(sdn,ancestordn,be);
- if ( !slapi_sdn_isempty(ancestordn) )
- {
- Slapi_DN *newsdn = slapi_sdn_dup(ancestordn);
- e = dn2entry_or_ancestor( be, newsdn, ancestordn, txn, err );
- slapi_sdn_free(&newsdn);
- }
-
- LDAPDebug( LDAP_DEBUG_TRACE, "<= dn2ancestor %p\n", e, 0, 0 );
- return( e );
+ /* first, check to see if the given sdn is empty or a root suffix of the
+ given backend - if so, it has no parent */
+ if (!slapi_sdn_isempty(sdn) && !slapi_be_issuffix( be, sdn )) {
+ Slapi_DN ancestorndn;
+ const char *ptr;
+
+ /* assign ancestordn to the parent of the given dn - ancestordn will contain
+ the "raw" unnormalized DN from the caller, so we can give back the DN
+ in the same format as we received it */
+ ptr = slapi_dn_find_parent(slapi_sdn_get_dn(sdn));
+ /* assign the ancestordn dn pointer to the parent of dn from sdn - sdn "owns"
+ the memory, but ancestordn points to it */
+ slapi_sdn_set_dn_byref(ancestordn, ptr); /* free any previous contents */
+ /* now, do the same for the normalized version */
+ /* ancestorndn holds the normalized version for iteration purposes and
+ because dn2entry needs the normalized dn */
+ ptr = slapi_dn_find_parent(slapi_sdn_get_ndn(sdn));
+ slapi_sdn_init_ndn_byref(&ancestorndn, ptr);
+
+ /*
+ At this point you may be wondering why I need both ancestorndn and
+ ancestordn. Because, with the slapi_sdn interface, you cannot set both
+ the dn and ndn byref at the same time. Whenever you call set_dn or set_ndn,
+ it calls slapi_sdn_done which wipes out the previous contents. I suppose I
+ could have added another API to allow you to pass them both in. Also, using
+ slapi_sdn_get_ndn(ancestordn) every time would result in making a copy then
+ normalizing the copy every time - not efficient.
+ So, why not just use a char* for the ancestorndn? Because dn2entry requires
+ a Slapi_DN with the normalized dn.
+ */
+
+ /* stop when we get to "", or a backend suffix point */
+ while (!e && !slapi_sdn_isempty(&ancestorndn) && !slapi_be_issuffix( be, &ancestorndn )) {
+ /* find the entry - it uses the ndn, so no further conversion is necessary */
+ e= dn2entry(be,&ancestorndn,txn,err);
+ if (!e) {
+ /* not found, so set ancestordn to its parent and try again */
+ ptr = slapi_dn_find_parent(slapi_sdn_get_ndn(&ancestorndn));
+ /* keep in mind that ptr points to the raw ndn pointer inside
+ ancestorndn which is still the ndn string "owned" by sdn, the
+ original dn we started with - we are careful not to touch
+ or change it */
+ slapi_sdn_set_ndn_byref(&ancestorndn, ptr); /* wipe out the previous contents */
+ /* now do the same for the unnormalized one */
+ ptr = slapi_dn_find_parent(slapi_sdn_get_dn(ancestordn));
+ slapi_sdn_set_dn_byref(ancestordn, ptr); /* wipe out the previous contents */
+ }
+ }
+
+ slapi_sdn_done(&ancestorndn);
+ }
+
+ /* post conditions:
+ e is the entry of the ancestor of sdn OR e is the suffix entry
+ OR e is NULL
+ ancestordn contains the unnormalized DN of e or is empty */
+ LDAPDebug( LDAP_DEBUG_TRACE, "<= dn2ancestor %p\n", e, 0, 0 );
+ return( e );
}
/*
Index: import-threads.c
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/back-ldbm/import-threads.c,v
retrieving revision 1.8.2.1
retrieving revision 1.8.2.2
diff -u -r1.8.2.1 -r1.8.2.2
--- import-threads.c 20 Feb 2006 18:14:50 -0000 1.8.2.1
+++ import-threads.c 2 Mar 2006 01:12:31 -0000 1.8.2.2
@@ -986,7 +986,7 @@
int ret = 0;
struct attrinfo *parentid_ai;
Slapi_PBlock *pb = slapi_pblock_new();
- int shift = 0;
+ int shift = 0;
PR_ASSERT(info != NULL);
PR_ASSERT(inst != NULL);
@@ -1030,8 +1030,8 @@
/* Read that entry from the cache */
fi = import_fifo_fetch(job, id, 0, shift);
if (! fi) {
- import_log_notice(job, "WARNING: entry id %d is missing");
- shift++;
+ import_log_notice(job, "WARNING: entry id %d is missing", id);
+ shift++;
continue;
}
@@ -1052,7 +1052,7 @@
*/
if (job->flags & FLAG_ABORT) {
goto error;
- }
+ }
if (parent_status == IMPORT_ADD_OP_ATTRS_NO_PARENT) {
/* If this entry is a suffix entry, this is not a problem */
Index: sort.c
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/back-ldbm/sort.c,v
retrieving revision 1.5
retrieving revision 1.5.2.1
diff -u -r1.5 -r1.5.2.1
--- sort.c 19 Apr 2005 22:07:38 -0000 1.5
+++ sort.c 2 Mar 2006 01:12:31 -0000 1.5.2.1
@@ -384,6 +384,7 @@
return_value = ber_scanf(ber,"a",&rtype);
if (LBER_ERROR == return_value) {
+ slapi_ch_free_string(&rtype);
rc = LDAP_PROTOCOL_ERROR;
goto err;
}
From fedora-directory-commits at redhat.com Thu Mar 2 01:12:23 2006
From: fedora-directory-commits at redhat.com (Noriko Hosoi (nhosoi))
Date: Wed, 1 Mar 2006 20:12:23 -0500
Subject: [Fedora-directory-commits] ldapserver/ldap/servers/plugins/views
views.c, 1.5.2.1, 1.5.2.2
Message-ID: <200603020112.k221Csvg011431@cvs-int.fedora.redhat.com>
Author: nhosoi
Update of /cvs/dirsec/ldapserver/ldap/servers/plugins/views
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv11336/ldap/servers/plugins/views
Modified Files:
Tag: Directory71RtmBranch
views.c
Log Message:
[159328] Tracking bug for Directory Server 7.1 Service Packs; Comment #50
ported internal diffs to the external CVS
Index: views.c
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/servers/plugins/views/views.c,v
retrieving revision 1.5.2.1
retrieving revision 1.5.2.2
diff -u -r1.5.2.1 -r1.5.2.2
--- views.c 25 Aug 2005 22:38:40 -0000 1.5.2.1
+++ views.c 2 Mar 2006 01:12:04 -0000 1.5.2.2
@@ -735,6 +735,7 @@
Slapi_Filter *pCurrentFilter = 0;
Slapi_Filter *pBuiltFilter = 0;
Slapi_Filter *pViewEntryExcludeFilter = 0;
+ char *excludeFilter;
if(pView->includeAncestorFiltersFilter)
{
@@ -769,7 +770,11 @@
}
/* filter for removing view entries from search */
- pViewEntryExcludeFilter = slapi_str2filter( "(!(objectclass=" VIEW_OBJECTCLASS "))" );
+ /* richm - slapi_str2filter _writes_ to it's argument, so we have to pass in
+ some writeable memory, or core dump, do not pass go */
+ excludeFilter = slapi_ch_strdup("(!(objectclass=" VIEW_OBJECTCLASS "))");
+ pViewEntryExcludeFilter = slapi_str2filter( excludeFilter );
+ slapi_ch_free_string(&excludeFilter);
if(pBuiltFilter)
pView->includeAncestorFiltersFilter = slapi_filter_join_ex( LDAP_FILTER_AND, pBuiltFilter, pViewEntryExcludeFilter, 0 );
From fedora-directory-commits at redhat.com Thu Mar 2 01:12:33 2006
From: fedora-directory-commits at redhat.com (Noriko Hosoi (nhosoi))
Date: Wed, 1 Mar 2006 20:12:33 -0500
Subject: [Fedora-directory-commits]
ldapserver/ldap/servers/slapd add.c, 1.5,
1.5.2.1 attr.c, 1.5.2.1, 1.5.2.2 ava.c, 1.4, 1.4.2.1 bind.c,
1.6, 1.6.2.1 compare.c, 1.4, 1.4.2.1 delete.c, 1.4,
1.4.2.1 dn.c, 1.6.2.1, 1.6.2.2 filter.c, 1.5, 1.5.2.1 modify.c,
1.7, 1.7.2.1 modrdn.c, 1.4, 1.4.2.1 passwd_extop.c, 1.6,
1.6.2.1 slapi-plugin.h, 1.8, 1.8.2.1
Message-ID: <200603020113.k221D3Sd011436@cvs-int.fedora.redhat.com>
Author: nhosoi
Update of /cvs/dirsec/ldapserver/ldap/servers/slapd
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv11336/ldap/servers/slapd
Modified Files:
Tag: Directory71RtmBranch
add.c attr.c ava.c bind.c compare.c delete.c dn.c filter.c
modify.c modrdn.c passwd_extop.c slapi-plugin.h
Log Message:
[159328] Tracking bug for Directory Server 7.1 Service Packs; Comment #50
ported internal diffs to the external CVS
Index: add.c
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/add.c,v
retrieving revision 1.5
retrieving revision 1.5.2.1
diff -u -r1.5 -r1.5.2.1
--- add.c 19 Apr 2005 22:07:36 -0000 1.5
+++ add.c 2 Mar 2006 01:12:23 -0000 1.5.2.1
@@ -102,8 +102,9 @@
*/
/* get the name */
{
- char *dn;
+ char *dn = NULL;
if ( ber_scanf( ber, "{a", &dn ) == LBER_ERROR ) {
+ slapi_ch_free_string(&dn);
LDAPDebug( LDAP_DEBUG_ANY,
"ber_scanf failed (op=Add; params=DN)\n", 0, 0, 0 );
op_shared_log_error_access (pb, "ADD", "???", "decoding error");
@@ -121,11 +122,13 @@
tag != LBER_DEFAULT && tag != LBER_END_OF_SEQORSET;
tag = ber_next_element( ber, &len, last ) ) {
char *type = NULL, *normtype = NULL;
- struct berval **vals;
+ struct berval **vals = NULL;
if ( ber_scanf( ber, "{a{V}}", &type, &vals ) == LBER_ERROR ) {
op_shared_log_error_access (pb, "ADD", slapi_sdn_get_dn (slapi_entry_get_sdn_const(e)), "decoding error");
send_ldap_result( pb, LDAP_PROTOCOL_ERROR, NULL,
"decoding error", 0, NULL );
+ slapi_ch_free_string(&type);
+ ber_bvecfree( vals );
goto free_and_return;
}
@@ -134,7 +137,7 @@
op_shared_log_error_access (pb, "ADD", slapi_sdn_get_dn (slapi_entry_get_sdn_const(e)), "null value");
send_ldap_result( pb, LDAP_PROTOCOL_ERROR, NULL, NULL,
0, NULL );
- free( type );
+ slapi_ch_free_string(&type);
goto free_and_return;
}
@@ -144,7 +147,7 @@
PR_snprintf (ebuf, BUFSIZ, "invalid type '%s'", type);
op_shared_log_error_access (pb, "ADD", slapi_sdn_get_dn (slapi_entry_get_sdn_const(e)), ebuf);
send_ldap_result( pb, rc, NULL, ebuf, 0, NULL );
- free( type );
+ slapi_ch_free_string(&type);
slapi_ch_free( (void**)&normtype );
ber_bvecfree( vals );
goto free_and_return;
Index: attr.c
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/attr.c,v
retrieving revision 1.5.2.1
retrieving revision 1.5.2.2
diff -u -r1.5.2.1 -r1.5.2.2
--- attr.c 25 Aug 2005 18:25:08 -0000 1.5.2.1
+++ attr.c 2 Mar 2006 01:12:25 -0000 1.5.2.2
@@ -112,7 +112,7 @@
switch ( opt ) {
case SLAPI_TYPE_CMP_EXACT: /* compare base name + options as given */
- rc = strcmp( a1, a2 );
+ rc = strcasecmp( a1, a2 );
break;
case SLAPI_TYPE_CMP_BASE: /* ignore options on both names - compare base names only */
Index: ava.c
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/ava.c,v
retrieving revision 1.4
retrieving revision 1.4.2.1
diff -u -r1.4 -r1.4.2.1
--- ava.c 19 Apr 2005 22:07:36 -0000 1.4
+++ ava.c 2 Mar 2006 01:12:25 -0000 1.4.2.1
@@ -53,10 +53,12 @@
struct ava *ava
)
{
- char *type;
+ char *type = NULL;
if ( ber_scanf( ber, "{ao}", &type, &ava->ava_value )
== LBER_ERROR ) {
+ slapi_ch_free_string(&type);
+ ava_done(ava);
LDAPDebug( LDAP_DEBUG_ANY, " get_ava ber_scanf\n", 0, 0, 0 );
return( LDAP_PROTOCOL_ERROR );
}
Index: bind.c
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/bind.c,v
retrieving revision 1.6
retrieving revision 1.6.2.1
diff -u -r1.6 -r1.6.2.1
--- bind.c 19 Apr 2005 22:07:36 -0000 1.6
+++ bind.c 2 Mar 2006 01:12:25 -0000 1.6.2.1
@@ -111,7 +111,7 @@
long ber_version = -1;
int auth_response_requested = 0;
int pw_response_requested = 0;
- char *dn, *saslmech = NULL;
+ char *dn = NULL, *saslmech = NULL;
struct berval cred = {0};
Slapi_Backend *be = NULL;
unsigned long rc;
@@ -154,6 +154,7 @@
log_bind_access (pb, "???", method, version, saslmech, "decoding error");
send_ldap_result( pb, LDAP_PROTOCOL_ERROR, NULL,
"decoding error", 0, NULL );
+ slapi_ch_free_string(&dn);
return;
}
Index: compare.c
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/compare.c,v
retrieving revision 1.4
retrieving revision 1.4.2.1
diff -u -r1.4 -r1.4.2.1
--- compare.c 19 Apr 2005 22:07:36 -0000 1.4
+++ compare.c 2 Mar 2006 01:12:25 -0000 1.4.2.1
@@ -60,13 +60,13 @@
do_compare( Slapi_PBlock *pb )
{
BerElement *ber = pb->pb_op->o_ber;
- char *dn;
- struct ava ava;
+ char *dn = NULL;
+ struct ava ava = {0};
Slapi_Backend *be = NULL;
int err;
char ebuf[ BUFSIZ ];
Slapi_DN sdn;
- Slapi_Entry *referral;
+ Slapi_Entry *referral = NULL;
char errorbuf[BUFSIZ];
LDAPDebug( LDAP_DEBUG_TRACE, "do_compare\n", 0, 0, 0 );
@@ -74,6 +74,9 @@
/* count the compare request */
PR_AtomicIncrement(g_get_global_snmp_vars()->ops_tbl.dsCompareOps);
+ /* have to init this here so we can "done" it below if we short circuit */
+ slapi_sdn_init(&sdn);
+
/*
* Parse the compare request. It looks like this:
*
@@ -86,7 +89,6 @@
* }
*/
-
if ( ber_scanf( ber, "{a{ao}}", &dn, &ava.ava_type,
&ava.ava_value ) == LBER_ERROR ) {
LDAPDebug( LDAP_DEBUG_ANY,
@@ -94,7 +96,7 @@
0, 0, 0 );
send_ldap_result( pb, LDAP_PROTOCOL_ERROR, NULL, NULL, 0,
NULL );
- return;
+ goto free_and_return;
}
/*
* in LDAPv3 there can be optional control extensions on
@@ -106,6 +108,7 @@
goto free_and_return;
}
slapi_sdn_init_dn_passin(&sdn,dn);
+ dn = NULL; /* do not free - sdn owns it now */
/* target spec is used to decide which plugins are applicable for the operation */
operation_set_target_spec (pb->pb_op, &sdn);
@@ -181,5 +184,6 @@
if (be)
slapi_be_Unlock(be);
slapi_sdn_done(&sdn);
+ slapi_ch_free_string(&dn);
ava_done( &ava );
}
Index: delete.c
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/delete.c,v
retrieving revision 1.4
retrieving revision 1.4.2.1
diff -u -r1.4 -r1.4.2.1
--- delete.c 19 Apr 2005 22:07:36 -0000 1.4
+++ delete.c 2 Mar 2006 01:12:25 -0000 1.4.2.1
@@ -66,7 +66,7 @@
{
Slapi_Operation *operation;
BerElement *ber;
- char *dn;
+ char *dn = NULL;
int err;
LDAPDebug( LDAP_DEBUG_TRACE, "do_delete\n", 0, 0, 0 );
@@ -89,7 +89,7 @@
op_shared_log_error_access (pb, "DEL", "???", "decoding error");
send_ldap_result( pb, LDAP_PROTOCOL_ERROR, NULL, NULL, 0,
NULL );
- return;
+ goto free_and_return;
}
/*
Index: dn.c
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/dn.c,v
retrieving revision 1.6.2.1
retrieving revision 1.6.2.2
diff -u -r1.6.2.1 -r1.6.2.2
--- dn.c 20 Feb 2006 18:14:43 -0000 1.6.2.1
+++ dn.c 2 Mar 2006 01:12:25 -0000 1.6.2.2
@@ -593,8 +593,26 @@
return r;
}
-char*
-slapi_dn_parent( const char *dn )
+/*
+ * This function is used for speed. Instead of returning a newly allocated
+ * dn string that contains the parent, this function just returns a pointer
+ * to the address _within_ the given string where the parent dn of the
+ * given dn starts e.g. if you call this with "dc=example,dc=com", the
+ * function will return "dc=com" - that is, the char* returned will be the
+ * address of the 'd' after the ',' in "dc=example,dc=com". This function
+ * also checks for bogus things like consecutive ocurrances of unquoted
+ * separators e.g. DNs like cn=foo,,,,,,,,,,,cn=bar,,,,,,,
+ * This function is useful for "interating" over a DN returning the ancestors
+ * of the given dn e.g.
+ *
+ * const char *dn = somedn;
+ * while (dn = slapi_dn_find_parent(dn)) {
+ * see if parent exists
+ * etc.
+ * }
+ */
+const char*
+slapi_dn_find_parent( const char *dn )
{
const char *s;
int inquote;
@@ -621,14 +639,34 @@
} else {
if ( *s == '"' )
inquote = 1;
- else if ( DNSEPARATOR( *s ) )
- return( slapi_ch_strdup( s + 1 ) );
+ else {
+ if ( DNSEPARATOR( *s ) ) {
+ while ( *s && DNSEPARATOR( *s ) ) {
+ ++s;
+ }
+ if (*s) {
+ return( s );
+ }
+ }
+ }
}
}
return( NULL );
}
+char*
+slapi_dn_parent( const char *dn )
+{
+ const char *s = slapi_dn_find_parent(dn);
+
+ if ( s == NULL || *s == '\0' ) {
+ return( NULL );
+ }
+
+ return( slapi_ch_strdup( s ) );
+}
+
/*
* slapi_dn_issuffix - tells whether suffix is a suffix of dn. both dn
* and suffix must be normalized.
Index: filter.c
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/filter.c,v
retrieving revision 1.5
retrieving revision 1.5.2.1
diff -u -r1.5 -r1.5.2.1
--- filter.c 19 Apr 2005 22:07:36 -0000 1.5
+++ filter.c 2 Mar 2006 01:12:25 -0000 1.5.2.1
@@ -175,7 +175,7 @@
unsigned long len;
int err;
struct slapi_filter *f;
- char *ftmp, *type;
+ char *ftmp, *type = NULL;
LDAPDebug( LDAP_DEBUG_FILTER, "=> get_filter_internal\n", 0, 0, 0 );
@@ -293,6 +293,7 @@
case LDAP_FILTER_PRESENT:
LDAPDebug( LDAP_DEBUG_FILTER, "PRESENT\n", 0, 0, 0 );
if ( ber_scanf( ber, "a", &type ) == LBER_ERROR ) {
+ slapi_ch_free_string(&type);
err = LDAP_PROTOCOL_ERROR;
} else {
err = LDAP_SUCCESS;
@@ -440,12 +441,13 @@
)
{
unsigned long tag, len, rc;
- char *val, *last, *type;
+ char *val, *last, *type = NULL;
char ebuf[BUFSIZ];
LDAPDebug( LDAP_DEBUG_FILTER, "=> get_substring_filter\n", 0, 0, 0 );
if ( ber_scanf( ber, "{a", &type ) == LBER_ERROR ) {
+ slapi_ch_free_string(&type);
return( LDAP_PROTOCOL_ERROR );
}
f->f_sub_type = slapi_attr_syntax_normalize( type );
@@ -460,8 +462,10 @@
tag != LBER_ERROR && tag != LBER_END_OF_SEQORSET;
tag = ber_next_element( ber, &len, last ) )
{
+ val = NULL;
rc = ber_scanf( ber, "a", &val );
if ( rc == LBER_ERROR ) {
+ slapi_ch_free_string(&val);
return( LDAP_PROTOCOL_ERROR );
}
if ( val == NULL || *val == '\0' ) {
@@ -573,8 +577,9 @@
}
}
{
- char* type;
+ char* type = NULL;
if (ber_scanf( ber, "a", &type ) == LBER_ERROR) {
+ slapi_ch_free_string (&type);
rc = LDAP_PROTOCOL_ERROR;
} else {
mrf->mrf_type = slapi_attr_syntax_normalize(type);
Index: modify.c
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/modify.c,v
retrieving revision 1.7
retrieving revision 1.7.2.1
diff -u -r1.7 -r1.7.2.1
--- modify.c 19 Apr 2005 22:07:36 -0000 1.7
+++ modify.c 2 Mar 2006 01:12:25 -0000 1.7.2.1
@@ -114,7 +114,7 @@
{
Slapi_Operation *operation;
BerElement *ber;
- char *last, *type;
+ char *last, *type = NULL;
unsigned long tag, len;
LDAPMod *mod;
LDAPMod **mods;
@@ -124,7 +124,7 @@
int ignored_some_mods = 0;
int has_password_mod = 0; /* number of password mods */
char *old_pw = NULL; /* remember the old password */
- char *dn;
+ char *dn = NULL;
LDAPDebug( LDAP_DEBUG_TRACE, "do_modify\n", 0, 0, 0 );
@@ -161,6 +161,7 @@
op_shared_log_error_access (pb, "MOD", "???", "decoding error");
send_ldap_result( pb, LDAP_PROTOCOL_ERROR, NULL, NULL, 0,
NULL );
+ slapi_ch_free_string(&dn);
return;
}
}
@@ -186,7 +187,9 @@
op_shared_log_error_access (pb, "MOD", dn, "decoding error");
send_ldap_result( pb, LDAP_PROTOCOL_ERROR, NULL,
"decoding error", 0, NULL );
+ ber_bvecfree(mod->mod_bvalues);
slapi_ch_free((void **)&mod);
+ slapi_ch_free_string(&type);
goto free_and_return;
}
mod->mod_op = long_mod_op;
Index: modrdn.c
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/modrdn.c,v
retrieving revision 1.4
retrieving revision 1.4.2.1
diff -u -r1.4 -r1.4.2.1
--- modrdn.c 19 Apr 2005 22:07:36 -0000 1.4
+++ modrdn.c 2 Mar 2006 01:12:25 -0000 1.4.2.1
@@ -66,10 +66,10 @@
{
Slapi_Operation *operation;
BerElement *ber;
- char *dn, *newsuperior = NULL;
+ char *dn = NULL, *newsuperior = NULL;
char *newrdn = NULL;
- int err, deloldrdn;
- unsigned long len;
+ int err = 0, deloldrdn = 0;
+ unsigned long len = 0;
LDAPDebug( LDAP_DEBUG_TRACE, "do_modrdn\n", 0, 0, 0 );
@@ -99,7 +99,7 @@
send_ldap_result( pb, LDAP_PROTOCOL_ERROR, NULL,
"unable to decode DN, newRDN, or deleteOldRDN parameters",
0, NULL );
- return;
+ goto free_and_return;
}
if ( ber_peek_tag( ber, &len ) == LDAP_TAG_NEWSUPERIOR ) {
Index: passwd_extop.c
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/passwd_extop.c,v
retrieving revision 1.6
retrieving revision 1.6.2.1
diff -u -r1.6 -r1.6.2.1
--- passwd_extop.c 19 Apr 2005 22:07:36 -0000 1.6
+++ passwd_extop.c 2 Mar 2006 01:12:25 -0000 1.6.2.1
@@ -201,6 +201,7 @@
{
char *oid = NULL;
char *bindDN = NULL;
+ char *authmethod = NULL;
char *dn = NULL;
char *oldPasswd = NULL;
char *newPasswd = NULL;
@@ -297,6 +298,7 @@
{
if ( ber_scanf( ber, "a", &dn) == LBER_ERROR )
{
+ slapi_ch_free_string(&dn);
LDAPDebug( LDAP_DEBUG_ANY,
"ber_scanf failed :{\n", 0, 0, 0 );
errMesg = "ber_scanf failed at userID parse.\n";
@@ -313,6 +315,7 @@
{
if ( ber_scanf( ber, "a", &oldPasswd ) == LBER_ERROR )
{
+ slapi_ch_free_string(&oldPasswd);
LDAPDebug( LDAP_DEBUG_ANY,
"ber_scanf failed :{\n", 0, 0, 0 );
errMesg = "ber_scanf failed at oldPasswd parse.\n";
@@ -331,6 +334,7 @@
{
if ( ber_scanf( ber, "a", &newPasswd ) == LBER_ERROR )
{
+ slapi_ch_free_string(&newPasswd);
LDAPDebug( LDAP_DEBUG_ANY,
"ber_scanf failed :{\n", 0, 0, 0 );
errMesg = "ber_scanf failed at newPasswd parse.\n";
@@ -379,7 +383,7 @@
/* Did they give us a DN ? */
if (dn == NULL || *dn == '\0') {
/* Get the DN from the bind identity on this connection */
- dn = bindDN;
+ dn = slapi_ch_strdup(bindDN);
LDAPDebug( LDAP_DEBUG_ANY,
"Missing userIdentity in request, using the bind DN instead.\n",
0, 0, 0 );
@@ -455,7 +459,17 @@
/* Free anything that we allocated above */
free_and_return:
-
+
+ slapi_ch_free_string(&oldPasswd);
+ slapi_ch_free_string(&newPasswd);
+ /* Either this is the same pointer that we allocated and set above,
+ or whoever used it should have freed it and allocated a new
+ value that we need to free here */
+ slapi_pblock_get( pb, SLAPI_ORIGINAL_TARGET, &dn );
+ slapi_ch_free_string(&dn);
+ slapi_pblock_set( pb, SLAPI_ORIGINAL_TARGET, NULL );
+ slapi_ch_free_string(&authmethod);
+
if ( targetEntry != NULL ){
slapi_entry_free (targetEntry);
}
@@ -467,7 +481,7 @@
slapi_log_error( SLAPI_LOG_PLUGIN, "passwd_modify_extop",
- errMesg );
+ errMesg ? errMesg : "success" );
send_ldap_result( pb, rc, NULL, errMesg, 0, NULL );
Index: slapi-plugin.h
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/slapi-plugin.h,v
retrieving revision 1.8
retrieving revision 1.8.2.1
diff -u -r1.8 -r1.8.2.1
--- slapi-plugin.h 19 Apr 2005 22:07:37 -0000 1.8
+++ slapi-plugin.h 2 Mar 2006 01:12:25 -0000 1.8.2.1
@@ -362,6 +362,7 @@
char *slapi_dn_ignore_case( char *dn );
char *slapi_dn_normalize_case( char *dn );
char *slapi_dn_beparent( Slapi_PBlock *pb, const char *dn );
+const char *slapi_dn_find_parent( const char *dn );
char *slapi_dn_parent( const char *dn );
int slapi_dn_issuffix( const char *dn, const char *suffix );
int slapi_dn_isparent( const char *parentdn, const char *childdn );
From fedora-directory-commits at redhat.com Thu Mar 2 01:12:06 2006
From: fedora-directory-commits at redhat.com (Noriko Hosoi (nhosoi))
Date: Wed, 1 Mar 2006 20:12:06 -0500
Subject: [Fedora-directory-commits]
ldapserver/ldap/servers/plugins/replication repl5_total.c, 1.5,
1.5.2.1 repl_controls.c, 1.5, 1.5.2.1 repl_extop.c, 1.7,
1.7.2.1 windows_protocol_util.c, 1.20.2.3, 1.20.2.4
Message-ID: <200603020113.k221D7b5011451@cvs-int.fedora.redhat.com>
Author: nhosoi
Update of /cvs/dirsec/ldapserver/ldap/servers/plugins/replication
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv11336/ldap/servers/plugins/replication
Modified Files:
Tag: Directory71RtmBranch
repl5_total.c repl_controls.c repl_extop.c
windows_protocol_util.c
Log Message:
[159328] Tracking bug for Directory Server 7.1 Service Packs; Comment #50
ported internal diffs to the external CVS
Index: repl5_total.c
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/servers/plugins/replication/repl5_total.c,v
retrieving revision 1.5
retrieving revision 1.5.2.1
diff -u -r1.5 -r1.5.2.1
--- repl5_total.c 19 Apr 2005 22:07:32 -0000 1.5
+++ repl5_total.c 2 Mar 2006 01:11:55 -0000 1.5.2.1
@@ -585,7 +585,7 @@
char *lasti;
unsigned long len;
unsigned long tag;
- char *str;
+ char *str = NULL;
int rc;
Slapi_Value *value;
@@ -685,6 +685,9 @@
if (value)
slapi_value_free (&value);
+ slapi_ch_free_string(&attrtype);
+ slapi_ch_free_string(&str);
+
return -1;
}
Index: repl_controls.c
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/servers/plugins/replication/repl_controls.c,v
retrieving revision 1.5
retrieving revision 1.5.2.1
diff -u -r1.5 -r1.5.2.1
--- repl_controls.c 19 Apr 2005 22:07:32 -0000 1.5
+++ repl_controls.c 2 Mar 2006 01:11:55 -0000 1.5.2.1
@@ -349,15 +349,15 @@
emtag != LBER_ERROR && emtag != LBER_END_OF_SEQORSET;
emtag = ber_next_element( ember, &emlen, emlast ))
{
- struct berval **embvals;
- if ( ber_scanf( ember, "{i{a[V]}}", &op, &type, &embvals ) == LBER_ERROR )
+ struct berval **embvals = NULL;
+ type = NULL;
+ if ( ber_scanf( ember, "{i{a[V]}}", &op, &type, &embvals ) != LBER_ERROR )
{
- continue;
+ slapi_mods_add_modbvps( smods, op, type, embvals);
/* GGOODREPL I suspect this will cause two sets of lastmods attr values
to end up in the entry. We need to remove the old ones.
*/
}
- slapi_mods_add_modbvps( smods, op, type, embvals);
free( type );
ber_bvecfree( embvals );
}
Index: repl_extop.c
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/servers/plugins/replication/repl_extop.c,v
retrieving revision 1.7
retrieving revision 1.7.2.1
diff -u -r1.7 -r1.7.2.1
--- repl_extop.c 19 Apr 2005 22:07:32 -0000 1.7
+++ repl_extop.c 2 Mar 2006 01:11:55 -0000 1.7.2.1
@@ -384,7 +384,8 @@
/* slapi_ch_free accepts NULL pointer */
slapi_ch_free ((void**)protocol_oid);
slapi_ch_free ((void**)repl_root);
- slapi_ch_free ((void **)extra_referrals);
+ slapi_ch_array_free (*extra_referrals);
+ *extra_referrals = NULL;
slapi_ch_free ((void**)csnstr);
if (*supplier_ruv)
Index: windows_protocol_util.c
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/servers/plugins/replication/windows_protocol_util.c,v
retrieving revision 1.20.2.3
retrieving revision 1.20.2.4
diff -u -r1.20.2.3 -r1.20.2.4
--- windows_protocol_util.c 20 Feb 2006 19:50:29 -0000 1.20.2.3
+++ windows_protocol_util.c 2 Mar 2006 01:11:55 -0000 1.20.2.4
@@ -1570,11 +1570,12 @@
{
int retval = 0;
- char *string_deleted = "(isdeleted=*)";
+ char *string_deleted = slapi_ch_strdup("(isdeleted=*)");
/* DBDB: we should allocate these filters once and keep them around for better performance */
Slapi_Filter *filter_deleted = slapi_str2filter( string_deleted );
+ slapi_ch_free_string(&string_deleted);
/* DBDB: this should be one filter, the code originally tested separately and hasn't been fixed yet */
if ( (slapi_filter_test_simple( e, filter_deleted ) == 0) )
{
@@ -2251,9 +2252,10 @@
/* Next test for the correct kind of entry */
if (local_entry) {
/* DBDB: we should allocate these filters once and keep them around for better performance */
- char *string_filter = "(&(|(objectclass=ntuser)(objectclass=ntgroup))(ntUserDomainId=*))";
+ char *string_filter = slapi_ch_strdup("(&(|(objectclass=ntuser)(objectclass=ntgroup))(ntUserDomainId=*))");
Slapi_Filter *filter = slapi_str2filter( string_filter );
+ slapi_ch_free_string(&string_filter);
if (slapi_filter_test_simple( (Slapi_Entry*)local_entry, filter ) == 0)
{
retval = 1;
From fedora-directory-commits at redhat.com Thu Mar 2 19:22:02 2006
From: fedora-directory-commits at redhat.com (Robert Crittenden (rcritten))
Date: Thu, 2 Mar 2006 14:22:02 -0500
Subject: [Fedora-directory-commits] mod_nss Makefile.am, 1.10,
1.11 Makefile.in, 1.17, 1.18 configure, 1.14,
1.15 configure.in, 1.10, 1.11 mod_nss.c, 1.10, 1.11 mod_nss.h,
1.9, 1.10 nss.conf.in, 1.7, 1.8 nss_engine_config.c, 1.9,
1.10 nss_engine_init.c, 1.16, 1.17 nss_engine_io.c, 1.4,
1.5 nss_engine_kernel.c, 1.3, 1.4 nss_engine_vars.c, 1.4, 1.5
Message-ID: <200603021922.k22JM28f029325@cvs-int.fedora.redhat.com>
Author: rcritten
Update of /cvs/dirsec/mod_nss
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv29295
Modified Files:
Makefile.am Makefile.in configure configure.in mod_nss.c
mod_nss.h nss.conf.in nss_engine_config.c nss_engine_init.c
nss_engine_io.c nss_engine_kernel.c nss_engine_vars.c
Log Message:
Add support for Elliptical Curve Cryptography (ECC). This is disabled
by default. To enable it, pass --enable-ecc to configure.
Index: Makefile.am
===================================================================
RCS file: /cvs/dirsec/mod_nss/Makefile.am,v
retrieving revision 1.10
retrieving revision 1.11
diff -u -r1.10 -r1.11
--- Makefile.am 26 Feb 2006 00:30:56 -0000 1.10
+++ Makefile.am 2 Mar 2006 19:21:54 -0000 1.11
@@ -12,7 +12,6 @@
## Set the includes and libraries needed
INCLUDES = -I at apache_inc@ @nspr_inc@ @nss_inc@ @apr_inc@
LIBS = @nspr_lib@ @nss_lib@ -lssl3 -lsmime3 -lnss3 -lsoftokn3 -lplc4 -lplds4 -lnspr4
- at SSL2_TRUE@AM_CFLAGS=-DWANT_SSL2
EXTRA_CPPFLAGS=@extra_cppflags@
install-libLTLIBRARIES: libmodnss.la
Index: Makefile.in
===================================================================
RCS file: /cvs/dirsec/mod_nss/Makefile.in,v
retrieving revision 1.17
retrieving revision 1.18
diff -u -r1.17 -r1.18
--- Makefile.in 26 Feb 2006 00:30:56 -0000 1.17
+++ Makefile.in 2 Mar 2006 19:21:54 -0000 1.18
@@ -121,7 +121,6 @@
INCLUDES = -I at apache_inc@ @nspr_inc@ @nss_inc@ @apr_inc@
LIBS = @nspr_lib@ @nss_lib@ -lssl3 -lsmime3 -lnss3 -lsoftokn3 -lplc4 -lplds4 -lnspr4
- at SSL2_TRUE@AM_CFLAGS = -DWANT_SSL2
EXTRA_CPPFLAGS = @extra_cppflags@
LTCOMPILE = $(LIBTOOL) --mode=compile $(CC) $(DEFS) \
Index: configure
===================================================================
RCS file: /cvs/dirsec/mod_nss/configure,v
retrieving revision 1.14
retrieving revision 1.15
diff -u -r1.14 -r1.15
--- configure 26 Feb 2006 00:34:57 -0000 1.14
+++ configure 2 Mar 2006 19:21:54 -0000 1.15
@@ -462,7 +462,7 @@
# include
#endif"
-ac_subst_vars='SHELL PATH_SEPARATOR PACKAGE_NAME PACKAGE_TARNAME PACKAGE_VERSION PACKAGE_STRING PACKAGE_BUGREPORT exec_prefix prefix program_transform_name bindir sbindir libexecdir datadir sysconfdir sharedstatedir localstatedir libdir includedir oldincludedir infodir mandir build_alias host_alias target_alias DEFS ECHO_C ECHO_N ECHO_T LIBS INSTALL_PROGRAM INSTALL_SCRIPT INSTALL_DATA PACKAGE VERSION ACLOCAL AUTOCONF AUTOMAKE AUTOHEADER MAKEINFO AMTAR install_sh STRIP ac_ct_STRIP INSTALL_STRIP_PROGRAM AWK SET_MAKE CC CFLAGS LDFLAGS CPPFLAGS ac_ct_CC EXEEXT OBJEXT DEPDIR am__include am__quote AMDEP_TRUE AMDEP_FALSE AMDEPBACKSLASH CCDEPMODE build build_cpu build_vendor build_os host host_cpu host_vendor host_os EGREP LN_S ECHO AR ac_ct_AR RANLIB ac_ct_RANLIB CPP CXX CXXFLAGS ac_ct_CXX CXXDEPMODE CXXCPP F77 FFLAGS ac_ct_F77 LIBTOOL YACC LEX LEXLIB LEX_OUTPUT_ROOT SSL2_TRUE SSL2_FALSE APR_CONFIG APXS PKG_CONFIG apr_inc apache_inc apache_conf apache_prefix apache_bin nspr_inc ns!
pr_lib nss_inc nss_lib nspr_dir nss_dir extra_cppflags LIBOBJS LTLIBOBJS'
+ac_subst_vars='SHELL PATH_SEPARATOR PACKAGE_NAME PACKAGE_TARNAME PACKAGE_VERSION PACKAGE_STRING PACKAGE_BUGREPORT exec_prefix prefix program_transform_name bindir sbindir libexecdir datadir sysconfdir sharedstatedir localstatedir libdir includedir oldincludedir infodir mandir build_alias host_alias target_alias DEFS ECHO_C ECHO_N ECHO_T LIBS INSTALL_PROGRAM INSTALL_SCRIPT INSTALL_DATA PACKAGE VERSION ACLOCAL AUTOCONF AUTOMAKE AUTOHEADER MAKEINFO AMTAR install_sh STRIP ac_ct_STRIP INSTALL_STRIP_PROGRAM AWK SET_MAKE CC CFLAGS LDFLAGS CPPFLAGS ac_ct_CC EXEEXT OBJEXT DEPDIR am__include am__quote AMDEP_TRUE AMDEP_FALSE AMDEPBACKSLASH CCDEPMODE build build_cpu build_vendor build_os host host_cpu host_vendor host_os EGREP LN_S ECHO AR ac_ct_AR RANLIB ac_ct_RANLIB CPP CXX CXXFLAGS ac_ct_CXX CXXDEPMODE CXXCPP F77 FFLAGS ac_ct_F77 LIBTOOL YACC LEX LEXLIB LEX_OUTPUT_ROOT APR_CONFIG APXS PKG_CONFIG apr_inc apache_inc apache_conf apache_prefix apache_bin nspr_inc nspr_lib nss_inc nss_li!
b nspr_dir nss_dir extra_cppflags LIBOBJS LTLIBOBJS'
ac_subst_files=''
# Initialize some variables set by options.
@@ -1032,6 +1032,7 @@
optimize for fast installation [default=yes]
--disable-libtool-lock avoid locking (might break parallel builds)
--enable-ssl2 enable SSLv2 (default=no)
+ --enable-ecc enable Elliptical Curve Cyptography (default=no)
Optional Packages:
--with-PACKAGE[=ARG] use PACKAGE [ARG=yes]
@@ -3568,7 +3569,7 @@
;;
*-*-irix6*)
# Find out which ABI we are using.
- echo '#line 3571 "configure"' > conftest.$ac_ext
+ echo '#line 3572 "configure"' > conftest.$ac_ext
if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
(eval $ac_compile) 2>&5
ac_status=$?
@@ -5100,7 +5101,7 @@
# Provide some information about the compiler.
-echo "$as_me:5103:" \
+echo "$as_me:5104:" \
"checking for Fortran 77 compiler version" >&5
ac_compiler=`set X $ac_compile; echo $2`
{ (eval echo "$as_me:$LINENO: \"$ac_compiler --version &5\"") >&5
@@ -6134,11 +6135,11 @@
-e 's:.*FLAGS}? :&$lt_compiler_flag :; t' \
-e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
-e 's:$: $lt_compiler_flag:'`
- (eval echo "\"\$as_me:6137: $lt_compile\"" >&5)
+ (eval echo "\"\$as_me:6138: $lt_compile\"" >&5)
(eval "$lt_compile" 2>conftest.err)
ac_status=$?
cat conftest.err >&5
- echo "$as_me:6141: \$? = $ac_status" >&5
+ echo "$as_me:6142: \$? = $ac_status" >&5
if (exit $ac_status) && test -s "$ac_outfile"; then
# The compiler can only warn and ignore the option if not recognized
# So say no if there are warnings
@@ -6367,11 +6368,11 @@
-e 's:.*FLAGS}? :&$lt_compiler_flag :; t' \
-e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
-e 's:$: $lt_compiler_flag:'`
- (eval echo "\"\$as_me:6370: $lt_compile\"" >&5)
+ (eval echo "\"\$as_me:6371: $lt_compile\"" >&5)
(eval "$lt_compile" 2>conftest.err)
ac_status=$?
cat conftest.err >&5
- echo "$as_me:6374: \$? = $ac_status" >&5
+ echo "$as_me:6375: \$? = $ac_status" >&5
if (exit $ac_status) && test -s "$ac_outfile"; then
# The compiler can only warn and ignore the option if not recognized
# So say no if there are warnings
@@ -6427,11 +6428,11 @@
-e 's:.*FLAGS}? :&$lt_compiler_flag :; t' \
-e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
-e 's:$: $lt_compiler_flag:'`
- (eval echo "\"\$as_me:6430: $lt_compile\"" >&5)
+ (eval echo "\"\$as_me:6431: $lt_compile\"" >&5)
(eval "$lt_compile" 2>out/conftest.err)
ac_status=$?
cat out/conftest.err >&5
- echo "$as_me:6434: \$? = $ac_status" >&5
+ echo "$as_me:6435: \$? = $ac_status" >&5
if (exit $ac_status) && test -s out/conftest2.$ac_objext
then
# The compiler can only warn and ignore the option if not recognized
@@ -7761,7 +7762,7 @@
libsuff=
case "$host_cpu" in
x86_64*|s390x*|powerpc64*)
- echo '#line 7764 "configure"' > conftest.$ac_ext
+ echo '#line 7765 "configure"' > conftest.$ac_ext
if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
(eval $ac_compile) 2>&5
ac_status=$?
@@ -8632,7 +8633,7 @@
lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
lt_status=$lt_dlunknown
cat > conftest.$ac_ext < conftest.$ac_ext <&5)
+ (eval echo "\"\$as_me:10913: $lt_compile\"" >&5)
(eval "$lt_compile" 2>conftest.err)
ac_status=$?
cat conftest.err >&5
- echo "$as_me:10916: \$? = $ac_status" >&5
+ echo "$as_me:10917: \$? = $ac_status" >&5
if (exit $ac_status) && test -s "$ac_outfile"; then
# The compiler can only warn and ignore the option if not recognized
# So say no if there are warnings
@@ -10969,11 +10970,11 @@
-e 's:.*FLAGS}? :&$lt_compiler_flag :; t' \
-e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
-e 's:$: $lt_compiler_flag:'`
- (eval echo "\"\$as_me:10972: $lt_compile\"" >&5)
+ (eval echo "\"\$as_me:10973: $lt_compile\"" >&5)
(eval "$lt_compile" 2>out/conftest.err)
ac_status=$?
cat out/conftest.err >&5
- echo "$as_me:10976: \$? = $ac_status" >&5
+ echo "$as_me:10977: \$? = $ac_status" >&5
if (exit $ac_status) && test -s out/conftest2.$ac_objext
then
# The compiler can only warn and ignore the option if not recognized
@@ -11480,7 +11481,7 @@
libsuff=
case "$host_cpu" in
x86_64*|s390x*|powerpc64*)
- echo '#line 11483 "configure"' > conftest.$ac_ext
+ echo '#line 11484 "configure"' > conftest.$ac_ext
if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
(eval $ac_compile) 2>&5
ac_status=$?
@@ -12351,7 +12352,7 @@
lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
lt_status=$lt_dlunknown
cat > conftest.$ac_ext < conftest.$ac_ext <&5)
+ (eval echo "\"\$as_me:13280: $lt_compile\"" >&5)
(eval "$lt_compile" 2>conftest.err)
ac_status=$?
cat conftest.err >&5
- echo "$as_me:13283: \$? = $ac_status" >&5
+ echo "$as_me:13284: \$? = $ac_status" >&5
if (exit $ac_status) && test -s "$ac_outfile"; then
# The compiler can only warn and ignore the option if not recognized
# So say no if there are warnings
@@ -13336,11 +13337,11 @@
-e 's:.*FLAGS}? :&$lt_compiler_flag :; t' \
-e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
-e 's:$: $lt_compiler_flag:'`
- (eval echo "\"\$as_me:13339: $lt_compile\"" >&5)
+ (eval echo "\"\$as_me:13340: $lt_compile\"" >&5)
(eval "$lt_compile" 2>out/conftest.err)
ac_status=$?
cat out/conftest.err >&5
- echo "$as_me:13343: \$? = $ac_status" >&5
+ echo "$as_me:13344: \$? = $ac_status" >&5
if (exit $ac_status) && test -s out/conftest2.$ac_objext
then
# The compiler can only warn and ignore the option if not recognized
@@ -14650,7 +14651,7 @@
libsuff=
case "$host_cpu" in
x86_64*|s390x*|powerpc64*)
- echo '#line 14653 "configure"' > conftest.$ac_ext
+ echo '#line 14654 "configure"' > conftest.$ac_ext
if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
(eval $ac_compile) 2>&5
ac_status=$?
@@ -15391,11 +15392,11 @@
-e 's:.*FLAGS}? :&$lt_compiler_flag :; t' \
-e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
-e 's:$: $lt_compiler_flag:'`
- (eval echo "\"\$as_me:15394: $lt_compile\"" >&5)
+ (eval echo "\"\$as_me:15395: $lt_compile\"" >&5)
(eval "$lt_compile" 2>conftest.err)
ac_status=$?
cat conftest.err >&5
- echo "$as_me:15398: \$? = $ac_status" >&5
+ echo "$as_me:15399: \$? = $ac_status" >&5
if (exit $ac_status) && test -s "$ac_outfile"; then
# The compiler can only warn and ignore the option if not recognized
# So say no if there are warnings
@@ -15624,11 +15625,11 @@
-e 's:.*FLAGS}? :&$lt_compiler_flag :; t' \
-e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
-e 's:$: $lt_compiler_flag:'`
- (eval echo "\"\$as_me:15627: $lt_compile\"" >&5)
+ (eval echo "\"\$as_me:15628: $lt_compile\"" >&5)
(eval "$lt_compile" 2>conftest.err)
ac_status=$?
cat conftest.err >&5
- echo "$as_me:15631: \$? = $ac_status" >&5
+ echo "$as_me:15632: \$? = $ac_status" >&5
if (exit $ac_status) && test -s "$ac_outfile"; then
# The compiler can only warn and ignore the option if not recognized
# So say no if there are warnings
@@ -15684,11 +15685,11 @@
-e 's:.*FLAGS}? :&$lt_compiler_flag :; t' \
-e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
-e 's:$: $lt_compiler_flag:'`
- (eval echo "\"\$as_me:15687: $lt_compile\"" >&5)
+ (eval echo "\"\$as_me:15688: $lt_compile\"" >&5)
(eval "$lt_compile" 2>out/conftest.err)
ac_status=$?
cat out/conftest.err >&5
- echo "$as_me:15691: \$? = $ac_status" >&5
+ echo "$as_me:15692: \$? = $ac_status" >&5
if (exit $ac_status) && test -s out/conftest2.$ac_objext
then
# The compiler can only warn and ignore the option if not recognized
@@ -17018,7 +17019,7 @@
libsuff=
case "$host_cpu" in
x86_64*|s390x*|powerpc64*)
- echo '#line 17021 "configure"' > conftest.$ac_ext
+ echo '#line 17022 "configure"' > conftest.$ac_ext
if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
(eval $ac_compile) 2>&5
ac_status=$?
@@ -17889,7 +17890,7 @@
lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
lt_status=$lt_dlunknown
cat > conftest.$ac_ext < conftest.$ac_ext <&5
echo "${ECHO_T}yes" >&6
+ extra_cppflags="$extra_cppflags -DWANT_SSL2"
else
echo "$as_me:$LINENO: result: no" >&5
echo "${ECHO_T}no" >&6
fi
+#AM_CONDITIONAL(SSL2, test x$ssl2 = xyes)
-
-if test x$ssl2 = xyes; then
- SSL2_TRUE=
- SSL2_FALSE='#'
+echo "$as_me:$LINENO: checking for ECC" >&5
+echo $ECHO_N "checking for ECC... $ECHO_C" >&6
+# Check whether --enable-ecc or --disable-ecc was given.
+if test "${enable_ecc+set}" = set; then
+ enableval="$enable_ecc"
+ ecc=$enableval
+else
+ ecc=no
+fi;
+if test $ecc = yes; then
+ echo "$as_me:$LINENO: result: yes" >&5
+echo "${ECHO_T}yes" >&6
+ extra_cppflags="$extra_cppflags -DNSS_ENABLE_ECC"
else
- SSL2_TRUE='#'
- SSL2_FALSE=
+ echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6
fi
-
+#AM_CONDITIONAL(ECC, test x$ecc = xyes)
{ echo "$as_me:$LINENO: checking for apr-config..." >&5
echo "$as_me: checking for apr-config..." >&6;}
@@ -19954,7 +19966,7 @@
apache_conf=`$APXS -q SYSCONFDIR`
apache_prefix=`$APXS -q PREFIX`
apache_bin=`$APXS -q SBINDIR`
-extra_cppflags=`$APXS -q EXTRA_CPPFLAGS`
+extra_cppflags="$extra_cppflags `$APXS -q EXTRA_CPPFLAGS`"
if ! test -f "$apache_inc/apr.h"; then
if test -z "$apr_inc"; then
@@ -20387,13 +20399,6 @@
Usually this means the macro was only invoked conditionally." >&2;}
{ (exit 1); exit 1; }; }
fi
-if test -z "${SSL2_TRUE}" && test -z "${SSL2_FALSE}"; then
- { { echo "$as_me:$LINENO: error: conditional \"SSL2\" was never defined.
-Usually this means the macro was only invoked conditionally." >&5
-echo "$as_me: error: conditional \"SSL2\" was never defined.
-Usually this means the macro was only invoked conditionally." >&2;}
- { (exit 1); exit 1; }; }
-fi
: ${CONFIG_STATUS=./config.status}
ac_clean_files_save=$ac_clean_files
@@ -20981,8 +20986,6 @@
s, at LEX@,$LEX,;t t
s, at LEXLIB@,$LEXLIB,;t t
s, at LEX_OUTPUT_ROOT@,$LEX_OUTPUT_ROOT,;t t
-s, at SSL2_TRUE@,$SSL2_TRUE,;t t
-s, at SSL2_FALSE@,$SSL2_FALSE,;t t
s, at APR_CONFIG@,$APR_CONFIG,;t t
s, at APXS@,$APXS,;t t
s, at PKG_CONFIG@,$PKG_CONFIG,;t t
Index: configure.in
===================================================================
RCS file: /cvs/dirsec/mod_nss/configure.in,v
retrieving revision 1.10
retrieving revision 1.11
diff -u -r1.10 -r1.11
--- configure.in 26 Feb 2006 00:30:56 -0000 1.10
+++ configure.in 2 Mar 2006 19:21:54 -0000 1.11
@@ -28,10 +28,23 @@
ssl2=$enableval, ssl2=no)
if test $ssl2 = yes; then
AC_MSG_RESULT(yes)
+ extra_cppflags="$extra_cppflags -DWANT_SSL2"
else
AC_MSG_RESULT(no)
fi
-AM_CONDITIONAL(SSL2, test x$ssl2 = xyes)
+#AM_CONDITIONAL(SSL2, test x$ssl2 = xyes)
+
+AC_MSG_CHECKING(for ECC)
+AC_ARG_ENABLE(ecc,
+ [ --enable-ecc enable Elliptical Curve Cyptography (default=no)],
+ ecc=$enableval, ecc=no)
+if test $ecc = yes; then
+ AC_MSG_RESULT(yes)
+ extra_cppflags="$extra_cppflags -DNSS_ENABLE_ECC"
+else
+ AC_MSG_RESULT(no)
+fi
+#AM_CONDITIONAL(ECC, test x$ecc = xyes)
AC_CHECKING(for apr-config)
# check for --with-apr-config
@@ -97,7 +110,7 @@
apache_conf=`$APXS -q SYSCONFDIR`
apache_prefix=`$APXS -q PREFIX`
apache_bin=`$APXS -q SBINDIR`
-extra_cppflags=`$APXS -q EXTRA_CPPFLAGS`
+extra_cppflags="$extra_cppflags `$APXS -q EXTRA_CPPFLAGS`"
if ! test -f "$apache_inc/apr.h"; then
if test -z "$apr_inc"; then
Index: mod_nss.c
===================================================================
RCS file: /cvs/dirsec/mod_nss/mod_nss.c,v
retrieving revision 1.10
retrieving revision 1.11
diff -u -r1.10 -r1.11
--- mod_nss.c 4 Jan 2006 22:07:58 -0000 1.10
+++ mod_nss.c 2 Mar 2006 19:21:54 -0000 1.11
@@ -86,8 +86,13 @@
"SSL Client Authentication "
"(`none', `optional', `require'")
SSL_CMD_SRV(Nickname, TAKE1,
- "SSL Server Certificate nickname "
+ "SSL RSA Server Certificate nickname "
"(`Server-Cert'")
+#ifdef NSS_ENABLE_ECC
+ SSL_CMD_SRV(ECCNickname, TAKE1,
+ "SSL ECC Server Certificate nickname "
+ "(`Server-Cert'")
+#endif
SSL_CMD_SRV(EnforceValidCerts, FLAG,
"Require a valid, trust, non-expired server certificate (default on)"
"(`on', `off'")
Index: mod_nss.h
===================================================================
RCS file: /cvs/dirsec/mod_nss/mod_nss.h,v
retrieving revision 1.9
retrieving revision 1.10
diff -u -r1.9 -r1.10
--- mod_nss.h 4 Jan 2006 22:07:58 -0000 1.9
+++ mod_nss.h 2 Mar 2006 19:21:54 -0000 1.10
@@ -268,11 +268,20 @@
int tlsrollback;
int enforce;
const char *nickname;
+#ifdef NSS_ENABLE_ECC
+ const char *eccnickname;
+#endif
CERTCertificate *servercert;
SECKEYPrivateKey *serverkey;
SSLKEAType serverKEAType;
+#ifdef NSS_ENABLE_ECC
+ CERTCertificate *eccservercert;
+ SECKEYPrivateKey *eccserverkey;
+ SSLKEAType eccserverKEAType;
+#endif
+
PRFileDesc *model; /* used to model an SSL socket */
modnss_auth_ctx_t auth;
@@ -329,7 +338,11 @@
enum sslversion { SSL2=1, SSL3=2, TLS=4};
/* the table itself is defined in nss_engine_init.c */
+#ifdef NSS_ENABLE_ECC
+#define ciphernum 48
+#else
#define ciphernum 23
+#endif
/*
* function prototypes
@@ -353,6 +366,9 @@
const char *nss_cmd_NSSVerifyClient(cmd_parms *cmd, void *dcfg, const char *arg);
const char *nss_cmd_NSSProtocol(cmd_parms *cmd, void *dcfg, const char *arg);
const char *nss_cmd_NSSNickname(cmd_parms *cmd, void *dcfg, const char *arg);
+#ifdef NSS_ENABLE_ECC
+const char *nss_cmd_NSSECCNickname(cmd_parms *cmd, void *dcfg, const char *arg);
+#endif
const char *nss_cmd_NSSEnforceValidCerts(cmd_parms *, void *, int);
const char *nss_cmd_NSSSessionCacheTimeout(cmd_parms *cmd, void *dcfg, const char *arg);
const char *nss_cmd_NSSSession3CacheTimeout(cmd_parms *cmd, void *dcfg, const char *arg);
Index: nss.conf.in
===================================================================
RCS file: /cvs/dirsec/mod_nss/nss.conf.in,v
retrieving revision 1.7
retrieving revision 1.8
diff -u -r1.7 -r1.8
--- nss.conf.in 3 Oct 2005 14:59:26 -0000 1.7
+++ nss.conf.in 2 Mar 2006 19:21:54 -0000 1.8
@@ -86,14 +86,27 @@
# SSL Cipher Suite:
# List the ciphers that the client is permitted to negotiate.
# See the mod_nss documentation for a complete list.
-NSSCipherSuite +rsa_3des_sha,-rsa_des_56_sha,+rsa_des_sha,-rsa_null_md5,-rsa_null_sha,-rsa_rc2_40_md5,+rsa_rc4_128_md5,-rsa_rc4_128_sha,-rsa_rc4_40_md5,-rsa_rc4_56_sha,-fortezza,-fortezza_rc4_128_sha,-fortezza_null,-fips_des_sha,+fips_3des_sha,-rsa_aes_128_sha,-rsa_aes_256_sha
+
+# SSL 3 ciphers. SSL 2 is disabled by default.
+NSSCipherSuite +rsa_rc4_128_md5,+rsa_rc4_128_sha,+rsa_3des_sha,-rsa_des_sha,-rsa_rc4_40_md5,-rsa_rc2_40_md5,-rsa_null_md5,-rsa_null_sha,+fips_3des_sha,-fips_des_sha,-fortezza,-fortezza_rc4_128_sha,-fortezza_null,-rsa_des_56_sha,-rsa_rc4_56_sha,+rsa_aes_128_sha,+rsa_aes_256_sha
+
+# SSL 3 ciphers + ECC ciphers. SSL 2 is disabled by default.
+#
+# Comment out the NSSCipherSuite line above and use the one below if you have
+# ECC enabled NSS and mod_nss and want to use Elliptical Curve Cryptography
+#NSSCipherSuite +rsa_rc4_128_md5,+rsa_rc4_128_sha,+rsa_3des_sha,-rsa_des_sha,-rsa_rc4_40_md5,-rsa_rc2_40_md5,-rsa_null_md5,-rsa_null_sha,+fips_3des_sha,-fips_des_sha,-fortezza,-fortezza_rc4_128_sha,-fortezza_null,-rsa_des_56_sha,-rsa_rc4_56_sha,+rsa_aes_128_sha,+rsa_aes_256_sha,-ecdh_ecdsa_null_sha,+ecdh_ecdsa_rc4_128_sha,+ecdh_ecdsa_3des_sha,+ecdh_ecdsa_aes_128_sha,+ecdh_ecdsa_aes_256_sha,-ecdhe_ecdsa_null_sha,+ecdhe_ecdsa_rc4_128_sha,+ecdhe_ecdsa_3des_sha,+ecdhe_ecdsa_aes_128_sha,+ecdhe_ecdsa_aes_256_sha,-ecdh_rsa_null_sha,+ecdh_rsa_128_sha,+ecdh_rsa_3des_sha,+ecdh_rsa_aes_128_sha,+ecdh_rsa_aes_256_sha,-echde_rsa_null,+ecdhe_rsa_rc4_128_sha,+ecdhe_rsa_3des_sha,+ecdhe_rsa_aes_128_sha,+ecdhe_rsa_aes_256_sha
NSSProtocol SSLv3,TLSv1
# SSL Certificate Nickname:
-# The nickname of the server certificate you are going to use.
+# The nickname of the RSA server certificate you are going to use.
NSSNickname Server-Cert
+# SSL Certificate Nickname:
+# The nickname of the ECC server certificate you are going to use, if you
+# have an ECC-enabled version of NSS and mod_nss
+#NSSECCNickname Server-Cert-ecc
+
# Server Certificate Database:
# The NSS security database directory that holds the certificates and
# keys. The database consists of 3 files: cert8.db, key3.db and secmod.db.
Index: nss_engine_config.c
===================================================================
RCS file: /cvs/dirsec/mod_nss/nss_engine_config.c,v
retrieving revision 1.9
retrieving revision 1.10
diff -u -r1.9 -r1.10
--- nss_engine_config.c 3 Oct 2005 14:59:26 -0000 1.9
+++ nss_engine_config.c 2 Mar 2006 19:21:54 -0000 1.10
@@ -80,6 +80,9 @@
mctx->enforce = PR_TRUE;
mctx->nickname = NULL;
+#ifdef NSS_ENABLE_ECC
+ mctx->eccnickname = NULL;
+#endif
mctx->servercert = NULL;
mctx->serverkey = NULL;
@@ -162,6 +165,9 @@
cfgMerge(auth.verify_mode, SSL_CVERIFY_UNSET);
cfgMerge(nickname, NULL);
+#ifdef NSS_ENABLE_ECC
+ cfgMerge(eccnickname, NULL);
+#endif
cfgMerge(enforce, PR_TRUE);
}
@@ -416,6 +422,19 @@
return NULL;
}
+#ifdef NSS_ENABLE_ECC
+const char *nss_cmd_NSSECCNickname(cmd_parms *cmd,
+ void *dcfg,
+ const char *arg)
+{
+ SSLSrvConfigRec *sc = mySrvConfig(cmd->server);
+
+ sc->server->eccnickname = arg;
+
+ return NULL;
+}
+#endif
+
const char *nss_cmd_NSSProxyEngine(cmd_parms *cmd, void *dcfg, int flag)
{
SSLSrvConfigRec *sc = mySrvConfig(cmd->server);
Index: nss_engine_init.c
===================================================================
RCS file: /cvs/dirsec/mod_nss/nss_engine_init.c,v
retrieving revision 1.16
retrieving revision 1.17
diff -u -r1.16 -r1.17
--- nss_engine_init.c 28 Oct 2005 18:20:01 -0000 1.16
+++ nss_engine_init.c 2 Mar 2006 19:21:54 -0000 1.17
@@ -60,6 +60,34 @@
/* AES ciphers.*/
{"rsa_aes_128_sha", TLS_RSA_WITH_AES_128_CBC_SHA, 0, SSL3 | TLS},
{"rsa_aes_256_sha", TLS_RSA_WITH_AES_256_CBC_SHA, 0, SSL3 | TLS},
+#ifdef NSS_ENABLE_ECC
+ /* ECC ciphers.*/
+ {"ecdh_ecdsa_null_sha", TLS_ECDH_ECDSA_WITH_NULL_SHA, 0, TLS},
+ {"ecdh_ecdsa_rc4_128_sha", TLS_ECDH_ECDSA_WITH_RC4_128_SHA, 0, TLS},
+ {"ecdh_ecdsa_3des_sha", TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, 0, TLS},
+ {"ecdh_ecdsa_aes_128_sha", TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, 0, TLS},
+ {"ecdh_ecdsa_aes_256_sha", TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, 0, TLS},
+ {"ecdhe_ecdsa_null_sha", TLS_ECDHE_ECDSA_WITH_NULL_SHA, 0, TLS},
+ {"ecdhe_ecdsa_rc4_128_sha", TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, 0, TLS},
+ {"ecdhe_ecdsa_3des_sha", TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, 0, TLS},
+ {"ecdhe_ecdsa_aes_128_sha", TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, 0, TLS},
+ {"ecdhe_ecdsa_aes_256_sha", TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, 0, TLS},
+ {"ecdh_rsa_null_sha", TLS_ECDH_RSA_WITH_NULL_SHA, 0, TLS},
+ {"ecdh_rsa_128_sha", TLS_ECDH_RSA_WITH_RC4_128_SHA, 0, TLS},
+ {"ecdh_rsa_3des_sha", TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, 0, TLS},
+ {"ecdh_rsa_aes_128_sha", TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, 0, TLS},
+ {"ecdh_rsa_aes_256_sha", TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, 0, TLS},
+ {"echde_rsa_null", TLS_ECDHE_RSA_WITH_NULL_SHA, 0, TLS},
+ {"ecdhe_rsa_rc4_128_sha", TLS_ECDHE_RSA_WITH_RC4_128_SHA, 0, TLS},
+ {"ecdhe_rsa_3des_sha", TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, 0, TLS},
+ {"ecdhe_rsa_aes_128_sha", TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, 0, TLS},
+ {"ecdhe_rsa_aes_256_sha", TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, 0, TLS},
+ {"ecdh_anon_null_sha", TLS_ECDH_anon_WITH_NULL_SHA, 0, TLS},
+ {"ecdh_anon_rc4_128sha", TLS_ECDH_anon_WITH_RC4_128_SHA, 0, TLS},
+ {"ecdh_anon_3des_sha", TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA, 0, TLS},
+ {"ecdh_anon_aes_128_sha", TLS_ECDH_anon_WITH_AES_128_CBC_SHA, 0, TLS},
+ {"ecdh_anon_aes_256_sha", TLS_ECDH_anon_WITH_AES_256_CBC_SHA, 0, TLS},
+#endif
};
static char *version_components[] = {
@@ -722,7 +750,11 @@
apr_pool_t *ptemp,
modnss_ctx_t *mctx)
{
- if (mctx->servercert != NULL || mctx->serverkey != NULL) {
+#ifdef NSS_ENABLE_ECC
+ if (mctx->servercert != NULL || mctx->eccservercert != NULL) {
+#else
+ if (mctx->servercert != NULL) {
+#endif
ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
"Illegal attempt to re-initialise SSL for server "
"(theoretically shouldn't happen!)");
@@ -749,58 +781,50 @@
nss_init_ctx_cipher_suite(s, p, ptemp, mctx);
}
-static void nss_init_server_certs(server_rec *s,
- apr_pool_t *p,
- apr_pool_t *ptemp,
- modnss_ctx_t *mctx)
+static void nss_init_certificate(server_rec *s, const char *nickname,
+ CERTCertificate **servercert,
+ SECKEYPrivateKey **serverkey,
+ SSLKEAType *KEAtype,
+ PRFileDesc *model,
+ int enforce)
{
SECCertTimeValidity certtimestatus;
SECStatus secstatus;
PK11SlotInfo* slot = NULL;
-
- /*
- * Get own certificate and private key.
- */
- if (mctx->nickname == NULL && mctx->as_server) {
- ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
- "No certificate nickname provided.");
- nss_die();
+ if (nickname == NULL) {
+ return;
}
- if (mctx->nickname != NULL) {
- ap_log_error(APLOG_MARK, APLOG_INFO, 0, s,
- "Using nickname %s.", mctx->nickname);
- mctx->servercert = FindServerCertFromNickname(mctx->nickname);
- }
+ ap_log_error(APLOG_MARK, APLOG_INFO, 0, s,
+ "Using nickname %s.", nickname);
+
+ *servercert = FindServerCertFromNickname(nickname);
/* Verify the certificate chain. */
- if (mctx->servercert != NULL && mctx->as_server) {
+ if (*servercert != NULL) {
SECCertificateUsage usage = certificateUsageSSLServer;
- if (CERT_VerifyCertificateNow(CERT_GetDefaultCertDB(), mctx->servercert, PR_TRUE, usage, NULL, NULL) != SECSuccess) {
+ if (CERT_VerifyCertificateNow(CERT_GetDefaultCertDB(), *servercert, PR_TRUE, usage, NULL, NULL) != SECSuccess) {
ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
- "Certificate not verified: '%s'", mctx->nickname);
+ "Certificate not verified: '%s'", nickname);
nss_log_nss_error(APLOG_MARK, APLOG_ERR, s);
- if (mctx->enforce) {
+ if (enforce) {
ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
- "Unable to verify certificate '%s'. Add \"NSSEnforceValidCerts off\" to nss.conf so the server can start until the problem can be resolved.", mctx->nickname);
+ "Unable to verify certificate '%s'. Add \"NSSEnforceValidCerts off\" to nss.conf so the server can start until the problem can be resolved.", nickname);
nss_die();
}
}
- }
-
- if (NULL == mctx->servercert && mctx->as_server)
- {
+ } else {
ap_log_error(APLOG_MARK, APLOG_INFO, 0, s,
- "Certificate not found: '%s'", mctx->nickname);
+ "Certificate not found: '%s'", nickname);
nss_die();
}
- if (mctx->nickname && strchr(mctx->nickname, ':'))
+ if (strchr(nickname, ':'))
{
- char* token = strdup(mctx->nickname);
+ char* token = strdup(nickname);
char* colon = strchr(token, ':');
if (colon) {
*colon = 0;
@@ -822,21 +846,19 @@
else {
slot = PK11_GetInternalKeySlot();
}
-
- if (mctx->servercert) {
- mctx->serverkey = PK11_FindPrivateKeyFromCert(slot, mctx->servercert, NULL);
- }
+
+ *serverkey = PK11_FindPrivateKeyFromCert(slot, *servercert, NULL);
+
PK11_FreeSlot(slot);
- if (mctx->as_server && mctx->serverkey == NULL) {
+ if (*serverkey == NULL) {
ap_log_error(APLOG_MARK, APLOG_INFO, 0, s,
- "Key not found for: '%s'", mctx->nickname);
+ "Key not found for: '%s'", nickname);
nss_log_nss_error(APLOG_MARK, APLOG_ERR, s);
nss_die();
}
- if (mctx->as_server) {
- mctx->serverKEAType = NSS_FindCertKEAType(mctx->servercert);
+ *KEAtype = NSS_FindCertKEAType(*servercert);
/*
* Check for certs that are expired or not yet valid and WARN about it
@@ -846,7 +868,7 @@
* for every virtual server - too expensive?
*/
- certtimestatus = CERT_CheckCertValidTimes(mctx->servercert, PR_Now(), PR_FALSE);
+ certtimestatus = CERT_CheckCertValidTimes(*servercert, PR_Now(), PR_FALSE);
switch (certtimestatus)
{
case secCertTimeValid:
@@ -854,35 +876,69 @@
break;
case secCertTimeExpired:
ap_log_error(APLOG_MARK, APLOG_INFO, 0, s,
- "Server certificate is expired: '%s'", mctx->nickname);
+ "Server certificate is expired: '%s'", nickname);
break;
case secCertTimeNotValidYet:
ap_log_error(APLOG_MARK, APLOG_INFO, 0, s,
- "Certificate is not valid yet '%s'", mctx->nickname);
+ "Certificate is not valid yet '%s'", nickname);
default:
ap_log_error(APLOG_MARK, APLOG_INFO, 0, s,
- "Unhandled Certificate time type %d for: '%s'", certtimestatus, mctx->nickname);
+ "Unhandled Certificate time type %d for: '%s'", certtimestatus, nickname);
break;
}
- }
- secstatus = (SECStatus)SSL_SetPKCS11PinArg(mctx->model, NULL);
+ secstatus = SSL_ConfigSecureServer(model, *servercert, *serverkey, *KEAtype);
if (secstatus != SECSuccess) {
ap_log_error(APLOG_MARK, APLOG_INFO, 0, s,
- "Error setting PKCS11 pin argument: '%s'", mctx->nickname);
+ "SSL error configuring server: '%s'", nickname);
+ nss_log_nss_error(APLOG_MARK, APLOG_ERR, s);
nss_die();
}
-
+}
+
+
+static void nss_init_server_certs(server_rec *s,
+ apr_pool_t *p,
+ apr_pool_t *ptemp,
+ modnss_ctx_t *mctx)
+{
+ SECCertTimeValidity certtimestatus;
+ SECStatus secstatus;
+
+ PK11SlotInfo* slot = NULL;
+
+ /*
+ * Get own certificate and private key.
+ */
if (mctx->as_server) {
- secstatus = SSL_ConfigSecureServer(mctx->model, mctx->servercert, mctx->serverkey, mctx->serverKEAType);
- if (secstatus != SECSuccess) {
- ap_log_error(APLOG_MARK, APLOG_INFO, 0, s,
- "SSL error configuring server: '%s'", mctx->nickname);
- nss_log_nss_error(APLOG_MARK, APLOG_ERR, s);
+#ifdef NSS_ENABLE_ECC
+ if (mctx->nickname == NULL && mctx->eccnickname == NULL)
+#else
+ if (mctx->nickname == NULL)
+#endif
+ {
+ ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
+ "No certificate nickname provided.");
nss_die();
}
+
+ nss_init_certificate(s, mctx->nickname, &mctx->servercert,
+ &mctx->serverkey, &mctx->serverKEAType,
+ mctx->model, mctx->enforce);
+#ifdef NSS_ENABLE_ECC
+ nss_init_certificate(s, mctx->eccnickname, &mctx->eccservercert,
+ &mctx->eccserverkey, &mctx->eccserverKEAType,
+ mctx->model, mctx->enforce);
+#endif
}
+ secstatus = (SECStatus)SSL_SetPKCS11PinArg(mctx->model, NULL);
+ if (secstatus != SECSuccess) {
+ ap_log_error(APLOG_MARK, APLOG_INFO, 0, s,
+ "Error setting PKCS11 pin argument: '%s'", mctx->nickname);
+ nss_die();
+ }
+
secstatus = (SECStatus)SSL_HandshakeCallback(mctx->model, (SSLHandshakeCallback)NSSHandshakeCallback, NULL);
if (secstatus != SECSuccess)
{
@@ -958,8 +1014,16 @@
sc = mySrvConfig(s);
if (sc->enabled) {
- CERT_DestroyCertificate(sc->server->servercert);
- SECKEY_DestroyPrivateKey(sc->server->serverkey);
+ if (sc->server->nickname) {
+ CERT_DestroyCertificate(sc->server->servercert);
+ SECKEY_DestroyPrivateKey(sc->server->serverkey);
+ }
+#ifdef NSS_ENABLE_ECC
+ if (sc->server->eccnickname) {
+ CERT_DestroyCertificate(sc->server->eccservercert);
+ SECKEY_DestroyPrivateKey(sc->server->eccserverkey);
+ }
+#endif
/* Closing this implicitly cleans up the copy of the certificates
* and keys associated with any SSL socket */
Index: nss_engine_io.c
===================================================================
RCS file: /cvs/dirsec/mod_nss/nss_engine_io.c,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -r1.4 -r1.5
--- nss_engine_io.c 29 Sep 2005 19:36:10 -0000 1.4
+++ nss_engine_io.c 2 Mar 2006 19:21:54 -0000 1.5
@@ -652,7 +652,7 @@
conn_rec *c = filter_ctx->c;
SSLConnRec *sslconn = myConnConfig(c);
- ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, NULL,
+ ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, c->base_server,
"SSL connection destroyed without being closed");
PR_Close(sslconn->ssl);
@@ -859,7 +859,7 @@
filter_ctx->nobuffer = 1;
status = nss_filter_io_shutdown(filter_ctx, f->c, 0);
if (status != APR_SUCCESS) {
- ap_log_error(APLOG_MARK, APLOG_INFO, status, NULL,
+ ap_log_error(APLOG_MARK, APLOG_INFO, status, f->c->base_server,
"SSL filter error shutting down I/O");
}
if ((status = ap_pass_brigade(f->next, bb)) != APR_SUCCESS) {
Index: nss_engine_kernel.c
===================================================================
RCS file: /cvs/dirsec/mod_nss/nss_engine_kernel.c,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- nss_engine_kernel.c 31 May 2005 14:32:42 -0000 1.3
+++ nss_engine_kernel.c 2 Mar 2006 19:21:54 -0000 1.4
@@ -446,6 +446,9 @@
"Performing full renegotiation: "
"complete handshake protocol");
+ /* Do NOT call SSL_ResetHandshake as this will tear down the
+ * existing connection.
+ */
if (SSL_HandshakeCallback(ssl, HandshakeDone, (void *)&handshake_done) || SSL_ReHandshake(ssl, PR_TRUE)) {
int errCode = PR_GetError();
if (errCode == SEC_ERROR_INVALID_ARGS) {
@@ -461,7 +464,7 @@
return HTTP_FORBIDDEN;
}
- ap_log_error(APLOG_MARK, APLOG_INFO, 0, r->server,
+ ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
"Awaiting re-negotiation handshake");
while (!handshake_done) {
@@ -500,7 +503,9 @@
"Re-negotiation handshake failed: "
"Not accepted by client!?");
+#if 0
r->connection->aborted = 1;
+#endif
return HTTP_FORBIDDEN;
}
}
@@ -724,6 +729,7 @@
"SSL_VERSION_LIBRARY",
"SSL_PROTOCOL",
"SSL_CIPHER",
+ "SSL_CIPHER_NAME",
"SSL_CIPHER_EXPORT",
"SSL_CIPHER_USEKEYSIZE",
"SSL_CIPHER_ALGKEYSIZE",
Index: nss_engine_vars.c
===================================================================
RCS file: /cvs/dirsec/mod_nss/nss_engine_vars.c,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -r1.4 -r1.5
--- nss_engine_vars.c 4 Jan 2006 22:07:58 -0000 1.4
+++ nss_engine_vars.c 2 Mar 2006 19:21:54 -0000 1.5
@@ -363,10 +363,10 @@
if (SSL_GetCipherSuiteInfo(channel.cipherSuite,
&suite, sizeof suite) == SECSuccess)
{
- result = apr_psprintf(p, "%s", suite.keaTypeName);
+ result = apr_psprintf(p, "%s_%s", suite.keaTypeName, suite.authAlgorithmName);
}
} else
- result = apr_pstrdup(p, "UNKNOWN");
+ result = apr_pstrdup(p, "UNKNOWN_UNKNOWN");
resdup = FALSE;
}
@@ -582,6 +582,25 @@
result = apr_psprintf(p, "%d", keySize);
resdup = FALSE;
}
+ else if (strcEQ(var, "_NAME")) {
+ SSLChannelInfo channel;
+ SSLCipherSuiteInfo suite;
+ SSLConnRec *sslconn = myConnConfig(c);
+
+ if (SSL_GetChannelInfo(sslconn->ssl, &channel, sizeof channel) ==
+ SECSuccess && channel.length == sizeof channel &&
+ channel.cipherSuite)
+ {
+ if (SSL_GetCipherSuiteInfo(channel.cipherSuite,
+ &suite, sizeof suite) == SECSuccess)
+ {
+ result = apr_psprintf(p, "%s", suite.cipherSuiteName);
+ }
+ } else
+ result = apr_pstrdup(p, "UNKNOWN");
+
+ resdup = FALSE;
+ }
if (result != NULL && resdup)
result = apr_pstrdup(p, result);
From fedora-directory-commits at redhat.com Thu Mar 2 22:57:27 2006
From: fedora-directory-commits at redhat.com (Noriko Hosoi (nhosoi))
Date: Thu, 2 Mar 2006 17:57:27 -0500
Subject: [Fedora-directory-commits] setuputil nsdefs.mk,1.6,1.7
Message-ID: <200603022257.k22MvRUT006365@cvs-int.fedora.redhat.com>
Author: nhosoi
Update of /cvs/dirsec/setuputil
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv6220
Modified Files:
nsdefs.mk
Log Message:
replace nsperl with the system perl on non-Linux platforms
Index: nsdefs.mk
===================================================================
RCS file: /cvs/dirsec/setuputil/nsdefs.mk,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- nsdefs.mk 15 Feb 2006 22:51:00 -0000 1.6
+++ nsdefs.mk 2 Mar 2006 22:57:15 -0000 1.7
@@ -221,12 +221,7 @@
ZIP=$(ZIPDIR)/zip.exe
UNZIP = $(ZIPDIR)/unzip.exe -o
else
- ifeq ($(BUILD_ARCH), Linux)
- PERL=perl
- else
- NSPERL_RELDATE :=20020626
- PERL=/share/builds/sbstools/nsPerl/$(NSPERL_RELDATE)/$(NSOBJDIR_NAME_32)/nsperl
- endif
+ PERL=perl
ifeq ($(TMP_ARCH), SunOS)
NSOS_TEST1 := $(shell uname -m)
ifeq ($(NSOS_TEST1), i86pc)
From fedora-directory-commits at redhat.com Fri Mar 3 15:24:22 2006
From: fedora-directory-commits at redhat.com (Robert Crittenden (rcritten))
Date: Fri, 3 Mar 2006 10:24:22 -0500
Subject: [Fedora-directory-commits] mod_nss configure, 1.15,
1.16 configure.in, 1.11, 1.12 aclocal.m4, 1.9,
1.10 Makefile.in, 1.18, 1.19 Makefile.am, 1.11, 1.12
Message-ID: <200603031524.k23FOM5l013707@cvs-int.fedora.redhat.com>
Author: rcritten
Update of /cvs/dirsec/mod_nss
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv13682
Modified Files:
configure configure.in aclocal.m4 Makefile.in Makefile.am
Log Message:
force checkin of autoconf files
From fedora-directory-commits at redhat.com Fri Mar 3 19:07:00 2006
From: fedora-directory-commits at redhat.com (Noriko Hosoi (nhosoi))
Date: Fri, 3 Mar 2006 14:07:00 -0500
Subject: [Fedora-directory-commits] ldapserver/ldap/cm Makefile, 1.30.2.16,
1.30.2.17 fedora-patch.inf, 1.1.2.9, 1.1.2.10 redhat-patch.inf,
1.1.2.9, 1.1.2.10
Message-ID: <200603031907.k23J70sQ024052@cvs-int.fedora.redhat.com>
Author: nhosoi
Update of /cvs/dirsec/ldapserver/ldap/cm
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv24010/ldap/cm
Modified Files:
Tag: Directory71RtmBranch
Makefile fedora-patch.inf redhat-patch.inf
Log Message:
[183717] Admin Server - wrong ELF class
Package 32-bit LDAP C SDK libraries for the Admin Server.
Index: Makefile
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/cm/Makefile,v
retrieving revision 1.30.2.16
retrieving revision 1.30.2.17
diff -u -r1.30.2.16 -r1.30.2.17
--- Makefile 22 Feb 2006 03:08:49 -0000 1.30.2.16
+++ Makefile 3 Mar 2006 19:06:50 -0000 1.30.2.17
@@ -715,7 +715,7 @@
ifdef BUILD_PATCH
# take care of files in components (e.g., a file in nsadmin.zip)
- at for pair in `grep "^compfile:" $(PATCHINF) | awk '{print $$3}'`; do \
- zipfile=`echo $$pair | awk -F: '{print $$1}' | sed -e "s/%DISTDIR%/$(ESCAPED_ABS_DISTDIR)\/$(NSOBJDIR_NAME)/"` ; \
+ zipfile=`echo $$pair | awk -F: '{print $$1}' | sed -e "s/%DISTDIR32%/$(ESCAPED_ABS_DISTDIR)\/$(NSOBJDIR_NAME)\/shared32/" | sed -e "s/%DISTDIR%/$(ESCAPED_ABS_DISTDIR)\/$(NSOBJDIR_NAME)/"` ; \
afile=`echo $$pair | awk -F: '{print $$2}'` ; \
cd $(ABSRELDIR)/slapd/$(NS_BUILD_FLAVOR); $(UNZIP) -o $$zipfile $$afile ; \
done
@@ -723,7 +723,7 @@
# copying files from the component area
- at for pair in `grep "^copyfile:" $(PATCHINF) | awk '{print $$3}'`; do \
zipfile=`echo $$pair | awk -F: '{print $$1}'` ; \
- sfile=`echo $$pair | awk -F: '{print $$2}' | sed -e "s/%DISTDIR%/$(ESCAPED_ABS_DISTDIR)\/$(NSOBJDIR_NAME)/"` ; \
+ sfile=`echo $$pair | awk -F: '{print $$2}' | sed -e "s/%DISTDIR32%/$(ESCAPED_ABS_DISTDIR)\/$(NSOBJDIR_NAME)\/shared32/" | sed -e "s/%DISTDIR%/$(ESCAPED_ABS_DISTDIR)\/$(NSOBJDIR_NAME)/"` ; \
dfile=`echo $$pair | awk -F: '{print $$3}'` ; \
cd $(ABSRELDIR)/slapd/$(NS_BUILD_FLAVOR); \
mkdir -p `dirname $$dfile`; cp $$sfile `dirname $$dfile` ; \
Index: fedora-patch.inf
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/cm/fedora-patch.inf,v
retrieving revision 1.1.2.9
retrieving revision 1.1.2.10
diff -u -r1.1.2.9 -r1.1.2.10
--- fedora-patch.inf 21 Feb 2006 21:38:05 -0000 1.1.2.9
+++ fedora-patch.inf 3 Mar 2006 19:06:50 -0000 1.1.2.10
@@ -41,6 +41,7 @@
# file: bug#:
# compfile: bug#: :
# %DISTDIR% points /dist/
+# %DISTDIR32% points /dist//shared32
#
base: ...
@@ -75,11 +76,11 @@
file: M324525,M324529: clients/lib/libprldap50.*
file: M324525,M324529: clients/lib/libssldap50.*
-copyfile: M324525,M324529: admin/nsadmin.zip:%DISTDIR%/ldapsdk/lib/libldap50.*:bin/https/lib/libldap50.*
-copyfile: M324525,M324529: admin/nsadmin.zip:%DISTDIR%/ldapsdk/lib/libprldap50.*:bin/https/lib/libprldap50.*
-copyfile: M324525,M324529: admin/nsadmin.zip:%DISTDIR%/ldapsdk/lib/libssldap50.*:bin/https/lib/libssldap50.*
-copyfile: M324525,M324529: admin/nsadmin.zip:%DISTDIR%/ldapsdk/lib/libldap50.*:bin/admin/lib/libldap50.*
-copyfile: M324525,M324529: admin/nsadmin.zip:%DISTDIR%/ldapsdk/lib/libprldap50.*:bin/admin/lib/libprldap50.*
-copyfile: M324525,M324529: admin/nsadmin.zip:%DISTDIR%/ldapsdk/lib/libssldap50.*:bin/admin/lib/libssldap50.*
+copyfile: M324525,M324529: admin/nsadmin.zip:%DISTDIR32%/lib/libldap50.*:bin/https/lib/libldap50.*
+copyfile: M324525,M324529: admin/nsadmin.zip:%DISTDIR32%/lib/libprldap50.*:bin/https/lib/libprldap50.*
+copyfile: M324525,M324529: admin/nsadmin.zip:%DISTDIR32%/lib/libssldap50.*:bin/https/lib/libssldap50.*
+copyfile: M324525,M324529: admin/nsadmin.zip:%DISTDIR32%/lib/libldap50.*:bin/admin/lib/libldap50.*
+copyfile: M324525,M324529: admin/nsadmin.zip:%DISTDIR32%/lib/libprldap50.*:bin/admin/lib/libprldap50.*
+copyfile: M324525,M324529: admin/nsadmin.zip:%DISTDIR32%/lib/libssldap50.*:bin/admin/lib/libssldap50.*
compfile: 171306: %DISTDIR%/admserv/admin/nsadmin.zip:manual/help/help
Index: redhat-patch.inf
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/cm/redhat-patch.inf,v
retrieving revision 1.1.2.9
retrieving revision 1.1.2.10
diff -u -r1.1.2.9 -r1.1.2.10
--- redhat-patch.inf 21 Feb 2006 21:38:05 -0000 1.1.2.9
+++ redhat-patch.inf 3 Mar 2006 19:06:50 -0000 1.1.2.10
@@ -41,6 +41,7 @@
# file: bug#:
# compfile: bug#: :
# %DISTDIR% points /dist/
+# %DISTDIR32% points /dist//shared32
#
base: /share/builds/products/server/directry/7.1
@@ -75,11 +76,11 @@
file: M324525,M324529: clients/lib/libprldap50.*
file: M324525,M324529: clients/lib/libssldap50.*
-copyfile: M324525,M324529: admin/nsadmin.zip:%DISTDIR%/ldapsdk/lib/libldap50.*:bin/https/lib/libldap50.*
-copyfile: M324525,M324529: admin/nsadmin.zip:%DISTDIR%/ldapsdk/lib/libprldap50.*:bin/https/lib/libprldap50.*
-copyfile: M324525,M324529: admin/nsadmin.zip:%DISTDIR%/ldapsdk/lib/libssldap50.*:bin/https/lib/libssldap50.*
-copyfile: M324525,M324529: admin/nsadmin.zip:%DISTDIR%/ldapsdk/lib/libldap50.*:bin/admin/lib/libldap50.*
-copyfile: M324525,M324529: admin/nsadmin.zip:%DISTDIR%/ldapsdk/lib/libprldap50.*:bin/admin/lib/libprldap50.*
-copyfile: M324525,M324529: admin/nsadmin.zip:%DISTDIR%/ldapsdk/lib/libssldap50.*:bin/admin/lib/libssldap50.*
+copyfile: M324525,M324529: admin/nsadmin.zip:%DISTDIR32%/lib/libldap50.*:bin/https/lib/libldap50.*
+copyfile: M324525,M324529: admin/nsadmin.zip:%DISTDIR32%/lib/libprldap50.*:bin/https/lib/libprldap50.*
+copyfile: M324525,M324529: admin/nsadmin.zip:%DISTDIR32%/lib/libssldap50.*:bin/https/lib/libssldap50.*
+copyfile: M324525,M324529: admin/nsadmin.zip:%DISTDIR32%/lib/libldap50.*:bin/admin/lib/libldap50.*
+copyfile: M324525,M324529: admin/nsadmin.zip:%DISTDIR32%/lib/libprldap50.*:bin/admin/lib/libprldap50.*
+copyfile: M324525,M324529: admin/nsadmin.zip:%DISTDIR32%/lib/libssldap50.*:bin/admin/lib/libssldap50.*
compfile: 171306: %DISTDIR%/admserv/admin/nsadmin.zip:manual/help/help
From fedora-directory-commits at redhat.com Fri Mar 3 19:06:52 2006
From: fedora-directory-commits at redhat.com (Noriko Hosoi (nhosoi))
Date: Fri, 3 Mar 2006 14:06:52 -0500
Subject: [Fedora-directory-commits] ldapserver internal_comp_deps.mk,
1.24.2.1, 1.24.2.2
Message-ID: <200603031907.k23J7Mtd024063@cvs-int.fedora.redhat.com>
Author: nhosoi
Update of /cvs/dirsec/ldapserver
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv24010
Modified Files:
Tag: Directory71RtmBranch
internal_comp_deps.mk
Log Message:
[183717] Admin Server - wrong ELF class
Package 32-bit LDAP C SDK libraries for the Admin Server.
Index: internal_comp_deps.mk
===================================================================
RCS file: /cvs/dirsec/ldapserver/internal_comp_deps.mk,v
retrieving revision 1.24.2.1
retrieving revision 1.24.2.2
diff -u -r1.24.2.1 -r1.24.2.2
--- internal_comp_deps.mk 15 Feb 2006 21:32:16 -0000 1.24.2.1
+++ internal_comp_deps.mk 3 Mar 2006 19:06:22 -0000 1.24.2.2
@@ -132,6 +132,12 @@
# do not need redundant copy of nssckbi
NSS32_NSPR32_SRC_LIBS = $(filter-out $(SHARED32_BUILD_DIR)/lib/$(NSSCKBI32_FILE),$(wildcard $(SHARED32_BUILD_DIR)/lib/*))
PACKAGE_SRC_DEST += $(addsuffix $(SPACE)shared32/lib,$(NSS32_NSPR32_SRC_LIBS))
+
+ifdef BUILD_PATCH
+# need 32-bit LDAP C SDK libs for SP2
+ LDAPSDK32_IMPORT = $(subst $(NS64TAG),,$(LDAP_RELEASE))
+ LDAPSDK32_PULLFILES = lib/$(LIB_PREFIX)$(subst $(SPACE),$(COMMA)lib/$(LIB_PREFIX),$(addsuffix .$(DLL_SUFFIX),$(LDAP_SOLIB_NAMES)))
+endif # BUILD_PATCH
endif # USE_64
ifdef VSFTPD_HACK
@@ -168,7 +174,12 @@
$(FTP_PULL) -method $(SECURITY_PULL_METHOD) \
-objdir $(SHARED32_BUILD_DIR) -componentdir $(NSS32_IMPORT) \
-files $(subst $(SPACE),$(COMMA),$(NSS32_PULLFILES))
- mv $(SHARED32_BUILD_DIR)/lib/$(NSSCKBI_FILE) $(SHARED32_BUILD_DIR)/lib/$(NSSCKBI32_FILE)
+ifdef BUILD_PATCH
+ $(FTP_PULL) -method $(LDAPSDK_PULL_METHOD) \
+ -objdir $(SHARED32_BUILD_DIR) -componentdir $(LDAPSDK32_IMPORT) \
+ -files $(subst $(SPACE),$(COMMA),$(LDAPSDK32_PULLFILES))
+endif
+ mv -f $(SHARED32_BUILD_DIR)/lib/$(NSSCKBI_FILE) $(SHARED32_BUILD_DIR)/lib/$(NSSCKBI32_FILE)
endif # USE_64
endif # COMPONENT_DEPS
- at if [ ! -f $@ ] ; \
From fedora-directory-commits at redhat.com Fri Mar 3 20:16:48 2006
From: fedora-directory-commits at redhat.com (Richard Allen Megginson (rmeggins))
Date: Fri, 3 Mar 2006 15:16:48 -0500
Subject: [Fedora-directory-commits] mod_admserv mod_admserv.c,1.21,1.22
Message-ID: <200603032016.k23KGnbF026709@cvs-int.fedora.redhat.com>
Author: rmeggins
Update of /cvs/dirsec/mod_admserv
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv26683
Modified Files:
mod_admserv.c
Log Message:
Bug(s) fixed: 183925
Bug Description: nsAdminAccessAddresses not working
Reviewed by: one line commit rule
Fix Description: The comparison was reversed so that if the match is successful the access is allowed.
Platforms tested: Fedora Core 4
Flag Day: no
Doc impact: no
QA impact: should be covered by regular nightly and manual testing
New Tests integrated into TET: none
Index: mod_admserv.c
===================================================================
RCS file: /cvs/dirsec/mod_admserv/mod_admserv.c,v
retrieving revision 1.21
retrieving revision 1.22
diff -u -r1.21 -r1.22
--- mod_admserv.c 1 Mar 2006 18:43:51 -0000 1.21
+++ mod_admserv.c 3 Mar 2006 20:16:38 -0000 1.22
@@ -1913,7 +1913,7 @@
if (accessAddresses && *accessAddresses) {
int matchflags = APR_FNM_PERIOD;
apr_status_t rc = admserv_match_list(apr_pstrdup(r->pool, accessAddresses), clientIP, matchflags);
- if (rc == APR_SUCCESS) {
+ if (rc != APR_SUCCESS) {
} else {
return DECLINED;
}
From fedora-directory-commits at redhat.com Mon Mar 6 20:00:54 2006
From: fedora-directory-commits at redhat.com (Richard Allen Megginson (rmeggins))
Date: Mon, 6 Mar 2006 15:00:54 -0500
Subject: [Fedora-directory-commits] ldapserver/ldap/servers/slapd pw.c, 1.9,
1.10
Message-ID: <200603062000.k26K0s4p007367@cvs-int.fedora.redhat.com>
Author: rmeggins
Update of /cvs/dirsec/ldapserver/ldap/servers/slapd
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv7325
Modified Files:
pw.c
Log Message:
Bug(s) fixed: 179723
Bug Description: crash after succesful pwdchange via ldappasswd
Reviewed by: Pete, Nathan (Thanks!)
Fix Description: The passwd_extop code does an internal operation to
change the password. Some of this code is only intended to be called
for external operations where you have a conn structure. The one place
in particular which caused this bug is in update_pw_info, where it is
only triggered if you must change the password or password expiration is
in effect. The fix is to just check to see if the pb_conn is not null.
Platforms tested: Fedora Core 4
Flag Day: no
Doc impact: no
Index: pw.c
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/pw.c,v
retrieving revision 1.9
retrieving revision 1.10
diff -u -r1.9 -r1.10
--- pw.c 25 Jan 2006 16:51:39 -0000 1.9
+++ pw.c 6 Mar 2006 20:00:47 -0000 1.10
@@ -647,8 +647,10 @@
pw_apply_mods(dn, &smods);
slapi_mods_done(&smods);
- /* reset c_needpw to 0 */
- pb->pb_conn->c_needpw = 0;
+ if (pb->pb_conn) { /* no conn for internal op */
+ /* reset c_needpw to 0 */
+ pb->pb_conn->c_needpw = 0;
+ }
return 0;
}
From fedora-directory-commits at redhat.com Mon Mar 6 20:02:14 2006
From: fedora-directory-commits at redhat.com (Richard Allen Megginson (rmeggins))
Date: Mon, 6 Mar 2006 15:02:14 -0500
Subject: [Fedora-directory-commits] ldapserver/ldap/servers/slapd
passwd_extop.c, 1.7, 1.8
Message-ID: <200603062002.k26K2Eod009368@cvs-int.fedora.redhat.com>
Author: rmeggins
Update of /cvs/dirsec/ldapserver/ldap/servers/slapd
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv9313
Modified Files:
passwd_extop.c
Log Message:
Bug(s) fixed: 179723
Bug Description: crash after succesful pwdchange via ldappasswd
Reviewed by: Pete, Nathan (Thanks!)
Fix Description: The passwd_extop code does an internal operation to
change the password. Some of this code is only intended to be called
for external operations where you have a conn structure. The one place
in particular which caused this bug is in update_pw_info, where it is
only triggered if you must change the password or password expiration is
in effect. The fix is to just check to see if the pb_conn is not null.
Platforms tested: Fedora Core 4
Flag Day: no
Doc impact: no
Index: passwd_extop.c
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/passwd_extop.c,v
retrieving revision 1.7
retrieving revision 1.8
diff -u -r1.7 -r1.8
--- passwd_extop.c 15 Feb 2006 21:22:46 -0000 1.7
+++ passwd_extop.c 6 Mar 2006 20:02:06 -0000 1.8
@@ -135,7 +135,6 @@
static int passwd_apply_mods(const char *dn, Slapi_Mods *mods)
{
Slapi_PBlock pb;
- Slapi_Operation *operation= NULL;
int ret=0;
LDAPDebug( LDAP_DEBUG_TRACE, "=> passwd_apply_mods\n", 0, 0, 0 );
@@ -150,9 +149,6 @@
pw_get_componentID(), /* PluginID */
0); /* Flags */
- /* Plugin operations are INTERNAL by default, bypass it to enforce ACL checks */
- slapi_pblock_get (&pb, SLAPI_OPERATION, &operation);
-
ret =slapi_modify_internal_pb (&pb);
slapi_pblock_get(&pb, SLAPI_PLUGIN_INTOP_RESULT, &ret);
From fedora-directory-commits at redhat.com Tue Mar 7 00:52:16 2006
From: fedora-directory-commits at redhat.com (Noriko Hosoi (nhosoi))
Date: Mon, 6 Mar 2006 19:52:16 -0500
Subject: [Fedora-directory-commits] ldapserver/ldap/cm Makefile, 1.30.2.17,
1.30.2.18 fedora-patch.inf, 1.1.2.10,
1.1.2.11 redhat-patch.inf, 1.1.2.10, 1.1.2.11
Message-ID: <200603070052.k270qGWZ019682@cvs-int.fedora.redhat.com>
Author: nhosoi
Update of /cvs/dirsec/ldapserver/ldap/cm
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv19602
Modified Files:
Tag: Directory71RtmBranch
Makefile fedora-patch.inf redhat-patch.inf
Log Message:
[183717] Admin Server - wrong ELF class
Should have treated the 32-bit build and 64-bit in the different way:
32-bit -- copy from dist// (e.g., dist/SunOS5.9_OPT.OBJ/ldapsdk)
64-bit -- copy from dist//shared32 (e.g., dist/SunOS5.9_64_OPT.OBJ/shared32)
Index: Makefile
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/cm/Makefile,v
retrieving revision 1.30.2.17
retrieving revision 1.30.2.18
diff -u -r1.30.2.17 -r1.30.2.18
--- Makefile 3 Mar 2006 19:06:50 -0000 1.30.2.17
+++ Makefile 7 Mar 2006 00:52:08 -0000 1.30.2.18
@@ -233,6 +233,14 @@
ifdef BUILD_PATCH
PATCHINSTDIR = $(ABS_INSTDIR)-SP
SLAPDSP = slapd-71sp2
+PATCH_DISTDIR=$(ESCAPED_ABS_DISTDIR)\/$(NSOBJDIR_NAME)
+ifeq ($(USE_64), 1)
+ PATCH_DISTDIR32=$(ESCAPED_ABS_DISTDIR)\/$(NSOBJDIR_NAME)\/shared32
+ PATCH_LDAPSDK=
+else
+ PATCH_DISTDIR32=$(PATCH_DISTDIR)
+ PATCH_LDAPSDK=ldapsdk
+endif
endif
INST_TARGET_RESKIT=$(INSTDIR)/reskit
@@ -714,16 +722,18 @@
ifdef BUILD_PATCH
# take care of files in components (e.g., a file in nsadmin.zip)
+ @echo compfile...
- at for pair in `grep "^compfile:" $(PATCHINF) | awk '{print $$3}'`; do \
- zipfile=`echo $$pair | awk -F: '{print $$1}' | sed -e "s/%DISTDIR32%/$(ESCAPED_ABS_DISTDIR)\/$(NSOBJDIR_NAME)\/shared32/" | sed -e "s/%DISTDIR%/$(ESCAPED_ABS_DISTDIR)\/$(NSOBJDIR_NAME)/"` ; \
+ zipfile=`echo $$pair | awk -F: '{print $$1}' | sed -e "s/%DISTDIR32%/$(PATCH_DISTDIR32)/" | sed -e "s/%DISTDIR%/$(PATCH_DISTDIR)/"` ; \
afile=`echo $$pair | awk -F: '{print $$2}'` ; \
cd $(ABSRELDIR)/slapd/$(NS_BUILD_FLAVOR); $(UNZIP) -o $$zipfile $$afile ; \
done
# copying files from the component area
+ @echo copyfile...
- at for pair in `grep "^copyfile:" $(PATCHINF) | awk '{print $$3}'`; do \
zipfile=`echo $$pair | awk -F: '{print $$1}'` ; \
- sfile=`echo $$pair | awk -F: '{print $$2}' | sed -e "s/%DISTDIR32%/$(ESCAPED_ABS_DISTDIR)\/$(NSOBJDIR_NAME)\/shared32/" | sed -e "s/%DISTDIR%/$(ESCAPED_ABS_DISTDIR)\/$(NSOBJDIR_NAME)/"` ; \
+ sfile=`echo $$pair | awk -F: '{print $$2}' | sed -e "s/%DISTDIR32%/$(PATCH_DISTDIR32)/" | sed -e "s/%LDAPSDK%/$(PATCH_LDAPSDK)/" | sed -e "s/%DISTDIR%/$(PATCH_DISTDIR)/"` ; \
dfile=`echo $$pair | awk -F: '{print $$3}'` ; \
cd $(ABSRELDIR)/slapd/$(NS_BUILD_FLAVOR); \
mkdir -p `dirname $$dfile`; cp $$sfile `dirname $$dfile` ; \
Index: fedora-patch.inf
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/cm/fedora-patch.inf,v
retrieving revision 1.1.2.10
retrieving revision 1.1.2.11
diff -u -r1.1.2.10 -r1.1.2.11
--- fedora-patch.inf 3 Mar 2006 19:06:50 -0000 1.1.2.10
+++ fedora-patch.inf 7 Mar 2006 00:52:08 -0000 1.1.2.11
@@ -41,7 +41,10 @@
# file: bug#:
# compfile: bug#: :
# %DISTDIR% points /dist/
+# 64bit:
# %DISTDIR32% points /dist//shared32
+# 32it:
+# %DISTDIR32% points /dist/
#
base: ...
@@ -76,11 +79,11 @@
file: M324525,M324529: clients/lib/libprldap50.*
file: M324525,M324529: clients/lib/libssldap50.*
-copyfile: M324525,M324529: admin/nsadmin.zip:%DISTDIR32%/lib/libldap50.*:bin/https/lib/libldap50.*
-copyfile: M324525,M324529: admin/nsadmin.zip:%DISTDIR32%/lib/libprldap50.*:bin/https/lib/libprldap50.*
-copyfile: M324525,M324529: admin/nsadmin.zip:%DISTDIR32%/lib/libssldap50.*:bin/https/lib/libssldap50.*
-copyfile: M324525,M324529: admin/nsadmin.zip:%DISTDIR32%/lib/libldap50.*:bin/admin/lib/libldap50.*
-copyfile: M324525,M324529: admin/nsadmin.zip:%DISTDIR32%/lib/libprldap50.*:bin/admin/lib/libprldap50.*
-copyfile: M324525,M324529: admin/nsadmin.zip:%DISTDIR32%/lib/libssldap50.*:bin/admin/lib/libssldap50.*
+copyfile: M324525,M324529: admin/nsadmin.zip:%DISTDIR32%/%LDAPSDK%/lib/libldap50.*:bin/https/lib/libldap50.*
+copyfile: M324525,M324529: admin/nsadmin.zip:%DISTDIR32%/%LDAPSDK%/lib/libprldap50.*:bin/https/lib/libprldap50.*
+copyfile: M324525,M324529: admin/nsadmin.zip:%DISTDIR32%/%LDAPSDK%/lib/libssldap50.*:bin/https/lib/libssldap50.*
+copyfile: M324525,M324529: admin/nsadmin.zip:%DISTDIR32%/%LDAPSDK%/lib/libldap50.*:bin/admin/lib/libldap50.*
+copyfile: M324525,M324529: admin/nsadmin.zip:%DISTDIR32%/%LDAPSDK%/lib/libprldap50.*:bin/admin/lib/libprldap50.*
+copyfile: M324525,M324529: admin/nsadmin.zip:%DISTDIR32%/%LDAPSDK%/lib/libssldap50.*:bin/admin/lib/libssldap50.*
compfile: 171306: %DISTDIR%/admserv/admin/nsadmin.zip:manual/help/help
Index: redhat-patch.inf
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/cm/redhat-patch.inf,v
retrieving revision 1.1.2.10
retrieving revision 1.1.2.11
diff -u -r1.1.2.10 -r1.1.2.11
--- redhat-patch.inf 3 Mar 2006 19:06:50 -0000 1.1.2.10
+++ redhat-patch.inf 7 Mar 2006 00:52:08 -0000 1.1.2.11
@@ -41,7 +41,10 @@
# file: bug#:
# compfile: bug#: :
# %DISTDIR% points /dist/
+# 64bit:
# %DISTDIR32% points /dist//shared32
+# 32it:
+# %DISTDIR32% points /dist/
#
base: /share/builds/products/server/directry/7.1
@@ -76,11 +79,11 @@
file: M324525,M324529: clients/lib/libprldap50.*
file: M324525,M324529: clients/lib/libssldap50.*
-copyfile: M324525,M324529: admin/nsadmin.zip:%DISTDIR32%/lib/libldap50.*:bin/https/lib/libldap50.*
-copyfile: M324525,M324529: admin/nsadmin.zip:%DISTDIR32%/lib/libprldap50.*:bin/https/lib/libprldap50.*
-copyfile: M324525,M324529: admin/nsadmin.zip:%DISTDIR32%/lib/libssldap50.*:bin/https/lib/libssldap50.*
-copyfile: M324525,M324529: admin/nsadmin.zip:%DISTDIR32%/lib/libldap50.*:bin/admin/lib/libldap50.*
-copyfile: M324525,M324529: admin/nsadmin.zip:%DISTDIR32%/lib/libprldap50.*:bin/admin/lib/libprldap50.*
-copyfile: M324525,M324529: admin/nsadmin.zip:%DISTDIR32%/lib/libssldap50.*:bin/admin/lib/libssldap50.*
+copyfile: M324525,M324529: admin/nsadmin.zip:%DISTDIR32%/%LDAPSDK%/lib/libldap50.*:bin/https/lib/libldap50.*
+copyfile: M324525,M324529: admin/nsadmin.zip:%DISTDIR32%/%LDAPSDK%/lib/libprldap50.*:bin/https/lib/libprldap50.*
+copyfile: M324525,M324529: admin/nsadmin.zip:%DISTDIR32%/%LDAPSDK%/lib/libssldap50.*:bin/https/lib/libssldap50.*
+copyfile: M324525,M324529: admin/nsadmin.zip:%DISTDIR32%/%LDAPSDK%/lib/libldap50.*:bin/admin/lib/libldap50.*
+copyfile: M324525,M324529: admin/nsadmin.zip:%DISTDIR32%/%LDAPSDK%/lib/libprldap50.*:bin/admin/lib/libprldap50.*
+copyfile: M324525,M324529: admin/nsadmin.zip:%DISTDIR32%/%LDAPSDK%/lib/libssldap50.*:bin/admin/lib/libssldap50.*
compfile: 171306: %DISTDIR%/admserv/admin/nsadmin.zip:manual/help/help
From fedora-directory-commits at redhat.com Wed Mar 8 01:31:20 2006
From: fedora-directory-commits at redhat.com (Noriko Hosoi (nhosoi))
Date: Tue, 7 Mar 2006 20:31:20 -0500
Subject: [Fedora-directory-commits] ldapserver/ldap/servers/slapd/back-ldbm
vlv.c, 1.6, 1.7
Message-ID: <200603080131.k281VKWN012425@cvs-int.fedora.redhat.com>
Author: nhosoi
Update of /cvs/dirsec/ldapserver/ldap/servers/slapd/back-ldbm
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv12379
Modified Files:
vlv.c
Log Message:
[183222] Directory Server hangs when running VLV search and update operations simultaneously.
Demoted the write lock to the read lock in vlv_update_all_indexes
Index: vlv.c
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/back-ldbm/vlv.c,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- vlv.c 19 Apr 2005 22:07:38 -0000 1.6
+++ vlv.c 8 Mar 2006 01:31:12 -0000 1.7
@@ -72,6 +72,7 @@
backend *be = inst->inst_be;
vlvSearch_init(newVlvSearch, pb, entryBefore, inst);
+ /* vlvSearchList is modified; need Wlock */
PR_RWLock_Wlock(be->vlvSearchList_lock);
vlvSearch_addtolist(newVlvSearch, (struct vlvSearch **)&be->vlvSearchList);
PR_RWLock_Unlock(be->vlvSearchList_lock);
@@ -89,7 +90,8 @@
slapi_sdn_init(&parentdn);
slapi_sdn_get_parent(slapi_entry_get_sdn(entryBefore),&parentdn);
{
- PR_RWLock_Wlock(be->vlvSearchList_lock);
+ /* vlvIndex list is modified; need Wlock */
+ PR_RWLock_Wlock(be->vlvSearchList_lock);
parent= vlvSearch_finddn((struct vlvSearch *)be->vlvSearchList, &parentdn);
if(parent!=NULL)
{
@@ -109,10 +111,11 @@
int vlv_DeleteSearchEntry(Slapi_PBlock *pb, Slapi_Entry* entryBefore, Slapi_Entry* entryAfter, int *returncode, char *returntext, void *arg)
{
struct vlvSearch* p=NULL;
- backend *be= ((ldbm_instance*)arg)->inst_be;
+ backend *be= ((ldbm_instance*)arg)->inst_be;
- PR_RWLock_Wlock(be->vlvSearchList_lock);
- p = vlvSearch_finddn((struct vlvSearch *)be->vlvSearchList, slapi_entry_get_sdn(entryBefore));
+ /* vlvSearchList is modified; need Wlock */
+ PR_RWLock_Wlock(be->vlvSearchList_lock);
+ p = vlvSearch_finddn((struct vlvSearch *)be->vlvSearchList, slapi_entry_get_sdn(entryBefore));
if(p!=NULL)
{
LDAPDebug( LDAP_DEBUG_ANY, "Deleted Virtual List View Search (%s).\n", p->vlv_name, 0, 0);
@@ -269,7 +272,7 @@
int any_not_done = 0;
- PR_RWLock_Wlock(be->vlvSearchList_lock);
+ PR_RWLock_Wlock(be->vlvSearchList_lock);
if (seen_them_all) {
PR_RWLock_Unlock(be->vlvSearchList_lock);
return;
@@ -320,6 +323,7 @@
{
struct vlvSearch *t = NULL;
struct vlvSearch *nt = NULL;
+ /* vlvSearchList is modified; need Wlock */
PR_RWLock_Wlock(be->vlvSearchList_lock);
for (t = (struct vlvSearch *)be->vlvSearchList; NULL != t; )
{
@@ -762,8 +766,8 @@
*
* JCM: If only non-sorted attributes are changed, then the indexes don't need updating.
* JCM: Detecting this fact, given multi-valued atribibutes, might be tricky...
- * Added write lock
-*/
+ * Read lock (traverse vlvSearchList; no change on vlvSearchList/vlvIndex lists)
+ */
int
vlv_update_all_indexes(back_txn *txn, backend *be, Slapi_PBlock *pb, struct backentry* oldEntry, struct backentry* newEntry)
@@ -772,7 +776,7 @@
struct vlvSearch* ps=NULL;
struct ldbminfo *li = ((ldbm_instance *)be->be_instance_info)->inst_li;
- PR_RWLock_Wlock(be->vlvSearchList_lock);
+ PR_RWLock_Rlock(be->vlvSearchList_lock);
ps = (struct vlvSearch *)be->vlvSearchList;
for(;ps!=NULL;ps= ps->vlv_next)
{
@@ -1927,10 +1931,11 @@
tag1=create_vlv_search_tag(dn);
buf=slapi_ch_smprintf("%s%s%s%s%s","cn=MCC ",tag1,", cn=",inst->inst_name,LDBM_PLUGIN_ROOT);
newdn=slapi_sdn_new_dn_byval(buf);
+ /* vlvSearchList is modified; need Wlock */
PR_RWLock_Wlock(be->vlvSearchList_lock);
p = vlvSearch_finddn((struct vlvSearch *)be->vlvSearchList, newdn);
- if(p!=NULL)
- {
+ if(p!=NULL)
+ {
LDAPDebug( LDAP_DEBUG_ANY, "Deleted Virtual List View Search (%s).\n", p->vlv_name, 0, 0);
tag2=create_vlv_search_tag(dn);
buf2=slapi_ch_smprintf("%s%s,%s",TAG,tag2,buf);
From fedora-directory-commits at redhat.com Thu Mar 9 17:28:13 2006
From: fedora-directory-commits at redhat.com (Noriko Hosoi (nhosoi))
Date: Thu, 9 Mar 2006 12:28:13 -0500
Subject: [Fedora-directory-commits] mod_admserv aclocal.m4, 1.9,
1.10 Makefile.am, 1.13, 1.14 Makefile.in, 1.17,
1.18 configure.in, 1.15, 1.16
Message-ID: <200603091728.k29HSDof006952@cvs-int.fedora.redhat.com>
Author: nhosoi
Update of /cvs/dirsec/mod_admserv
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv6929
Modified Files:
aclocal.m4 Makefile.am Makefile.in configure.in
Log Message:
adding "@nspr_lib@ -lnspr4 -lplc4" to LIBS to build using components on /s/b/c.
Index: Makefile.am
===================================================================
RCS file: /cvs/dirsec/mod_admserv/Makefile.am,v
retrieving revision 1.13
retrieving revision 1.14
diff -u -r1.13 -r1.14
--- Makefile.am 26 Feb 2006 00:27:58 -0000 1.13
+++ Makefile.am 9 Mar 2006 17:28:05 -0000 1.14
@@ -8,7 +8,7 @@
## Set the includes and libraries needed
INCLUDES = -I at apache_inc@ @apr_inc@ @adminutil_inc@ @nspr_inc@ @ldapsdk_inc@ @nss_inc@
-LIBS = @adminutil_lib@ -ladminutil at adminutil_ver@ -ladmsslutil at adminutil_ver@ @icu_lib@ -licui18n -licuuc -licudata @ldapsdk_lib@ -lssldap50 -lprldap50 -lldap50 @nss_lib@ -lssl3 -lnss3
+LIBS = @adminutil_lib@ -ladminutil at adminutil_ver@ -ladmsslutil at adminutil_ver@ @icu_lib@ -licui18n -licuuc -licudata @ldapsdk_lib@ -lssldap50 -lprldap50 -lldap50 @nss_lib@ -lssl3 -lnss3 @nspr_lib@ -lnspr4 -lplc4
EXTRA_CPPFLAGS=@extra_cppflags@
Index: Makefile.in
===================================================================
RCS file: /cvs/dirsec/mod_admserv/Makefile.in,v
retrieving revision 1.17
retrieving revision 1.18
diff -u -r1.17 -r1.18
--- Makefile.in 26 Feb 2006 00:27:58 -0000 1.17
+++ Makefile.in 9 Mar 2006 17:28:05 -0000 1.18
@@ -117,7 +117,7 @@
#libmodadmserv_la_LDFLAGS = -module -avoid-version
INCLUDES = -I at apache_inc@ @apr_inc@ @adminutil_inc@ @nspr_inc@ @ldapsdk_inc@ @nss_inc@
-LIBS = @adminutil_lib@ -ladminutil at adminutil_ver@ -ladmsslutil at adminutil_ver@ @icu_lib@ -licui18n -licuuc -licudata @ldapsdk_lib@ -lssldap50 -lprldap50 -lldap50 @nss_lib@ -lssl3 -lnss3
+LIBS = @adminutil_lib@ -ladminutil at adminutil_ver@ -ladmsslutil at adminutil_ver@ @icu_lib@ -licui18n -licuuc -licudata @ldapsdk_lib@ -lssldap50 -lprldap50 -lldap50 @nss_lib@ -lssl3 -lnss3 @nspr_lib@ -lnspr4 -lplc4
EXTRA_CPPFLAGS = @extra_cppflags@
From fedora-directory-commits at redhat.com Thu Mar 9 17:28:58 2006
From: fedora-directory-commits at redhat.com (Noriko Hosoi (nhosoi))
Date: Thu, 9 Mar 2006 12:28:58 -0500
Subject: [Fedora-directory-commits] mod_admserv configure,1.18,1.19
Message-ID: <200603091728.k29HSwX1006976@cvs-int.fedora.redhat.com>
Author: nhosoi
Update of /cvs/dirsec/mod_admserv
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv6958
Modified Files:
configure
Log Message:
adding "@nspr_lib@ -lnspr4 -lplc4" to LIBS to build using components on /s/b/c.
From fedora-directory-commits at redhat.com Tue Mar 14 17:13:49 2006
From: fedora-directory-commits at redhat.com (Noriko Hosoi (nhosoi))
Date: Tue, 14 Mar 2006 12:13:49 -0500
Subject: [Fedora-directory-commits] ldapserver/ldap/admin/src
create_instance.c, 1.24, 1.25 create_instance.h, 1.5,
1.6 instindex.cpp, 1.8, 1.9
Message-ID: <200603141713.k2EHDnlr001887@cvs-int.fedora.redhat.com>
Author: nhosoi
Update of /cvs/dirsec/ldapserver/ldap/admin/src
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv1852
Modified Files:
create_instance.c create_instance.h instindex.cpp
Log Message:
[185364] Can't update scripts (e.g., start-slapd) in the instance
When ds_create is called with -r (update), scripts in the instance directory
were not updated. They are recreated with this change.
Index: create_instance.c
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/admin/src/create_instance.c,v
retrieving revision 1.24
retrieving revision 1.25
diff -u -r1.24 -r1.25
--- create_instance.c 7 Dec 2005 21:29:08 -0000 1.24
+++ create_instance.c 14 Mar 2006 17:13:38 -0000 1.25
@@ -1057,74 +1057,15 @@
}
#endif
-/* ---------------------- Create configuration files ---------------------- */
-
-
-char *create_server(server_config_s *cf, char *param_name)
+static char *
+create_scripts(server_config_s *cf, char *param_name)
{
- char line[PATH_SIZE], *t, *sroot = cf->sroot;
+ char *t, *sroot = cf->sroot;
char subdir[PATH_SIZE];
-#if defined( SOLARIS )
- /*
- * Solaris 9+ specific installation
- */
- char otherline[PATH_SIZE];
- char subdirvar[PATH_SIZE];
- char subdiretc[PATH_SIZE];
- char *sub;
-#endif /* SOLARIS */
-
- if (param_name)
- param_name[0] = 0; /* init to empty string */
-
-#ifdef XP_UNIX
- if (!cf->servuser)
- getSuiteSpotUserGroup(cf);
-#else
- /* Abort if the service exists on NT */
- if (t = service_exists(cf->servid)) {
- PL_strncpyz(param_name, "servid", BIG_LINE);
- return t;
- }
-#endif
-
- if( (t = sanity_check(cf, param_name)) )
- return t;
-
/* Create slapd-nickname directory */
PR_snprintf(subdir, sizeof(subdir), "%s%c"PRODUCT_NAME"-%s", sroot, FILE_PATHSEP,
cf->servid);
- if( (create_instance_mkdir(subdir, NEWDIR_MODE)) )
- return make_error("mkdir %s failed (%s)", subdir, ds_system_errmsg());
-
- /* Create slapd-nickname/config directory */
- PR_snprintf(line, sizeof(line), "%s%cconfig", subdir, FILE_PATHSEP);
- if( (create_instance_mkdir(line, NEWDIR_MODE)) )
- return make_error("mkdir %s failed (%s)", line, ds_system_errmsg());
-
- /* Create slapd-nickname/config/schema directory */
- PR_snprintf(line, sizeof(line), "%s%cconfig%cschema", subdir, FILE_PATHSEP, FILE_PATHSEP);
- if( (create_instance_mkdir(line, NEWDIR_MODE)) )
- return make_error("mkdir %s failed (%s)", line, ds_system_errmsg());
-
-#if defined (BUILD_PRESENCE)
- /* Create slapd-nickname/config/presence directory */
- PR_snprintf(line, sizeof(line), "%s%cconfig%cpresence", subdir, FILE_PATHSEP, FILE_PATHSEP);
- if( (create_instance_mkdir(line, NEWDIR_MODE)) )
- return make_error("mkdir %s failed (%s)", line, ds_system_errmsg());
-#endif
-
- /* Create slapd-nickname/logs directory */
- PR_snprintf(line, sizeof(line), "%s%clogs", subdir, FILE_PATHSEP);
- if( (create_instance_mkdir(line, NEWSECDIR_MODE)) )
- return make_error("mkdir %s failed (%s)", line, ds_system_errmsg());
-
- /* Create httpacl directory */
- PR_snprintf(line, sizeof(line), "%s%chttpacl", cf->sroot, FILE_PATHSEP);
- if( (create_instance_mkdir(line, NEWDIR_MODE)) )
- return make_error("mkdir %s failed (%s)", line, ds_system_errmsg());
-
#ifdef XP_UNIX
/* Start/stop/rotate/restart scripts */
if (getenv("USE_DEBUGGER"))
@@ -1180,17 +1121,6 @@
subdir,
cf->loglevel ? cf->loglevel : "0"
);
-/*
- t = gen_script(subdir, START_SCRIPT,
- "NETSITE_ROOT=%s\n"
- "export NETSITE_ROOT\n"
- "cd %s/bin/%s/server; /usr/bin/X11/xterm -fn 10x20 -sb -sl 2000 -e /bin/ladebug "
- "-I /u/richm/ds50/ldapserver/ldap/servers/slapd/back-ldbm "
- "-I /u/richm/ds50/ldapserver/ldap/servers/slapd "
- "%s &\n",
- sroot, sroot, PRODUCT_NAME, PRODUCT_BIN
- );
-*/
#else
t = gen_script(subdir, START_SCRIPT,
"\n"
@@ -1418,12 +1348,137 @@
t = gen_script(subdir, RESTART_SCRIPT".bat", "net stop slapd-%s\n"
"net start slapd-%s\n", cf->servid, cf->servid);
if(t) return t;
+#endif /* XP_WIN32 */
+}
+/* ---------------------- Update server script files ---------------------- */
+int update_server(server_config_s *cf)
+{
+ char line[PATH_SIZE], *t, *sroot = cf->sroot;
+ char subdir[PATH_SIZE];
+ char error_param[BIG_LINE] = {0};
-#endif /* XP_WIN32 */
+#if defined( SOLARIS )
+ /*
+ * Solaris 9+ specific installation
+ */
+ char otherline[PATH_SIZE];
+ char subdirvar[PATH_SIZE];
+ char subdiretc[PATH_SIZE];
+ char *sub;
+#endif /* SOLARIS */
-#ifdef XP_WIN32
+ error_param[0] = 0; /* init to empty string */
+
+#ifdef XP_UNIX
+ if (!cf->servuser)
+ getSuiteSpotUserGroup(cf);
+#else
+ /* Abort if the service exists on NT */
+ if (t = service_exists(cf->servid)) {
+ PL_strncpyz(error_param, "servid", BIG_LINE);
+ goto out;
+ }
+#endif
+
+ if( (t = sanity_check(cf, error_param)) )
+ goto out;
+
+ t = create_scripts(cf, error_param);
+ if(t) goto out;
+
+out:
+ if(t)
+ {
+ char *msg;
+ if (error_param[0])
+ {
+ msg = PR_smprintf("%s.error:could not update server %s - %s",
+ error_param, cf->servid, t);
+ }
+ else
+ {
+ msg = PR_smprintf("error:could not update server %s - %s",
+ cf->servid, t);
+ }
+ ds_show_message(msg);
+ PR_smprintf_free(msg);
+ return 1;
+ }
+ else
+ return 0;
+}
+
+/* ---------------------- Create configuration files ---------------------- */
+char *create_server(server_config_s *cf, char *param_name)
+{
+ char line[PATH_SIZE], *t, *sroot = cf->sroot;
+ char subdir[PATH_SIZE];
+
+#if defined( SOLARIS )
+ /*
+ * Solaris 9+ specific installation
+ */
+ char otherline[PATH_SIZE];
+ char subdirvar[PATH_SIZE];
+ char subdiretc[PATH_SIZE];
+ char *sub;
+#endif /* SOLARIS */
+
+ if (param_name)
+ param_name[0] = 0; /* init to empty string */
+
+#ifdef XP_UNIX
+ if (!cf->servuser)
+ getSuiteSpotUserGroup(cf);
+#else
+ /* Abort if the service exists on NT */
+ if (t = service_exists(cf->servid)) {
+ PL_strncpyz(param_name, "servid", BIG_LINE);
+ return t;
+ }
+#endif
+
+ if( (t = sanity_check(cf, param_name)) )
+ return t;
+
+ /* Create slapd-nickname directory */
+ PR_snprintf(subdir, sizeof(subdir), "%s%c"PRODUCT_NAME"-%s", sroot, FILE_PATHSEP,
+ cf->servid);
+ if( (create_instance_mkdir(subdir, NEWDIR_MODE)) )
+ return make_error("mkdir %s failed (%s)", subdir, ds_system_errmsg());
+
+ /* Create slapd-nickname/config directory */
+ PR_snprintf(line, sizeof(line), "%s%cconfig", subdir, FILE_PATHSEP);
+ if( (create_instance_mkdir(line, NEWDIR_MODE)) )
+ return make_error("mkdir %s failed (%s)", line, ds_system_errmsg());
+
+ /* Create slapd-nickname/config/schema directory */
+ PR_snprintf(line, sizeof(line), "%s%cconfig%cschema", subdir, FILE_PATHSEP, FILE_PATHSEP);
+ if( (create_instance_mkdir(line, NEWDIR_MODE)) )
+ return make_error("mkdir %s failed (%s)", line, ds_system_errmsg());
+
+#if defined (BUILD_PRESENCE)
+ /* Create slapd-nickname/config/presence directory */
+ PR_snprintf(line, sizeof(line), "%s%cconfig%cpresence", subdir, FILE_PATHSEP, FILE_PATHSEP);
+ if( (create_instance_mkdir(line, NEWDIR_MODE)) )
+ return make_error("mkdir %s failed (%s)", line, ds_system_errmsg());
+#endif
+ /* Create slapd-nickname/logs directory */
+ PR_snprintf(line, sizeof(line), "%s%clogs", subdir, FILE_PATHSEP);
+ if( (create_instance_mkdir(line, NEWSECDIR_MODE)) )
+ return make_error("mkdir %s failed (%s)", line, ds_system_errmsg());
+
+ /* Create httpacl directory */
+ PR_snprintf(line, sizeof(line), "%s%chttpacl", cf->sroot, FILE_PATHSEP);
+ if( (create_instance_mkdir(line, NEWDIR_MODE)) )
+ return make_error("mkdir %s failed (%s)", line, ds_system_errmsg());
+
+ t = create_scripts(cf, param_name);
+ if(t) return t;
+
+#ifdef XP_WIN32
if ( INFO_GetOperatingSystem () == OS_WINNT ) {
if( (t = add_ntservice(cf)) )
Index: create_instance.h
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/admin/src/create_instance.h,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- create_instance.h 19 Apr 2005 22:06:55 -0000 1.5
+++ create_instance.h 14 Mar 2006 17:13:38 -0000 1.6
@@ -132,6 +132,10 @@
additional detail
*/
char *create_server(server_config_s *cf, char *param_name);
+/*
+ Update script files in the instance directory
+*/
+int update_server(server_config_s *cf);
/* from script-gen.c */
int generate_script(const char *inpath, const char *outpath, int mode,
Index: instindex.cpp
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/admin/src/instindex.cpp,v
retrieving revision 1.8
retrieving revision 1.9
diff -u -r1.8 -r1.9
--- instindex.cpp 19 Apr 2005 22:06:55 -0000 1.8
+++ instindex.cpp 14 Mar 2006 17:13:38 -0000 1.9
@@ -134,12 +134,16 @@
else
fclose(infFile);
+ if (!status)
+ status = create_config_from_inf(&cf, argc, argv);
if (reconfig)
- status = reconfigure_instance(argc, argv);
- else
{
+ status = update_server(&cf);
if (!status)
- status = create_config_from_inf(&cf, argc, argv);
+ status = reconfigure_instance(argc, argv);
+ }
+ else
+ {
if (!status)
status = create_config(&cf);
if (!status)
From fedora-directory-commits at redhat.com Tue Mar 14 19:18:11 2006
From: fedora-directory-commits at redhat.com (Nathan Kinder (nkinder))
Date: Tue, 14 Mar 2006 14:18:11 -0500
Subject: [Fedora-directory-commits]
ldapserver/ldap/servers/slapd saslbind.c, 1.14, 1.15 slap.h,
1.11, 1.12
Message-ID: <200603141918.k2EJIB7b006915@cvs-int.fedora.redhat.com>
Author: nkinder
Update of /cvs/dirsec/ldapserver/ldap/servers/slapd
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv6854
Modified Files:
saslbind.c slap.h
Log Message:
184585 - SASL context needs to be disposed of and a new one created when re-binding
Index: saslbind.c
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/saslbind.c,v
retrieving revision 1.14
retrieving revision 1.15
diff -u -r1.14 -r1.15
--- saslbind.c 10 Nov 2005 22:37:54 -0000 1.14
+++ saslbind.c 14 Mar 2006 19:18:03 -0000 1.15
@@ -881,6 +881,36 @@
sasl_start:
+ /* Check if we are already authenticated via sasl. If so,
+ * dispose of the current sasl_conn and create a new one
+ * using the new mechanism. We also need to do this if the
+ * mechanism changed in the middle of the SASL authentication
+ * process. */
+ if ((pb->pb_conn->c_flags & CONN_FLAG_SASL_COMPLETE) || continuing) {
+ /* Lock the connection mutex */
+ PR_Lock(pb->pb_conn->c_mutex);
+
+ /* reset flag */
+ pb->pb_conn->c_flags &= ~CONN_FLAG_SASL_COMPLETE;
+
+ /* remove any SASL I/O from the connection */
+ sasl_io_cleanup(pb->pb_conn);
+
+ /* dispose of sasl_conn and create a new sasl_conn */
+ sasl_dispose(&sasl_conn);
+ ids_sasl_server_new(pb->pb_conn);
+ sasl_conn = (sasl_conn_t*)pb->pb_conn->c_sasl_conn;
+
+ /* Unlock the connection mutex */
+ PR_Unlock(pb->pb_conn->c_mutex);
+
+ if (sasl_conn == NULL) {
+ send_ldap_result( pb, LDAP_AUTH_METHOD_NOT_SUPPORTED, NULL,
+ "sasl library unavailable", 0, NULL );
+ return;
+ }
+ }
+
rc = sasl_server_start(sasl_conn, mech,
cred->bv_val, cred->bv_len,
&sdata, &slen);
@@ -889,6 +919,8 @@
switch (rc) {
case SASL_OK: /* complete */
+ /* Set a flag to signify that sasl bind is complete */
+ pb->pb_conn->c_flags |= CONN_FLAG_SASL_COMPLETE;
/* retrieve the authenticated username */
if (sasl_getprop(sasl_conn, SASL_USERNAME,
Index: slap.h
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/slap.h,v
retrieving revision 1.11
retrieving revision 1.12
diff -u -r1.11 -r1.12
--- slap.h 28 Feb 2006 21:51:26 -0000 1.11
+++ slap.h 14 Mar 2006 19:18:03 -0000 1.12
@@ -1271,6 +1271,9 @@
* Start TLS request operation.
*/
+#define CONN_FLAG_SASL_COMPLETE 32 /* Flag set when a sasl bind has been
+ * successfully completed.
+ */
#define START_TLS_OID "1.3.6.1.4.1.1466.20037"
From fedora-directory-commits at redhat.com Tue Mar 14 19:32:22 2006
From: fedora-directory-commits at redhat.com (Nathan Kinder (nkinder))
Date: Tue, 14 Mar 2006 14:32:22 -0500
Subject: [Fedora-directory-commits]
ldapserver/ldap/servers/slapd saslbind.c, 1.15, 1.16
Message-ID: <200603141932.k2EJWMGN007240@cvs-int.fedora.redhat.com>
Author: nkinder
Update of /cvs/dirsec/ldapserver/ldap/servers/slapd
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv7223
Modified Files:
saslbind.c
Log Message:
184585 - Adjusted the location of the connection lock when doing a sasl_rebind
Index: saslbind.c
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/saslbind.c,v
retrieving revision 1.15
retrieving revision 1.16
diff -u -r1.15 -r1.16
--- saslbind.c 14 Mar 2006 19:18:03 -0000 1.15
+++ saslbind.c 14 Mar 2006 19:32:15 -0000 1.16
@@ -887,12 +887,12 @@
* mechanism changed in the middle of the SASL authentication
* process. */
if ((pb->pb_conn->c_flags & CONN_FLAG_SASL_COMPLETE) || continuing) {
- /* Lock the connection mutex */
- PR_Lock(pb->pb_conn->c_mutex);
-
/* reset flag */
pb->pb_conn->c_flags &= ~CONN_FLAG_SASL_COMPLETE;
+ /* Lock the connection mutex */
+ PR_Lock(pb->pb_conn->c_mutex);
+
/* remove any SASL I/O from the connection */
sasl_io_cleanup(pb->pb_conn);
From fedora-directory-commits at redhat.com Tue Mar 14 19:36:30 2006
From: fedora-directory-commits at redhat.com (Nathan Kinder (nkinder))
Date: Tue, 14 Mar 2006 14:36:30 -0500
Subject: [Fedora-directory-commits]
ldapserver/ldap/servers/slapd saslbind.c, 1.9.2.3,
1.9.2.4 slap.h, 1.9, 1.9.2.1
Message-ID: <200603141936.k2EJaU2x007346@cvs-int.fedora.redhat.com>
Author: nkinder
Update of /cvs/dirsec/ldapserver/ldap/servers/slapd
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv7327
Modified Files:
Tag: Directory71RtmBranch
saslbind.c slap.h
Log Message:
184585 - SASL context needs to be disposed of and a new one created when re-binding
Index: saslbind.c
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/saslbind.c,v
retrieving revision 1.9.2.3
retrieving revision 1.9.2.4
diff -u -r1.9.2.3 -r1.9.2.4
--- saslbind.c 4 Nov 2005 18:57:48 -0000 1.9.2.3
+++ saslbind.c 14 Mar 2006 19:36:23 -0000 1.9.2.4
@@ -854,6 +854,37 @@
sasl_start:
+ /* Check if we are already authenticated via sasl. If so,
+ * dispose of the current sasl_conn and create a new one
+ * using the new mechanism. We also need to do this if the
+ * mechanism changed in the middle of the SASL authentication
+ * process. */
+ if ((pb->pb_conn->c_flags & CONN_FLAG_SASL_COMPLETE) || continuing) {
+ /* reset flag */
+ pb->pb_conn->c_flags &= ~CONN_FLAG_SASL_COMPLETE;
+
+ /* Lock the connection mutex */
+ PR_Lock(pb->pb_conn->c_mutex);
+
+ /* remove any SASL I/O from the connection */
+ sasl_io_cleanup(pb->pb_conn);
+
+ /* dispose of sasl_conn and create a new sasl_conn */
+ sasl_dispose(&sasl_conn);
+ ids_sasl_server_new(pb->pb_conn);
+ sasl_conn = (sasl_conn_t*)pb->pb_conn->c_sasl_conn;
+
+ /* Unlock the connection mutex */
+ PR_Unlock(pb->pb_conn->c_mutex);
+
+ if (sasl_conn == NULL) {
+ send_ldap_result( pb, LDAP_AUTH_METHOD_NOT_SUPPORTED, NULL,
+ "sasl library unavailable", 0, NULL );
+ return;
+ }
+ }
+
+
rc = sasl_server_start(sasl_conn, mech,
cred->bv_val, cred->bv_len,
&sdata, &slen);
@@ -862,6 +893,8 @@
switch (rc) {
case SASL_OK: /* complete */
+ /* Set a flag to signify that sasl bind is complete */
+ pb->pb_conn->c_flags |= CONN_FLAG_SASL_COMPLETE;
/* retrieve the authenticated username */
if (sasl_getprop(sasl_conn, SASL_USERNAME,
Index: slap.h
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/slap.h,v
retrieving revision 1.9
retrieving revision 1.9.2.1
diff -u -r1.9 -r1.9.2.1
--- slap.h 19 Apr 2005 22:07:37 -0000 1.9
+++ slap.h 14 Mar 2006 19:36:23 -0000 1.9.2.1
@@ -1268,6 +1268,10 @@
* Start TLS request operation.
*/
+#define CONN_FLAG_SASL_COMPLETE 32 /* Flag set when a sasl bind has been
+ * successfully completed.
+ */
+
#define START_TLS_OID "1.3.6.1.4.1.1466.20037"
From fedora-directory-commits at redhat.com Wed Mar 15 00:51:23 2006
From: fedora-directory-commits at redhat.com (Noriko Hosoi (nhosoi))
Date: Tue, 14 Mar 2006 19:51:23 -0500
Subject: [Fedora-directory-commits] ldapserver/ldap/servers/slapd/back-ldbm
idl_new.c, 1.4, 1.5
Message-ID: <200603150051.k2F0pNrJ020616@cvs-int.fedora.redhat.com>
Author: nhosoi
Update of /cvs/dirsec/ldapserver/ldap/servers/slapd/back-ldbm
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv20599
Modified Files:
idl_new.c
Log Message:
[185477] ldif2db allows entries without a parent to be imported
The problem is that the new IDL code is not exposing the DB_NOTFOUND error when
the index key is not found. Import checks if the result was DB_NOTFOUND when
checking for the parent entry's entrydn index. This works fine with the old
IDL code. (nkinder at redhat.com)
Index: idl_new.c
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/back-ldbm/idl_new.c,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -r1.4 -r1.5
--- idl_new.c 19 Apr 2005 22:07:38 -0000 1.4
+++ idl_new.c 15 Mar 2006 00:51:14 -0000 1.5
@@ -244,9 +244,7 @@
ret = cursor->c_get(cursor,&key,&data,DB_SET);
#endif
if (0 != ret) {
- if (DB_NOTFOUND == ret) {
- ret = 0;
- } else {
+ if (DB_NOTFOUND != ret) {
#ifdef DB_USE_BULK_FETCH
if (ret == ENOMEM) {
LDAPDebug(LDAP_DEBUG_ANY, "database index is corrupt; "
From fedora-directory-commits at redhat.com Wed Mar 15 00:52:10 2006
From: fedora-directory-commits at redhat.com (Noriko Hosoi (nhosoi))
Date: Tue, 14 Mar 2006 19:52:10 -0500
Subject: [Fedora-directory-commits] ldapserver/ldap/servers/slapd/back-ldbm
idl_new.c, 1.4, 1.4.2.1
Message-ID: <200603150052.k2F0qAVT020649@cvs-int.fedora.redhat.com>
Author: nhosoi
Update of /cvs/dirsec/ldapserver/ldap/servers/slapd/back-ldbm
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv20632
Modified Files:
Tag: Directory71RtmBranch
idl_new.c
Log Message:
[185477] ldif2db allows entries without a parent to be imported
The problem is that the new IDL code is not exposing the DB_NOTFOUND error when
the index key is not found. Import checks if the result was DB_NOTFOUND when
checking for the parent entry's entrydn index. This works fine with the old
IDL code. (nkinder at redhat.com)
Index: idl_new.c
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/back-ldbm/idl_new.c,v
retrieving revision 1.4
retrieving revision 1.4.2.1
diff -u -r1.4 -r1.4.2.1
--- idl_new.c 19 Apr 2005 22:07:38 -0000 1.4
+++ idl_new.c 15 Mar 2006 00:52:02 -0000 1.4.2.1
@@ -244,9 +244,7 @@
ret = cursor->c_get(cursor,&key,&data,DB_SET);
#endif
if (0 != ret) {
- if (DB_NOTFOUND == ret) {
- ret = 0;
- } else {
+ if (DB_NOTFOUND != ret) {
#ifdef DB_USE_BULK_FETCH
if (ret == ENOMEM) {
LDAPDebug(LDAP_DEBUG_ANY, "database index is corrupt; "
From fedora-directory-commits at redhat.com Thu Mar 16 03:02:42 2006
From: fedora-directory-commits at redhat.com (Noriko Hosoi (nhosoi))
Date: Wed, 15 Mar 2006 22:02:42 -0500
Subject: [Fedora-directory-commits] ldapserver/ldap/servers/slapd/back-ldbm
ldif2ldbm.c, 1.7, 1.8
Message-ID: <200603160302.k2G32gTT021711@cvs-int.fedora.redhat.com>
Author: nhosoi
Update of /cvs/dirsec/ldapserver/ldap/servers/slapd/back-ldbm
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv19757
Modified Files:
ldif2ldbm.c
Log Message:
[185477] ldif2db allows entries without a parent to be imported
if idl is NULL, changed add_op_attrs to always set IMPORT_ADD_OP_ATTRS_NO_PARENT in non-error case (err == 0 or err == DB_NOTFOUND)
Index: ldif2ldbm.c
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/back-ldbm/ldif2ldbm.c,v
retrieving revision 1.7
retrieving revision 1.8
diff -u -r1.7 -r1.8
--- ldif2ldbm.c 19 Apr 2005 22:07:38 -0000 1.7
+++ ldif2ldbm.c 16 Mar 2006 03:02:33 -0000 1.8
@@ -222,15 +222,15 @@
&err )) != NULL ) {
pid = idl_firstid( idl );
idl_free( idl );
- } else if ( 0 != err ) {
- if (DB_NOTFOUND != err ) {
+ } else {
+ /* empty idl */
+ if ( 0 != err && DB_NOTFOUND != err ) {
LDAPDebug( LDAP_DEBUG_ANY, "database error %d\n", err, 0, 0 );
slapi_ch_free( (void**)&pdn );
return( -1 );
- } else {
- if (NULL != status) {
- *status = IMPORT_ADD_OP_ATTRS_NO_PARENT;
- }
+ }
+ if (NULL != status) {
+ *status = IMPORT_ADD_OP_ATTRS_NO_PARENT;
}
}
slapi_ch_free( (void**)&pdn );
From fedora-directory-commits at redhat.com Thu Mar 16 22:19:44 2006
From: fedora-directory-commits at redhat.com (Noriko Hosoi (nhosoi))
Date: Thu, 16 Mar 2006 17:19:44 -0500
Subject: [Fedora-directory-commits] ldapserver/ldap/admin/src
create_instance.c, 1.25, 1.26
Message-ID: <200603162219.k2GMJiGk009200@cvs-int.fedora.redhat.com>
Author: nhosoi
Update of /cvs/dirsec/ldapserver/ldap/admin/src
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv9147
Modified Files:
create_instance.c
Log Message:
[185364] Can't update scripts (e.g., start-slapd) in the instance directory
Missing return at the end of create_scripts (success case)
Index: create_instance.c
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/admin/src/create_instance.c,v
retrieving revision 1.25
retrieving revision 1.26
diff -u -r1.25 -r1.26
--- create_instance.c 14 Mar 2006 17:13:38 -0000 1.25
+++ create_instance.c 16 Mar 2006 22:19:31 -0000 1.26
@@ -1060,7 +1060,7 @@
static char *
create_scripts(server_config_s *cf, char *param_name)
{
- char *t, *sroot = cf->sroot;
+ char *t = NULL, *sroot = cf->sroot;
char subdir[PATH_SIZE];
/* Create slapd-nickname directory */
@@ -1349,6 +1349,8 @@
"net start slapd-%s\n", cf->servid, cf->servid);
if(t) return t;
#endif /* XP_WIN32 */
+
+ return t; /* should be NULL */
}
/* ---------------------- Update server script files ---------------------- */
From fedora-directory-commits at redhat.com Sat Mar 18 00:32:21 2006
From: fedora-directory-commits at redhat.com (Nathan Kinder (nkinder))
Date: Fri, 17 Mar 2006 19:32:21 -0500
Subject: [Fedora-directory-commits]
ldapserver/ldap/synctools/passwordsync/wix PassSync.wxs,
1.8.2.4, 1.8.2.5
Message-ID: <200603180032.k2I0WLYj012206@cvs-int.fedora.redhat.com>
Author: nkinder
Update of /cvs/dirsec/ldapserver/ldap/synctools/passwordsync/wix
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv12158/ldap/synctools/passwordsync/wix
Modified Files:
Tag: Directory71RtmBranch
PassSync.wxs
Log Message:
186765 - Fixed memory leaks in passsync service
Index: PassSync.wxs
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/synctools/passwordsync/wix/PassSync.wxs,v
retrieving revision 1.8.2.4
retrieving revision 1.8.2.5
diff -u -r1.8.2.4 -r1.8.2.5
--- PassSync.wxs 14 Oct 2005 16:06:58 -0000 1.8.2.4
+++ PassSync.wxs 18 Mar 2006 00:32:11 -0000 1.8.2.5
@@ -38,7 +38,7 @@
+ Version='1.0.2' Manufacturer='Fedora Project'>
Author: nkinder
Update of /cvs/dirsec/ldapserver/ldap/synctools/passwordsync
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv12158/ldap/synctools/passwordsync
Modified Files:
Tag: Directory71RtmBranch
passhand.cpp
Log Message:
186765 - Fixed memory leaks in passsync service
Index: passhand.cpp
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/synctools/passwordsync/passhand.cpp,v
retrieving revision 1.7
retrieving revision 1.7.2.1
diff -u -r1.7 -r1.7.2.1
--- passhand.cpp 19 Apr 2005 22:07:43 -0000 1.7
+++ passhand.cpp 18 Mar 2006 00:31:54 -0000 1.7.2.1
@@ -62,7 +62,7 @@
fstream outFile;
PASS_INFO_LIST_ITERATOR currentPair;
strstream plainTextStream;
- char* cipherTextBuf;
+ char* cipherTextBuf = NULL;
int usernameLen;
int passwordLen;
int plainTextLen;
@@ -90,7 +90,10 @@
// cipherTextBuf length must be at least plainTextLen + 8
cipherTextLen = plainTextLen + 8;
- cipherTextBuf = (char*)malloc(cipherTextLen);
+ if ((cipherTextBuf = (char*)malloc(cipherTextLen)) == NULL) {
+ result = -1;
+ goto exit;
+ }
if(encrypt(plainTextStream.str(), plainTextLen, cipherTextBuf, cipherTextLen, &resultTextLen) != 0)
{
@@ -109,6 +112,7 @@
outFile.close();
exit:
+ free(cipherTextBuf);
return result;
}
@@ -119,8 +123,8 @@
fstream inFile;
PASS_INFO newPair;
strstream* plainTextStream;
- char* cipherTextBuf;
- char* plainTextBuf;
+ char* cipherTextBuf = NULL;
+ char* plainTextBuf = NULL;
int usernameLen;
int passwordLen;
int plainTextLen;
@@ -145,6 +149,12 @@
cipherTextBuf = (char*)malloc(cipherTextLen);
plainTextBuf = (char*)malloc(plainTextLen);
+ if ((cipherTextBuf == NULL) || (plainTextBuf == NULL)) {
+ result = -1;
+ inFile.close();
+ goto exit;
+ }
+
inFile.read(cipherTextBuf, cipherTextLen);
inFile.close();
@@ -183,6 +193,8 @@
delete plainTextStream;
exit:
+ free(cipherTextBuf);
+ free(plainTextBuf);
return result;
}
@@ -205,7 +217,6 @@
PK11Context* EncContext = NULL;
unsigned char gKey[] = KEY;
unsigned char gIV[] = IV;
- PK11SymKey* key = NULL;
SECItem keyItem;
SECItem ivItem;
CK_MECHANISM_TYPE cipherMech = CKM_DES_CBC_PAD;
@@ -234,6 +245,7 @@
SymKey = PK11_ImportSymKey(slot, cipherMech, PK11_OriginUnwrap, CKA_ENCRYPT, &keyItem, NULL);
if(SymKey == NULL)
{
+ PK11_FreeSlot(slot);
result = PR_GetError();
goto exit;
}
@@ -247,6 +259,7 @@
if(SymKey != NULL)
{
PK11_FreeSymKey(SymKey);
+ PK11_FreeSlot(slot);
}
result = PR_GetError();
goto exit;
@@ -266,6 +279,7 @@
// Clean up
PK11_DestroyContext(EncContext, PR_TRUE);
PK11_FreeSymKey(SymKey);
+ PK11_FreeSlot(slot);
SECITEM_FreeItem(SecParam, PR_TRUE);
if((rv2 != SECSuccess) || (rv2 != SECSuccess))
@@ -288,7 +302,6 @@
PK11Context* EncContext = NULL;
unsigned char gKey[] = KEY;
unsigned char gIV[] = IV;
- PK11SymKey* key = NULL;
SECItem keyItem;
SECItem ivItem;
CK_MECHANISM_TYPE cipherMech = CKM_DES_CBC_PAD;
@@ -317,6 +330,7 @@
SymKey = PK11_ImportSymKey(slot, cipherMech, PK11_OriginUnwrap, CKA_ENCRYPT, &keyItem, NULL);
if(SymKey == NULL)
{
+ PK11_FreeSlot(slot);
result = PR_GetError();
goto exit;
}
@@ -330,6 +344,7 @@
if(SymKey != NULL)
{
PK11_FreeSymKey(SymKey);
+ PK11_FreeSlot(slot);
}
result = PR_GetError();
goto exit;
@@ -349,6 +364,7 @@
// Clean up
PK11_DestroyContext(EncContext, PR_TRUE);
PK11_FreeSymKey(SymKey);
+ PK11_FreeSlot(slot);
SECITEM_FreeItem(SecParam, PR_TRUE);
if((rv2 != SECSuccess) || (rv2 != SECSuccess))
From fedora-directory-commits at redhat.com Sat Mar 18 00:32:18 2006
From: fedora-directory-commits at redhat.com (Nathan Kinder (nkinder))
Date: Fri, 17 Mar 2006 19:32:18 -0500
Subject: [Fedora-directory-commits]
ldapserver/ldap/synctools/passwordsync/passsync dssynch.h,
1.5.2.1, 1.5.2.2 syncserv.cpp, 1.7.2.4, 1.7.2.5
Message-ID: <200603180032.k2I0Wmps012215@cvs-int.fedora.redhat.com>
Author: nkinder
Update of /cvs/dirsec/ldapserver/ldap/synctools/passwordsync/passsync
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv12158/ldap/synctools/passwordsync/passsync
Modified Files:
Tag: Directory71RtmBranch
dssynch.h syncserv.cpp
Log Message:
186765 - Fixed memory leaks in passsync service
Index: dssynch.h
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/synctools/passwordsync/passsync/dssynch.h,v
retrieving revision 1.5.2.1
retrieving revision 1.5.2.2
diff -u -r1.5.2.1 -r1.5.2.2
--- dssynch.h 11 Oct 2005 15:56:01 -0000 1.5.2.1
+++ dssynch.h 18 Mar 2006 00:32:01 -0000 1.5.2.2
@@ -65,6 +65,6 @@
#define DS_SERVICE_NAME_UNI L"Netscape Directory Synchronization Service"
#define DS_EVENT_NAME TEXT("Netscape DirSynch")
#define DSS_TERM_EVENT TEXT("NS_DSSYNCH")
-#define SYNCH_VERSION "1.0.1"
+#define SYNCH_VERSION "1.0.2"
#endif // _DSSYNCH_H_
Index: syncserv.cpp
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/synctools/passwordsync/passsync/syncserv.cpp,v
retrieving revision 1.7.2.4
retrieving revision 1.7.2.5
diff -u -r1.7.2.4 -r1.7.2.5
--- syncserv.cpp 14 Oct 2005 17:59:01 -0000 1.7.2.4
+++ syncserv.cpp 18 Mar 2006 00:32:01 -0000 1.7.2.5
@@ -242,6 +242,7 @@
}
exit:
+ clearSet(&passInfoList);
CloseHandle(passhookEventHandle);
}
@@ -254,7 +255,7 @@
PASS_INFO_LIST emptyPassInfoList;
PASS_INFO_LIST_ITERATOR currentPassInfo;
PASS_INFO_LIST_ITERATOR tempPassInfo;
- char* dn;
+ char* dn = NULL;
int tempSize = passInfoList.size();
if(loadSet(&passInfoList, dataFilename) == 0)
@@ -349,6 +350,9 @@
timeStamp(&outLog);
outLog << "Deferring password change for " << currentPassInfo->username << endl;
currentPassInfo++;
+ // free dn
+ ldap_memfree(dn);
+ dn = NULL;
continue;
}
else
@@ -366,6 +370,16 @@
timeStamp(&outLog);
outLog << "Removing password change from list" << endl;
}
+
+ // free the dn
+ ldap_memfree(dn);
+ dn = NULL;
+
+ // free the username and password
+ free(tempPassInfo->username);
+ free(tempPassInfo->password);
+
+ // remove the completed change from the list
passInfoList.erase(tempPassInfo);
}
}
@@ -447,7 +461,10 @@
int result = 0;
char searchFilter[SYNCSERV_BUF_SIZE];
- results = NULL;
+ if (results != NULL) {
+ ldap_msgfree(results);
+ results = NULL;
+ }
_snprintf(searchFilter, SYNCSERV_BUF_SIZE, "(%s=%s)", ldapUsernameField, username);
@@ -640,6 +657,12 @@
tempPassInfo = currentPassInfo;
currentPassInfo++;
+
+ // free the username and password
+ free(tempPassInfo->username);
+ free(tempPassInfo->password);
+
+ // remove the change from the list
passInfoList.erase(tempPassInfo);
}
else
From fedora-directory-commits at redhat.com Sat Mar 18 00:37:05 2006
From: fedora-directory-commits at redhat.com (Nathan Kinder (nkinder))
Date: Fri, 17 Mar 2006 19:37:05 -0500
Subject: [Fedora-directory-commits] winsync/passwordsync/wix PassSync.wxs,
1.12, 1.13
Message-ID: <200603180037.k2I0b5x3012305@cvs-int.fedora.redhat.com>
Author: nkinder
Update of /cvs/dirsec/winsync/passwordsync/wix
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv12256/passwordsync/wix
Modified Files:
PassSync.wxs
Log Message:
186765 - Fixed memory leaks in passsync service
Index: PassSync.wxs
===================================================================
RCS file: /cvs/dirsec/winsync/passwordsync/wix/PassSync.wxs,v
retrieving revision 1.12
retrieving revision 1.13
diff -u -r1.12 -r1.13
--- PassSync.wxs 14 Oct 2005 16:00:00 -0000 1.12
+++ PassSync.wxs 18 Mar 2006 00:36:57 -0000 1.13
@@ -38,7 +38,7 @@
+ Version='1.0.2' Manufacturer='Fedora Project'>
Author: nkinder
Update of /cvs/dirsec/winsync/passwordsync
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv12256/passwordsync
Modified Files:
passhand.cpp
Log Message:
186765 - Fixed memory leaks in passsync service
Index: passhand.cpp
===================================================================
RCS file: /cvs/dirsec/winsync/passwordsync/passhand.cpp,v
retrieving revision 1.7
retrieving revision 1.8
diff -u -r1.7 -r1.8
--- passhand.cpp 19 Apr 2005 22:07:43 -0000 1.7
+++ passhand.cpp 18 Mar 2006 00:36:33 -0000 1.8
@@ -62,7 +62,7 @@
fstream outFile;
PASS_INFO_LIST_ITERATOR currentPair;
strstream plainTextStream;
- char* cipherTextBuf;
+ char* cipherTextBuf = NULL;
int usernameLen;
int passwordLen;
int plainTextLen;
@@ -90,7 +90,10 @@
// cipherTextBuf length must be at least plainTextLen + 8
cipherTextLen = plainTextLen + 8;
- cipherTextBuf = (char*)malloc(cipherTextLen);
+ if ((cipherTextBuf = (char*)malloc(cipherTextLen)) == NULL) {
+ result = -1;
+ goto exit;
+ }
if(encrypt(plainTextStream.str(), plainTextLen, cipherTextBuf, cipherTextLen, &resultTextLen) != 0)
{
@@ -109,6 +112,7 @@
outFile.close();
exit:
+ free(cipherTextBuf);
return result;
}
@@ -119,8 +123,8 @@
fstream inFile;
PASS_INFO newPair;
strstream* plainTextStream;
- char* cipherTextBuf;
- char* plainTextBuf;
+ char* cipherTextBuf = NULL;
+ char* plainTextBuf = NULL;
int usernameLen;
int passwordLen;
int plainTextLen;
@@ -145,6 +149,12 @@
cipherTextBuf = (char*)malloc(cipherTextLen);
plainTextBuf = (char*)malloc(plainTextLen);
+ if ((cipherTextBuf == NULL) || (plainTextBuf == NULL)) {
+ result = -1;
+ inFile.close();
+ goto exit;
+ }
+
inFile.read(cipherTextBuf, cipherTextLen);
inFile.close();
@@ -183,6 +193,8 @@
delete plainTextStream;
exit:
+ free(cipherTextBuf);
+ free(plainTextBuf);
return result;
}
@@ -205,7 +217,6 @@
PK11Context* EncContext = NULL;
unsigned char gKey[] = KEY;
unsigned char gIV[] = IV;
- PK11SymKey* key = NULL;
SECItem keyItem;
SECItem ivItem;
CK_MECHANISM_TYPE cipherMech = CKM_DES_CBC_PAD;
@@ -234,6 +245,7 @@
SymKey = PK11_ImportSymKey(slot, cipherMech, PK11_OriginUnwrap, CKA_ENCRYPT, &keyItem, NULL);
if(SymKey == NULL)
{
+ PK11_FreeSlot(slot);
result = PR_GetError();
goto exit;
}
@@ -247,6 +259,7 @@
if(SymKey != NULL)
{
PK11_FreeSymKey(SymKey);
+ PK11_FreeSlot(slot);
}
result = PR_GetError();
goto exit;
@@ -266,6 +279,7 @@
// Clean up
PK11_DestroyContext(EncContext, PR_TRUE);
PK11_FreeSymKey(SymKey);
+ PK11_FreeSlot(slot);
SECITEM_FreeItem(SecParam, PR_TRUE);
if((rv2 != SECSuccess) || (rv2 != SECSuccess))
@@ -288,7 +302,6 @@
PK11Context* EncContext = NULL;
unsigned char gKey[] = KEY;
unsigned char gIV[] = IV;
- PK11SymKey* key = NULL;
SECItem keyItem;
SECItem ivItem;
CK_MECHANISM_TYPE cipherMech = CKM_DES_CBC_PAD;
@@ -317,6 +330,7 @@
SymKey = PK11_ImportSymKey(slot, cipherMech, PK11_OriginUnwrap, CKA_ENCRYPT, &keyItem, NULL);
if(SymKey == NULL)
{
+ PK11_FreeSlot(slot);
result = PR_GetError();
goto exit;
}
@@ -330,6 +344,7 @@
if(SymKey != NULL)
{
PK11_FreeSymKey(SymKey);
+ PK11_FreeSlot(slot);
}
result = PR_GetError();
goto exit;
@@ -349,6 +364,7 @@
// Clean up
PK11_DestroyContext(EncContext, PR_TRUE);
PK11_FreeSymKey(SymKey);
+ PK11_FreeSlot(slot);
SECITEM_FreeItem(SecParam, PR_TRUE);
if((rv2 != SECSuccess) || (rv2 != SECSuccess))
From fedora-directory-commits at redhat.com Sat Mar 18 00:36:59 2006
From: fedora-directory-commits at redhat.com (Nathan Kinder (nkinder))
Date: Fri, 17 Mar 2006 19:36:59 -0500
Subject: [Fedora-directory-commits] winsync/passwordsync/passsync dssynch.h,
1.6, 1.7 syncserv.cpp, 1.11, 1.12
Message-ID: <200603180037.k2I0bTeP012312@cvs-int.fedora.redhat.com>
Author: nkinder
Update of /cvs/dirsec/winsync/passwordsync/passsync
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv12256/passwordsync/passsync
Modified Files:
dssynch.h syncserv.cpp
Log Message:
186765 - Fixed memory leaks in passsync service
Index: dssynch.h
===================================================================
RCS file: /cvs/dirsec/winsync/passwordsync/passsync/dssynch.h,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- dssynch.h 11 Oct 2005 15:40:35 -0000 1.6
+++ dssynch.h 18 Mar 2006 00:36:39 -0000 1.7
@@ -65,6 +65,6 @@
#define DS_SERVICE_NAME_UNI L"Netscape Directory Synchronization Service"
#define DS_EVENT_NAME TEXT("Netscape DirSynch")
#define DSS_TERM_EVENT TEXT("NS_DSSYNCH")
-#define SYNCH_VERSION "1.0.1"
+#define SYNCH_VERSION "1.0.2"
#endif // _DSSYNCH_H_
Index: syncserv.cpp
===================================================================
RCS file: /cvs/dirsec/winsync/passwordsync/passsync/syncserv.cpp,v
retrieving revision 1.11
retrieving revision 1.12
diff -u -r1.11 -r1.12
--- syncserv.cpp 14 Oct 2005 17:58:19 -0000 1.11
+++ syncserv.cpp 18 Mar 2006 00:36:39 -0000 1.12
@@ -242,6 +242,7 @@
}
exit:
+ clearSet(&passInfoList);
CloseHandle(passhookEventHandle);
}
@@ -254,7 +255,7 @@
PASS_INFO_LIST emptyPassInfoList;
PASS_INFO_LIST_ITERATOR currentPassInfo;
PASS_INFO_LIST_ITERATOR tempPassInfo;
- char* dn;
+ char* dn = NULL;
int tempSize = passInfoList.size();
if(loadSet(&passInfoList, dataFilename) == 0)
@@ -349,6 +350,9 @@
timeStamp(&outLog);
outLog << "Deferring password change for " << currentPassInfo->username << endl;
currentPassInfo++;
+ // free dn
+ ldap_memfree(dn);
+ dn = NULL;
continue;
}
else
@@ -366,6 +370,16 @@
timeStamp(&outLog);
outLog << "Removing password change from list" << endl;
}
+
+ // free the dn
+ ldap_memfree(dn);
+ dn = NULL;
+
+ // free the username and password
+ free(tempPassInfo->username);
+ free(tempPassInfo->password);
+
+ // remove the completed change from the list
passInfoList.erase(tempPassInfo);
}
}
@@ -447,7 +461,10 @@
int result = 0;
char searchFilter[SYNCSERV_BUF_SIZE];
- results = NULL;
+ if (results != NULL) {
+ ldap_msgfree(results);
+ results = NULL;
+ }
_snprintf(searchFilter, SYNCSERV_BUF_SIZE, "(%s=%s)", ldapUsernameField, username);
@@ -640,6 +657,12 @@
tempPassInfo = currentPassInfo;
currentPassInfo++;
+
+ // free the username and password
+ free(tempPassInfo->username);
+ free(tempPassInfo->password);
+
+ // remove the change from the list
passInfoList.erase(tempPassInfo);
}
else
From fedora-directory-commits at redhat.com Sat Mar 18 00:53:59 2006
From: fedora-directory-commits at redhat.com (Noriko Hosoi (nhosoi))
Date: Fri, 17 Mar 2006 19:53:59 -0500
Subject: [Fedora-directory-commits] ldapserver/ldap/cm fedora-patch.inf,
1.1.2.11, 1.1.2.12 redhat-patch.inf, 1.1.2.11, 1.1.2.12
Message-ID: <200603180053.k2I0rx4I012453@cvs-int.fedora.redhat.com>
Author: nhosoi
Update of /cvs/dirsec/ldapserver/ldap/cm
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv12419/ldap/cm
Modified Files:
Tag: Directory71RtmBranch
fedora-patch.inf redhat-patch.inf
Log Message:
[185765] PassSync service leaks memory
Picking up fixed PassSync.msi
Index: fedora-patch.inf
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/cm/fedora-patch.inf,v
retrieving revision 1.1.2.11
retrieving revision 1.1.2.12
diff -u -r1.1.2.11 -r1.1.2.12
--- fedora-patch.inf 7 Mar 2006 00:52:08 -0000 1.1.2.11
+++ fedora-patch.inf 18 Mar 2006 00:53:51 -0000 1.1.2.12
@@ -59,7 +59,7 @@
file: 164836,165600: lib/attr-unique-plugin.*
file: 165640: lib/views-plugin.*
file: 167478,160589: setup/setup
-file: 156120,159037,170321,170328,170556,170558,170816: winsync/PassSync.msi
+file: 156120,159037,170321,170328,170556,170558,170816,185765: winsync/PassSync.msi
file: 167761: java/jars/ds71.jar
file: 169388,169954,170071,170350,181827,179135,179137: lib/replication-plugin.*
file: xxxxxx: bin/slapd/README.txt
Index: redhat-patch.inf
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/cm/redhat-patch.inf,v
retrieving revision 1.1.2.11
retrieving revision 1.1.2.12
diff -u -r1.1.2.11 -r1.1.2.12
--- redhat-patch.inf 7 Mar 2006 00:52:08 -0000 1.1.2.11
+++ redhat-patch.inf 18 Mar 2006 00:53:51 -0000 1.1.2.12
@@ -59,7 +59,7 @@
file: 164836,165600: lib/attr-unique-plugin.*
file: 165640: lib/views-plugin.*
file: 167478,160589: setup/setup
-file: 156120,159037,170321,170328,170556,170558,170816: winsync/PassSync.msi
+file: 156120,159037,170321,170328,170556,170558,170816,185765: winsync/PassSync.msi
file: 167761: java/jars/ds71.jar
file: 169388,169954,170071,170350,181827,179135,179137: lib/replication-plugin.*
file: xxxxxx: bin/slapd/README.txt
From fedora-directory-commits at redhat.com Sat Mar 18 00:53:53 2006
From: fedora-directory-commits at redhat.com (Noriko Hosoi (nhosoi))
Date: Fri, 17 Mar 2006 19:53:53 -0500
Subject: [Fedora-directory-commits] ldapserver component_versions.mk,
1.35.2.3, 1.35.2.4
Message-ID: <200603180054.k2I0sO3K012456@cvs-int.fedora.redhat.com>
Author: nhosoi
Update of /cvs/dirsec/ldapserver
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv12419
Modified Files:
Tag: Directory71RtmBranch
component_versions.mk
Log Message:
[185765] PassSync service leaks memory
Picking up fixed PassSync.msi
Index: component_versions.mk
===================================================================
RCS file: /cvs/dirsec/ldapserver/component_versions.mk,v
retrieving revision 1.35.2.3
retrieving revision 1.35.2.4
diff -u -r1.35.2.3 -r1.35.2.4
--- component_versions.mk 15 Feb 2006 21:32:16 -0000 1.35.2.3
+++ component_versions.mk 18 Mar 2006 00:53:46 -0000 1.35.2.4
@@ -250,7 +250,7 @@
endif
ifndef ADSYNC_VERSION
- ADSYNC_VERSION=20051017
+ ADSYNC_VERSION=20060317
endif
ifndef NT4SYNC_VERSION
From fedora-directory-commits at redhat.com Sat Mar 18 17:48:45 2006
From: fedora-directory-commits at redhat.com (Nathan Kinder (nkinder))
Date: Sat, 18 Mar 2006 12:48:45 -0500
Subject: [Fedora-directory-commits] ldapserver/ldap/servers/slapd log.c,
1.6.2.1, 1.6.2.2 proto-slap.h, 1.10.2.2, 1.10.2.3 util.c,
1.6.2.1, 1.6.2.2
Message-ID: <200603181748.k2IHmjIc020892@cvs-int.fedora.redhat.com>
Author: nkinder
Update of /cvs/dirsec/ldapserver/ldap/servers/slapd
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv20871
Modified Files:
Tag: Directory71RtmBranch
log.c proto-slap.h util.c
Log Message:
185811 - Fixed windows build failures when compiling slapd_chown_if_not_owner function
Index: log.c
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/log.c,v
retrieving revision 1.6.2.1
retrieving revision 1.6.2.2
diff -u -r1.6.2.1 -r1.6.2.2
--- log.c 23 Nov 2005 01:22:16 -0000 1.6.2.1
+++ log.c 18 Mar 2006 17:48:37 -0000 1.6.2.2
@@ -3298,12 +3298,13 @@
*/
return LOG_UNABLE_TO_OPENFILE;
}
-
+#ifndef _WIN32
/* make sure the logfile is owned by the localuser. If one of the
* alternate ns-slapd modes, such as db2bak, tries to log an error
* at startup, it will create the logfile as root!
*/
slapd_chown_if_not_owner(loginfo.log_error_file, pw->pw_uid, -1);
+#endif
loginfo.log_error_fdes = fp;
if (logfile_state == LOGFILE_REOPENED) {
Index: proto-slap.h
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/proto-slap.h,v
retrieving revision 1.10.2.2
retrieving revision 1.10.2.3
diff -u -r1.10.2.2 -r1.10.2.3
--- proto-slap.h 23 Nov 2005 01:22:16 -0000 1.10.2.2
+++ proto-slap.h 18 Mar 2006 17:48:37 -0000 1.10.2.3
@@ -588,7 +588,9 @@
*/
void slapd_nasty(char* str, int c, int err);
int strarray2str( char **a, char *buf, size_t buflen, int include_quotes );
-int slapd_slapd_chown_if_not_owner(const char *filename, uid_t uid, gid_t gid);
+#ifndef _WIN32
+int slapd_chown_if_not_owner(const char *filename, uid_t uid, gid_t gid);
+#endif
/*
* modify.c
Index: util.c
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/util.c,v
retrieving revision 1.6.2.1
retrieving revision 1.6.2.2
diff -u -r1.6.2.1 -r1.6.2.2
--- util.c 23 Nov 2005 01:22:16 -0000 1.6.2.1
+++ util.c 18 Mar 2006 17:48:37 -0000 1.6.2.2
@@ -637,6 +637,7 @@
Returns 0 upon success or non-zero otherwise, usually -1 if
some system error occurred
*/
+#ifndef _WIN32
int
slapd_chown_if_not_owner(const char *filename, uid_t uid, gid_t gid)
{
@@ -657,4 +658,4 @@
return result;
}
-
+#endif
From fedora-directory-commits at redhat.com Sat Mar 18 17:57:46 2006
From: fedora-directory-commits at redhat.com (Nathan Kinder (nkinder))
Date: Sat, 18 Mar 2006 12:57:46 -0500
Subject: [Fedora-directory-commits]
ldapserver/ldap/servers/slapd log.c, 1.9,
1.10 proto-slap.h, 1.16, 1.17 util.c, 1.10, 1.11
Message-ID: <200603181757.k2IHvlC8021002@cvs-int.fedora.redhat.com>
Author: nkinder
Update of /cvs/dirsec/ldapserver/ldap/servers/slapd
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv20981
Modified Files:
log.c proto-slap.h util.c
Log Message:
185811 - Fixed windows build failures when compiling slapd_chown_if_not_owner function
Index: log.c
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/log.c,v
retrieving revision 1.9
retrieving revision 1.10
diff -u -r1.9 -r1.10
--- log.c 4 Dec 2005 01:54:37 -0000 1.9
+++ log.c 18 Mar 2006 17:57:39 -0000 1.10
@@ -3540,11 +3540,13 @@
return LOG_UNABLE_TO_OPENFILE;
}
+#ifndef _WIN32
/* make sure the logfile is owned by the localuser. If one of the
* alternate ns-slapd modes, such as db2bak, tries to log an error
* at startup, it will create the logfile as root!
*/
slapd_chown_if_not_owner(loginfo.log_error_file, pw->pw_uid, -1);
+#endif
loginfo.log_error_fdes = fp;
if (logfile_state == LOGFILE_REOPENED) {
Index: proto-slap.h
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/proto-slap.h,v
retrieving revision 1.16
retrieving revision 1.17
diff -u -r1.16 -r1.17
--- proto-slap.h 25 Jan 2006 16:51:39 -0000 1.16
+++ proto-slap.h 18 Mar 2006 17:57:39 -0000 1.17
@@ -607,7 +607,9 @@
*/
void slapd_nasty(char* str, int c, int err);
int strarray2str( char **a, char *buf, size_t buflen, int include_quotes );
+#ifndef _WIN32
int slapd_chown_if_not_owner(const char *filename, uid_t uid, gid_t gid);
+#endif
int slapd_comp_path(char *p0, char *p1);
Index: util.c
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/util.c,v
retrieving revision 1.10
retrieving revision 1.11
diff -u -r1.10 -r1.11
--- util.c 16 Feb 2006 17:39:53 -0000 1.10
+++ util.c 18 Mar 2006 17:57:39 -0000 1.11
@@ -717,6 +717,7 @@
Returns 0 upon success or non-zero otherwise, usually -1 if
some system error occurred
*/
+#ifndef _WIN32
int
slapd_chown_if_not_owner(const char *filename, uid_t uid, gid_t gid)
{
@@ -737,6 +738,7 @@
return result;
}
+#endif
/*
* Compare 2 pathes
From fedora-directory-commits at redhat.com Sat Mar 18 18:05:23 2006
From: fedora-directory-commits at redhat.com (Nathan Kinder (nkinder))
Date: Sat, 18 Mar 2006 13:05:23 -0500
Subject: [Fedora-directory-commits] ldapserver component_versions.mk,
1.35.2.4, 1.35.2.5
Message-ID: <200603181805.k2II5NIx022987@cvs-int.fedora.redhat.com>
Author: nkinder
Update of /cvs/dirsec/ldapserver
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv22970
Modified Files:
Tag: Directory71RtmBranch
component_versions.mk
Log Message:
Pull new ADSYNC component for bug 186765
Index: component_versions.mk
===================================================================
RCS file: /cvs/dirsec/ldapserver/component_versions.mk,v
retrieving revision 1.35.2.4
retrieving revision 1.35.2.5
diff -u -r1.35.2.4 -r1.35.2.5
--- component_versions.mk 18 Mar 2006 00:53:46 -0000 1.35.2.4
+++ component_versions.mk 18 Mar 2006 18:05:15 -0000 1.35.2.5
@@ -250,7 +250,7 @@
endif
ifndef ADSYNC_VERSION
- ADSYNC_VERSION=20060317
+ ADSYNC_VERSION=20060318
endif
ifndef NT4SYNC_VERSION
From fedora-directory-commits at redhat.com Sat Mar 18 22:35:26 2006
From: fedora-directory-commits at redhat.com (Nathan Kinder (nkinder))
Date: Sat, 18 Mar 2006 17:35:26 -0500
Subject: [Fedora-directory-commits]
ldapserver/ldap/servers/slapd log.c, 1.10, 1.11
Message-ID: <200603182235.k2IMZQCk032266@cvs-int.fedora.redhat.com>
Author: nkinder
Update of /cvs/dirsec/ldapserver/ldap/servers/slapd
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv32249
Modified Files:
log.c
Log Message:
185811 - Need to exclude pwd.h include on windows
Index: log.c
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/log.c,v
retrieving revision 1.10
retrieving revision 1.11
diff -u -r1.10 -r1.11
--- log.c 18 Mar 2006 17:57:39 -0000 1.10
+++ log.c 18 Mar 2006 22:35:17 -0000 1.11
@@ -48,7 +48,9 @@
#include "log.h"
#include "fe.h"
+#ifndef _WIN32
#include /* getpwnam */
+#endif
#if defined( XP_WIN32 )
#include
From fedora-directory-commits at redhat.com Sat Mar 18 22:36:27 2006
From: fedora-directory-commits at redhat.com (Nathan Kinder (nkinder))
Date: Sat, 18 Mar 2006 17:36:27 -0500
Subject: [Fedora-directory-commits] ldapserver/ldap/servers/slapd log.c,
1.6.2.2, 1.6.2.3
Message-ID: <200603182236.k2IMaREq032294@cvs-int.fedora.redhat.com>
Author: nkinder
Update of /cvs/dirsec/ldapserver/ldap/servers/slapd
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv32277
Modified Files:
Tag: Directory71RtmBranch
log.c
Log Message:
185811 - Need to exclude pwd.h include on windows
Index: log.c
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/log.c,v
retrieving revision 1.6.2.2
retrieving revision 1.6.2.3
diff -u -r1.6.2.2 -r1.6.2.3
--- log.c 18 Mar 2006 17:48:37 -0000 1.6.2.2
+++ log.c 18 Mar 2006 22:36:19 -0000 1.6.2.3
@@ -48,7 +48,9 @@
#include "log.h"
#include "fe.h"
+#ifndef _WIN32
#include /* getpwnam */
+#endif
#if defined( XP_WIN32 )
#include
From fedora-directory-commits at redhat.com Sun Mar 19 18:36:47 2006
From: fedora-directory-commits at redhat.com (Nathan Kinder (nkinder))
Date: Sun, 19 Mar 2006 13:36:47 -0500
Subject: [Fedora-directory-commits]
ldapserver/ldap/servers/slapd log.c, 1.11, 1.12
Message-ID: <200603191836.k2JIalqB016089@cvs-int.fedora.redhat.com>
Author: nkinder
Update of /cvs/dirsec/ldapserver/ldap/servers/slapd
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv16072
Modified Files:
log.c
Log Message:
185811 - Don't check localuser config on Windows
Index: log.c
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/log.c,v
retrieving revision 1.11
retrieving revision 1.12
diff -u -r1.11 -r1.12
--- log.c 18 Mar 2006 22:35:17 -0000 1.11
+++ log.c 19 Mar 2006 18:36:40 -0000 1.12
@@ -3473,6 +3473,7 @@
slapdFrontendConfig_t *slapdFrontendConfig = getFrontendConfig();
+#ifndef _WIN32
if ( slapdFrontendConfig->localuser != NULL ) {
if ( (pw = getpwnam( slapdFrontendConfig->localuser )) == NULL )
return LOG_UNABLE_TO_OPENFILE;
@@ -3480,6 +3481,7 @@
else {
return LOG_UNABLE_TO_OPENFILE;
}
+#endif
if (!locked) LOG_ERROR_LOCK_WRITE( );
From fedora-directory-commits at redhat.com Sun Mar 19 18:37:52 2006
From: fedora-directory-commits at redhat.com (Nathan Kinder (nkinder))
Date: Sun, 19 Mar 2006 13:37:52 -0500
Subject: [Fedora-directory-commits] ldapserver/ldap/servers/slapd log.c,
1.6.2.3, 1.6.2.4
Message-ID: <200603191837.k2JIbqFO016113@cvs-int.fedora.redhat.com>
Author: nkinder
Update of /cvs/dirsec/ldapserver/ldap/servers/slapd
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv16096
Modified Files:
Tag: Directory71RtmBranch
log.c
Log Message:
185811 - Don't check localuser config on Windows
Index: log.c
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/log.c,v
retrieving revision 1.6.2.3
retrieving revision 1.6.2.4
diff -u -r1.6.2.3 -r1.6.2.4
--- log.c 18 Mar 2006 22:36:19 -0000 1.6.2.3
+++ log.c 19 Mar 2006 18:37:45 -0000 1.6.2.4
@@ -3232,6 +3232,7 @@
slapdFrontendConfig_t *slapdFrontendConfig = getFrontendConfig();
+#ifndef _WIN32
if ( slapdFrontendConfig->localuser != NULL ) {
if ( (pw = getpwnam( slapdFrontendConfig->localuser )) == NULL )
return LOG_UNABLE_TO_OPENFILE;
@@ -3239,6 +3240,7 @@
else {
return LOG_UNABLE_TO_OPENFILE;
}
+#endif
if (!locked) LOG_ERROR_LOCK_WRITE( );
From fedora-directory-commits at redhat.com Sun Mar 19 21:21:00 2006
From: fedora-directory-commits at redhat.com (Nathan Kinder (nkinder))
Date: Sun, 19 Mar 2006 16:21:00 -0500
Subject: [Fedora-directory-commits] ldapserver/ldap/servers/slapd
libslapd.def, 1.11.2.2, 1.11.2.3
Message-ID: <200603192121.k2JLL0HJ023577@cvs-int.fedora.redhat.com>
Author: nkinder
Update of /cvs/dirsec/ldapserver/ldap/servers/slapd
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv23543
Modified Files:
Tag: Directory71RtmBranch
libslapd.def
Log Message:
185811 - slapi_dn_find_parent needs to be added to libslapd.def for windows build to compile
Index: libslapd.def
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/libslapd.def,v
retrieving revision 1.11.2.2
retrieving revision 1.11.2.3
diff -u -r1.11.2.2 -r1.11.2.3
--- libslapd.def 9 Sep 2005 00:49:24 -0000 1.11.2.2
+++ libslapd.def 19 Mar 2006 21:20:45 -0000 1.11.2.3
@@ -114,6 +114,7 @@
; send_read_referrals @77
; ref_array_dup @78
; ref_array_dup_free @79
+ slapi_dn_find_parent @79
slapi_dn_beparent @80
slapi_ldap_init @81
slapi_ldap_unbind @82
From fedora-directory-commits at redhat.com Sun Mar 19 21:21:30 2006
From: fedora-directory-commits at redhat.com (Nathan Kinder (nkinder))
Date: Sun, 19 Mar 2006 16:21:30 -0500
Subject: [Fedora-directory-commits] ldapserver/ldap/servers/slapd
libslapd.def, 1.15, 1.16
Message-ID: <200603192121.k2JLLUfZ023595@cvs-int.fedora.redhat.com>
Author: nkinder
Update of /cvs/dirsec/ldapserver/ldap/servers/slapd
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv23552
Modified Files:
libslapd.def
Log Message:
185811 - slapi_dn_find_parent needs to be added to libslapd.def for windows build to compile
Index: libslapd.def
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/libslapd.def,v
retrieving revision 1.15
retrieving revision 1.16
diff -u -r1.15 -r1.16
--- libslapd.def 25 Jan 2006 16:51:39 -0000 1.15
+++ libslapd.def 19 Mar 2006 21:21:22 -0000 1.16
@@ -114,6 +114,7 @@
; send_read_referrals @77
; ref_array_dup @78
; ref_array_dup_free @79
+ slapi_dn_find_parent @79
slapi_dn_beparent @80
slapi_ldap_init @81
slapi_ldap_unbind @82
From fedora-directory-commits at redhat.com Mon Mar 20 17:47:24 2006
From: fedora-directory-commits at redhat.com (Nathan Kinder (nkinder))
Date: Mon, 20 Mar 2006 12:47:24 -0500
Subject: [Fedora-directory-commits]
ldapserver/ldap/servers/plugins/replication
windows_protocol_util.c, 1.24, 1.25
Message-ID: <200603201747.k2KHlOl9007707@cvs-int.fedora.redhat.com>
Author: nkinder
Update of /cvs/dirsec/ldapserver/ldap/servers/plugins/replication
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv7690
Modified Files:
windows_protocol_util.c
Log Message:
185811 - Missing const qualifiers were causing Windows compiler errors
Index: windows_protocol_util.c
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/servers/plugins/replication/windows_protocol_util.c,v
retrieving revision 1.24
retrieving revision 1.25
diff -u -r1.24 -r1.25
--- windows_protocol_util.c 20 Feb 2006 19:36:24 -0000 1.24
+++ windows_protocol_util.c 20 Mar 2006 17:47:16 -0000 1.25
@@ -2702,7 +2702,7 @@
if (0 == retval && do_modify)
{
char dnbuf[BUFSIZ];
- char *dn = slapi_sdn_get_dn(slapi_entry_get_sdn_const(remote_entry));
+ const char *dn = slapi_sdn_get_dn(slapi_entry_get_sdn_const(remote_entry));
slapi_log_error(SLAPI_LOG_REPL, windows_repl_plugin_name,
"windows_update_remote_entry: modifying entry %s\n", escape_string(dn, dnbuf));
@@ -2710,7 +2710,7 @@
} else
{
char dnbuf[BUFSIZ];
- char *dn = slapi_sdn_get_dn(slapi_entry_get_sdn_const(remote_entry));
+ const char *dn = slapi_sdn_get_dn(slapi_entry_get_sdn_const(remote_entry));
slapi_log_error(SLAPI_LOG_REPL, windows_repl_plugin_name,
"no mods generated for remote entry: %s\n", escape_string(dn, dnbuf));
}
@@ -2738,7 +2738,7 @@
if (pb)
{
char dnbuf[BUFSIZ];
- char *dn = slapi_sdn_get_dn(slapi_entry_get_sdn_const(local_entry));
+ const char *dn = slapi_sdn_get_dn(slapi_entry_get_sdn_const(local_entry));
slapi_log_error(SLAPI_LOG_REPL, windows_repl_plugin_name,
"modifying entry: %s\n", escape_string(dn, dnbuf));
slapi_modify_internal_set_pb (pb, slapi_entry_get_ndn(local_entry), slapi_mods_get_ldapmods_byref(&smods), NULL, NULL,
@@ -2760,7 +2760,7 @@
} else
{
char dnbuf[BUFSIZ];
- char *dn = slapi_sdn_get_dn(slapi_entry_get_sdn_const(local_entry));
+ const char *dn = slapi_sdn_get_dn(slapi_entry_get_sdn_const(local_entry));
slapi_log_error(SLAPI_LOG_REPL, windows_repl_plugin_name,
"no mods generated for local entry: %s\n", escape_string(dn, dnbuf));
}
From fedora-directory-commits at redhat.com Mon Mar 20 17:48:56 2006
From: fedora-directory-commits at redhat.com (Nathan Kinder (nkinder))
Date: Mon, 20 Mar 2006 12:48:56 -0500
Subject: [Fedora-directory-commits]
ldapserver/ldap/servers/plugins/replication
windows_protocol_util.c, 1.20.2.4, 1.20.2.5
Message-ID: <200603201748.k2KHmugT007738@cvs-int.fedora.redhat.com>
Author: nkinder
Update of /cvs/dirsec/ldapserver/ldap/servers/plugins/replication
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv7721
Modified Files:
Tag: Directory71RtmBranch
windows_protocol_util.c
Log Message:
185811 - Missing const qualifiers were causing Windows compiler errors
Index: windows_protocol_util.c
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/servers/plugins/replication/windows_protocol_util.c,v
retrieving revision 1.20.2.4
retrieving revision 1.20.2.5
diff -u -r1.20.2.4 -r1.20.2.5
--- windows_protocol_util.c 2 Mar 2006 01:11:55 -0000 1.20.2.4
+++ windows_protocol_util.c 20 Mar 2006 17:48:49 -0000 1.20.2.5
@@ -2702,7 +2702,7 @@
if (0 == retval && do_modify)
{
char dnbuf[BUFSIZ];
- char *dn = slapi_sdn_get_dn(slapi_entry_get_sdn_const(remote_entry));
+ const char *dn = slapi_sdn_get_dn(slapi_entry_get_sdn_const(remote_entry));
slapi_log_error(SLAPI_LOG_REPL, windows_repl_plugin_name,
"windows_update_remote_entry: modifying entry %s\n", escape_string(dn, dnbuf));
@@ -2710,7 +2710,7 @@
} else
{
char dnbuf[BUFSIZ];
- char *dn = slapi_sdn_get_dn(slapi_entry_get_sdn_const(remote_entry));
+ const char *dn = slapi_sdn_get_dn(slapi_entry_get_sdn_const(remote_entry));
slapi_log_error(SLAPI_LOG_REPL, windows_repl_plugin_name,
"no mods generated for remote entry: %s\n", escape_string(dn, dnbuf));
}
@@ -2738,7 +2738,7 @@
if (pb)
{
char dnbuf[BUFSIZ];
- char *dn = slapi_sdn_get_dn(slapi_entry_get_sdn_const(local_entry));
+ const char *dn = slapi_sdn_get_dn(slapi_entry_get_sdn_const(local_entry));
slapi_log_error(SLAPI_LOG_REPL, windows_repl_plugin_name,
"modifying entry: %s\n", escape_string(dn, dnbuf));
slapi_modify_internal_set_pb (pb, slapi_entry_get_ndn(local_entry), slapi_mods_get_ldapmods_byref(&smods), NULL, NULL,
@@ -2760,7 +2760,7 @@
} else
{
char dnbuf[BUFSIZ];
- char *dn = slapi_sdn_get_dn(slapi_entry_get_sdn_const(local_entry));
+ const char *dn = slapi_sdn_get_dn(slapi_entry_get_sdn_const(local_entry));
slapi_log_error(SLAPI_LOG_REPL, windows_repl_plugin_name,
"no mods generated for local entry: %s\n", escape_string(dn, dnbuf));
}
From fedora-directory-commits at redhat.com Mon Mar 20 21:54:09 2006
From: fedora-directory-commits at redhat.com (Noriko Hosoi (nhosoi))
Date: Mon, 20 Mar 2006 16:54:09 -0500
Subject: [Fedora-directory-commits] console build.xml,1.9,1.10
Message-ID: <200603202154.k2KLs9S9017823@cvs-int.fedora.redhat.com>
Author: nhosoi
Update of /cvs/dirsec/console
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv17800
Modified Files:
build.xml
Log Message:
Put startconsole script and jar files in the same directory in the tar-gz package.
Index: build.xml
===================================================================
RCS file: /cvs/dirsec/console/build.xml,v
retrieving revision 1.9
retrieving revision 1.10
diff -u -r1.9 -r1.10
--- build.xml 2 Dec 2005 21:29:58 -0000 1.9
+++ build.xml 20 Mar 2006 21:54:02 -0000 1.10
@@ -293,7 +293,7 @@
+ prefix="fedora-console-${console.dotversion}">
From fedora-directory-commits at redhat.com Tue Mar 21 18:34:18 2006
From: fedora-directory-commits at redhat.com (Noriko Hosoi (nhosoi))
Date: Tue, 21 Mar 2006 13:34:18 -0500
Subject: [Fedora-directory-commits] adminserver/include version.h,1.6,1.7
Message-ID: <200603211834.k2LIYIsG002263@cvs-int.fedora.redhat.com>
Author: nhosoi
Update of /cvs/dirsec/adminserver/include
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv2140/include
Modified Files:
version.h
Log Message:
[Bug 186105] Admin Server Makefile updates for Internal build
. get mod_admserv, mod_restartd and mod_nss from /s/b/c (verification, for now)
. updated component versions
NSPR v4.6, NSS 3.11, JSS 3.7, LDAP C SDK v5.17, ICU 3.4,
SetupUtil 1.0 20060307, Console 1.0 20060320, AdminUtil 1.0 20060307
Index: version.h
===================================================================
RCS file: /cvs/dirsec/adminserver/include/version.h,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- version.h 28 Oct 2005 22:44:56 -0000 1.6
+++ version.h 21 Mar 2006 18:34:10 -0000 1.7
@@ -43,4 +43,4 @@
#define ADMSERV_NAME Fedora Administration Server
#define VI_COMPANYNAME "Fedora Project\0"
-#define VI_COPYRIGHT "Copyright (C) 2005 Fedora Project\0"
+#define VI_COPYRIGHT "Copyright (C) 2006 Fedora Project\0"
From fedora-directory-commits at redhat.com Tue Mar 21 18:33:50 2006
From: fedora-directory-commits at redhat.com (Noriko Hosoi (nhosoi))
Date: Tue, 21 Mar 2006 13:33:50 -0500
Subject: [Fedora-directory-commits] adminserver/admserv pkgadmin.mk, 1.42,
1.43
Message-ID: <200603211834.k2LIYLgI002266@cvs-int.fedora.redhat.com>
Author: nhosoi
Update of /cvs/dirsec/adminserver/admserv
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv2140/admserv
Modified Files:
pkgadmin.mk
Log Message:
[Bug 186105] Admin Server Makefile updates for Internal build
. get mod_admserv, mod_restartd and mod_nss from /s/b/c (verification, for now)
. updated component versions
NSPR v4.6, NSS 3.11, JSS 3.7, LDAP C SDK v5.17, ICU 3.4,
SetupUtil 1.0 20060307, Console 1.0 20060320, AdminUtil 1.0 20060307
Index: pkgadmin.mk
===================================================================
RCS file: /cvs/dirsec/adminserver/admserv/pkgadmin.mk,v
retrieving revision 1.42
retrieving revision 1.43
diff -u -r1.42 -r1.43
--- pkgadmin.mk 1 Mar 2006 15:19:00 -0000 1.42
+++ pkgadmin.mk 21 Mar 2006 18:33:43 -0000 1.43
@@ -124,20 +124,6 @@
# enable apache module packaging by default - apl is compatible with the gpl
# in this specific instance
PKG_APACHE_MODULES = 1
-ifdef PKG_APACHE_MODULES
-ifndef MOD_ADMSERV_LIB_DIR
- MOD_ADMSERV_LIB_DIR=$(BUILD_ROOT)/../mod_admserv/.libs
-endif
-ifndef MOD_RESTARTD_LIB_DIR
- MOD_RESTARTD_LIB_DIR=$(BUILD_ROOT)/../mod_restartd/.libs
-endif
-ifndef MOD_NSS_LIB_DIR
- MOD_NSS_LIB_DIR=$(BUILD_ROOT)/../mod_nss/.libs
-endif
-ifndef MOD_NSS_BIN_DIR
- MOD_NSS_BIN_DIR=$(BUILD_ROOT)/../mod_nss
-endif
-endif
ifndef NOJAVA
ALLTARGETS = pkguxClient
@@ -168,7 +154,7 @@
# grab the jar files
cd $(ADMIN_JARS) ; \
- cp -p admserv$(ADM_SUF).jar admserv$(ADM_SUF)_en.jar $(CLIENT_DIR)/java/jars
+ cp -p fedora-admserv-$(ADM_SUF).jar fedora-admserv-$(ADM_SUF)_en.jar $(CLIENT_DIR)/java/jars
#
# Cleanup before making distributable zip
@@ -342,10 +328,10 @@
# The Apache modules, if present
ifdef PKG_APACHE_MODULES
- cp $(MOD_ADMSERV_LIB_DIR)/libmodadmserv.$(DLL_SUFFIX) $(ADMIN_DIR)/bin/admin/lib
- cp $(MOD_RESTARTD_LIB_DIR)/libmodrestartd.$(DLL_SUFFIX) $(ADMIN_DIR)/bin/admin/lib
- cp $(MOD_NSS_LIB_DIR)/libmodnss.$(DLL_SUFFIX) $(ADMIN_DIR)/bin/admin/lib
- cp $(MOD_NSS_BIN_DIR)/nss_pcache $(ADMIN_DIR)/bin/admin/admin/bin
+ cp $(MOD_ADMSERV_LIBPATH)/libmodadmserv.$(DLL_SUFFIX) $(ADMIN_DIR)/bin/admin/lib
+ cp $(MOD_RESTARTD_LIBPATH)/libmodrestartd.$(DLL_SUFFIX) $(ADMIN_DIR)/bin/admin/lib
+ cp $(MOD_NSS_LIBPATH)/libmodnss.$(DLL_SUFFIX) $(ADMIN_DIR)/bin/admin/lib
+ cp $(MOD_NSS_BINPATH)/nss_pcache $(ADMIN_DIR)/bin/admin/admin/bin
endif
#
@@ -387,7 +373,7 @@
cp -p $(SETUPUTIL_BIN)/setup.inf $(PKGTOP)
-if [ -z "`egrep "\[admin\]" $(SETUPUTIL_BIN)/setup.inf`" ]; then \
components=`grep "^Components.*=" $(SETUPUTIL_BIN)/setup.inf`; \
- if [ `expr "$$components" : ".*admin"` -eq 0 ]; then \
+ if [ `expr "$$components" : ".*admin"` -eq 0 ]; then \
cat $(SETUPUTIL_BIN)/setup.inf | sed -e "s/^Components.*=.*/&, admin/" > $(PKGTOP)/setup.inf; \
fi; \
echo "" >> $(PKGTOP)/setup.inf; \
From fedora-directory-commits at redhat.com Tue Mar 21 18:33:56 2006
From: fedora-directory-commits at redhat.com (Noriko Hosoi (nhosoi))
Date: Tue, 21 Mar 2006 13:33:56 -0500
Subject: [Fedora-directory-commits] adminserver/admserv/cgi-src40 Makefile,
1.8, 1.9
Message-ID: <200603211834.k2LIYQ6J002269@cvs-int.fedora.redhat.com>
Author: nhosoi
Update of /cvs/dirsec/adminserver/admserv/cgi-src40
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv2140/admserv/cgi-src40
Modified Files:
Makefile
Log Message:
[Bug 186105] Admin Server Makefile updates for Internal build
. get mod_admserv, mod_restartd and mod_nss from /s/b/c (verification, for now)
. updated component versions
NSPR v4.6, NSS 3.11, JSS 3.7, LDAP C SDK v5.17, ICU 3.4,
SetupUtil 1.0 20060307, Console 1.0 20060320, AdminUtil 1.0 20060307
Index: Makefile
===================================================================
RCS file: /cvs/dirsec/adminserver/admserv/cgi-src40/Makefile,v
retrieving revision 1.8
retrieving revision 1.9
diff -u -r1.8 -r1.9
--- Makefile 1 Feb 2006 23:03:57 -0000 1.8
+++ Makefile 21 Mar 2006 18:33:48 -0000 1.9
@@ -388,7 +388,7 @@
$(BINDIR)/security: security.c
cd $(BINDIR); \
$(CCC) $(NONSHARED) $(CFLAGS) $(MCC_INCLUDE) -o $(BINDIR)/security \
- $(SRCDIR)/security.c -L$(NSCP_DISTDIR)/lib \
+ $(SRCDIR)/security.c \
$(ADMINSERVERLINKS)
$(BINDIR)/sec-activate: sec-activate.c
From fedora-directory-commits at redhat.com Tue Mar 21 18:34:01 2006
From: fedora-directory-commits at redhat.com (Noriko Hosoi (nhosoi))
Date: Tue, 21 Mar 2006 13:34:01 -0500
Subject: [Fedora-directory-commits] adminserver/admserv/console
build.properties, 1.10, 1.11
Message-ID: <200603211834.k2LIYWDd002272@cvs-int.fedora.redhat.com>
Author: nhosoi
Update of /cvs/dirsec/adminserver/admserv/console
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv2140/admserv/console
Modified Files:
build.properties
Log Message:
[Bug 186105] Admin Server Makefile updates for Internal build
. get mod_admserv, mod_restartd and mod_nss from /s/b/c (verification, for now)
. updated component versions
NSPR v4.6, NSS 3.11, JSS 3.7, LDAP C SDK v5.17, ICU 3.4,
SetupUtil 1.0 20060307, Console 1.0 20060320, AdminUtil 1.0 20060307
Index: build.properties
===================================================================
RCS file: /cvs/dirsec/adminserver/admserv/console/build.properties,v
retrieving revision 1.10
retrieving revision 1.11
diff -u -r1.10 -r1.11
--- build.properties 13 Feb 2006 22:13:06 -0000 1.10
+++ build.properties 21 Mar 2006 18:33:54 -0000 1.11
@@ -22,14 +22,15 @@
adminconsole.root=../..
mcc.version=1.0
-mcc.nodot.version=10
admin.core=admserv
-admin.console=${admin.core}${mcc.nodot.version}
+admin.brand=fedora
+
+admin.console=${admin.brand}-${admin.core}-${mcc.version}
console.root=${adminconsole.root}/../built/release/package/java
ldapjdk.jar=${adminconsole.root}/../imports/ldapjdk/ldapjdk.jar
-base.jar=${console.root}/fedora-base-${mcc.version}.jar
+base.jar=${console.root}/${admin.brand}-base-${mcc.version}.jar
caplugin.jar=${console.root}/caplugin/default.jar
-mcc.core=${console.root}/fedora-mcc-${mcc.version}
-nmclf.core=${console.root}/fedora-nmclf-${mcc.version}
+mcc.core=${console.root}/${admin.brand}-mcc-${mcc.version}
+nmclf.core=${console.root}/${admin.brand}-nmclf-${mcc.version}
From fedora-directory-commits at redhat.com Tue Mar 21 18:34:07 2006
From: fedora-directory-commits at redhat.com (Noriko Hosoi (nhosoi))
Date: Tue, 21 Mar 2006 13:34:07 -0500
Subject: [Fedora-directory-commits] adminserver/admserv/newinst/insadm
insadm.rc, 1.3, 1.4
Message-ID: <200603211834.k2LIYbfP002275@cvs-int.fedora.redhat.com>
Author: nhosoi
Update of /cvs/dirsec/adminserver/admserv/newinst/insadm
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv2140/admserv/newinst/insadm
Modified Files:
insadm.rc
Log Message:
[Bug 186105] Admin Server Makefile updates for Internal build
. get mod_admserv, mod_restartd and mod_nss from /s/b/c (verification, for now)
. updated component versions
NSPR v4.6, NSS 3.11, JSS 3.7, LDAP C SDK v5.17, ICU 3.4,
SetupUtil 1.0 20060307, Console 1.0 20060320, AdminUtil 1.0 20060307
Index: insadm.rc
===================================================================
RCS file: /cvs/dirsec/adminserver/admserv/newinst/insadm/insadm.rc,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- insadm.rc 2 Mar 2005 23:31:31 -0000 1.3
+++ insadm.rc 21 Mar 2006 18:33:59 -0000 1.4
@@ -48,7 +48,7 @@
VALUE "FileDescription", "Administration Server Installation Plug-in\0"
VALUE "FileVersion", "\0"
VALUE "InternalName", "INSADM\0"
- VALUE "LegalCopyright", "Copyright (C) 2005 Fedora Project\0"
+ VALUE "LegalCopyright", "Copyright (C) 2006 Fedora Project\0"
VALUE "OriginalFilename", "INSADM.DLL\0"
VALUE "ProductName", "Fedora Server Administration Setup\0"
VALUE "ProductVersion", "1, 0, 0, 1\0"
From fedora-directory-commits at redhat.com Tue Mar 21 18:34:12 2006
From: fedora-directory-commits at redhat.com (Noriko Hosoi (nhosoi))
Date: Tue, 21 Mar 2006 13:34:12 -0500
Subject: [Fedora-directory-commits]
adminserver/admserv/newinst/src Makefile, 1.8, 1.9
Message-ID: <200603211834.k2LIYhIb002278@cvs-int.fedora.redhat.com>
Author: nhosoi
Update of /cvs/dirsec/adminserver/admserv/newinst/src
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv2140/admserv/newinst/src
Modified Files:
Makefile
Log Message:
[Bug 186105] Admin Server Makefile updates for Internal build
. get mod_admserv, mod_restartd and mod_nss from /s/b/c (verification, for now)
. updated component versions
NSPR v4.6, NSS 3.11, JSS 3.7, LDAP C SDK v5.17, ICU 3.4,
SetupUtil 1.0 20060307, Console 1.0 20060320, AdminUtil 1.0 20060307
Index: Makefile
===================================================================
RCS file: /cvs/dirsec/adminserver/admserv/newinst/src/Makefile,v
retrieving revision 1.8
retrieving revision 1.9
diff -u -r1.8 -r1.9
--- Makefile 1 Feb 2006 23:04:41 -0000 1.8
+++ Makefile 21 Mar 2006 18:34:05 -0000 1.9
@@ -95,8 +95,12 @@
EXTRA_LIBS+= -ld4r
else
ifeq ($(NSOS_RELEASE), B.11.11)
- CURSES=-lHcurses
- EXTRA_LIBS+= -ld4r
+ ifeq ($(USE_64), 1)
+ CURSES=-lcurses
+ else
+ CURSES=-lHcurses
+ EXTRA_LIBS+= -ld4r
+ endif
else
CURSES=-lcurses
endif
From fedora-directory-commits at redhat.com Tue Mar 21 18:33:45 2006
From: fedora-directory-commits at redhat.com (Noriko Hosoi (nhosoi))
Date: Tue, 21 Mar 2006 13:33:45 -0500
Subject: [Fedora-directory-commits] adminserver Makefile, 1.17,
1.18 buildpaths.mk, 1.7, 1.8 components.mk, 1.41,
1.42 internal_buildpaths.mk, 1.3, 1.4 nsconfig.mk, 1.25, 1.26
Message-ID: <200603211834.k2LIYjva002283@cvs-int.fedora.redhat.com>
Author: nhosoi
Update of /cvs/dirsec/adminserver
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv2140
Modified Files:
Makefile buildpaths.mk components.mk internal_buildpaths.mk
nsconfig.mk
Log Message:
[Bug 186105] Admin Server Makefile updates for Internal build
. get mod_admserv, mod_restartd and mod_nss from /s/b/c (verification, for now)
. updated component versions
NSPR v4.6, NSS 3.11, JSS 3.7, LDAP C SDK v5.17, ICU 3.4,
SetupUtil 1.0 20060307, Console 1.0 20060320, AdminUtil 1.0 20060307
Index: Makefile
===================================================================
RCS file: /cvs/dirsec/adminserver/Makefile,v
retrieving revision 1.17
retrieving revision 1.18
diff -u -r1.17 -r1.18
--- Makefile 18 Jan 2006 18:24:14 -0000 1.17
+++ Makefile 21 Mar 2006 18:33:37 -0000 1.18
@@ -77,7 +77,7 @@
if test ! -d $(NSPLATFORM_DIR); then mkdir $(NSPLATFORM_DIR); fi;
$(PERL5) buildnum.pl -p $(NSPLATFORM_DIR)
-nsCommon: start_time $(LIBNSPR) $(LIBSECURITY) $(LIBDBM) $(LIBLDAP) $(LIBADMINUTIL) $(LIBICU) $(SETUPUTIL) $(ADMDOC) end_time
+nsCommon: start_time $(LIBNSPR) $(LIBSECURITY) $(LIBDBM) $(LIBLDAP) $(LIBADMINUTIL) $(LIBICU) $(SETUPUTIL) $(MOD_ADMSERV) $(MOD_RESTARTD) $(MOD_NSS) $(ADMDOC) end_time
#
# Notice that BUILD_MODULE is not supplied directly on this target.
Index: buildpaths.mk
===================================================================
RCS file: /cvs/dirsec/adminserver/buildpaths.mk,v
retrieving revision 1.7
retrieving revision 1.8
diff -u -r1.7 -r1.8
--- buildpaths.mk 17 Feb 2006 15:04:54 -0000 1.7
+++ buildpaths.mk 21 Mar 2006 18:33:37 -0000 1.8
@@ -81,6 +81,10 @@
LDAPSDK_SOURCE_ROOT = $(MOZILLA_SOURCE_ROOT)
#LDAP_ROOT = $(BUILD_ROOT)/../ldapsdk-5.16
+MOD_ADMSERV_SOURCE_ROOT = $(BUILD_ROOT)/../mod_admserv
+MOD_RESTARTD_SOURCE_ROOT = $(BUILD_ROOT)/../mod_restartd
+MOD_NSS_SOURCE_ROOT = $(BUILD_ROOT)/../mod_nss
+
ICU_SOURCE_ROOT = $(BUILD_ROOT)/../icu
#ICU_BUILD_DIR = $(BUILD_ROOT)/../icu-2.4
Index: components.mk
===================================================================
RCS file: /cvs/dirsec/adminserver/components.mk,v
retrieving revision 1.41
retrieving revision 1.42
diff -u -r1.41 -r1.42
--- components.mk 1 Feb 2006 23:03:41 -0000 1.41
+++ components.mk 21 Mar 2006 18:33:37 -0000 1.42
@@ -37,20 +37,24 @@
#Temporary integration area components
INT_NMCSDK = 1
-INT_ICU = 0
-INT_ADMINUTIL = 0
+INT_ICU = 1
+INT_ADMINUTIL = 1
INT_SETUPUTIL = 1
INT_LDAPSDK = 0
INT_ADMDOC = 0
+INT_MOD_ADMSERV = 1
+INT_MOD_RESTARTD = 1
+INT_MOD_NSS = 1
#To control external build vs. internal build
BUILD_MODE = ext
+ADMIN_BRAND = fedora
#############################################
# NSPR Library
############################################
-NSPR_RELDATE = v4.4.1
+NSPR_RELDATE = v4.6
NSPR_NSOBJDIR=$(NSOBJDIR_NAME)
@@ -106,7 +110,7 @@
# SECURITY LIBRARY
################################################
-SECURITY_RELDATE = NSS_3_9_3_RTM
+SECURITY_RELDATE = NSS_3_11_RTM
ifeq ($(INT_NSS), 1)
BASE_NSS = $(INT_DIR)/nss/$(SECURITY_RELDATE)
@@ -131,7 +135,7 @@
# ICU Library
#################################################
-ICU_RELDATE = libicu_2_4/20040820
+ICU_RELDATE = libicu_3_4
ICU_ROOT = $(NSCP_COMPDIR)/libicu
ICU_OBJDIR = $(NSOBJDIR_NAME)
@@ -158,7 +162,7 @@
# SETUPUTIL
##############################################################
-SETUPUTIL_RELDATE = 20051027
+SETUPUTIL_RELDATE = 20060307
SETUPUTIL_FILE = setuputil.tar.gz
SETUPUTIL_COMPNAME = setuputil/1.0
@@ -197,7 +201,7 @@
###############################################################
ADMINUTIL_SUF = 10
-ADMINUTIL_RELDATE = 20051026
+ADMINUTIL_RELDATE = 20060307
ADMINUTIL_VERSION = $(ADMINUTIL_RELDATE)
ADMINUTIL_ROOT = $(NSCP_COMPDIR)/adminutil
ADMINUTIL_COMPNAME = adminutil/1.0
@@ -267,7 +271,7 @@
# LDAP C SDK Library
#############################################################
-LDAP_RELDATE = v5.16
+LDAP_RELDATE = v5.17
LDAP_SUF = 50
LDAP_VERSION = $(LDAP_RELDATE)
@@ -280,9 +284,84 @@
$(LIBLDAP):
ifdef INTERNAL_BUILD
ifneq ($(ARCH), WINNT)
- $(PERL5) $(RELTOOLS)/ftp_puller.pl -method $(COMPONENT_PULL_METHOD) -objdir $(LDAPSDK_BUILD_DIR) -componentdir $(BASE_LDAPSDK) -files lib,tools,include
+ $(PERL5) $(RELTOOLS)/ftp_puller.pl -method $(COMPONENT_PULL_METHOD) -objdir $(LDAPSDK_BUILD_DIR) -componentdir $(BASE_LDAPSDK) -files lib,bin,include
else
- $(PERL5) $(RELTOOLS)/ftp_puller.pl -method FTP -objdir $(LDAPSDK_BUILD_DIR) -componentdir $(BASE_LDAPSDK) -files lib,tools,include
+ $(PERL5) $(RELTOOLS)/ftp_puller.pl -method FTP -objdir $(LDAPSDK_BUILD_DIR) -componentdir $(BASE_LDAPSDK) -files lib,bin,include
+endif
+else # INTERNAL_BUILD
+ @if [ ! -f $@ ]; then echo $@ does not exist - please build or download it ; exit 1 ; fi
+endif
+
+#############################################################
+# MOD_ADMSERV
+#############################################################
+
+MOD_ADMSERV_RELDATE = 20060320
+MOD_ADMSERV_SUF = 1.0
+MOD_ADMSERV_VERSION = $(MOD_ADMSERV_RELDATE)
+
+ifeq ($(INT_MOD_ADMSERV), 1)
+BASE_MOD_ADMSERV = $(INT_DIR)/mod_admserv/$(MOD_ADMSERV_SUF)/$(MOD_ADMSERV_VERSION)/$(NSOBJDIR_NAME)
+else
+BASE_MOD_ADMSERV = $(COMPONENTS_DIR)/mod_admserv/$(MOD_ADMSERV_SUF)/$(MOD_ADMSERV_VERSION)/$(NSOBJDIR_NAME)
+endif
+
+$(MOD_ADMSERV):
+ifdef INTERNAL_BUILD
+ifneq ($(ARCH), WINNT)
+ $(PERL5) $(RELTOOLS)/ftp_puller.pl -method $(COMPONENT_PULL_METHOD) -objdir $(MOD_ADMSERV_BUILD_DIR) -componentdir $(BASE_MOD_ADMSERV) -files lib
+else
+ $(PERL5) $(RELTOOLS)/ftp_puller.pl -method FTP -objdir $(MOD_ADMSERV_BUILD_DIR) -componentdir $(BASE_MOD_ADMSERV) -files lib
+endif
+else # INTERNAL_BUILD
+ @if [ ! -f $@ ]; then echo $@ does not exist - please build or download it ; exit 1 ; fi
+endif
+
+#############################################################
+# MOD_RESTARTD
+#############################################################
+
+MOD_RESTARTD_RELDATE = 20060320
+MOD_RESTARTD_SUF = 1.0
+MOD_RESTARTD_VERSION = $(MOD_RESTARTD_RELDATE)
+
+ifeq ($(INT_MOD_RESTARTD), 1)
+BASE_MOD_RESTARTD = $(INT_DIR)/mod_restartd/$(MOD_RESTARTD_SUF)/$(MOD_RESTARTD_VERSION)/$(NSOBJDIR_NAME)
+else
+BASE_MOD_RESTARTD = $(COMPONENTS_DIR)/mod_restartd/$(MOD_RESTARTD_SUF)/$(MOD_RESTARTD_VERSION)/$(NSOBJDIR_NAME)
+endif
+
+$(MOD_RESTARTD):
+ifdef INTERNAL_BUILD
+ifneq ($(ARCH), WINNT)
+ $(PERL5) $(RELTOOLS)/ftp_puller.pl -method $(COMPONENT_PULL_METHOD) -objdir $(MOD_RESTARTD_BUILD_DIR) -componentdir $(BASE_MOD_RESTARTD) -files lib
+else
+ $(PERL5) $(RELTOOLS)/ftp_puller.pl -method FTP -objdir $(MOD_RESTARTD_BUILD_DIR) -componentdir $(BASE_MOD_RESTARTD) -files lib
+endif
+else # INTERNAL_BUILD
+ @if [ ! -f $@ ]; then echo $@ does not exist - please build or download it ; exit 1 ; fi
+endif
+
+#############################################################
+# MOD_NSS
+#############################################################
+
+MOD_NSS_RELDATE = 20060320
+MOD_NSS_SUF = 1.0
+MOD_NSS_VERSION = $(MOD_NSS_RELDATE)
+
+ifeq ($(INT_MOD_NSS), 1)
+BASE_MOD_NSS = $(INT_DIR)/mod_nss/$(MOD_NSS_SUF)/$(MOD_NSS_VERSION)/$(NSOBJDIR_NAME)
+else
+BASE_MOD_NSS = $(COMPONENTS_DIR)/mod_nss/$(MOD_NSS_SUF)/$(MOD_NSS_VERSION)/$(NSOBJDIR_NAME)
+endif
+
+$(MOD_NSS):
+ifdef INTERNAL_BUILD
+ifneq ($(ARCH), WINNT)
+ $(PERL5) $(RELTOOLS)/ftp_puller.pl -method $(COMPONENT_PULL_METHOD) -objdir $(MOD_NSS_BUILD_DIR) -componentdir $(BASE_MOD_NSS) -files lib,bin
+else
+ $(PERL5) $(RELTOOLS)/ftp_puller.pl -method FTP -objdir $(MOD_NSS_BUILD_DIR) -componentdir $(BASE_MOD_NSS) -files lib,bin
endif
else # INTERNAL_BUILD
@if [ ! -f $@ ]; then echo $@ does not exist - please build or download it ; exit 1 ; fi
@@ -314,7 +393,7 @@
#############################################################
NMCJDK_SUF = 1.0
-NMCJDK_RELDATE = 20051027
+NMCJDK_RELDATE = 20060320
NMCJDK_COMP = console/$(NMCJDK_SUF)
@@ -330,7 +409,7 @@
BASE_NMCSDK = $(FED_COMPONENTS_DIR)/$(NMCJDK_COMP)/$(NMCJDK_VERSION)/$(NSOBJDIR_NAME)
endif
-NMCJDK_DIR = $(BASE_NMCSDK)/java
+NMCJDK_DIR = $(BASE_NMCSDK)/$(ADMIN_BRAND)-console-$(NMCJDK_SUF)
# since the jar files are packaged as is, they should not be symlink'ed.
NMCJDK_METHOD = FTP
@@ -339,19 +418,19 @@
ifdef INTERNAL_BUILD
mkdir -p $(CLASS_DEST)
# grab the jar files
- $(PERL5) $(RELTOOLS)/ftp_puller.pl -method $(NMCJDK_METHOD) -objdir $(CLASS_DEST) -componentdir $(NMCJDK_DIR) -files fedora-base-$(NMCJDK_SUF).jar,fedora-mcc-$(NMCJDK_SUF).jar,fedora-mcc-$(NMCJDK_SUF)_en.jar,fedora-nmclf-$(NMCJDK_SUF).jar,fedora-nmclf-$(NMCJDK_SUF)_en.jar,caplugin
+ $(PERL5) $(RELTOOLS)/ftp_puller.pl -method $(NMCJDK_METHOD) -objdir $(CLASS_DEST) -componentdir $(NMCJDK_DIR)/java -files $(ADMIN_BRAND)-base-$(NMCJDK_SUF).jar,$(ADMIN_BRAND)-mcc-$(NMCJDK_SUF).jar,$(ADMIN_BRAND)-mcc-$(NMCJDK_SUF)_en.jar,$(ADMIN_BRAND)-nmclf-$(NMCJDK_SUF).jar,$(ADMIN_BRAND)-nmclf-$(NMCJDK_SUF)_en.jar
# grab the startconsole program
- $(PERL5) $(RELTOOLS)/ftp_puller.pl -method $(NMCJDK_METHOD) -objdir $(CLASS_DEST) -componentdir $(BASE_NMCSDK) -files startconsole && chmod +x $(CLASS_DEST)/startconsole
+ $(PERL5) $(RELTOOLS)/ftp_puller.pl -method $(NMCJDK_METHOD) -objdir $(CLASS_DEST) -componentdir $(NMCJDK_DIR) -files startconsole && chmod +x $(CLASS_DEST)/startconsole
else # INTERNAL_BUILD
- @if [ ! -f $(CONSOLE_JAR_DIR)/fedora-base-1.0.jar ]; then echo The console jar files are missing from $(CONSOLE_JAR_DIR) - please build or download them ; exit 1 ; fi
+ @if [ ! -f $(CONSOLE_JAR_DIR)/$(ADMIN_BRAND)-base-$(NMCJDK_SUF).jar ]; then echo The console jar files are missing from $(CONSOLE_JAR_DIR) - please build or download them ; exit 1 ; fi
endif
#############################################################
# JSS java classes
#############################################################
-JSS_SDK_VERSION = JSS_3_5_1_RTM
-JSSSDK = jss3.jar
+JSS_SDK_VERSION = JSS_3_7_RTM
+JSSSDK = jss37.jar
XPCLASS = $(JSS_JAR_NAME)
ifeq ($(INT_JSS), 1)
Index: internal_buildpaths.mk
===================================================================
RCS file: /cvs/dirsec/adminserver/internal_buildpaths.mk,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- internal_buildpaths.mk 3 Nov 2005 23:20:38 -0000 1.3
+++ internal_buildpaths.mk 21 Mar 2006 18:33:37 -0000 1.4
@@ -76,6 +76,21 @@
LDAPSDK_BUILD_DIR = $(NSCP_COMPDIR)/ldapsdk/$(NSOBJDIR_NAME)
endif # LDAPSDK_SOURCE_ROOT
+#MOD_ADMSERV_SOURCE_ROOT = $(BUILD_ROOT)/../mod_admserv
+ifndef MOD_ADMSERV_SOURCE_ROOT
+MOD_ADMSERV_BUILD_DIR = $(NSCP_COMPDIR)/mod_admserv/$(NSOBJDIR_NAME)
+endif # MOD_ADMSERV_SOURCE_ROOT
+
+#MOD_RESTARTD_SOURCE_ROOT = $(BUILD_ROOT)/../mod_restartd
+ifndef MOD_RESTARTD_SOURCE_ROOT
+MOD_RESTARTD_BUILD_DIR = $(NSCP_COMPDIR)/mod_restartd/$(NSOBJDIR_NAME)
+endif # MOD_RESTARTD_SOURCE_ROOT
+
+#MOD_NSS_SOURCE_ROOT = $(BUILD_ROOT)/../mod_nss
+ifndef MOD_NSS_SOURCE_ROOT
+MOD_NSS_BUILD_DIR = $(NSCP_COMPDIR)/mod_nss/$(NSOBJDIR_NAME)
+endif # MOD_NSS_SOURCE_ROOT
+
#ICU_SOURCE_ROOT = $(BUILD_ROOT)/../icu
ifndef ICU_SOURCE_ROOT
ICU_BUILD_DIR = $(NSCP_COMPDIR)/libicu/$(NSOBJDIR_NAME)
Index: nsconfig.mk
===================================================================
RCS file: /cvs/dirsec/adminserver/nsconfig.mk,v
retrieving revision 1.25
retrieving revision 1.26
diff -u -r1.25 -r1.26
--- nsconfig.mk 24 Feb 2006 22:49:20 -0000 1.25
+++ nsconfig.mk 21 Mar 2006 18:33:37 -0000 1.26
@@ -530,7 +530,7 @@
endif
endif
-ADM_SUF=10
+ADM_SUF=1.0
# CLEAN THIS UP
@@ -728,16 +728,18 @@
# there are some platform specific versions as well
FREEBL_LIBS = freebl3
ifeq ($(USE_64), 1)
-ifeq ($(ARCH), SOLARIS)
-FREEBL_LIBS = freebl_64fpu_3 freebl_64int_3
-endif
+ ifeq ($(ARCH), SOLARIS)
+ FREEBL_LIBS = freebl_64fpu_3 freebl_64int_3
+ endif
else # USE_64
-ifeq ($(ARCH), SOLARIS)
-FREEBL_LIBS = freebl_32fpu_3 freebl_32int64_3 freebl_32int_3
-endif # SOLARIS
-ifeq ($(ARCH), HPUX)
-FREEBL_LIBS = freebl_32fpu_3 freebl_32int_3
-endif # HPUX
+ ifeq ($(ARCH), SOLARIS)
+ FREEBL_LIBS = freebl_32fpu_3 freebl_32int64_3 freebl_32int_3
+ endif # SOLARIS
+ ifeq ($(ARCH), HPUX)
+ ifneq ($(NSOS_TEST1), ia64) # PA-RISC only
+ FREEBL_LIBS = freebl_32fpu_3 freebl_32int_3
+ endif
+ endif # HPUX
endif # USE_64
# These files are only needed at runtime, not to link with
@@ -757,7 +759,7 @@
SECURITY_SOLIBS = $(addsuffix .$(DLL_SUFFIX), $(addprefix lib, $(SECURITY_LIBNAMES) $(SECURITY_EXTRA_RUNTIME_LIBNAMES)))
# and the .chk files
SECURITY_SOLIBS += $(addsuffix .chk, $(addprefix lib, $(SECURITY_NEED_CHK)))
-SECURITYOBJNAME = $(addsuffix .so, $(addprefix lib, $(SECURITY_LIBNAMES)))
+SECURITYOBJNAME = $(addsuffix .$(DLL_SUFFIX), $(addprefix lib, $(SECURITY_LIBNAMES)))
LIBSECURITY = $(addprefix $(SECURITY_LIBPATH)/, $(SECURITYOBJNAME))
SECURITYLINK = -L$(SECURITY_LIBPATH) $(addprefix -l, $(SECURITY_LIBNAMES))
endif
@@ -839,7 +841,7 @@
ADMINUTIL_INCLUDE = $(ADMINUTIL_SOURCE_ROOT)/built/adminutil/$(PLATFORM_DEST)/include/adminutil-$(ADMINUTIL_LIB_VERSION)
else
ADMINUTIL_LIBPATH = $(ADMINUTIL_BUILD_DIR)/lib
- ADMINUTIL_INCLUDE = $(ADMINUTIL_BUILD_DIR)/include
+ ADMINUTIL_INCLUDE = $(ADMINUTIL_BUILD_DIR)/include/adminutil-$(ADMINUTIL_LIB_VERSION)
endif
ifeq ($(ARCH), WINNT)
@@ -851,7 +853,7 @@
ADMINUTIL_LIBNAMES = admsslutil adminutil
ADMINUTIL_SOLIB_NAMES = $(addsuffix $(DLL_PRESUF), $(addprefix lib, adminutil admsslutil))
ADMINUTIL_LIBS = $(addsuffix .a, $(addprefix lib, $(ADMINUTIL_LIBNAMES)))
- ADMINUTIL_SOLIBS = $(addsuffix .$(DLL_SUFFIX).$(MAJOR_VERSION), $(ADMINUTIL_SOLIB_NAMES))
+ ADMINUTIL_SOLIBS = $(addsuffix .$(DLL_SUFFIX).$(ADMINUTIL_LIB_VERSION), $(ADMINUTIL_SOLIB_NAMES))
ADMINUTILOBJNAME = $(ADMINUTIL_SOLIBS)
LIBADMINUTIL = $(addprefix $(ADMINUTIL_LIBPATH)/, $(ADMINUTIL_SOLIBS))
ADMINUTILLINK = -L$(ADMINUTIL_LIBPATH) $(addprefix -l, $(ADMINUTIL_LIBNAMES))
@@ -869,7 +871,7 @@
else
LDAPSDK_LIBPATH = $(LDAPSDK_BUILD_DIR)/lib
LDAPSDK_INCLUDE = $(LDAPSDK_BUILD_DIR)/include
- LDAPSDK_BINPATH = $(LDAPSDK_BUILD_DIR)/tools
+ LDAPSDK_BINPATH = $(LDAPSDK_BUILD_DIR)/bin
endif
ifeq ($(ARCH), WINNT)
@@ -887,6 +889,35 @@
LIBLDAP = $(addprefix $(LDAPSDK_LIBPATH)/, $(LDAPOBJNAME))
#########################################
+# MOD_ADMSERV, RESTARTD, NSS
+#########################################
+ifdef MOD_ADMSERV_SOURCE_ROOT
+ MOD_ADMSERV_LIBPATH = $(MOD_ADMSERV_SOURCE_ROOT)/.libs
+else
+ MOD_ADMSERV_LIBPATH = $(MOD_ADMSERV_BUILD_DIR)/lib
+endif
+ifdef MOD_RESTARTD_SOURCE_ROOT
+ MOD_RESTARTD_LIBPATH = $(MOD_RESTARTD_SOURCE_ROOT)/.libs
+else
+ MOD_RESTARTD_LIBPATH = $(MOD_RESTARTD_BUILD_DIR)/lib
+endif
+ifdef MOD_NSS_SOURCE_ROOT
+ MOD_NSS_LIBPATH = $(MOD_NSS_SOURCE_ROOT)/.libs
+ MOD_NSS_BINPATH = $(MOD_NSS_SOURCE_ROOT)
+else
+ MOD_NSS_LIBPATH = $(MOD_NSS_BUILD_DIR)/lib
+ MOD_NSS_BINPATH = $(MOD_NSS_BUILD_DIR)/bin
+endif
+
+MOD_ADMSERV_LIBNAME = libmodadmserv.$(DLL_SUFFIX)
+MOD_REATARTD_LIBNAME = libmodrestartd.$(DLL_SUFFIX)
+MOD_NSS_LIBNAME = libmodnss.$(DLL_SUFFIX)
+
+MOD_ADMSERV = $(addprefix $(MOD_ADMSERV_LIBPATH)/, $(MOD_ADMSERV_LIBNAME))
+MOD_RESTARTD = $(addprefix $(MOD_RESTARTD_LIBPATH)/, $(MOD_REATARTD_LIBNAME))
+MOD_NSS = $(addprefix $(MOD_NSS_LIBPATH)/, $(MOD_NSS_LIBNAME))
+
+#########################################
# NMCSDK
#########################################
From fedora-directory-commits at redhat.com Tue Mar 21 19:48:57 2006
From: fedora-directory-commits at redhat.com (Noriko Hosoi (nhosoi))
Date: Tue, 21 Mar 2006 14:48:57 -0500
Subject: [Fedora-directory-commits] adminserver Makefile, 1.18,
1.19 buildpaths.mk, 1.8, 1.9 components.mk, 1.42,
1.43 internal_buildpaths.mk, 1.4, 1.5 nsconfig.mk, 1.26, 1.27
Message-ID: <200603211948.k2LJmv6m004801@cvs-int.fedora.redhat.com>
Author: nhosoi
Update of /cvs/dirsec/adminserver
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv4776
Modified Files:
Makefile buildpaths.mk components.mk internal_buildpaths.mk
nsconfig.mk
Log Message:
[186105] Admin Server Makefile updates for Internal build
. stopped pulling and packaging DBM
. removed internal/external switch for AdminUtil and SetupUtil
Index: Makefile
===================================================================
RCS file: /cvs/dirsec/adminserver/Makefile,v
retrieving revision 1.18
retrieving revision 1.19
diff -u -r1.18 -r1.19
--- Makefile 21 Mar 2006 18:33:37 -0000 1.18
+++ Makefile 21 Mar 2006 19:48:49 -0000 1.19
@@ -77,7 +77,7 @@
if test ! -d $(NSPLATFORM_DIR); then mkdir $(NSPLATFORM_DIR); fi;
$(PERL5) buildnum.pl -p $(NSPLATFORM_DIR)
-nsCommon: start_time $(LIBNSPR) $(LIBSECURITY) $(LIBDBM) $(LIBLDAP) $(LIBADMINUTIL) $(LIBICU) $(SETUPUTIL) $(MOD_ADMSERV) $(MOD_RESTARTD) $(MOD_NSS) $(ADMDOC) end_time
+nsCommon: start_time $(LIBNSPR) $(LIBSECURITY) $(LIBLDAP) $(LIBADMINUTIL) $(LIBICU) $(SETUPUTIL) $(MOD_ADMSERV) $(MOD_RESTARTD) $(MOD_NSS) $(ADMDOC) end_time
#
# Notice that BUILD_MODULE is not supplied directly on this target.
Index: buildpaths.mk
===================================================================
RCS file: /cvs/dirsec/adminserver/buildpaths.mk,v
retrieving revision 1.8
retrieving revision 1.9
diff -u -r1.8 -r1.9
--- buildpaths.mk 21 Mar 2006 18:33:37 -0000 1.8
+++ buildpaths.mk 21 Mar 2006 19:48:49 -0000 1.9
@@ -70,23 +70,16 @@
endif
NSPR_SOURCE_ROOT = $(MOZILLA_SOURCE_ROOT)
-#NSPR_BUILD_DIR = $(BUILD_ROOT)/../nspr-4.4.1
-
-DBM_SOURCE_ROOT = $(MOZILLA_SOURCE_ROOT)
-#DBM_BUILD_DIR = $(BUILD_ROOT)/../nss-3.9.3
SECURITY_SOURCE_ROOT = $(MOZILLA_SOURCE_ROOT)
-#SECURITY_BUILD_DIR = $(BUILD_ROOT)/../nss-3.9.3
LDAPSDK_SOURCE_ROOT = $(MOZILLA_SOURCE_ROOT)
-#LDAP_ROOT = $(BUILD_ROOT)/../ldapsdk-5.16
MOD_ADMSERV_SOURCE_ROOT = $(BUILD_ROOT)/../mod_admserv
MOD_RESTARTD_SOURCE_ROOT = $(BUILD_ROOT)/../mod_restartd
MOD_NSS_SOURCE_ROOT = $(BUILD_ROOT)/../mod_nss
ICU_SOURCE_ROOT = $(BUILD_ROOT)/../icu
-#ICU_BUILD_DIR = $(BUILD_ROOT)/../icu-2.4
ADMINUTIL_SOURCE_ROOT = $(BUILD_ROOT)/../adminutil
#ADMINUTIL_BUILD_DIR = $(NSCP_DISTDIR_FULL_RTL)/adminutil
Index: components.mk
===================================================================
RCS file: /cvs/dirsec/adminserver/components.mk,v
retrieving revision 1.42
retrieving revision 1.43
diff -u -r1.42 -r1.43
--- components.mk 21 Mar 2006 18:33:37 -0000 1.42
+++ components.mk 21 Mar 2006 19:48:49 -0000 1.43
@@ -80,31 +80,6 @@
else # INTERNAL_BUILD
@if [ ! -f $@ ]; then echo $@ does not exist - please build or download it ; exit 1 ; fi
endif
-###############################################
-# DBM Library
-##############################################
-
-DBM_RELDATE = DBM_1_61_RTM
-
-ifeq ($(INT_DBM), 1)
-BASE_DBM = $(INT_DIR)/dbm/$(DBM_RELDATE)
-else
-BASE_DBM = $(COMPONENTS_DIR)/dbm/$(DBM_RELDATE)
-endif
-
-$(LIBDBM):
-ifdef INTERNAL_BUILD
-ifneq ($(ARCH), WINNT)
- $(PERL5) $(RELTOOLS)/ftp_puller.pl -method $(COMPONENT_PULL_METHOD) -objdir $(NSCP_DISTDIR)/dbm -componentdir $(BASE_DBM) -files xpheader.jar -unzip $(NSCP_DISTDIR)/include
- $(PERL5) $(RELTOOLS)/ftp_puller.pl -method $(COMPONENT_PULL_METHOD) -objdir $(NSCP_DISTDIR)/dbm -componentdir $(BASE_DBM)/$(NSOBJDIR_NAME) -files mdbinary.jar -unzip $(NSCP_DISTDIR)
-else
- $(PERL5) $(RELTOOLS)/ftp_puller.pl -method FTP -objdir $(NSCP_DISTDIR)/dbm -componentdir $(BASE_DBM) -files xpheader.jar -unzip $(NSCP_DISTDIR)/include
- $(PERL5) $(RELTOOLS)/ftp_puller.pl -method FTP -objdir $(NSCP_DISTDIR)/dbm -componentdir $(BASE_DBM)/$(NSOBJDIR_NAME) -files mdbinary.jar -unzip $(NSCP_DISTDIR)
-endif
-else # INTERNAL_BUILD
- @if [ ! -f $@ ]; then echo $@ does not exist - please build or download it ; exit 1 ; fi
-endif
-
################################################
# SECURITY LIBRARY
@@ -170,7 +145,6 @@
SETUPUTIL_OBJDIR = $(NSOBJDIR_NAME)
-ifeq ($(BUILD_MODE), int)
ifeq ($(INT_SETUPUTIL), 1)
#intenal & integration
BASE_SETUPUTIL = $(INT_DIR)/$(SETUPUTIL_COMPNAME)/$(SETUPUTIL_RELDATE)/$(SETUPUTIL_OBJDIR)
@@ -178,10 +152,6 @@
#intenal & components
BASE_SETUPUTIL = $(COMPONENTS_DIR)/$(SETUPUTIL_COMPNAME)/$(SETUPUTIL_RELDATE)/$(SETUPUTIL_OBJDIR)
endif
-else
-#fedora
- BASE_SETUPUTIL = $(FED_COMPONENTS_DIR)/$(SETUPUTIL_COMPNAME)/$(SETUPUTIL_RELDATE)/$(SETUPUTIL_OBJDIR)
-endif
SETUPUTIL_DEST = $(SETUPUTIL_ROOT)/$(SETUPUTIL_OBJDIR)
@@ -208,7 +178,6 @@
ADMINUTILOBJDIR = $(NSOBJDIR_NAME)
-ifeq ($(BUILD_MODE), int)
ifeq ($(INT_ADMINUTIL), 1)
#intenal & integration
BASE_ADMINUTIL = $(INT_DIR)/$(ADMINUTIL_COMPNAME)/$(ADMINUTIL_VERSION)/$(ADMINUTILOBJDIR)
@@ -216,11 +185,6 @@
#intenal & components
BASE_ADMINUTIL = $(COMPONENTS_DIR)/$(ADMINUTIL_COMPNAME)/$(ADMINUTIL_VERSION)/$(ADMINUTILOBJDIR)
endif
-else
-#fedora
- BASE_ADMINUTIL = $(FED_COMPONENTS_DIR)/$(ADMINUTIL_COMPNAME)/$(ADMINUTIL_VERSION)/$(ADMINUTILOBJDIR)
-endif
-
$(LIBADMINUTIL):
ifdef INTERNAL_BUILD
Index: internal_buildpaths.mk
===================================================================
RCS file: /cvs/dirsec/adminserver/internal_buildpaths.mk,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -r1.4 -r1.5
--- internal_buildpaths.mk 21 Mar 2006 18:33:37 -0000 1.4
+++ internal_buildpaths.mk 21 Mar 2006 19:48:49 -0000 1.5
@@ -61,11 +61,6 @@
NSPR_BUILD_DIR = $(NSCP_DISTDIR)
endif # NSPR_SOURCE_ROOT
-#DBM_SOURCE_ROOT = $(MOZILLA_SOURCE_ROOT)
-ifndef DBM_SOURCE_ROOT
-DBM_BUILD_DIR = $(NSCP_DISTDIR)
-endif # DBM_SOURCE_ROOT
-
#SECURITY_SOURCE_ROOT = $(MOZILLA_SOURCE_ROOT)
ifndef SECURITY_SOURCE_ROOT
SECURITY_BUILD_DIR = $(NSCP_DISTDIR)
Index: nsconfig.mk
===================================================================
RCS file: /cvs/dirsec/adminserver/nsconfig.mk,v
retrieving revision 1.26
retrieving revision 1.27
diff -u -r1.26 -r1.27
--- nsconfig.mk 21 Mar 2006 18:33:37 -0000 1.26
+++ nsconfig.mk 21 Mar 2006 19:48:49 -0000 1.27
@@ -541,7 +541,6 @@
# AS INCLUDE DEFDINED HERE
MCC_INCLUDE=-I$(NSROOT)/include \
-I$(NSCP_DISTDIR)/include \
- -I$(DBM_INCLUDE) \
-I$(NSPR_INCLUDE) \
-I$(SECURITY_INCLUDE) \
-I$(ICU_INCLUDE) \
@@ -682,29 +681,6 @@
NSPRLINK = -L$(NSPR_LIBPATH) $(addprefix -l, $(NSPR_LIBNAMES))
endif
-##############################
-# DBM
-#############################
-
-ifdef NSPR_SOURCE_ROOT
- DBM_LIBPATH = $(DBM_SOURCE_ROOT)/dist/$(MOZ_OBJDIR_NAME)/lib
- DBM_INCLUDE = $(DBM_SOURCE_ROOT)/dist/public/dbm
-else
- DBM_LIBPATH = $(DBM_BUILD_DIR)/lib
- DBM_INCLUDE = $(DBM_BUILD_DIR)/include
-endif
-ifeq ($(ARCH), WINNT)
-DBM_LIBNAMES = dbm
-DBMOBJNAME = $(addsuffix .lib, $(DBM_LIBNAMES))
-LIBDBM = $(addprefix $(DBM_LIBPATH)/, $(DBMOBJNAME))
-else
-DBM_LIBNAMES = dbm
-DBM_SOLIBS = $(addsuffix .$(DLL_SUFFIX), $(addprefix lib, $(DBM_LIBNAMES)))
-DBMROBJNAME = $(addsuffix .a, $(addprefix lib, $(DBM_LIBNAMES)))
-LIBDBM = $(addprefix $(DBM_LIBPATH)/, $(DBMROBJNAME))
-DBMLINK = -L$(DBM_LIBPATH) $(addprefix -l, $(DBM_LIBNAMES))
-endif
-
#############################
# NSS
############################
From fedora-directory-commits at redhat.com Tue Mar 21 22:24:09 2006
From: fedora-directory-commits at redhat.com (Noriko Hosoi (nhosoi))
Date: Tue, 21 Mar 2006 17:24:09 -0500
Subject: [Fedora-directory-commits] adminserver/lib/base file.cpp,1.5,1.6
Message-ID: <200603212224.k2LMOAY3012432@cvs-int.fedora.redhat.com>
Author: nhosoi
Update of /cvs/dirsec/adminserver/lib/base
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv12329/lib/base
Modified Files:
file.cpp
Log Message:
[186105] Admin Server Makefile updates for Internal build
javarules.mk: changed to use the appropriate version of JDKs
file.cpp: changed use strerror instead of sys_errlist
Index: file.cpp
===================================================================
RCS file: /cvs/dirsec/adminserver/lib/base/file.cpp,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- file.cpp 18 Aug 2005 19:18:27 -0000 1.5
+++ file.cpp 21 Mar 2006 22:23:50 -0000 1.6
@@ -497,14 +497,6 @@
return 0;
}
-#ifdef XP_UNIX
-#ifdef LINUX
-extern const char *const sys_errlist[];
-#else
-extern char *sys_errlist[];
-#endif
-#endif
-
#define ERRMSG_SIZE 35
#include "util.h"
@@ -561,7 +553,7 @@
lmsg = system_winerr();
SetLastError(0);
#else
- lmsg = (char *)sys_errlist[errno];
+ lmsg = strerror(errno);
errno = 0;
#endif
}
From fedora-directory-commits at redhat.com Tue Mar 21 22:23:52 2006
From: fedora-directory-commits at redhat.com (Noriko Hosoi (nhosoi))
Date: Tue, 21 Mar 2006 17:23:52 -0500
Subject: [Fedora-directory-commits]
adminserver/admserv/console javarules.mk, 1.5, 1.6
Message-ID: <200603212224.k2LMOMfK012435@cvs-int.fedora.redhat.com>
Author: nhosoi
Update of /cvs/dirsec/adminserver/admserv/console
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv12329/admserv/console
Modified Files:
javarules.mk
Log Message:
[186105] Admin Server Makefile updates for Internal build
javarules.mk: changed to use the appropriate version of JDKs
file.cpp: changed use strerror instead of sys_errlist
Index: javarules.mk
===================================================================
RCS file: /cvs/dirsec/adminserver/admserv/console/javarules.mk,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- javarules.mk 9 Sep 2005 18:46:01 -0000 1.5
+++ javarules.mk 21 Mar 2006 22:23:38 -0000 1.6
@@ -26,6 +26,10 @@
# Identify tools, directories, classpath for building the Admin
# console
+BUILD_ROOT=$(shell cd ../..;pwd)
+
+include $(BUILD_ROOT)/nsconfig.mk
+
# Java setup ##############################################
# disable optimized builds for now until we can figure out why
@@ -39,9 +43,9 @@
PATH_SEP := :
ifeq ($(OS), Windows_NT)
- GET_JAVA_FROM_PATH := 1
- PATH_SEP := ;
- EXE_SUFFIX := .exe
+ GET_JAVA_FROM_PATH := 1
+ PATH_SEP := ;
+ EXE_SUFFIX := .exe
endif
# For NT, assume a locally installed JDK
@@ -50,42 +54,32 @@
JDKCOMP := $(shell which javac)
JDKPRELIB := $(subst bin/javac$(EXE_SUFFIX),lib,$(JDKCOMP))
JDKLIB := $(addprefix $(JDKPRELIB)/,tools.jar)
-else
+
+else # !GET_JAVA_FROM_PATH
# For UNIX, use JDK and JAR files over NFS
# Use NT classes.zip; doesn't matter that it was compiled on NT
#
-# Version 1.4.0_01 of the JDK does not seem to run well on RHEL 3.0
ifeq ($(ARCH), Linux)
- JDK_VERSION=1.4.2
+ JDK_BASE=ibmjdk
+ JDK_VERSION=1.4.2_SR3
+ JDK_VERSDIR=$(JDK_VERSION)/$(NSOBJDIR_NAME)
else
- ifeq ($(ARCH), HPUX)
- JDK_VERSION=1.4.1_05
- else
- JDK_VERSION=1.4.0_01
- endif
+ ifeq ($(ARCH), HPUX)
+ JDK_BASE=hpjdk
+ JDK_VERSION=1.4.2_09
+ JDK_VERSDIR=$(JDK_VERSION)
+ else
+ JDK_BASE=jdk
+ JDK_VERSION=1.4.2_10
+ JDK_VERSDIR=$(JDK_VERSION)/$(NSOBJDIR_NAME)
+ endif
endif
- JDK_VERSDIR=jdk$(JDK_VERSION)
- JDKLIB=/share/builds/components/jdk/$(JDK_VERSION)/$(PRETTY_ARCH)/lib/tools.jar
- ifeq ($(NSOS_ARCH), IRIX)
-# Get IRIX compiler from tools directory, currently 1.1.3
- JAVABINDIR=/tools/ns/bin
- else
- ifeq ($(ARCH), AIX)
-# Get AIX compiler from tools directory, currently 1.1.2
- JAVABINDIR=/tools/ns/bin
- else
- ifeq ($(ARCH), OSF1)
- JAVABINDIR=/share/builds/components/jdk/1.1.6beta/OSF1/bin
- else
-# Solaris, Linux, HP/UX and any others:
- JDK_DIR=$(COMPONENTS_DIR)/jdk
- JAVABINDIR=$(JDK_DIR)/$(JDK_VERSION)/$(PRETTY_ARCH)/bin
- endif
- endif
- endif
-endif
+ JDK_DIR=$(COMPONENTS_DIR)/$(JDK_BASE)
+ JDKLIB=$(JDK_DIR)/$(JDK_VERSDIR)/lib/tools.jar
+ JAVABINDIR=$(JDK_DIR)/$(JDK_VERSDIR)/bin
+endif # GET_JAVA_FROM_PATH
CLASSPATH := $(JAVA_SRC_DIR)$(PATH_SEP)$(NMCLFJARFILE)$(PATH_SEP)$(LDAPJARFILE)$(PATH_SEP)$(MCCJARFILE)$(PATH_SEP)$(JAVASSLJARFILE)$(PATH_SEP)$(BASEJARFILE)$(PATH_SEP)$(JSSJARFILE)
#CLASSPATH := $(JAVA_SRC_DIR)$(PATH_SEP)$(SWINGJARFILE)$(PATH_SEP)$(NMCLFJARFILE)$(PATH_SEP)$(LDAPJARFILE)$(PATH_SEP)$(MCCJARFILE)$(PATH_SEP)$(JAVASSLJARFILE)$(PATH_SEP)$(BASEJARFILE)
From fedora-directory-commits at redhat.com Wed Mar 22 17:46:18 2006
From: fedora-directory-commits at redhat.com (Noriko Hosoi (nhosoi))
Date: Wed, 22 Mar 2006 12:46:18 -0500
Subject: [Fedora-directory-commits] directoryconsole build.properties, 1.3,
1.4 build.xml, 1.4, 1.5
Message-ID: <200603221746.k2MHkIAH028377@cvs-int.fedora.redhat.com>
Author: nhosoi
Update of /cvs/dirsec/directoryconsole
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv28277
Modified Files:
build.properties build.xml
Log Message:
Changed the ldapconsole package name to -ds-.jar
Index: build.properties
===================================================================
RCS file: /cvs/dirsec/directoryconsole/build.properties,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- build.properties 13 Feb 2006 22:00:39 -0000 1.3
+++ build.properties 22 Mar 2006 17:46:10 -0000 1.4
@@ -21,6 +21,6 @@
lang=en
ldapconsole.root=..
-ldapconsole.version=10
-ldapconsole.name=ds${ldapconsole.version}
+ldapconsole.version=1.0
brand=fedora
+ldapconsole.name=${brand}-ds-${ldapconsole.version}
Index: build.xml
===================================================================
RCS file: /cvs/dirsec/directoryconsole/build.xml,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -r1.4 -r1.5
--- build.xml 13 Feb 2006 22:00:39 -0000 1.4
+++ build.xml 22 Mar 2006 17:46:10 -0000 1.5
@@ -68,8 +68,10 @@
dest="${imports.dir}/console/${console.import}"/>
+
From fedora-directory-commits at redhat.com Wed Mar 22 18:51:27 2006
From: fedora-directory-commits at redhat.com (Nathan Kinder (nkinder))
Date: Wed, 22 Mar 2006 13:51:27 -0500
Subject: [Fedora-directory-commits] winsync/passwordsync/passsync
syncserv.cpp, 1.12, 1.13
Message-ID: <200603221851.k2MIpRSo030796@cvs-int.fedora.redhat.com>
Author: nkinder
Update of /cvs/dirsec/winsync/passwordsync/passsync
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv30744/passsync
Modified Files:
syncserv.cpp
Log Message:
186171 - Fixed memory leaks in passhook.dll
Index: syncserv.cpp
===================================================================
RCS file: /cvs/dirsec/winsync/passwordsync/passsync/syncserv.cpp,v
retrieving revision 1.12
retrieving revision 1.13
diff -u -r1.12 -r1.13
--- syncserv.cpp 18 Mar 2006 00:36:39 -0000 1.12
+++ syncserv.cpp 22 Mar 2006 18:51:16 -0000 1.13
@@ -375,6 +375,9 @@
ldap_memfree(dn);
dn = NULL;
+ // zero out memory used for password
+ SecureZeroMemory(tempPassInfo->password, strlen(tempPassInfo->password));
+
// free the username and password
free(tempPassInfo->username);
free(tempPassInfo->password);
@@ -658,6 +661,9 @@
tempPassInfo = currentPassInfo;
currentPassInfo++;
+ // zero out memory used for password
+ SecureZeroMemory(tempPassInfo->password, strlen(tempPassInfo->password));
+
// free the username and password
free(tempPassInfo->username);
free(tempPassInfo->password);
From fedora-directory-commits at redhat.com Wed Mar 22 18:51:13 2006
From: fedora-directory-commits at redhat.com (Nathan Kinder (nkinder))
Date: Wed, 22 Mar 2006 13:51:13 -0500
Subject: [Fedora-directory-commits] winsync/passwordsync passhand.cpp, 1.8,
1.9
Message-ID: <200603221851.k2MIphpS030801@cvs-int.fedora.redhat.com>
Author: nkinder
Update of /cvs/dirsec/winsync/passwordsync
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv30744
Modified Files:
passhand.cpp
Log Message:
186171 - Fixed memory leaks in passhook.dll
Index: passhand.cpp
===================================================================
RCS file: /cvs/dirsec/winsync/passwordsync/passhand.cpp,v
retrieving revision 1.8
retrieving revision 1.9
diff -u -r1.8 -r1.9
--- passhand.cpp 18 Mar 2006 00:36:33 -0000 1.8
+++ passhand.cpp 22 Mar 2006 18:51:04 -0000 1.9
@@ -200,11 +200,17 @@
int clearSet(PASS_INFO_LIST* passInfoList)
{
- // ToDo: zero out memory
+ while (!passInfoList->empty()) {
+ PASS_INFO& pi = passInfoList->back();
+ SecureZeroMemory(pi.password, strlen(pi.password));
+ free(pi.password);
+ free(pi.username);
+ passInfoList->pop_back();
+ }
passInfoList->clear();
- return -1;
+ return 0;
}
int encrypt(char* plainTextBuf, int plainTextLen, char* cipherTextBuf, int cipherTextLen, int* resultTextLen)
From fedora-directory-commits at redhat.com Wed Mar 22 18:51:18 2006
From: fedora-directory-commits at redhat.com (Nathan Kinder (nkinder))
Date: Wed, 22 Mar 2006 13:51:18 -0500
Subject: [Fedora-directory-commits] winsync/passwordsync/passhook
passhook.cpp, 1.7, 1.8
Message-ID: <200603221851.k2MIpn9V030804@cvs-int.fedora.redhat.com>
Author: nkinder
Update of /cvs/dirsec/winsync/passwordsync/passhook
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv30744/passhook
Modified Files:
passhook.cpp
Log Message:
186171 - Fixed memory leaks in passhook.dll
Index: passhook.cpp
===================================================================
RCS file: /cvs/dirsec/winsync/passwordsync/passhook/passhook.cpp,v
retrieving revision 1.7
retrieving revision 1.8
diff -u -r1.7 -r1.8
--- passhook.cpp 19 Apr 2005 22:07:43 -0000 1.7
+++ passhook.cpp 22 Mar 2006 18:51:11 -0000 1.8
@@ -50,8 +50,6 @@
NTSTATUS NTAPI PasswordChangeNotify(PUNICODE_STRING UserName, ULONG RelativeId, PUNICODE_STRING Password)
{
- char singleByteUsername[PASSHAND_BUF_SIZE];
- char singleBytePassword[PASSHAND_BUF_SIZE];
HANDLE passhookEventHandle = OpenEvent(EVENT_MODIFY_STATE, FALSE, PASSHAND_EVENT_NAME);
PASS_INFO newPassInfo;
PASS_INFO_LIST passInfoList;
@@ -78,18 +76,34 @@
}
RegCloseKey(regKey);
- _snprintf(singleByteUsername, PASSHAND_BUF_SIZE, "%S", UserName->Buffer);
- singleByteUsername[UserName->Length / 2] = '\0';
- _snprintf(singleBytePassword, PASSHAND_BUF_SIZE, "%S", Password->Buffer);
- singleBytePassword[Password->Length / 2] = '\0';
+ // This memory will be free'd by calling clearSet below
+ newPassInfo.username = (char*)malloc((UserName->Length / 2) + 1);
+ newPassInfo.password = (char*)malloc((Password->Length / 2) + 1);
+
+ if (newPassInfo.username && newPassInfo.password) {
+ _snprintf(newPassInfo.username, (UserName->Length / 2), "%S", UserName->Buffer);
+ _snprintf(newPassInfo.password, (Password->Length / 2), "%S", Password->Buffer);
+ newPassInfo.username[UserName->Length / 2] = '\0';
+ newPassInfo.password[Password->Length / 2] = '\0';
+ } else {
+ if(outLog.is_open()) {
+ timeStamp(&outLog);
+ outLog << "failed to allocate memory for username and password" << endl;
+ }
+ free(newPassInfo.username);
+ free(newPassInfo.password);
+ goto exit;
+ }
if(outLog.is_open())
{
timeStamp(&outLog);
- outLog << "user " << singleByteUsername << " password changed" << endl;
- //outLog << "user " << singleByteUsername << " password changed to " << singleBytePassword << endl;
+ outLog << "user " << newPassInfo.username << " password changed" << endl;
+ //outLog << "user " << newPassInfo.username << " password changed to " << newPassInfo.password << endl;
}
+ // loadSet allocates memory for the usernames and password. We need to be
+ // sure to free it by calling clearSet.
if(loadSet(&passInfoList, "passhook.dat") == 0)
{
if(outLog.is_open())
@@ -107,10 +121,10 @@
}
}
- newPassInfo.username = singleByteUsername;
- newPassInfo.password = singleBytePassword;
+ // Add the new change to the list
passInfoList.push_back(newPassInfo);
+ // Save the list to disk
if(saveSet(&passInfoList, "passhook.dat") == 0)
{
if(outLog.is_open())
@@ -128,6 +142,10 @@
}
}
+ // We need to call clearSet so memory gets free'd
+ clearSet(&passInfoList);
+
+exit:
if(passhookEventHandle == NULL)
{
if(outLog.is_open())
@@ -140,6 +158,7 @@
else
{
SetEvent(passhookEventHandle);
+ CloseHandle(passhookEventHandle);
}
outLog.close();
From fedora-directory-commits at redhat.com Wed Mar 22 18:53:45 2006
From: fedora-directory-commits at redhat.com (Nathan Kinder (nkinder))
Date: Wed, 22 Mar 2006 13:53:45 -0500
Subject: [Fedora-directory-commits]
ldapserver/ldap/synctools/passwordsync/passsync syncserv.cpp,
1.7.2.5, 1.7.2.6
Message-ID: <200603221853.k2MIrjIK030865@cvs-int.fedora.redhat.com>
Author: nkinder
Update of /cvs/dirsec/ldapserver/ldap/synctools/passwordsync/passsync
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv30812/passsync
Modified Files:
Tag: Directory71RtmBranch
syncserv.cpp
Log Message:
186171 - Fixed memory leaks in passhook.dll
Index: syncserv.cpp
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/synctools/passwordsync/passsync/syncserv.cpp,v
retrieving revision 1.7.2.5
retrieving revision 1.7.2.6
diff -u -r1.7.2.5 -r1.7.2.6
--- syncserv.cpp 18 Mar 2006 00:32:01 -0000 1.7.2.5
+++ syncserv.cpp 22 Mar 2006 18:53:37 -0000 1.7.2.6
@@ -375,6 +375,9 @@
ldap_memfree(dn);
dn = NULL;
+ // zero out memory used for password
+ SecureZeroMemory(tempPassInfo->password, strlen(tempPassInfo->password));
+
// free the username and password
free(tempPassInfo->username);
free(tempPassInfo->password);
@@ -658,6 +661,9 @@
tempPassInfo = currentPassInfo;
currentPassInfo++;
+ // zero out memory used for password
+ SecureZeroMemory(tempPassInfo->password, strlen(tempPassInfo->password));
+
// free the username and password
free(tempPassInfo->username);
free(tempPassInfo->password);
From fedora-directory-commits at redhat.com Wed Mar 22 18:53:34 2006
From: fedora-directory-commits at redhat.com (Nathan Kinder (nkinder))
Date: Wed, 22 Mar 2006 13:53:34 -0500
Subject: [Fedora-directory-commits] ldapserver/ldap/synctools/passwordsync
passhand.cpp, 1.7.2.1, 1.7.2.2
Message-ID: <200603221854.k2MIs4SU030871@cvs-int.fedora.redhat.com>
Author: nkinder
Update of /cvs/dirsec/ldapserver/ldap/synctools/passwordsync
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv30812
Modified Files:
Tag: Directory71RtmBranch
passhand.cpp
Log Message:
186171 - Fixed memory leaks in passhook.dll
Index: passhand.cpp
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/synctools/passwordsync/passhand.cpp,v
retrieving revision 1.7.2.1
retrieving revision 1.7.2.2
diff -u -r1.7.2.1 -r1.7.2.2
--- passhand.cpp 18 Mar 2006 00:31:54 -0000 1.7.2.1
+++ passhand.cpp 22 Mar 2006 18:53:26 -0000 1.7.2.2
@@ -200,11 +200,17 @@
int clearSet(PASS_INFO_LIST* passInfoList)
{
- // ToDo: zero out memory
+ while (!passInfoList->empty()) {
+ PASS_INFO& pi = passInfoList->back();
+ SecureZeroMemory(pi.password, strlen(pi.password));
+ free(pi.password);
+ free(pi.username);
+ passInfoList->pop_back();
+ }
passInfoList->clear();
- return -1;
+ return 0;
}
int encrypt(char* plainTextBuf, int plainTextLen, char* cipherTextBuf, int cipherTextLen, int* resultTextLen)
From fedora-directory-commits at redhat.com Wed Mar 22 18:53:39 2006
From: fedora-directory-commits at redhat.com (Nathan Kinder (nkinder))
Date: Wed, 22 Mar 2006 13:53:39 -0500
Subject: [Fedora-directory-commits]
ldapserver/ldap/synctools/passwordsync/passhook passhook.cpp,
1.7, 1.7.2.1
Message-ID: <200603221854.k2MIsApg030874@cvs-int.fedora.redhat.com>
Author: nkinder
Update of /cvs/dirsec/ldapserver/ldap/synctools/passwordsync/passhook
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv30812/passhook
Modified Files:
Tag: Directory71RtmBranch
passhook.cpp
Log Message:
186171 - Fixed memory leaks in passhook.dll
Index: passhook.cpp
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/synctools/passwordsync/passhook/passhook.cpp,v
retrieving revision 1.7
retrieving revision 1.7.2.1
diff -u -r1.7 -r1.7.2.1
--- passhook.cpp 19 Apr 2005 22:07:43 -0000 1.7
+++ passhook.cpp 22 Mar 2006 18:53:32 -0000 1.7.2.1
@@ -50,8 +50,6 @@
NTSTATUS NTAPI PasswordChangeNotify(PUNICODE_STRING UserName, ULONG RelativeId, PUNICODE_STRING Password)
{
- char singleByteUsername[PASSHAND_BUF_SIZE];
- char singleBytePassword[PASSHAND_BUF_SIZE];
HANDLE passhookEventHandle = OpenEvent(EVENT_MODIFY_STATE, FALSE, PASSHAND_EVENT_NAME);
PASS_INFO newPassInfo;
PASS_INFO_LIST passInfoList;
@@ -78,18 +76,34 @@
}
RegCloseKey(regKey);
- _snprintf(singleByteUsername, PASSHAND_BUF_SIZE, "%S", UserName->Buffer);
- singleByteUsername[UserName->Length / 2] = '\0';
- _snprintf(singleBytePassword, PASSHAND_BUF_SIZE, "%S", Password->Buffer);
- singleBytePassword[Password->Length / 2] = '\0';
+ // This memory will be free'd by calling clearSet below
+ newPassInfo.username = (char*)malloc((UserName->Length / 2) + 1);
+ newPassInfo.password = (char*)malloc((Password->Length / 2) + 1);
+
+ if (newPassInfo.username && newPassInfo.password) {
+ _snprintf(newPassInfo.username, (UserName->Length / 2), "%S", UserName->Buffer);
+ _snprintf(newPassInfo.password, (Password->Length / 2), "%S", Password->Buffer);
+ newPassInfo.username[UserName->Length / 2] = '\0';
+ newPassInfo.password[Password->Length / 2] = '\0';
+ } else {
+ if(outLog.is_open()) {
+ timeStamp(&outLog);
+ outLog << "failed to allocate memory for username and password" << endl;
+ }
+ free(newPassInfo.username);
+ free(newPassInfo.password);
+ goto exit;
+ }
if(outLog.is_open())
{
timeStamp(&outLog);
- outLog << "user " << singleByteUsername << " password changed" << endl;
- //outLog << "user " << singleByteUsername << " password changed to " << singleBytePassword << endl;
+ outLog << "user " << newPassInfo.username << " password changed" << endl;
+ //outLog << "user " << newPassInfo.username << " password changed to " << newPassInfo.password << endl;
}
+ // loadSet allocates memory for the usernames and password. We need to be
+ // sure to free it by calling clearSet.
if(loadSet(&passInfoList, "passhook.dat") == 0)
{
if(outLog.is_open())
@@ -107,10 +121,10 @@
}
}
- newPassInfo.username = singleByteUsername;
- newPassInfo.password = singleBytePassword;
+ // Add the new change to the list
passInfoList.push_back(newPassInfo);
+ // Save the list to disk
if(saveSet(&passInfoList, "passhook.dat") == 0)
{
if(outLog.is_open())
@@ -128,6 +142,10 @@
}
}
+ // We need to call clearSet so memory gets free'd
+ clearSet(&passInfoList);
+
+exit:
if(passhookEventHandle == NULL)
{
if(outLog.is_open())
@@ -140,6 +158,7 @@
else
{
SetEvent(passhookEventHandle);
+ CloseHandle(passhookEventHandle);
}
outLog.close();
From fedora-directory-commits at redhat.com Wed Mar 22 18:55:14 2006
From: fedora-directory-commits at redhat.com (Nathan Kinder (nkinder))
Date: Wed, 22 Mar 2006 13:55:14 -0500
Subject: [Fedora-directory-commits] ldapserver component_versions.mk,
1.35.2.5, 1.35.2.6
Message-ID: <200603221855.k2MItEPM030914@cvs-int.fedora.redhat.com>
Author: nkinder
Update of /cvs/dirsec/ldapserver
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv30892
Modified Files:
Tag: Directory71RtmBranch
component_versions.mk
Log Message:
Pick up new ADSYNC component for bug 186171
Index: component_versions.mk
===================================================================
RCS file: /cvs/dirsec/ldapserver/component_versions.mk,v
retrieving revision 1.35.2.5
retrieving revision 1.35.2.6
diff -u -r1.35.2.5 -r1.35.2.6
--- component_versions.mk 18 Mar 2006 18:05:15 -0000 1.35.2.5
+++ component_versions.mk 22 Mar 2006 18:55:06 -0000 1.35.2.6
@@ -250,7 +250,7 @@
endif
ifndef ADSYNC_VERSION
- ADSYNC_VERSION=20060318
+ ADSYNC_VERSION=20060322
endif
ifndef NT4SYNC_VERSION
From fedora-directory-commits at redhat.com Wed Mar 22 19:09:17 2006
From: fedora-directory-commits at redhat.com (Noriko Hosoi (nhosoi))
Date: Wed, 22 Mar 2006 14:09:17 -0500
Subject: [Fedora-directory-commits] directoryconsole build.xml,1.5,1.6
Message-ID: <200603221909.k2MJ9HBK000484@cvs-int.fedora.redhat.com>
Author: nhosoi
Update of /cvs/dirsec/directoryconsole
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv456
Modified Files:
build.xml
Log Message:
Modified ant move syntax to support ant 1.6.2
Index: build.xml
===================================================================
RCS file: /cvs/dirsec/directoryconsole/build.xml,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- build.xml 22 Mar 2006 17:46:10 -0000 1.5
+++ build.xml 22 Mar 2006 19:09:02 -0000 1.6
@@ -70,8 +70,9 @@
-
+
+
+
From fedora-directory-commits at redhat.com Wed Mar 22 22:53:58 2006
From: fedora-directory-commits at redhat.com (Noriko Hosoi (nhosoi))
Date: Wed, 22 Mar 2006 17:53:58 -0500
Subject: [Fedora-directory-commits] adminserver/admserv pkgadmin.mk, 1.43,
1.44
Message-ID: <200603222253.k2MMrw2k009527@cvs-int.fedora.redhat.com>
Author: nhosoi
Update of /cvs/dirsec/adminserver/admserv
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv9510/admserv
Modified Files:
pkgadmin.mk
Log Message:
[186105] Admin Server Makefile updates for Internal build
Should package symlinks of libadminutil.so.1.0 and libadmsslutil.so.1.0.
Index: pkgadmin.mk
===================================================================
RCS file: /cvs/dirsec/adminserver/admserv/pkgadmin.mk,v
retrieving revision 1.43
retrieving revision 1.44
diff -u -r1.43 -r1.44
--- pkgadmin.mk 21 Mar 2006 18:33:43 -0000 1.43
+++ pkgadmin.mk 22 Mar 2006 22:53:48 -0000 1.44
@@ -244,7 +244,13 @@
if [ `expr $$file : ".*\.$(DLL_SUFFIX)\.[0-9]*$$"` -ne 0 ]; then \
mytmpfile=`echo $$file | sed -e "s/\(.*\)\.$(DLL_SUFFIX)\.[0-9]*$$/\1.$(DLL_SUFFIX)/"`; \
(cd $(ADMIN_DIR)/bin/admin/lib; rm -rf $$mytmpfile; ln -s $$file $$mytmpfile); \
- fi ; \
+ fi ; \
+ if [ `expr $$file : ".*\.$(DLL_SUFFIX)\.[0-9]*\.[0-9]*$$"` -ne 0 ]; then \
+ mytmpfile=`echo $$file | sed -e "s/\(.*\)\.$(DLL_SUFFIX)\.[0-9]*\.[0-9]*$$/\1.$(DLL_SUFFIX)/"`; \
+ (cd $(ADMIN_DIR)/bin/admin/lib; rm -rf $$mytmpfile; ln -s $$file $$mytmpfile); \
+ mytmpfile=`echo $$file | sed -e "s/\(.*\)\.$(DLL_SUFFIX)\.\([0-9]*\)\.[0-9]*$$/\1.$(DLL_SUFFIX).\2/"`; \
+ (cd $(ADMIN_DIR)/bin/admin/lib; rm -rf $$mytmpfile; ln -s $$file $$mytmpfile); \
+ fi ; \
done
if [ -d $(ADMINUTIL_LIBPATH)/property ] ; then \
$(MKDIR) $(ADMIN_DIR)/bin/admin/lib/property ; \
From fedora-directory-commits at redhat.com Wed Mar 22 23:47:33 2006
From: fedora-directory-commits at redhat.com (Richard Allen Megginson (rmeggins))
Date: Wed, 22 Mar 2006 18:47:33 -0500
Subject: [Fedora-directory-commits] adminutil/tests retrieveSIE.c,1.1,1.2
Message-ID: <200603222347.k2MNlXlu012053@cvs-int.fedora.redhat.com>
Author: rmeggins
Update of /cvs/dirsec/adminutil/tests
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv11998/adminutil/tests
Modified Files:
retrieveSIE.c
Log Message:
Bug(s) fixed: 186280
Bug Description: Close potential security vulnerabilities in CGI code
Reviewed by: Noriko (Thanks!)
Fix Description: The code was already pretty clean in terms of buffer
access. I added some malloc return checking, used some nspr functions
where applicable, removed some dead code, and fixed a couple of small
memory leaks.
Platforms tested: Fedora Core 5
Flag Day: no
Doc impact: no
QA impact: should be covered by regular nightly and manual testing
New Tests integrated into TET: none
Index: retrieveSIE.c
===================================================================
RCS file: /cvs/dirsec/adminutil/tests/retrieveSIE.c,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- retrieveSIE.c 16 Nov 2005 18:50:21 -0000 1.1
+++ retrieveSIE.c 22 Mar 2006 23:47:25 -0000 1.2
@@ -58,7 +58,8 @@
exit(1);
}
- sprintf(admroot, "%s/admin-serv/config", svrroot);
+ snprintf(admroot, len, "%s/admin-serv/config", svrroot);
+ admroot[len] = '\0';
/*
* get the LDAP information from admin server config info
From fedora-directory-commits at redhat.com Wed Mar 22 23:47:22 2006
From: fedora-directory-commits at redhat.com (Richard Allen Megginson (rmeggins))
Date: Wed, 22 Mar 2006 18:47:22 -0500
Subject: [Fedora-directory-commits]
adminutil/lib/libadminutil admutil.c, 1.2,
1.3 errRpt.c, 1.1.1.1, 1.2 form_post.c, 1.1.1.1, 1.2 uginfo.c,
1.1.1.1, 1.2
Message-ID: <200603222347.k2MNlqSt012058@cvs-int.fedora.redhat.com>
Author: rmeggins
Update of /cvs/dirsec/adminutil/lib/libadminutil
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv11998/adminutil/lib/libadminutil
Modified Files:
admutil.c errRpt.c form_post.c uginfo.c
Log Message:
Bug(s) fixed: 186280
Bug Description: Close potential security vulnerabilities in CGI code
Reviewed by: Noriko (Thanks!)
Fix Description: The code was already pretty clean in terms of buffer
access. I added some malloc return checking, used some nspr functions
where applicable, removed some dead code, and fixed a couple of small
memory leaks.
Platforms tested: Fedora Core 5
Flag Day: no
Doc impact: no
QA impact: should be covered by regular nightly and manual testing
New Tests integrated into TET: none
Index: admutil.c
===================================================================
RCS file: /cvs/dirsec/adminutil/lib/libadminutil/admutil.c,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- admutil.c 6 Dec 2005 18:38:37 -0000 1.2
+++ admutil.c 22 Mar 2006 23:47:14 -0000 1.3
@@ -986,10 +986,21 @@
LDAPMod *newMod;
newMod = (LDAPMod*)PR_Malloc(sizeof(LDAPMod));
+ if (!newMod) {
+ return newMod;
+ }
newMod->mod_op = mode;
newMod->mod_type = PL_strdup(namep);
+ if (namep && !newMod->mod_type) {
+ deleteMod(newMod);
+ return NULL;
+ }
if (values) {
newMod->mod_values = admutil_strsdup(values);
+ if (!newMod->mod_values) {
+ deleteMod(newMod);
+ return NULL;
+ }
}
else if (mode != LDAP_MOD_ADD) {
newMod->mod_values = NULL;
@@ -997,7 +1008,15 @@
else {
/* For LDAP_MOD_ADD attribute value must be specified */
newMod->mod_values = (char**)PR_Malloc(2*sizeof(char*));
+ if (!newMod->mod_values) {
+ deleteMod(newMod);
+ return NULL;
+ }
newMod->mod_values[0] = PL_strdup("");
+ if (!newMod->mod_values[0]) {
+ deleteMod(newMod);
+ return NULL;
+ }
newMod->mod_values[1] = NULL;
}
@@ -1036,7 +1055,11 @@
admUriUnescape(char *s)
{
char *t, *u;
-
+
+ if (!s) {
+ return;
+ }
+
for(t = s, u = s; *t; ++t, ++u) {
if((*t == '%') && t[1] && t[2]) {
*u = ((t[1] >= 'A' ? ((t[1] & 0xdf) - 'A')+10 : (t[1] - '0'))*16) +
@@ -1106,6 +1129,12 @@
memset(admInfo, '\0', sizeof(AdmldapHdnl));
admInfo->configFilePath = PL_strdup(path);
+ if (!admInfo->configFilePath) {
+ PR_Free(admInfo);
+ *errorcode = ADMUTIL_SYSTEM_ERR;
+ return NULL;
+ }
+
admInfo->configInfo = configInfo;
@@ -1137,6 +1166,12 @@
}
admInfo->serverDirectoryURL = PL_strdup(ldapurl);
+ if (!admInfo->serverDirectoryURL) {
+ /* Error open file */
+ *errorcode = ADMUTIL_SYSTEM_ERR;
+ destroyAdmldap((AdmldapInfo)admInfo);
+ return NULL;
+ }
if (ldap_url_parse(ldapurl, &ldapInfo)) {
*errorcode = ADMUTIL_SYSTEM_ERR;
Index: errRpt.c
===================================================================
RCS file: /cvs/dirsec/adminutil/lib/libadminutil/errRpt.c,v
retrieving revision 1.1.1.1
retrieving revision 1.2
diff -u -r1.1.1.1 -r1.2
--- errRpt.c 20 Jul 2005 22:51:32 -0000 1.1.1.1
+++ errRpt.c 22 Mar 2006 23:47:14 -0000 1.2
@@ -126,12 +126,22 @@
char *verbose_err()
{
/* Convert to use NSPR */
- char errMsg[1024];
- int errMsgLen = 0;
-
- errMsgLen = PR_GetErrorText(errMsg);
- if (errMsgLen) return alert_wrd_wrap(errMsg, WORD_WRAP_WIDTH, "\\n");
- else return NULL;
+ char *retval = NULL;
+ char *errMsg = NULL;
+ PRInt32 errMsgLen = 0;
+
+ errMsgLen = PR_GetErrorTextLength();
+ if (errMsgLen > 0) {
+ errMsg = PR_Malloc(errMsgLen+1);
+ if (errMsg) {
+ errMsgLen = PR_GetErrorText(errMsg);
+ if (errMsgLen) {
+ retval = alert_wrd_wrap(errMsg, WORD_WRAP_WIDTH, "\\n");
+ }
+ PR_Free(errMsg);
+ }
+ }
+ return retval;
}
#endif /* XP_WIN32 */
Index: form_post.c
===================================================================
RCS file: /cvs/dirsec/adminutil/lib/libadminutil/form_post.c,v
retrieving revision 1.1.1.1
retrieving revision 1.2
diff -u -r1.1.1.1 -r1.2
--- form_post.c 20 Jul 2005 22:51:32 -0000 1.1.1.1
+++ form_post.c 22 Mar 2006 23:47:14 -0000 1.2
@@ -36,10 +36,6 @@
#define BIG_LINE 1024
#endif
-#if 0
-#define SUCCESS_HTML "success.html"
-#endif
-
static char **input;
#ifdef XP_WIN32
@@ -97,27 +93,42 @@
int cl;
if(!(tmp = getenv("CONTENT_LENGTH"))) {
- if (admutil_i18nResource) {
- rpt_err(INCORRECT_USAGE,
- (char*)res_getstring(admutil_i18nResource,
- DBT_formPost_Browser_err,
- admutil_acceptLang),
- (char*)res_getstring(admutil_i18nResource,
- DBT_formPost_Browser_errDetail,
- admutil_acceptLang),
- NULL);
- }
- else {
- rpt_err(INCORRECT_USAGE,
- "Browser Error",
- "Your browser sent no content length with a POST command. Please be sure to use a fully compliant browser.",
- NULL);
- }
+ if (admutil_i18nResource) {
+ rpt_err(INCORRECT_USAGE,
+ (char*)res_getstring(admutil_i18nResource,
+ DBT_formPost_Browser_err,
+ admutil_acceptLang),
+ (char*)res_getstring(admutil_i18nResource,
+ DBT_formPost_Browser_errDetail,
+ admutil_acceptLang),
+ NULL);
+ }
+ else {
+ rpt_err(INCORRECT_USAGE,
+ "Browser Error",
+ "Your browser sent no content length with a POST command. Please be sure to use a fully compliant browser.",
+ NULL);
+ }
}
cl = atoi(tmp);
- vars = (char *)PR_Malloc(cl+1);
+ if (!(vars = (char *)PR_Malloc(cl+1))) {
+ if (admutil_i18nResource) {
+ rpt_err(MEMORY_ERROR,
+ NULL,
+ (char*)res_getstring(admutil_i18nResource,
+ DBT_formPost_PostStdinErr,
+ admutil_acceptLang),
+ NULL);
+ }
+ else {
+ rpt_err(MEMORY_ERROR,
+ NULL,
+ "Could not allocate enough memory to read in the POST parameters.",
+ NULL);
+ }
+ }
if( !(fread(vars, 1, cl, in)) ) {
if (admutil_i18nResource) {
@@ -150,12 +161,28 @@
PR_IMPLEMENT(char **)
string_to_vec(char *in)
{
- char **ans;
+ char **ans = NULL;
int vars = 0;
register int x = 0;
char *tmp;
- in = PL_strdup(in);
+ if (!(in = PL_strdup(in))) {
+ if (admutil_i18nResource) {
+ rpt_err(MEMORY_ERROR,
+ NULL,
+ (char*)res_getstring(admutil_i18nResource,
+ DBT_formPost_PostStdinErr,
+ admutil_acceptLang),
+ NULL);
+ }
+ else {
+ rpt_err(MEMORY_ERROR,
+ NULL,
+ "Could not allocate enough memory to read in the POST parameters.",
+ NULL);
+ }
+ return ans;
+ }
while(in[x])
if(in[x++]=='=')
@@ -169,11 +196,45 @@
PR_Free(in);
return(ans);
}
- ans[x]=PL_strdup(tmp);
+
+ if (!(ans[x]=PL_strdup(tmp))) {
+ if (admutil_i18nResource) {
+ rpt_err(MEMORY_ERROR,
+ NULL,
+ (char*)res_getstring(admutil_i18nResource,
+ DBT_formPost_PostStdinErr,
+ admutil_acceptLang),
+ NULL);
+ }
+ else {
+ rpt_err(MEMORY_ERROR,
+ NULL,
+ "Could not allocate enough memory to read in the POST parameters.",
+ NULL);
+ }
+ return ans;
+ }
+
form_unescape(ans[x++]);
while((tmp = strtok(NULL, "&"))) {
- ans[x] = PL_strdup(tmp);
+ if (!(ans[x] = PL_strdup(tmp))) {
+ if (admutil_i18nResource) {
+ rpt_err(MEMORY_ERROR,
+ NULL,
+ (char*)res_getstring(admutil_i18nResource,
+ DBT_formPost_PostStdinErr,
+ admutil_acceptLang),
+ NULL);
+ }
+ else {
+ rpt_err(MEMORY_ERROR,
+ NULL,
+ "Could not allocate enough memory to read in the POST parameters.",
+ NULL);
+ }
+ return ans;
+ }
form_unescape(ans[x++]);
}
@@ -192,7 +253,24 @@
while(input[x]) {
/* We want to get rid of the =, so len, len+1 */
if((!strncmp(input[x], varname, len)) && (*(input[x]+len) == '=')) {
- ans = PL_strdup(input[x] + len + 1);
+ if (!(ans = PL_strdup(input[x] + len + 1))) {
+ if (admutil_i18nResource) {
+ rpt_err(MEMORY_ERROR,
+ NULL,
+ (char*)res_getstring(admutil_i18nResource,
+ DBT_formPost_PostStdinErr,
+ admutil_acceptLang),
+ NULL);
+ }
+ else {
+ rpt_err(MEMORY_ERROR,
+ NULL,
+ "Could not allocate enough memory to get the parameter.",
+ NULL);
+ }
+ return ans;
+ }
+
if(!strcmp(ans, ""))
ans = NULL;
break;
@@ -247,7 +325,23 @@
if ((!strncmp(input[x], varname, len)) &&
(*(input[x]+len) == '=') &&
(*(input[x]+len+1))) {
- ans[n] = PL_strdup(input[x] + len + 1);
+ if (!(ans[n] = PL_strdup(input[x] + len + 1))) {
+ if (admutil_i18nResource) {
+ rpt_err(MEMORY_ERROR,
+ NULL,
+ (char*)res_getstring(admutil_i18nResource,
+ DBT_formPost_PostStdinErr,
+ admutil_acceptLang),
+ NULL);
+ }
+ else {
+ rpt_err(MEMORY_ERROR,
+ NULL,
+ "Could not allocate enough memory to get the parameter.",
+ NULL);
+ }
+ return ans;
+ }
n++;
}
}
@@ -267,54 +361,6 @@
return NULL;
}
-#if 0
-/* Removed since front end is JAVA, no need to send html page back! */
-PR_IMPLEMENT(void)
-return_success(char *description)
-{
- char **config=get_adm_config();
- WSACleanup();
-
- fprintf(stdout, "\n\n");
- } else
-#endif
- fprintf(stdout, "alert('Success!\\n%s');",
- alert_word_wrap(description, WORD_WRAP_WIDTH, "\\n"));
- fprintf(stdout, "\n");
- js_open_referer();
-#ifdef NS_MAIL
- char line[BIG_LINE];
- char **config = get_adm_config();
- FILE *html=open_html_file(SUCCESS_HTML);
-
- WSACleanup();
-
- /* Be sure headers are terminated. */
- fputs("\n", stdout);
-
- while(next_html_line(html, line)) {
- if(parse_line(line, config)) {
- if(directive_is(line, "SUCCESS_DESCRIPTION")) {
- fprintf(stdout, "- Success!\n");
- fprintf(stdout, "
- %s\n
", description);
- }
- }
- }
-#endif /* NS_MAIL */
- exit(0);
-}
-#endif /* 0 */
-
-
PR_IMPLEMENT(void)
rm_trail_slash(char *target)
Index: uginfo.c
===================================================================
RCS file: /cvs/dirsec/adminutil/lib/libadminutil/uginfo.c,v
retrieving revision 1.1.1.1
retrieving revision 1.2
diff -u -r1.1.1.1 -r1.2
--- uginfo.c 20 Jul 2005 22:51:32 -0000 1.1.1.1
+++ uginfo.c 22 Mar 2006 23:47:14 -0000 1.2
@@ -299,7 +299,15 @@
return 0;
}
- mods = (LDAPMod**)PR_Malloc(6*sizeof(LDAPMod*));
+ if (!(mods = (LDAPMod**)PR_Malloc(6*sizeof(LDAPMod*)))) {
+ *error_code = UG_LDAP_SYSTEM_ERR;
+ if (oldDirectoryURL) PR_Free(oldDirectoryURL);
+ if (oldBindDN) PR_Free(oldBindDN);
+ if (oldBindPassword) PR_Free(oldBindPassword);
+ if (oldDirectoryInfoRef) PR_Free(oldDirectoryInfoRef);
+ return 0;
+ }
+
i = 0;
if (directoryInfoRef) {
if (oldDirectoryURL) {
From fedora-directory-commits at redhat.com Wed Mar 22 23:47:27 2006
From: fedora-directory-commits at redhat.com (Richard Allen Megginson (rmeggins))
Date: Wed, 22 Mar 2006 18:47:27 -0500
Subject: [Fedora-directory-commits]
adminutil/lib/libadmsslutil admsslutil.c, 1.2, 1.3
Message-ID: <200603222347.k2MNlwC2012062@cvs-int.fedora.redhat.com>
Author: rmeggins
Update of /cvs/dirsec/adminutil/lib/libadmsslutil
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv11998/adminutil/lib/libadmsslutil
Modified Files:
admsslutil.c
Log Message:
Bug(s) fixed: 186280
Bug Description: Close potential security vulnerabilities in CGI code
Reviewed by: Noriko (Thanks!)
Fix Description: The code was already pretty clean in terms of buffer
access. I added some malloc return checking, used some nspr functions
where applicable, removed some dead code, and fixed a couple of small
memory leaks.
Platforms tested: Fedora Core 5
Flag Day: no
Doc impact: no
QA impact: should be covered by regular nightly and manual testing
New Tests integrated into TET: none
Index: admsslutil.c
===================================================================
RCS file: /cvs/dirsec/adminutil/lib/libadmsslutil/admsslutil.c,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- admsslutil.c 6 Dec 2005 18:38:42 -0000 1.2
+++ admsslutil.c 22 Mar 2006 23:47:20 -0000 1.3
@@ -144,20 +144,12 @@
filename++; /* Skip '/' */
}
- /* basename is either "-cert" or "-key" */
- base = strstr(filename, basename);
+ /* basename is either "-cert" or "-key" - look for last occurance */
+ base = PL_strrstr(filename, basename);
if (base == NULL) {
return;
}
- /*
- * Find the last occurrence of basename in filename in an unlikely
- * scenario that basename (-key or -cert) appears in the prefix
- */
- while (strstr(base+1, basename) != NULL) {
- base = strstr(base+1, basename);
- }
-
/* Include '-' into prefix */
prefixLen = base-filename+1;
if (prefixLen > maxprefixlen) {
@@ -188,6 +180,10 @@
/* PKSC11 module must be configured before NSS is initialized */
db_name = PL_strdup("internal (software) ");
+ if (!db_name) {
+ return -1;
+ }
+
PK11_ConfigurePKCS11(NULL,NULL,NULL,db_name,NULL, NULL,NULL,NULL,
/*minPwdLen=*/8, /*pwdRequired=*/1);
@@ -272,7 +268,11 @@
if((!certdbFile) || (!keydbFile) || (!admroot)) return -1;
- return initNSS(certdbFile, keydbFile);
+ errCode = initNSS(certdbFile, keydbFile);
+ PL_Free(certdbFile);
+ PL_Free(keydbFile);
+
+ return errCode;
}
void servssl_error(char *fmt, ...)
@@ -763,66 +763,6 @@
}
fclose(f);
-
-#ifdef NES
- /* add/edit field in magnus.conf */
- modified_security = 0;
- linecnt = 0;
- PR_snprintf(filename, sizeof(filename),
- "%s/admin-serv/config/magnus.conf", sroot);
-
- f = fopen(filename, "r");
- if (f==NULL) {
- servssl_error("Can not open magnus.conf for reading");
- }
-
- while(fgets(inbuf, sizeof(inbuf), f) != NULL) {
- if(lines[linecnt] != NULL)
- PR_Free(lines[linecnt]);
- if ((strstr(inbuf,"Security ") == inbuf) &&
- (security && *security != '\0')) {
- /* Line starts with "Security" */
- col = strrchr(inbuf,' ');
- if (col == NULL) {
- servssl_error("Bad format for security field in magnus.conf");
- }
- *col=0;
- PR_snprintf(buf, sizeof(buf), "%s %s\n", inbuf, security);
- lines[linecnt++] = PL_strdup(buf);
- modified_security=1;
- }
- else {
- lines[linecnt++] = PL_strdup(inbuf);
- }
- }
- fclose(f);
-
- if ((!modified_security) &&
- (security && *security != '\0')) {
- /* security not found - put it in */
- if(lines[linecnt] != NULL)
- PR_Free(lines[linecnt]);
- PR_snprintf(buf, sizeof(buf), "Security %s\n", security);
- lines[linecnt++] = PL_strdup(buf);
- }
-
- f = fopen(filename, "w");
- if (f==NULL) {
- fclose(f);
- servssl_error("Can not open magnus.conf for writing");
- }
-
- for (i=0; i < linecnt; i++) {
- fprintf(f, "%s", lines[i]);
- }
-
- fclose(f);
-
- for(i=0; i<50; i++) {
- if(lines[i] != NULL)
- PR_Free(lines[i]);
- }
-#endif /* NES */
}
From fedora-directory-commits at redhat.com Thu Mar 23 15:59:30 2006
From: fedora-directory-commits at redhat.com (Richard Allen Megginson (rmeggins))
Date: Thu, 23 Mar 2006 10:59:30 -0500
Subject: [Fedora-directory-commits] setuputil/installer/unix/lib dialog.cc,
1.1.1.1, 1.2 ux-curse.c, 1.1.1.1, 1.2 ux-util.cc, 1.1.1.1,
1.2 ux-wrapper.cc, 1.1.1.1, 1.2
Message-ID: <200603231559.k2NFxUCV015121@cvs-int.fedora.redhat.com>
Author: rmeggins
Update of /cvs/dirsec/setuputil/installer/unix/lib
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv15054/setuputil/installer/unix/lib
Modified Files:
dialog.cc ux-curse.c ux-util.cc ux-wrapper.cc
Log Message:
Bug(s) fixed: 186280
Bug Description: Close potential security vulnerabilities in CGI code
Reviewed by: Nathan & Noriko (Thanks!)
Fix Description: Mostly cleaned up usage of sprintf.
Platforms tested: Fedora Core 5
Flag Day: no
Doc impact: no
QA impact: should be covered by regular nightly and manual testing
New Tests integrated into TET: none
Index: dialog.cc
===================================================================
RCS file: /cvs/dirsec/setuputil/installer/unix/lib/dialog.cc,v
retrieving revision 1.1.1.1
retrieving revision 1.2
diff -u -r1.1.1.1 -r1.2
--- dialog.cc 29 Jul 2005 22:16:32 -0000 1.1.1.1
+++ dialog.cc 23 Mar 2006 15:59:22 -0000 1.2
@@ -28,6 +28,17 @@
** HISTORY
**
** $Log$
+** Revision 1.2 2006/03/23 15:59:22 rmeggins
+** Bug(s) fixed: 186280
+** Bug Description: Close potential security vulnerabilities in CGI code
+** Reviewed by: Nathan & Noriko (Thanks!)
+** Fix Description: Mostly cleaned up usage of sprintf.
+** Platforms tested: Fedora Core 5
+** Flag Day: no
+** Doc impact: no
+** QA impact: should be covered by regular nightly and manual testing
+** New Tests integrated into TET: none
+**
** Revision 1.1.1.1 2005/07/29 22:16:32 foxworth
** Importing new setup sdk for open source project
**
@@ -347,7 +358,11 @@
if (_enable8BitInput)
{
utf8Buf = localToUTF8(_buf);
- strcpy(_buf, utf8Buf);
+ strncpy(_buf, utf8Buf, _bufLen);
+ if (!memchr(_buf, 0, _bufLen)) { /* string is not null terminated */
+ _buf[0] = 0; /* erase to avoid using improperly formed utf8 */
+ rc = 0;
+ }
free(utf8Buf);
}
}
@@ -411,12 +426,14 @@
ans = UTF8ToLocal(_defaultAns.data());
else
ans = strdup((const char *) _defaultAns);
- sprintf(tstr, " [%s]: ", ans);
+ snprintf(tstr, sizeof(tstr), " [%s]: ", ans);
+ tstr[sizeof(tstr)-1] = 0;
free(ans);
}
else
{
- sprintf(tstr, "%c ", ':');
+ snprintf(tstr, sizeof(tstr), "%c ", ':');
+ tstr[sizeof(tstr)-1] = 0;
_buf[0] = 0;
}
printw(tstr);
Index: ux-curse.c
===================================================================
RCS file: /cvs/dirsec/setuputil/installer/unix/lib/ux-curse.c,v
retrieving revision 1.1.1.1
retrieving revision 1.2
diff -u -r1.1.1.1 -r1.2
--- ux-curse.c 29 Jul 2005 22:16:32 -0000 1.1.1.1
+++ ux-curse.c 23 Mar 2006 15:59:22 -0000 1.2
@@ -56,8 +56,9 @@
va_list arg;
va_start(arg, msg);
- vsprintf(errbuf, msg, arg);
+ vsnprintf(errbuf, sizeof(errbuf), msg, arg);
va_end(arg);
+ errbuf[sizeof(errbuf)-1] = 0;
printw(errbuf);
printw("Press any key to continue.\n");
refresh();
@@ -72,8 +73,9 @@
va_list arg;
va_start(arg, msg);
- vsprintf(errbuf, msg, arg);
+ vsnprintf(errbuf, sizeof(errbuf), msg, arg);
va_end(arg);
+ errbuf[sizeof(errbuf)-1] = 0;
getyx(stdscr, y, x);
Index: ux-util.cc
===================================================================
RCS file: /cvs/dirsec/setuputil/installer/unix/lib/ux-util.cc,v
retrieving revision 1.1.1.1
retrieving revision 1.2
diff -u -r1.1.1.1 -r1.2
--- ux-util.cc 29 Jul 2005 22:16:33 -0000 1.1.1.1
+++ ux-util.cc 23 Mar 2006 15:59:22 -0000 1.2
@@ -27,6 +27,17 @@
** UNIX Only
** HISTORY:
** $Log$
+** Revision 1.2 2006/03/23 15:59:22 rmeggins
+** Bug(s) fixed: 186280
+** Bug Description: Close potential security vulnerabilities in CGI code
+** Reviewed by: Nathan & Noriko (Thanks!)
+** Fix Description: Mostly cleaned up usage of sprintf.
+** Platforms tested: Fedora Core 5
+** Flag Day: no
+** Doc impact: no
+** QA impact: should be covered by regular nightly and manual testing
+** New Tests integrated into TET: none
+**
** Revision 1.1.1.1 2005/07/29 22:16:33 foxworth
** Importing new setup sdk for open source project
**
@@ -291,7 +302,8 @@
NSString hn;
NVPair *admconf;
- sprintf(tstr, "%s/%s", sroot, DEFAULT_ADMINCONF);
+ snprintf(tstr, sizeof(tstr), "%s/%s", sroot, DEFAULT_ADMINCONF);
+ tstr[sizeof(tstr)-1] = 0;
admconf = new NVPair(tstr);
@@ -371,7 +383,8 @@
NVPair *ssconf;
NSString ssUser;
- sprintf(tstr, "%s/%s", sroot, DEFAULT_SSUSERCONF);
+ snprintf(tstr, sizeof(tstr), "%s/%s", sroot, DEFAULT_SSUSERCONF);
+ tstr[sizeof(tstr)-1] = 0;
ssconf = new NVPair(tstr);
@@ -411,7 +424,8 @@
NVPair *ssconf;
NSString ssGroup;
- sprintf(tstr, "%s/%s", sroot, DEFAULT_SSUSERCONF);
+ snprintf(tstr, sizeof(tstr), "%s/%s", sroot, DEFAULT_SSUSERCONF);
+ tstr[sizeof(tstr)-1] = 0;
ssconf = new NVPair(tstr);
@@ -450,7 +464,8 @@
NVPair admpw;
const char *pwd = NULL;
- sprintf(temp, "%s/admin-serv/config/adm.conf", serverRoot);
+ snprintf(temp, sizeof(temp), "%s/admin-serv/config/adm.conf", serverRoot);
+ temp[sizeof(temp)-1] = 0;
admpw.setFormat(2);
admpw.read(temp);
@@ -489,12 +504,13 @@
if (uname(&sysname) >= 0)
{
#if defined(IRIX) /* I want IRIX, not IRIX64 */
- sprintf(tstr, "%s%s", "IRIX", sysname.release);
+ snprintf(tstr, sizeof(tstr), "%s%s", "IRIX", sysname.release);
#elif defined(SOLARIS) || defined(OSF1) || defined(HPUX)
- sprintf(tstr, "%s%s", sysname.sysname, sysname.release);
+ snprintf(tstr, sizeof(tstr), "%s%s", sysname.sysname, sysname.release);
#elif defined(AIX)
- sprintf(tstr, "%s%s.%s", sysname.sysname, sysname.version, sysname.release);
+ snprintf(tstr, sizeof(tstr), "%s%s.%s", sysname.sysname, sysname.version, sysname.release);
#endif
+ tstr[sizeof(tstr)-1] = 0;
return tstr;
}
else
@@ -537,6 +553,7 @@
if (!strncasecmp(line, "domain ", 7))
{
sscanf(&line[7], "%s", domain);
+ domain[sizeof(domain)-1] = 0;
dm = (domain[0] == '.' ? &domain[1] : domain);
return dm;
}
@@ -589,7 +606,8 @@
/* Bug 624241 - sprintf() will wipe out target var first on Linux */
char hncopy[SML_BUF];
strcpy(hncopy, hn);
- sprintf(hn, "%s.%s", hncopy, dn.data());
+ snprintf(hn, sizeof(hn), "%s.%s", hncopy, dn.data());
+ hn[sizeof(hn)-1] = 0;
}
/* Return whatever we ended up with. */
@@ -710,7 +728,8 @@
return 0;
}
- sprintf(fn, "/tmp/trychown.%ld", (long) getpid());
+ snprintf(fn, sizeof(fn), "/tmp/trychown.%ld", (long) getpid());
+ fn[sizeof(fn)-1] = 0;
if ((fd = creat(fn, 0777)) == -1)
return 0; /* Hmm. */
ret = chown(fn, pw->pw_uid, pw->pw_gid);
@@ -826,7 +845,8 @@
}
}
- sprintf(fn, "/tmp/trychown_grp.%ld", (long) getpid());
+ snprintf(fn, sizeof(fn), "/tmp/trychown_grp.%ld", (long) getpid());
+ fn[sizeof(fn)-1] = 0;
if ((fd = creat(fn, 0777)) == -1)
{
return 0; /* Hmm. */
@@ -885,11 +905,7 @@
NSString
InstUtil::getSelfUserID()
{
-#if 0
- return cuserid(NULL);
-#else
return getpwuid(geteuid())->pw_name;
-#endif
}
/*********************************************************************
@@ -1066,7 +1082,8 @@
return ("/");
}
- strcpy(s, path);
+ strncpy(s, path, sizeof(s));
+ s[sizeof(s)-1] = 0;
/* Strip off trailing / */
Index: ux-wrapper.cc
===================================================================
RCS file: /cvs/dirsec/setuputil/installer/unix/lib/ux-wrapper.cc,v
retrieving revision 1.1.1.1
retrieving revision 1.2
diff -u -r1.1.1.1 -r1.2
--- ux-wrapper.cc 29 Jul 2005 22:16:33 -0000 1.1.1.1
+++ ux-wrapper.cc 23 Mar 2006 15:59:22 -0000 1.2
@@ -29,6 +29,17 @@
** HISTORY:
**
** $Log$
+** Revision 1.2 2006/03/23 15:59:22 rmeggins
+** Bug(s) fixed: 186280
+** Bug Description: Close potential security vulnerabilities in CGI code
+** Reviewed by: Nathan & Noriko (Thanks!)
+** Fix Description: Mostly cleaned up usage of sprintf.
+** Platforms tested: Fedora Core 5
+** Flag Day: no
+** Doc impact: no
+** QA impact: should be covered by regular nightly and manual testing
+** New Tests integrated into TET: none
+**
** Revision 1.1.1.1 2005/07/29 22:16:33 foxworth
** Importing new setup sdk for open source project
**
@@ -179,12 +190,13 @@
{
return;
}
- sprintf(buf,"[%s] %s", who, level);
+ snprintf(buf, sizeof(buf), "[%s] %s", who, level);
va_start (arg, msg);
- vsprintf(buf+strlen(buf), msg, arg);
+ vsnprintf(buf+strlen(buf), sizeof(buf)-strlen(buf), msg, arg);
va_end(arg);
+ buf[sizeof(buf)-1] = 0;
fputs(buf,fp);
fputs("\n",fp);
From fedora-directory-commits at redhat.com Thu Mar 23 15:59:19 2006
From: fedora-directory-commits at redhat.com (Richard Allen Megginson (rmeggins))
Date: Thu, 23 Mar 2006 10:59:19 -0500
Subject: [Fedora-directory-commits] setuputil/installer/lib prodinfo.cpp,
1.1.1.1, 1.2 setupapi.cpp, 1.1.1.1, 1.2 uninstall.cpp, 1.1.1.1, 1.2
Message-ID: <200603231559.k2NFxnE4015128@cvs-int.fedora.redhat.com>
Author: rmeggins
Update of /cvs/dirsec/setuputil/installer/lib
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv15054/setuputil/installer/lib
Modified Files:
prodinfo.cpp setupapi.cpp uninstall.cpp
Log Message:
Bug(s) fixed: 186280
Bug Description: Close potential security vulnerabilities in CGI code
Reviewed by: Nathan & Noriko (Thanks!)
Fix Description: Mostly cleaned up usage of sprintf.
Platforms tested: Fedora Core 5
Flag Day: no
Doc impact: no
QA impact: should be covered by regular nightly and manual testing
New Tests integrated into TET: none
Index: prodinfo.cpp
===================================================================
RCS file: /cvs/dirsec/setuputil/installer/lib/prodinfo.cpp,v
retrieving revision 1.1.1.1
retrieving revision 1.2
diff -u -r1.1.1.1 -r1.2
--- prodinfo.cpp 29 Jul 2005 22:16:29 -0000 1.1.1.1
+++ prodinfo.cpp 23 Mar 2006 15:59:10 -0000 1.2
@@ -24,6 +24,17 @@
** Name: prodinfo.c
**
** $Log$
+** Revision 1.2 2006/03/23 15:59:10 rmeggins
+** Bug(s) fixed: 186280
+** Bug Description: Close potential security vulnerabilities in CGI code
+** Reviewed by: Nathan & Noriko (Thanks!)
+** Fix Description: Mostly cleaned up usage of sprintf.
+** Platforms tested: Fedora Core 5
+** Flag Day: no
+** Doc impact: no
+** QA impact: should be covered by regular nightly and manual testing
+** New Tests integrated into TET: none
+**
** Revision 1.1.1.1 2005/07/29 22:16:29 foxworth
** Importing new setup sdk for open source project
**
@@ -239,17 +250,19 @@
continue;
}
if ( buf[0] == '[' ) { /* install date */
- int n;
- char tmp[BUFSIZ];
+ int end = 0;
for ( i = strlen( buf ) - 1 ; i-- ; ) {
if ( buf[i] == ']' ) {
buf[i] = '\0'; /* clean up date */
break;
}
}
- n = sscanf (buf + 1, "%s %s %s %s %s", tmp, tmp, tmp, tmp, tmp);
+ /* need to know if there are at least 5 tokens in buf - end will only be set
+ if there are at least 5 whitespace delimited tokens in (buf+1)
+ */
+ sscanf (buf + 1, "%*s %*s %*s %*s %*s%n", &end);
- if (n == 5)
+ if (end)
{
if ( tree->when ) {
break; /* this is a previous date, stop reading */
Index: setupapi.cpp
===================================================================
RCS file: /cvs/dirsec/setuputil/installer/lib/setupapi.cpp,v
retrieving revision 1.1.1.1
retrieving revision 1.2
diff -u -r1.1.1.1 -r1.2
--- setupapi.cpp 29 Jul 2005 22:16:30 -0000 1.1.1.1
+++ setupapi.cpp 23 Mar 2006 15:59:10 -0000 1.2
@@ -1887,10 +1887,9 @@
#else
FILE *f = fopen("/etc/resolv.conf", "r");
char line[SML_BUF];
- char *domain;
+ char domain[SML_BUF];
char *dm;
- domain = (char *) malloc(SML_BUF);
/* See if there's a domain entry in their resolver configuration */
if (f)
{
@@ -1898,9 +1897,20 @@
{
if (!strncasecmp(line, "domain ", 7))
{
- sscanf(&line[7], "%s", domain);
- dm = (domain[0] == '.' ? &domain[1] : domain);
- return dm;
+ int end = 0;
+ int len = strlen(line);
+ char *begin = &line[7];
+ if ((len > 8) && (line[7] == '.')) {
+ begin = &line[8];
+ }
+ sscanf(begin, "%*s%n", &end);
+ if (end) {
+ fclose(f);
+ strncpy(domain, begin, end);
+ domain[end] = 0;
+ dm = strdup(domain);
+ return dm;
+ }
}
}
fclose(f);
@@ -1913,7 +1923,12 @@
#else
getdomainname(domain, SML_BUF);
#endif
- dm = (domain[0] == '.' ? &domain[1] : domain);
+ domain[SML_BUF] = 0;
+ if (domain[0] == '.') {
+ dm = strdup(&domain[1]);
+ } else {
+ dm = strdup(domain);
+ }
#endif
return dm;
Index: uninstall.cpp
===================================================================
RCS file: /cvs/dirsec/setuputil/installer/lib/uninstall.cpp,v
retrieving revision 1.1.1.1
retrieving revision 1.2
diff -u -r1.1.1.1 -r1.2
--- uninstall.cpp 29 Jul 2005 22:16:30 -0000 1.1.1.1
+++ uninstall.cpp 23 Mar 2006 15:59:10 -0000 1.2
@@ -28,6 +28,17 @@
**
** HISTORY:
** $Log$
+** Revision 1.2 2006/03/23 15:59:10 rmeggins
+** Bug(s) fixed: 186280
+** Bug Description: Close potential security vulnerabilities in CGI code
+** Reviewed by: Nathan & Noriko (Thanks!)
+** Fix Description: Mostly cleaned up usage of sprintf.
+** Platforms tested: Fedora Core 5
+** Flag Day: no
+** Doc impact: no
+** QA impact: should be covered by regular nightly and manual testing
+** New Tests integrated into TET: none
+**
** Revision 1.1.1.1 2005/07/29 22:16:30 foxworth
** Importing new setup sdk for open source project
**
@@ -79,7 +90,7 @@
if (moduleNickName)
{
- sprintf(tstr, "%s%c%s%c%s%c%s.log",
+ snprintf(tstr, sizeof(tstr), "%s%c%s%c%s%c%s.log",
serverRoot,
PATH_DELIM,
"setup",
@@ -90,7 +101,7 @@
}
else
{
- sprintf(tstr, "%s%c%s%c%s%c%s.log",
+ snprintf(tstr, sizeof(tstr), "%s%c%s%c%s%c%s.log",
serverRoot,
PATH_DELIM,
"setup",
@@ -99,6 +110,7 @@
PATH_DELIM,
packageNickName);
}
+ tstr[sizeof(tstr)-1] = 0;
fp = fopen(tstr, "a");
From fedora-directory-commits at redhat.com Thu Mar 23 15:59:24 2006
From: fedora-directory-commits at redhat.com (Richard Allen Megginson (rmeggins))
Date: Thu, 23 Mar 2006 10:59:24 -0500
Subject: [Fedora-directory-commits] setuputil/installer/unix dl-common.cc,
1.1.1.1, 1.2 dl-dnld.cc, 1.1.1.1, 1.2 dl-inst.cc, 1.1.1.1,
1.2 dl-uninst.cc, 1.1.1.1, 1.2 installer.cc, 1.3,
1.4 product.cc, 1.4, 1.5 uninstaller.cc, 1.1.1.1,
1.2 ux-setup.cc, 1.1.1.1, 1.2
Message-ID: <200603231559.k2NFxsCs015133@cvs-int.fedora.redhat.com>
Author: rmeggins
Update of /cvs/dirsec/setuputil/installer/unix
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv15054/setuputil/installer/unix
Modified Files:
dl-common.cc dl-dnld.cc dl-inst.cc dl-uninst.cc installer.cc
product.cc uninstaller.cc ux-setup.cc
Log Message:
Bug(s) fixed: 186280
Bug Description: Close potential security vulnerabilities in CGI code
Reviewed by: Nathan & Noriko (Thanks!)
Fix Description: Mostly cleaned up usage of sprintf.
Platforms tested: Fedora Core 5
Flag Day: no
Doc impact: no
QA impact: should be covered by regular nightly and manual testing
New Tests integrated into TET: none
Index: dl-common.cc
===================================================================
RCS file: /cvs/dirsec/setuputil/installer/unix/dl-common.cc,v
retrieving revision 1.1.1.1
retrieving revision 1.2
diff -u -r1.1.1.1 -r1.2
--- dl-common.cc 29 Jul 2005 22:16:30 -0000 1.1.1.1
+++ dl-common.cc 23 Mar 2006 15:59:17 -0000 1.2
@@ -28,6 +28,17 @@
** HISTORY
**
** $Log$
+** Revision 1.2 2006/03/23 15:59:17 rmeggins
+** Bug(s) fixed: 186280
+** Bug Description: Close potential security vulnerabilities in CGI code
+** Reviewed by: Nathan & Noriko (Thanks!)
+** Fix Description: Mostly cleaned up usage of sprintf.
+** Platforms tested: Fedora Core 5
+** Flag Day: no
+** Doc impact: no
+** QA impact: should be covered by regular nightly and manual testing
+** New Tests integrated into TET: none
+**
** Revision 1.1.1.1 2005/07/29 22:16:30 foxworth
** Importing new setup sdk for open source project
**
@@ -315,9 +326,10 @@
DialogInput *dl = new DialogInput;
if (whatProduct != NULL)
- sprintf(tstr, selectionText, whatProduct);
+ snprintf(tstr, sizeof(tstr), selectionText, whatProduct);
else
- sprintf(tstr, selectionText);
+ snprintf(tstr, sizeof(tstr), selectionText);
+ tstr[sizeof(tstr)-1] = 0;
dl->setText(tstr);
dl->setSetupAction(NULL);
@@ -431,9 +443,10 @@
if (p->isVisible())
{
if (p->numVisibleComponents() >= 1)
- sprintf(tstr, " %d. %s (%d)\n", ++j, p->get(PKG_NAME), p->numVisibleComponents());
+ snprintf(tstr, sizeof(tstr), " %d. %s (%d)\n", ++j, p->get(PKG_NAME), p->numVisibleComponents());
else
- sprintf(tstr, " %d. %s\n", ++j, p->get(PKG_NAME));
+ snprintf(tstr, sizeof(tstr), " %d. %s\n", ++j, p->get(PKG_NAME));
+ tstr[sizeof(tstr)-1] = 0;
text2 = text2 + tstr;
@@ -525,7 +538,6 @@
char *ldapURL;
const char *buf = me->input();
NSString errMsg;
- char tmp[XSM_BUF];
LDAPURLDesc *ludpp;
char *domain;
DialogAction rc = DIALOG_NEXT;
@@ -678,7 +690,8 @@
localLdapURL = UTF8ToLocal(me->manager()->getDefaultScript()->get(CONFIG_LDAP_URL));
hostPortURL = stripConfigLdapURL(localLdapURL);
- sprintf(text2, " %s", (const char *)hostPortURL);
+ snprintf(text2, sizeof(text2), " %s", (const char *)hostPortURL);
+ text2[sizeof(text2)-1] = 0;
free (localLdapURL);
@@ -842,7 +855,6 @@
const char *ldapURL;
const char *buf = me->input();
NSString errMsg;
- char tmp[XSM_BUF];
LDAPURLDesc *ludpp;
DialogAction rc = DIALOG_NEXT;
@@ -893,7 +905,8 @@
localLdapURL = UTF8ToLocal(me->manager()->getDefaultScript()->get(UG_LDAP_URL));
- sprintf(text2, " %s", localLdapURL);
+ snprintf(text2, sizeof(text2), " %s", localLdapURL);
+ text2[sizeof(text2)-1] = 0;
free (localLdapURL);
Index: dl-dnld.cc
===================================================================
RCS file: /cvs/dirsec/setuputil/installer/unix/dl-dnld.cc,v
retrieving revision 1.1.1.1
retrieving revision 1.2
diff -u -r1.1.1.1 -r1.2
--- dl-dnld.cc 29 Jul 2005 22:16:30 -0000 1.1.1.1
+++ dl-dnld.cc 23 Mar 2006 15:59:17 -0000 1.2
@@ -28,6 +28,17 @@
** HISTORY
**
** $Log$
+** Revision 1.2 2006/03/23 15:59:17 rmeggins
+** Bug(s) fixed: 186280
+** Bug Description: Close potential security vulnerabilities in CGI code
+** Reviewed by: Nathan & Noriko (Thanks!)
+** Fix Description: Mostly cleaned up usage of sprintf.
+** Platforms tested: Fedora Core 5
+** Flag Day: no
+** Doc impact: no
+** QA impact: should be covered by regular nightly and manual testing
+** New Tests integrated into TET: none
+**
** Revision 1.1.1.1 2005/07/29 22:16:30 foxworth
** Importing new setup sdk for open source project
**
@@ -180,7 +191,8 @@
for (int i = 0; i < p->numName(); i++)
{
s = p->name(i);
- sprintf(tstr, " %d. %s\n", i+1, s);
+ snprintf(tstr, sizeof(tstr), " %d. %s\n", i+1, s);
+ tstr[sizeof(tstr)-1] = 0;
text2 = text2 + tstr;
}
me->setText2(text2.data());
@@ -648,7 +660,7 @@
const char *sysVersion = me->manager()->getDefaultScript()->get(SYS_VERSION);
int i, j;
Bool found = False;
- char tmp[5];
+ char tmp[20];
setupSelectionDialog(me, platformInfo);
@@ -801,17 +813,18 @@
if (err == -1)
{
- sprintf(errMsg, "ERROR: Can't create directory %s\n", ans);
+ snprintf(errMsg, sizeof(errMsg), "ERROR: Can't create directory %s\n", ans);
}
else if (err == -2)
{
- sprintf(errMsg, "ERROR: %s exists and is not a directory.\n", ans);
+ snprintf(errMsg, sizeof(errMsg), "ERROR: %s exists and is not a directory.\n", ans);
}
else if (err == -3)
{
- sprintf(errMsg, "ERROR: Can't write to %s\n", ans);
+ snprintf(errMsg, sizeof(errMsg), "ERROR: Can't write to %s\n", ans);
}
+ errMsg[sizeof(errMsg)-1] = 0;
DialogAlert alert(errMsg);
alert.execute();
Index: dl-inst.cc
===================================================================
RCS file: /cvs/dirsec/setuputil/installer/unix/dl-inst.cc,v
retrieving revision 1.1.1.1
retrieving revision 1.2
diff -u -r1.1.1.1 -r1.2
--- dl-inst.cc 29 Jul 2005 22:16:31 -0000 1.1.1.1
+++ dl-inst.cc 23 Mar 2006 15:59:17 -0000 1.2
@@ -28,6 +28,17 @@
** HISTORY
**
** $Log$
+** Revision 1.2 2006/03/23 15:59:17 rmeggins
+** Bug(s) fixed: 186280
+** Bug Description: Close potential security vulnerabilities in CGI code
+** Reviewed by: Nathan & Noriko (Thanks!)
+** Fix Description: Mostly cleaned up usage of sprintf.
+** Platforms tested: Fedora Core 5
+** Flag Day: no
+** Doc impact: no
+** QA impact: should be covered by regular nightly and manual testing
+** New Tests integrated into TET: none
+**
** Revision 1.1.1.1 2005/07/29 22:16:31 foxworth
** Importing new setup sdk for open source project
**
@@ -406,9 +417,10 @@
else if (installer->checkDiskSpace() == False)
{
char szMsg[2048];
- sprintf(szMsg, "Warning: not enough disk space in the path %s, you can either remove unnecessary \n" \
+ snprintf(szMsg, sizeof(szMsg), "Warning: not enough disk space in the path %s, you can either remove unnecessary \n" \
"files on the destination drive and type Yes to continue, or click \n" \
"CTRL-B to go back and select less products to install\n\n", installer->getServerRoot().data());
+ szMsg[sizeof(szMsg)-1] = 0;
msg = szMsg;
me->setText (msg);
}
@@ -936,7 +948,8 @@
// Ask SS Group
ssGroup = me->manager()->getDefaultScript()->get(SS_GROUP);
- sprintf(tmp, "%s [%s]: ", "System Group", ssGroup.data());
+ snprintf(tmp, sizeof(tmp), "%s [%s]: ", "System Group", ssGroup.data());
+ tmp[sizeof(tmp)-1] = 0;
me->showString(tmp);
if (me->getInput() == 0)
Index: dl-uninst.cc
===================================================================
RCS file: /cvs/dirsec/setuputil/installer/unix/dl-uninst.cc,v
retrieving revision 1.1.1.1
retrieving revision 1.2
diff -u -r1.1.1.1 -r1.2
--- dl-uninst.cc 29 Jul 2005 22:16:31 -0000 1.1.1.1
+++ dl-uninst.cc 23 Mar 2006 15:59:17 -0000 1.2
@@ -28,6 +28,17 @@
** HISTORY
**
** $Log$
+** Revision 1.2 2006/03/23 15:59:17 rmeggins
+** Bug(s) fixed: 186280
+** Bug Description: Close potential security vulnerabilities in CGI code
+** Reviewed by: Nathan & Noriko (Thanks!)
+** Fix Description: Mostly cleaned up usage of sprintf.
+** Platforms tested: Fedora Core 5
+** Flag Day: no
+** Doc impact: no
+** QA impact: should be covered by regular nightly and manual testing
+** New Tests integrated into TET: none
+**
** Revision 1.1.1.1 2005/07/29 22:16:31 foxworth
** Importing new setup sdk for open source project
**
@@ -334,7 +345,8 @@
LDAPURLDesc *ludpp = NULL;
ldap_url_parse ((char *) ldapURL , &ludpp);
- sprintf(tmp, "ldap://%s:389/%s", ludpp->lud_host, ludpp->lud_dn);
+ snprintf(tmp, sizeof(tmp), "ldap://%s:389/%s", ludpp->lud_host, ludpp->lud_dn);
+ tmp[sizeof(tmp)-1] = 0;
ldap_free_urldesc(ludpp);
installInfo->set(CONFIG_LDAP_URL, tmp);
@@ -402,12 +414,13 @@
if (dp && dp->get(s) && q->isSelected() == False)
{
// q is dependent on p and q is not selected
- sprintf(tstr,
+ snprintf(tstr, sizeof(tstr),
getResource(RES_MESSAGE_UNINST_VERIFYSELECTION1),
q->get(PKG_NAME),
p->get(PKG_NAME),
q->get(PKG_NAME),
q->get(PKG_NAME));
+ tstr[sizeof(tstr)-1] = 0;
DialogAlert alert(tstr);
alert.execute();
Index: installer.cc
===================================================================
RCS file: /cvs/dirsec/setuputil/installer/unix/installer.cc,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- installer.cc 13 Dec 2005 20:58:22 -0000 1.3
+++ installer.cc 23 Mar 2006 15:59:17 -0000 1.4
@@ -27,6 +27,17 @@
**
** HISTORY:
** $Log$
+** Revision 1.4 2006/03/23 15:59:17 rmeggins
+** Bug(s) fixed: 186280
+** Bug Description: Close potential security vulnerabilities in CGI code
+** Reviewed by: Nathan & Noriko (Thanks!)
+** Fix Description: Mostly cleaned up usage of sprintf.
+** Platforms tested: Fedora Core 5
+** Flag Day: no
+** Doc impact: no
+** QA impact: should be covered by regular nightly and manual testing
+** New Tests integrated into TET: none
+**
** Revision 1.3 2005/12/13 20:58:22 nhosoi
** [175418] Admin Server ns-update crashes if necessary attribute-value is not given
** 1) Although Admin Server's PostInstall program ns-update expects it, PostInstall
@@ -2292,28 +2303,29 @@
if (err == -1)
{
- sprintf(errMsg, "Can't create directory %s\n", sroot);
+ snprintf(errMsg, sizeof(errMsg), "Can't create directory %s\n", sroot);
}
else if (err == -2)
{
- sprintf(errMsg, "%s exists and is not a directory.\n", sroot);
+ snprintf(errMsg, sizeof(errMsg), "%s exists and is not a directory.\n", sroot);
}
else if (err == -3)
{
- sprintf(errMsg, "Can't write to %s\n", sroot);
+ snprintf(errMsg, sizeof(errMsg), "Can't write to %s\n", sroot);
}
else if (err == -4)
{
- sprintf(errMsg,
+ snprintf(errMsg, sizeof(errMsg),
getResource(RES_MESSAGE_CHECKSERVERROOT1),
sroot);
}
else
{
- sprintf(errMsg,
+ snprintf(errMsg, sizeof(errMsg),
getResource(RES_MESSAGE_CHECKSERVERROOT2),
sroot);
}
+ errMsg[sizeof(errMsg)-1] = 0;
}
return errMsg;
}
@@ -2338,7 +2350,7 @@
}
else if (!p->securityChecked())
{
- sprintf(errMsg,
+ snprintf(errMsg, sizeof(errMsg),
"You are installing %s over an\n"
"existing installation that is of a higher security level.\n"
"Installation over an incompatible security level is not\n"
@@ -2347,7 +2359,7 @@
}
else
{
- sprintf(errMsg,
+ snprintf(errMsg, sizeof(errMsg),
"You are installing %s over an\n"
"existing installation that is incompatible.\n"
"Installation over an incompatible version is not\n"
@@ -2355,6 +2367,7 @@
}
}
}
+ errMsg[sizeof(errMsg)-1] = 0;
return errMsg;
}
@@ -2387,7 +2400,7 @@
{
if ((ok = checkUpdate(p)) == False)
{
- sprintf(errMsg,
+ snprintf(errMsg, sizeof(errMsg),
getResource(RES_MESSAGE_CHECKCOMPONENTDEPENDENCY1),
p->get(PKG_NAME));
}
@@ -2411,7 +2424,7 @@
msg = getResource(RES_MESSAGE_CHECKCOMPONENTDEPENDENCY6);
break;
};
- sprintf(errMsg, msg, p->get(PKG_NAME));
+ snprintf(errMsg, sizeof(errMsg), msg, p->get(PKG_NAME));
}
}
@@ -2432,7 +2445,7 @@
*/
{
// Not compatible
- sprintf(errMsg,
+ snprintf(errMsg, sizeof(errMsg),
getResource(RES_MESSAGE_CHECKCOMPONENTDEPENDENCY2),
p->get(PKG_NAME),
q ? q->get(PKG_NAME) : s.data(),
@@ -2447,6 +2460,7 @@
}
}
+ errMsg[sizeof(errMsg)-1] = 0;
return errMsg;
}
@@ -2474,7 +2488,7 @@
{
if (err == -1)
{
- sprintf(errMsg, "Error: Can't find component %s in the package\n", (const char *) nickname);
+ snprintf(errMsg, sizeof(errMsg), "Error: Can't find component %s in the package\n", (const char *) nickname);
}
else
{
@@ -2483,7 +2497,7 @@
loc2 = getUILocation(nickname);
if (loc2 < loc1)
{
- sprintf(errMsg,
+ snprintf(errMsg, sizeof(errMsg),
getResource(RES_MESSAGE_CHECKCOMPONENTDEPENDENCY2),
p->get(PKG_NAME),
nickname,
@@ -2491,7 +2505,7 @@
}
else
{
- sprintf(errMsg,
+ snprintf(errMsg, sizeof(errMsg),
getResource(RES_MESSAGE_CHECKCOMPONENTDEPENDENCY2),
p->get(PKG_NAME),
nickname,
@@ -2502,6 +2516,7 @@
}
}
+ errMsg[sizeof(errMsg)-1] = 0;
return errMsg;
}
@@ -2527,7 +2542,7 @@
{
if (err == -1)
{
- sprintf(errMsg, "Can't find component: %s\n", (const char *) nickname);
+ snprintf(errMsg, sizeof(errMsg), "Can't find component: %s\n", (const char *) nickname);
}
else
{
@@ -2535,14 +2550,17 @@
loc1 = getUILocation(p->get(PKG_NICKNAME));
loc2 = getUILocation(nickname);
if (loc2 < loc1)
- sprintf(errMsg, "%s's prior component %s is not selected\n", p->get(PKG_NICKNAME), nickname);
+ snprintf(errMsg, sizeof(errMsg),
+ "%s's prior component %s is not selected\n", p->get(PKG_NICKNAME), nickname);
else if (checkAll)
- sprintf(errMsg, "%s's later component %s is not selected\n", p->get(PKG_NICKNAME), nickname);
+ snprintf(errMsg, sizeof(errMsg),
+ "%s's later component %s is not selected\n", p->get(PKG_NICKNAME), nickname);
}
}
}
}
+ errMsg[sizeof(errMsg)-1] = 0;
return errMsg;
}
@@ -2604,7 +2622,7 @@
{
case -1:
- sprintf(errMsg,
+ snprintf(errMsg, sizeof(errMsg),
getResource(RES_MESSAGE_VERIFYSSUSER1),
ssUser);
break;
@@ -2612,7 +2630,7 @@
{
NSString err_text(getResource(RES_MESSAGE_VERIFYSSUSER2, RES_GLOBAL_BRAND));
err_text = err_text + getResource(RES_MESSAGE_VERIFYSSUSER3);
- sprintf(errMsg, err_text, ssUser);
+ snprintf(errMsg, sizeof(errMsg), err_text, ssUser);
break;
}
default:
@@ -2620,6 +2638,7 @@
break;
}
+ errMsg[sizeof(errMsg)-1] = 0;
return errMsg;
}
@@ -2634,19 +2653,19 @@
switch (err)
{
case -1:
- sprintf(errMsg,
+ snprintf(errMsg, sizeof(errMsg),
getResource(RES_MESSAGE_VERIFYSSGROUP1),
ssUser);
break;
case -2:
- sprintf(errMsg,
+ snprintf(errMsg, sizeof(errMsg),
getResource(RES_MESSAGE_VERIFYSSGROUP2),
ssGroup);
break;
case -3:
- sprintf(errMsg,
+ snprintf(errMsg, sizeof(errMsg),
getResource(RES_MESSAGE_VERIFYSSGROUP3),
ssUser,ssGroup);
break;
@@ -2655,7 +2674,7 @@
NSString err_text(getResource(RES_MESSAGE_VERIFYSSGROUP4, RES_GLOBAL_BRAND));
err_text = err_text + getResource(RES_MESSAGE_VERIFYSSGROUP5);
- sprintf(errMsg, err_text, ssUser,ssGroup);
+ snprintf(errMsg, sizeof(errMsg), err_text, ssUser,ssGroup);
break;
}
default:
@@ -2663,6 +2682,7 @@
break;
}
+ errMsg[sizeof(errMsg)-1] = 0;
return errMsg;
}
@@ -2865,7 +2885,7 @@
if (err == INVALID_ROOT)
{
- sprintf(errMsg, getResource(RES_MESSAGE_VERIFYINSTALLPRIVILEGE1, RES_GLOBAL_BRAND));
+ snprintf(errMsg, sizeof(errMsg), getResource(RES_MESSAGE_VERIFYINSTALLPRIVILEGE1, RES_GLOBAL_BRAND));
}
else if (err == INSTALL_DN_ERR)
{
@@ -2874,7 +2894,7 @@
NSString err_text(getResource(RES_MESSAGE_VERIFYINSTALLPRIVILEGE2, RES_GLOBAL_BRAND));
err_text =
err_text + getResource(RES_MESSAGE_VERIFYINSTALLPRIVILEGE22);
- sprintf(errMsg, err_text,
+ snprintf(errMsg, sizeof(errMsg), err_text,
DEFAULT_SS_CONTAINER_RDN, DEFAULT_ROOT_DN);
}
else
@@ -2882,14 +2902,15 @@
NSString err_text(getResource(RES_MESSAGE_VERIFYINSTALLPRIVILEGE3, RES_GLOBAL_BRAND));
err_text =
err_text + getResource(RES_MESSAGE_VERIFYINSTALLPRIVILEGE32);
- sprintf(errMsg, err_text, installDN);
+ snprintf(errMsg, sizeof(errMsg), err_text, installDN);
}
}
else if (err != OKAY)
{
- sprintf(errMsg,
+ snprintf(errMsg, sizeof(errMsg),
getResource(RES_MESSAGE_VERIFYINSTALLPRIVILEGE4), ldapUser);
}
+ errMsg[sizeof(errMsg)-1] = 0;
return errMsg;
}
@@ -2926,8 +2947,8 @@
if (err != OKAY)
{
- sprintf(errMsg, "Setup is unable to detect User Directory Informations from the Server\n");
-
+ snprintf(errMsg, sizeof(errMsg), "Setup is unable to detect User Directory Informations from the Server\n");
+ errMsg[sizeof(errMsg)-1] = 0;
}
return errMsg;
@@ -2950,11 +2971,12 @@
if (err != OKAY)
{
- sprintf(errMsg,
+ snprintf(errMsg, sizeof(errMsg),
"The Server Configuration directory subtree appears not to be set up\n"
"correctly for the installation of Netscape Server products. Please contact\n"
"your directory administrator to verify that the you have write\n"
"access to %s\n", installDN);
+ errMsg[sizeof(errMsg)-1] = 0;
}
return errMsg;
Index: product.cc
===================================================================
RCS file: /cvs/dirsec/setuputil/installer/unix/product.cc,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -r1.4 -r1.5
--- product.cc 23 Feb 2006 17:57:02 -0000 1.4
+++ product.cc 23 Mar 2006 15:59:17 -0000 1.5
@@ -27,6 +27,17 @@
**
** HISTORY:
** $Log$
+** Revision 1.5 2006/03/23 15:59:17 rmeggins
+** Bug(s) fixed: 186280
+** Bug Description: Close potential security vulnerabilities in CGI code
+** Reviewed by: Nathan & Noriko (Thanks!)
+** Fix Description: Mostly cleaned up usage of sprintf.
+** Platforms tested: Fedora Core 5
+** Flag Day: no
+** Doc impact: no
+** QA impact: should be covered by regular nightly and manual testing
+** New Tests integrated into TET: none
+**
** Revision 1.4 2006/02/23 17:57:02 nkinder
** https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=182611
** Bug(s) fixed: 182611
@@ -411,7 +422,8 @@
{
char szdir[2048];
//Create an absolute path
- sprintf(szdir,"%s/%s",input, dir->d_name);
+ snprintf(szdir,sizeof(szdir), "%s/%s",input, dir->d_name);
+ szdir[sizeof(szdir)-1] = 0;
//Try removing the directory
int i = rmdir(szdir);
if (i != 0)
@@ -616,7 +628,8 @@
// This is top level master configuration file
init();
- sprintf(tstr, "%s/%s", sourceDir.data(), fileName);
+ snprintf(tstr, sizeof(tstr), "%s/%s", sourceDir.data(), fileName);
+ tstr[sizeof(tstr)-1] = 0;
_packageInfo = new PackageInfo(tstr);
if (_packageInfo->isEmpty() || (componentList = _packageInfo->getListItems(PKG_COMPONENTS)) == NULL || _packageInfo->numSections() == 0)
@@ -680,7 +693,9 @@
init();
- sprintf(tstr, "%s/%s", sourceDir.data(), fileName);
+ snprintf(tstr, sizeof(tstr), "%s/%s", sourceDir.data(), fileName);
+ tstr[sizeof(tstr)-1] = 0;
+
_packageInfo = new PackageInfo(tstr);
if (_packageInfo->isEmpty())
@@ -1277,12 +1292,14 @@
const char *sroot = info->get(SERVER_ROOT);
PackageInfo *p = _packageInfo;
- sprintf(prodinfo, "%s/nyr", sroot);
+ snprintf(prodinfo, sizeof(prodinfo), "%s/nyr", sroot);
+ prodinfo[sizeof(prodinfo)-1] = 0;
if (nyr = fopen(prodinfo,"w"))
fclose(nyr);
// Create new prodinfo
- sprintf(prodinfo, "%s/bin/%s/prodinfo", sroot, get(PKG_NICKNAME));
+ snprintf(prodinfo, sizeof(prodinfo), "%s/bin/%s/prodinfo", sroot, get(PKG_NICKNAME));
+ prodinfo[sizeof(prodinfo)-1] = 0;
p->stampTime();
p->write(prodinfo);
@@ -1551,6 +1568,9 @@
return errMsg;
}
+#define STRINGIZE(x) #x
+#define MYFMT(size) "%" STRINGIZE(size) "s"
+
int
Product::unInstall(const NSString & serverRoot) const
{
@@ -1583,11 +1603,12 @@
if (fp = fopen(logFile.data(), "r"))
{
- while (fscanf(fp, "%s", buf) != EOF)
+ while (fscanf(fp, MYFMT(MED_BUF), buf) != EOF)
{
char suffix[MED_BUF] = "\0";
char *p;
+ buf[sizeof(buf)-1] = 0;
s = buf + serverRoot.length() + 1;
p = strrchr((char *)s, '/');
@@ -1793,7 +1814,6 @@
{
NSString restoreSource;
NSString restoreTarget;
- char buf[SML_BUF];
char **restoreList, **files;
files = restoreList = package()->getListItems(PKG_RESTOREFILES);
@@ -2181,11 +2201,8 @@
NSString name;
const char *version = NULL;
int err = 0;
- char errMsg[BIG_BUF];
int position;
- errMsg[0] = '\0';
-
/*
* Go through the product list and determine whether all dependency
* are satisfied, i.e. if a product depends on one or more products
Index: uninstaller.cc
===================================================================
RCS file: /cvs/dirsec/setuputil/installer/unix/uninstaller.cc,v
retrieving revision 1.1.1.1
retrieving revision 1.2
diff -u -r1.1.1.1 -r1.2
--- uninstaller.cc 29 Jul 2005 22:16:32 -0000 1.1.1.1
+++ uninstaller.cc 23 Mar 2006 15:59:17 -0000 1.2
@@ -27,6 +27,17 @@
**
** HISTORY:
** $Log$
+** Revision 1.2 2006/03/23 15:59:17 rmeggins
+** Bug(s) fixed: 186280
+** Bug Description: Close potential security vulnerabilities in CGI code
+** Reviewed by: Nathan & Noriko (Thanks!)
+** Fix Description: Mostly cleaned up usage of sprintf.
+** Platforms tested: Fedora Core 5
+** Flag Day: no
+** Doc impact: no
+** QA impact: should be covered by regular nightly and manual testing
+** New Tests integrated into TET: none
+**
** Revision 1.1.1.1 2005/07/29 22:16:32 foxworth
** Importing new setup sdk for open source project
**
@@ -399,7 +410,7 @@
if (_serverRoot == (char *) NULL)
{
- sprintf(buf, "ERROR: please specify a server root\n");
+ snprintf(buf, sizeof(buf), "ERROR: please specify a server root\n");
rc = -1;
}
else
@@ -408,17 +419,17 @@
if (InstUtil::isServerRoot(_serverRoot) == False)
{
- sprintf(buf, "ERROR: %s is not a server root\n", _serverRoot.data());
+ snprintf(buf, sizeof(buf), "ERROR: %s is not a server root\n", _serverRoot.data());
rc = -1;
}
else if (_newSuiteSpot.retrieveSuiteSpot(sourceDir, infName) != 0)
{
- sprintf(buf,"ERROR: uninstallation database not found\n");
+ snprintf(buf, sizeof(buf), "ERROR: uninstallation database not found\n");
rc = -1;
}
else if (_newSuiteSpot.numComponents() == 0)
{
- sprintf(buf, "ERROR: nothing to remove\n");
+ snprintf(buf, sizeof(buf), "ERROR: nothing to remove\n");
rc = -1;
}
else
@@ -433,6 +444,7 @@
if (rc)
{
+ buf[sizeof(buf)-1] = 0;
printf(buf);
return rc;
}
Index: ux-setup.cc
===================================================================
RCS file: /cvs/dirsec/setuputil/installer/unix/ux-setup.cc,v
retrieving revision 1.1.1.1
retrieving revision 1.2
diff -u -r1.1.1.1 -r1.2
--- ux-setup.cc 29 Jul 2005 22:16:32 -0000 1.1.1.1
+++ ux-setup.cc 23 Mar 2006 15:59:17 -0000 1.2
@@ -28,6 +28,17 @@
** HISTORY
**
** $Log$
+** Revision 1.2 2006/03/23 15:59:17 rmeggins
+** Bug(s) fixed: 186280
+** Bug Description: Close potential security vulnerabilities in CGI code
+** Reviewed by: Nathan & Noriko (Thanks!)
+** Fix Description: Mostly cleaned up usage of sprintf.
+** Platforms tested: Fedora Core 5
+** Flag Day: no
+** Doc impact: no
+** QA impact: should be covered by regular nightly and manual testing
+** New Tests integrated into TET: none
+**
** Revision 1.1.1.1 2005/07/29 22:16:32 foxworth
** Importing new setup sdk for open source project
**
@@ -278,8 +289,6 @@
if (ldapURL && ldap_url_parse(ldapURL, &ludpp) == 0)
{
- char tmp[10];
-
_installInfo->set(CONFIG_LDAP_URL, ldapURL);
_installInfo->set(DS_ADMIN_DOMAIN, installDN);
@@ -319,17 +328,17 @@
errMsg[0] = 0;
break;
case INVALID_URL:
- sprintf(errMsg, "The URL \"%s\" is not of valid format.\n", localLdapURL);
+ snprintf(errMsg, sizeof(errMsg), "The URL \"%s\" is not of valid format.\n", localLdapURL);
break;
case CONN_FAILED:
- sprintf(errMsg,
+ snprintf(errMsg, sizeof(errMsg),
"Cannot connect to URL \"%s\".\n"
" The server may have been down. Please fix the problem\n"
" before proceeding with installation.\n",
localLdapURL);
break;
case INVALID_DN:
- sprintf(errMsg,
+ snprintf(errMsg, sizeof(errMsg),
"setup cannot verify the base suffix as specified in\n"
" \"%s\".\n"
" Please check the base suffix and re-enter the URL.\n",
@@ -340,6 +349,7 @@
break;
}
free(localLdapURL);
+ errMsg[sizeof(errMsg)-1] = 0;
return errMsg;
}
@@ -359,28 +369,29 @@
switch(err)
{
case INVALID_INPUT:
- sprintf(errMsg, getResource(RES_MESSAGE_VERIFYLDAPUSER1));
+ snprintf(errMsg, sizeof(errMsg), getResource(RES_MESSAGE_VERIFYLDAPUSER1));
break;
case INVALID_URL:
- sprintf(errMsg, getResource(RES_MESSAGE_VERIFYLDAPUSER2), localLdapURL);
+ snprintf(errMsg, sizeof(errMsg), getResource(RES_MESSAGE_VERIFYLDAPUSER2), localLdapURL);
break;
case INVALID_AUTH:
- sprintf(errMsg, getResource(RES_MESSAGE_VERIFYLDAPUSER3));
+ snprintf(errMsg, sizeof(errMsg), getResource(RES_MESSAGE_VERIFYLDAPUSER3));
break;
case CONN_FAILED:
- sprintf(errMsg, getResource(RES_MESSAGE_VERIFYLDAPUSER4));
+ snprintf(errMsg, sizeof(errMsg), getResource(RES_MESSAGE_VERIFYLDAPUSER4));
break;
case INVALID_USER:
- sprintf(errMsg, getResource(RES_MESSAGE_VERIFYLDAPUSER5));
+ snprintf(errMsg, sizeof(errMsg), getResource(RES_MESSAGE_VERIFYLDAPUSER5));
break;
default:
- sprintf(errMsg, getResource(RES_MESSAGE_VERIFYLDAPUSER6));
+ snprintf(errMsg, sizeof(errMsg), getResource(RES_MESSAGE_VERIFYLDAPUSER6));
break;
}
}
free (localLdapURL);
+ errMsg[sizeof(errMsg)-1] = 0;
return errMsg;
}
@@ -391,7 +402,8 @@
{
char filename[200];
- sprintf(filename,"%s/%s", getenv("HOME"), ".nssetup-default");
+ snprintf(filename, sizeof(filename), "%s/%s", getenv("HOME"), ".nssetup-default");
+ filename[sizeof(filename)-1] = 0;
_userDefault.setFormat(1);
_userDefault.read(filename);
}
From fedora-directory-commits at redhat.com Thu Mar 23 20:45:45 2006
From: fedora-directory-commits at redhat.com (Richard Allen Megginson (rmeggins))
Date: Thu, 23 Mar 2006 15:45:45 -0500
Subject: [Fedora-directory-commits] setuputil/installer/include nsdefs.h,
1.1.1.1, 1.2
Message-ID: <200603232045.k2NKjjU5028602@cvs-int.fedora.redhat.com>
Author: rmeggins
Update of /cvs/dirsec/setuputil/installer/include
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv28529/setuputil/installer/include
Modified Files:
nsdefs.h
Log Message:
Use instead of on those platforms that support it.
With this fix, we don't get the deprecation warnings when building setuputil.
This has been tested on various linux, Solaris 9 with old and new forte, and on HPUX IPF.
Thanks to Nathan and Noriko for the reviews.
Index: nsdefs.h
===================================================================
RCS file: /cvs/dirsec/setuputil/installer/include/nsdefs.h,v
retrieving revision 1.1.1.1
retrieving revision 1.2
diff -u -r1.1.1.1 -r1.2
--- nsdefs.h 29 Jul 2005 22:16:28 -0000 1.1.1.1
+++ nsdefs.h 23 Mar 2006 20:45:37 -0000 1.2
@@ -30,6 +30,12 @@
** HISTORY
**
** $Log$
+** Revision 1.2 2006/03/23 20:45:37 rmeggins
+** Use instead of on those platforms that support it.
+** With this fix, we don't get the deprecation warnings when building setuputil.
+** This has been tested on various linux, Solaris 9 with old and new forte, and on HPUX IPF.
+** Thanks to Nathan and Noriko for the reviews.
+**
** Revision 1.1.1.1 2005/07/29 22:16:28 foxworth
** Importing new setup sdk for open source project
**
@@ -153,7 +159,11 @@
** Includes
**
**********************************************************************/
-#include
+#if !defined(HPUX) || defined(_HP_NAMESPACE_STD)
+#include
+#else
+#include /* use old name on older systems */
+#endif
#ifdef XP_WIN32
#include
From fedora-directory-commits at redhat.com Thu Mar 23 20:45:39 2006
From: fedora-directory-commits at redhat.com (Richard Allen Megginson (rmeggins))
Date: Thu, 23 Mar 2006 15:45:39 -0500
Subject: [Fedora-directory-commits] setuputil nsconfig.mk,1.8,1.9
Message-ID: <200603232046.k2NKk9cZ028607@cvs-int.fedora.redhat.com>
Author: rmeggins
Update of /cvs/dirsec/setuputil
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv28529/setuputil
Modified Files:
nsconfig.mk
Log Message:
Use instead of on those platforms that support it.
With this fix, we don't get the deprecation warnings when building setuputil.
This has been tested on various linux, Solaris 9 with old and new forte, and on HPUX IPF.
Thanks to Nathan and Noriko for the reviews.
Index: nsconfig.mk
===================================================================
RCS file: /cvs/dirsec/setuputil/nsconfig.mk,v
retrieving revision 1.8
retrieving revision 1.9
diff -u -r1.8 -r1.9
--- nsconfig.mk 23 Feb 2006 21:47:45 -0000 1.8
+++ nsconfig.mk 23 Mar 2006 20:45:31 -0000 1.9
@@ -220,15 +220,14 @@
ifdef MODERNHP
CC=cc -Ae +ESlit
CXX=aCC
+ARCH_CFLAGS=-AA # the default on ipf, but also use it elsewhere
ifeq ($(NSOS_RELEASE), B.11.23)
- ARCH_CFLAGS=-AA
ifeq ($(USE_64), 1)
BIT_SWITCH=+DD64
else
BIT_SWITCH=+DD32
endif
else # 11.11 or earlier
- ARCH_CFLAGS=
ifeq ($(USE_64), 1)
BIT_SWITCH=+DA2.0W +DS2.0
else
From fedora-directory-commits at redhat.com Fri Mar 24 00:53:05 2006
From: fedora-directory-commits at redhat.com (Noriko Hosoi (nhosoi))
Date: Thu, 23 Mar 2006 19:53:05 -0500
Subject: [Fedora-directory-commits]
directoryconsole/src/com/netscape/admin/dirserv
about.properties, 1.2, 1.3 dirserv.properties, 1.3, 1.4
Message-ID: <200603240053.k2O0r5JL005634@cvs-int.fedora.redhat.com>
Author: nhosoi
Update of /cvs/dirsec/directoryconsole/src/com/netscape/admin/dirserv
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv5599/src/com/netscape/admin/dirserv
Modified Files:
about.properties dirserv.properties
Log Message:
[186105] Admin Server Makefile updates for Internal build
Comment #13
. changed to include the patch number in the jar file name
. changed to create a symlink: redhat-ds-7.2.jar pointing redhat-ds-7.2.0.jar
Index: about.properties
===================================================================
RCS file: /cvs/dirsec/directoryconsole/src/com/netscape/admin/dirserv/about.properties,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- about.properties 28 Oct 2005 18:01:34 -0000 1.2
+++ about.properties 24 Mar 2006 00:52:57 -0000 1.3
@@ -19,7 +19,7 @@
#
# Strings and logos used by the DSAboutDialog
-aboutDialog-dialogTitle=Fedora Directory Server 1.0
+aboutDialog-dialogTitle=Fedora Directory Server 1.0.2
aboutDialog-productLogo=com/netscape/management/client/images/logo32.gif
aboutDialog-productCopyright=Copyright (C) 2001 Sun Microsystems, Inc. Used by permission.\nCopyright (C) 2005 Red Hat, Inc.\nAll rights reserved.
aboutDialog-productLicense=Fedora is a trademark of Red Hat, Inc. in the United States and other countries and is used by permission.
Index: dirserv.properties
===================================================================
RCS file: /cvs/dirsec/directoryconsole/src/com/netscape/admin/dirserv/dirserv.properties,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- dirserv.properties 15 Feb 2006 23:00:50 -0000 1.3
+++ dirserv.properties 24 Mar 2006 00:52:57 -0000 1.4
@@ -164,9 +164,9 @@
#
dialog-configtitle=Fedora Directory Server
dsAdmin-title=Fedora Directory Server
-dsAdmin-version=Version 1.0
+dsAdmin-version=Version 1.0.2
dsAdmin-nsServerPort=Port
-dsAdmin-framework-description=Fedora Directory Server Console 1.0
+dsAdmin-framework-description=Fedora Directory Server Console 1.0.2
dsAdmin-remove-server-cgi-failed=ds_remove failure
#
From fedora-directory-commits at redhat.com Fri Mar 24 00:52:59 2006
From: fedora-directory-commits at redhat.com (Noriko Hosoi (nhosoi))
Date: Thu, 23 Mar 2006 19:52:59 -0500
Subject: [Fedora-directory-commits] directoryconsole build.properties, 1.4,
1.5 build.xml, 1.6, 1.7
Message-ID: <200603240053.k2O0rTTD005640@cvs-int.fedora.redhat.com>
Author: nhosoi
Update of /cvs/dirsec/directoryconsole
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv5599
Modified Files:
build.properties build.xml
Log Message:
[186105] Admin Server Makefile updates for Internal build
Comment #13
. changed to include the patch number in the jar file name
. changed to create a symlink: redhat-ds-7.2.jar pointing redhat-ds-7.2.0.jar
Index: build.properties
===================================================================
RCS file: /cvs/dirsec/directoryconsole/build.properties,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -r1.4 -r1.5
--- build.properties 22 Mar 2006 17:46:10 -0000 1.4
+++ build.properties 24 Mar 2006 00:52:50 -0000 1.5
@@ -21,6 +21,8 @@
lang=en
ldapconsole.root=..
-ldapconsole.version=1.0
+ldapconsole.version=1.0.2
+ldapconsole.gen.version=1.0
brand=fedora
ldapconsole.name=${brand}-ds-${ldapconsole.version}
+ldapconsole.gen.name=${brand}-ds-${ldapconsole.gen.version}
Index: build.xml
===================================================================
RCS file: /cvs/dirsec/directoryconsole/build.xml,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- build.xml 22 Mar 2006 19:09:02 -0000 1.6
+++ build.xml 24 Mar 2006 00:52:51 -0000 1.7
@@ -149,6 +149,12 @@
+
+
+
+
+
+
From fedora-directory-commits at redhat.com Fri Mar 24 01:04:48 2006
From: fedora-directory-commits at redhat.com (Noriko Hosoi (nhosoi))
Date: Thu, 23 Mar 2006 20:04:48 -0500
Subject: [Fedora-directory-commits]
console/src/com/netscape/management/client/topology/customview
ViewSelectorComponent.java, 1.1.1.1, 1.2
Message-ID: <200603240105.k2O15IvF007726@cvs-int.fedora.redhat.com>
Author: nhosoi
Update of /cvs/dirsec/console/src/com/netscape/management/client/topology/customview
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv7628/src/com/netscape/management/client/topology/customview
Modified Files:
ViewSelectorComponent.java
Log Message:
[186105] Admin Server Makefile updates for Internal build
Comment #12
. Preference version number was changed to CONSOLE-MAJOR-VERSION.0
. To do that, introduced Console.MAJOR_VERSION
. changed to include the patch number in the jar file name
. changed to create a symlink: redhat-mcc-7.2.jar pointing to
redhat-mcc-7.2.0.jar
Index: ViewSelectorComponent.java
===================================================================
RCS file: /cvs/dirsec/console/src/com/netscape/management/client/topology/customview/ViewSelectorComponent.java,v
retrieving revision 1.1.1.1
retrieving revision 1.2
diff -u -r1.1.1.1 -r1.2
--- ViewSelectorComponent.java 18 Jul 2005 00:34:20 -0000 1.1.1.1
+++ ViewSelectorComponent.java 24 Mar 2006 01:04:38 -0000 1.2
@@ -80,13 +80,13 @@
pm = new LDAPPreferenceManager(ci.getLDAPConnection(),
ci.getUserPreferenceDN(), Framework.IDENTIFIER,
- Framework.VERSION);
+ Framework.MAJOR_VERSION);
userViewPreferences = (LDAPPreferences) pm.getPreferences("CustomViews"); // private views
privateViewDN = userViewPreferences.getDN();
pm = new LDAPPreferenceManager(ci.getLDAPConnection(),
"ou=Global Preferences," + LDAPUtil.getInstalledSoftwareDN(), "admin",
- Framework.VERSION);
+ Framework.MAJOR_VERSION);
publicViewPreferences = (LDAPPreferences) pm.getPreferences("PublicViews");
publicViewDN = publicViewPreferences.getDN();
From fedora-directory-commits at redhat.com Fri Mar 24 01:05:19 2006
From: fedora-directory-commits at redhat.com (Noriko Hosoi (nhosoi))
Date: Thu, 23 Mar 2006 20:05:19 -0500
Subject: [Fedora-directory-commits]
console/src/com/netscape/management/client/util LDAPUtil.java,
1.1.1.1, 1.2
Message-ID: <200603240105.k2O15Jcr007730@cvs-int.fedora.redhat.com>
Author: nhosoi
Update of /cvs/dirsec/console/src/com/netscape/management/client/util
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv7628/src/com/netscape/management/client/util
Modified Files:
LDAPUtil.java
Log Message:
[186105] Admin Server Makefile updates for Internal build
Comment #12
. Preference version number was changed to CONSOLE-MAJOR-VERSION.0
. To do that, introduced Console.MAJOR_VERSION
. changed to include the patch number in the jar file name
. changed to create a symlink: redhat-mcc-7.2.jar pointing to
redhat-mcc-7.2.0.jar
Index: LDAPUtil.java
===================================================================
RCS file: /cvs/dirsec/console/src/com/netscape/management/client/util/LDAPUtil.java,v
retrieving revision 1.1.1.1
retrieving revision 1.2
diff -u -r1.1.1.1 -r1.2
--- LDAPUtil.java 18 Jul 2005 00:34:26 -0000 1.1.1.1
+++ LDAPUtil.java 24 Mar 2006 01:04:54 -0000 1.2
@@ -52,7 +52,7 @@
}
public static String getAdminGlobalParameterEntry() {
- return "ou=" + Console.VERSION + ", ou=admin, ou=Global Preferences,"+
+ return "ou=" + Console.MAJOR_VERSION + ", ou=admin, ou=Global Preferences,"+
_isieDN;
}
@@ -75,7 +75,7 @@
* @param product RDN for a server (e.g. "ou=admin" for the admin server)
*/
public static String getGlobalParameterEntry(String product) {
- return "ou=" + Console.VERSION + "," + product + ", ou=Global Preferences,"+
+ return "ou=" + Console.MAJOR_VERSION + "," + product + ", ou=Global Preferences,"+
_isieDN;
}
From fedora-directory-commits at redhat.com Fri Mar 24 01:04:56 2006
From: fedora-directory-commits at redhat.com (Noriko Hosoi (nhosoi))
Date: Thu, 23 Mar 2006 20:04:56 -0500
Subject: [Fedora-directory-commits]
console/src/com/netscape/management/client/ug
ChangeDirectoryDialog.java, 1.1.1.1,
1.2 SearchResultPanel.java, 1.1.1.1, 1.2
Message-ID: <200603240105.k2O15QY5007736@cvs-int.fedora.redhat.com>
Author: nhosoi
Update of /cvs/dirsec/console/src/com/netscape/management/client/ug
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv7628/src/com/netscape/management/client/ug
Modified Files:
ChangeDirectoryDialog.java SearchResultPanel.java
Log Message:
[186105] Admin Server Makefile updates for Internal build
Comment #12
. Preference version number was changed to CONSOLE-MAJOR-VERSION.0
. To do that, introduced Console.MAJOR_VERSION
. changed to include the patch number in the jar file name
. changed to create a symlink: redhat-mcc-7.2.jar pointing to
redhat-mcc-7.2.0.jar
Index: ChangeDirectoryDialog.java
===================================================================
RCS file: /cvs/dirsec/console/src/com/netscape/management/client/ug/ChangeDirectoryDialog.java,v
retrieving revision 1.1.1.1
retrieving revision 1.2
diff -u -r1.1.1.1 -r1.2
--- ChangeDirectoryDialog.java 18 Jul 2005 00:34:21 -0000 1.1.1.1
+++ ChangeDirectoryDialog.java 24 Mar 2006 01:04:46 -0000 1.2
@@ -345,7 +345,7 @@
*/
private void loadPreferences() {
PreferenceManager pm = PreferenceManager.getPreferenceManager(
- Framework.IDENTIFIER, Framework.VERSION);
+ Framework.IDENTIFIER, Framework.MAJOR_VERSION);
Preferences p = pm.getPreferences(PREFERENCES_SEARCH_DIRECTORY);
String host = p.getString(PREFERENCE_HOST, _info.getUserHost());
@@ -397,7 +397,7 @@
*/
private void savePreferences() {
PreferenceManager pm = PreferenceManager.getPreferenceManager(
- Framework.IDENTIFIER, Framework.VERSION);
+ Framework.IDENTIFIER, Framework.MAJOR_VERSION);
Preferences p = pm.getPreferences(PREFERENCES_SEARCH_DIRECTORY);
p.set(PREFERENCE_HOST, _info.getUserHost());
Index: SearchResultPanel.java
===================================================================
RCS file: /cvs/dirsec/console/src/com/netscape/management/client/ug/SearchResultPanel.java,v
retrieving revision 1.1.1.1
retrieving revision 1.2
diff -u -r1.1.1.1 -r1.2
--- SearchResultPanel.java 18 Jul 2005 00:34:24 -0000 1.1.1.1
+++ SearchResultPanel.java 24 Mar 2006 01:04:46 -0000 1.2
@@ -64,7 +64,7 @@
Vector header = new Vector();
PreferenceManager pm = PreferenceManager.getPreferenceManager(
- Framework.IDENTIFIER, Framework.VERSION);
+ Framework.IDENTIFIER, Framework.MAJOR_VERSION);
Preferences p = pm.getPreferences(PREFERENCES_RESULT_TABLE);
int count = p.getInt(PREFERENCE_COLUMN_COUNT, -1);
From fedora-directory-commits at redhat.com Fri Mar 24 01:04:09 2006
From: fedora-directory-commits at redhat.com (Noriko Hosoi (nhosoi))
Date: Thu, 23 Mar 2006 20:04:09 -0500
Subject: [Fedora-directory-commits] console build.properties, 1.7,
1.8 build.xml, 1.10, 1.11
Message-ID: <200603240105.k2O15njn007743@cvs-int.fedora.redhat.com>
Author: nhosoi
Update of /cvs/dirsec/console
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv7628
Modified Files:
build.properties build.xml
Log Message:
[186105] Admin Server Makefile updates for Internal build
Comment #12
. Preference version number was changed to CONSOLE-MAJOR-VERSION.0
. To do that, introduced Console.MAJOR_VERSION
. changed to include the patch number in the jar file name
. changed to create a symlink: redhat-mcc-7.2.jar pointing to
redhat-mcc-7.2.0.jar
Index: build.properties
===================================================================
RCS file: /cvs/dirsec/console/build.properties,v
retrieving revision 1.7
retrieving revision 1.8
diff -u -r1.7 -r1.8
--- build.properties 29 Nov 2005 18:36:50 -0000 1.7
+++ build.properties 24 Mar 2006 01:04:00 -0000 1.8
@@ -21,15 +21,21 @@
lang=en
+console.brand=fedora
+
console.root=.
console.version=10
-console.dotversion=1.0
+console.dotversion=1.0.2
+console.dotgenversion=1.0
-mcc.core=fedora-mcc
+mcc.core=${console.brand}-mcc
mcc.name=${mcc.core}-${console.dotversion}
+mcc.gen.name=${mcc.core}-${console.dotgenversion}
-nmclf.core=fedora-nmclf
+nmclf.core=${console.brand}-nmclf
nmclf.name=${nmclf.core}-${console.dotversion}
+nmclf.gen.name=${nmclf.core}-${console.dotgenversion}
-base.core=fedora-base
+base.core=${console.brand}-base
base.name=${base.core}-${console.dotversion}
+base.gen.name=${base.core}-${console.dotgenversion}
Index: build.xml
===================================================================
RCS file: /cvs/dirsec/console/build.xml,v
retrieving revision 1.10
retrieving revision 1.11
diff -u -r1.10 -r1.11
--- build.xml 20 Mar 2006 21:54:02 -0000 1.10
+++ build.xml 24 Mar 2006 01:04:00 -0000 1.11
@@ -172,10 +172,10 @@
destdir="${built.classdir}"
debug="${compile.debug}"
debuglevel="lines,vars,source"
- deprecation="${compile.deprecation}"
+ deprecation="${compile.deprecation}"
optimize="${compile.optimize}"
verbose="no"
- fork="true"
+ fork="true"
excludes="**/CVS/**">
@@ -257,6 +257,22 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
@@ -270,6 +286,7 @@
+
@@ -285,15 +302,15 @@
-
+ prefix="${console.brand}-console-${console.dotversion}">
From fedora-directory-commits at redhat.com Fri Mar 24 01:04:16 2006
From: fedora-directory-commits at redhat.com (Noriko Hosoi (nhosoi))
Date: Thu, 23 Mar 2006 20:04:16 -0500
Subject: [Fedora-directory-commits]
console/src/com/netscape/management/client AboutDialog.java,
1.4, 1.5 FontPreferencesTab.java, 1.1.1.1, 1.2 Framework.java,
1.1.1.1, 1.2 ResourcePage.java, 1.1.1.1,
1.2 SettingsPreferencesTab.java, 1.1.1.1,
1.2 default.properties, 1.3, 1.4 defaultLicense.properties, 1.3, 1.4
Message-ID: <200603240105.k2O15nal007745@cvs-int.fedora.redhat.com>
Author: nhosoi
Update of /cvs/dirsec/console/src/com/netscape/management/client
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv7628/src/com/netscape/management/client
Modified Files:
AboutDialog.java FontPreferencesTab.java Framework.java
ResourcePage.java SettingsPreferencesTab.java
default.properties defaultLicense.properties
Log Message:
[186105] Admin Server Makefile updates for Internal build
Comment #12
. Preference version number was changed to CONSOLE-MAJOR-VERSION.0
. To do that, introduced Console.MAJOR_VERSION
. changed to include the patch number in the jar file name
. changed to create a symlink: redhat-mcc-7.2.jar pointing to
redhat-mcc-7.2.0.jar
Index: AboutDialog.java
===================================================================
RCS file: /cvs/dirsec/console/src/com/netscape/management/client/AboutDialog.java,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -r1.4 -r1.5
--- AboutDialog.java 2 Dec 2005 21:30:04 -0000 1.4
+++ AboutDialog.java 24 Mar 2006 01:04:07 -0000 1.5
@@ -179,7 +179,7 @@
AboutDialog dialog = new AboutDialog(f, "Fedora Management Console");
- dialog.setProduct(UIManager.getIcon("OptionPane.warningIcon"), "Fedora Management Console\056 Console 1.0\nCopyright (C) Red Hat, Inc.", "\n\nThis software is subject to the terms of a license agreement. Please do not use the software unless you agree to all the license terms");
+ dialog.setProduct(UIManager.getIcon("OptionPane.warningIcon"), "Fedora Management Console\056 Console 1.0.2\nCopyright (C) Red Hat, Inc.", "\n\nThis software is subject to the terms of a license agreement. Please do not use the software unless you agree to all the license terms");
dialog.addVendor(UIManager.getIcon("OptionPane.informationIcon"), "Contains Phaos SSL encryption software from Phaos Technology Corporation. Copyright © 1998 Phaos Technology Corporation. All Rights Reserved");
dialog.addVendor(UIManager.getIcon("OptionPane.informationIcon"), "Contains encryption software from RSA Data Security, Inc. Copyright © 1994 RSA Data Security, Inc. All rights reserved.");
Index: FontPreferencesTab.java
===================================================================
RCS file: /cvs/dirsec/console/src/com/netscape/management/client/FontPreferencesTab.java,v
retrieving revision 1.1.1.1
retrieving revision 1.2
diff -u -r1.1.1.1 -r1.2
--- FontPreferencesTab.java 18 Jul 2005 00:34:07 -0000 1.1.1.1
+++ FontPreferencesTab.java 24 Mar 2006 01:04:07 -0000 1.2
@@ -57,7 +57,7 @@
public FontPreferencesTab()
{
- preferenceManager = PreferenceManager.getPreferenceManager(Framework.IDENTIFIER, Framework.VERSION);
+ preferenceManager = PreferenceManager.getPreferenceManager(Framework.IDENTIFIER, Framework.MAJOR_VERSION);
setTitle(i18n("title"));
}
Index: Framework.java
===================================================================
RCS file: /cvs/dirsec/console/src/com/netscape/management/client/Framework.java,v
retrieving revision 1.1.1.1
retrieving revision 1.2
diff -u -r1.1.1.1 -r1.2
--- Framework.java 18 Jul 2005 00:34:07 -0000 1.1.1.1
+++ Framework.java 24 Mar 2006 01:04:07 -0000 1.2
@@ -47,6 +47,7 @@
public class Framework extends JFrame implements IFramework, SuiConstants {
public static final String IDENTIFIER = Console.IDENTIFIER;
public static final String VERSION = Console.VERSION;
+ public static final String MAJOR_VERSION = Console.MAJOR_VERSION;
public static final String PREFERENCES_GENERAL = "General";
public static final String PREFERENCES_FONTS = "Fonts";
@@ -653,7 +654,7 @@
if (_preferenceManager == null)
_preferenceManager =
PreferenceManager.getPreferenceManager(IDENTIFIER,
- VERSION);
+ MAJOR_VERSION);
Preferences p =
_preferenceManager.getPreferences(PREFERENCES_GENERAL);
Index: ResourcePage.java
===================================================================
RCS file: /cvs/dirsec/console/src/com/netscape/management/client/ResourcePage.java,v
retrieving revision 1.1.1.1
retrieving revision 1.2
diff -u -r1.1.1.1 -r1.2
--- ResourcePage.java 18 Jul 2005 00:34:08 -0000 1.1.1.1
+++ ResourcePage.java 24 Mar 2006 01:04:07 -0000 1.2
@@ -223,7 +223,7 @@
*/
public void initialize(IFramework framework) {
PreferenceManager pm = PreferenceManager.getPreferenceManager(
- Framework.IDENTIFIER, Framework.VERSION);
+ Framework.IDENTIFIER, Framework.MAJOR_VERSION);
Preferences p = pm.getPreferences(PREFERENCES_RESOURCES);
setMainPanel(p.getBoolean(PREFERENCE_SHOW_TREE, true));
@@ -761,7 +761,7 @@
ResourcePage.this.add(_customPanel);
}
PreferenceManager pm = PreferenceManager.getPreferenceManager(
- Framework.IDENTIFIER, Framework.VERSION);
+ Framework.IDENTIFIER, Framework.MAJOR_VERSION);
Preferences p = pm.getPreferences(PREFERENCES_RESOURCES);
p.set(PREFERENCE_SHOW_TREE, _isTreeVisible);
}
Index: SettingsPreferencesTab.java
===================================================================
RCS file: /cvs/dirsec/console/src/com/netscape/management/client/SettingsPreferencesTab.java,v
retrieving revision 1.1.1.1
retrieving revision 1.2
diff -u -r1.1.1.1 -r1.2
--- SettingsPreferencesTab.java 18 Jul 2005 00:34:08 -0000 1.1.1.1
+++ SettingsPreferencesTab.java 24 Mar 2006 01:04:07 -0000 1.2
@@ -147,19 +147,19 @@
Console.setLocalPreferencesFlag(
!storeDirectoryRadio.isSelected());
PreferenceManager pm = PreferenceManager.getPreferenceManager(
- Framework.IDENTIFIER, Framework.VERSION);
+ Framework.IDENTIFIER, Framework.MAJOR_VERSION);
Preferences p = pm.getPreferences(Framework.PREFERENCES_GENERAL);
if (storeLocalState != storeDiskRadio.isSelected()) {
if (storeDiskRadio.isSelected()) {
copyPreferences(pm,
new FilePreferenceManager(
- Framework.IDENTIFIER, Framework.VERSION));
+ Framework.IDENTIFIER, Framework.MAJOR_VERSION));
} else {
ConsoleInfo ci = Console.getConsoleInfo();
PreferenceManager toMgr = new LDAPPreferenceManager(
ci.getLDAPConnection(), ci.getUserPreferenceDN(),
- Framework.IDENTIFIER, Framework.VERSION);
+ Framework.IDENTIFIER, Framework.MAJOR_VERSION);
copyPreferences(pm, toMgr);
}
}
Index: default.properties
===================================================================
RCS file: /cvs/dirsec/console/src/com/netscape/management/client/default.properties,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- default.properties 26 Oct 2005 23:16:15 -0000 1.3
+++ default.properties 24 Mar 2006 01:04:07 -0000 1.4
@@ -63,8 +63,8 @@
menu-HelpSearch=&Search
menu-HelpIndex=&Index
menu-HelpWebHelp=Web-based &Resources
-menu-HelpSuiteSpot=&Fedora Website
-menu-HelpDocHome=http://fedora.redhat.com
+menu-HelpSuiteSpot=Documentation &Home
+menu-HelpDocHome=directory.fedora.redhat.com
menu-HelpBookshelf=&Bookshelf
menu-HelpAbout=&About...
@@ -123,5 +123,5 @@
fontTab-fontProfile=Font Profile
fontTab-table_tt=Font table of screen elements and corresponding sample font
-banner-console=Fedora Management Console 1.0
+banner-console=Fedora Management Console 1.0.2
Index: defaultLicense.properties
===================================================================
RCS file: /cvs/dirsec/console/src/com/netscape/management/client/defaultLicense.properties,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- defaultLicense.properties 26 Oct 2005 23:16:15 -0000 1.3
+++ defaultLicense.properties 24 Mar 2006 01:04:07 -0000 1.4
@@ -17,7 +17,7 @@
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
# END COPYRIGHT BLOCK
#
-defaultAbout-dialogTitle=Fedora Management Console 1.0
+defaultAbout-dialogTitle=Fedora Management Console 1.0.2
defaultAbout-productLogo=com/netscape/management/client/images/logo32.gif
defaultAbout-productCopyright=Copyright (C) 2001 Sun Microsystems, Inc. Used by permission.\nCopyright (C) 2005 Red Hat, Inc.\nAll rights reserved.
defaultAbout-productLicense=Fedora is a trademark of Red Hat, Inc. in the United States and other countries and is used by permission.
From fedora-directory-commits at redhat.com Fri Mar 24 01:04:39 2006
From: fedora-directory-commits at redhat.com (Noriko Hosoi (nhosoi))
Date: Thu, 23 Mar 2006 20:04:39 -0500
Subject: [Fedora-directory-commits]
console/src/com/netscape/management/client/console
Console.java, 1.5, 1.6 console.properties, 1.3, 1.4
Message-ID: <200603240105.k2O15n1U007744@cvs-int.fedora.redhat.com>
Author: nhosoi
Update of /cvs/dirsec/console/src/com/netscape/management/client/console
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv7628/src/com/netscape/management/client/console
Modified Files:
Console.java console.properties
Log Message:
[186105] Admin Server Makefile updates for Internal build
Comment #12
. Preference version number was changed to CONSOLE-MAJOR-VERSION.0
. To do that, introduced Console.MAJOR_VERSION
. changed to include the patch number in the jar file name
. changed to create a symlink: redhat-mcc-7.2.jar pointing to
redhat-mcc-7.2.0.jar
Index: Console.java
===================================================================
RCS file: /cvs/dirsec/console/src/com/netscape/management/client/console/Console.java,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- Console.java 9 Feb 2006 23:57:20 -0000 1.5
+++ Console.java 24 Mar 2006 01:04:14 -0000 1.6
@@ -56,7 +56,8 @@
// preference information
//
public static final String IDENTIFIER = "Console";
- public static final String VERSION = "1.0";
+ public static final String VERSION = "1.0.2";
+ public static final String MAJOR_VERSION = "1.0";
public static final String PREFERENCES_LOGIN =
IDENTIFIER + "." + VERSION + ".Login.preferences";
Index: console.properties
===================================================================
RCS file: /cvs/dirsec/console/src/com/netscape/management/client/console/console.properties,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- console.properties 26 Oct 2005 23:16:23 -0000 1.3
+++ console.properties 24 Mar 2006 01:04:14 -0000 1.4
@@ -18,7 +18,7 @@
# END COPYRIGHT BLOCK
#
console-title=Fedora Management Console
-console-displayVersion=1.0
+console-displayVersion=1.0.2
login-username=User ID:
login-password=Password:
From fedora-directory-commits at redhat.com Fri Mar 24 01:13:39 2006
From: fedora-directory-commits at redhat.com (Noriko Hosoi (nhosoi))
Date: Thu, 23 Mar 2006 20:13:39 -0500
Subject: [Fedora-directory-commits] adminserver/admserv/schema/ldif
tasks.ldif, 1.6, 1.7 unixtasks.ldif, 1.5, 1.6
Message-ID: <200603240113.k2O1Ddue007881@cvs-int.fedora.redhat.com>
Author: nhosoi
Update of /cvs/dirsec/adminserver/admserv/schema/ldif
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv7771/admserv/schema/ldif
Modified Files:
tasks.ldif unixtasks.ldif
Log Message:
[186105] Admin Server Makefile updates for Internal build
Comment #11
. fixed jss jar file name to jss3.jar; mistakenly put minor version number in
the previous checkin (jss37.jar)
. changed to include the patch number in the jar file name
. fixed admin console package name in the Global Preferences: admserv72.jar ->
redhat-admserv-7.2.jar
. changed to create a symlink: redhat-admserv-7.2.jar pointing redhat-admserv-7.2.0.jar
. introduced CONSOLE-GEN-VERSION and CONSOLE-MAJOR-VERSION in the branding data
Index: tasks.ldif
===================================================================
RCS file: /cvs/dirsec/adminserver/admserv/schema/ldif/tasks.ldif,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- tasks.ldif 28 Oct 2005 22:44:23 -0000 1.6
+++ tasks.ldif 24 Mar 2006 01:13:30 -0000 1.7
@@ -39,7 +39,7 @@
objectclass: nsAdminObject
nshelpref: admin/stopadm.html
nsexecref: stopsrv
-nsclassname: com.netscape.management.admserv.task.Stop at admserv10.jar
+nsclassname: com.netscape.management.admserv.task.Stop at fedora-admserv-1.0.jar
dn: cn=Restart, cn=Operation, cn=Tasks
objectclass: top
@@ -47,7 +47,7 @@
objectclass: nsAdminObject
nshelpref: admin/restartadm.html
nsexecref: restartsrv
-nsclassname: com.netscape.management.admserv.task.Restart at admserv10.jar
+nsclassname: com.netscape.management.admserv.task.Restart at fedora-admserv-1.0.jar
dn: cn=Authenticate, cn=Operation, cn=Tasks
objectclass: top
@@ -104,7 +104,7 @@
objectclass: nsAdminObject
nshelpref:
nsexecref: config
-nsclassname: com.netscape.management.admserv.task.ServerSetup at admserv10.jar
+nsclassname: com.netscape.management.admserv.task.ServerSetup at fedora-admserv-1.0.jar
dn: cn=DirectorySetup, cn=configuration, cn=Tasks
objectclass: top
@@ -133,7 +133,7 @@
objectclass: nsAdminObject
nshelpref: admin/logging.html
nsexecref: config
-nsclassname: com.netscape.management.admserv.task.Logging at admserv10.jar
+nsclassname: com.netscape.management.admserv.task.Logging at fedora-admserv-1.0.jar
dn: cn=SecurityOp, cn=configuration, cn=Tasks
objectclass: top
@@ -148,7 +148,7 @@
objectclass: nsAdminObject
nshelpref: admin/certrequest.html
nsexecref:
-nsclassname: com.netscape.management.admserv.task.CertSetup at admserv10.jar
+nsclassname: com.netscape.management.admserv.task.CertSetup at fedora-admserv-1.0.jar
dn: cn=SSLActivate, cn=configuration, cn=Tasks
objectclass: top
Index: unixtasks.ldif
===================================================================
RCS file: /cvs/dirsec/adminserver/admserv/schema/ldif/unixtasks.ldif,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- unixtasks.ldif 28 Oct 2005 22:44:23 -0000 1.5
+++ unixtasks.ldif 24 Mar 2006 01:13:30 -0000 1.6
@@ -35,5 +35,5 @@
objectclass: nsAdminObject
nshelpref:
nsexecref: snmpconf
-nsclassname: com.netscape.management.admserv.task.SNMPSetup at admserv10.jar
+nsclassname: com.netscape.management.admserv.task.SNMPSetup at fedora-admserv-1.0.jar
From fedora-directory-commits at redhat.com Fri Mar 24 01:13:10 2006
From: fedora-directory-commits at redhat.com (Noriko Hosoi (nhosoi))
Date: Thu, 23 Mar 2006 20:13:10 -0500
Subject: [Fedora-directory-commits]
adminserver/admserv/console/src/com/netscape/management/admserv/cmdln
version.dat, 1.1.1.1, 1.2
Message-ID: <200603240113.k2O1DePS007882@cvs-int.fedora.redhat.com>
Author: nhosoi
Update of /cvs/dirsec/adminserver/admserv/console/src/com/netscape/management/admserv/cmdln
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv7771/admserv/console/src/com/netscape/management/admserv/cmdln
Modified Files:
version.dat
Log Message:
[186105] Admin Server Makefile updates for Internal build
Comment #11
. fixed jss jar file name to jss3.jar; mistakenly put minor version number in
the previous checkin (jss37.jar)
. changed to include the patch number in the jar file name
. fixed admin console package name in the Global Preferences: admserv72.jar ->
redhat-admserv-7.2.jar
. changed to create a symlink: redhat-admserv-7.2.jar pointing redhat-admserv-7.2.0.jar
. introduced CONSOLE-GEN-VERSION and CONSOLE-MAJOR-VERSION in the branding data
Index: version.dat
===================================================================
RCS file: /cvs/dirsec/adminserver/admserv/console/src/com/netscape/management/admserv/cmdln/version.dat,v
retrieving revision 1.1.1.1
retrieving revision 1.2
diff -u -r1.1.1.1 -r1.2
--- version.dat 1 Feb 2005 23:14:31 -0000 1.1.1.1
+++ version.dat 24 Mar 2006 01:13:00 -0000 1.2
@@ -1,5 +1,5 @@
-Administration Server Command Line (admconfig) version 6.2
-
-Copyright (c) 2001 Netscape Communications Corp.
+Administration Server Command Line (admconfig) version 7.2.1
+Copyright (C) 2005 Red Hat, Inc.
+All rights reserved.
From fedora-directory-commits at redhat.com Fri Mar 24 01:12:37 2006
From: fedora-directory-commits at redhat.com (Noriko Hosoi (nhosoi))
Date: Thu, 23 Mar 2006 20:12:37 -0500
Subject: [Fedora-directory-commits] adminserver/admserv pkgadmin.mk, 1.44,
1.45
Message-ID: <200603240114.k2O1E70v007892@cvs-int.fedora.redhat.com>
Author: nhosoi
Update of /cvs/dirsec/adminserver/admserv
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv7771/admserv
Modified Files:
pkgadmin.mk
Log Message:
[186105] Admin Server Makefile updates for Internal build
Comment #11
. fixed jss jar file name to jss3.jar; mistakenly put minor version number in
the previous checkin (jss37.jar)
. changed to include the patch number in the jar file name
. fixed admin console package name in the Global Preferences: admserv72.jar ->
redhat-admserv-7.2.jar
. changed to create a symlink: redhat-admserv-7.2.jar pointing redhat-admserv-7.2.0.jar
. introduced CONSOLE-GEN-VERSION and CONSOLE-MAJOR-VERSION in the branding data
Index: pkgadmin.mk
===================================================================
RCS file: /cvs/dirsec/adminserver/admserv/pkgadmin.mk,v
retrieving revision 1.44
retrieving revision 1.45
diff -u -r1.44 -r1.45
--- pkgadmin.mk 22 Mar 2006 22:53:48 -0000 1.44
+++ pkgadmin.mk 24 Mar 2006 01:12:27 -0000 1.45
@@ -154,7 +154,8 @@
# grab the jar files
cd $(ADMIN_JARS) ; \
- cp -p fedora-admserv-$(ADM_SUF).jar fedora-admserv-$(ADM_SUF)_en.jar $(CLIENT_DIR)/java/jars
+ cp -p $(ADMIN_BRAND)-admserv-$(ADM_SUF).jar $(ADMIN_BRAND)-admserv-$(ADM_SUF)_en.jar $(CLIENT_DIR)/java/jars; \
+ (cd $(CLIENT_DIR)/java/jars; ln -s $(ADMIN_BRAND)-admserv-$(ADM_SUF).jar $(ADMIN_BRAND)-admserv-$(ADM_GEN_SUF).jar; ln -s $(ADMIN_BRAND)-admserv-$(ADM_SUF)_en.jar $(ADMIN_BRAND)-admserv-$(ADM_GEN_SUF)_en.jar)
#
# Cleanup before making distributable zip
From fedora-directory-commits at redhat.com Fri Mar 24 01:13:24 2006
From: fedora-directory-commits at redhat.com (Noriko Hosoi (nhosoi))
Date: Thu, 23 Mar 2006 20:13:24 -0500
Subject: [Fedora-directory-commits] adminserver/admserv/newinst/insadm
Makefile, 1.13, 1.14
Message-ID: <200603240114.k2O1E7VD007887@cvs-int.fedora.redhat.com>
Author: nhosoi
Update of /cvs/dirsec/adminserver/admserv/newinst/insadm
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv7771/admserv/newinst/insadm
Modified Files:
Makefile
Log Message:
[186105] Admin Server Makefile updates for Internal build
Comment #11
. fixed jss jar file name to jss3.jar; mistakenly put minor version number in
the previous checkin (jss37.jar)
. changed to include the patch number in the jar file name
. fixed admin console package name in the Global Preferences: admserv72.jar ->
redhat-admserv-7.2.jar
. changed to create a symlink: redhat-admserv-7.2.jar pointing redhat-admserv-7.2.0.jar
. introduced CONSOLE-GEN-VERSION and CONSOLE-MAJOR-VERSION in the branding data
Index: Makefile
===================================================================
RCS file: /cvs/dirsec/adminserver/admserv/newinst/insadm/Makefile,v
retrieving revision 1.13
retrieving revision 1.14
diff -u -r1.13 -r1.14
--- Makefile 29 Sep 2005 22:12:00 -0000 1.13
+++ Makefile 24 Mar 2006 01:13:08 -0000 1.14
@@ -315,8 +315,8 @@
-rm $(STARTCONZDIR)/console.z
mkdir -p $(STARTCONZDIR)/java/jars
mkdir -p $(STARTCONZDIR)/bin/base
- cp $(ADMIN_JARS)/admserv$(ADM_SUF).jar $(STARTCONZDIR)/java/jars
- cp $(ADMIN_JARS)/admserv$(ADM_SUF)_en.jar $(STARTCONZDIR)/java/jars
+ cp $(ADMIN_JARS)/$(ADMIN_BRAND)-admserv-$(ADM_SUF).jar $(STARTCONZDIR)/java/jars
+ cp $(ADMIN_JARS)/$(ADMIN_BRAND)-admserv-$(ADM_SUF)_en.jar $(STARTCONZDIR)/java/jars
cp $(SRC_ADMSERV)/viewurl.exe $(STARTCONZDIR)/bin/base
cp $(SRC_ADMSERV)/jre.inf $(STARTCONZDIR)/java
cd $(STARTCONZDIR) ; $(ZIP) -r console.z '*'
From fedora-directory-commits at redhat.com Fri Mar 24 01:13:02 2006
From: fedora-directory-commits at redhat.com (Noriko Hosoi (nhosoi))
Date: Thu, 23 Mar 2006 20:13:02 -0500
Subject: [Fedora-directory-commits] adminserver/admserv/console
build.properties, 1.11, 1.12
Message-ID: <200603240114.k2O1E7UJ007890@cvs-int.fedora.redhat.com>
Author: nhosoi
Update of /cvs/dirsec/adminserver/admserv/console
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv7771/admserv/console
Modified Files:
build.properties
Log Message:
[186105] Admin Server Makefile updates for Internal build
Comment #11
. fixed jss jar file name to jss3.jar; mistakenly put minor version number in
the previous checkin (jss37.jar)
. changed to include the patch number in the jar file name
. fixed admin console package name in the Global Preferences: admserv72.jar ->
redhat-admserv-7.2.jar
. changed to create a symlink: redhat-admserv-7.2.jar pointing redhat-admserv-7.2.0.jar
. introduced CONSOLE-GEN-VERSION and CONSOLE-MAJOR-VERSION in the branding data
Index: build.properties
===================================================================
RCS file: /cvs/dirsec/adminserver/admserv/console/build.properties,v
retrieving revision 1.11
retrieving revision 1.12
diff -u -r1.11 -r1.12
--- build.properties 21 Mar 2006 18:33:54 -0000 1.11
+++ build.properties 24 Mar 2006 01:12:35 -0000 1.12
@@ -21,7 +21,7 @@
# END COPYRIGHT BLOCK
adminconsole.root=../..
-mcc.version=1.0
+mcc.version=1.0.2
admin.core=admserv
admin.brand=fedora
From fedora-directory-commits at redhat.com Fri Mar 24 01:12:29 2006
From: fedora-directory-commits at redhat.com (Noriko Hosoi (nhosoi))
Date: Thu, 23 Mar 2006 20:12:29 -0500
Subject: [Fedora-directory-commits] adminserver components.mk, 1.43,
1.44 nsconfig.mk, 1.27, 1.28
Message-ID: <200603240114.k2O1E7eT007891@cvs-int.fedora.redhat.com>
Author: nhosoi
Update of /cvs/dirsec/adminserver
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv7771
Modified Files:
components.mk nsconfig.mk
Log Message:
[186105] Admin Server Makefile updates for Internal build
Comment #11
. fixed jss jar file name to jss3.jar; mistakenly put minor version number in
the previous checkin (jss37.jar)
. changed to include the patch number in the jar file name
. fixed admin console package name in the Global Preferences: admserv72.jar ->
redhat-admserv-7.2.jar
. changed to create a symlink: redhat-admserv-7.2.jar pointing redhat-admserv-7.2.0.jar
. introduced CONSOLE-GEN-VERSION and CONSOLE-MAJOR-VERSION in the branding data
Index: components.mk
===================================================================
RCS file: /cvs/dirsec/adminserver/components.mk,v
retrieving revision 1.43
retrieving revision 1.44
diff -u -r1.43 -r1.44
--- components.mk 21 Mar 2006 19:48:49 -0000 1.43
+++ components.mk 24 Mar 2006 01:12:20 -0000 1.44
@@ -356,10 +356,11 @@
# Console java classes
#############################################################
-NMCJDK_SUF = 1.0
+NMCJDK_SUF = 1.0.2
+NMCJDK_GEN_SUF = 1.0
NMCJDK_RELDATE = 20060320
-NMCJDK_COMP = console/$(NMCJDK_SUF)
+NMCJDK_COMP = console/$(NMCJDK_GEN_SUF)
NMCJDK_VERSION = $(NMCJDK_RELDATE)
@@ -383,6 +384,12 @@
mkdir -p $(CLASS_DEST)
# grab the jar files
$(PERL5) $(RELTOOLS)/ftp_puller.pl -method $(NMCJDK_METHOD) -objdir $(CLASS_DEST) -componentdir $(NMCJDK_DIR)/java -files $(ADMIN_BRAND)-base-$(NMCJDK_SUF).jar,$(ADMIN_BRAND)-mcc-$(NMCJDK_SUF).jar,$(ADMIN_BRAND)-mcc-$(NMCJDK_SUF)_en.jar,$(ADMIN_BRAND)-nmclf-$(NMCJDK_SUF).jar,$(ADMIN_BRAND)-nmclf-$(NMCJDK_SUF)_en.jar
+# make symlinks; cannot FTP symlinked files
+ -(cd $(CLASS_DEST); ln -s $(ADMIN_BRAND)-base-$(NMCJDK_SUF).jar $(ADMIN_BRAND)-base-$(NMCJDK_GEN_SUF).jar)
+ -(cd $(CLASS_DEST); ln -s $(ADMIN_BRAND)-mcc-$(NMCJDK_SUF).jar $(ADMIN_BRAND)-mcc-$(NMCJDK_GEN_SUF).jar)
+ -(cd $(CLASS_DEST); ln -s $(ADMIN_BRAND)-mcc-$(NMCJDK_SUF)_en.jar $(ADMIN_BRAND)-mcc-$(NMCJDK_GEN_SUF)_en.jar)
+ -(cd $(CLASS_DEST); ln -s $(ADMIN_BRAND)-nmclf-$(NMCJDK_SUF).jar $(ADMIN_BRAND)-nmclf-$(NMCJDK_GEN_SUF).jar)
+ -(cd $(CLASS_DEST); ln -s $(ADMIN_BRAND)-nmclf-$(NMCJDK_SUF)_en.jar $(ADMIN_BRAND)-nmclf-$(NMCJDK_GEN_SUF)_en.jar)
# grab the startconsole program
$(PERL5) $(RELTOOLS)/ftp_puller.pl -method $(NMCJDK_METHOD) -objdir $(CLASS_DEST) -componentdir $(NMCJDK_DIR) -files startconsole && chmod +x $(CLASS_DEST)/startconsole
else # INTERNAL_BUILD
@@ -394,7 +401,8 @@
#############################################################
JSS_SDK_VERSION = JSS_3_7_RTM
-JSSSDK = jss37.jar
+# xpclass.jar is copied to this name. don't put the minor version number
+JSSSDK = jss3.jar
XPCLASS = $(JSS_JAR_NAME)
ifeq ($(INT_JSS), 1)
Index: nsconfig.mk
===================================================================
RCS file: /cvs/dirsec/adminserver/nsconfig.mk,v
retrieving revision 1.27
retrieving revision 1.28
diff -u -r1.27 -r1.28
--- nsconfig.mk 21 Mar 2006 19:48:49 -0000 1.27
+++ nsconfig.mk 24 Mar 2006 01:12:20 -0000 1.28
@@ -530,7 +530,8 @@
endif
endif
-ADM_SUF=1.0
+ADM_SUF=1.0.2
+ADM_GEN_SUF=1.0
# CLEAN THIS UP
From fedora-directory-commits at redhat.com Fri Mar 24 01:13:32 2006
From: fedora-directory-commits at redhat.com (Noriko Hosoi (nhosoi))
Date: Thu, 23 Mar 2006 20:13:32 -0500
Subject: [Fedora-directory-commits] adminserver/admserv/newinst/src
ux-update.cc, 1.19, 1.20
Message-ID: <200603240114.k2O1E7hU007889@cvs-int.fedora.redhat.com>
Author: nhosoi
Update of /cvs/dirsec/adminserver/admserv/newinst/src
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv7771/admserv/newinst/src
Modified Files:
ux-update.cc
Log Message:
[186105] Admin Server Makefile updates for Internal build
Comment #11
. fixed jss jar file name to jss3.jar; mistakenly put minor version number in
the previous checkin (jss37.jar)
. changed to include the patch number in the jar file name
. fixed admin console package name in the Global Preferences: admserv72.jar ->
redhat-admserv-7.2.jar
. changed to create a symlink: redhat-admserv-7.2.jar pointing redhat-admserv-7.2.0.jar
. introduced CONSOLE-GEN-VERSION and CONSOLE-MAJOR-VERSION in the branding data
Index: ux-update.cc
===================================================================
RCS file: /cvs/dirsec/adminserver/admserv/newinst/src/ux-update.cc,v
retrieving revision 1.19
retrieving revision 1.20
diff -u -r1.19 -r1.20
--- ux-update.cc 22 Feb 2006 02:28:51 -0000 1.19
+++ ux-update.cc 24 Mar 2006 01:13:15 -0000 1.20
@@ -950,7 +950,7 @@
appEntry->addAttribute("installationTimeStamp", adminInfo->timeStamp());
appEntry->addAttribute("nsExpirationDate", adminInfo->get(PKG_EXPIRY));
appEntry->addAttribute("nsBuildSecurity", adminInfo->get(PKG_SECURITY));
- appEntry->addAttribute("nsServerMigrationClassName", "com.netscape.management.admserv.AdminServerProduct at admserv10.jar");
+ appEntry->addAttribute("nsServerMigrationClassName", "com.netscape.management.admserv.AdminServerProduct at fedora-admserv-1.0.jar");
sieEntry->clear();
@@ -1061,7 +1061,7 @@
configEntry->addAttribute ("nsDefaultAcceptLanguage", adminInfo->get(PKG_DEFAULT_LANGUAGE));
- sprintf(tstr, "com.netscape.management.admserv.AdminServer at admserv10.jar@%s", sieDN.data());
+ sprintf(tstr, "com.netscape.management.admserv.AdminServer at fedora-admserv-1.0.jar@%s", sieDN.data());
configEntry->addAttribute ("nsClassname", tstr);
// Set the appropriate ACI on for this branch
@@ -1072,7 +1072,7 @@
else
{
const char *s;
- sprintf(tstr, "com.netscape.management.admserv.AdminServer at admserv10.jar@%s", sieDN.data());
+ sprintf(tstr, "com.netscape.management.admserv.AdminServer at fedora-admserv-1.0.jar@%s", sieDN.data());
configEntry->setAttribute ("nsClassname", tstr);
configEntry->setAttribute ("nsServerPort", dir);
configEntry->setAttribute ("nsSuiteSpotUser", adminUser);
From fedora-directory-commits at redhat.com Fri Mar 24 02:50:51 2006
From: fedora-directory-commits at redhat.com (Noriko Hosoi (nhosoi))
Date: Thu, 23 Mar 2006 21:50:51 -0500
Subject: [Fedora-directory-commits] setuputil nsconfig.mk,1.9,1.10
Message-ID: <200603240250.k2O2opkV010270@cvs-int.fedora.redhat.com>
Author: nhosoi
Update of /cvs/dirsec/setuputil
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv10253
Modified Files:
nsconfig.mk
Log Message:
Don't set "-AA" for HP-UX PA_RISC
Index: nsconfig.mk
===================================================================
RCS file: /cvs/dirsec/setuputil/nsconfig.mk,v
retrieving revision 1.9
retrieving revision 1.10
diff -u -r1.9 -r1.10
--- nsconfig.mk 23 Mar 2006 20:45:31 -0000 1.9
+++ nsconfig.mk 24 Mar 2006 02:50:43 -0000 1.10
@@ -220,14 +220,16 @@
ifdef MODERNHP
CC=cc -Ae +ESlit
CXX=aCC
-ARCH_CFLAGS=-AA # the default on ipf, but also use it elsewhere
+# ARCH_CFLAGS=-AA # if set on PA_RISC, build fails by not found
ifeq ($(NSOS_RELEASE), B.11.23)
+ ARCH_CFLAGS=-AA # the default on ipf, but also use it elsewhere
ifeq ($(USE_64), 1)
BIT_SWITCH=+DD64
else
BIT_SWITCH=+DD32
endif
else # 11.11 or earlier
+ ARCH_CFLAGS=
ifeq ($(USE_64), 1)
BIT_SWITCH=+DA2.0W +DS2.0
else
From fedora-directory-commits at redhat.com Fri Mar 24 04:19:57 2006
From: fedora-directory-commits at redhat.com (Noriko Hosoi (nhosoi))
Date: Thu, 23 Mar 2006 23:19:57 -0500
Subject: [Fedora-directory-commits] adminserver components.mk,1.44,1.45
Message-ID: <200603240419.k2O4JvNJ014527@cvs-int.fedora.redhat.com>
Author: nhosoi
Update of /cvs/dirsec/adminserver
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv14490
Modified Files:
components.mk
Log Message:
Picking up new AdminUtil, SetupUtil, and Console.
Index: components.mk
===================================================================
RCS file: /cvs/dirsec/adminserver/components.mk,v
retrieving revision 1.44
retrieving revision 1.45
diff -u -r1.44 -r1.45
--- components.mk 24 Mar 2006 01:12:20 -0000 1.44
+++ components.mk 24 Mar 2006 04:19:49 -0000 1.45
@@ -137,7 +137,7 @@
# SETUPUTIL
##############################################################
-SETUPUTIL_RELDATE = 20060307
+SETUPUTIL_RELDATE = 20060323
SETUPUTIL_FILE = setuputil.tar.gz
SETUPUTIL_COMPNAME = setuputil/1.0
@@ -171,7 +171,7 @@
###############################################################
ADMINUTIL_SUF = 10
-ADMINUTIL_RELDATE = 20060307
+ADMINUTIL_RELDATE = 20060323
ADMINUTIL_VERSION = $(ADMINUTIL_RELDATE)
ADMINUTIL_ROOT = $(NSCP_COMPDIR)/adminutil
ADMINUTIL_COMPNAME = adminutil/1.0
@@ -358,7 +358,7 @@
NMCJDK_SUF = 1.0.2
NMCJDK_GEN_SUF = 1.0
-NMCJDK_RELDATE = 20060320
+NMCJDK_RELDATE = 20060323
NMCJDK_COMP = console/$(NMCJDK_GEN_SUF)
From fedora-directory-commits at redhat.com Fri Mar 24 04:48:46 2006
From: fedora-directory-commits at redhat.com (Noriko Hosoi (nhosoi))
Date: Thu, 23 Mar 2006 23:48:46 -0500
Subject: [Fedora-directory-commits]
adminutil/lib/libadmsslutil admsslutil.c, 1.3, 1.4
Message-ID: <200603240448.k2O4mk6O014700@cvs-int.fedora.redhat.com>
Author: nhosoi
Update of /cvs/dirsec/adminutil/lib/libadmsslutil
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv14683
Modified Files:
admsslutil.c
Log Message:
Replaced PL_Free with PR_Free.
Index: admsslutil.c
===================================================================
RCS file: /cvs/dirsec/adminutil/lib/libadmsslutil/admsslutil.c,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- admsslutil.c 22 Mar 2006 23:47:20 -0000 1.3
+++ admsslutil.c 24 Mar 2006 04:48:38 -0000 1.4
@@ -269,8 +269,8 @@
if((!certdbFile) || (!keydbFile) || (!admroot)) return -1;
errCode = initNSS(certdbFile, keydbFile);
- PL_Free(certdbFile);
- PL_Free(keydbFile);
+ PR_Free(certdbFile);
+ PR_Free(keydbFile);
return errCode;
}
From fedora-directory-commits at redhat.com Fri Mar 24 19:05:48 2006
From: fedora-directory-commits at redhat.com (Nathan Kinder (nkinder))
Date: Fri, 24 Mar 2006 14:05:48 -0500
Subject: [Fedora-directory-commits]
console/src/com/netscape/management/client/console
VersionInfo.java, 1.2, 1.3 genverinfo.sh, 1.2, 1.3
Message-ID: <200603241905.k2OJ5muS019956@cvs-int.fedora.redhat.com>
Author: nkinder
Update of /cvs/dirsec/console/src/com/netscape/management/client/console
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv19921/src/com/netscape/management/client/console
Modified Files:
VersionInfo.java genverinfo.sh
Log Message:
186612 - Console.getVersionNumber method needs to return version as major.minor
Index: VersionInfo.java
===================================================================
RCS file: /cvs/dirsec/console/src/com/netscape/management/client/console/VersionInfo.java,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- VersionInfo.java 26 Oct 2005 23:16:23 -0000 1.2
+++ VersionInfo.java 24 Mar 2006 19:05:37 -0000 1.3
@@ -37,7 +37,7 @@
* @return Console Version Number
*/
public static String getVersionNumber() {
- return _resource.getString("console","versionNumber");
+ return _resource.getString("console","majorVersionNumber");
}
/**
Index: genverinfo.sh
===================================================================
RCS file: /cvs/dirsec/console/src/com/netscape/management/client/console/genverinfo.sh,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- genverinfo.sh 15 Sep 2005 22:06:49 -0000 1.2
+++ genverinfo.sh 24 Mar 2006 19:05:38 -0000 1.3
@@ -28,11 +28,12 @@
#
#
-if [ $# -ne 3 ]; then
- echo Usage: $0 outputFile versionNumber buildNumberFile
+if [ $# -ne 4 ]; then
+ echo Usage: $0 outputFile versionNumber majorVersionNumber buildNumberFile
exit 1
fi
echo console-versionNumber=$2 > $1
-bld=`cat $3`
+echo console-majorVersionNumber=$3 > $1
+bld=`cat $4`
echo console-buildNumber=`eval eval echo $bld` >> $1
From fedora-directory-commits at redhat.com Fri Mar 24 19:05:39 2006
From: fedora-directory-commits at redhat.com (Nathan Kinder (nkinder))
Date: Fri, 24 Mar 2006 14:05:39 -0500
Subject: [Fedora-directory-commits] console build.xml, 1.11,
1.12 startconsole-sandbox, 1.1, 1.2
Message-ID: <200603241906.k2OJ6ALv019960@cvs-int.fedora.redhat.com>
Author: nkinder
Update of /cvs/dirsec/console
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv19921
Modified Files:
build.xml startconsole-sandbox
Log Message:
186612 - Console.getVersionNumber method needs to return version as major.minor
Index: build.xml
===================================================================
RCS file: /cvs/dirsec/console/build.xml,v
retrieving revision 1.11
retrieving revision 1.12
diff -u -r1.11 -r1.12
--- build.xml 24 Mar 2006 01:04:00 -0000 1.11
+++ build.xml 24 Mar 2006 19:05:16 -0000 1.12
@@ -63,6 +63,7 @@
+
Index: startconsole-sandbox
===================================================================
RCS file: /cvs/dirsec/console/startconsole-sandbox,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- startconsole-sandbox 29 Nov 2005 18:36:50 -0000 1.1
+++ startconsole-sandbox 24 Mar 2006 19:05:16 -0000 1.2
@@ -27,6 +27,13 @@
fi
#
+# Set library path to ensure we pick up our local libraries
+#
+export LD_LIBRARY_PATH=./lib:${LD_LIBRARY_PATH}
+export SHLIB_PATH=./lib:${SHLIB_PATH}
+export DYLD_LIBRARY_PATH=./lib:${DYLD_LIBRARY_PATH}
+
+#
# Launch the Console
#
java -ms8m -mx64m -cp ./java/jss3.jar:./java/ldapjdk.jar:./java/fedora-base-1.0.jar:./java/fedora-mcc-1.0.jar:./java/fedora-mcc-1.0_en.jar:./java/fedora-nmclf-1.0.jar:./java/fedora-nmclf-1.0_en.jar -Djava.library.path=./lib -Djava.util.prefs.systemRoot="$HOME/.fedora-console" -Djava.util.prefs.userRoot="$HOME/.fedora-console" com.netscape.management.client.console.Console $*
From fedora-directory-commits at redhat.com Fri Mar 24 19:13:42 2006
From: fedora-directory-commits at redhat.com (Noriko Hosoi (nhosoi))
Date: Fri, 24 Mar 2006 14:13:42 -0500
Subject: [Fedora-directory-commits] adminserver/admserv/cfgstuff
admserv.conf, 1.14, 1.15
Message-ID: <200603241913.k2OJDg0t020076@cvs-int.fedora.redhat.com>
Author: nhosoi
Update of /cvs/dirsec/adminserver/admserv/cfgstuff
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv20013/cfgstuff
Modified Files:
admserv.conf
Log Message:
[186105] Admin Server Makefile updates for Internal build
Allow FollowSymLinks in java dir
Index: admserv.conf
===================================================================
RCS file: /cvs/dirsec/adminserver/admserv/cfgstuff/admserv.conf,v
retrieving revision 1.14
retrieving revision 1.15
diff -u -r1.14 -r1.15
--- admserv.conf 28 Feb 2006 22:29:39 -0000 1.14
+++ admserv.conf 24 Mar 2006 19:13:32 -0000 1.15
@@ -38,7 +38,7 @@
# directories
AllowOverride None
- Options None
+ Options FollowSymLinks
Order allow,deny
Allow from all
From fedora-directory-commits at redhat.com Fri Mar 24 19:13:34 2006
From: fedora-directory-commits at redhat.com (Noriko Hosoi (nhosoi))
Date: Fri, 24 Mar 2006 14:13:34 -0500
Subject: [Fedora-directory-commits] adminserver/admserv pkgadmin.mk, 1.45,
1.46
Message-ID: <200603241914.k2OJED6k020099@cvs-int.fedora.redhat.com>
Author: nhosoi
Update of /cvs/dirsec/adminserver/admserv
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv20013
Modified Files:
pkgadmin.mk
Log Message:
[186105] Admin Server Makefile updates for Internal build
Allow FollowSymLinks in java dir
Index: pkgadmin.mk
===================================================================
RCS file: /cvs/dirsec/adminserver/admserv/pkgadmin.mk,v
retrieving revision 1.45
retrieving revision 1.46
diff -u -r1.45 -r1.46
--- pkgadmin.mk 24 Mar 2006 01:12:27 -0000 1.45
+++ pkgadmin.mk 24 Mar 2006 19:13:11 -0000 1.46
@@ -153,9 +153,15 @@
-$(MKDIR) $(CLIENT_DIR)/java/jars
# grab the jar files
+ifeq ($(ARCH), WINNT)
+# no symlink on Windows
+ cd $(ADMIN_JARS) ; \
+ cp -p $(ADMIN_BRAND)-admserv-$(ADM_SUF).jar $(ADMIN_BRAND)-admserv-$(ADM_SUF)_en.jar $(CLIENT_DIR)/java/jars
+else
cd $(ADMIN_JARS) ; \
cp -p $(ADMIN_BRAND)-admserv-$(ADM_SUF).jar $(ADMIN_BRAND)-admserv-$(ADM_SUF)_en.jar $(CLIENT_DIR)/java/jars; \
(cd $(CLIENT_DIR)/java/jars; ln -s $(ADMIN_BRAND)-admserv-$(ADM_SUF).jar $(ADMIN_BRAND)-admserv-$(ADM_GEN_SUF).jar; ln -s $(ADMIN_BRAND)-admserv-$(ADM_SUF)_en.jar $(ADMIN_BRAND)-admserv-$(ADM_GEN_SUF)_en.jar)
+endif
#
# Cleanup before making distributable zip
From fedora-directory-commits at redhat.com Fri Mar 24 20:16:08 2006
From: fedora-directory-commits at redhat.com (Noriko Hosoi (nhosoi))
Date: Fri, 24 Mar 2006 15:16:08 -0500
Subject: [Fedora-directory-commits] adminserver components.mk,1.45,1.46
Message-ID: <200603242016.k2OKG8SD022486@cvs-int.fedora.redhat.com>
Author: nhosoi
Update of /cvs/dirsec/adminserver
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv22444
Modified Files:
components.mk
Log Message:
Picking up new console.
Index: components.mk
===================================================================
RCS file: /cvs/dirsec/adminserver/components.mk,v
retrieving revision 1.45
retrieving revision 1.46
diff -u -r1.45 -r1.46
--- components.mk 24 Mar 2006 04:19:49 -0000 1.45
+++ components.mk 24 Mar 2006 20:15:51 -0000 1.46
@@ -358,7 +358,7 @@
NMCJDK_SUF = 1.0.2
NMCJDK_GEN_SUF = 1.0
-NMCJDK_RELDATE = 20060323
+NMCJDK_RELDATE = 20060324
NMCJDK_COMP = console/$(NMCJDK_GEN_SUF)
@@ -384,12 +384,14 @@
mkdir -p $(CLASS_DEST)
# grab the jar files
$(PERL5) $(RELTOOLS)/ftp_puller.pl -method $(NMCJDK_METHOD) -objdir $(CLASS_DEST) -componentdir $(NMCJDK_DIR)/java -files $(ADMIN_BRAND)-base-$(NMCJDK_SUF).jar,$(ADMIN_BRAND)-mcc-$(NMCJDK_SUF).jar,$(ADMIN_BRAND)-mcc-$(NMCJDK_SUF)_en.jar,$(ADMIN_BRAND)-nmclf-$(NMCJDK_SUF).jar,$(ADMIN_BRAND)-nmclf-$(NMCJDK_SUF)_en.jar
+ifneq ($(ARCH), WINNT)
# make symlinks; cannot FTP symlinked files
-(cd $(CLASS_DEST); ln -s $(ADMIN_BRAND)-base-$(NMCJDK_SUF).jar $(ADMIN_BRAND)-base-$(NMCJDK_GEN_SUF).jar)
-(cd $(CLASS_DEST); ln -s $(ADMIN_BRAND)-mcc-$(NMCJDK_SUF).jar $(ADMIN_BRAND)-mcc-$(NMCJDK_GEN_SUF).jar)
-(cd $(CLASS_DEST); ln -s $(ADMIN_BRAND)-mcc-$(NMCJDK_SUF)_en.jar $(ADMIN_BRAND)-mcc-$(NMCJDK_GEN_SUF)_en.jar)
-(cd $(CLASS_DEST); ln -s $(ADMIN_BRAND)-nmclf-$(NMCJDK_SUF).jar $(ADMIN_BRAND)-nmclf-$(NMCJDK_GEN_SUF).jar)
-(cd $(CLASS_DEST); ln -s $(ADMIN_BRAND)-nmclf-$(NMCJDK_SUF)_en.jar $(ADMIN_BRAND)-nmclf-$(NMCJDK_GEN_SUF)_en.jar)
+endif
# grab the startconsole program
$(PERL5) $(RELTOOLS)/ftp_puller.pl -method $(NMCJDK_METHOD) -objdir $(CLASS_DEST) -componentdir $(NMCJDK_DIR) -files startconsole && chmod +x $(CLASS_DEST)/startconsole
else # INTERNAL_BUILD
From fedora-directory-commits at redhat.com Thu Mar 30 00:38:31 2006
From: fedora-directory-commits at redhat.com (Richard Allen Megginson (rmeggins))
Date: Wed, 29 Mar 2006 17:38:31 -0700
Subject: [Fedora-directory-commits]
setuputil/installer/include ldapu.h, 1.2, 1.3 nsdefs.h, 1.2, 1.3
Message-ID: <200603300038.k2U0cVDZ000697@cvs-int.fedora.redhat.com>
Author: rmeggins
Update of /cvs/dirsec/setuputil/installer/include
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv651/setuputil/installer/include
Modified Files:
ldapu.h nsdefs.h
Log Message:
Add using namespace std; after the include
Remove #include in files that also include nsdefs.h
Fix a potential buffer non-termination
Index: ldapu.h
===================================================================
RCS file: /cvs/dirsec/setuputil/installer/include/ldapu.h,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- ldapu.h 27 Mar 2006 21:18:34 -0000 1.2
+++ ldapu.h 30 Mar 2006 00:38:28 -0000 1.3
@@ -29,6 +29,11 @@
**
** HISTORY
** $Log$
+** Revision 1.3 2006/03/30 00:38:28 rmeggins
+** Add using namespace std; after the include
+** Remove #include in files that also include nsdefs.h
+** Fix a potential buffer non-termination
+**
** Revision 1.2 2006/03/27 21:18:34 nhosoi
** [186642] Directory Server Makefile updates for Internal build
** Changed the createSIE so that caller (Admin Server and Directory Server) passes
@@ -275,7 +280,6 @@
#else
-#include
#include "nsdefs.h"
class Ldap;
Index: nsdefs.h
===================================================================
RCS file: /cvs/dirsec/setuputil/installer/include/nsdefs.h,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- nsdefs.h 23 Mar 2006 20:45:37 -0000 1.2
+++ nsdefs.h 30 Mar 2006 00:38:28 -0000 1.3
@@ -30,6 +30,11 @@
** HISTORY
**
** $Log$
+** Revision 1.3 2006/03/30 00:38:28 rmeggins
+** Add using namespace std; after the include
+** Remove #include in files that also include nsdefs.h
+** Fix a potential buffer non-termination
+**
** Revision 1.2 2006/03/23 20:45:37 rmeggins
** Use instead of on those platforms that support it.
** With this fix, we don't get the deprecation warnings when building setuputil.
@@ -161,6 +166,7 @@
**********************************************************************/
#if !defined(HPUX) || defined(_HP_NAMESPACE_STD)
#include
+using namespace std;
#else
#include /* use old name on older systems */
#endif
From fedora-directory-commits at redhat.com Thu Mar 30 00:38:32 2006
From: fedora-directory-commits at redhat.com (Richard Allen Megginson (rmeggins))
Date: Wed, 29 Mar 2006 17:38:32 -0700
Subject: [Fedora-directory-commits] setuputil/installer/unix/lib
ux-wrapper.cc, 1.2, 1.3
Message-ID: <200603300038.k2U0cWpf000708@cvs-int.fedora.redhat.com>
Author: rmeggins
Update of /cvs/dirsec/setuputil/installer/unix/lib
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv651/setuputil/installer/unix/lib
Modified Files:
ux-wrapper.cc
Log Message:
Add using namespace std; after the include
Remove #include in files that also include nsdefs.h
Fix a potential buffer non-termination
Index: ux-wrapper.cc
===================================================================
RCS file: /cvs/dirsec/setuputil/installer/unix/lib/ux-wrapper.cc,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- ux-wrapper.cc 23 Mar 2006 15:59:22 -0000 1.2
+++ ux-wrapper.cc 30 Mar 2006 00:38:29 -0000 1.3
@@ -29,6 +29,11 @@
** HISTORY:
**
** $Log$
+** Revision 1.3 2006/03/30 00:38:29 rmeggins
+** Add using namespace std; after the include
+** Remove #include in files that also include nsdefs.h
+** Fix a potential buffer non-termination
+**
** Revision 1.2 2006/03/23 15:59:22 rmeggins
** Bug(s) fixed: 186280
** Bug Description: Close potential security vulnerabilities in CGI code
@@ -191,6 +196,7 @@
return;
}
snprintf(buf, sizeof(buf), "[%s] %s", who, level);
+ buf[sizeof(buf)-1] = 0;
va_start (arg, msg);
vsnprintf(buf+strlen(buf), sizeof(buf)-strlen(buf), msg, arg);
From fedora-directory-commits at redhat.com Thu Mar 30 00:38:31 2006
From: fedora-directory-commits at redhat.com (Richard Allen Megginson (rmeggins))
Date: Wed, 29 Mar 2006 17:38:31 -0700
Subject: [Fedora-directory-commits] setuputil/installer/unix installer.h,
1.1.1.1, 1.2 uninstaller.h, 1.1.1.1, 1.2
Message-ID: <200603300038.k2U0cVOU000704@cvs-int.fedora.redhat.com>
Author: rmeggins
Update of /cvs/dirsec/setuputil/installer/unix
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv651/setuputil/installer/unix
Modified Files:
installer.h uninstaller.h
Log Message:
Add using namespace std; after the include
Remove #include in files that also include nsdefs.h
Fix a potential buffer non-termination
Index: installer.h
===================================================================
RCS file: /cvs/dirsec/setuputil/installer/unix/installer.h,v
retrieving revision 1.1.1.1
retrieving revision 1.2
diff -u -r1.1.1.1 -r1.2
--- installer.h 29 Jul 2005 22:16:31 -0000 1.1.1.1
+++ installer.h 30 Mar 2006 00:38:29 -0000 1.2
@@ -27,6 +27,11 @@
** HISTORY
**
** $Log$
+** Revision 1.2 2006/03/30 00:38:29 rmeggins
+** Add using namespace std; after the include
+** Remove #include in files that also include nsdefs.h
+** Fix a potential buffer non-termination
+**
** Revision 1.1.1.1 2005/07/29 22:16:31 foxworth
** Importing new setup sdk for open source project
**
@@ -213,7 +218,6 @@
** Includes
**
**********************************************************************/
-#include
extern "C" {
#include
Index: uninstaller.h
===================================================================
RCS file: /cvs/dirsec/setuputil/installer/unix/uninstaller.h,v
retrieving revision 1.1.1.1
retrieving revision 1.2
diff -u -r1.1.1.1 -r1.2
--- uninstaller.h 29 Jul 2005 22:16:32 -0000 1.1.1.1
+++ uninstaller.h 30 Mar 2006 00:38:29 -0000 1.2
@@ -27,6 +27,11 @@
** HISTORY
**
** $Log$
+** Revision 1.2 2006/03/30 00:38:29 rmeggins
+** Add using namespace std; after the include
+** Remove #include in files that also include nsdefs.h
+** Fix a potential buffer non-termination
+**
** Revision 1.1.1.1 2005/07/29 22:16:32 foxworth
** Importing new setup sdk for open source project
**
@@ -106,8 +111,6 @@
** Includes
**
**********************************************************************/
-#include
-
extern "C" {
#include
#include
From fedora-directory-commits at redhat.com Thu Mar 30 22:59:27 2006
From: fedora-directory-commits at redhat.com (Nathan Kinder (nkinder))
Date: Thu, 30 Mar 2006 15:59:27 -0700
Subject: [Fedora-directory-commits] winsync/passwordsync passhand.cpp, 1.9,
1.10 passhand.h, 1.7, 1.8
Message-ID: <200603302259.k2UMxRqk032466@cvs-int.fedora.redhat.com>
Author: nkinder
Update of /cvs/dirsec/winsync/passwordsync
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv32422/passwordsync
Modified Files:
passhand.cpp passhand.h
Log Message:
186657 - Implemented locking around passhook data file access
Index: passhand.cpp
===================================================================
RCS file: /cvs/dirsec/winsync/passwordsync/passhand.cpp,v
retrieving revision 1.9
retrieving revision 1.10
diff -u -r1.9 -r1.10
--- passhand.cpp 22 Mar 2006 18:51:04 -0000 1.9
+++ passhand.cpp 30 Mar 2006 22:59:25 -0000 1.10
@@ -112,6 +112,8 @@
outFile.close();
exit:
+ // We need to unfreeze plainTextStream so memory gets freed by the destructor
+ plainTextStream.rdbuf()->freeze(false);
free(cipherTextBuf);
return result;
}
@@ -119,18 +121,18 @@
int loadSet(PASS_INFO_LIST* passInfoList, char* filename)
{
int result = 0;
- int i;
+ int i = 0;
fstream inFile;
PASS_INFO newPair;
strstream* plainTextStream;
char* cipherTextBuf = NULL;
char* plainTextBuf = NULL;
- int usernameLen;
- int passwordLen;
- int plainTextLen;
- int cipherTextLen;
+ int usernameLen = 0;
+ int passwordLen = 0;
+ int plainTextLen = 0;
+ int cipherTextLen = 0;
int resultTextLen = 0;
- int pairCount;
+ int pairCount = 0;
// Read in cipher text from file
inFile.open(filename, ios::in | ios::binary);
@@ -164,6 +166,12 @@
goto exit;
}
+ // Check to see if plainTextbuf contains anything
+ if (resultTextLen <= 0) {
+ result = -1;
+ goto exit;
+ }
+
plainTextStream = new strstream(plainTextBuf, resultTextLen);
plainTextStream->read((char*)&pairCount, sizeof(pairCount));
Index: passhand.h
===================================================================
RCS file: /cvs/dirsec/winsync/passwordsync/passhand.h,v
retrieving revision 1.7
retrieving revision 1.8
diff -u -r1.7 -r1.8
--- passhand.h 19 Apr 2005 22:07:43 -0000 1.7
+++ passhand.h 30 Mar 2006 22:59:25 -0000 1.8
@@ -50,7 +50,9 @@
#include "prerror.h"
#define PASSHAND_EVENT_NAME "passhand_event"
+#define PASSHOOK_MUTEX_NAME "passhook_mutex"
+#define PASSHOOK_TIMEOUT 30000
#define PASSHAND_BUF_SIZE 256
using namespace std;
From fedora-directory-commits at redhat.com Thu Mar 30 22:59:28 2006
From: fedora-directory-commits at redhat.com (Nathan Kinder (nkinder))
Date: Thu, 30 Mar 2006 15:59:28 -0700
Subject: [Fedora-directory-commits] winsync/passwordsync/passsync
syncserv.cpp, 1.13, 1.14 syncserv.h, 1.7, 1.8
Message-ID: <200603302259.k2UMxScX032477@cvs-int.fedora.redhat.com>
Author: nkinder
Update of /cvs/dirsec/winsync/passwordsync/passsync
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv32422/passwordsync/passsync
Modified Files:
syncserv.cpp syncserv.h
Log Message:
186657 - Implemented locking around passhook data file access
Index: syncserv.cpp
===================================================================
RCS file: /cvs/dirsec/winsync/passwordsync/passsync/syncserv.cpp,v
retrieving revision 1.13
retrieving revision 1.14
diff -u -r1.13 -r1.14
--- syncserv.cpp 22 Mar 2006 18:51:16 -0000 1.13
+++ syncserv.cpp 30 Mar 2006 22:59:26 -0000 1.14
@@ -76,6 +76,7 @@
unsigned long size;
passhookEventHandle = CreateEvent(NULL, FALSE, FALSE, PASSHAND_EVENT_NAME);
+ passhookMutexHandle = CreateMutex(NULL, FALSE, PASSHOOK_MUTEX_NAME);
mainLdapConnection = NULL;
results = NULL;
currentResult = NULL;
@@ -211,10 +212,14 @@
timeStamp(&outLog);
outLog << "Backing off for " << BackoffTime(GetMinBackoff()) << "ms" << endl;
}
- WaitForSingleObject(passhookEventHandle, BackoffTime(GetMinBackoff()));
+ waitRes = WaitForSingleObject(passhookEventHandle, BackoffTime(GetMinBackoff()));
if(logLevel > 0) {
timeStamp(&outLog);
- outLog << "Backoff time expired. Attempting sync" << endl;
+ if (waitRes == WAIT_TIMEOUT) {
+ outLog << "Backoff time expired. Attempting sync" << endl;
+ } else {
+ outLog << "Received passhook event. Attempting sync" << endl;
+ }
}
}
@@ -226,24 +231,38 @@
if(passInfoList.size() > 0)
{
- if(saveSet(&passInfoList, dataFilename) == 0)
+ // Get mutex for passhook.dat
+ WaitForSingleObject(passhookMutexHandle, INFINITE);
+
+ // Need to loadSet here so we don't overwrite entries that passhook recently added
+ if(loadSet(&passInfoList, dataFilename) == 0)
{
- if(logLevel > 0)
+ if(saveSet(&passInfoList, dataFilename) == 0)
+ {
+ if(logLevel > 0)
+ {
+ timeStamp(&outLog);
+ outLog << passInfoList.size() << " entries saved to data file" << endl;
+ }
+ }
+ else
{
timeStamp(&outLog);
- outLog << passInfoList.size() << " entries saved to data file" << endl;
+ outLog << "Failed to save entries to data file" << endl;
}
- }
- else
- {
+ } else {
timeStamp(&outLog);
- outLog << "Failed to save entries to data file" << endl;
+ outLog << "Failed to load entries from file" << endl;
}
+
+ // Release mutex for passhook.dat
+ ReleaseMutex(passhookMutexHandle);
}
exit:
clearSet(&passInfoList);
CloseHandle(passhookEventHandle);
+ CloseHandle(passhookMutexHandle);
}
// ****************************************************************
@@ -258,6 +277,9 @@
char* dn = NULL;
int tempSize = passInfoList.size();
+ // Get mutex for passhook.dat
+ WaitForSingleObject(passhookMutexHandle, INFINITE);
+
if(loadSet(&passInfoList, dataFilename) == 0)
{
if((passInfoList.size() - tempSize) > 0)
@@ -289,6 +311,9 @@
outLog << "Failed to load entries from file" << endl;
}
+ // Release mutex for passhook.dat
+ ReleaseMutex(passhookMutexHandle);
+
if(passInfoList.size() > 0)
{
if(logLevel > 0)
Index: syncserv.h
===================================================================
RCS file: /cvs/dirsec/winsync/passwordsync/passsync/syncserv.h,v
retrieving revision 1.7
retrieving revision 1.8
diff -u -r1.7 -r1.8
--- syncserv.h 19 Apr 2005 22:07:44 -0000 1.7
+++ syncserv.h 30 Mar 2006 22:59:26 -0000 1.8
@@ -82,6 +82,7 @@
PASS_INFO_LIST passInfoList;
HANDLE passhookEventHandle;
+ HANDLE passhookMutexHandle;
// LDAP variables
LDAP* mainLdapConnection;
@@ -104,7 +105,8 @@
unsigned long maxBackoffTime;
int logLevel;
bool isRunning;
+ DWORD waitRes;
fstream outLog;
};
-#endif
\ No newline at end of file
+#endif
From fedora-directory-commits at redhat.com Thu Mar 30 22:59:28 2006
From: fedora-directory-commits at redhat.com (Nathan Kinder (nkinder))
Date: Thu, 30 Mar 2006 15:59:28 -0700
Subject: [Fedora-directory-commits] winsync/passwordsync/passhook
passhook.cpp, 1.8, 1.9
Message-ID: <200603302259.k2UMxSTT032472@cvs-int.fedora.redhat.com>
Author: nkinder
Update of /cvs/dirsec/winsync/passwordsync/passhook
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv32422/passwordsync/passhook
Modified Files:
passhook.cpp
Log Message:
186657 - Implemented locking around passhook data file access
Index: passhook.cpp
===================================================================
RCS file: /cvs/dirsec/winsync/passwordsync/passhook/passhook.cpp,v
retrieving revision 1.8
retrieving revision 1.9
diff -u -r1.8 -r1.9
--- passhook.cpp 22 Mar 2006 18:51:11 -0000 1.8
+++ passhook.cpp 30 Mar 2006 22:59:25 -0000 1.9
@@ -48,121 +48,74 @@
#define STATUS_SUCCESS ((NTSTATUS)0x00000000L)
#endif
+DWORD WINAPI SavePasshookChange( LPVOID passinfo );
+static HANDLE passhookMutexHandle;
+static unsigned long logLevel;
+
NTSTATUS NTAPI PasswordChangeNotify(PUNICODE_STRING UserName, ULONG RelativeId, PUNICODE_STRING Password)
{
- HANDLE passhookEventHandle = OpenEvent(EVENT_MODIFY_STATE, FALSE, PASSHAND_EVENT_NAME);
- PASS_INFO newPassInfo;
- PASS_INFO_LIST passInfoList;
- HKEY regKey;
- DWORD type;
- unsigned long buffSize;
- char regBuff[PASSHAND_BUF_SIZE];
- unsigned long logLevel;
+ PASS_INFO *newPassInfo = NULL;
+ HANDLE passhookThreadHandle;
fstream outLog;
+ DWORD waitRes;
- RegOpenKey(HKEY_LOCAL_MACHINE, "SOFTWARE\\PasswordSync", ®Key);
- buffSize = PASSHAND_BUF_SIZE;
- if(RegQueryValueEx(regKey, "Log Level", NULL, &type, (unsigned char*)regBuff, &buffSize) == ERROR_SUCCESS)
- {
- logLevel = (unsigned long)atoi(regBuff);
- }
- else
- {
- logLevel = 0;
- }
- if(logLevel > 0)
- {
- outLog.open("passhook.log", ios::out | ios::app);
- }
- RegCloseKey(regKey);
-
- // This memory will be free'd by calling clearSet below
- newPassInfo.username = (char*)malloc((UserName->Length / 2) + 1);
- newPassInfo.password = (char*)malloc((Password->Length / 2) + 1);
-
- if (newPassInfo.username && newPassInfo.password) {
- _snprintf(newPassInfo.username, (UserName->Length / 2), "%S", UserName->Buffer);
- _snprintf(newPassInfo.password, (Password->Length / 2), "%S", Password->Buffer);
- newPassInfo.username[UserName->Length / 2] = '\0';
- newPassInfo.password[Password->Length / 2] = '\0';
+ // This memory will be freed in SavePasshookChange
+ if ( newPassInfo = (PASS_INFO *) malloc(sizeof(PASS_INFO)) ) {
+ // These get freed in SavePasshookChange by calling clearSet
+ newPassInfo->username = (char*)malloc((UserName->Length / 2) + 1);
+ newPassInfo->password = (char*)malloc((Password->Length / 2) + 1);
} else {
- if(outLog.is_open()) {
- timeStamp(&outLog);
- outLog << "failed to allocate memory for username and password" << endl;
- }
- free(newPassInfo.username);
- free(newPassInfo.password);
goto exit;
}
- if(outLog.is_open())
- {
- timeStamp(&outLog);
- outLog << "user " << newPassInfo.username << " password changed" << endl;
- //outLog << "user " << newPassInfo.username << " password changed to " << newPassInfo.password << endl;
- }
+ // Fill in the password change struct
+ if (newPassInfo->username && newPassInfo->password) {
+ _snprintf(newPassInfo->username, (UserName->Length / 2), "%S", UserName->Buffer);
+ _snprintf(newPassInfo->password, (Password->Length / 2), "%S", Password->Buffer);
+ newPassInfo->username[UserName->Length / 2] = '\0';
+ newPassInfo->password[Password->Length / 2] = '\0';
- // loadSet allocates memory for the usernames and password. We need to be
- // sure to free it by calling clearSet.
- if(loadSet(&passInfoList, "passhook.dat") == 0)
- {
- if(outLog.is_open())
- {
- timeStamp(&outLog);
- outLog << passInfoList.size() << " entries loaded from file" << endl;
- }
- }
- else
- {
- if(outLog.is_open())
- {
- timeStamp(&outLog);
- outLog << "failed to load entries from file" << endl;
- }
+ // Backoff
+ newPassInfo->backoffCount = 0;
+
+ // Load time
+ time(&(newPassInfo->atTime));
+ } else {
+ // Memory error. Free everything we allocated.
+ free(newPassInfo->username);
+ free(newPassInfo->password);
+ free(newPassInfo);
+ goto exit;
}
- // Add the new change to the list
- passInfoList.push_back(newPassInfo);
+ // Fire off a thread to do the real work
+ passhookThreadHandle = CreateThread(NULL, 0, SavePasshookChange, newPassInfo, 0, NULL);
- // Save the list to disk
- if(saveSet(&passInfoList, "passhook.dat") == 0)
- {
- if(outLog.is_open())
- {
- timeStamp(&outLog);
- outLog << passInfoList.size() << " entries saved to file" << endl;
- }
- }
- else
- {
- if(outLog.is_open())
- {
- timeStamp(&outLog);
- outLog << "failed to save entries to file" << endl;
- }
- }
+ // We need to close the handle to the thread we created. Doing
+ // this will not terminate the thread.
+ if (passhookThreadHandle != NULL) {
+ CloseHandle(passhookThreadHandle);
+ } else {
+ // Acquire the mutex so we can log an error
+ waitRes = WaitForSingleObject(passhookMutexHandle, PASSHOOK_TIMEOUT);
- // We need to call clearSet so memory gets free'd
- clearSet(&passInfoList);
+ // If we got the mutex, log the error, otherwise it's not safe to log
+ if (waitRes == WAIT_OBJECT_0) {
+ outLog.open("passhook.log", ios::out | ios::app);
+
+ if(outLog.is_open()) {
+ timeStamp(&outLog);
+ outLog << "Failed to start thread. Aborting change for " << newPassInfo->username << endl;
+ }
-exit:
- if(passhookEventHandle == NULL)
- {
- if(outLog.is_open())
- {
- timeStamp(&outLog);
- outLog << "can not get password sync service event handle, service not running" << endl;
- }
+ outLog.close();
- }
- else
- {
- SetEvent(passhookEventHandle);
- CloseHandle(passhookEventHandle);
+ // Release mutex
+ ReleaseMutex(passhookMutexHandle);
+ }
}
- outLog.close();
-
+exit:
return STATUS_SUCCESS;
}
@@ -173,5 +126,132 @@
BOOL NTAPI InitializeChangeNotify()
{
- return TRUE;
+ HKEY regKey;
+ DWORD type;
+ unsigned long buffSize;
+ char regBuff[PASSHAND_BUF_SIZE];
+ fstream outLog;
+
+ // check if logging is enabled
+ RegOpenKey(HKEY_LOCAL_MACHINE, "SOFTWARE\\PasswordSync", ®Key);
+ buffSize = PASSHAND_BUF_SIZE;
+ if(RegQueryValueEx(regKey, "Log Level", NULL, &type, (unsigned char*)regBuff, &buffSize) == ERROR_SUCCESS)
+ {
+ logLevel = (unsigned long)atoi(regBuff);
+ }
+ else
+ {
+ logLevel = 0;
+ }
+ RegCloseKey(regKey);
+
+ // Create mutex for passhook data file and log file access
+ passhookMutexHandle = CreateMutex(NULL, FALSE, PASSHOOK_MUTEX_NAME);
+
+ if (passhookMutexHandle == NULL) {
+ // Log an error.
+ outLog.open("passhook.log", ios::out | ios::app);
+ timeStamp(&outLog);
+ outLog << "Failed to create passhook mutex. Passhook DLL will not be loaded." << endl;
+ outLog.close();
+
+ return FALSE;
+ } else {
+ return TRUE;
+ }
+}
+
+// This function will save the password change to the passhook data file. It
+// will be run as a separate thread.
+DWORD WINAPI SavePasshookChange( LPVOID passinfo )
+{
+ PASS_INFO *newPassInfo = NULL;
+ PASS_INFO_LIST passInfoList;
+ HANDLE passhookEventHandle = OpenEvent(EVENT_MODIFY_STATE, FALSE, PASSHAND_EVENT_NAME);
+ fstream outLog;
+
+ if ((newPassInfo = (PASS_INFO *)passinfo) == NULL) {
+ goto exit;
+ }
+
+ // Acquire the mutex for passhook.dat. This mutex also guarantees
+ // that we can write to outLog safely.
+ WaitForSingleObject(passhookMutexHandle, INFINITE);
+
+ // Open the log file if logging is enabled
+ if(logLevel > 0)
+ {
+ outLog.open("passhook.log", ios::out | ios::app);
+ }
+
+ if(outLog.is_open())
+ {
+ timeStamp(&outLog);
+ outLog << "user " << newPassInfo->username << " password changed" << endl;
+ //outLog << "user " << newPassInfo->username << " password changed to " << newPassInfo->passname << endl;
+ }
+
+ // loadSet allocates memory for the usernames and password. We need to be
+ // sure to free it by calling clearSet.
+ if(loadSet(&passInfoList, "passhook.dat") == 0)
+ {
+ if(outLog.is_open())
+ {
+ timeStamp(&outLog);
+ outLog << passInfoList.size() << " entries loaded from file" << endl;
+ }
+ }
+ else
+ {
+ if(outLog.is_open())
+ {
+ timeStamp(&outLog);
+ outLog << "failed to load entries from file" << endl;
+ }
+ }
+
+ // Add the new change to the list
+ passInfoList.push_back(*newPassInfo);
+
+ // Save the list to disk
+ if(saveSet(&passInfoList, "passhook.dat") == 0)
+ {
+ if(outLog.is_open())
+ {
+ timeStamp(&outLog);
+ outLog << passInfoList.size() << " entries saved to file" << endl;
+ }
+ }
+ else
+ {
+ // We always want to log this error condition
+ if(!outLog.is_open())
+ {
+ // We need to open the log since debug logging is turned off
+ outLog.open("passhook.log", ios::out | ios::app);
+ }
+
+ timeStamp(&outLog);
+ outLog << "failed to save entries to file" << endl;
+ }
+
+ // Close the log file before we release the mutex.
+ outLog.close();
+
+ // Release the mutex for passhook.dat
+ ReleaseMutex(passhookMutexHandle);
+
+ // We need to call clearSet so memory gets free'd
+ clearSet(&passInfoList);
+
+exit:
+ // Free the passed in struct from the heap
+ free(newPassInfo);
+
+ if (passhookEventHandle != NULL) {
+ SetEvent(passhookEventHandle);
+ CloseHandle(passhookEventHandle);
+ }
+
+ return 0;
}
From fedora-directory-commits at redhat.com Thu Mar 30 23:09:02 2006
From: fedora-directory-commits at redhat.com (Nathan Kinder (nkinder))
Date: Thu, 30 Mar 2006 16:09:02 -0700
Subject: [Fedora-directory-commits]
ldapserver/ldap/synctools/passwordsync/passhook passhook.cpp,
1.7.2.1, 1.7.2.2
Message-ID: <200603302309.k2UN925C002112@cvs-int.fedora.redhat.com>
Author: nkinder
Update of /cvs/dirsec/ldapserver/ldap/synctools/passwordsync/passhook
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv2067/passwordsync/passhook
Modified Files:
Tag: Directory71RtmBranch
passhook.cpp
Log Message:
186657 - Implemented locking around passhook data file access
Index: passhook.cpp
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/synctools/passwordsync/passhook/passhook.cpp,v
retrieving revision 1.7.2.1
retrieving revision 1.7.2.2
diff -u -r1.7.2.1 -r1.7.2.2
--- passhook.cpp 22 Mar 2006 18:53:32 -0000 1.7.2.1
+++ passhook.cpp 30 Mar 2006 23:08:59 -0000 1.7.2.2
@@ -48,121 +48,74 @@
#define STATUS_SUCCESS ((NTSTATUS)0x00000000L)
#endif
+DWORD WINAPI SavePasshookChange( LPVOID passinfo );
+static HANDLE passhookMutexHandle;
+static unsigned long logLevel;
+
NTSTATUS NTAPI PasswordChangeNotify(PUNICODE_STRING UserName, ULONG RelativeId, PUNICODE_STRING Password)
{
- HANDLE passhookEventHandle = OpenEvent(EVENT_MODIFY_STATE, FALSE, PASSHAND_EVENT_NAME);
- PASS_INFO newPassInfo;
- PASS_INFO_LIST passInfoList;
- HKEY regKey;
- DWORD type;
- unsigned long buffSize;
- char regBuff[PASSHAND_BUF_SIZE];
- unsigned long logLevel;
+ PASS_INFO *newPassInfo = NULL;
+ HANDLE passhookThreadHandle;
fstream outLog;
+ DWORD waitRes;
- RegOpenKey(HKEY_LOCAL_MACHINE, "SOFTWARE\\PasswordSync", ®Key);
- buffSize = PASSHAND_BUF_SIZE;
- if(RegQueryValueEx(regKey, "Log Level", NULL, &type, (unsigned char*)regBuff, &buffSize) == ERROR_SUCCESS)
- {
- logLevel = (unsigned long)atoi(regBuff);
- }
- else
- {
- logLevel = 0;
- }
- if(logLevel > 0)
- {
- outLog.open("passhook.log", ios::out | ios::app);
- }
- RegCloseKey(regKey);
-
- // This memory will be free'd by calling clearSet below
- newPassInfo.username = (char*)malloc((UserName->Length / 2) + 1);
- newPassInfo.password = (char*)malloc((Password->Length / 2) + 1);
-
- if (newPassInfo.username && newPassInfo.password) {
- _snprintf(newPassInfo.username, (UserName->Length / 2), "%S", UserName->Buffer);
- _snprintf(newPassInfo.password, (Password->Length / 2), "%S", Password->Buffer);
- newPassInfo.username[UserName->Length / 2] = '\0';
- newPassInfo.password[Password->Length / 2] = '\0';
+ // This memory will be freed in SavePasshookChange
+ if ( newPassInfo = (PASS_INFO *) malloc(sizeof(PASS_INFO)) ) {
+ // These get freed in SavePasshookChange by calling clearSet
+ newPassInfo->username = (char*)malloc((UserName->Length / 2) + 1);
+ newPassInfo->password = (char*)malloc((Password->Length / 2) + 1);
} else {
- if(outLog.is_open()) {
- timeStamp(&outLog);
- outLog << "failed to allocate memory for username and password" << endl;
- }
- free(newPassInfo.username);
- free(newPassInfo.password);
goto exit;
}
- if(outLog.is_open())
- {
- timeStamp(&outLog);
- outLog << "user " << newPassInfo.username << " password changed" << endl;
- //outLog << "user " << newPassInfo.username << " password changed to " << newPassInfo.password << endl;
- }
+ // Fill in the password change struct
+ if (newPassInfo->username && newPassInfo->password) {
+ _snprintf(newPassInfo->username, (UserName->Length / 2), "%S", UserName->Buffer);
+ _snprintf(newPassInfo->password, (Password->Length / 2), "%S", Password->Buffer);
+ newPassInfo->username[UserName->Length / 2] = '\0';
+ newPassInfo->password[Password->Length / 2] = '\0';
- // loadSet allocates memory for the usernames and password. We need to be
- // sure to free it by calling clearSet.
- if(loadSet(&passInfoList, "passhook.dat") == 0)
- {
- if(outLog.is_open())
- {
- timeStamp(&outLog);
- outLog << passInfoList.size() << " entries loaded from file" << endl;
- }
- }
- else
- {
- if(outLog.is_open())
- {
- timeStamp(&outLog);
- outLog << "failed to load entries from file" << endl;
- }
+ // Backoff
+ newPassInfo->backoffCount = 0;
+
+ // Load time
+ time(&(newPassInfo->atTime));
+ } else {
+ // Memory error. Free everything we allocated.
+ free(newPassInfo->username);
+ free(newPassInfo->password);
+ free(newPassInfo);
+ goto exit;
}
- // Add the new change to the list
- passInfoList.push_back(newPassInfo);
+ // Fire off a thread to do the real work
+ passhookThreadHandle = CreateThread(NULL, 0, SavePasshookChange, newPassInfo, 0, NULL);
- // Save the list to disk
- if(saveSet(&passInfoList, "passhook.dat") == 0)
- {
- if(outLog.is_open())
- {
- timeStamp(&outLog);
- outLog << passInfoList.size() << " entries saved to file" << endl;
- }
- }
- else
- {
- if(outLog.is_open())
- {
- timeStamp(&outLog);
- outLog << "failed to save entries to file" << endl;
- }
- }
+ // We need to close the handle to the thread we created. Doing
+ // this will not terminate the thread.
+ if (passhookThreadHandle != NULL) {
+ CloseHandle(passhookThreadHandle);
+ } else {
+ // Acquire the mutex so we can log an error
+ waitRes = WaitForSingleObject(passhookMutexHandle, PASSHOOK_TIMEOUT);
- // We need to call clearSet so memory gets free'd
- clearSet(&passInfoList);
+ // If we got the mutex, log the error, otherwise it's not safe to log
+ if (waitRes == WAIT_OBJECT_0) {
+ outLog.open("passhook.log", ios::out | ios::app);
+
+ if(outLog.is_open()) {
+ timeStamp(&outLog);
+ outLog << "Failed to start thread. Aborting change for " << newPassInfo->username << endl;
+ }
-exit:
- if(passhookEventHandle == NULL)
- {
- if(outLog.is_open())
- {
- timeStamp(&outLog);
- outLog << "can not get password sync service event handle, service not running" << endl;
- }
+ outLog.close();
- }
- else
- {
- SetEvent(passhookEventHandle);
- CloseHandle(passhookEventHandle);
+ // Release mutex
+ ReleaseMutex(passhookMutexHandle);
+ }
}
- outLog.close();
-
+exit:
return STATUS_SUCCESS;
}
@@ -173,5 +126,132 @@
BOOL NTAPI InitializeChangeNotify()
{
- return TRUE;
+ HKEY regKey;
+ DWORD type;
+ unsigned long buffSize;
+ char regBuff[PASSHAND_BUF_SIZE];
+ fstream outLog;
+
+ // check if logging is enabled
+ RegOpenKey(HKEY_LOCAL_MACHINE, "SOFTWARE\\PasswordSync", ®Key);
+ buffSize = PASSHAND_BUF_SIZE;
+ if(RegQueryValueEx(regKey, "Log Level", NULL, &type, (unsigned char*)regBuff, &buffSize) == ERROR_SUCCESS)
+ {
+ logLevel = (unsigned long)atoi(regBuff);
+ }
+ else
+ {
+ logLevel = 0;
+ }
+ RegCloseKey(regKey);
+
+ // Create mutex for passhook data file and log file access
+ passhookMutexHandle = CreateMutex(NULL, FALSE, PASSHOOK_MUTEX_NAME);
+
+ if (passhookMutexHandle == NULL) {
+ // Log an error.
+ outLog.open("passhook.log", ios::out | ios::app);
+ timeStamp(&outLog);
+ outLog << "Failed to create passhook mutex. Passhook DLL will not be loaded." << endl;
+ outLog.close();
+
+ return FALSE;
+ } else {
+ return TRUE;
+ }
+}
+
+// This function will save the password change to the passhook data file. It
+// will be run as a separate thread.
+DWORD WINAPI SavePasshookChange( LPVOID passinfo )
+{
+ PASS_INFO *newPassInfo = NULL;
+ PASS_INFO_LIST passInfoList;
+ HANDLE passhookEventHandle = OpenEvent(EVENT_MODIFY_STATE, FALSE, PASSHAND_EVENT_NAME);
+ fstream outLog;
+
+ if ((newPassInfo = (PASS_INFO *)passinfo) == NULL) {
+ goto exit;
+ }
+
+ // Acquire the mutex for passhook.dat. This mutex also guarantees
+ // that we can write to outLog safely.
+ WaitForSingleObject(passhookMutexHandle, INFINITE);
+
+ // Open the log file if logging is enabled
+ if(logLevel > 0)
+ {
+ outLog.open("passhook.log", ios::out | ios::app);
+ }
+
+ if(outLog.is_open())
+ {
+ timeStamp(&outLog);
+ outLog << "user " << newPassInfo->username << " password changed" << endl;
+ //outLog << "user " << newPassInfo->username << " password changed to " << newPassInfo->passname << endl;
+ }
+
+ // loadSet allocates memory for the usernames and password. We need to be
+ // sure to free it by calling clearSet.
+ if(loadSet(&passInfoList, "passhook.dat") == 0)
+ {
+ if(outLog.is_open())
+ {
+ timeStamp(&outLog);
+ outLog << passInfoList.size() << " entries loaded from file" << endl;
+ }
+ }
+ else
+ {
+ if(outLog.is_open())
+ {
+ timeStamp(&outLog);
+ outLog << "failed to load entries from file" << endl;
+ }
+ }
+
+ // Add the new change to the list
+ passInfoList.push_back(*newPassInfo);
+
+ // Save the list to disk
+ if(saveSet(&passInfoList, "passhook.dat") == 0)
+ {
+ if(outLog.is_open())
+ {
+ timeStamp(&outLog);
+ outLog << passInfoList.size() << " entries saved to file" << endl;
+ }
+ }
+ else
+ {
+ // We always want to log this error condition
+ if(!outLog.is_open())
+ {
+ // We need to open the log since debug logging is turned off
+ outLog.open("passhook.log", ios::out | ios::app);
+ }
+
+ timeStamp(&outLog);
+ outLog << "failed to save entries to file" << endl;
+ }
+
+ // Close the log file before we release the mutex.
+ outLog.close();
+
+ // Release the mutex for passhook.dat
+ ReleaseMutex(passhookMutexHandle);
+
+ // We need to call clearSet so memory gets free'd
+ clearSet(&passInfoList);
+
+exit:
+ // Free the passed in struct from the heap
+ free(newPassInfo);
+
+ if (passhookEventHandle != NULL) {
+ SetEvent(passhookEventHandle);
+ CloseHandle(passhookEventHandle);
+ }
+
+ return 0;
}
From fedora-directory-commits at redhat.com Thu Mar 30 23:09:04 2006
From: fedora-directory-commits at redhat.com (Nathan Kinder (nkinder))
Date: Thu, 30 Mar 2006 16:09:04 -0700
Subject: [Fedora-directory-commits]
ldapserver/ldap/synctools/passwordsync/passsync syncserv.cpp,
1.7.2.6, 1.7.2.7
Message-ID: <200603302309.k2UN94ej002118@cvs-int.fedora.redhat.com>
Author: nkinder
Update of /cvs/dirsec/ldapserver/ldap/synctools/passwordsync/passsync
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv2067/passwordsync/passsync
Modified Files:
Tag: Directory71RtmBranch
syncserv.cpp
Log Message:
186657 - Implemented locking around passhook data file access
Index: syncserv.cpp
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/synctools/passwordsync/passsync/syncserv.cpp,v
retrieving revision 1.7.2.6
retrieving revision 1.7.2.7
diff -u -r1.7.2.6 -r1.7.2.7
--- syncserv.cpp 22 Mar 2006 18:53:37 -0000 1.7.2.6
+++ syncserv.cpp 30 Mar 2006 23:09:00 -0000 1.7.2.7
@@ -76,6 +76,7 @@
unsigned long size;
passhookEventHandle = CreateEvent(NULL, FALSE, FALSE, PASSHAND_EVENT_NAME);
+ passhookMutexHandle = CreateMutex(NULL, FALSE, PASSHOOK_MUTEX_NAME);
mainLdapConnection = NULL;
results = NULL;
currentResult = NULL;
@@ -211,10 +212,14 @@
timeStamp(&outLog);
outLog << "Backing off for " << BackoffTime(GetMinBackoff()) << "ms" << endl;
}
- WaitForSingleObject(passhookEventHandle, BackoffTime(GetMinBackoff()));
+ waitRes = WaitForSingleObject(passhookEventHandle, BackoffTime(GetMinBackoff()));
if(logLevel > 0) {
timeStamp(&outLog);
- outLog << "Backoff time expired. Attempting sync" << endl;
+ if (waitRes == WAIT_TIMEOUT) {
+ outLog << "Backoff time expired. Attempting sync" << endl;
+ } else {
+ outLog << "Received passhook event. Attempting sync" << endl;
+ }
}
}
@@ -226,24 +231,38 @@
if(passInfoList.size() > 0)
{
- if(saveSet(&passInfoList, dataFilename) == 0)
+ // Get mutex for passhook.dat
+ WaitForSingleObject(passhookMutexHandle, INFINITE);
+
+ // Need to loadSet here so we don't overwrite entries that passhook recently added
+ if(loadSet(&passInfoList, dataFilename) == 0)
{
- if(logLevel > 0)
+ if(saveSet(&passInfoList, dataFilename) == 0)
+ {
+ if(logLevel > 0)
+ {
+ timeStamp(&outLog);
+ outLog << passInfoList.size() << " entries saved to data file" << endl;
+ }
+ }
+ else
{
timeStamp(&outLog);
- outLog << passInfoList.size() << " entries saved to data file" << endl;
+ outLog << "Failed to save entries to data file" << endl;
}
- }
- else
- {
+ } else {
timeStamp(&outLog);
- outLog << "Failed to save entries to data file" << endl;
+ outLog << "Failed to load entries from file" << endl;
}
+
+ // Release mutex for passhook.dat
+ ReleaseMutex(passhookMutexHandle);
}
exit:
clearSet(&passInfoList);
CloseHandle(passhookEventHandle);
+ CloseHandle(passhookMutexHandle);
}
// ****************************************************************
@@ -258,6 +277,9 @@
char* dn = NULL;
int tempSize = passInfoList.size();
+ // Get mutex for passhook.dat
+ WaitForSingleObject(passhookMutexHandle, INFINITE);
+
if(loadSet(&passInfoList, dataFilename) == 0)
{
if((passInfoList.size() - tempSize) > 0)
@@ -289,6 +311,9 @@
outLog << "Failed to load entries from file" << endl;
}
+ // Release mutex for passhook.dat
+ ReleaseMutex(passhookMutexHandle);
+
if(passInfoList.size() > 0)
{
if(logLevel > 0)
From fedora-directory-commits at redhat.com Thu Mar 30 23:09:01 2006
From: fedora-directory-commits at redhat.com (Nathan Kinder (nkinder))
Date: Thu, 30 Mar 2006 16:09:01 -0700
Subject: [Fedora-directory-commits] ldapserver/ldap/synctools/passwordsync
passhand.cpp, 1.7.2.2, 1.7.2.3 passhand.h, 1.7, 1.7.2.1
Message-ID: <200603302309.k2UN9VMD002123@cvs-int.fedora.redhat.com>
Author: nkinder
Update of /cvs/dirsec/ldapserver/ldap/synctools/passwordsync
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv2067/passwordsync
Modified Files:
Tag: Directory71RtmBranch
passhand.cpp passhand.h
Log Message:
186657 - Implemented locking around passhook data file access
Index: passhand.cpp
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/synctools/passwordsync/passhand.cpp,v
retrieving revision 1.7.2.2
retrieving revision 1.7.2.3
diff -u -r1.7.2.2 -r1.7.2.3
--- passhand.cpp 22 Mar 2006 18:53:26 -0000 1.7.2.2
+++ passhand.cpp 30 Mar 2006 23:08:57 -0000 1.7.2.3
@@ -112,6 +112,8 @@
outFile.close();
exit:
+ // We need to unfreeze plainTextStream so memory gets freed by the destructor
+ plainTextStream.rdbuf()->freeze(false);
free(cipherTextBuf);
return result;
}
@@ -119,18 +121,18 @@
int loadSet(PASS_INFO_LIST* passInfoList, char* filename)
{
int result = 0;
- int i;
+ int i = 0;
fstream inFile;
PASS_INFO newPair;
strstream* plainTextStream;
char* cipherTextBuf = NULL;
char* plainTextBuf = NULL;
- int usernameLen;
- int passwordLen;
- int plainTextLen;
- int cipherTextLen;
+ int usernameLen = 0;
+ int passwordLen = 0;
+ int plainTextLen = 0;
+ int cipherTextLen = 0;
int resultTextLen = 0;
- int pairCount;
+ int pairCount = 0;
// Read in cipher text from file
inFile.open(filename, ios::in | ios::binary);
@@ -164,6 +166,12 @@
goto exit;
}
+ // Check to see if plainTextbuf contains anything
+ if (resultTextLen <= 0) {
+ result = -1;
+ goto exit;
+ }
+
plainTextStream = new strstream(plainTextBuf, resultTextLen);
plainTextStream->read((char*)&pairCount, sizeof(pairCount));
Index: passhand.h
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/synctools/passwordsync/passhand.h,v
retrieving revision 1.7
retrieving revision 1.7.2.1
diff -u -r1.7 -r1.7.2.1
--- passhand.h 19 Apr 2005 22:07:43 -0000 1.7
+++ passhand.h 30 Mar 2006 23:08:57 -0000 1.7.2.1
@@ -50,7 +50,9 @@
#include "prerror.h"
#define PASSHAND_EVENT_NAME "passhand_event"
+#define PASSHOOK_MUTEX_NAME "passhook_mutex"
+#define PASSHOOK_TIMEOUT 30000
#define PASSHAND_BUF_SIZE 256
using namespace std;
From fedora-directory-commits at redhat.com Thu Mar 30 23:13:47 2006
From: fedora-directory-commits at redhat.com (Nathan Kinder (nkinder))
Date: Thu, 30 Mar 2006 16:13:47 -0700
Subject: [Fedora-directory-commits]
ldapserver/ldap/synctools/passwordsync/passsync syncserv.h,
1.7, 1.7.2.1
Message-ID: <200603302313.k2UNDljV002156@cvs-int.fedora.redhat.com>
Author: nkinder
Update of /cvs/dirsec/ldapserver/ldap/synctools/passwordsync/passsync
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv2139/passwordsync/passsync
Modified Files:
Tag: Directory71RtmBranch
syncserv.h
Log Message:
186657 - Implemented locking around passhook data file access
Index: syncserv.h
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/synctools/passwordsync/passsync/syncserv.h,v
retrieving revision 1.7
retrieving revision 1.7.2.1
diff -u -r1.7 -r1.7.2.1
--- syncserv.h 19 Apr 2005 22:07:44 -0000 1.7
+++ syncserv.h 30 Mar 2006 23:13:44 -0000 1.7.2.1
@@ -82,6 +82,7 @@
PASS_INFO_LIST passInfoList;
HANDLE passhookEventHandle;
+ HANDLE passhookMutexHandle;
// LDAP variables
LDAP* mainLdapConnection;
@@ -104,7 +105,8 @@
unsigned long maxBackoffTime;
int logLevel;
bool isRunning;
+ DWORD waitRes;
fstream outLog;
};
-#endif
\ No newline at end of file
+#endif
From fedora-directory-commits at redhat.com Thu Mar 30 23:23:57 2006
From: fedora-directory-commits at redhat.com (Nathan Kinder (nkinder))
Date: Thu, 30 Mar 2006 16:23:57 -0700
Subject: [Fedora-directory-commits] ldapserver component_versions.mk,
1.35.2.6, 1.35.2.7
Message-ID: <200603302323.k2UNNvJm002270@cvs-int.fedora.redhat.com>
Author: nkinder
Update of /cvs/dirsec/ldapserver
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv2253
Modified Files:
Tag: Directory71RtmBranch
component_versions.mk
Log Message:
Pick up new ADSYNC component for bug 186657
Index: component_versions.mk
===================================================================
RCS file: /cvs/dirsec/ldapserver/component_versions.mk,v
retrieving revision 1.35.2.6
retrieving revision 1.35.2.7
diff -u -r1.35.2.6 -r1.35.2.7
--- component_versions.mk 22 Mar 2006 18:55:06 -0000 1.35.2.6
+++ component_versions.mk 30 Mar 2006 23:23:55 -0000 1.35.2.7
@@ -250,7 +250,7 @@
endif
ifndef ADSYNC_VERSION
- ADSYNC_VERSION=20060322
+ ADSYNC_VERSION=20060330
endif
ifndef NT4SYNC_VERSION
From fedora-directory-commits at redhat.com Fri Mar 31 22:58:37 2006
From: fedora-directory-commits at redhat.com (Richard Allen Megginson (rmeggins))
Date: Fri, 31 Mar 2006 15:58:37 -0700
Subject: [Fedora-directory-commits] adminserver/lib/libsi18n getlang.c, 1.4,
1.5 getstrprop.c, 1.3, 1.4 makstrdb.c, 1.3, 1.4 propset.c, 1.3,
1.4 txtfile.c, 1.3, 1.4
Message-ID: <200603312258.k2VMwbq7028940@cvs-int.fedora.redhat.com>
Author: rmeggins
Update of /cvs/dirsec/adminserver/lib/libsi18n
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv28761/adminserver/lib/libsi18n
Modified Files:
getlang.c getstrprop.c makstrdb.c propset.c txtfile.c
Log Message:
Bug(s) fixed: 186280
Bug Description: adminserver: Close potential security vulnerabilities
in CGI code
Reviewed by: Rob, Pete, Nathan, Noriko (Thanks!)
Fix Description: Most of this just involves making sure that we use
PR_snprintf/PL_strncpyz/PL_strcatn where able, or just making sure we
use snprintf/strncpy/strncat correctly and null terminate the buffers.
I also got rid of some dead code, unused variables, and the like. There
are a few cases that are more complex that I have specified below. In
some cases I had to change the function signature to add a size
parameter in cases where the function was copying to a given char * and
the size was assumed (in most cases this was safe but it's still dangerous).
Platforms tested: Fedora Core 5
Flag Day: no
Doc impact: no
Index: getlang.c
===================================================================
RCS file: /cvs/dirsec/adminserver/lib/libsi18n/getlang.c,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -r1.4 -r1.5
--- getlang.c 18 Aug 2005 19:20:24 -0000 1.4
+++ getlang.c 31 Mar 2006 22:58:34 -0000 1.5
@@ -75,16 +75,22 @@
{
switch(type) {
case CLIENT_LANGUAGE:
- if (language)
- strcpy(client_language, language);
+ if (language) {
+ strncpy(client_language, language, sizeof(client_language));
+ client_language[sizeof(client_language)-1] = 0;
+ }
break;
case ADMIN_LANGUAGE:
- if (language)
- strcpy(admin_language, language);
+ if (language) {
+ strncpy(admin_language, language, sizeof(admin_language));
+ admin_language[sizeof(admin_language)-1] = 0;
+ }
break;
case DEFAULT_LANGUAGE:
- if (language)
- strcpy(default_language, language);
+ if (language) {
+ strncpy(default_language, language, sizeof(default_language));
+ default_language[sizeof(default_language)-1] = 0;
+ }
break;
}
return ;
@@ -125,7 +131,7 @@
NSAPI_PUBLIC
int
-GetFileForLanguage(char* filePath,char* language,char* existingFilePath)
+GetFileForLanguage(char* filePath,char* language,char* existingFilePath,size_t existingSize)
{
/* Input: filePath,language
* filePath is of the form "/xxx/xxx/$$LANGDIR/xxx/xxx/filename"
@@ -212,7 +218,8 @@
/* Try: /path/language/filename.ext */
if (pattern) {
- strcpy(existingFilePath,filePath);
+ strncpy(existingFilePath,filePath, existingSize);
+ existingFilePath[existingSize-1] = 0;
strReplace(existingFilePath,"$$LANGDIR",acceptLanguageList[iLang]);
if (stat(existingFilePath,&info)==0) {
@@ -228,14 +235,16 @@
/* Try: /path/filename_language.ext */
{
- strcpy(existingFilePath,filePath);
+ strncpy(existingFilePath,filePath, existingSize);
+ existingFilePath[existingSize-1] = 0;
strReplace(existingFilePath,"$$LANGDIR/",emptyString);
pDot = strrchr(existingFilePath,'.');
pSlash = strrchr(existingFilePath,'/');
if (pSlash>=pDot) {
pDot = strchr(existingFilePath,'\0');
}
- sprintf(lang_modifier,"%c%s",LANG_DELIMIT,acceptLanguageList[iLang]);
+ snprintf(lang_modifier,sizeof(lang_modifier),"%c%s",LANG_DELIMIT,acceptLanguageList[iLang]);
+ lang_modifier[sizeof(lang_modifier)-1] = 0;
strReplace(pDot,emptyString,lang_modifier);
if (stat(existingFilePath,&info)==0) {
Index: getstrprop.c
===================================================================
RCS file: /cvs/dirsec/adminserver/lib/libsi18n/getstrprop.c,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- getstrprop.c 18 Aug 2005 19:20:24 -0000 1.3
+++ getstrprop.c 31 Mar 2006 22:58:34 -0000 1.4
@@ -154,7 +154,6 @@
#if 0
#include "base/crit.h"
#include "base/systhr.h"
-static char pathDB[100] = "\0";
static int Initialized = 0;
#ifdef XP_UNIX
Index: makstrdb.c
===================================================================
RCS file: /cvs/dirsec/adminserver/lib/libsi18n/makstrdb.c,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- makstrdb.c 18 Aug 2005 19:20:24 -0000 1.3
+++ makstrdb.c 31 Mar 2006 22:58:34 -0000 1.4
@@ -117,7 +117,6 @@
char* cptr;
RESOURCE_TABLE* table;
NSRESHANDLE hresdb;
- char DBTlibraryName[128];
/* Creating database */
hresdb = NSResCreateTable(DATABASE_NAME, NULL);
Index: propset.c
===================================================================
RCS file: /cvs/dirsec/adminserver/lib/libsi18n/propset.c,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- propset.c 18 Aug 2005 19:20:24 -0000 1.3
+++ propset.c 31 Mar 2006 22:58:34 -0000 1.4
@@ -117,7 +117,7 @@
char *filepath;
char *p, *q;
int n;
- char linebuf[1000];
+ char linebuf[FILE_BUFFER_SIZE+1];
int st;
st = PropertiesLanguageStatus(propset, language);
Index: txtfile.c
===================================================================
RCS file: /cvs/dirsec/adminserver/lib/libsi18n/txtfile.c,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- txtfile.c 18 Aug 2005 19:20:24 -0000 1.3
+++ txtfile.c 31 Mar 2006 22:58:34 -0000 1.4
@@ -25,16 +25,6 @@
#include "txtfile.h"
-
-
-#if 0
-char fileBuffer[FILE_BUFFER_SIZE + 1];
-char *fbCurrent;
-int fbSize;
-int fbStatus;
-#endif
-
-
TEXTFILE * OpenTextFile(char *filename, int access)
{
TEXTFILE *txtfile;
From fedora-directory-commits at redhat.com Fri Mar 31 22:58:36 2006
From: fedora-directory-commits at redhat.com (Richard Allen Megginson (rmeggins))
Date: Fri, 31 Mar 2006 15:58:36 -0700
Subject: [Fedora-directory-commits] adminserver/lib/libadmin admconf.c, 1.5,
1.6 form_get.c, 1.5, 1.6 referer.c, 1.5, 1.6 template.c, 1.6,
1.7 util.c, 1.6, 1.7
Message-ID: <200603312258.k2VMwalN028931@cvs-int.fedora.redhat.com>
Author: rmeggins
Update of /cvs/dirsec/adminserver/lib/libadmin
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv28761/adminserver/lib/libadmin
Modified Files:
admconf.c form_get.c referer.c template.c util.c
Log Message:
Bug(s) fixed: 186280
Bug Description: adminserver: Close potential security vulnerabilities
in CGI code
Reviewed by: Rob, Pete, Nathan, Noriko (Thanks!)
Fix Description: Most of this just involves making sure that we use
PR_snprintf/PL_strncpyz/PL_strcatn where able, or just making sure we
use snprintf/strncpy/strncat correctly and null terminate the buffers.
I also got rid of some dead code, unused variables, and the like. There
are a few cases that are more complex that I have specified below. In
some cases I had to change the function signature to add a size
parameter in cases where the function was copying to a given char * and
the size was assumed (in most cases this was safe but it's still dangerous).
Platforms tested: Fedora Core 5
Flag Day: no
Doc impact: no
Index: admconf.c
===================================================================
RCS file: /cvs/dirsec/adminserver/lib/libadmin/admconf.c,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- admconf.c 18 Aug 2005 19:20:01 -0000 1.5
+++ admconf.c 31 Mar 2006 22:58:29 -0000 1.6
@@ -93,7 +93,7 @@
if (getenv("HTTP_REFERER")) strcpy(scratch, getenv("HTTP_REFERER")); else
/* next sprintf is the 'else' part */
#endif
- sprintf(scratch, "%s%s", getenv("SERVER_URL"), getenv("SCRIPT_NAME"));
+ PR_snprintf(scratch, sizeof(scratch), "%s%s", getenv("SERVER_URL"), getenv("SCRIPT_NAME"));
config[2] = STRDUP(scratch);
config[3] = STRDUP(CONFIG3_DEF);
config[4] = STRDUP(CONFIG4_DEF);
@@ -133,7 +133,7 @@
if(!fgets(scratch, 1024, f))
- sprintf(scratch, "%s", CONFIG1_DEF);
+ PR_snprintf(scratch, sizeof(scratch), "%s", CONFIG1_DEF);
else
scratch[strlen(scratch)-1] = '\0';
config[1] = STRDUP(scratch);
@@ -145,19 +145,19 @@
config[2] = STRDUP(scratch);
if(!fgets(scratch, 1024, f))
- sprintf(scratch, "%s", CONFIG3_DEF);
+ PR_snprintf(scratch, sizeof(scratch), "%s", CONFIG3_DEF);
else
scratch[strlen(scratch)-1] = '\0';
config[3] = STRDUP(scratch);
if(!fgets(scratch, 1024, f))
- sprintf(scratch, "%s", CONFIG4_DEF);
+ PR_snprintf(scratch, sizeof(scratch), "%s", CONFIG4_DEF);
else
scratch[strlen(scratch)-1] = '\0';
config[4] = STRDUP(scratch);
if(!fgets(scratch, 1024, f))
- sprintf(scratch, "%s", CONFIG5_DEF);
+ PR_snprintf(scratch, sizeof(scratch), "%s", CONFIG5_DEF);
else
scratch[strlen(scratch)-1] = '\0';
{int n=0, x=0; for(x=0; scratch[x]; x++) if(scratch[x]==':') n++;
Index: form_get.c
===================================================================
RCS file: /cvs/dirsec/adminserver/lib/libadmin/form_get.c,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- form_get.c 18 Aug 2005 19:20:01 -0000 1.5
+++ form_get.c 31 Mar 2006 22:58:29 -0000 1.6
@@ -79,7 +79,7 @@
PR_snprintf(filePattern, sizeof(filePattern), "%s%s%s", HTML_DIR, "$$LANGDIR/", filename);
- GetFileForLanguage(filePattern,language,line);
+ GetFileForLanguage(filePattern,language,line,sizeof(line));
if(!(f = fopen(line, "r"))) {
report_error(FILE_ERROR, line, "Could not open the HTML file. "
"Perhaps the permissions have changed or someone "
Index: referer.c
===================================================================
RCS file: /cvs/dirsec/adminserver/lib/libadmin/referer.c,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- referer.c 18 Aug 2005 19:20:01 -0000 1.5
+++ referer.c 31 Mar 2006 22:58:29 -0000 1.6
@@ -131,9 +131,14 @@
NSAPI_PUBLIC void redirect_to_script(char *script)
{
char urlbuf[BIG_LINE];
-
+ char *ptr;
PR_snprintf(urlbuf, sizeof(urlbuf), "%s%s", getenv("SERVER_URL"), getenv("SCRIPT_NAME"));
- strcpy(strrchr(urlbuf, '/') + 1, script);
+ if (ptr = strrchr(urlbuf, '/')) {
+ int maxsize = sizeof(urlbuf)-((ptr-urlbuf)+2); /* one for the '/' and one for the '0' */
+ PL_strncpyz(ptr + 1, script, maxsize);
+ } else {
+ PR_snprintf(urlbuf, sizeof(urlbuf), "%s/%s", getenv("SERVER_URL"), script);
+ }
printf("Location: %s\n\n", urlbuf);
}
Index: template.c
===================================================================
RCS file: /cvs/dirsec/adminserver/lib/libadmin/template.c,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- template.c 9 Sep 2005 19:04:01 -0000 1.6
+++ template.c 31 Mar 2006 22:58:29 -0000 1.7
@@ -397,7 +397,7 @@
/*
* URL changed to add new "mapfile" parameter for 5.0 help system - Adam
*/
- util_snprintf( line, BIG_LINE,
+ util_snprintf( line, sizeof(line),
"window.open('%s/manual/help/help?helpdir=admin&token=%s', '"
INFO_IDX_NAME"_%s', "
HELP_WIN_OPTIONS");",
@@ -427,7 +427,7 @@
char outline[BIG_LINE];
if(verify) {
- util_snprintf(line, BIG_LINE, "