From fedora-directory-commits at redhat.com Wed Mar 1 14:55:04 2006 From: fedora-directory-commits at redhat.com (Richard Allen Megginson (rmeggins)) Date: Wed, 1 Mar 2006 09:55:04 -0500 Subject: [Fedora-directory-commits] adminserver/admserv/cfgstuff admserv-conf-tmpl.patch, NONE, 1.1 Message-ID: <200603011455.k21Et495016200@cvs-int.fedora.redhat.com> Author: rmeggins Update of /cvs/dirsec/adminserver/admserv/cfgstuff In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv16178 Added Files: admserv-conf-tmpl.patch Log Message: patch file for upgrading from 1.0.1 - fixes the use of admpw for basic auth admserv-conf-tmpl.patch: --- NEW FILE admserv-conf-tmpl.patch --- --- shared/config/template/admserv.conf.tmpl 23 Feb 2006 01:12:11 -0000 1.13 +++ shared/config/template/admserv.conf.tmpl 28 Feb 2006 22:29:39 -0000 1.14 @@ -146,17 +146,17 @@ Order allow,deny Allow from all # Handle Stop, Start, Restart, Instance Creation - invoke mod_restartd # need to add instance creation because you may want to create an instance # of DS on a low port, and instance creation starts the instance as well - AuthUserFile /home/rich/72srv/admin-serv/config/admpw + AuthUserFile %%%sroot%%%/admin-serv/config/admpw AuthType basic AuthName "Admin Server" Require valid-user ## turn off the password pipe when using mod_restartd AdminSDK off Options +ExecCGI RetainPerms on Order allow,deny From fedora-directory-commits at redhat.com Wed Mar 1 14:57:12 2006 From: fedora-directory-commits at redhat.com (Richard Allen Megginson (rmeggins)) Date: Wed, 1 Mar 2006 09:57:12 -0500 Subject: [Fedora-directory-commits] adminserver/admserv pkgadmin.mk, 1.40, 1.41 Message-ID: <200603011457.k21EvCua016246@cvs-int.fedora.redhat.com> Author: rmeggins Update of /cvs/dirsec/adminserver/admserv In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv16229 Modified Files: pkgadmin.mk Log Message: added patch file for upgrading from 1.0.1 - fixes the use of admpw for basic auth Index: pkgadmin.mk =================================================================== RCS file: /cvs/dirsec/adminserver/admserv/pkgadmin.mk,v retrieving revision 1.40 retrieving revision 1.41 diff -u -r1.40 -r1.41 --- pkgadmin.mk 23 Feb 2006 04:05:13 -0000 1.40 +++ pkgadmin.mk 1 Mar 2006 14:57:04 -0000 1.41 @@ -296,6 +296,8 @@ cp -p $(BUILD_ROOT)/admserv/cfgstuff/adminserver-httpd-moduleorder.patch $(ADMIN_DIR)/setup # The patch file that fixes console ld libpath cp -p $(BUILD_ROOT)/admserv/cfgstuff/console-ld-libpath.patch $(ADMIN_DIR)/setup +# The patch file that fixes the use of admpw for basic auth + cp -p $(BUILD_ROOT)/admserv/cfgstuff/admserv-conf-tmpl.patch $(ADMIN_DIR)/setup cp -p $(BUILD_ROOT)/admserv/newinst/common/config/not_installed.html $(ADMIN_DIR)/clients From fedora-directory-commits at redhat.com Wed Mar 1 14:58:35 2006 From: fedora-directory-commits at redhat.com (Richard Allen Megginson (rmeggins)) Date: Wed, 1 Mar 2006 09:58:35 -0500 Subject: [Fedora-directory-commits] ldapserver ldapserver.spec.tmpl, 1.25, 1.26 Message-ID: <200603011458.k21EwZqf016289@cvs-int.fedora.redhat.com> Author: rmeggins Update of /cvs/dirsec/ldapserver In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv16272 Modified Files: ldapserver.spec.tmpl Log Message: added patch file for upgrading from 1.0.1 - fixes the use of admpw for basic auth Index: ldapserver.spec.tmpl =================================================================== RCS file: /cvs/dirsec/ldapserver/ldapserver.spec.tmpl,v retrieving revision 1.25 retrieving revision 1.26 diff -u -r1.25 -r1.26 --- ldapserver.spec.tmpl 23 Feb 2006 19:30:23 -0000 1.25 +++ ldapserver.spec.tmpl 1 Mar 2006 14:58:27 -0000 1.26 @@ -139,6 +139,10 @@ if [ -f $RPM_INSTALL_PREFIX/setup/adminserver-httpd-moduleorder.patch ] ; then patch -s -f -d $RPM_INSTALL_PREFIX -p0 < $RPM_INSTALL_PREFIX/setup/adminserver-httpd-moduleorder.patch > /dev/null 2>&1 fi +# patch file to fix use of admpw for basic auth + if [ -f $RPM_INSTALL_PREFIX/setup/admserv-conf-tmpl.patch ] ; then + patch -s -f -d $RPM_INSTALL_PREFIX -p0 < $RPM_INSTALL_PREFIX/setup/admserv-conf-tmpl.patch > /dev/null 2>&1 + fi # fix up file permissions testfile=$RPM_INSTALL_PREFIX/admin-serv/config/nss.conf if [ ! -f $testfile ] ; then @@ -172,6 +176,9 @@ fi %changelog +* Wed Mar 1 2006 Rich Megginson - 1.0.2-1 +- Added admserv-conf-tmpl.patch to fix the use of admpw for basic auth + * Wed Feb 22 2006 Rich Megginson - 1.0.2-1 - Add patch to fix admin server httpd module load order; you - must now run setup after an upgrade; copy in the new 00core.ldif From fedora-directory-commits at redhat.com Wed Mar 1 15:16:39 2006 From: fedora-directory-commits at redhat.com (Richard Allen Megginson (rmeggins)) Date: Wed, 1 Mar 2006 10:16:39 -0500 Subject: [Fedora-directory-commits] adminserver/admserv/cfgstuff admserv-conf-admpw.patch, NONE, 1.1 Message-ID: <200603011516.k21FGdVl018200@cvs-int.fedora.redhat.com> Author: rmeggins Update of /cvs/dirsec/adminserver/admserv/cfgstuff In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv18182 Added Files: admserv-conf-admpw.patch Log Message: this patch fixes the use of admpw in the actual config file - the previous patch only fixes the template admserv-conf-admpw.patch: --- NEW FILE admserv-conf-admpw.patch --- --- admin-serv/config/admserv.conf.orig 2006-03-01 08:11:57.000000000 -0700 +++ admin-serv/config/admserv.conf 2006-03-01 08:12:56.000000000 -0700 @@ -146,17 +146,17 @@ Order allow,deny Allow from all # Handle Stop, Start, Restart, Instance Creation - invoke mod_restartd # need to add instance creation because you may want to create an instance # of DS on a low port, and instance creation starts the instance as well - AuthUserFile /home/rich/72srv/admin-serv/config/admpw + AuthUserFile /opt/fedora-ds/admin-serv/config/admpw AuthType basic AuthName "Admin Server" Require valid-user ## turn off the password pipe when using mod_restartd AdminSDK off Options +ExecCGI RetainPerms on Order allow,deny From fedora-directory-commits at redhat.com Wed Mar 1 15:19:08 2006 From: fedora-directory-commits at redhat.com (Richard Allen Megginson (rmeggins)) Date: Wed, 1 Mar 2006 10:19:08 -0500 Subject: [Fedora-directory-commits] adminserver/admserv pkgadmin.mk, 1.41, 1.42 Message-ID: <200603011519.k21FJ8jh018279@cvs-int.fedora.redhat.com> Author: rmeggins Update of /cvs/dirsec/adminserver/admserv In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv18252 Modified Files: pkgadmin.mk Log Message: added admserv-conf-admpw.patch to patch the real config file - the previous patch only patches the template config file Index: pkgadmin.mk =================================================================== RCS file: /cvs/dirsec/adminserver/admserv/pkgadmin.mk,v retrieving revision 1.41 retrieving revision 1.42 diff -u -r1.41 -r1.42 --- pkgadmin.mk 1 Mar 2006 14:57:04 -0000 1.41 +++ pkgadmin.mk 1 Mar 2006 15:19:00 -0000 1.42 @@ -296,8 +296,10 @@ cp -p $(BUILD_ROOT)/admserv/cfgstuff/adminserver-httpd-moduleorder.patch $(ADMIN_DIR)/setup # The patch file that fixes console ld libpath cp -p $(BUILD_ROOT)/admserv/cfgstuff/console-ld-libpath.patch $(ADMIN_DIR)/setup -# The patch file that fixes the use of admpw for basic auth +# The patch file that fixes the use of admpw for basic auth in the template file cp -p $(BUILD_ROOT)/admserv/cfgstuff/admserv-conf-tmpl.patch $(ADMIN_DIR)/setup +# The patch file that fixes the use of admpw for basic auth in the real config file + cp -p $(BUILD_ROOT)/admserv/cfgstuff/admserv-conf-admpw.patch $(ADMIN_DIR)/setup cp -p $(BUILD_ROOT)/admserv/newinst/common/config/not_installed.html $(ADMIN_DIR)/clients From fedora-directory-commits at redhat.com Wed Mar 1 15:21:54 2006 From: fedora-directory-commits at redhat.com (Richard Allen Megginson (rmeggins)) Date: Wed, 1 Mar 2006 10:21:54 -0500 Subject: [Fedora-directory-commits] ldapserver ldapserver.spec.tmpl, 1.26, 1.27 Message-ID: <200603011521.k21FLs6T018322@cvs-int.fedora.redhat.com> Author: rmeggins Update of /cvs/dirsec/ldapserver In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv18305 Modified Files: ldapserver.spec.tmpl Log Message: Added admserv-conf-admpw.patch to fix the use of admpw for basic auth in the actual config file Index: ldapserver.spec.tmpl =================================================================== RCS file: /cvs/dirsec/ldapserver/ldapserver.spec.tmpl,v retrieving revision 1.26 retrieving revision 1.27 diff -u -r1.26 -r1.27 --- ldapserver.spec.tmpl 1 Mar 2006 14:58:27 -0000 1.26 +++ ldapserver.spec.tmpl 1 Mar 2006 15:21:47 -0000 1.27 @@ -139,10 +139,14 @@ if [ -f $RPM_INSTALL_PREFIX/setup/adminserver-httpd-moduleorder.patch ] ; then patch -s -f -d $RPM_INSTALL_PREFIX -p0 < $RPM_INSTALL_PREFIX/setup/adminserver-httpd-moduleorder.patch > /dev/null 2>&1 fi -# patch file to fix use of admpw for basic auth +# patch file to fix use of admpw for basic auth in the template file if [ -f $RPM_INSTALL_PREFIX/setup/admserv-conf-tmpl.patch ] ; then patch -s -f -d $RPM_INSTALL_PREFIX -p0 < $RPM_INSTALL_PREFIX/setup/admserv-conf-tmpl.patch > /dev/null 2>&1 fi +# patch file to fix use of admpw for basic auth in the real config file + if [ -f $RPM_INSTALL_PREFIX/setup/admserv-conf-admpw.patch ] ; then + patch -s -f -d $RPM_INSTALL_PREFIX -p0 < $RPM_INSTALL_PREFIX/setup/admserv-conf-admpw.patch > /dev/null 2>&1 + fi # fix up file permissions testfile=$RPM_INSTALL_PREFIX/admin-serv/config/nss.conf if [ ! -f $testfile ] ; then @@ -177,7 +181,7 @@ %changelog * Wed Mar 1 2006 Rich Megginson - 1.0.2-1 -- Added admserv-conf-tmpl.patch to fix the use of admpw for basic auth +- Added admserv-conf-tmpl.patch and admserv-conf-admpw.patch to fix the use of admpw for basic auth * Wed Feb 22 2006 Rich Megginson - 1.0.2-1 - Add patch to fix admin server httpd module load order; you From fedora-directory-commits at redhat.com Wed Mar 1 17:35:47 2006 From: fedora-directory-commits at redhat.com (Noriko Hosoi (nhosoi)) Date: Wed, 1 Mar 2006 12:35:47 -0500 Subject: [Fedora-directory-commits] ldapserver internal_comp_deps.mk, 1.36, 1.37 Message-ID: <200603011735.k21HZl24024941@cvs-int.fedora.redhat.com> Author: nhosoi Update of /cvs/dirsec/ldapserver In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv24924 Modified Files: internal_comp_deps.mk Log Message: fixing the 64-bit Solaris build 1) removing the 32-bit NSS related files 2) removing an extra _64 tag from the libdb path Index: internal_comp_deps.mk =================================================================== RCS file: /cvs/dirsec/ldapserver/internal_comp_deps.mk,v retrieving revision 1.36 retrieving revision 1.37 diff -u -r1.36 -r1.37 --- internal_comp_deps.mk 28 Feb 2006 20:46:12 -0000 1.36 +++ internal_comp_deps.mk 1 Mar 2006 17:35:39 -0000 1.37 @@ -104,42 +104,6 @@ else SECURITY_DEP = $(SECURITY_LIBPATH)/libssl3.$(DLL_SUFFIX) endif -# if building 64 bit version, also need the 32 bit version of nssckbi.so -# rename it as nssckbi32.so -ifeq ($(USE_64), 1) -# assumes there is a 32 bit version - SHARED32_BUILD_DIR = $(NSCP_DISTDIR_FULL_RTL)/shared32 - NSS32_IMPORT = $(subst $(NS64TAG),,$(SECURITY_IMPORT)) - NSS32_BINNAMES = modutil - NSS32_LIBNAMES = $(SECURITY_LIBNAMES.pkg) - NSS32_NEED_CHK = $(SECURITY_NEED_CHK) - ifeq ($(ARCH), SOLARIS) - NSS32_LIBNAMES += freebl_hybrid_3 freebl_pure32_3 -# these libs have a corresponding .chk file - NSS32_NEED_CHK += freebl_hybrid_3 freebl_pure32_3 - endif - ifeq ($(ARCH), HPUX) - NSS32_LIBNAMES += freebl_hybrid_3 freebl_pure32_3 -# these libs have a corresponding .chk file - NSS32_NEED_CHK += freebl_hybrid_3 freebl_pure32_3 - endif - NSSCKBI_FILE = $(LIB_PREFIX)nssckbi.$(DLL_SUFFIX) - NSSCKBI32_FILE = $(LIB_PREFIX)nssckbi32.$(DLL_SUFFIX) - NSS32_PULLFILES = bin/modutil lib/$(NSSCKBI_FILE) $(addprefix lib/$(LIB_PREFIX),$(addsuffix .$(DLL_SUFFIX),$(NSS32_LIBNAMES))) $(addprefix lib/$(LIB_PREFIX),$(addsuffix .chk,$(NSS32_NEED_CHK))) - - NSPR32_IMPORT = $(subst $(NS64TAG),,$(NSPR_IMPORT)) - NSPR32_LIBNAMES = $(NSPR_LIBNAMES) - NSPR32_PULLFILES = lib/$(LIB_PREFIX)$(subst $(SPACE),$(COMMA)lib/$(LIB_PREFIX),$(addsuffix .$(DLL_SUFFIX),$(NSPR_LIBNAMES))) - -# we need to package the root cert file in the alias directory - PACKAGE_SRC_DEST += $(SHARED32_BUILD_DIR)/lib/$(NSSCKBI32_FILE) alias -# all other files go under shared32/bin or /lib - PACKAGE_SRC_DEST += $(SHARED32_BUILD_DIR)/bin/modutil shared32/bin - -# do not need redundant copy of nssckbi - NSS32_NSPR32_SRC_LIBS = $(filter-out $(SHARED32_BUILD_DIR)/lib/$(NSSCKBI32_FILE),$(wildcard $(SHARED32_BUILD_DIR)/lib/*)) - PACKAGE_SRC_DEST += $(addsuffix $(SPACE)shared32/lib,$(NSS32_NSPR32_SRC_LIBS)) -endif # USE_64 ifdef VSFTPD_HACK SECURITY_FILES=lib,bin/$(subst $(SPACE),$(COMMA)bin/,$(SECURITY_TOOLS)) @@ -163,20 +127,6 @@ -objdir $(SECURITY_BUILD_DIR) -componentdir $(COMPONENTS_DIR)/nss/$(SECURITY_RELDATE) \ -files include endif -# if building 64 bit version, also need the 32 bit version of nssckbi.so -# rename it as nssckbi32.so -# also need the 32 bit modutil, other NSS shared libraries and NSPR shared libraries -ifeq ($(USE_64), 1) - mkdir -p $(SHARED32_BUILD_DIR)/bin - mkdir -p $(SHARED32_BUILD_DIR)/lib - $(FTP_PULL) -method $(SECURITY_PULL_METHOD) \ - -objdir $(SHARED32_BUILD_DIR) -componentdir $(NSPR32_IMPORT) \ - -files $(NSPR32_PULLFILES) - $(FTP_PULL) -method $(SECURITY_PULL_METHOD) \ - -objdir $(SHARED32_BUILD_DIR) -componentdir $(NSS32_IMPORT) \ - -files $(subst $(SPACE),$(COMMA),$(NSS32_PULLFILES)) - mv $(SHARED32_BUILD_DIR)/lib/$(NSSCKBI_FILE) $(SHARED32_BUILD_DIR)/lib/$(NSSCKBI32_FILE) -endif # USE_64 endif # COMPONENT_DEPS - at if [ ! -f $@ ] ; \ then echo "Error: could not get component NSS file $@" ; \ @@ -298,7 +248,7 @@ # define the paths to the component parts db_components_share=$(COMPONENTS_DIR)/$(db_component_name) MY_NSOBJDIR_TAG=$(NSOBJDIR_TAG).OBJ -db_release_config =$(db_components_share)/$(DB_VERSION)/$(NSCONFIG_NOTAG)$(NS64TAG)$(MY_NSOBJDIR_TAG) +db_release_config =$(db_components_share)/$(DB_VERSION)/$(NSCONFIG_NOTAG)$(MY_NSOBJDIR_TAG) # add ",bin" to DB_FILES if you want the programs like db_verify, db_recover, etc. DB_FILES=include,lib,bin From fedora-directory-commits at redhat.com Wed Mar 1 18:43:59 2006 From: fedora-directory-commits at redhat.com (Nathan Kinder (nkinder)) Date: Wed, 1 Mar 2006 13:43:59 -0500 Subject: [Fedora-directory-commits] mod_admserv mod_admserv.c,1.20,1.21 Message-ID: <200603011843.k21IhxqU027189@cvs-int.fedora.redhat.com> Author: nkinder Update of /cvs/dirsec/mod_admserv In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv27172 Modified Files: mod_admserv.c Log Message: Updated the module hook registration order to deal with the proper Apache 2.2 module name (mod_auth_basic) Index: mod_admserv.c =================================================================== RCS file: /cvs/dirsec/mod_admserv/mod_admserv.c,v retrieving revision 1.20 retrieving revision 1.21 diff -u -r1.20 -r1.21 --- mod_admserv.c 24 Feb 2006 16:19:23 -0000 1.20 +++ mod_admserv.c 1 Mar 2006 18:43:51 -0000 1.21 @@ -2680,7 +2680,13 @@ static void register_hooks(apr_pool_t *p) { /* Do basic auth after our own auth */ +#ifdef AP_SERVER_MAJORVERSION_NUMBER + /* Apache 2.2+ */ + static const char * const aszPost[] = { "mod_auth_basic.c", NULL }; +#else + /* Apache 2.0 and earlier uses a different module name than 2.2+ */ static const char * const aszPost[] = { "mod_auth.c", NULL }; +#endif /* Make sure mod_nss has been configured before us */ static const char * const aszPre[] = { "mod_nss.c", NULL }; From fedora-directory-commits at redhat.com Wed Mar 1 18:54:27 2006 From: fedora-directory-commits at redhat.com (Richard Allen Megginson (rmeggins)) Date: Wed, 1 Mar 2006 13:54:27 -0500 Subject: [Fedora-directory-commits] dsbuild/ds/mod_admserv checksums, 1.3, 1.4 Message-ID: <200603011854.k21IsRq3027445@cvs-int.fedora.redhat.com> Author: rmeggins Update of /cvs/dirsec/dsbuild/ds/mod_admserv In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv27398/ds/mod_admserv Modified Files: checksums Log Message: updated checksums Index: checksums =================================================================== RCS file: /cvs/dirsec/dsbuild/ds/mod_admserv/checksums,v retrieving revision 1.3 retrieving revision 1.4 diff -u -r1.3 -r1.4 --- checksums 24 Feb 2006 17:23:49 -0000 1.3 +++ checksums 1 Mar 2006 18:54:19 -0000 1.4 @@ -1 +1 @@ -55b569f178f1dbbe1ca5a5eec6f05470 download/mod_admserv-1.0.2.tar.gz +0390005e25b172868c574c76af59fafa download/mod_admserv-1.0.2.tar.gz From fedora-directory-commits at redhat.com Wed Mar 1 18:54:16 2006 From: fedora-directory-commits at redhat.com (Richard Allen Megginson (rmeggins)) Date: Wed, 1 Mar 2006 13:54:16 -0500 Subject: [Fedora-directory-commits] dsbuild/ds/adminserver checksums, 1.5, 1.6 Message-ID: <200603011854.k21IskMD027448@cvs-int.fedora.redhat.com> Author: rmeggins Update of /cvs/dirsec/dsbuild/ds/adminserver In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv27398/ds/adminserver Modified Files: checksums Log Message: updated checksums Index: checksums =================================================================== RCS file: /cvs/dirsec/dsbuild/ds/adminserver/checksums,v retrieving revision 1.5 retrieving revision 1.6 diff -u -r1.5 -r1.6 --- checksums 28 Feb 2006 23:26:30 -0000 1.5 +++ checksums 1 Mar 2006 18:54:08 -0000 1.6 @@ -1 +1 @@ -3dddb676c33a2580ff459d158a321e40 download/fedora-adminserver-1.0.2.tar.gz +ab7b4809b135e28f114c8367264e9394 download/fedora-adminserver-1.0.2.tar.gz From fedora-directory-commits at redhat.com Wed Mar 1 18:54:21 2006 From: fedora-directory-commits at redhat.com (Richard Allen Megginson (rmeggins)) Date: Wed, 1 Mar 2006 13:54:21 -0500 Subject: [Fedora-directory-commits] dsbuild/ds/ldapserver checksums,1.5,1.6 Message-ID: <200603011854.k21Isq2O027451@cvs-int.fedora.redhat.com> Author: rmeggins Update of /cvs/dirsec/dsbuild/ds/ldapserver In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv27398/ds/ldapserver Modified Files: checksums Log Message: updated checksums Index: checksums =================================================================== RCS file: /cvs/dirsec/dsbuild/ds/ldapserver/checksums,v retrieving revision 1.5 retrieving revision 1.6 diff -u -r1.5 -r1.6 --- checksums 25 Feb 2006 03:27:39 -0000 1.5 +++ checksums 1 Mar 2006 18:54:14 -0000 1.6 @@ -1 +1 @@ -3ccdf3f3613bd8cb547a9b088fe3d3d9 download/fedora-ds-1.0.2.tar.gz +d8bd5b68087229b4bb2e3867cb92ba85 download/fedora-ds-1.0.2.tar.gz From fedora-directory-commits at redhat.com Wed Mar 1 23:44:09 2006 From: fedora-directory-commits at redhat.com (Noriko Hosoi (nhosoi)) Date: Wed, 1 Mar 2006 18:44:09 -0500 Subject: [Fedora-directory-commits] adminutil component_versions.mk, 1.3, 1.4 components.mk, 1.3, 1.4 internal_comp_deps.mk, 1.3, 1.4 Message-ID: <200603012344.k21Ni9C0006537@cvs-int.fedora.redhat.com> Author: nhosoi Update of /cvs/dirsec/adminutil In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv6515 Modified Files: component_versions.mk components.mk internal_comp_deps.mk Log Message: upgraded LDAP C SDK: v5.16 -> v5.17 Index: component_versions.mk =================================================================== RCS file: /cvs/dirsec/adminutil/component_versions.mk,v retrieving revision 1.3 retrieving revision 1.4 diff -u -r1.3 -r1.4 --- component_versions.mk 22 Feb 2006 21:45:17 -0000 1.3 +++ component_versions.mk 1 Mar 2006 23:44:01 -0000 1.4 @@ -44,7 +44,7 @@ # LDAP SDK ifndef LDAP_RELDATE - LDAP_RELDATE = v5.16 + LDAP_RELDATE = v5.17 endif ifndef LDAPCOMP_DIR LDAPCOMP_DIR=ldapsdk50 Index: components.mk =================================================================== RCS file: /cvs/dirsec/adminutil/components.mk,v retrieving revision 1.3 retrieving revision 1.4 diff -u -r1.3 -r1.4 --- components.mk 22 Feb 2006 21:45:17 -0000 1.3 +++ components.mk 1 Mar 2006 23:44:01 -0000 1.4 @@ -124,7 +124,7 @@ else LDAPSDK_LIBPATH = $(LDAP_ROOT)/lib LDAPSDK_INCDIR = $(LDAP_ROOT)/include - LDAPSDK_BINPATH = $(LDAP_ROOT)/tools + LDAPSDK_BINPATH = $(LDAP_ROOT)/bin endif LDAPSDK_INCLUDE = -I$(LDAPSDK_INCDIR) Index: internal_comp_deps.mk =================================================================== RCS file: /cvs/dirsec/adminutil/internal_comp_deps.mk,v retrieving revision 1.3 retrieving revision 1.4 diff -u -r1.3 -r1.4 --- internal_comp_deps.mk 22 Feb 2006 21:45:17 -0000 1.3 +++ internal_comp_deps.mk 1 Mar 2006 23:44:01 -0000 1.4 @@ -117,7 +117,7 @@ mkdir -p $(LDAP_LIBPATH) $(FTP_PULL) -method $(LDAPSDK_PULL_METHOD) \ -objdir $(LDAP_ROOT) -componentdir $(LDAP_RELEASE) \ - -files include,$(LDAPSDK_PULL_LIBS),tools + -files include,$(LDAPSDK_PULL_LIBS),bin endif - at if [ ! -f $@ ] ; \ then echo "Error: could not get component LDAPSDK file $@" ; \ From fedora-directory-commits at redhat.com Thu Mar 2 01:12:39 2006 From: fedora-directory-commits at redhat.com (Noriko Hosoi (nhosoi)) Date: Wed, 1 Mar 2006 20:12:39 -0500 Subject: [Fedora-directory-commits] ldapserver/ldap/servers/slapd/back-ldbm dn2entry.c, 1.4, 1.4.2.1 import-threads.c, 1.8.2.1, 1.8.2.2 sort.c, 1.5, 1.5.2.1 Message-ID: <200603020112.k221CdbE011428@cvs-int.fedora.redhat.com> Author: nhosoi Update of /cvs/dirsec/ldapserver/ldap/servers/slapd/back-ldbm In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv11336/ldap/servers/slapd/back-ldbm Modified Files: Tag: Directory71RtmBranch dn2entry.c import-threads.c sort.c Log Message: [159328] Tracking bug for Directory Server 7.1 Service Packs; Comment #50 ported internal diffs to the external CVS Index: dn2entry.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/back-ldbm/dn2entry.c,v retrieving revision 1.4 retrieving revision 1.4.2.1 diff -u -r1.4 -r1.4.2.1 --- dn2entry.c 19 Apr 2005 22:07:38 -0000 1.4 +++ dn2entry.c 2 Mar 2006 01:12:31 -0000 1.4.2.1 @@ -109,58 +109,12 @@ } /* - * dn2entry_or_ancestor - look up dn in the cache/indexes and return the - * corresponding entry. If the entry is not found, this function returns NULL - * and sets ancestordn to the DN of highest entry in the tree matched. - * - * ancestordn should be initialized before calling this function. - * - * When the caller is finished with the entry returned, it should return it - * to the cache: - * e = dn2entry_or_ancestor( ... ); - * if ( NULL != e ) { - * cache_return( &inst->inst_cache, &e ); - * } - */ -struct backentry * -dn2entry_or_ancestor( - Slapi_Backend *be, - const Slapi_DN *sdn, - Slapi_DN *ancestordn, - back_txn *txn, - int *err -) -{ - struct backentry *e; - - LDAPDebug( LDAP_DEBUG_TRACE, "=> dn2entry_or_ancestor \"%s\"\n", slapi_sdn_get_dn(sdn), 0, 0 ); - - /* - * Fetch the entry asked for. - */ - - e= dn2entry(be,sdn,txn,err); - - if(e==NULL) - { - /* - * could not find the entry named. crawl back up the dn and - * stop at the first ancestor that does exist, or when we get - * to the suffix. - */ - e= dn2ancestor(be,sdn,ancestordn,txn,err); - } - - LDAPDebug( LDAP_DEBUG_TRACE, "<= dn2entry_or_ancestor %p\n", e, 0, 0 ); - return( e ); -} - -/* * Use the DN to fetch the parent of the entry. * If the parent entry doesn't exist, keep working * up the DN until we hit "" or an backend suffix. * - * ancestordn should be initialized before calling this function. + * ancestordn should be initialized before calling this function, and + * should be empty * * Returns NULL for no entry found. * @@ -184,18 +138,64 @@ LDAPDebug( LDAP_DEBUG_TRACE, "=> dn2ancestor \"%s\"\n", slapi_sdn_get_dn(sdn), 0, 0 ); - /* stop when we get to "", or a backend suffix point */ - slapi_sdn_done(ancestordn); /* free any previous contents */ - slapi_sdn_get_backend_parent(sdn,ancestordn,be); - if ( !slapi_sdn_isempty(ancestordn) ) - { - Slapi_DN *newsdn = slapi_sdn_dup(ancestordn); - e = dn2entry_or_ancestor( be, newsdn, ancestordn, txn, err ); - slapi_sdn_free(&newsdn); - } - - LDAPDebug( LDAP_DEBUG_TRACE, "<= dn2ancestor %p\n", e, 0, 0 ); - return( e ); + /* first, check to see if the given sdn is empty or a root suffix of the + given backend - if so, it has no parent */ + if (!slapi_sdn_isempty(sdn) && !slapi_be_issuffix( be, sdn )) { + Slapi_DN ancestorndn; + const char *ptr; + + /* assign ancestordn to the parent of the given dn - ancestordn will contain + the "raw" unnormalized DN from the caller, so we can give back the DN + in the same format as we received it */ + ptr = slapi_dn_find_parent(slapi_sdn_get_dn(sdn)); + /* assign the ancestordn dn pointer to the parent of dn from sdn - sdn "owns" + the memory, but ancestordn points to it */ + slapi_sdn_set_dn_byref(ancestordn, ptr); /* free any previous contents */ + /* now, do the same for the normalized version */ + /* ancestorndn holds the normalized version for iteration purposes and + because dn2entry needs the normalized dn */ + ptr = slapi_dn_find_parent(slapi_sdn_get_ndn(sdn)); + slapi_sdn_init_ndn_byref(&ancestorndn, ptr); + + /* + At this point you may be wondering why I need both ancestorndn and + ancestordn. Because, with the slapi_sdn interface, you cannot set both + the dn and ndn byref at the same time. Whenever you call set_dn or set_ndn, + it calls slapi_sdn_done which wipes out the previous contents. I suppose I + could have added another API to allow you to pass them both in. Also, using + slapi_sdn_get_ndn(ancestordn) every time would result in making a copy then + normalizing the copy every time - not efficient. + So, why not just use a char* for the ancestorndn? Because dn2entry requires + a Slapi_DN with the normalized dn. + */ + + /* stop when we get to "", or a backend suffix point */ + while (!e && !slapi_sdn_isempty(&ancestorndn) && !slapi_be_issuffix( be, &ancestorndn )) { + /* find the entry - it uses the ndn, so no further conversion is necessary */ + e= dn2entry(be,&ancestorndn,txn,err); + if (!e) { + /* not found, so set ancestordn to its parent and try again */ + ptr = slapi_dn_find_parent(slapi_sdn_get_ndn(&ancestorndn)); + /* keep in mind that ptr points to the raw ndn pointer inside + ancestorndn which is still the ndn string "owned" by sdn, the + original dn we started with - we are careful not to touch + or change it */ + slapi_sdn_set_ndn_byref(&ancestorndn, ptr); /* wipe out the previous contents */ + /* now do the same for the unnormalized one */ + ptr = slapi_dn_find_parent(slapi_sdn_get_dn(ancestordn)); + slapi_sdn_set_dn_byref(ancestordn, ptr); /* wipe out the previous contents */ + } + } + + slapi_sdn_done(&ancestorndn); + } + + /* post conditions: + e is the entry of the ancestor of sdn OR e is the suffix entry + OR e is NULL + ancestordn contains the unnormalized DN of e or is empty */ + LDAPDebug( LDAP_DEBUG_TRACE, "<= dn2ancestor %p\n", e, 0, 0 ); + return( e ); } /* Index: import-threads.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/back-ldbm/import-threads.c,v retrieving revision 1.8.2.1 retrieving revision 1.8.2.2 diff -u -r1.8.2.1 -r1.8.2.2 --- import-threads.c 20 Feb 2006 18:14:50 -0000 1.8.2.1 +++ import-threads.c 2 Mar 2006 01:12:31 -0000 1.8.2.2 @@ -986,7 +986,7 @@ int ret = 0; struct attrinfo *parentid_ai; Slapi_PBlock *pb = slapi_pblock_new(); - int shift = 0; + int shift = 0; PR_ASSERT(info != NULL); PR_ASSERT(inst != NULL); @@ -1030,8 +1030,8 @@ /* Read that entry from the cache */ fi = import_fifo_fetch(job, id, 0, shift); if (! fi) { - import_log_notice(job, "WARNING: entry id %d is missing"); - shift++; + import_log_notice(job, "WARNING: entry id %d is missing", id); + shift++; continue; } @@ -1052,7 +1052,7 @@ */ if (job->flags & FLAG_ABORT) { goto error; - } + } if (parent_status == IMPORT_ADD_OP_ATTRS_NO_PARENT) { /* If this entry is a suffix entry, this is not a problem */ Index: sort.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/back-ldbm/sort.c,v retrieving revision 1.5 retrieving revision 1.5.2.1 diff -u -r1.5 -r1.5.2.1 --- sort.c 19 Apr 2005 22:07:38 -0000 1.5 +++ sort.c 2 Mar 2006 01:12:31 -0000 1.5.2.1 @@ -384,6 +384,7 @@ return_value = ber_scanf(ber,"a",&rtype); if (LBER_ERROR == return_value) { + slapi_ch_free_string(&rtype); rc = LDAP_PROTOCOL_ERROR; goto err; } From fedora-directory-commits at redhat.com Thu Mar 2 01:12:23 2006 From: fedora-directory-commits at redhat.com (Noriko Hosoi (nhosoi)) Date: Wed, 1 Mar 2006 20:12:23 -0500 Subject: [Fedora-directory-commits] ldapserver/ldap/servers/plugins/views views.c, 1.5.2.1, 1.5.2.2 Message-ID: <200603020112.k221Csvg011431@cvs-int.fedora.redhat.com> Author: nhosoi Update of /cvs/dirsec/ldapserver/ldap/servers/plugins/views In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv11336/ldap/servers/plugins/views Modified Files: Tag: Directory71RtmBranch views.c Log Message: [159328] Tracking bug for Directory Server 7.1 Service Packs; Comment #50 ported internal diffs to the external CVS Index: views.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/plugins/views/views.c,v retrieving revision 1.5.2.1 retrieving revision 1.5.2.2 diff -u -r1.5.2.1 -r1.5.2.2 --- views.c 25 Aug 2005 22:38:40 -0000 1.5.2.1 +++ views.c 2 Mar 2006 01:12:04 -0000 1.5.2.2 @@ -735,6 +735,7 @@ Slapi_Filter *pCurrentFilter = 0; Slapi_Filter *pBuiltFilter = 0; Slapi_Filter *pViewEntryExcludeFilter = 0; + char *excludeFilter; if(pView->includeAncestorFiltersFilter) { @@ -769,7 +770,11 @@ } /* filter for removing view entries from search */ - pViewEntryExcludeFilter = slapi_str2filter( "(!(objectclass=" VIEW_OBJECTCLASS "))" ); + /* richm - slapi_str2filter _writes_ to it's argument, so we have to pass in + some writeable memory, or core dump, do not pass go */ + excludeFilter = slapi_ch_strdup("(!(objectclass=" VIEW_OBJECTCLASS "))"); + pViewEntryExcludeFilter = slapi_str2filter( excludeFilter ); + slapi_ch_free_string(&excludeFilter); if(pBuiltFilter) pView->includeAncestorFiltersFilter = slapi_filter_join_ex( LDAP_FILTER_AND, pBuiltFilter, pViewEntryExcludeFilter, 0 ); From fedora-directory-commits at redhat.com Thu Mar 2 01:12:33 2006 From: fedora-directory-commits at redhat.com (Noriko Hosoi (nhosoi)) Date: Wed, 1 Mar 2006 20:12:33 -0500 Subject: [Fedora-directory-commits] ldapserver/ldap/servers/slapd add.c, 1.5, 1.5.2.1 attr.c, 1.5.2.1, 1.5.2.2 ava.c, 1.4, 1.4.2.1 bind.c, 1.6, 1.6.2.1 compare.c, 1.4, 1.4.2.1 delete.c, 1.4, 1.4.2.1 dn.c, 1.6.2.1, 1.6.2.2 filter.c, 1.5, 1.5.2.1 modify.c, 1.7, 1.7.2.1 modrdn.c, 1.4, 1.4.2.1 passwd_extop.c, 1.6, 1.6.2.1 slapi-plugin.h, 1.8, 1.8.2.1 Message-ID: <200603020113.k221D3Sd011436@cvs-int.fedora.redhat.com> Author: nhosoi Update of /cvs/dirsec/ldapserver/ldap/servers/slapd In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv11336/ldap/servers/slapd Modified Files: Tag: Directory71RtmBranch add.c attr.c ava.c bind.c compare.c delete.c dn.c filter.c modify.c modrdn.c passwd_extop.c slapi-plugin.h Log Message: [159328] Tracking bug for Directory Server 7.1 Service Packs; Comment #50 ported internal diffs to the external CVS Index: add.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/add.c,v retrieving revision 1.5 retrieving revision 1.5.2.1 diff -u -r1.5 -r1.5.2.1 --- add.c 19 Apr 2005 22:07:36 -0000 1.5 +++ add.c 2 Mar 2006 01:12:23 -0000 1.5.2.1 @@ -102,8 +102,9 @@ */ /* get the name */ { - char *dn; + char *dn = NULL; if ( ber_scanf( ber, "{a", &dn ) == LBER_ERROR ) { + slapi_ch_free_string(&dn); LDAPDebug( LDAP_DEBUG_ANY, "ber_scanf failed (op=Add; params=DN)\n", 0, 0, 0 ); op_shared_log_error_access (pb, "ADD", "???", "decoding error"); @@ -121,11 +122,13 @@ tag != LBER_DEFAULT && tag != LBER_END_OF_SEQORSET; tag = ber_next_element( ber, &len, last ) ) { char *type = NULL, *normtype = NULL; - struct berval **vals; + struct berval **vals = NULL; if ( ber_scanf( ber, "{a{V}}", &type, &vals ) == LBER_ERROR ) { op_shared_log_error_access (pb, "ADD", slapi_sdn_get_dn (slapi_entry_get_sdn_const(e)), "decoding error"); send_ldap_result( pb, LDAP_PROTOCOL_ERROR, NULL, "decoding error", 0, NULL ); + slapi_ch_free_string(&type); + ber_bvecfree( vals ); goto free_and_return; } @@ -134,7 +137,7 @@ op_shared_log_error_access (pb, "ADD", slapi_sdn_get_dn (slapi_entry_get_sdn_const(e)), "null value"); send_ldap_result( pb, LDAP_PROTOCOL_ERROR, NULL, NULL, 0, NULL ); - free( type ); + slapi_ch_free_string(&type); goto free_and_return; } @@ -144,7 +147,7 @@ PR_snprintf (ebuf, BUFSIZ, "invalid type '%s'", type); op_shared_log_error_access (pb, "ADD", slapi_sdn_get_dn (slapi_entry_get_sdn_const(e)), ebuf); send_ldap_result( pb, rc, NULL, ebuf, 0, NULL ); - free( type ); + slapi_ch_free_string(&type); slapi_ch_free( (void**)&normtype ); ber_bvecfree( vals ); goto free_and_return; Index: attr.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/attr.c,v retrieving revision 1.5.2.1 retrieving revision 1.5.2.2 diff -u -r1.5.2.1 -r1.5.2.2 --- attr.c 25 Aug 2005 18:25:08 -0000 1.5.2.1 +++ attr.c 2 Mar 2006 01:12:25 -0000 1.5.2.2 @@ -112,7 +112,7 @@ switch ( opt ) { case SLAPI_TYPE_CMP_EXACT: /* compare base name + options as given */ - rc = strcmp( a1, a2 ); + rc = strcasecmp( a1, a2 ); break; case SLAPI_TYPE_CMP_BASE: /* ignore options on both names - compare base names only */ Index: ava.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/ava.c,v retrieving revision 1.4 retrieving revision 1.4.2.1 diff -u -r1.4 -r1.4.2.1 --- ava.c 19 Apr 2005 22:07:36 -0000 1.4 +++ ava.c 2 Mar 2006 01:12:25 -0000 1.4.2.1 @@ -53,10 +53,12 @@ struct ava *ava ) { - char *type; + char *type = NULL; if ( ber_scanf( ber, "{ao}", &type, &ava->ava_value ) == LBER_ERROR ) { + slapi_ch_free_string(&type); + ava_done(ava); LDAPDebug( LDAP_DEBUG_ANY, " get_ava ber_scanf\n", 0, 0, 0 ); return( LDAP_PROTOCOL_ERROR ); } Index: bind.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/bind.c,v retrieving revision 1.6 retrieving revision 1.6.2.1 diff -u -r1.6 -r1.6.2.1 --- bind.c 19 Apr 2005 22:07:36 -0000 1.6 +++ bind.c 2 Mar 2006 01:12:25 -0000 1.6.2.1 @@ -111,7 +111,7 @@ long ber_version = -1; int auth_response_requested = 0; int pw_response_requested = 0; - char *dn, *saslmech = NULL; + char *dn = NULL, *saslmech = NULL; struct berval cred = {0}; Slapi_Backend *be = NULL; unsigned long rc; @@ -154,6 +154,7 @@ log_bind_access (pb, "???", method, version, saslmech, "decoding error"); send_ldap_result( pb, LDAP_PROTOCOL_ERROR, NULL, "decoding error", 0, NULL ); + slapi_ch_free_string(&dn); return; } Index: compare.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/compare.c,v retrieving revision 1.4 retrieving revision 1.4.2.1 diff -u -r1.4 -r1.4.2.1 --- compare.c 19 Apr 2005 22:07:36 -0000 1.4 +++ compare.c 2 Mar 2006 01:12:25 -0000 1.4.2.1 @@ -60,13 +60,13 @@ do_compare( Slapi_PBlock *pb ) { BerElement *ber = pb->pb_op->o_ber; - char *dn; - struct ava ava; + char *dn = NULL; + struct ava ava = {0}; Slapi_Backend *be = NULL; int err; char ebuf[ BUFSIZ ]; Slapi_DN sdn; - Slapi_Entry *referral; + Slapi_Entry *referral = NULL; char errorbuf[BUFSIZ]; LDAPDebug( LDAP_DEBUG_TRACE, "do_compare\n", 0, 0, 0 ); @@ -74,6 +74,9 @@ /* count the compare request */ PR_AtomicIncrement(g_get_global_snmp_vars()->ops_tbl.dsCompareOps); + /* have to init this here so we can "done" it below if we short circuit */ + slapi_sdn_init(&sdn); + /* * Parse the compare request. It looks like this: * @@ -86,7 +89,6 @@ * } */ - if ( ber_scanf( ber, "{a{ao}}", &dn, &ava.ava_type, &ava.ava_value ) == LBER_ERROR ) { LDAPDebug( LDAP_DEBUG_ANY, @@ -94,7 +96,7 @@ 0, 0, 0 ); send_ldap_result( pb, LDAP_PROTOCOL_ERROR, NULL, NULL, 0, NULL ); - return; + goto free_and_return; } /* * in LDAPv3 there can be optional control extensions on @@ -106,6 +108,7 @@ goto free_and_return; } slapi_sdn_init_dn_passin(&sdn,dn); + dn = NULL; /* do not free - sdn owns it now */ /* target spec is used to decide which plugins are applicable for the operation */ operation_set_target_spec (pb->pb_op, &sdn); @@ -181,5 +184,6 @@ if (be) slapi_be_Unlock(be); slapi_sdn_done(&sdn); + slapi_ch_free_string(&dn); ava_done( &ava ); } Index: delete.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/delete.c,v retrieving revision 1.4 retrieving revision 1.4.2.1 diff -u -r1.4 -r1.4.2.1 --- delete.c 19 Apr 2005 22:07:36 -0000 1.4 +++ delete.c 2 Mar 2006 01:12:25 -0000 1.4.2.1 @@ -66,7 +66,7 @@ { Slapi_Operation *operation; BerElement *ber; - char *dn; + char *dn = NULL; int err; LDAPDebug( LDAP_DEBUG_TRACE, "do_delete\n", 0, 0, 0 ); @@ -89,7 +89,7 @@ op_shared_log_error_access (pb, "DEL", "???", "decoding error"); send_ldap_result( pb, LDAP_PROTOCOL_ERROR, NULL, NULL, 0, NULL ); - return; + goto free_and_return; } /* Index: dn.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/dn.c,v retrieving revision 1.6.2.1 retrieving revision 1.6.2.2 diff -u -r1.6.2.1 -r1.6.2.2 --- dn.c 20 Feb 2006 18:14:43 -0000 1.6.2.1 +++ dn.c 2 Mar 2006 01:12:25 -0000 1.6.2.2 @@ -593,8 +593,26 @@ return r; } -char* -slapi_dn_parent( const char *dn ) +/* + * This function is used for speed. Instead of returning a newly allocated + * dn string that contains the parent, this function just returns a pointer + * to the address _within_ the given string where the parent dn of the + * given dn starts e.g. if you call this with "dc=example,dc=com", the + * function will return "dc=com" - that is, the char* returned will be the + * address of the 'd' after the ',' in "dc=example,dc=com". This function + * also checks for bogus things like consecutive ocurrances of unquoted + * separators e.g. DNs like cn=foo,,,,,,,,,,,cn=bar,,,,,,, + * This function is useful for "interating" over a DN returning the ancestors + * of the given dn e.g. + * + * const char *dn = somedn; + * while (dn = slapi_dn_find_parent(dn)) { + * see if parent exists + * etc. + * } + */ +const char* +slapi_dn_find_parent( const char *dn ) { const char *s; int inquote; @@ -621,14 +639,34 @@ } else { if ( *s == '"' ) inquote = 1; - else if ( DNSEPARATOR( *s ) ) - return( slapi_ch_strdup( s + 1 ) ); + else { + if ( DNSEPARATOR( *s ) ) { + while ( *s && DNSEPARATOR( *s ) ) { + ++s; + } + if (*s) { + return( s ); + } + } + } } } return( NULL ); } +char* +slapi_dn_parent( const char *dn ) +{ + const char *s = slapi_dn_find_parent(dn); + + if ( s == NULL || *s == '\0' ) { + return( NULL ); + } + + return( slapi_ch_strdup( s ) ); +} + /* * slapi_dn_issuffix - tells whether suffix is a suffix of dn. both dn * and suffix must be normalized. Index: filter.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/filter.c,v retrieving revision 1.5 retrieving revision 1.5.2.1 diff -u -r1.5 -r1.5.2.1 --- filter.c 19 Apr 2005 22:07:36 -0000 1.5 +++ filter.c 2 Mar 2006 01:12:25 -0000 1.5.2.1 @@ -175,7 +175,7 @@ unsigned long len; int err; struct slapi_filter *f; - char *ftmp, *type; + char *ftmp, *type = NULL; LDAPDebug( LDAP_DEBUG_FILTER, "=> get_filter_internal\n", 0, 0, 0 ); @@ -293,6 +293,7 @@ case LDAP_FILTER_PRESENT: LDAPDebug( LDAP_DEBUG_FILTER, "PRESENT\n", 0, 0, 0 ); if ( ber_scanf( ber, "a", &type ) == LBER_ERROR ) { + slapi_ch_free_string(&type); err = LDAP_PROTOCOL_ERROR; } else { err = LDAP_SUCCESS; @@ -440,12 +441,13 @@ ) { unsigned long tag, len, rc; - char *val, *last, *type; + char *val, *last, *type = NULL; char ebuf[BUFSIZ]; LDAPDebug( LDAP_DEBUG_FILTER, "=> get_substring_filter\n", 0, 0, 0 ); if ( ber_scanf( ber, "{a", &type ) == LBER_ERROR ) { + slapi_ch_free_string(&type); return( LDAP_PROTOCOL_ERROR ); } f->f_sub_type = slapi_attr_syntax_normalize( type ); @@ -460,8 +462,10 @@ tag != LBER_ERROR && tag != LBER_END_OF_SEQORSET; tag = ber_next_element( ber, &len, last ) ) { + val = NULL; rc = ber_scanf( ber, "a", &val ); if ( rc == LBER_ERROR ) { + slapi_ch_free_string(&val); return( LDAP_PROTOCOL_ERROR ); } if ( val == NULL || *val == '\0' ) { @@ -573,8 +577,9 @@ } } { - char* type; + char* type = NULL; if (ber_scanf( ber, "a", &type ) == LBER_ERROR) { + slapi_ch_free_string (&type); rc = LDAP_PROTOCOL_ERROR; } else { mrf->mrf_type = slapi_attr_syntax_normalize(type); Index: modify.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/modify.c,v retrieving revision 1.7 retrieving revision 1.7.2.1 diff -u -r1.7 -r1.7.2.1 --- modify.c 19 Apr 2005 22:07:36 -0000 1.7 +++ modify.c 2 Mar 2006 01:12:25 -0000 1.7.2.1 @@ -114,7 +114,7 @@ { Slapi_Operation *operation; BerElement *ber; - char *last, *type; + char *last, *type = NULL; unsigned long tag, len; LDAPMod *mod; LDAPMod **mods; @@ -124,7 +124,7 @@ int ignored_some_mods = 0; int has_password_mod = 0; /* number of password mods */ char *old_pw = NULL; /* remember the old password */ - char *dn; + char *dn = NULL; LDAPDebug( LDAP_DEBUG_TRACE, "do_modify\n", 0, 0, 0 ); @@ -161,6 +161,7 @@ op_shared_log_error_access (pb, "MOD", "???", "decoding error"); send_ldap_result( pb, LDAP_PROTOCOL_ERROR, NULL, NULL, 0, NULL ); + slapi_ch_free_string(&dn); return; } } @@ -186,7 +187,9 @@ op_shared_log_error_access (pb, "MOD", dn, "decoding error"); send_ldap_result( pb, LDAP_PROTOCOL_ERROR, NULL, "decoding error", 0, NULL ); + ber_bvecfree(mod->mod_bvalues); slapi_ch_free((void **)&mod); + slapi_ch_free_string(&type); goto free_and_return; } mod->mod_op = long_mod_op; Index: modrdn.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/modrdn.c,v retrieving revision 1.4 retrieving revision 1.4.2.1 diff -u -r1.4 -r1.4.2.1 --- modrdn.c 19 Apr 2005 22:07:36 -0000 1.4 +++ modrdn.c 2 Mar 2006 01:12:25 -0000 1.4.2.1 @@ -66,10 +66,10 @@ { Slapi_Operation *operation; BerElement *ber; - char *dn, *newsuperior = NULL; + char *dn = NULL, *newsuperior = NULL; char *newrdn = NULL; - int err, deloldrdn; - unsigned long len; + int err = 0, deloldrdn = 0; + unsigned long len = 0; LDAPDebug( LDAP_DEBUG_TRACE, "do_modrdn\n", 0, 0, 0 ); @@ -99,7 +99,7 @@ send_ldap_result( pb, LDAP_PROTOCOL_ERROR, NULL, "unable to decode DN, newRDN, or deleteOldRDN parameters", 0, NULL ); - return; + goto free_and_return; } if ( ber_peek_tag( ber, &len ) == LDAP_TAG_NEWSUPERIOR ) { Index: passwd_extop.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/passwd_extop.c,v retrieving revision 1.6 retrieving revision 1.6.2.1 diff -u -r1.6 -r1.6.2.1 --- passwd_extop.c 19 Apr 2005 22:07:36 -0000 1.6 +++ passwd_extop.c 2 Mar 2006 01:12:25 -0000 1.6.2.1 @@ -201,6 +201,7 @@ { char *oid = NULL; char *bindDN = NULL; + char *authmethod = NULL; char *dn = NULL; char *oldPasswd = NULL; char *newPasswd = NULL; @@ -297,6 +298,7 @@ { if ( ber_scanf( ber, "a", &dn) == LBER_ERROR ) { + slapi_ch_free_string(&dn); LDAPDebug( LDAP_DEBUG_ANY, "ber_scanf failed :{\n", 0, 0, 0 ); errMesg = "ber_scanf failed at userID parse.\n"; @@ -313,6 +315,7 @@ { if ( ber_scanf( ber, "a", &oldPasswd ) == LBER_ERROR ) { + slapi_ch_free_string(&oldPasswd); LDAPDebug( LDAP_DEBUG_ANY, "ber_scanf failed :{\n", 0, 0, 0 ); errMesg = "ber_scanf failed at oldPasswd parse.\n"; @@ -331,6 +334,7 @@ { if ( ber_scanf( ber, "a", &newPasswd ) == LBER_ERROR ) { + slapi_ch_free_string(&newPasswd); LDAPDebug( LDAP_DEBUG_ANY, "ber_scanf failed :{\n", 0, 0, 0 ); errMesg = "ber_scanf failed at newPasswd parse.\n"; @@ -379,7 +383,7 @@ /* Did they give us a DN ? */ if (dn == NULL || *dn == '\0') { /* Get the DN from the bind identity on this connection */ - dn = bindDN; + dn = slapi_ch_strdup(bindDN); LDAPDebug( LDAP_DEBUG_ANY, "Missing userIdentity in request, using the bind DN instead.\n", 0, 0, 0 ); @@ -455,7 +459,17 @@ /* Free anything that we allocated above */ free_and_return: - + + slapi_ch_free_string(&oldPasswd); + slapi_ch_free_string(&newPasswd); + /* Either this is the same pointer that we allocated and set above, + or whoever used it should have freed it and allocated a new + value that we need to free here */ + slapi_pblock_get( pb, SLAPI_ORIGINAL_TARGET, &dn ); + slapi_ch_free_string(&dn); + slapi_pblock_set( pb, SLAPI_ORIGINAL_TARGET, NULL ); + slapi_ch_free_string(&authmethod); + if ( targetEntry != NULL ){ slapi_entry_free (targetEntry); } @@ -467,7 +481,7 @@ slapi_log_error( SLAPI_LOG_PLUGIN, "passwd_modify_extop", - errMesg ); + errMesg ? errMesg : "success" ); send_ldap_result( pb, rc, NULL, errMesg, 0, NULL ); Index: slapi-plugin.h =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/slapi-plugin.h,v retrieving revision 1.8 retrieving revision 1.8.2.1 diff -u -r1.8 -r1.8.2.1 --- slapi-plugin.h 19 Apr 2005 22:07:37 -0000 1.8 +++ slapi-plugin.h 2 Mar 2006 01:12:25 -0000 1.8.2.1 @@ -362,6 +362,7 @@ char *slapi_dn_ignore_case( char *dn ); char *slapi_dn_normalize_case( char *dn ); char *slapi_dn_beparent( Slapi_PBlock *pb, const char *dn ); +const char *slapi_dn_find_parent( const char *dn ); char *slapi_dn_parent( const char *dn ); int slapi_dn_issuffix( const char *dn, const char *suffix ); int slapi_dn_isparent( const char *parentdn, const char *childdn ); From fedora-directory-commits at redhat.com Thu Mar 2 01:12:06 2006 From: fedora-directory-commits at redhat.com (Noriko Hosoi (nhosoi)) Date: Wed, 1 Mar 2006 20:12:06 -0500 Subject: [Fedora-directory-commits] ldapserver/ldap/servers/plugins/replication repl5_total.c, 1.5, 1.5.2.1 repl_controls.c, 1.5, 1.5.2.1 repl_extop.c, 1.7, 1.7.2.1 windows_protocol_util.c, 1.20.2.3, 1.20.2.4 Message-ID: <200603020113.k221D7b5011451@cvs-int.fedora.redhat.com> Author: nhosoi Update of /cvs/dirsec/ldapserver/ldap/servers/plugins/replication In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv11336/ldap/servers/plugins/replication Modified Files: Tag: Directory71RtmBranch repl5_total.c repl_controls.c repl_extop.c windows_protocol_util.c Log Message: [159328] Tracking bug for Directory Server 7.1 Service Packs; Comment #50 ported internal diffs to the external CVS Index: repl5_total.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/plugins/replication/repl5_total.c,v retrieving revision 1.5 retrieving revision 1.5.2.1 diff -u -r1.5 -r1.5.2.1 --- repl5_total.c 19 Apr 2005 22:07:32 -0000 1.5 +++ repl5_total.c 2 Mar 2006 01:11:55 -0000 1.5.2.1 @@ -585,7 +585,7 @@ char *lasti; unsigned long len; unsigned long tag; - char *str; + char *str = NULL; int rc; Slapi_Value *value; @@ -685,6 +685,9 @@ if (value) slapi_value_free (&value); + slapi_ch_free_string(&attrtype); + slapi_ch_free_string(&str); + return -1; } Index: repl_controls.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/plugins/replication/repl_controls.c,v retrieving revision 1.5 retrieving revision 1.5.2.1 diff -u -r1.5 -r1.5.2.1 --- repl_controls.c 19 Apr 2005 22:07:32 -0000 1.5 +++ repl_controls.c 2 Mar 2006 01:11:55 -0000 1.5.2.1 @@ -349,15 +349,15 @@ emtag != LBER_ERROR && emtag != LBER_END_OF_SEQORSET; emtag = ber_next_element( ember, &emlen, emlast )) { - struct berval **embvals; - if ( ber_scanf( ember, "{i{a[V]}}", &op, &type, &embvals ) == LBER_ERROR ) + struct berval **embvals = NULL; + type = NULL; + if ( ber_scanf( ember, "{i{a[V]}}", &op, &type, &embvals ) != LBER_ERROR ) { - continue; + slapi_mods_add_modbvps( smods, op, type, embvals); /* GGOODREPL I suspect this will cause two sets of lastmods attr values to end up in the entry. We need to remove the old ones. */ } - slapi_mods_add_modbvps( smods, op, type, embvals); free( type ); ber_bvecfree( embvals ); } Index: repl_extop.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/plugins/replication/repl_extop.c,v retrieving revision 1.7 retrieving revision 1.7.2.1 diff -u -r1.7 -r1.7.2.1 --- repl_extop.c 19 Apr 2005 22:07:32 -0000 1.7 +++ repl_extop.c 2 Mar 2006 01:11:55 -0000 1.7.2.1 @@ -384,7 +384,8 @@ /* slapi_ch_free accepts NULL pointer */ slapi_ch_free ((void**)protocol_oid); slapi_ch_free ((void**)repl_root); - slapi_ch_free ((void **)extra_referrals); + slapi_ch_array_free (*extra_referrals); + *extra_referrals = NULL; slapi_ch_free ((void**)csnstr); if (*supplier_ruv) Index: windows_protocol_util.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/plugins/replication/windows_protocol_util.c,v retrieving revision 1.20.2.3 retrieving revision 1.20.2.4 diff -u -r1.20.2.3 -r1.20.2.4 --- windows_protocol_util.c 20 Feb 2006 19:50:29 -0000 1.20.2.3 +++ windows_protocol_util.c 2 Mar 2006 01:11:55 -0000 1.20.2.4 @@ -1570,11 +1570,12 @@ { int retval = 0; - char *string_deleted = "(isdeleted=*)"; + char *string_deleted = slapi_ch_strdup("(isdeleted=*)"); /* DBDB: we should allocate these filters once and keep them around for better performance */ Slapi_Filter *filter_deleted = slapi_str2filter( string_deleted ); + slapi_ch_free_string(&string_deleted); /* DBDB: this should be one filter, the code originally tested separately and hasn't been fixed yet */ if ( (slapi_filter_test_simple( e, filter_deleted ) == 0) ) { @@ -2251,9 +2252,10 @@ /* Next test for the correct kind of entry */ if (local_entry) { /* DBDB: we should allocate these filters once and keep them around for better performance */ - char *string_filter = "(&(|(objectclass=ntuser)(objectclass=ntgroup))(ntUserDomainId=*))"; + char *string_filter = slapi_ch_strdup("(&(|(objectclass=ntuser)(objectclass=ntgroup))(ntUserDomainId=*))"); Slapi_Filter *filter = slapi_str2filter( string_filter ); + slapi_ch_free_string(&string_filter); if (slapi_filter_test_simple( (Slapi_Entry*)local_entry, filter ) == 0) { retval = 1; From fedora-directory-commits at redhat.com Thu Mar 2 19:22:02 2006 From: fedora-directory-commits at redhat.com (Robert Crittenden (rcritten)) Date: Thu, 2 Mar 2006 14:22:02 -0500 Subject: [Fedora-directory-commits] mod_nss Makefile.am, 1.10, 1.11 Makefile.in, 1.17, 1.18 configure, 1.14, 1.15 configure.in, 1.10, 1.11 mod_nss.c, 1.10, 1.11 mod_nss.h, 1.9, 1.10 nss.conf.in, 1.7, 1.8 nss_engine_config.c, 1.9, 1.10 nss_engine_init.c, 1.16, 1.17 nss_engine_io.c, 1.4, 1.5 nss_engine_kernel.c, 1.3, 1.4 nss_engine_vars.c, 1.4, 1.5 Message-ID: <200603021922.k22JM28f029325@cvs-int.fedora.redhat.com> Author: rcritten Update of /cvs/dirsec/mod_nss In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv29295 Modified Files: Makefile.am Makefile.in configure configure.in mod_nss.c mod_nss.h nss.conf.in nss_engine_config.c nss_engine_init.c nss_engine_io.c nss_engine_kernel.c nss_engine_vars.c Log Message: Add support for Elliptical Curve Cryptography (ECC). This is disabled by default. To enable it, pass --enable-ecc to configure. Index: Makefile.am =================================================================== RCS file: /cvs/dirsec/mod_nss/Makefile.am,v retrieving revision 1.10 retrieving revision 1.11 diff -u -r1.10 -r1.11 --- Makefile.am 26 Feb 2006 00:30:56 -0000 1.10 +++ Makefile.am 2 Mar 2006 19:21:54 -0000 1.11 @@ -12,7 +12,6 @@ ## Set the includes and libraries needed INCLUDES = -I at apache_inc@ @nspr_inc@ @nss_inc@ @apr_inc@ LIBS = @nspr_lib@ @nss_lib@ -lssl3 -lsmime3 -lnss3 -lsoftokn3 -lplc4 -lplds4 -lnspr4 - at SSL2_TRUE@AM_CFLAGS=-DWANT_SSL2 EXTRA_CPPFLAGS=@extra_cppflags@ install-libLTLIBRARIES: libmodnss.la Index: Makefile.in =================================================================== RCS file: /cvs/dirsec/mod_nss/Makefile.in,v retrieving revision 1.17 retrieving revision 1.18 diff -u -r1.17 -r1.18 --- Makefile.in 26 Feb 2006 00:30:56 -0000 1.17 +++ Makefile.in 2 Mar 2006 19:21:54 -0000 1.18 @@ -121,7 +121,6 @@ INCLUDES = -I at apache_inc@ @nspr_inc@ @nss_inc@ @apr_inc@ LIBS = @nspr_lib@ @nss_lib@ -lssl3 -lsmime3 -lnss3 -lsoftokn3 -lplc4 -lplds4 -lnspr4 - at SSL2_TRUE@AM_CFLAGS = -DWANT_SSL2 EXTRA_CPPFLAGS = @extra_cppflags@ LTCOMPILE = $(LIBTOOL) --mode=compile $(CC) $(DEFS) \ Index: configure =================================================================== RCS file: /cvs/dirsec/mod_nss/configure,v retrieving revision 1.14 retrieving revision 1.15 diff -u -r1.14 -r1.15 --- configure 26 Feb 2006 00:34:57 -0000 1.14 +++ configure 2 Mar 2006 19:21:54 -0000 1.15 @@ -462,7 +462,7 @@ # include #endif" -ac_subst_vars='SHELL PATH_SEPARATOR PACKAGE_NAME PACKAGE_TARNAME PACKAGE_VERSION PACKAGE_STRING PACKAGE_BUGREPORT exec_prefix prefix program_transform_name bindir sbindir libexecdir datadir sysconfdir sharedstatedir localstatedir libdir includedir oldincludedir infodir mandir build_alias host_alias target_alias DEFS ECHO_C ECHO_N ECHO_T LIBS INSTALL_PROGRAM INSTALL_SCRIPT INSTALL_DATA PACKAGE VERSION ACLOCAL AUTOCONF AUTOMAKE AUTOHEADER MAKEINFO AMTAR install_sh STRIP ac_ct_STRIP INSTALL_STRIP_PROGRAM AWK SET_MAKE CC CFLAGS LDFLAGS CPPFLAGS ac_ct_CC EXEEXT OBJEXT DEPDIR am__include am__quote AMDEP_TRUE AMDEP_FALSE AMDEPBACKSLASH CCDEPMODE build build_cpu build_vendor build_os host host_cpu host_vendor host_os EGREP LN_S ECHO AR ac_ct_AR RANLIB ac_ct_RANLIB CPP CXX CXXFLAGS ac_ct_CXX CXXDEPMODE CXXCPP F77 FFLAGS ac_ct_F77 LIBTOOL YACC LEX LEXLIB LEX_OUTPUT_ROOT SSL2_TRUE SSL2_FALSE APR_CONFIG APXS PKG_CONFIG apr_inc apache_inc apache_conf apache_prefix apache_bin nspr_inc ns! pr_lib nss_inc nss_lib nspr_dir nss_dir extra_cppflags LIBOBJS LTLIBOBJS' +ac_subst_vars='SHELL PATH_SEPARATOR PACKAGE_NAME PACKAGE_TARNAME PACKAGE_VERSION PACKAGE_STRING PACKAGE_BUGREPORT exec_prefix prefix program_transform_name bindir sbindir libexecdir datadir sysconfdir sharedstatedir localstatedir libdir includedir oldincludedir infodir mandir build_alias host_alias target_alias DEFS ECHO_C ECHO_N ECHO_T LIBS INSTALL_PROGRAM INSTALL_SCRIPT INSTALL_DATA PACKAGE VERSION ACLOCAL AUTOCONF AUTOMAKE AUTOHEADER MAKEINFO AMTAR install_sh STRIP ac_ct_STRIP INSTALL_STRIP_PROGRAM AWK SET_MAKE CC CFLAGS LDFLAGS CPPFLAGS ac_ct_CC EXEEXT OBJEXT DEPDIR am__include am__quote AMDEP_TRUE AMDEP_FALSE AMDEPBACKSLASH CCDEPMODE build build_cpu build_vendor build_os host host_cpu host_vendor host_os EGREP LN_S ECHO AR ac_ct_AR RANLIB ac_ct_RANLIB CPP CXX CXXFLAGS ac_ct_CXX CXXDEPMODE CXXCPP F77 FFLAGS ac_ct_F77 LIBTOOL YACC LEX LEXLIB LEX_OUTPUT_ROOT APR_CONFIG APXS PKG_CONFIG apr_inc apache_inc apache_conf apache_prefix apache_bin nspr_inc nspr_lib nss_inc nss_li! b nspr_dir nss_dir extra_cppflags LIBOBJS LTLIBOBJS' ac_subst_files='' # Initialize some variables set by options. @@ -1032,6 +1032,7 @@ optimize for fast installation [default=yes] --disable-libtool-lock avoid locking (might break parallel builds) --enable-ssl2 enable SSLv2 (default=no) + --enable-ecc enable Elliptical Curve Cyptography (default=no) Optional Packages: --with-PACKAGE[=ARG] use PACKAGE [ARG=yes] @@ -3568,7 +3569,7 @@ ;; *-*-irix6*) # Find out which ABI we are using. - echo '#line 3571 "configure"' > conftest.$ac_ext + echo '#line 3572 "configure"' > conftest.$ac_ext if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? @@ -5100,7 +5101,7 @@ # Provide some information about the compiler. -echo "$as_me:5103:" \ +echo "$as_me:5104:" \ "checking for Fortran 77 compiler version" >&5 ac_compiler=`set X $ac_compile; echo $2` { (eval echo "$as_me:$LINENO: \"$ac_compiler --version &5\"") >&5 @@ -6134,11 +6135,11 @@ -e 's:.*FLAGS}? :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:6137: $lt_compile\"" >&5) + (eval echo "\"\$as_me:6138: $lt_compile\"" >&5) (eval "$lt_compile" 2>conftest.err) ac_status=$? cat conftest.err >&5 - echo "$as_me:6141: \$? = $ac_status" >&5 + echo "$as_me:6142: \$? = $ac_status" >&5 if (exit $ac_status) && test -s "$ac_outfile"; then # The compiler can only warn and ignore the option if not recognized # So say no if there are warnings @@ -6367,11 +6368,11 @@ -e 's:.*FLAGS}? :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:6370: $lt_compile\"" >&5) + (eval echo "\"\$as_me:6371: $lt_compile\"" >&5) (eval "$lt_compile" 2>conftest.err) ac_status=$? cat conftest.err >&5 - echo "$as_me:6374: \$? = $ac_status" >&5 + echo "$as_me:6375: \$? = $ac_status" >&5 if (exit $ac_status) && test -s "$ac_outfile"; then # The compiler can only warn and ignore the option if not recognized # So say no if there are warnings @@ -6427,11 +6428,11 @@ -e 's:.*FLAGS}? :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:6430: $lt_compile\"" >&5) + (eval echo "\"\$as_me:6431: $lt_compile\"" >&5) (eval "$lt_compile" 2>out/conftest.err) ac_status=$? cat out/conftest.err >&5 - echo "$as_me:6434: \$? = $ac_status" >&5 + echo "$as_me:6435: \$? = $ac_status" >&5 if (exit $ac_status) && test -s out/conftest2.$ac_objext then # The compiler can only warn and ignore the option if not recognized @@ -7761,7 +7762,7 @@ libsuff= case "$host_cpu" in x86_64*|s390x*|powerpc64*) - echo '#line 7764 "configure"' > conftest.$ac_ext + echo '#line 7765 "configure"' > conftest.$ac_ext if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? @@ -8632,7 +8633,7 @@ lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2 lt_status=$lt_dlunknown cat > conftest.$ac_ext < conftest.$ac_ext <&5) + (eval echo "\"\$as_me:10913: $lt_compile\"" >&5) (eval "$lt_compile" 2>conftest.err) ac_status=$? cat conftest.err >&5 - echo "$as_me:10916: \$? = $ac_status" >&5 + echo "$as_me:10917: \$? = $ac_status" >&5 if (exit $ac_status) && test -s "$ac_outfile"; then # The compiler can only warn and ignore the option if not recognized # So say no if there are warnings @@ -10969,11 +10970,11 @@ -e 's:.*FLAGS}? :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:10972: $lt_compile\"" >&5) + (eval echo "\"\$as_me:10973: $lt_compile\"" >&5) (eval "$lt_compile" 2>out/conftest.err) ac_status=$? cat out/conftest.err >&5 - echo "$as_me:10976: \$? = $ac_status" >&5 + echo "$as_me:10977: \$? = $ac_status" >&5 if (exit $ac_status) && test -s out/conftest2.$ac_objext then # The compiler can only warn and ignore the option if not recognized @@ -11480,7 +11481,7 @@ libsuff= case "$host_cpu" in x86_64*|s390x*|powerpc64*) - echo '#line 11483 "configure"' > conftest.$ac_ext + echo '#line 11484 "configure"' > conftest.$ac_ext if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? @@ -12351,7 +12352,7 @@ lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2 lt_status=$lt_dlunknown cat > conftest.$ac_ext < conftest.$ac_ext <&5) + (eval echo "\"\$as_me:13280: $lt_compile\"" >&5) (eval "$lt_compile" 2>conftest.err) ac_status=$? cat conftest.err >&5 - echo "$as_me:13283: \$? = $ac_status" >&5 + echo "$as_me:13284: \$? = $ac_status" >&5 if (exit $ac_status) && test -s "$ac_outfile"; then # The compiler can only warn and ignore the option if not recognized # So say no if there are warnings @@ -13336,11 +13337,11 @@ -e 's:.*FLAGS}? :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:13339: $lt_compile\"" >&5) + (eval echo "\"\$as_me:13340: $lt_compile\"" >&5) (eval "$lt_compile" 2>out/conftest.err) ac_status=$? cat out/conftest.err >&5 - echo "$as_me:13343: \$? = $ac_status" >&5 + echo "$as_me:13344: \$? = $ac_status" >&5 if (exit $ac_status) && test -s out/conftest2.$ac_objext then # The compiler can only warn and ignore the option if not recognized @@ -14650,7 +14651,7 @@ libsuff= case "$host_cpu" in x86_64*|s390x*|powerpc64*) - echo '#line 14653 "configure"' > conftest.$ac_ext + echo '#line 14654 "configure"' > conftest.$ac_ext if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? @@ -15391,11 +15392,11 @@ -e 's:.*FLAGS}? :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:15394: $lt_compile\"" >&5) + (eval echo "\"\$as_me:15395: $lt_compile\"" >&5) (eval "$lt_compile" 2>conftest.err) ac_status=$? cat conftest.err >&5 - echo "$as_me:15398: \$? = $ac_status" >&5 + echo "$as_me:15399: \$? = $ac_status" >&5 if (exit $ac_status) && test -s "$ac_outfile"; then # The compiler can only warn and ignore the option if not recognized # So say no if there are warnings @@ -15624,11 +15625,11 @@ -e 's:.*FLAGS}? :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:15627: $lt_compile\"" >&5) + (eval echo "\"\$as_me:15628: $lt_compile\"" >&5) (eval "$lt_compile" 2>conftest.err) ac_status=$? cat conftest.err >&5 - echo "$as_me:15631: \$? = $ac_status" >&5 + echo "$as_me:15632: \$? = $ac_status" >&5 if (exit $ac_status) && test -s "$ac_outfile"; then # The compiler can only warn and ignore the option if not recognized # So say no if there are warnings @@ -15684,11 +15685,11 @@ -e 's:.*FLAGS}? :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:15687: $lt_compile\"" >&5) + (eval echo "\"\$as_me:15688: $lt_compile\"" >&5) (eval "$lt_compile" 2>out/conftest.err) ac_status=$? cat out/conftest.err >&5 - echo "$as_me:15691: \$? = $ac_status" >&5 + echo "$as_me:15692: \$? = $ac_status" >&5 if (exit $ac_status) && test -s out/conftest2.$ac_objext then # The compiler can only warn and ignore the option if not recognized @@ -17018,7 +17019,7 @@ libsuff= case "$host_cpu" in x86_64*|s390x*|powerpc64*) - echo '#line 17021 "configure"' > conftest.$ac_ext + echo '#line 17022 "configure"' > conftest.$ac_ext if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? @@ -17889,7 +17890,7 @@ lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2 lt_status=$lt_dlunknown cat > conftest.$ac_ext < conftest.$ac_ext <&5 echo "${ECHO_T}yes" >&6 + extra_cppflags="$extra_cppflags -DWANT_SSL2" else echo "$as_me:$LINENO: result: no" >&5 echo "${ECHO_T}no" >&6 fi +#AM_CONDITIONAL(SSL2, test x$ssl2 = xyes) - -if test x$ssl2 = xyes; then - SSL2_TRUE= - SSL2_FALSE='#' +echo "$as_me:$LINENO: checking for ECC" >&5 +echo $ECHO_N "checking for ECC... $ECHO_C" >&6 +# Check whether --enable-ecc or --disable-ecc was given. +if test "${enable_ecc+set}" = set; then + enableval="$enable_ecc" + ecc=$enableval +else + ecc=no +fi; +if test $ecc = yes; then + echo "$as_me:$LINENO: result: yes" >&5 +echo "${ECHO_T}yes" >&6 + extra_cppflags="$extra_cppflags -DNSS_ENABLE_ECC" else - SSL2_TRUE='#' - SSL2_FALSE= + echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6 fi - +#AM_CONDITIONAL(ECC, test x$ecc = xyes) { echo "$as_me:$LINENO: checking for apr-config..." >&5 echo "$as_me: checking for apr-config..." >&6;} @@ -19954,7 +19966,7 @@ apache_conf=`$APXS -q SYSCONFDIR` apache_prefix=`$APXS -q PREFIX` apache_bin=`$APXS -q SBINDIR` -extra_cppflags=`$APXS -q EXTRA_CPPFLAGS` +extra_cppflags="$extra_cppflags `$APXS -q EXTRA_CPPFLAGS`" if ! test -f "$apache_inc/apr.h"; then if test -z "$apr_inc"; then @@ -20387,13 +20399,6 @@ Usually this means the macro was only invoked conditionally." >&2;} { (exit 1); exit 1; }; } fi -if test -z "${SSL2_TRUE}" && test -z "${SSL2_FALSE}"; then - { { echo "$as_me:$LINENO: error: conditional \"SSL2\" was never defined. -Usually this means the macro was only invoked conditionally." >&5 -echo "$as_me: error: conditional \"SSL2\" was never defined. -Usually this means the macro was only invoked conditionally." >&2;} - { (exit 1); exit 1; }; } -fi : ${CONFIG_STATUS=./config.status} ac_clean_files_save=$ac_clean_files @@ -20981,8 +20986,6 @@ s, at LEX@,$LEX,;t t s, at LEXLIB@,$LEXLIB,;t t s, at LEX_OUTPUT_ROOT@,$LEX_OUTPUT_ROOT,;t t -s, at SSL2_TRUE@,$SSL2_TRUE,;t t -s, at SSL2_FALSE@,$SSL2_FALSE,;t t s, at APR_CONFIG@,$APR_CONFIG,;t t s, at APXS@,$APXS,;t t s, at PKG_CONFIG@,$PKG_CONFIG,;t t Index: configure.in =================================================================== RCS file: /cvs/dirsec/mod_nss/configure.in,v retrieving revision 1.10 retrieving revision 1.11 diff -u -r1.10 -r1.11 --- configure.in 26 Feb 2006 00:30:56 -0000 1.10 +++ configure.in 2 Mar 2006 19:21:54 -0000 1.11 @@ -28,10 +28,23 @@ ssl2=$enableval, ssl2=no) if test $ssl2 = yes; then AC_MSG_RESULT(yes) + extra_cppflags="$extra_cppflags -DWANT_SSL2" else AC_MSG_RESULT(no) fi -AM_CONDITIONAL(SSL2, test x$ssl2 = xyes) +#AM_CONDITIONAL(SSL2, test x$ssl2 = xyes) + +AC_MSG_CHECKING(for ECC) +AC_ARG_ENABLE(ecc, + [ --enable-ecc enable Elliptical Curve Cyptography (default=no)], + ecc=$enableval, ecc=no) +if test $ecc = yes; then + AC_MSG_RESULT(yes) + extra_cppflags="$extra_cppflags -DNSS_ENABLE_ECC" +else + AC_MSG_RESULT(no) +fi +#AM_CONDITIONAL(ECC, test x$ecc = xyes) AC_CHECKING(for apr-config) # check for --with-apr-config @@ -97,7 +110,7 @@ apache_conf=`$APXS -q SYSCONFDIR` apache_prefix=`$APXS -q PREFIX` apache_bin=`$APXS -q SBINDIR` -extra_cppflags=`$APXS -q EXTRA_CPPFLAGS` +extra_cppflags="$extra_cppflags `$APXS -q EXTRA_CPPFLAGS`" if ! test -f "$apache_inc/apr.h"; then if test -z "$apr_inc"; then Index: mod_nss.c =================================================================== RCS file: /cvs/dirsec/mod_nss/mod_nss.c,v retrieving revision 1.10 retrieving revision 1.11 diff -u -r1.10 -r1.11 --- mod_nss.c 4 Jan 2006 22:07:58 -0000 1.10 +++ mod_nss.c 2 Mar 2006 19:21:54 -0000 1.11 @@ -86,8 +86,13 @@ "SSL Client Authentication " "(`none', `optional', `require'") SSL_CMD_SRV(Nickname, TAKE1, - "SSL Server Certificate nickname " + "SSL RSA Server Certificate nickname " "(`Server-Cert'") +#ifdef NSS_ENABLE_ECC + SSL_CMD_SRV(ECCNickname, TAKE1, + "SSL ECC Server Certificate nickname " + "(`Server-Cert'") +#endif SSL_CMD_SRV(EnforceValidCerts, FLAG, "Require a valid, trust, non-expired server certificate (default on)" "(`on', `off'") Index: mod_nss.h =================================================================== RCS file: /cvs/dirsec/mod_nss/mod_nss.h,v retrieving revision 1.9 retrieving revision 1.10 diff -u -r1.9 -r1.10 --- mod_nss.h 4 Jan 2006 22:07:58 -0000 1.9 +++ mod_nss.h 2 Mar 2006 19:21:54 -0000 1.10 @@ -268,11 +268,20 @@ int tlsrollback; int enforce; const char *nickname; +#ifdef NSS_ENABLE_ECC + const char *eccnickname; +#endif CERTCertificate *servercert; SECKEYPrivateKey *serverkey; SSLKEAType serverKEAType; +#ifdef NSS_ENABLE_ECC + CERTCertificate *eccservercert; + SECKEYPrivateKey *eccserverkey; + SSLKEAType eccserverKEAType; +#endif + PRFileDesc *model; /* used to model an SSL socket */ modnss_auth_ctx_t auth; @@ -329,7 +338,11 @@ enum sslversion { SSL2=1, SSL3=2, TLS=4}; /* the table itself is defined in nss_engine_init.c */ +#ifdef NSS_ENABLE_ECC +#define ciphernum 48 +#else #define ciphernum 23 +#endif /* * function prototypes @@ -353,6 +366,9 @@ const char *nss_cmd_NSSVerifyClient(cmd_parms *cmd, void *dcfg, const char *arg); const char *nss_cmd_NSSProtocol(cmd_parms *cmd, void *dcfg, const char *arg); const char *nss_cmd_NSSNickname(cmd_parms *cmd, void *dcfg, const char *arg); +#ifdef NSS_ENABLE_ECC +const char *nss_cmd_NSSECCNickname(cmd_parms *cmd, void *dcfg, const char *arg); +#endif const char *nss_cmd_NSSEnforceValidCerts(cmd_parms *, void *, int); const char *nss_cmd_NSSSessionCacheTimeout(cmd_parms *cmd, void *dcfg, const char *arg); const char *nss_cmd_NSSSession3CacheTimeout(cmd_parms *cmd, void *dcfg, const char *arg); Index: nss.conf.in =================================================================== RCS file: /cvs/dirsec/mod_nss/nss.conf.in,v retrieving revision 1.7 retrieving revision 1.8 diff -u -r1.7 -r1.8 --- nss.conf.in 3 Oct 2005 14:59:26 -0000 1.7 +++ nss.conf.in 2 Mar 2006 19:21:54 -0000 1.8 @@ -86,14 +86,27 @@ # SSL Cipher Suite: # List the ciphers that the client is permitted to negotiate. # See the mod_nss documentation for a complete list. -NSSCipherSuite +rsa_3des_sha,-rsa_des_56_sha,+rsa_des_sha,-rsa_null_md5,-rsa_null_sha,-rsa_rc2_40_md5,+rsa_rc4_128_md5,-rsa_rc4_128_sha,-rsa_rc4_40_md5,-rsa_rc4_56_sha,-fortezza,-fortezza_rc4_128_sha,-fortezza_null,-fips_des_sha,+fips_3des_sha,-rsa_aes_128_sha,-rsa_aes_256_sha + +# SSL 3 ciphers. SSL 2 is disabled by default. +NSSCipherSuite +rsa_rc4_128_md5,+rsa_rc4_128_sha,+rsa_3des_sha,-rsa_des_sha,-rsa_rc4_40_md5,-rsa_rc2_40_md5,-rsa_null_md5,-rsa_null_sha,+fips_3des_sha,-fips_des_sha,-fortezza,-fortezza_rc4_128_sha,-fortezza_null,-rsa_des_56_sha,-rsa_rc4_56_sha,+rsa_aes_128_sha,+rsa_aes_256_sha + +# SSL 3 ciphers + ECC ciphers. SSL 2 is disabled by default. +# +# Comment out the NSSCipherSuite line above and use the one below if you have +# ECC enabled NSS and mod_nss and want to use Elliptical Curve Cryptography +#NSSCipherSuite +rsa_rc4_128_md5,+rsa_rc4_128_sha,+rsa_3des_sha,-rsa_des_sha,-rsa_rc4_40_md5,-rsa_rc2_40_md5,-rsa_null_md5,-rsa_null_sha,+fips_3des_sha,-fips_des_sha,-fortezza,-fortezza_rc4_128_sha,-fortezza_null,-rsa_des_56_sha,-rsa_rc4_56_sha,+rsa_aes_128_sha,+rsa_aes_256_sha,-ecdh_ecdsa_null_sha,+ecdh_ecdsa_rc4_128_sha,+ecdh_ecdsa_3des_sha,+ecdh_ecdsa_aes_128_sha,+ecdh_ecdsa_aes_256_sha,-ecdhe_ecdsa_null_sha,+ecdhe_ecdsa_rc4_128_sha,+ecdhe_ecdsa_3des_sha,+ecdhe_ecdsa_aes_128_sha,+ecdhe_ecdsa_aes_256_sha,-ecdh_rsa_null_sha,+ecdh_rsa_128_sha,+ecdh_rsa_3des_sha,+ecdh_rsa_aes_128_sha,+ecdh_rsa_aes_256_sha,-echde_rsa_null,+ecdhe_rsa_rc4_128_sha,+ecdhe_rsa_3des_sha,+ecdhe_rsa_aes_128_sha,+ecdhe_rsa_aes_256_sha NSSProtocol SSLv3,TLSv1 # SSL Certificate Nickname: -# The nickname of the server certificate you are going to use. +# The nickname of the RSA server certificate you are going to use. NSSNickname Server-Cert +# SSL Certificate Nickname: +# The nickname of the ECC server certificate you are going to use, if you +# have an ECC-enabled version of NSS and mod_nss +#NSSECCNickname Server-Cert-ecc + # Server Certificate Database: # The NSS security database directory that holds the certificates and # keys. The database consists of 3 files: cert8.db, key3.db and secmod.db. Index: nss_engine_config.c =================================================================== RCS file: /cvs/dirsec/mod_nss/nss_engine_config.c,v retrieving revision 1.9 retrieving revision 1.10 diff -u -r1.9 -r1.10 --- nss_engine_config.c 3 Oct 2005 14:59:26 -0000 1.9 +++ nss_engine_config.c 2 Mar 2006 19:21:54 -0000 1.10 @@ -80,6 +80,9 @@ mctx->enforce = PR_TRUE; mctx->nickname = NULL; +#ifdef NSS_ENABLE_ECC + mctx->eccnickname = NULL; +#endif mctx->servercert = NULL; mctx->serverkey = NULL; @@ -162,6 +165,9 @@ cfgMerge(auth.verify_mode, SSL_CVERIFY_UNSET); cfgMerge(nickname, NULL); +#ifdef NSS_ENABLE_ECC + cfgMerge(eccnickname, NULL); +#endif cfgMerge(enforce, PR_TRUE); } @@ -416,6 +422,19 @@ return NULL; } +#ifdef NSS_ENABLE_ECC +const char *nss_cmd_NSSECCNickname(cmd_parms *cmd, + void *dcfg, + const char *arg) +{ + SSLSrvConfigRec *sc = mySrvConfig(cmd->server); + + sc->server->eccnickname = arg; + + return NULL; +} +#endif + const char *nss_cmd_NSSProxyEngine(cmd_parms *cmd, void *dcfg, int flag) { SSLSrvConfigRec *sc = mySrvConfig(cmd->server); Index: nss_engine_init.c =================================================================== RCS file: /cvs/dirsec/mod_nss/nss_engine_init.c,v retrieving revision 1.16 retrieving revision 1.17 diff -u -r1.16 -r1.17 --- nss_engine_init.c 28 Oct 2005 18:20:01 -0000 1.16 +++ nss_engine_init.c 2 Mar 2006 19:21:54 -0000 1.17 @@ -60,6 +60,34 @@ /* AES ciphers.*/ {"rsa_aes_128_sha", TLS_RSA_WITH_AES_128_CBC_SHA, 0, SSL3 | TLS}, {"rsa_aes_256_sha", TLS_RSA_WITH_AES_256_CBC_SHA, 0, SSL3 | TLS}, +#ifdef NSS_ENABLE_ECC + /* ECC ciphers.*/ + {"ecdh_ecdsa_null_sha", TLS_ECDH_ECDSA_WITH_NULL_SHA, 0, TLS}, + {"ecdh_ecdsa_rc4_128_sha", TLS_ECDH_ECDSA_WITH_RC4_128_SHA, 0, TLS}, + {"ecdh_ecdsa_3des_sha", TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, 0, TLS}, + {"ecdh_ecdsa_aes_128_sha", TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, 0, TLS}, + {"ecdh_ecdsa_aes_256_sha", TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, 0, TLS}, + {"ecdhe_ecdsa_null_sha", TLS_ECDHE_ECDSA_WITH_NULL_SHA, 0, TLS}, + {"ecdhe_ecdsa_rc4_128_sha", TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, 0, TLS}, + {"ecdhe_ecdsa_3des_sha", TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, 0, TLS}, + {"ecdhe_ecdsa_aes_128_sha", TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, 0, TLS}, + {"ecdhe_ecdsa_aes_256_sha", TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, 0, TLS}, + {"ecdh_rsa_null_sha", TLS_ECDH_RSA_WITH_NULL_SHA, 0, TLS}, + {"ecdh_rsa_128_sha", TLS_ECDH_RSA_WITH_RC4_128_SHA, 0, TLS}, + {"ecdh_rsa_3des_sha", TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, 0, TLS}, + {"ecdh_rsa_aes_128_sha", TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, 0, TLS}, + {"ecdh_rsa_aes_256_sha", TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, 0, TLS}, + {"echde_rsa_null", TLS_ECDHE_RSA_WITH_NULL_SHA, 0, TLS}, + {"ecdhe_rsa_rc4_128_sha", TLS_ECDHE_RSA_WITH_RC4_128_SHA, 0, TLS}, + {"ecdhe_rsa_3des_sha", TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, 0, TLS}, + {"ecdhe_rsa_aes_128_sha", TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, 0, TLS}, + {"ecdhe_rsa_aes_256_sha", TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, 0, TLS}, + {"ecdh_anon_null_sha", TLS_ECDH_anon_WITH_NULL_SHA, 0, TLS}, + {"ecdh_anon_rc4_128sha", TLS_ECDH_anon_WITH_RC4_128_SHA, 0, TLS}, + {"ecdh_anon_3des_sha", TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA, 0, TLS}, + {"ecdh_anon_aes_128_sha", TLS_ECDH_anon_WITH_AES_128_CBC_SHA, 0, TLS}, + {"ecdh_anon_aes_256_sha", TLS_ECDH_anon_WITH_AES_256_CBC_SHA, 0, TLS}, +#endif }; static char *version_components[] = { @@ -722,7 +750,11 @@ apr_pool_t *ptemp, modnss_ctx_t *mctx) { - if (mctx->servercert != NULL || mctx->serverkey != NULL) { +#ifdef NSS_ENABLE_ECC + if (mctx->servercert != NULL || mctx->eccservercert != NULL) { +#else + if (mctx->servercert != NULL) { +#endif ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, "Illegal attempt to re-initialise SSL for server " "(theoretically shouldn't happen!)"); @@ -749,58 +781,50 @@ nss_init_ctx_cipher_suite(s, p, ptemp, mctx); } -static void nss_init_server_certs(server_rec *s, - apr_pool_t *p, - apr_pool_t *ptemp, - modnss_ctx_t *mctx) +static void nss_init_certificate(server_rec *s, const char *nickname, + CERTCertificate **servercert, + SECKEYPrivateKey **serverkey, + SSLKEAType *KEAtype, + PRFileDesc *model, + int enforce) { SECCertTimeValidity certtimestatus; SECStatus secstatus; PK11SlotInfo* slot = NULL; - - /* - * Get own certificate and private key. - */ - if (mctx->nickname == NULL && mctx->as_server) { - ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, - "No certificate nickname provided."); - nss_die(); + if (nickname == NULL) { + return; } - if (mctx->nickname != NULL) { - ap_log_error(APLOG_MARK, APLOG_INFO, 0, s, - "Using nickname %s.", mctx->nickname); - mctx->servercert = FindServerCertFromNickname(mctx->nickname); - } + ap_log_error(APLOG_MARK, APLOG_INFO, 0, s, + "Using nickname %s.", nickname); + + *servercert = FindServerCertFromNickname(nickname); /* Verify the certificate chain. */ - if (mctx->servercert != NULL && mctx->as_server) { + if (*servercert != NULL) { SECCertificateUsage usage = certificateUsageSSLServer; - if (CERT_VerifyCertificateNow(CERT_GetDefaultCertDB(), mctx->servercert, PR_TRUE, usage, NULL, NULL) != SECSuccess) { + if (CERT_VerifyCertificateNow(CERT_GetDefaultCertDB(), *servercert, PR_TRUE, usage, NULL, NULL) != SECSuccess) { ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, - "Certificate not verified: '%s'", mctx->nickname); + "Certificate not verified: '%s'", nickname); nss_log_nss_error(APLOG_MARK, APLOG_ERR, s); - if (mctx->enforce) { + if (enforce) { ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, - "Unable to verify certificate '%s'. Add \"NSSEnforceValidCerts off\" to nss.conf so the server can start until the problem can be resolved.", mctx->nickname); + "Unable to verify certificate '%s'. Add \"NSSEnforceValidCerts off\" to nss.conf so the server can start until the problem can be resolved.", nickname); nss_die(); } } - } - - if (NULL == mctx->servercert && mctx->as_server) - { + } else { ap_log_error(APLOG_MARK, APLOG_INFO, 0, s, - "Certificate not found: '%s'", mctx->nickname); + "Certificate not found: '%s'", nickname); nss_die(); } - if (mctx->nickname && strchr(mctx->nickname, ':')) + if (strchr(nickname, ':')) { - char* token = strdup(mctx->nickname); + char* token = strdup(nickname); char* colon = strchr(token, ':'); if (colon) { *colon = 0; @@ -822,21 +846,19 @@ else { slot = PK11_GetInternalKeySlot(); } - - if (mctx->servercert) { - mctx->serverkey = PK11_FindPrivateKeyFromCert(slot, mctx->servercert, NULL); - } + + *serverkey = PK11_FindPrivateKeyFromCert(slot, *servercert, NULL); + PK11_FreeSlot(slot); - if (mctx->as_server && mctx->serverkey == NULL) { + if (*serverkey == NULL) { ap_log_error(APLOG_MARK, APLOG_INFO, 0, s, - "Key not found for: '%s'", mctx->nickname); + "Key not found for: '%s'", nickname); nss_log_nss_error(APLOG_MARK, APLOG_ERR, s); nss_die(); } - if (mctx->as_server) { - mctx->serverKEAType = NSS_FindCertKEAType(mctx->servercert); + *KEAtype = NSS_FindCertKEAType(*servercert); /* * Check for certs that are expired or not yet valid and WARN about it @@ -846,7 +868,7 @@ * for every virtual server - too expensive? */ - certtimestatus = CERT_CheckCertValidTimes(mctx->servercert, PR_Now(), PR_FALSE); + certtimestatus = CERT_CheckCertValidTimes(*servercert, PR_Now(), PR_FALSE); switch (certtimestatus) { case secCertTimeValid: @@ -854,35 +876,69 @@ break; case secCertTimeExpired: ap_log_error(APLOG_MARK, APLOG_INFO, 0, s, - "Server certificate is expired: '%s'", mctx->nickname); + "Server certificate is expired: '%s'", nickname); break; case secCertTimeNotValidYet: ap_log_error(APLOG_MARK, APLOG_INFO, 0, s, - "Certificate is not valid yet '%s'", mctx->nickname); + "Certificate is not valid yet '%s'", nickname); default: ap_log_error(APLOG_MARK, APLOG_INFO, 0, s, - "Unhandled Certificate time type %d for: '%s'", certtimestatus, mctx->nickname); + "Unhandled Certificate time type %d for: '%s'", certtimestatus, nickname); break; } - } - secstatus = (SECStatus)SSL_SetPKCS11PinArg(mctx->model, NULL); + secstatus = SSL_ConfigSecureServer(model, *servercert, *serverkey, *KEAtype); if (secstatus != SECSuccess) { ap_log_error(APLOG_MARK, APLOG_INFO, 0, s, - "Error setting PKCS11 pin argument: '%s'", mctx->nickname); + "SSL error configuring server: '%s'", nickname); + nss_log_nss_error(APLOG_MARK, APLOG_ERR, s); nss_die(); } - +} + + +static void nss_init_server_certs(server_rec *s, + apr_pool_t *p, + apr_pool_t *ptemp, + modnss_ctx_t *mctx) +{ + SECCertTimeValidity certtimestatus; + SECStatus secstatus; + + PK11SlotInfo* slot = NULL; + + /* + * Get own certificate and private key. + */ if (mctx->as_server) { - secstatus = SSL_ConfigSecureServer(mctx->model, mctx->servercert, mctx->serverkey, mctx->serverKEAType); - if (secstatus != SECSuccess) { - ap_log_error(APLOG_MARK, APLOG_INFO, 0, s, - "SSL error configuring server: '%s'", mctx->nickname); - nss_log_nss_error(APLOG_MARK, APLOG_ERR, s); +#ifdef NSS_ENABLE_ECC + if (mctx->nickname == NULL && mctx->eccnickname == NULL) +#else + if (mctx->nickname == NULL) +#endif + { + ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, + "No certificate nickname provided."); nss_die(); } + + nss_init_certificate(s, mctx->nickname, &mctx->servercert, + &mctx->serverkey, &mctx->serverKEAType, + mctx->model, mctx->enforce); +#ifdef NSS_ENABLE_ECC + nss_init_certificate(s, mctx->eccnickname, &mctx->eccservercert, + &mctx->eccserverkey, &mctx->eccserverKEAType, + mctx->model, mctx->enforce); +#endif } + secstatus = (SECStatus)SSL_SetPKCS11PinArg(mctx->model, NULL); + if (secstatus != SECSuccess) { + ap_log_error(APLOG_MARK, APLOG_INFO, 0, s, + "Error setting PKCS11 pin argument: '%s'", mctx->nickname); + nss_die(); + } + secstatus = (SECStatus)SSL_HandshakeCallback(mctx->model, (SSLHandshakeCallback)NSSHandshakeCallback, NULL); if (secstatus != SECSuccess) { @@ -958,8 +1014,16 @@ sc = mySrvConfig(s); if (sc->enabled) { - CERT_DestroyCertificate(sc->server->servercert); - SECKEY_DestroyPrivateKey(sc->server->serverkey); + if (sc->server->nickname) { + CERT_DestroyCertificate(sc->server->servercert); + SECKEY_DestroyPrivateKey(sc->server->serverkey); + } +#ifdef NSS_ENABLE_ECC + if (sc->server->eccnickname) { + CERT_DestroyCertificate(sc->server->eccservercert); + SECKEY_DestroyPrivateKey(sc->server->eccserverkey); + } +#endif /* Closing this implicitly cleans up the copy of the certificates * and keys associated with any SSL socket */ Index: nss_engine_io.c =================================================================== RCS file: /cvs/dirsec/mod_nss/nss_engine_io.c,v retrieving revision 1.4 retrieving revision 1.5 diff -u -r1.4 -r1.5 --- nss_engine_io.c 29 Sep 2005 19:36:10 -0000 1.4 +++ nss_engine_io.c 2 Mar 2006 19:21:54 -0000 1.5 @@ -652,7 +652,7 @@ conn_rec *c = filter_ctx->c; SSLConnRec *sslconn = myConnConfig(c); - ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, NULL, + ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, c->base_server, "SSL connection destroyed without being closed"); PR_Close(sslconn->ssl); @@ -859,7 +859,7 @@ filter_ctx->nobuffer = 1; status = nss_filter_io_shutdown(filter_ctx, f->c, 0); if (status != APR_SUCCESS) { - ap_log_error(APLOG_MARK, APLOG_INFO, status, NULL, + ap_log_error(APLOG_MARK, APLOG_INFO, status, f->c->base_server, "SSL filter error shutting down I/O"); } if ((status = ap_pass_brigade(f->next, bb)) != APR_SUCCESS) { Index: nss_engine_kernel.c =================================================================== RCS file: /cvs/dirsec/mod_nss/nss_engine_kernel.c,v retrieving revision 1.3 retrieving revision 1.4 diff -u -r1.3 -r1.4 --- nss_engine_kernel.c 31 May 2005 14:32:42 -0000 1.3 +++ nss_engine_kernel.c 2 Mar 2006 19:21:54 -0000 1.4 @@ -446,6 +446,9 @@ "Performing full renegotiation: " "complete handshake protocol"); + /* Do NOT call SSL_ResetHandshake as this will tear down the + * existing connection. + */ if (SSL_HandshakeCallback(ssl, HandshakeDone, (void *)&handshake_done) || SSL_ReHandshake(ssl, PR_TRUE)) { int errCode = PR_GetError(); if (errCode == SEC_ERROR_INVALID_ARGS) { @@ -461,7 +464,7 @@ return HTTP_FORBIDDEN; } - ap_log_error(APLOG_MARK, APLOG_INFO, 0, r->server, + ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server, "Awaiting re-negotiation handshake"); while (!handshake_done) { @@ -500,7 +503,9 @@ "Re-negotiation handshake failed: " "Not accepted by client!?"); +#if 0 r->connection->aborted = 1; +#endif return HTTP_FORBIDDEN; } } @@ -724,6 +729,7 @@ "SSL_VERSION_LIBRARY", "SSL_PROTOCOL", "SSL_CIPHER", + "SSL_CIPHER_NAME", "SSL_CIPHER_EXPORT", "SSL_CIPHER_USEKEYSIZE", "SSL_CIPHER_ALGKEYSIZE", Index: nss_engine_vars.c =================================================================== RCS file: /cvs/dirsec/mod_nss/nss_engine_vars.c,v retrieving revision 1.4 retrieving revision 1.5 diff -u -r1.4 -r1.5 --- nss_engine_vars.c 4 Jan 2006 22:07:58 -0000 1.4 +++ nss_engine_vars.c 2 Mar 2006 19:21:54 -0000 1.5 @@ -363,10 +363,10 @@ if (SSL_GetCipherSuiteInfo(channel.cipherSuite, &suite, sizeof suite) == SECSuccess) { - result = apr_psprintf(p, "%s", suite.keaTypeName); + result = apr_psprintf(p, "%s_%s", suite.keaTypeName, suite.authAlgorithmName); } } else - result = apr_pstrdup(p, "UNKNOWN"); + result = apr_pstrdup(p, "UNKNOWN_UNKNOWN"); resdup = FALSE; } @@ -582,6 +582,25 @@ result = apr_psprintf(p, "%d", keySize); resdup = FALSE; } + else if (strcEQ(var, "_NAME")) { + SSLChannelInfo channel; + SSLCipherSuiteInfo suite; + SSLConnRec *sslconn = myConnConfig(c); + + if (SSL_GetChannelInfo(sslconn->ssl, &channel, sizeof channel) == + SECSuccess && channel.length == sizeof channel && + channel.cipherSuite) + { + if (SSL_GetCipherSuiteInfo(channel.cipherSuite, + &suite, sizeof suite) == SECSuccess) + { + result = apr_psprintf(p, "%s", suite.cipherSuiteName); + } + } else + result = apr_pstrdup(p, "UNKNOWN"); + + resdup = FALSE; + } if (result != NULL && resdup) result = apr_pstrdup(p, result); From fedora-directory-commits at redhat.com Thu Mar 2 22:57:27 2006 From: fedora-directory-commits at redhat.com (Noriko Hosoi (nhosoi)) Date: Thu, 2 Mar 2006 17:57:27 -0500 Subject: [Fedora-directory-commits] setuputil nsdefs.mk,1.6,1.7 Message-ID: <200603022257.k22MvRUT006365@cvs-int.fedora.redhat.com> Author: nhosoi Update of /cvs/dirsec/setuputil In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv6220 Modified Files: nsdefs.mk Log Message: replace nsperl with the system perl on non-Linux platforms Index: nsdefs.mk =================================================================== RCS file: /cvs/dirsec/setuputil/nsdefs.mk,v retrieving revision 1.6 retrieving revision 1.7 diff -u -r1.6 -r1.7 --- nsdefs.mk 15 Feb 2006 22:51:00 -0000 1.6 +++ nsdefs.mk 2 Mar 2006 22:57:15 -0000 1.7 @@ -221,12 +221,7 @@ ZIP=$(ZIPDIR)/zip.exe UNZIP = $(ZIPDIR)/unzip.exe -o else - ifeq ($(BUILD_ARCH), Linux) - PERL=perl - else - NSPERL_RELDATE :=20020626 - PERL=/share/builds/sbstools/nsPerl/$(NSPERL_RELDATE)/$(NSOBJDIR_NAME_32)/nsperl - endif + PERL=perl ifeq ($(TMP_ARCH), SunOS) NSOS_TEST1 := $(shell uname -m) ifeq ($(NSOS_TEST1), i86pc) From fedora-directory-commits at redhat.com Fri Mar 3 15:24:22 2006 From: fedora-directory-commits at redhat.com (Robert Crittenden (rcritten)) Date: Fri, 3 Mar 2006 10:24:22 -0500 Subject: [Fedora-directory-commits] mod_nss configure, 1.15, 1.16 configure.in, 1.11, 1.12 aclocal.m4, 1.9, 1.10 Makefile.in, 1.18, 1.19 Makefile.am, 1.11, 1.12 Message-ID: <200603031524.k23FOM5l013707@cvs-int.fedora.redhat.com> Author: rcritten Update of /cvs/dirsec/mod_nss In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv13682 Modified Files: configure configure.in aclocal.m4 Makefile.in Makefile.am Log Message: force checkin of autoconf files From fedora-directory-commits at redhat.com Fri Mar 3 19:07:00 2006 From: fedora-directory-commits at redhat.com (Noriko Hosoi (nhosoi)) Date: Fri, 3 Mar 2006 14:07:00 -0500 Subject: [Fedora-directory-commits] ldapserver/ldap/cm Makefile, 1.30.2.16, 1.30.2.17 fedora-patch.inf, 1.1.2.9, 1.1.2.10 redhat-patch.inf, 1.1.2.9, 1.1.2.10 Message-ID: <200603031907.k23J70sQ024052@cvs-int.fedora.redhat.com> Author: nhosoi Update of /cvs/dirsec/ldapserver/ldap/cm In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv24010/ldap/cm Modified Files: Tag: Directory71RtmBranch Makefile fedora-patch.inf redhat-patch.inf Log Message: [183717] Admin Server - wrong ELF class Package 32-bit LDAP C SDK libraries for the Admin Server. Index: Makefile =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/cm/Makefile,v retrieving revision 1.30.2.16 retrieving revision 1.30.2.17 diff -u -r1.30.2.16 -r1.30.2.17 --- Makefile 22 Feb 2006 03:08:49 -0000 1.30.2.16 +++ Makefile 3 Mar 2006 19:06:50 -0000 1.30.2.17 @@ -715,7 +715,7 @@ ifdef BUILD_PATCH # take care of files in components (e.g., a file in nsadmin.zip) - at for pair in `grep "^compfile:" $(PATCHINF) | awk '{print $$3}'`; do \ - zipfile=`echo $$pair | awk -F: '{print $$1}' | sed -e "s/%DISTDIR%/$(ESCAPED_ABS_DISTDIR)\/$(NSOBJDIR_NAME)/"` ; \ + zipfile=`echo $$pair | awk -F: '{print $$1}' | sed -e "s/%DISTDIR32%/$(ESCAPED_ABS_DISTDIR)\/$(NSOBJDIR_NAME)\/shared32/" | sed -e "s/%DISTDIR%/$(ESCAPED_ABS_DISTDIR)\/$(NSOBJDIR_NAME)/"` ; \ afile=`echo $$pair | awk -F: '{print $$2}'` ; \ cd $(ABSRELDIR)/slapd/$(NS_BUILD_FLAVOR); $(UNZIP) -o $$zipfile $$afile ; \ done @@ -723,7 +723,7 @@ # copying files from the component area - at for pair in `grep "^copyfile:" $(PATCHINF) | awk '{print $$3}'`; do \ zipfile=`echo $$pair | awk -F: '{print $$1}'` ; \ - sfile=`echo $$pair | awk -F: '{print $$2}' | sed -e "s/%DISTDIR%/$(ESCAPED_ABS_DISTDIR)\/$(NSOBJDIR_NAME)/"` ; \ + sfile=`echo $$pair | awk -F: '{print $$2}' | sed -e "s/%DISTDIR32%/$(ESCAPED_ABS_DISTDIR)\/$(NSOBJDIR_NAME)\/shared32/" | sed -e "s/%DISTDIR%/$(ESCAPED_ABS_DISTDIR)\/$(NSOBJDIR_NAME)/"` ; \ dfile=`echo $$pair | awk -F: '{print $$3}'` ; \ cd $(ABSRELDIR)/slapd/$(NS_BUILD_FLAVOR); \ mkdir -p `dirname $$dfile`; cp $$sfile `dirname $$dfile` ; \ Index: fedora-patch.inf =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/cm/fedora-patch.inf,v retrieving revision 1.1.2.9 retrieving revision 1.1.2.10 diff -u -r1.1.2.9 -r1.1.2.10 --- fedora-patch.inf 21 Feb 2006 21:38:05 -0000 1.1.2.9 +++ fedora-patch.inf 3 Mar 2006 19:06:50 -0000 1.1.2.10 @@ -41,6 +41,7 @@ # file: bug#: # compfile: bug#: : # %DISTDIR% points /dist/ +# %DISTDIR32% points /dist//shared32 # base: ... @@ -75,11 +76,11 @@ file: M324525,M324529: clients/lib/libprldap50.* file: M324525,M324529: clients/lib/libssldap50.* -copyfile: M324525,M324529: admin/nsadmin.zip:%DISTDIR%/ldapsdk/lib/libldap50.*:bin/https/lib/libldap50.* -copyfile: M324525,M324529: admin/nsadmin.zip:%DISTDIR%/ldapsdk/lib/libprldap50.*:bin/https/lib/libprldap50.* -copyfile: M324525,M324529: admin/nsadmin.zip:%DISTDIR%/ldapsdk/lib/libssldap50.*:bin/https/lib/libssldap50.* -copyfile: M324525,M324529: admin/nsadmin.zip:%DISTDIR%/ldapsdk/lib/libldap50.*:bin/admin/lib/libldap50.* -copyfile: M324525,M324529: admin/nsadmin.zip:%DISTDIR%/ldapsdk/lib/libprldap50.*:bin/admin/lib/libprldap50.* -copyfile: M324525,M324529: admin/nsadmin.zip:%DISTDIR%/ldapsdk/lib/libssldap50.*:bin/admin/lib/libssldap50.* +copyfile: M324525,M324529: admin/nsadmin.zip:%DISTDIR32%/lib/libldap50.*:bin/https/lib/libldap50.* +copyfile: M324525,M324529: admin/nsadmin.zip:%DISTDIR32%/lib/libprldap50.*:bin/https/lib/libprldap50.* +copyfile: M324525,M324529: admin/nsadmin.zip:%DISTDIR32%/lib/libssldap50.*:bin/https/lib/libssldap50.* +copyfile: M324525,M324529: admin/nsadmin.zip:%DISTDIR32%/lib/libldap50.*:bin/admin/lib/libldap50.* +copyfile: M324525,M324529: admin/nsadmin.zip:%DISTDIR32%/lib/libprldap50.*:bin/admin/lib/libprldap50.* +copyfile: M324525,M324529: admin/nsadmin.zip:%DISTDIR32%/lib/libssldap50.*:bin/admin/lib/libssldap50.* compfile: 171306: %DISTDIR%/admserv/admin/nsadmin.zip:manual/help/help Index: redhat-patch.inf =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/cm/redhat-patch.inf,v retrieving revision 1.1.2.9 retrieving revision 1.1.2.10 diff -u -r1.1.2.9 -r1.1.2.10 --- redhat-patch.inf 21 Feb 2006 21:38:05 -0000 1.1.2.9 +++ redhat-patch.inf 3 Mar 2006 19:06:50 -0000 1.1.2.10 @@ -41,6 +41,7 @@ # file: bug#: # compfile: bug#: : # %DISTDIR% points /dist/ +# %DISTDIR32% points /dist//shared32 # base: /share/builds/products/server/directry/7.1 @@ -75,11 +76,11 @@ file: M324525,M324529: clients/lib/libprldap50.* file: M324525,M324529: clients/lib/libssldap50.* -copyfile: M324525,M324529: admin/nsadmin.zip:%DISTDIR%/ldapsdk/lib/libldap50.*:bin/https/lib/libldap50.* -copyfile: M324525,M324529: admin/nsadmin.zip:%DISTDIR%/ldapsdk/lib/libprldap50.*:bin/https/lib/libprldap50.* -copyfile: M324525,M324529: admin/nsadmin.zip:%DISTDIR%/ldapsdk/lib/libssldap50.*:bin/https/lib/libssldap50.* -copyfile: M324525,M324529: admin/nsadmin.zip:%DISTDIR%/ldapsdk/lib/libldap50.*:bin/admin/lib/libldap50.* -copyfile: M324525,M324529: admin/nsadmin.zip:%DISTDIR%/ldapsdk/lib/libprldap50.*:bin/admin/lib/libprldap50.* -copyfile: M324525,M324529: admin/nsadmin.zip:%DISTDIR%/ldapsdk/lib/libssldap50.*:bin/admin/lib/libssldap50.* +copyfile: M324525,M324529: admin/nsadmin.zip:%DISTDIR32%/lib/libldap50.*:bin/https/lib/libldap50.* +copyfile: M324525,M324529: admin/nsadmin.zip:%DISTDIR32%/lib/libprldap50.*:bin/https/lib/libprldap50.* +copyfile: M324525,M324529: admin/nsadmin.zip:%DISTDIR32%/lib/libssldap50.*:bin/https/lib/libssldap50.* +copyfile: M324525,M324529: admin/nsadmin.zip:%DISTDIR32%/lib/libldap50.*:bin/admin/lib/libldap50.* +copyfile: M324525,M324529: admin/nsadmin.zip:%DISTDIR32%/lib/libprldap50.*:bin/admin/lib/libprldap50.* +copyfile: M324525,M324529: admin/nsadmin.zip:%DISTDIR32%/lib/libssldap50.*:bin/admin/lib/libssldap50.* compfile: 171306: %DISTDIR%/admserv/admin/nsadmin.zip:manual/help/help From fedora-directory-commits at redhat.com Fri Mar 3 19:06:52 2006 From: fedora-directory-commits at redhat.com (Noriko Hosoi (nhosoi)) Date: Fri, 3 Mar 2006 14:06:52 -0500 Subject: [Fedora-directory-commits] ldapserver internal_comp_deps.mk, 1.24.2.1, 1.24.2.2 Message-ID: <200603031907.k23J7Mtd024063@cvs-int.fedora.redhat.com> Author: nhosoi Update of /cvs/dirsec/ldapserver In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv24010 Modified Files: Tag: Directory71RtmBranch internal_comp_deps.mk Log Message: [183717] Admin Server - wrong ELF class Package 32-bit LDAP C SDK libraries for the Admin Server. Index: internal_comp_deps.mk =================================================================== RCS file: /cvs/dirsec/ldapserver/internal_comp_deps.mk,v retrieving revision 1.24.2.1 retrieving revision 1.24.2.2 diff -u -r1.24.2.1 -r1.24.2.2 --- internal_comp_deps.mk 15 Feb 2006 21:32:16 -0000 1.24.2.1 +++ internal_comp_deps.mk 3 Mar 2006 19:06:22 -0000 1.24.2.2 @@ -132,6 +132,12 @@ # do not need redundant copy of nssckbi NSS32_NSPR32_SRC_LIBS = $(filter-out $(SHARED32_BUILD_DIR)/lib/$(NSSCKBI32_FILE),$(wildcard $(SHARED32_BUILD_DIR)/lib/*)) PACKAGE_SRC_DEST += $(addsuffix $(SPACE)shared32/lib,$(NSS32_NSPR32_SRC_LIBS)) + +ifdef BUILD_PATCH +# need 32-bit LDAP C SDK libs for SP2 + LDAPSDK32_IMPORT = $(subst $(NS64TAG),,$(LDAP_RELEASE)) + LDAPSDK32_PULLFILES = lib/$(LIB_PREFIX)$(subst $(SPACE),$(COMMA)lib/$(LIB_PREFIX),$(addsuffix .$(DLL_SUFFIX),$(LDAP_SOLIB_NAMES))) +endif # BUILD_PATCH endif # USE_64 ifdef VSFTPD_HACK @@ -168,7 +174,12 @@ $(FTP_PULL) -method $(SECURITY_PULL_METHOD) \ -objdir $(SHARED32_BUILD_DIR) -componentdir $(NSS32_IMPORT) \ -files $(subst $(SPACE),$(COMMA),$(NSS32_PULLFILES)) - mv $(SHARED32_BUILD_DIR)/lib/$(NSSCKBI_FILE) $(SHARED32_BUILD_DIR)/lib/$(NSSCKBI32_FILE) +ifdef BUILD_PATCH + $(FTP_PULL) -method $(LDAPSDK_PULL_METHOD) \ + -objdir $(SHARED32_BUILD_DIR) -componentdir $(LDAPSDK32_IMPORT) \ + -files $(subst $(SPACE),$(COMMA),$(LDAPSDK32_PULLFILES)) +endif + mv -f $(SHARED32_BUILD_DIR)/lib/$(NSSCKBI_FILE) $(SHARED32_BUILD_DIR)/lib/$(NSSCKBI32_FILE) endif # USE_64 endif # COMPONENT_DEPS - at if [ ! -f $@ ] ; \ From fedora-directory-commits at redhat.com Fri Mar 3 20:16:48 2006 From: fedora-directory-commits at redhat.com (Richard Allen Megginson (rmeggins)) Date: Fri, 3 Mar 2006 15:16:48 -0500 Subject: [Fedora-directory-commits] mod_admserv mod_admserv.c,1.21,1.22 Message-ID: <200603032016.k23KGnbF026709@cvs-int.fedora.redhat.com> Author: rmeggins Update of /cvs/dirsec/mod_admserv In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv26683 Modified Files: mod_admserv.c Log Message: Bug(s) fixed: 183925 Bug Description: nsAdminAccessAddresses not working Reviewed by: one line commit rule Fix Description: The comparison was reversed so that if the match is successful the access is allowed. Platforms tested: Fedora Core 4 Flag Day: no Doc impact: no QA impact: should be covered by regular nightly and manual testing New Tests integrated into TET: none Index: mod_admserv.c =================================================================== RCS file: /cvs/dirsec/mod_admserv/mod_admserv.c,v retrieving revision 1.21 retrieving revision 1.22 diff -u -r1.21 -r1.22 --- mod_admserv.c 1 Mar 2006 18:43:51 -0000 1.21 +++ mod_admserv.c 3 Mar 2006 20:16:38 -0000 1.22 @@ -1913,7 +1913,7 @@ if (accessAddresses && *accessAddresses) { int matchflags = APR_FNM_PERIOD; apr_status_t rc = admserv_match_list(apr_pstrdup(r->pool, accessAddresses), clientIP, matchflags); - if (rc == APR_SUCCESS) { + if (rc != APR_SUCCESS) { } else { return DECLINED; } From fedora-directory-commits at redhat.com Mon Mar 6 20:00:54 2006 From: fedora-directory-commits at redhat.com (Richard Allen Megginson (rmeggins)) Date: Mon, 6 Mar 2006 15:00:54 -0500 Subject: [Fedora-directory-commits] ldapserver/ldap/servers/slapd pw.c, 1.9, 1.10 Message-ID: <200603062000.k26K0s4p007367@cvs-int.fedora.redhat.com> Author: rmeggins Update of /cvs/dirsec/ldapserver/ldap/servers/slapd In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv7325 Modified Files: pw.c Log Message: Bug(s) fixed: 179723 Bug Description: crash after succesful pwdchange via ldappasswd Reviewed by: Pete, Nathan (Thanks!) Fix Description: The passwd_extop code does an internal operation to change the password. Some of this code is only intended to be called for external operations where you have a conn structure. The one place in particular which caused this bug is in update_pw_info, where it is only triggered if you must change the password or password expiration is in effect. The fix is to just check to see if the pb_conn is not null. Platforms tested: Fedora Core 4 Flag Day: no Doc impact: no Index: pw.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/pw.c,v retrieving revision 1.9 retrieving revision 1.10 diff -u -r1.9 -r1.10 --- pw.c 25 Jan 2006 16:51:39 -0000 1.9 +++ pw.c 6 Mar 2006 20:00:47 -0000 1.10 @@ -647,8 +647,10 @@ pw_apply_mods(dn, &smods); slapi_mods_done(&smods); - /* reset c_needpw to 0 */ - pb->pb_conn->c_needpw = 0; + if (pb->pb_conn) { /* no conn for internal op */ + /* reset c_needpw to 0 */ + pb->pb_conn->c_needpw = 0; + } return 0; } From fedora-directory-commits at redhat.com Mon Mar 6 20:02:14 2006 From: fedora-directory-commits at redhat.com (Richard Allen Megginson (rmeggins)) Date: Mon, 6 Mar 2006 15:02:14 -0500 Subject: [Fedora-directory-commits] ldapserver/ldap/servers/slapd passwd_extop.c, 1.7, 1.8 Message-ID: <200603062002.k26K2Eod009368@cvs-int.fedora.redhat.com> Author: rmeggins Update of /cvs/dirsec/ldapserver/ldap/servers/slapd In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv9313 Modified Files: passwd_extop.c Log Message: Bug(s) fixed: 179723 Bug Description: crash after succesful pwdchange via ldappasswd Reviewed by: Pete, Nathan (Thanks!) Fix Description: The passwd_extop code does an internal operation to change the password. Some of this code is only intended to be called for external operations where you have a conn structure. The one place in particular which caused this bug is in update_pw_info, where it is only triggered if you must change the password or password expiration is in effect. The fix is to just check to see if the pb_conn is not null. Platforms tested: Fedora Core 4 Flag Day: no Doc impact: no Index: passwd_extop.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/passwd_extop.c,v retrieving revision 1.7 retrieving revision 1.8 diff -u -r1.7 -r1.8 --- passwd_extop.c 15 Feb 2006 21:22:46 -0000 1.7 +++ passwd_extop.c 6 Mar 2006 20:02:06 -0000 1.8 @@ -135,7 +135,6 @@ static int passwd_apply_mods(const char *dn, Slapi_Mods *mods) { Slapi_PBlock pb; - Slapi_Operation *operation= NULL; int ret=0; LDAPDebug( LDAP_DEBUG_TRACE, "=> passwd_apply_mods\n", 0, 0, 0 ); @@ -150,9 +149,6 @@ pw_get_componentID(), /* PluginID */ 0); /* Flags */ - /* Plugin operations are INTERNAL by default, bypass it to enforce ACL checks */ - slapi_pblock_get (&pb, SLAPI_OPERATION, &operation); - ret =slapi_modify_internal_pb (&pb); slapi_pblock_get(&pb, SLAPI_PLUGIN_INTOP_RESULT, &ret); From fedora-directory-commits at redhat.com Tue Mar 7 00:52:16 2006 From: fedora-directory-commits at redhat.com (Noriko Hosoi (nhosoi)) Date: Mon, 6 Mar 2006 19:52:16 -0500 Subject: [Fedora-directory-commits] ldapserver/ldap/cm Makefile, 1.30.2.17, 1.30.2.18 fedora-patch.inf, 1.1.2.10, 1.1.2.11 redhat-patch.inf, 1.1.2.10, 1.1.2.11 Message-ID: <200603070052.k270qGWZ019682@cvs-int.fedora.redhat.com> Author: nhosoi Update of /cvs/dirsec/ldapserver/ldap/cm In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv19602 Modified Files: Tag: Directory71RtmBranch Makefile fedora-patch.inf redhat-patch.inf Log Message: [183717] Admin Server - wrong ELF class Should have treated the 32-bit build and 64-bit in the different way: 32-bit -- copy from dist// (e.g., dist/SunOS5.9_OPT.OBJ/ldapsdk) 64-bit -- copy from dist//shared32 (e.g., dist/SunOS5.9_64_OPT.OBJ/shared32) Index: Makefile =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/cm/Makefile,v retrieving revision 1.30.2.17 retrieving revision 1.30.2.18 diff -u -r1.30.2.17 -r1.30.2.18 --- Makefile 3 Mar 2006 19:06:50 -0000 1.30.2.17 +++ Makefile 7 Mar 2006 00:52:08 -0000 1.30.2.18 @@ -233,6 +233,14 @@ ifdef BUILD_PATCH PATCHINSTDIR = $(ABS_INSTDIR)-SP SLAPDSP = slapd-71sp2 +PATCH_DISTDIR=$(ESCAPED_ABS_DISTDIR)\/$(NSOBJDIR_NAME) +ifeq ($(USE_64), 1) + PATCH_DISTDIR32=$(ESCAPED_ABS_DISTDIR)\/$(NSOBJDIR_NAME)\/shared32 + PATCH_LDAPSDK= +else + PATCH_DISTDIR32=$(PATCH_DISTDIR) + PATCH_LDAPSDK=ldapsdk +endif endif INST_TARGET_RESKIT=$(INSTDIR)/reskit @@ -714,16 +722,18 @@ ifdef BUILD_PATCH # take care of files in components (e.g., a file in nsadmin.zip) + @echo compfile... - at for pair in `grep "^compfile:" $(PATCHINF) | awk '{print $$3}'`; do \ - zipfile=`echo $$pair | awk -F: '{print $$1}' | sed -e "s/%DISTDIR32%/$(ESCAPED_ABS_DISTDIR)\/$(NSOBJDIR_NAME)\/shared32/" | sed -e "s/%DISTDIR%/$(ESCAPED_ABS_DISTDIR)\/$(NSOBJDIR_NAME)/"` ; \ + zipfile=`echo $$pair | awk -F: '{print $$1}' | sed -e "s/%DISTDIR32%/$(PATCH_DISTDIR32)/" | sed -e "s/%DISTDIR%/$(PATCH_DISTDIR)/"` ; \ afile=`echo $$pair | awk -F: '{print $$2}'` ; \ cd $(ABSRELDIR)/slapd/$(NS_BUILD_FLAVOR); $(UNZIP) -o $$zipfile $$afile ; \ done # copying files from the component area + @echo copyfile... - at for pair in `grep "^copyfile:" $(PATCHINF) | awk '{print $$3}'`; do \ zipfile=`echo $$pair | awk -F: '{print $$1}'` ; \ - sfile=`echo $$pair | awk -F: '{print $$2}' | sed -e "s/%DISTDIR32%/$(ESCAPED_ABS_DISTDIR)\/$(NSOBJDIR_NAME)\/shared32/" | sed -e "s/%DISTDIR%/$(ESCAPED_ABS_DISTDIR)\/$(NSOBJDIR_NAME)/"` ; \ + sfile=`echo $$pair | awk -F: '{print $$2}' | sed -e "s/%DISTDIR32%/$(PATCH_DISTDIR32)/" | sed -e "s/%LDAPSDK%/$(PATCH_LDAPSDK)/" | sed -e "s/%DISTDIR%/$(PATCH_DISTDIR)/"` ; \ dfile=`echo $$pair | awk -F: '{print $$3}'` ; \ cd $(ABSRELDIR)/slapd/$(NS_BUILD_FLAVOR); \ mkdir -p `dirname $$dfile`; cp $$sfile `dirname $$dfile` ; \ Index: fedora-patch.inf =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/cm/fedora-patch.inf,v retrieving revision 1.1.2.10 retrieving revision 1.1.2.11 diff -u -r1.1.2.10 -r1.1.2.11 --- fedora-patch.inf 3 Mar 2006 19:06:50 -0000 1.1.2.10 +++ fedora-patch.inf 7 Mar 2006 00:52:08 -0000 1.1.2.11 @@ -41,7 +41,10 @@ # file: bug#: # compfile: bug#: : # %DISTDIR% points /dist/ +# 64bit: # %DISTDIR32% points /dist//shared32 +# 32it: +# %DISTDIR32% points /dist/ # base: ... @@ -76,11 +79,11 @@ file: M324525,M324529: clients/lib/libprldap50.* file: M324525,M324529: clients/lib/libssldap50.* -copyfile: M324525,M324529: admin/nsadmin.zip:%DISTDIR32%/lib/libldap50.*:bin/https/lib/libldap50.* -copyfile: M324525,M324529: admin/nsadmin.zip:%DISTDIR32%/lib/libprldap50.*:bin/https/lib/libprldap50.* -copyfile: M324525,M324529: admin/nsadmin.zip:%DISTDIR32%/lib/libssldap50.*:bin/https/lib/libssldap50.* -copyfile: M324525,M324529: admin/nsadmin.zip:%DISTDIR32%/lib/libldap50.*:bin/admin/lib/libldap50.* -copyfile: M324525,M324529: admin/nsadmin.zip:%DISTDIR32%/lib/libprldap50.*:bin/admin/lib/libprldap50.* -copyfile: M324525,M324529: admin/nsadmin.zip:%DISTDIR32%/lib/libssldap50.*:bin/admin/lib/libssldap50.* +copyfile: M324525,M324529: admin/nsadmin.zip:%DISTDIR32%/%LDAPSDK%/lib/libldap50.*:bin/https/lib/libldap50.* +copyfile: M324525,M324529: admin/nsadmin.zip:%DISTDIR32%/%LDAPSDK%/lib/libprldap50.*:bin/https/lib/libprldap50.* +copyfile: M324525,M324529: admin/nsadmin.zip:%DISTDIR32%/%LDAPSDK%/lib/libssldap50.*:bin/https/lib/libssldap50.* +copyfile: M324525,M324529: admin/nsadmin.zip:%DISTDIR32%/%LDAPSDK%/lib/libldap50.*:bin/admin/lib/libldap50.* +copyfile: M324525,M324529: admin/nsadmin.zip:%DISTDIR32%/%LDAPSDK%/lib/libprldap50.*:bin/admin/lib/libprldap50.* +copyfile: M324525,M324529: admin/nsadmin.zip:%DISTDIR32%/%LDAPSDK%/lib/libssldap50.*:bin/admin/lib/libssldap50.* compfile: 171306: %DISTDIR%/admserv/admin/nsadmin.zip:manual/help/help Index: redhat-patch.inf =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/cm/redhat-patch.inf,v retrieving revision 1.1.2.10 retrieving revision 1.1.2.11 diff -u -r1.1.2.10 -r1.1.2.11 --- redhat-patch.inf 3 Mar 2006 19:06:50 -0000 1.1.2.10 +++ redhat-patch.inf 7 Mar 2006 00:52:08 -0000 1.1.2.11 @@ -41,7 +41,10 @@ # file: bug#: # compfile: bug#: : # %DISTDIR% points /dist/ +# 64bit: # %DISTDIR32% points /dist//shared32 +# 32it: +# %DISTDIR32% points /dist/ # base: /share/builds/products/server/directry/7.1 @@ -76,11 +79,11 @@ file: M324525,M324529: clients/lib/libprldap50.* file: M324525,M324529: clients/lib/libssldap50.* -copyfile: M324525,M324529: admin/nsadmin.zip:%DISTDIR32%/lib/libldap50.*:bin/https/lib/libldap50.* -copyfile: M324525,M324529: admin/nsadmin.zip:%DISTDIR32%/lib/libprldap50.*:bin/https/lib/libprldap50.* -copyfile: M324525,M324529: admin/nsadmin.zip:%DISTDIR32%/lib/libssldap50.*:bin/https/lib/libssldap50.* -copyfile: M324525,M324529: admin/nsadmin.zip:%DISTDIR32%/lib/libldap50.*:bin/admin/lib/libldap50.* -copyfile: M324525,M324529: admin/nsadmin.zip:%DISTDIR32%/lib/libprldap50.*:bin/admin/lib/libprldap50.* -copyfile: M324525,M324529: admin/nsadmin.zip:%DISTDIR32%/lib/libssldap50.*:bin/admin/lib/libssldap50.* +copyfile: M324525,M324529: admin/nsadmin.zip:%DISTDIR32%/%LDAPSDK%/lib/libldap50.*:bin/https/lib/libldap50.* +copyfile: M324525,M324529: admin/nsadmin.zip:%DISTDIR32%/%LDAPSDK%/lib/libprldap50.*:bin/https/lib/libprldap50.* +copyfile: M324525,M324529: admin/nsadmin.zip:%DISTDIR32%/%LDAPSDK%/lib/libssldap50.*:bin/https/lib/libssldap50.* +copyfile: M324525,M324529: admin/nsadmin.zip:%DISTDIR32%/%LDAPSDK%/lib/libldap50.*:bin/admin/lib/libldap50.* +copyfile: M324525,M324529: admin/nsadmin.zip:%DISTDIR32%/%LDAPSDK%/lib/libprldap50.*:bin/admin/lib/libprldap50.* +copyfile: M324525,M324529: admin/nsadmin.zip:%DISTDIR32%/%LDAPSDK%/lib/libssldap50.*:bin/admin/lib/libssldap50.* compfile: 171306: %DISTDIR%/admserv/admin/nsadmin.zip:manual/help/help From fedora-directory-commits at redhat.com Wed Mar 8 01:31:20 2006 From: fedora-directory-commits at redhat.com (Noriko Hosoi (nhosoi)) Date: Tue, 7 Mar 2006 20:31:20 -0500 Subject: [Fedora-directory-commits] ldapserver/ldap/servers/slapd/back-ldbm vlv.c, 1.6, 1.7 Message-ID: <200603080131.k281VKWN012425@cvs-int.fedora.redhat.com> Author: nhosoi Update of /cvs/dirsec/ldapserver/ldap/servers/slapd/back-ldbm In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv12379 Modified Files: vlv.c Log Message: [183222] Directory Server hangs when running VLV search and update operations simultaneously. Demoted the write lock to the read lock in vlv_update_all_indexes Index: vlv.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/back-ldbm/vlv.c,v retrieving revision 1.6 retrieving revision 1.7 diff -u -r1.6 -r1.7 --- vlv.c 19 Apr 2005 22:07:38 -0000 1.6 +++ vlv.c 8 Mar 2006 01:31:12 -0000 1.7 @@ -72,6 +72,7 @@ backend *be = inst->inst_be; vlvSearch_init(newVlvSearch, pb, entryBefore, inst); + /* vlvSearchList is modified; need Wlock */ PR_RWLock_Wlock(be->vlvSearchList_lock); vlvSearch_addtolist(newVlvSearch, (struct vlvSearch **)&be->vlvSearchList); PR_RWLock_Unlock(be->vlvSearchList_lock); @@ -89,7 +90,8 @@ slapi_sdn_init(&parentdn); slapi_sdn_get_parent(slapi_entry_get_sdn(entryBefore),&parentdn); { - PR_RWLock_Wlock(be->vlvSearchList_lock); + /* vlvIndex list is modified; need Wlock */ + PR_RWLock_Wlock(be->vlvSearchList_lock); parent= vlvSearch_finddn((struct vlvSearch *)be->vlvSearchList, &parentdn); if(parent!=NULL) { @@ -109,10 +111,11 @@ int vlv_DeleteSearchEntry(Slapi_PBlock *pb, Slapi_Entry* entryBefore, Slapi_Entry* entryAfter, int *returncode, char *returntext, void *arg) { struct vlvSearch* p=NULL; - backend *be= ((ldbm_instance*)arg)->inst_be; + backend *be= ((ldbm_instance*)arg)->inst_be; - PR_RWLock_Wlock(be->vlvSearchList_lock); - p = vlvSearch_finddn((struct vlvSearch *)be->vlvSearchList, slapi_entry_get_sdn(entryBefore)); + /* vlvSearchList is modified; need Wlock */ + PR_RWLock_Wlock(be->vlvSearchList_lock); + p = vlvSearch_finddn((struct vlvSearch *)be->vlvSearchList, slapi_entry_get_sdn(entryBefore)); if(p!=NULL) { LDAPDebug( LDAP_DEBUG_ANY, "Deleted Virtual List View Search (%s).\n", p->vlv_name, 0, 0); @@ -269,7 +272,7 @@ int any_not_done = 0; - PR_RWLock_Wlock(be->vlvSearchList_lock); + PR_RWLock_Wlock(be->vlvSearchList_lock); if (seen_them_all) { PR_RWLock_Unlock(be->vlvSearchList_lock); return; @@ -320,6 +323,7 @@ { struct vlvSearch *t = NULL; struct vlvSearch *nt = NULL; + /* vlvSearchList is modified; need Wlock */ PR_RWLock_Wlock(be->vlvSearchList_lock); for (t = (struct vlvSearch *)be->vlvSearchList; NULL != t; ) { @@ -762,8 +766,8 @@ * * JCM: If only non-sorted attributes are changed, then the indexes don't need updating. * JCM: Detecting this fact, given multi-valued atribibutes, might be tricky... - * Added write lock -*/ + * Read lock (traverse vlvSearchList; no change on vlvSearchList/vlvIndex lists) + */ int vlv_update_all_indexes(back_txn *txn, backend *be, Slapi_PBlock *pb, struct backentry* oldEntry, struct backentry* newEntry) @@ -772,7 +776,7 @@ struct vlvSearch* ps=NULL; struct ldbminfo *li = ((ldbm_instance *)be->be_instance_info)->inst_li; - PR_RWLock_Wlock(be->vlvSearchList_lock); + PR_RWLock_Rlock(be->vlvSearchList_lock); ps = (struct vlvSearch *)be->vlvSearchList; for(;ps!=NULL;ps= ps->vlv_next) { @@ -1927,10 +1931,11 @@ tag1=create_vlv_search_tag(dn); buf=slapi_ch_smprintf("%s%s%s%s%s","cn=MCC ",tag1,", cn=",inst->inst_name,LDBM_PLUGIN_ROOT); newdn=slapi_sdn_new_dn_byval(buf); + /* vlvSearchList is modified; need Wlock */ PR_RWLock_Wlock(be->vlvSearchList_lock); p = vlvSearch_finddn((struct vlvSearch *)be->vlvSearchList, newdn); - if(p!=NULL) - { + if(p!=NULL) + { LDAPDebug( LDAP_DEBUG_ANY, "Deleted Virtual List View Search (%s).\n", p->vlv_name, 0, 0); tag2=create_vlv_search_tag(dn); buf2=slapi_ch_smprintf("%s%s,%s",TAG,tag2,buf); From fedora-directory-commits at redhat.com Thu Mar 9 17:28:13 2006 From: fedora-directory-commits at redhat.com (Noriko Hosoi (nhosoi)) Date: Thu, 9 Mar 2006 12:28:13 -0500 Subject: [Fedora-directory-commits] mod_admserv aclocal.m4, 1.9, 1.10 Makefile.am, 1.13, 1.14 Makefile.in, 1.17, 1.18 configure.in, 1.15, 1.16 Message-ID: <200603091728.k29HSDof006952@cvs-int.fedora.redhat.com> Author: nhosoi Update of /cvs/dirsec/mod_admserv In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv6929 Modified Files: aclocal.m4 Makefile.am Makefile.in configure.in Log Message: adding "@nspr_lib@ -lnspr4 -lplc4" to LIBS to build using components on /s/b/c. Index: Makefile.am =================================================================== RCS file: /cvs/dirsec/mod_admserv/Makefile.am,v retrieving revision 1.13 retrieving revision 1.14 diff -u -r1.13 -r1.14 --- Makefile.am 26 Feb 2006 00:27:58 -0000 1.13 +++ Makefile.am 9 Mar 2006 17:28:05 -0000 1.14 @@ -8,7 +8,7 @@ ## Set the includes and libraries needed INCLUDES = -I at apache_inc@ @apr_inc@ @adminutil_inc@ @nspr_inc@ @ldapsdk_inc@ @nss_inc@ -LIBS = @adminutil_lib@ -ladminutil at adminutil_ver@ -ladmsslutil at adminutil_ver@ @icu_lib@ -licui18n -licuuc -licudata @ldapsdk_lib@ -lssldap50 -lprldap50 -lldap50 @nss_lib@ -lssl3 -lnss3 +LIBS = @adminutil_lib@ -ladminutil at adminutil_ver@ -ladmsslutil at adminutil_ver@ @icu_lib@ -licui18n -licuuc -licudata @ldapsdk_lib@ -lssldap50 -lprldap50 -lldap50 @nss_lib@ -lssl3 -lnss3 @nspr_lib@ -lnspr4 -lplc4 EXTRA_CPPFLAGS=@extra_cppflags@ Index: Makefile.in =================================================================== RCS file: /cvs/dirsec/mod_admserv/Makefile.in,v retrieving revision 1.17 retrieving revision 1.18 diff -u -r1.17 -r1.18 --- Makefile.in 26 Feb 2006 00:27:58 -0000 1.17 +++ Makefile.in 9 Mar 2006 17:28:05 -0000 1.18 @@ -117,7 +117,7 @@ #libmodadmserv_la_LDFLAGS = -module -avoid-version INCLUDES = -I at apache_inc@ @apr_inc@ @adminutil_inc@ @nspr_inc@ @ldapsdk_inc@ @nss_inc@ -LIBS = @adminutil_lib@ -ladminutil at adminutil_ver@ -ladmsslutil at adminutil_ver@ @icu_lib@ -licui18n -licuuc -licudata @ldapsdk_lib@ -lssldap50 -lprldap50 -lldap50 @nss_lib@ -lssl3 -lnss3 +LIBS = @adminutil_lib@ -ladminutil at adminutil_ver@ -ladmsslutil at adminutil_ver@ @icu_lib@ -licui18n -licuuc -licudata @ldapsdk_lib@ -lssldap50 -lprldap50 -lldap50 @nss_lib@ -lssl3 -lnss3 @nspr_lib@ -lnspr4 -lplc4 EXTRA_CPPFLAGS = @extra_cppflags@ From fedora-directory-commits at redhat.com Thu Mar 9 17:28:58 2006 From: fedora-directory-commits at redhat.com (Noriko Hosoi (nhosoi)) Date: Thu, 9 Mar 2006 12:28:58 -0500 Subject: [Fedora-directory-commits] mod_admserv configure,1.18,1.19 Message-ID: <200603091728.k29HSwX1006976@cvs-int.fedora.redhat.com> Author: nhosoi Update of /cvs/dirsec/mod_admserv In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv6958 Modified Files: configure Log Message: adding "@nspr_lib@ -lnspr4 -lplc4" to LIBS to build using components on /s/b/c. From fedora-directory-commits at redhat.com Tue Mar 14 17:13:49 2006 From: fedora-directory-commits at redhat.com (Noriko Hosoi (nhosoi)) Date: Tue, 14 Mar 2006 12:13:49 -0500 Subject: [Fedora-directory-commits] ldapserver/ldap/admin/src create_instance.c, 1.24, 1.25 create_instance.h, 1.5, 1.6 instindex.cpp, 1.8, 1.9 Message-ID: <200603141713.k2EHDnlr001887@cvs-int.fedora.redhat.com> Author: nhosoi Update of /cvs/dirsec/ldapserver/ldap/admin/src In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv1852 Modified Files: create_instance.c create_instance.h instindex.cpp Log Message: [185364] Can't update scripts (e.g., start-slapd) in the instance When ds_create is called with -r (update), scripts in the instance directory were not updated. They are recreated with this change. Index: create_instance.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/admin/src/create_instance.c,v retrieving revision 1.24 retrieving revision 1.25 diff -u -r1.24 -r1.25 --- create_instance.c 7 Dec 2005 21:29:08 -0000 1.24 +++ create_instance.c 14 Mar 2006 17:13:38 -0000 1.25 @@ -1057,74 +1057,15 @@ } #endif -/* ---------------------- Create configuration files ---------------------- */ - - -char *create_server(server_config_s *cf, char *param_name) +static char * +create_scripts(server_config_s *cf, char *param_name) { - char line[PATH_SIZE], *t, *sroot = cf->sroot; + char *t, *sroot = cf->sroot; char subdir[PATH_SIZE]; -#if defined( SOLARIS ) - /* - * Solaris 9+ specific installation - */ - char otherline[PATH_SIZE]; - char subdirvar[PATH_SIZE]; - char subdiretc[PATH_SIZE]; - char *sub; -#endif /* SOLARIS */ - - if (param_name) - param_name[0] = 0; /* init to empty string */ - -#ifdef XP_UNIX - if (!cf->servuser) - getSuiteSpotUserGroup(cf); -#else - /* Abort if the service exists on NT */ - if (t = service_exists(cf->servid)) { - PL_strncpyz(param_name, "servid", BIG_LINE); - return t; - } -#endif - - if( (t = sanity_check(cf, param_name)) ) - return t; - /* Create slapd-nickname directory */ PR_snprintf(subdir, sizeof(subdir), "%s%c"PRODUCT_NAME"-%s", sroot, FILE_PATHSEP, cf->servid); - if( (create_instance_mkdir(subdir, NEWDIR_MODE)) ) - return make_error("mkdir %s failed (%s)", subdir, ds_system_errmsg()); - - /* Create slapd-nickname/config directory */ - PR_snprintf(line, sizeof(line), "%s%cconfig", subdir, FILE_PATHSEP); - if( (create_instance_mkdir(line, NEWDIR_MODE)) ) - return make_error("mkdir %s failed (%s)", line, ds_system_errmsg()); - - /* Create slapd-nickname/config/schema directory */ - PR_snprintf(line, sizeof(line), "%s%cconfig%cschema", subdir, FILE_PATHSEP, FILE_PATHSEP); - if( (create_instance_mkdir(line, NEWDIR_MODE)) ) - return make_error("mkdir %s failed (%s)", line, ds_system_errmsg()); - -#if defined (BUILD_PRESENCE) - /* Create slapd-nickname/config/presence directory */ - PR_snprintf(line, sizeof(line), "%s%cconfig%cpresence", subdir, FILE_PATHSEP, FILE_PATHSEP); - if( (create_instance_mkdir(line, NEWDIR_MODE)) ) - return make_error("mkdir %s failed (%s)", line, ds_system_errmsg()); -#endif - - /* Create slapd-nickname/logs directory */ - PR_snprintf(line, sizeof(line), "%s%clogs", subdir, FILE_PATHSEP); - if( (create_instance_mkdir(line, NEWSECDIR_MODE)) ) - return make_error("mkdir %s failed (%s)", line, ds_system_errmsg()); - - /* Create httpacl directory */ - PR_snprintf(line, sizeof(line), "%s%chttpacl", cf->sroot, FILE_PATHSEP); - if( (create_instance_mkdir(line, NEWDIR_MODE)) ) - return make_error("mkdir %s failed (%s)", line, ds_system_errmsg()); - #ifdef XP_UNIX /* Start/stop/rotate/restart scripts */ if (getenv("USE_DEBUGGER")) @@ -1180,17 +1121,6 @@ subdir, cf->loglevel ? cf->loglevel : "0" ); -/* - t = gen_script(subdir, START_SCRIPT, - "NETSITE_ROOT=%s\n" - "export NETSITE_ROOT\n" - "cd %s/bin/%s/server; /usr/bin/X11/xterm -fn 10x20 -sb -sl 2000 -e /bin/ladebug " - "-I /u/richm/ds50/ldapserver/ldap/servers/slapd/back-ldbm " - "-I /u/richm/ds50/ldapserver/ldap/servers/slapd " - "%s &\n", - sroot, sroot, PRODUCT_NAME, PRODUCT_BIN - ); -*/ #else t = gen_script(subdir, START_SCRIPT, "\n" @@ -1418,12 +1348,137 @@ t = gen_script(subdir, RESTART_SCRIPT".bat", "net stop slapd-%s\n" "net start slapd-%s\n", cf->servid, cf->servid); if(t) return t; +#endif /* XP_WIN32 */ +} +/* ---------------------- Update server script files ---------------------- */ +int update_server(server_config_s *cf) +{ + char line[PATH_SIZE], *t, *sroot = cf->sroot; + char subdir[PATH_SIZE]; + char error_param[BIG_LINE] = {0}; -#endif /* XP_WIN32 */ +#if defined( SOLARIS ) + /* + * Solaris 9+ specific installation + */ + char otherline[PATH_SIZE]; + char subdirvar[PATH_SIZE]; + char subdiretc[PATH_SIZE]; + char *sub; +#endif /* SOLARIS */ -#ifdef XP_WIN32 + error_param[0] = 0; /* init to empty string */ + +#ifdef XP_UNIX + if (!cf->servuser) + getSuiteSpotUserGroup(cf); +#else + /* Abort if the service exists on NT */ + if (t = service_exists(cf->servid)) { + PL_strncpyz(error_param, "servid", BIG_LINE); + goto out; + } +#endif + + if( (t = sanity_check(cf, error_param)) ) + goto out; + + t = create_scripts(cf, error_param); + if(t) goto out; + +out: + if(t) + { + char *msg; + if (error_param[0]) + { + msg = PR_smprintf("%s.error:could not update server %s - %s", + error_param, cf->servid, t); + } + else + { + msg = PR_smprintf("error:could not update server %s - %s", + cf->servid, t); + } + ds_show_message(msg); + PR_smprintf_free(msg); + return 1; + } + else + return 0; +} + +/* ---------------------- Create configuration files ---------------------- */ +char *create_server(server_config_s *cf, char *param_name) +{ + char line[PATH_SIZE], *t, *sroot = cf->sroot; + char subdir[PATH_SIZE]; + +#if defined( SOLARIS ) + /* + * Solaris 9+ specific installation + */ + char otherline[PATH_SIZE]; + char subdirvar[PATH_SIZE]; + char subdiretc[PATH_SIZE]; + char *sub; +#endif /* SOLARIS */ + + if (param_name) + param_name[0] = 0; /* init to empty string */ + +#ifdef XP_UNIX + if (!cf->servuser) + getSuiteSpotUserGroup(cf); +#else + /* Abort if the service exists on NT */ + if (t = service_exists(cf->servid)) { + PL_strncpyz(param_name, "servid", BIG_LINE); + return t; + } +#endif + + if( (t = sanity_check(cf, param_name)) ) + return t; + + /* Create slapd-nickname directory */ + PR_snprintf(subdir, sizeof(subdir), "%s%c"PRODUCT_NAME"-%s", sroot, FILE_PATHSEP, + cf->servid); + if( (create_instance_mkdir(subdir, NEWDIR_MODE)) ) + return make_error("mkdir %s failed (%s)", subdir, ds_system_errmsg()); + + /* Create slapd-nickname/config directory */ + PR_snprintf(line, sizeof(line), "%s%cconfig", subdir, FILE_PATHSEP); + if( (create_instance_mkdir(line, NEWDIR_MODE)) ) + return make_error("mkdir %s failed (%s)", line, ds_system_errmsg()); + + /* Create slapd-nickname/config/schema directory */ + PR_snprintf(line, sizeof(line), "%s%cconfig%cschema", subdir, FILE_PATHSEP, FILE_PATHSEP); + if( (create_instance_mkdir(line, NEWDIR_MODE)) ) + return make_error("mkdir %s failed (%s)", line, ds_system_errmsg()); + +#if defined (BUILD_PRESENCE) + /* Create slapd-nickname/config/presence directory */ + PR_snprintf(line, sizeof(line), "%s%cconfig%cpresence", subdir, FILE_PATHSEP, FILE_PATHSEP); + if( (create_instance_mkdir(line, NEWDIR_MODE)) ) + return make_error("mkdir %s failed (%s)", line, ds_system_errmsg()); +#endif + /* Create slapd-nickname/logs directory */ + PR_snprintf(line, sizeof(line), "%s%clogs", subdir, FILE_PATHSEP); + if( (create_instance_mkdir(line, NEWSECDIR_MODE)) ) + return make_error("mkdir %s failed (%s)", line, ds_system_errmsg()); + + /* Create httpacl directory */ + PR_snprintf(line, sizeof(line), "%s%chttpacl", cf->sroot, FILE_PATHSEP); + if( (create_instance_mkdir(line, NEWDIR_MODE)) ) + return make_error("mkdir %s failed (%s)", line, ds_system_errmsg()); + + t = create_scripts(cf, param_name); + if(t) return t; + +#ifdef XP_WIN32 if ( INFO_GetOperatingSystem () == OS_WINNT ) { if( (t = add_ntservice(cf)) ) Index: create_instance.h =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/admin/src/create_instance.h,v retrieving revision 1.5 retrieving revision 1.6 diff -u -r1.5 -r1.6 --- create_instance.h 19 Apr 2005 22:06:55 -0000 1.5 +++ create_instance.h 14 Mar 2006 17:13:38 -0000 1.6 @@ -132,6 +132,10 @@ additional detail */ char *create_server(server_config_s *cf, char *param_name); +/* + Update script files in the instance directory +*/ +int update_server(server_config_s *cf); /* from script-gen.c */ int generate_script(const char *inpath, const char *outpath, int mode, Index: instindex.cpp =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/admin/src/instindex.cpp,v retrieving revision 1.8 retrieving revision 1.9 diff -u -r1.8 -r1.9 --- instindex.cpp 19 Apr 2005 22:06:55 -0000 1.8 +++ instindex.cpp 14 Mar 2006 17:13:38 -0000 1.9 @@ -134,12 +134,16 @@ else fclose(infFile); + if (!status) + status = create_config_from_inf(&cf, argc, argv); if (reconfig) - status = reconfigure_instance(argc, argv); - else { + status = update_server(&cf); if (!status) - status = create_config_from_inf(&cf, argc, argv); + status = reconfigure_instance(argc, argv); + } + else + { if (!status) status = create_config(&cf); if (!status) From fedora-directory-commits at redhat.com Tue Mar 14 19:18:11 2006 From: fedora-directory-commits at redhat.com (Nathan Kinder (nkinder)) Date: Tue, 14 Mar 2006 14:18:11 -0500 Subject: [Fedora-directory-commits] ldapserver/ldap/servers/slapd saslbind.c, 1.14, 1.15 slap.h, 1.11, 1.12 Message-ID: <200603141918.k2EJIB7b006915@cvs-int.fedora.redhat.com> Author: nkinder Update of /cvs/dirsec/ldapserver/ldap/servers/slapd In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv6854 Modified Files: saslbind.c slap.h Log Message: 184585 - SASL context needs to be disposed of and a new one created when re-binding Index: saslbind.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/saslbind.c,v retrieving revision 1.14 retrieving revision 1.15 diff -u -r1.14 -r1.15 --- saslbind.c 10 Nov 2005 22:37:54 -0000 1.14 +++ saslbind.c 14 Mar 2006 19:18:03 -0000 1.15 @@ -881,6 +881,36 @@ sasl_start: + /* Check if we are already authenticated via sasl. If so, + * dispose of the current sasl_conn and create a new one + * using the new mechanism. We also need to do this if the + * mechanism changed in the middle of the SASL authentication + * process. */ + if ((pb->pb_conn->c_flags & CONN_FLAG_SASL_COMPLETE) || continuing) { + /* Lock the connection mutex */ + PR_Lock(pb->pb_conn->c_mutex); + + /* reset flag */ + pb->pb_conn->c_flags &= ~CONN_FLAG_SASL_COMPLETE; + + /* remove any SASL I/O from the connection */ + sasl_io_cleanup(pb->pb_conn); + + /* dispose of sasl_conn and create a new sasl_conn */ + sasl_dispose(&sasl_conn); + ids_sasl_server_new(pb->pb_conn); + sasl_conn = (sasl_conn_t*)pb->pb_conn->c_sasl_conn; + + /* Unlock the connection mutex */ + PR_Unlock(pb->pb_conn->c_mutex); + + if (sasl_conn == NULL) { + send_ldap_result( pb, LDAP_AUTH_METHOD_NOT_SUPPORTED, NULL, + "sasl library unavailable", 0, NULL ); + return; + } + } + rc = sasl_server_start(sasl_conn, mech, cred->bv_val, cred->bv_len, &sdata, &slen); @@ -889,6 +919,8 @@ switch (rc) { case SASL_OK: /* complete */ + /* Set a flag to signify that sasl bind is complete */ + pb->pb_conn->c_flags |= CONN_FLAG_SASL_COMPLETE; /* retrieve the authenticated username */ if (sasl_getprop(sasl_conn, SASL_USERNAME, Index: slap.h =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/slap.h,v retrieving revision 1.11 retrieving revision 1.12 diff -u -r1.11 -r1.12 --- slap.h 28 Feb 2006 21:51:26 -0000 1.11 +++ slap.h 14 Mar 2006 19:18:03 -0000 1.12 @@ -1271,6 +1271,9 @@ * Start TLS request operation. */ +#define CONN_FLAG_SASL_COMPLETE 32 /* Flag set when a sasl bind has been + * successfully completed. + */ #define START_TLS_OID "1.3.6.1.4.1.1466.20037" From fedora-directory-commits at redhat.com Tue Mar 14 19:32:22 2006 From: fedora-directory-commits at redhat.com (Nathan Kinder (nkinder)) Date: Tue, 14 Mar 2006 14:32:22 -0500 Subject: [Fedora-directory-commits] ldapserver/ldap/servers/slapd saslbind.c, 1.15, 1.16 Message-ID: <200603141932.k2EJWMGN007240@cvs-int.fedora.redhat.com> Author: nkinder Update of /cvs/dirsec/ldapserver/ldap/servers/slapd In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv7223 Modified Files: saslbind.c Log Message: 184585 - Adjusted the location of the connection lock when doing a sasl_rebind Index: saslbind.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/saslbind.c,v retrieving revision 1.15 retrieving revision 1.16 diff -u -r1.15 -r1.16 --- saslbind.c 14 Mar 2006 19:18:03 -0000 1.15 +++ saslbind.c 14 Mar 2006 19:32:15 -0000 1.16 @@ -887,12 +887,12 @@ * mechanism changed in the middle of the SASL authentication * process. */ if ((pb->pb_conn->c_flags & CONN_FLAG_SASL_COMPLETE) || continuing) { - /* Lock the connection mutex */ - PR_Lock(pb->pb_conn->c_mutex); - /* reset flag */ pb->pb_conn->c_flags &= ~CONN_FLAG_SASL_COMPLETE; + /* Lock the connection mutex */ + PR_Lock(pb->pb_conn->c_mutex); + /* remove any SASL I/O from the connection */ sasl_io_cleanup(pb->pb_conn); From fedora-directory-commits at redhat.com Tue Mar 14 19:36:30 2006 From: fedora-directory-commits at redhat.com (Nathan Kinder (nkinder)) Date: Tue, 14 Mar 2006 14:36:30 -0500 Subject: [Fedora-directory-commits] ldapserver/ldap/servers/slapd saslbind.c, 1.9.2.3, 1.9.2.4 slap.h, 1.9, 1.9.2.1 Message-ID: <200603141936.k2EJaU2x007346@cvs-int.fedora.redhat.com> Author: nkinder Update of /cvs/dirsec/ldapserver/ldap/servers/slapd In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv7327 Modified Files: Tag: Directory71RtmBranch saslbind.c slap.h Log Message: 184585 - SASL context needs to be disposed of and a new one created when re-binding Index: saslbind.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/saslbind.c,v retrieving revision 1.9.2.3 retrieving revision 1.9.2.4 diff -u -r1.9.2.3 -r1.9.2.4 --- saslbind.c 4 Nov 2005 18:57:48 -0000 1.9.2.3 +++ saslbind.c 14 Mar 2006 19:36:23 -0000 1.9.2.4 @@ -854,6 +854,37 @@ sasl_start: + /* Check if we are already authenticated via sasl. If so, + * dispose of the current sasl_conn and create a new one + * using the new mechanism. We also need to do this if the + * mechanism changed in the middle of the SASL authentication + * process. */ + if ((pb->pb_conn->c_flags & CONN_FLAG_SASL_COMPLETE) || continuing) { + /* reset flag */ + pb->pb_conn->c_flags &= ~CONN_FLAG_SASL_COMPLETE; + + /* Lock the connection mutex */ + PR_Lock(pb->pb_conn->c_mutex); + + /* remove any SASL I/O from the connection */ + sasl_io_cleanup(pb->pb_conn); + + /* dispose of sasl_conn and create a new sasl_conn */ + sasl_dispose(&sasl_conn); + ids_sasl_server_new(pb->pb_conn); + sasl_conn = (sasl_conn_t*)pb->pb_conn->c_sasl_conn; + + /* Unlock the connection mutex */ + PR_Unlock(pb->pb_conn->c_mutex); + + if (sasl_conn == NULL) { + send_ldap_result( pb, LDAP_AUTH_METHOD_NOT_SUPPORTED, NULL, + "sasl library unavailable", 0, NULL ); + return; + } + } + + rc = sasl_server_start(sasl_conn, mech, cred->bv_val, cred->bv_len, &sdata, &slen); @@ -862,6 +893,8 @@ switch (rc) { case SASL_OK: /* complete */ + /* Set a flag to signify that sasl bind is complete */ + pb->pb_conn->c_flags |= CONN_FLAG_SASL_COMPLETE; /* retrieve the authenticated username */ if (sasl_getprop(sasl_conn, SASL_USERNAME, Index: slap.h =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/slap.h,v retrieving revision 1.9 retrieving revision 1.9.2.1 diff -u -r1.9 -r1.9.2.1 --- slap.h 19 Apr 2005 22:07:37 -0000 1.9 +++ slap.h 14 Mar 2006 19:36:23 -0000 1.9.2.1 @@ -1268,6 +1268,10 @@ * Start TLS request operation. */ +#define CONN_FLAG_SASL_COMPLETE 32 /* Flag set when a sasl bind has been + * successfully completed. + */ + #define START_TLS_OID "1.3.6.1.4.1.1466.20037" From fedora-directory-commits at redhat.com Wed Mar 15 00:51:23 2006 From: fedora-directory-commits at redhat.com (Noriko Hosoi (nhosoi)) Date: Tue, 14 Mar 2006 19:51:23 -0500 Subject: [Fedora-directory-commits] ldapserver/ldap/servers/slapd/back-ldbm idl_new.c, 1.4, 1.5 Message-ID: <200603150051.k2F0pNrJ020616@cvs-int.fedora.redhat.com> Author: nhosoi Update of /cvs/dirsec/ldapserver/ldap/servers/slapd/back-ldbm In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv20599 Modified Files: idl_new.c Log Message: [185477] ldif2db allows entries without a parent to be imported The problem is that the new IDL code is not exposing the DB_NOTFOUND error when the index key is not found. Import checks if the result was DB_NOTFOUND when checking for the parent entry's entrydn index. This works fine with the old IDL code. (nkinder at redhat.com) Index: idl_new.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/back-ldbm/idl_new.c,v retrieving revision 1.4 retrieving revision 1.5 diff -u -r1.4 -r1.5 --- idl_new.c 19 Apr 2005 22:07:38 -0000 1.4 +++ idl_new.c 15 Mar 2006 00:51:14 -0000 1.5 @@ -244,9 +244,7 @@ ret = cursor->c_get(cursor,&key,&data,DB_SET); #endif if (0 != ret) { - if (DB_NOTFOUND == ret) { - ret = 0; - } else { + if (DB_NOTFOUND != ret) { #ifdef DB_USE_BULK_FETCH if (ret == ENOMEM) { LDAPDebug(LDAP_DEBUG_ANY, "database index is corrupt; " From fedora-directory-commits at redhat.com Wed Mar 15 00:52:10 2006 From: fedora-directory-commits at redhat.com (Noriko Hosoi (nhosoi)) Date: Tue, 14 Mar 2006 19:52:10 -0500 Subject: [Fedora-directory-commits] ldapserver/ldap/servers/slapd/back-ldbm idl_new.c, 1.4, 1.4.2.1 Message-ID: <200603150052.k2F0qAVT020649@cvs-int.fedora.redhat.com> Author: nhosoi Update of /cvs/dirsec/ldapserver/ldap/servers/slapd/back-ldbm In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv20632 Modified Files: Tag: Directory71RtmBranch idl_new.c Log Message: [185477] ldif2db allows entries without a parent to be imported The problem is that the new IDL code is not exposing the DB_NOTFOUND error when the index key is not found. Import checks if the result was DB_NOTFOUND when checking for the parent entry's entrydn index. This works fine with the old IDL code. (nkinder at redhat.com) Index: idl_new.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/back-ldbm/idl_new.c,v retrieving revision 1.4 retrieving revision 1.4.2.1 diff -u -r1.4 -r1.4.2.1 --- idl_new.c 19 Apr 2005 22:07:38 -0000 1.4 +++ idl_new.c 15 Mar 2006 00:52:02 -0000 1.4.2.1 @@ -244,9 +244,7 @@ ret = cursor->c_get(cursor,&key,&data,DB_SET); #endif if (0 != ret) { - if (DB_NOTFOUND == ret) { - ret = 0; - } else { + if (DB_NOTFOUND != ret) { #ifdef DB_USE_BULK_FETCH if (ret == ENOMEM) { LDAPDebug(LDAP_DEBUG_ANY, "database index is corrupt; " From fedora-directory-commits at redhat.com Thu Mar 16 03:02:42 2006 From: fedora-directory-commits at redhat.com (Noriko Hosoi (nhosoi)) Date: Wed, 15 Mar 2006 22:02:42 -0500 Subject: [Fedora-directory-commits] ldapserver/ldap/servers/slapd/back-ldbm ldif2ldbm.c, 1.7, 1.8 Message-ID: <200603160302.k2G32gTT021711@cvs-int.fedora.redhat.com> Author: nhosoi Update of /cvs/dirsec/ldapserver/ldap/servers/slapd/back-ldbm In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv19757 Modified Files: ldif2ldbm.c Log Message: [185477] ldif2db allows entries without a parent to be imported if idl is NULL, changed add_op_attrs to always set IMPORT_ADD_OP_ATTRS_NO_PARENT in non-error case (err == 0 or err == DB_NOTFOUND) Index: ldif2ldbm.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/back-ldbm/ldif2ldbm.c,v retrieving revision 1.7 retrieving revision 1.8 diff -u -r1.7 -r1.8 --- ldif2ldbm.c 19 Apr 2005 22:07:38 -0000 1.7 +++ ldif2ldbm.c 16 Mar 2006 03:02:33 -0000 1.8 @@ -222,15 +222,15 @@ &err )) != NULL ) { pid = idl_firstid( idl ); idl_free( idl ); - } else if ( 0 != err ) { - if (DB_NOTFOUND != err ) { + } else { + /* empty idl */ + if ( 0 != err && DB_NOTFOUND != err ) { LDAPDebug( LDAP_DEBUG_ANY, "database error %d\n", err, 0, 0 ); slapi_ch_free( (void**)&pdn ); return( -1 ); - } else { - if (NULL != status) { - *status = IMPORT_ADD_OP_ATTRS_NO_PARENT; - } + } + if (NULL != status) { + *status = IMPORT_ADD_OP_ATTRS_NO_PARENT; } } slapi_ch_free( (void**)&pdn ); From fedora-directory-commits at redhat.com Thu Mar 16 22:19:44 2006 From: fedora-directory-commits at redhat.com (Noriko Hosoi (nhosoi)) Date: Thu, 16 Mar 2006 17:19:44 -0500 Subject: [Fedora-directory-commits] ldapserver/ldap/admin/src create_instance.c, 1.25, 1.26 Message-ID: <200603162219.k2GMJiGk009200@cvs-int.fedora.redhat.com> Author: nhosoi Update of /cvs/dirsec/ldapserver/ldap/admin/src In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv9147 Modified Files: create_instance.c Log Message: [185364] Can't update scripts (e.g., start-slapd) in the instance directory Missing return at the end of create_scripts (success case) Index: create_instance.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/admin/src/create_instance.c,v retrieving revision 1.25 retrieving revision 1.26 diff -u -r1.25 -r1.26 --- create_instance.c 14 Mar 2006 17:13:38 -0000 1.25 +++ create_instance.c 16 Mar 2006 22:19:31 -0000 1.26 @@ -1060,7 +1060,7 @@ static char * create_scripts(server_config_s *cf, char *param_name) { - char *t, *sroot = cf->sroot; + char *t = NULL, *sroot = cf->sroot; char subdir[PATH_SIZE]; /* Create slapd-nickname directory */ @@ -1349,6 +1349,8 @@ "net start slapd-%s\n", cf->servid, cf->servid); if(t) return t; #endif /* XP_WIN32 */ + + return t; /* should be NULL */ } /* ---------------------- Update server script files ---------------------- */ From fedora-directory-commits at redhat.com Sat Mar 18 00:32:21 2006 From: fedora-directory-commits at redhat.com (Nathan Kinder (nkinder)) Date: Fri, 17 Mar 2006 19:32:21 -0500 Subject: [Fedora-directory-commits] ldapserver/ldap/synctools/passwordsync/wix PassSync.wxs, 1.8.2.4, 1.8.2.5 Message-ID: <200603180032.k2I0WLYj012206@cvs-int.fedora.redhat.com> Author: nkinder Update of /cvs/dirsec/ldapserver/ldap/synctools/passwordsync/wix In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv12158/ldap/synctools/passwordsync/wix Modified Files: Tag: Directory71RtmBranch PassSync.wxs Log Message: 186765 - Fixed memory leaks in passsync service Index: PassSync.wxs =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/synctools/passwordsync/wix/PassSync.wxs,v retrieving revision 1.8.2.4 retrieving revision 1.8.2.5 diff -u -r1.8.2.4 -r1.8.2.5 --- PassSync.wxs 14 Oct 2005 16:06:58 -0000 1.8.2.4 +++ PassSync.wxs 18 Mar 2006 00:32:11 -0000 1.8.2.5 @@ -38,7 +38,7 @@ + Version='1.0.2' Manufacturer='Fedora Project'> Author: nkinder Update of /cvs/dirsec/ldapserver/ldap/synctools/passwordsync In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv12158/ldap/synctools/passwordsync Modified Files: Tag: Directory71RtmBranch passhand.cpp Log Message: 186765 - Fixed memory leaks in passsync service Index: passhand.cpp =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/synctools/passwordsync/passhand.cpp,v retrieving revision 1.7 retrieving revision 1.7.2.1 diff -u -r1.7 -r1.7.2.1 --- passhand.cpp 19 Apr 2005 22:07:43 -0000 1.7 +++ passhand.cpp 18 Mar 2006 00:31:54 -0000 1.7.2.1 @@ -62,7 +62,7 @@ fstream outFile; PASS_INFO_LIST_ITERATOR currentPair; strstream plainTextStream; - char* cipherTextBuf; + char* cipherTextBuf = NULL; int usernameLen; int passwordLen; int plainTextLen; @@ -90,7 +90,10 @@ // cipherTextBuf length must be at least plainTextLen + 8 cipherTextLen = plainTextLen + 8; - cipherTextBuf = (char*)malloc(cipherTextLen); + if ((cipherTextBuf = (char*)malloc(cipherTextLen)) == NULL) { + result = -1; + goto exit; + } if(encrypt(plainTextStream.str(), plainTextLen, cipherTextBuf, cipherTextLen, &resultTextLen) != 0) { @@ -109,6 +112,7 @@ outFile.close(); exit: + free(cipherTextBuf); return result; } @@ -119,8 +123,8 @@ fstream inFile; PASS_INFO newPair; strstream* plainTextStream; - char* cipherTextBuf; - char* plainTextBuf; + char* cipherTextBuf = NULL; + char* plainTextBuf = NULL; int usernameLen; int passwordLen; int plainTextLen; @@ -145,6 +149,12 @@ cipherTextBuf = (char*)malloc(cipherTextLen); plainTextBuf = (char*)malloc(plainTextLen); + if ((cipherTextBuf == NULL) || (plainTextBuf == NULL)) { + result = -1; + inFile.close(); + goto exit; + } + inFile.read(cipherTextBuf, cipherTextLen); inFile.close(); @@ -183,6 +193,8 @@ delete plainTextStream; exit: + free(cipherTextBuf); + free(plainTextBuf); return result; } @@ -205,7 +217,6 @@ PK11Context* EncContext = NULL; unsigned char gKey[] = KEY; unsigned char gIV[] = IV; - PK11SymKey* key = NULL; SECItem keyItem; SECItem ivItem; CK_MECHANISM_TYPE cipherMech = CKM_DES_CBC_PAD; @@ -234,6 +245,7 @@ SymKey = PK11_ImportSymKey(slot, cipherMech, PK11_OriginUnwrap, CKA_ENCRYPT, &keyItem, NULL); if(SymKey == NULL) { + PK11_FreeSlot(slot); result = PR_GetError(); goto exit; } @@ -247,6 +259,7 @@ if(SymKey != NULL) { PK11_FreeSymKey(SymKey); + PK11_FreeSlot(slot); } result = PR_GetError(); goto exit; @@ -266,6 +279,7 @@ // Clean up PK11_DestroyContext(EncContext, PR_TRUE); PK11_FreeSymKey(SymKey); + PK11_FreeSlot(slot); SECITEM_FreeItem(SecParam, PR_TRUE); if((rv2 != SECSuccess) || (rv2 != SECSuccess)) @@ -288,7 +302,6 @@ PK11Context* EncContext = NULL; unsigned char gKey[] = KEY; unsigned char gIV[] = IV; - PK11SymKey* key = NULL; SECItem keyItem; SECItem ivItem; CK_MECHANISM_TYPE cipherMech = CKM_DES_CBC_PAD; @@ -317,6 +330,7 @@ SymKey = PK11_ImportSymKey(slot, cipherMech, PK11_OriginUnwrap, CKA_ENCRYPT, &keyItem, NULL); if(SymKey == NULL) { + PK11_FreeSlot(slot); result = PR_GetError(); goto exit; } @@ -330,6 +344,7 @@ if(SymKey != NULL) { PK11_FreeSymKey(SymKey); + PK11_FreeSlot(slot); } result = PR_GetError(); goto exit; @@ -349,6 +364,7 @@ // Clean up PK11_DestroyContext(EncContext, PR_TRUE); PK11_FreeSymKey(SymKey); + PK11_FreeSlot(slot); SECITEM_FreeItem(SecParam, PR_TRUE); if((rv2 != SECSuccess) || (rv2 != SECSuccess)) From fedora-directory-commits at redhat.com Sat Mar 18 00:32:18 2006 From: fedora-directory-commits at redhat.com (Nathan Kinder (nkinder)) Date: Fri, 17 Mar 2006 19:32:18 -0500 Subject: [Fedora-directory-commits] ldapserver/ldap/synctools/passwordsync/passsync dssynch.h, 1.5.2.1, 1.5.2.2 syncserv.cpp, 1.7.2.4, 1.7.2.5 Message-ID: <200603180032.k2I0Wmps012215@cvs-int.fedora.redhat.com> Author: nkinder Update of /cvs/dirsec/ldapserver/ldap/synctools/passwordsync/passsync In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv12158/ldap/synctools/passwordsync/passsync Modified Files: Tag: Directory71RtmBranch dssynch.h syncserv.cpp Log Message: 186765 - Fixed memory leaks in passsync service Index: dssynch.h =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/synctools/passwordsync/passsync/dssynch.h,v retrieving revision 1.5.2.1 retrieving revision 1.5.2.2 diff -u -r1.5.2.1 -r1.5.2.2 --- dssynch.h 11 Oct 2005 15:56:01 -0000 1.5.2.1 +++ dssynch.h 18 Mar 2006 00:32:01 -0000 1.5.2.2 @@ -65,6 +65,6 @@ #define DS_SERVICE_NAME_UNI L"Netscape Directory Synchronization Service" #define DS_EVENT_NAME TEXT("Netscape DirSynch") #define DSS_TERM_EVENT TEXT("NS_DSSYNCH") -#define SYNCH_VERSION "1.0.1" +#define SYNCH_VERSION "1.0.2" #endif // _DSSYNCH_H_ Index: syncserv.cpp =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/synctools/passwordsync/passsync/syncserv.cpp,v retrieving revision 1.7.2.4 retrieving revision 1.7.2.5 diff -u -r1.7.2.4 -r1.7.2.5 --- syncserv.cpp 14 Oct 2005 17:59:01 -0000 1.7.2.4 +++ syncserv.cpp 18 Mar 2006 00:32:01 -0000 1.7.2.5 @@ -242,6 +242,7 @@ } exit: + clearSet(&passInfoList); CloseHandle(passhookEventHandle); } @@ -254,7 +255,7 @@ PASS_INFO_LIST emptyPassInfoList; PASS_INFO_LIST_ITERATOR currentPassInfo; PASS_INFO_LIST_ITERATOR tempPassInfo; - char* dn; + char* dn = NULL; int tempSize = passInfoList.size(); if(loadSet(&passInfoList, dataFilename) == 0) @@ -349,6 +350,9 @@ timeStamp(&outLog); outLog << "Deferring password change for " << currentPassInfo->username << endl; currentPassInfo++; + // free dn + ldap_memfree(dn); + dn = NULL; continue; } else @@ -366,6 +370,16 @@ timeStamp(&outLog); outLog << "Removing password change from list" << endl; } + + // free the dn + ldap_memfree(dn); + dn = NULL; + + // free the username and password + free(tempPassInfo->username); + free(tempPassInfo->password); + + // remove the completed change from the list passInfoList.erase(tempPassInfo); } } @@ -447,7 +461,10 @@ int result = 0; char searchFilter[SYNCSERV_BUF_SIZE]; - results = NULL; + if (results != NULL) { + ldap_msgfree(results); + results = NULL; + } _snprintf(searchFilter, SYNCSERV_BUF_SIZE, "(%s=%s)", ldapUsernameField, username); @@ -640,6 +657,12 @@ tempPassInfo = currentPassInfo; currentPassInfo++; + + // free the username and password + free(tempPassInfo->username); + free(tempPassInfo->password); + + // remove the change from the list passInfoList.erase(tempPassInfo); } else From fedora-directory-commits at redhat.com Sat Mar 18 00:37:05 2006 From: fedora-directory-commits at redhat.com (Nathan Kinder (nkinder)) Date: Fri, 17 Mar 2006 19:37:05 -0500 Subject: [Fedora-directory-commits] winsync/passwordsync/wix PassSync.wxs, 1.12, 1.13 Message-ID: <200603180037.k2I0b5x3012305@cvs-int.fedora.redhat.com> Author: nkinder Update of /cvs/dirsec/winsync/passwordsync/wix In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv12256/passwordsync/wix Modified Files: PassSync.wxs Log Message: 186765 - Fixed memory leaks in passsync service Index: PassSync.wxs =================================================================== RCS file: /cvs/dirsec/winsync/passwordsync/wix/PassSync.wxs,v retrieving revision 1.12 retrieving revision 1.13 diff -u -r1.12 -r1.13 --- PassSync.wxs 14 Oct 2005 16:00:00 -0000 1.12 +++ PassSync.wxs 18 Mar 2006 00:36:57 -0000 1.13 @@ -38,7 +38,7 @@ + Version='1.0.2' Manufacturer='Fedora Project'> Author: nkinder Update of /cvs/dirsec/winsync/passwordsync In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv12256/passwordsync Modified Files: passhand.cpp Log Message: 186765 - Fixed memory leaks in passsync service Index: passhand.cpp =================================================================== RCS file: /cvs/dirsec/winsync/passwordsync/passhand.cpp,v retrieving revision 1.7 retrieving revision 1.8 diff -u -r1.7 -r1.8 --- passhand.cpp 19 Apr 2005 22:07:43 -0000 1.7 +++ passhand.cpp 18 Mar 2006 00:36:33 -0000 1.8 @@ -62,7 +62,7 @@ fstream outFile; PASS_INFO_LIST_ITERATOR currentPair; strstream plainTextStream; - char* cipherTextBuf; + char* cipherTextBuf = NULL; int usernameLen; int passwordLen; int plainTextLen; @@ -90,7 +90,10 @@ // cipherTextBuf length must be at least plainTextLen + 8 cipherTextLen = plainTextLen + 8; - cipherTextBuf = (char*)malloc(cipherTextLen); + if ((cipherTextBuf = (char*)malloc(cipherTextLen)) == NULL) { + result = -1; + goto exit; + } if(encrypt(plainTextStream.str(), plainTextLen, cipherTextBuf, cipherTextLen, &resultTextLen) != 0) { @@ -109,6 +112,7 @@ outFile.close(); exit: + free(cipherTextBuf); return result; } @@ -119,8 +123,8 @@ fstream inFile; PASS_INFO newPair; strstream* plainTextStream; - char* cipherTextBuf; - char* plainTextBuf; + char* cipherTextBuf = NULL; + char* plainTextBuf = NULL; int usernameLen; int passwordLen; int plainTextLen; @@ -145,6 +149,12 @@ cipherTextBuf = (char*)malloc(cipherTextLen); plainTextBuf = (char*)malloc(plainTextLen); + if ((cipherTextBuf == NULL) || (plainTextBuf == NULL)) { + result = -1; + inFile.close(); + goto exit; + } + inFile.read(cipherTextBuf, cipherTextLen); inFile.close(); @@ -183,6 +193,8 @@ delete plainTextStream; exit: + free(cipherTextBuf); + free(plainTextBuf); return result; } @@ -205,7 +217,6 @@ PK11Context* EncContext = NULL; unsigned char gKey[] = KEY; unsigned char gIV[] = IV; - PK11SymKey* key = NULL; SECItem keyItem; SECItem ivItem; CK_MECHANISM_TYPE cipherMech = CKM_DES_CBC_PAD; @@ -234,6 +245,7 @@ SymKey = PK11_ImportSymKey(slot, cipherMech, PK11_OriginUnwrap, CKA_ENCRYPT, &keyItem, NULL); if(SymKey == NULL) { + PK11_FreeSlot(slot); result = PR_GetError(); goto exit; } @@ -247,6 +259,7 @@ if(SymKey != NULL) { PK11_FreeSymKey(SymKey); + PK11_FreeSlot(slot); } result = PR_GetError(); goto exit; @@ -266,6 +279,7 @@ // Clean up PK11_DestroyContext(EncContext, PR_TRUE); PK11_FreeSymKey(SymKey); + PK11_FreeSlot(slot); SECITEM_FreeItem(SecParam, PR_TRUE); if((rv2 != SECSuccess) || (rv2 != SECSuccess)) @@ -288,7 +302,6 @@ PK11Context* EncContext = NULL; unsigned char gKey[] = KEY; unsigned char gIV[] = IV; - PK11SymKey* key = NULL; SECItem keyItem; SECItem ivItem; CK_MECHANISM_TYPE cipherMech = CKM_DES_CBC_PAD; @@ -317,6 +330,7 @@ SymKey = PK11_ImportSymKey(slot, cipherMech, PK11_OriginUnwrap, CKA_ENCRYPT, &keyItem, NULL); if(SymKey == NULL) { + PK11_FreeSlot(slot); result = PR_GetError(); goto exit; } @@ -330,6 +344,7 @@ if(SymKey != NULL) { PK11_FreeSymKey(SymKey); + PK11_FreeSlot(slot); } result = PR_GetError(); goto exit; @@ -349,6 +364,7 @@ // Clean up PK11_DestroyContext(EncContext, PR_TRUE); PK11_FreeSymKey(SymKey); + PK11_FreeSlot(slot); SECITEM_FreeItem(SecParam, PR_TRUE); if((rv2 != SECSuccess) || (rv2 != SECSuccess)) From fedora-directory-commits at redhat.com Sat Mar 18 00:36:59 2006 From: fedora-directory-commits at redhat.com (Nathan Kinder (nkinder)) Date: Fri, 17 Mar 2006 19:36:59 -0500 Subject: [Fedora-directory-commits] winsync/passwordsync/passsync dssynch.h, 1.6, 1.7 syncserv.cpp, 1.11, 1.12 Message-ID: <200603180037.k2I0bTeP012312@cvs-int.fedora.redhat.com> Author: nkinder Update of /cvs/dirsec/winsync/passwordsync/passsync In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv12256/passwordsync/passsync Modified Files: dssynch.h syncserv.cpp Log Message: 186765 - Fixed memory leaks in passsync service Index: dssynch.h =================================================================== RCS file: /cvs/dirsec/winsync/passwordsync/passsync/dssynch.h,v retrieving revision 1.6 retrieving revision 1.7 diff -u -r1.6 -r1.7 --- dssynch.h 11 Oct 2005 15:40:35 -0000 1.6 +++ dssynch.h 18 Mar 2006 00:36:39 -0000 1.7 @@ -65,6 +65,6 @@ #define DS_SERVICE_NAME_UNI L"Netscape Directory Synchronization Service" #define DS_EVENT_NAME TEXT("Netscape DirSynch") #define DSS_TERM_EVENT TEXT("NS_DSSYNCH") -#define SYNCH_VERSION "1.0.1" +#define SYNCH_VERSION "1.0.2" #endif // _DSSYNCH_H_ Index: syncserv.cpp =================================================================== RCS file: /cvs/dirsec/winsync/passwordsync/passsync/syncserv.cpp,v retrieving revision 1.11 retrieving revision 1.12 diff -u -r1.11 -r1.12 --- syncserv.cpp 14 Oct 2005 17:58:19 -0000 1.11 +++ syncserv.cpp 18 Mar 2006 00:36:39 -0000 1.12 @@ -242,6 +242,7 @@ } exit: + clearSet(&passInfoList); CloseHandle(passhookEventHandle); } @@ -254,7 +255,7 @@ PASS_INFO_LIST emptyPassInfoList; PASS_INFO_LIST_ITERATOR currentPassInfo; PASS_INFO_LIST_ITERATOR tempPassInfo; - char* dn; + char* dn = NULL; int tempSize = passInfoList.size(); if(loadSet(&passInfoList, dataFilename) == 0) @@ -349,6 +350,9 @@ timeStamp(&outLog); outLog << "Deferring password change for " << currentPassInfo->username << endl; currentPassInfo++; + // free dn + ldap_memfree(dn); + dn = NULL; continue; } else @@ -366,6 +370,16 @@ timeStamp(&outLog); outLog << "Removing password change from list" << endl; } + + // free the dn + ldap_memfree(dn); + dn = NULL; + + // free the username and password + free(tempPassInfo->username); + free(tempPassInfo->password); + + // remove the completed change from the list passInfoList.erase(tempPassInfo); } } @@ -447,7 +461,10 @@ int result = 0; char searchFilter[SYNCSERV_BUF_SIZE]; - results = NULL; + if (results != NULL) { + ldap_msgfree(results); + results = NULL; + } _snprintf(searchFilter, SYNCSERV_BUF_SIZE, "(%s=%s)", ldapUsernameField, username); @@ -640,6 +657,12 @@ tempPassInfo = currentPassInfo; currentPassInfo++; + + // free the username and password + free(tempPassInfo->username); + free(tempPassInfo->password); + + // remove the change from the list passInfoList.erase(tempPassInfo); } else From fedora-directory-commits at redhat.com Sat Mar 18 00:53:59 2006 From: fedora-directory-commits at redhat.com (Noriko Hosoi (nhosoi)) Date: Fri, 17 Mar 2006 19:53:59 -0500 Subject: [Fedora-directory-commits] ldapserver/ldap/cm fedora-patch.inf, 1.1.2.11, 1.1.2.12 redhat-patch.inf, 1.1.2.11, 1.1.2.12 Message-ID: <200603180053.k2I0rx4I012453@cvs-int.fedora.redhat.com> Author: nhosoi Update of /cvs/dirsec/ldapserver/ldap/cm In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv12419/ldap/cm Modified Files: Tag: Directory71RtmBranch fedora-patch.inf redhat-patch.inf Log Message: [185765] PassSync service leaks memory Picking up fixed PassSync.msi Index: fedora-patch.inf =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/cm/fedora-patch.inf,v retrieving revision 1.1.2.11 retrieving revision 1.1.2.12 diff -u -r1.1.2.11 -r1.1.2.12 --- fedora-patch.inf 7 Mar 2006 00:52:08 -0000 1.1.2.11 +++ fedora-patch.inf 18 Mar 2006 00:53:51 -0000 1.1.2.12 @@ -59,7 +59,7 @@ file: 164836,165600: lib/attr-unique-plugin.* file: 165640: lib/views-plugin.* file: 167478,160589: setup/setup -file: 156120,159037,170321,170328,170556,170558,170816: winsync/PassSync.msi +file: 156120,159037,170321,170328,170556,170558,170816,185765: winsync/PassSync.msi file: 167761: java/jars/ds71.jar file: 169388,169954,170071,170350,181827,179135,179137: lib/replication-plugin.* file: xxxxxx: bin/slapd/README.txt Index: redhat-patch.inf =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/cm/redhat-patch.inf,v retrieving revision 1.1.2.11 retrieving revision 1.1.2.12 diff -u -r1.1.2.11 -r1.1.2.12 --- redhat-patch.inf 7 Mar 2006 00:52:08 -0000 1.1.2.11 +++ redhat-patch.inf 18 Mar 2006 00:53:51 -0000 1.1.2.12 @@ -59,7 +59,7 @@ file: 164836,165600: lib/attr-unique-plugin.* file: 165640: lib/views-plugin.* file: 167478,160589: setup/setup -file: 156120,159037,170321,170328,170556,170558,170816: winsync/PassSync.msi +file: 156120,159037,170321,170328,170556,170558,170816,185765: winsync/PassSync.msi file: 167761: java/jars/ds71.jar file: 169388,169954,170071,170350,181827,179135,179137: lib/replication-plugin.* file: xxxxxx: bin/slapd/README.txt From fedora-directory-commits at redhat.com Sat Mar 18 00:53:53 2006 From: fedora-directory-commits at redhat.com (Noriko Hosoi (nhosoi)) Date: Fri, 17 Mar 2006 19:53:53 -0500 Subject: [Fedora-directory-commits] ldapserver component_versions.mk, 1.35.2.3, 1.35.2.4 Message-ID: <200603180054.k2I0sO3K012456@cvs-int.fedora.redhat.com> Author: nhosoi Update of /cvs/dirsec/ldapserver In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv12419 Modified Files: Tag: Directory71RtmBranch component_versions.mk Log Message: [185765] PassSync service leaks memory Picking up fixed PassSync.msi Index: component_versions.mk =================================================================== RCS file: /cvs/dirsec/ldapserver/component_versions.mk,v retrieving revision 1.35.2.3 retrieving revision 1.35.2.4 diff -u -r1.35.2.3 -r1.35.2.4 --- component_versions.mk 15 Feb 2006 21:32:16 -0000 1.35.2.3 +++ component_versions.mk 18 Mar 2006 00:53:46 -0000 1.35.2.4 @@ -250,7 +250,7 @@ endif ifndef ADSYNC_VERSION - ADSYNC_VERSION=20051017 + ADSYNC_VERSION=20060317 endif ifndef NT4SYNC_VERSION From fedora-directory-commits at redhat.com Sat Mar 18 17:48:45 2006 From: fedora-directory-commits at redhat.com (Nathan Kinder (nkinder)) Date: Sat, 18 Mar 2006 12:48:45 -0500 Subject: [Fedora-directory-commits] ldapserver/ldap/servers/slapd log.c, 1.6.2.1, 1.6.2.2 proto-slap.h, 1.10.2.2, 1.10.2.3 util.c, 1.6.2.1, 1.6.2.2 Message-ID: <200603181748.k2IHmjIc020892@cvs-int.fedora.redhat.com> Author: nkinder Update of /cvs/dirsec/ldapserver/ldap/servers/slapd In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv20871 Modified Files: Tag: Directory71RtmBranch log.c proto-slap.h util.c Log Message: 185811 - Fixed windows build failures when compiling slapd_chown_if_not_owner function Index: log.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/log.c,v retrieving revision 1.6.2.1 retrieving revision 1.6.2.2 diff -u -r1.6.2.1 -r1.6.2.2 --- log.c 23 Nov 2005 01:22:16 -0000 1.6.2.1 +++ log.c 18 Mar 2006 17:48:37 -0000 1.6.2.2 @@ -3298,12 +3298,13 @@ */ return LOG_UNABLE_TO_OPENFILE; } - +#ifndef _WIN32 /* make sure the logfile is owned by the localuser. If one of the * alternate ns-slapd modes, such as db2bak, tries to log an error * at startup, it will create the logfile as root! */ slapd_chown_if_not_owner(loginfo.log_error_file, pw->pw_uid, -1); +#endif loginfo.log_error_fdes = fp; if (logfile_state == LOGFILE_REOPENED) { Index: proto-slap.h =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/proto-slap.h,v retrieving revision 1.10.2.2 retrieving revision 1.10.2.3 diff -u -r1.10.2.2 -r1.10.2.3 --- proto-slap.h 23 Nov 2005 01:22:16 -0000 1.10.2.2 +++ proto-slap.h 18 Mar 2006 17:48:37 -0000 1.10.2.3 @@ -588,7 +588,9 @@ */ void slapd_nasty(char* str, int c, int err); int strarray2str( char **a, char *buf, size_t buflen, int include_quotes ); -int slapd_slapd_chown_if_not_owner(const char *filename, uid_t uid, gid_t gid); +#ifndef _WIN32 +int slapd_chown_if_not_owner(const char *filename, uid_t uid, gid_t gid); +#endif /* * modify.c Index: util.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/util.c,v retrieving revision 1.6.2.1 retrieving revision 1.6.2.2 diff -u -r1.6.2.1 -r1.6.2.2 --- util.c 23 Nov 2005 01:22:16 -0000 1.6.2.1 +++ util.c 18 Mar 2006 17:48:37 -0000 1.6.2.2 @@ -637,6 +637,7 @@ Returns 0 upon success or non-zero otherwise, usually -1 if some system error occurred */ +#ifndef _WIN32 int slapd_chown_if_not_owner(const char *filename, uid_t uid, gid_t gid) { @@ -657,4 +658,4 @@ return result; } - +#endif From fedora-directory-commits at redhat.com Sat Mar 18 17:57:46 2006 From: fedora-directory-commits at redhat.com (Nathan Kinder (nkinder)) Date: Sat, 18 Mar 2006 12:57:46 -0500 Subject: [Fedora-directory-commits] ldapserver/ldap/servers/slapd log.c, 1.9, 1.10 proto-slap.h, 1.16, 1.17 util.c, 1.10, 1.11 Message-ID: <200603181757.k2IHvlC8021002@cvs-int.fedora.redhat.com> Author: nkinder Update of /cvs/dirsec/ldapserver/ldap/servers/slapd In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv20981 Modified Files: log.c proto-slap.h util.c Log Message: 185811 - Fixed windows build failures when compiling slapd_chown_if_not_owner function Index: log.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/log.c,v retrieving revision 1.9 retrieving revision 1.10 diff -u -r1.9 -r1.10 --- log.c 4 Dec 2005 01:54:37 -0000 1.9 +++ log.c 18 Mar 2006 17:57:39 -0000 1.10 @@ -3540,11 +3540,13 @@ return LOG_UNABLE_TO_OPENFILE; } +#ifndef _WIN32 /* make sure the logfile is owned by the localuser. If one of the * alternate ns-slapd modes, such as db2bak, tries to log an error * at startup, it will create the logfile as root! */ slapd_chown_if_not_owner(loginfo.log_error_file, pw->pw_uid, -1); +#endif loginfo.log_error_fdes = fp; if (logfile_state == LOGFILE_REOPENED) { Index: proto-slap.h =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/proto-slap.h,v retrieving revision 1.16 retrieving revision 1.17 diff -u -r1.16 -r1.17 --- proto-slap.h 25 Jan 2006 16:51:39 -0000 1.16 +++ proto-slap.h 18 Mar 2006 17:57:39 -0000 1.17 @@ -607,7 +607,9 @@ */ void slapd_nasty(char* str, int c, int err); int strarray2str( char **a, char *buf, size_t buflen, int include_quotes ); +#ifndef _WIN32 int slapd_chown_if_not_owner(const char *filename, uid_t uid, gid_t gid); +#endif int slapd_comp_path(char *p0, char *p1); Index: util.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/util.c,v retrieving revision 1.10 retrieving revision 1.11 diff -u -r1.10 -r1.11 --- util.c 16 Feb 2006 17:39:53 -0000 1.10 +++ util.c 18 Mar 2006 17:57:39 -0000 1.11 @@ -717,6 +717,7 @@ Returns 0 upon success or non-zero otherwise, usually -1 if some system error occurred */ +#ifndef _WIN32 int slapd_chown_if_not_owner(const char *filename, uid_t uid, gid_t gid) { @@ -737,6 +738,7 @@ return result; } +#endif /* * Compare 2 pathes From fedora-directory-commits at redhat.com Sat Mar 18 18:05:23 2006 From: fedora-directory-commits at redhat.com (Nathan Kinder (nkinder)) Date: Sat, 18 Mar 2006 13:05:23 -0500 Subject: [Fedora-directory-commits] ldapserver component_versions.mk, 1.35.2.4, 1.35.2.5 Message-ID: <200603181805.k2II5NIx022987@cvs-int.fedora.redhat.com> Author: nkinder Update of /cvs/dirsec/ldapserver In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv22970 Modified Files: Tag: Directory71RtmBranch component_versions.mk Log Message: Pull new ADSYNC component for bug 186765 Index: component_versions.mk =================================================================== RCS file: /cvs/dirsec/ldapserver/component_versions.mk,v retrieving revision 1.35.2.4 retrieving revision 1.35.2.5 diff -u -r1.35.2.4 -r1.35.2.5 --- component_versions.mk 18 Mar 2006 00:53:46 -0000 1.35.2.4 +++ component_versions.mk 18 Mar 2006 18:05:15 -0000 1.35.2.5 @@ -250,7 +250,7 @@ endif ifndef ADSYNC_VERSION - ADSYNC_VERSION=20060317 + ADSYNC_VERSION=20060318 endif ifndef NT4SYNC_VERSION From fedora-directory-commits at redhat.com Sat Mar 18 22:35:26 2006 From: fedora-directory-commits at redhat.com (Nathan Kinder (nkinder)) Date: Sat, 18 Mar 2006 17:35:26 -0500 Subject: [Fedora-directory-commits] ldapserver/ldap/servers/slapd log.c, 1.10, 1.11 Message-ID: <200603182235.k2IMZQCk032266@cvs-int.fedora.redhat.com> Author: nkinder Update of /cvs/dirsec/ldapserver/ldap/servers/slapd In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv32249 Modified Files: log.c Log Message: 185811 - Need to exclude pwd.h include on windows Index: log.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/log.c,v retrieving revision 1.10 retrieving revision 1.11 diff -u -r1.10 -r1.11 --- log.c 18 Mar 2006 17:57:39 -0000 1.10 +++ log.c 18 Mar 2006 22:35:17 -0000 1.11 @@ -48,7 +48,9 @@ #include "log.h" #include "fe.h" +#ifndef _WIN32 #include /* getpwnam */ +#endif #if defined( XP_WIN32 ) #include From fedora-directory-commits at redhat.com Sat Mar 18 22:36:27 2006 From: fedora-directory-commits at redhat.com (Nathan Kinder (nkinder)) Date: Sat, 18 Mar 2006 17:36:27 -0500 Subject: [Fedora-directory-commits] ldapserver/ldap/servers/slapd log.c, 1.6.2.2, 1.6.2.3 Message-ID: <200603182236.k2IMaREq032294@cvs-int.fedora.redhat.com> Author: nkinder Update of /cvs/dirsec/ldapserver/ldap/servers/slapd In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv32277 Modified Files: Tag: Directory71RtmBranch log.c Log Message: 185811 - Need to exclude pwd.h include on windows Index: log.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/log.c,v retrieving revision 1.6.2.2 retrieving revision 1.6.2.3 diff -u -r1.6.2.2 -r1.6.2.3 --- log.c 18 Mar 2006 17:48:37 -0000 1.6.2.2 +++ log.c 18 Mar 2006 22:36:19 -0000 1.6.2.3 @@ -48,7 +48,9 @@ #include "log.h" #include "fe.h" +#ifndef _WIN32 #include /* getpwnam */ +#endif #if defined( XP_WIN32 ) #include From fedora-directory-commits at redhat.com Sun Mar 19 18:36:47 2006 From: fedora-directory-commits at redhat.com (Nathan Kinder (nkinder)) Date: Sun, 19 Mar 2006 13:36:47 -0500 Subject: [Fedora-directory-commits] ldapserver/ldap/servers/slapd log.c, 1.11, 1.12 Message-ID: <200603191836.k2JIalqB016089@cvs-int.fedora.redhat.com> Author: nkinder Update of /cvs/dirsec/ldapserver/ldap/servers/slapd In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv16072 Modified Files: log.c Log Message: 185811 - Don't check localuser config on Windows Index: log.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/log.c,v retrieving revision 1.11 retrieving revision 1.12 diff -u -r1.11 -r1.12 --- log.c 18 Mar 2006 22:35:17 -0000 1.11 +++ log.c 19 Mar 2006 18:36:40 -0000 1.12 @@ -3473,6 +3473,7 @@ slapdFrontendConfig_t *slapdFrontendConfig = getFrontendConfig(); +#ifndef _WIN32 if ( slapdFrontendConfig->localuser != NULL ) { if ( (pw = getpwnam( slapdFrontendConfig->localuser )) == NULL ) return LOG_UNABLE_TO_OPENFILE; @@ -3480,6 +3481,7 @@ else { return LOG_UNABLE_TO_OPENFILE; } +#endif if (!locked) LOG_ERROR_LOCK_WRITE( ); From fedora-directory-commits at redhat.com Sun Mar 19 18:37:52 2006 From: fedora-directory-commits at redhat.com (Nathan Kinder (nkinder)) Date: Sun, 19 Mar 2006 13:37:52 -0500 Subject: [Fedora-directory-commits] ldapserver/ldap/servers/slapd log.c, 1.6.2.3, 1.6.2.4 Message-ID: <200603191837.k2JIbqFO016113@cvs-int.fedora.redhat.com> Author: nkinder Update of /cvs/dirsec/ldapserver/ldap/servers/slapd In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv16096 Modified Files: Tag: Directory71RtmBranch log.c Log Message: 185811 - Don't check localuser config on Windows Index: log.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/log.c,v retrieving revision 1.6.2.3 retrieving revision 1.6.2.4 diff -u -r1.6.2.3 -r1.6.2.4 --- log.c 18 Mar 2006 22:36:19 -0000 1.6.2.3 +++ log.c 19 Mar 2006 18:37:45 -0000 1.6.2.4 @@ -3232,6 +3232,7 @@ slapdFrontendConfig_t *slapdFrontendConfig = getFrontendConfig(); +#ifndef _WIN32 if ( slapdFrontendConfig->localuser != NULL ) { if ( (pw = getpwnam( slapdFrontendConfig->localuser )) == NULL ) return LOG_UNABLE_TO_OPENFILE; @@ -3239,6 +3240,7 @@ else { return LOG_UNABLE_TO_OPENFILE; } +#endif if (!locked) LOG_ERROR_LOCK_WRITE( ); From fedora-directory-commits at redhat.com Sun Mar 19 21:21:00 2006 From: fedora-directory-commits at redhat.com (Nathan Kinder (nkinder)) Date: Sun, 19 Mar 2006 16:21:00 -0500 Subject: [Fedora-directory-commits] ldapserver/ldap/servers/slapd libslapd.def, 1.11.2.2, 1.11.2.3 Message-ID: <200603192121.k2JLL0HJ023577@cvs-int.fedora.redhat.com> Author: nkinder Update of /cvs/dirsec/ldapserver/ldap/servers/slapd In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv23543 Modified Files: Tag: Directory71RtmBranch libslapd.def Log Message: 185811 - slapi_dn_find_parent needs to be added to libslapd.def for windows build to compile Index: libslapd.def =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/libslapd.def,v retrieving revision 1.11.2.2 retrieving revision 1.11.2.3 diff -u -r1.11.2.2 -r1.11.2.3 --- libslapd.def 9 Sep 2005 00:49:24 -0000 1.11.2.2 +++ libslapd.def 19 Mar 2006 21:20:45 -0000 1.11.2.3 @@ -114,6 +114,7 @@ ; send_read_referrals @77 ; ref_array_dup @78 ; ref_array_dup_free @79 + slapi_dn_find_parent @79 slapi_dn_beparent @80 slapi_ldap_init @81 slapi_ldap_unbind @82 From fedora-directory-commits at redhat.com Sun Mar 19 21:21:30 2006 From: fedora-directory-commits at redhat.com (Nathan Kinder (nkinder)) Date: Sun, 19 Mar 2006 16:21:30 -0500 Subject: [Fedora-directory-commits] ldapserver/ldap/servers/slapd libslapd.def, 1.15, 1.16 Message-ID: <200603192121.k2JLLUfZ023595@cvs-int.fedora.redhat.com> Author: nkinder Update of /cvs/dirsec/ldapserver/ldap/servers/slapd In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv23552 Modified Files: libslapd.def Log Message: 185811 - slapi_dn_find_parent needs to be added to libslapd.def for windows build to compile Index: libslapd.def =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/libslapd.def,v retrieving revision 1.15 retrieving revision 1.16 diff -u -r1.15 -r1.16 --- libslapd.def 25 Jan 2006 16:51:39 -0000 1.15 +++ libslapd.def 19 Mar 2006 21:21:22 -0000 1.16 @@ -114,6 +114,7 @@ ; send_read_referrals @77 ; ref_array_dup @78 ; ref_array_dup_free @79 + slapi_dn_find_parent @79 slapi_dn_beparent @80 slapi_ldap_init @81 slapi_ldap_unbind @82 From fedora-directory-commits at redhat.com Mon Mar 20 17:47:24 2006 From: fedora-directory-commits at redhat.com (Nathan Kinder (nkinder)) Date: Mon, 20 Mar 2006 12:47:24 -0500 Subject: [Fedora-directory-commits] ldapserver/ldap/servers/plugins/replication windows_protocol_util.c, 1.24, 1.25 Message-ID: <200603201747.k2KHlOl9007707@cvs-int.fedora.redhat.com> Author: nkinder Update of /cvs/dirsec/ldapserver/ldap/servers/plugins/replication In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv7690 Modified Files: windows_protocol_util.c Log Message: 185811 - Missing const qualifiers were causing Windows compiler errors Index: windows_protocol_util.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/plugins/replication/windows_protocol_util.c,v retrieving revision 1.24 retrieving revision 1.25 diff -u -r1.24 -r1.25 --- windows_protocol_util.c 20 Feb 2006 19:36:24 -0000 1.24 +++ windows_protocol_util.c 20 Mar 2006 17:47:16 -0000 1.25 @@ -2702,7 +2702,7 @@ if (0 == retval && do_modify) { char dnbuf[BUFSIZ]; - char *dn = slapi_sdn_get_dn(slapi_entry_get_sdn_const(remote_entry)); + const char *dn = slapi_sdn_get_dn(slapi_entry_get_sdn_const(remote_entry)); slapi_log_error(SLAPI_LOG_REPL, windows_repl_plugin_name, "windows_update_remote_entry: modifying entry %s\n", escape_string(dn, dnbuf)); @@ -2710,7 +2710,7 @@ } else { char dnbuf[BUFSIZ]; - char *dn = slapi_sdn_get_dn(slapi_entry_get_sdn_const(remote_entry)); + const char *dn = slapi_sdn_get_dn(slapi_entry_get_sdn_const(remote_entry)); slapi_log_error(SLAPI_LOG_REPL, windows_repl_plugin_name, "no mods generated for remote entry: %s\n", escape_string(dn, dnbuf)); } @@ -2738,7 +2738,7 @@ if (pb) { char dnbuf[BUFSIZ]; - char *dn = slapi_sdn_get_dn(slapi_entry_get_sdn_const(local_entry)); + const char *dn = slapi_sdn_get_dn(slapi_entry_get_sdn_const(local_entry)); slapi_log_error(SLAPI_LOG_REPL, windows_repl_plugin_name, "modifying entry: %s\n", escape_string(dn, dnbuf)); slapi_modify_internal_set_pb (pb, slapi_entry_get_ndn(local_entry), slapi_mods_get_ldapmods_byref(&smods), NULL, NULL, @@ -2760,7 +2760,7 @@ } else { char dnbuf[BUFSIZ]; - char *dn = slapi_sdn_get_dn(slapi_entry_get_sdn_const(local_entry)); + const char *dn = slapi_sdn_get_dn(slapi_entry_get_sdn_const(local_entry)); slapi_log_error(SLAPI_LOG_REPL, windows_repl_plugin_name, "no mods generated for local entry: %s\n", escape_string(dn, dnbuf)); } From fedora-directory-commits at redhat.com Mon Mar 20 17:48:56 2006 From: fedora-directory-commits at redhat.com (Nathan Kinder (nkinder)) Date: Mon, 20 Mar 2006 12:48:56 -0500 Subject: [Fedora-directory-commits] ldapserver/ldap/servers/plugins/replication windows_protocol_util.c, 1.20.2.4, 1.20.2.5 Message-ID: <200603201748.k2KHmugT007738@cvs-int.fedora.redhat.com> Author: nkinder Update of /cvs/dirsec/ldapserver/ldap/servers/plugins/replication In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv7721 Modified Files: Tag: Directory71RtmBranch windows_protocol_util.c Log Message: 185811 - Missing const qualifiers were causing Windows compiler errors Index: windows_protocol_util.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/plugins/replication/windows_protocol_util.c,v retrieving revision 1.20.2.4 retrieving revision 1.20.2.5 diff -u -r1.20.2.4 -r1.20.2.5 --- windows_protocol_util.c 2 Mar 2006 01:11:55 -0000 1.20.2.4 +++ windows_protocol_util.c 20 Mar 2006 17:48:49 -0000 1.20.2.5 @@ -2702,7 +2702,7 @@ if (0 == retval && do_modify) { char dnbuf[BUFSIZ]; - char *dn = slapi_sdn_get_dn(slapi_entry_get_sdn_const(remote_entry)); + const char *dn = slapi_sdn_get_dn(slapi_entry_get_sdn_const(remote_entry)); slapi_log_error(SLAPI_LOG_REPL, windows_repl_plugin_name, "windows_update_remote_entry: modifying entry %s\n", escape_string(dn, dnbuf)); @@ -2710,7 +2710,7 @@ } else { char dnbuf[BUFSIZ]; - char *dn = slapi_sdn_get_dn(slapi_entry_get_sdn_const(remote_entry)); + const char *dn = slapi_sdn_get_dn(slapi_entry_get_sdn_const(remote_entry)); slapi_log_error(SLAPI_LOG_REPL, windows_repl_plugin_name, "no mods generated for remote entry: %s\n", escape_string(dn, dnbuf)); } @@ -2738,7 +2738,7 @@ if (pb) { char dnbuf[BUFSIZ]; - char *dn = slapi_sdn_get_dn(slapi_entry_get_sdn_const(local_entry)); + const char *dn = slapi_sdn_get_dn(slapi_entry_get_sdn_const(local_entry)); slapi_log_error(SLAPI_LOG_REPL, windows_repl_plugin_name, "modifying entry: %s\n", escape_string(dn, dnbuf)); slapi_modify_internal_set_pb (pb, slapi_entry_get_ndn(local_entry), slapi_mods_get_ldapmods_byref(&smods), NULL, NULL, @@ -2760,7 +2760,7 @@ } else { char dnbuf[BUFSIZ]; - char *dn = slapi_sdn_get_dn(slapi_entry_get_sdn_const(local_entry)); + const char *dn = slapi_sdn_get_dn(slapi_entry_get_sdn_const(local_entry)); slapi_log_error(SLAPI_LOG_REPL, windows_repl_plugin_name, "no mods generated for local entry: %s\n", escape_string(dn, dnbuf)); } From fedora-directory-commits at redhat.com Mon Mar 20 21:54:09 2006 From: fedora-directory-commits at redhat.com (Noriko Hosoi (nhosoi)) Date: Mon, 20 Mar 2006 16:54:09 -0500 Subject: [Fedora-directory-commits] console build.xml,1.9,1.10 Message-ID: <200603202154.k2KLs9S9017823@cvs-int.fedora.redhat.com> Author: nhosoi Update of /cvs/dirsec/console In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv17800 Modified Files: build.xml Log Message: Put startconsole script and jar files in the same directory in the tar-gz package. Index: build.xml =================================================================== RCS file: /cvs/dirsec/console/build.xml,v retrieving revision 1.9 retrieving revision 1.10 diff -u -r1.9 -r1.10 --- build.xml 2 Dec 2005 21:29:58 -0000 1.9 +++ build.xml 20 Mar 2006 21:54:02 -0000 1.10 @@ -293,7 +293,7 @@ + prefix="fedora-console-${console.dotversion}"> From fedora-directory-commits at redhat.com Tue Mar 21 18:34:18 2006 From: fedora-directory-commits at redhat.com (Noriko Hosoi (nhosoi)) Date: Tue, 21 Mar 2006 13:34:18 -0500 Subject: [Fedora-directory-commits] adminserver/include version.h,1.6,1.7 Message-ID: <200603211834.k2LIYIsG002263@cvs-int.fedora.redhat.com> Author: nhosoi Update of /cvs/dirsec/adminserver/include In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv2140/include Modified Files: version.h Log Message: [Bug 186105] Admin Server Makefile updates for Internal build . get mod_admserv, mod_restartd and mod_nss from /s/b/c (verification, for now) . updated component versions NSPR v4.6, NSS 3.11, JSS 3.7, LDAP C SDK v5.17, ICU 3.4, SetupUtil 1.0 20060307, Console 1.0 20060320, AdminUtil 1.0 20060307 Index: version.h =================================================================== RCS file: /cvs/dirsec/adminserver/include/version.h,v retrieving revision 1.6 retrieving revision 1.7 diff -u -r1.6 -r1.7 --- version.h 28 Oct 2005 22:44:56 -0000 1.6 +++ version.h 21 Mar 2006 18:34:10 -0000 1.7 @@ -43,4 +43,4 @@ #define ADMSERV_NAME Fedora Administration Server #define VI_COMPANYNAME "Fedora Project\0" -#define VI_COPYRIGHT "Copyright (C) 2005 Fedora Project\0" +#define VI_COPYRIGHT "Copyright (C) 2006 Fedora Project\0" From fedora-directory-commits at redhat.com Tue Mar 21 18:33:50 2006 From: fedora-directory-commits at redhat.com (Noriko Hosoi (nhosoi)) Date: Tue, 21 Mar 2006 13:33:50 -0500 Subject: [Fedora-directory-commits] adminserver/admserv pkgadmin.mk, 1.42, 1.43 Message-ID: <200603211834.k2LIYLgI002266@cvs-int.fedora.redhat.com> Author: nhosoi Update of /cvs/dirsec/adminserver/admserv In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv2140/admserv Modified Files: pkgadmin.mk Log Message: [Bug 186105] Admin Server Makefile updates for Internal build . get mod_admserv, mod_restartd and mod_nss from /s/b/c (verification, for now) . updated component versions NSPR v4.6, NSS 3.11, JSS 3.7, LDAP C SDK v5.17, ICU 3.4, SetupUtil 1.0 20060307, Console 1.0 20060320, AdminUtil 1.0 20060307 Index: pkgadmin.mk =================================================================== RCS file: /cvs/dirsec/adminserver/admserv/pkgadmin.mk,v retrieving revision 1.42 retrieving revision 1.43 diff -u -r1.42 -r1.43 --- pkgadmin.mk 1 Mar 2006 15:19:00 -0000 1.42 +++ pkgadmin.mk 21 Mar 2006 18:33:43 -0000 1.43 @@ -124,20 +124,6 @@ # enable apache module packaging by default - apl is compatible with the gpl # in this specific instance PKG_APACHE_MODULES = 1 -ifdef PKG_APACHE_MODULES -ifndef MOD_ADMSERV_LIB_DIR - MOD_ADMSERV_LIB_DIR=$(BUILD_ROOT)/../mod_admserv/.libs -endif -ifndef MOD_RESTARTD_LIB_DIR - MOD_RESTARTD_LIB_DIR=$(BUILD_ROOT)/../mod_restartd/.libs -endif -ifndef MOD_NSS_LIB_DIR - MOD_NSS_LIB_DIR=$(BUILD_ROOT)/../mod_nss/.libs -endif -ifndef MOD_NSS_BIN_DIR - MOD_NSS_BIN_DIR=$(BUILD_ROOT)/../mod_nss -endif -endif ifndef NOJAVA ALLTARGETS = pkguxClient @@ -168,7 +154,7 @@ # grab the jar files cd $(ADMIN_JARS) ; \ - cp -p admserv$(ADM_SUF).jar admserv$(ADM_SUF)_en.jar $(CLIENT_DIR)/java/jars + cp -p fedora-admserv-$(ADM_SUF).jar fedora-admserv-$(ADM_SUF)_en.jar $(CLIENT_DIR)/java/jars # # Cleanup before making distributable zip @@ -342,10 +328,10 @@ # The Apache modules, if present ifdef PKG_APACHE_MODULES - cp $(MOD_ADMSERV_LIB_DIR)/libmodadmserv.$(DLL_SUFFIX) $(ADMIN_DIR)/bin/admin/lib - cp $(MOD_RESTARTD_LIB_DIR)/libmodrestartd.$(DLL_SUFFIX) $(ADMIN_DIR)/bin/admin/lib - cp $(MOD_NSS_LIB_DIR)/libmodnss.$(DLL_SUFFIX) $(ADMIN_DIR)/bin/admin/lib - cp $(MOD_NSS_BIN_DIR)/nss_pcache $(ADMIN_DIR)/bin/admin/admin/bin + cp $(MOD_ADMSERV_LIBPATH)/libmodadmserv.$(DLL_SUFFIX) $(ADMIN_DIR)/bin/admin/lib + cp $(MOD_RESTARTD_LIBPATH)/libmodrestartd.$(DLL_SUFFIX) $(ADMIN_DIR)/bin/admin/lib + cp $(MOD_NSS_LIBPATH)/libmodnss.$(DLL_SUFFIX) $(ADMIN_DIR)/bin/admin/lib + cp $(MOD_NSS_BINPATH)/nss_pcache $(ADMIN_DIR)/bin/admin/admin/bin endif # @@ -387,7 +373,7 @@ cp -p $(SETUPUTIL_BIN)/setup.inf $(PKGTOP) -if [ -z "`egrep "\[admin\]" $(SETUPUTIL_BIN)/setup.inf`" ]; then \ components=`grep "^Components.*=" $(SETUPUTIL_BIN)/setup.inf`; \ - if [ `expr "$$components" : ".*admin"` -eq 0 ]; then \ + if [ `expr "$$components" : ".*admin"` -eq 0 ]; then \ cat $(SETUPUTIL_BIN)/setup.inf | sed -e "s/^Components.*=.*/&, admin/" > $(PKGTOP)/setup.inf; \ fi; \ echo "" >> $(PKGTOP)/setup.inf; \ From fedora-directory-commits at redhat.com Tue Mar 21 18:33:56 2006 From: fedora-directory-commits at redhat.com (Noriko Hosoi (nhosoi)) Date: Tue, 21 Mar 2006 13:33:56 -0500 Subject: [Fedora-directory-commits] adminserver/admserv/cgi-src40 Makefile, 1.8, 1.9 Message-ID: <200603211834.k2LIYQ6J002269@cvs-int.fedora.redhat.com> Author: nhosoi Update of /cvs/dirsec/adminserver/admserv/cgi-src40 In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv2140/admserv/cgi-src40 Modified Files: Makefile Log Message: [Bug 186105] Admin Server Makefile updates for Internal build . get mod_admserv, mod_restartd and mod_nss from /s/b/c (verification, for now) . updated component versions NSPR v4.6, NSS 3.11, JSS 3.7, LDAP C SDK v5.17, ICU 3.4, SetupUtil 1.0 20060307, Console 1.0 20060320, AdminUtil 1.0 20060307 Index: Makefile =================================================================== RCS file: /cvs/dirsec/adminserver/admserv/cgi-src40/Makefile,v retrieving revision 1.8 retrieving revision 1.9 diff -u -r1.8 -r1.9 --- Makefile 1 Feb 2006 23:03:57 -0000 1.8 +++ Makefile 21 Mar 2006 18:33:48 -0000 1.9 @@ -388,7 +388,7 @@ $(BINDIR)/security: security.c cd $(BINDIR); \ $(CCC) $(NONSHARED) $(CFLAGS) $(MCC_INCLUDE) -o $(BINDIR)/security \ - $(SRCDIR)/security.c -L$(NSCP_DISTDIR)/lib \ + $(SRCDIR)/security.c \ $(ADMINSERVERLINKS) $(BINDIR)/sec-activate: sec-activate.c From fedora-directory-commits at redhat.com Tue Mar 21 18:34:01 2006 From: fedora-directory-commits at redhat.com (Noriko Hosoi (nhosoi)) Date: Tue, 21 Mar 2006 13:34:01 -0500 Subject: [Fedora-directory-commits] adminserver/admserv/console build.properties, 1.10, 1.11 Message-ID: <200603211834.k2LIYWDd002272@cvs-int.fedora.redhat.com> Author: nhosoi Update of /cvs/dirsec/adminserver/admserv/console In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv2140/admserv/console Modified Files: build.properties Log Message: [Bug 186105] Admin Server Makefile updates for Internal build . get mod_admserv, mod_restartd and mod_nss from /s/b/c (verification, for now) . updated component versions NSPR v4.6, NSS 3.11, JSS 3.7, LDAP C SDK v5.17, ICU 3.4, SetupUtil 1.0 20060307, Console 1.0 20060320, AdminUtil 1.0 20060307 Index: build.properties =================================================================== RCS file: /cvs/dirsec/adminserver/admserv/console/build.properties,v retrieving revision 1.10 retrieving revision 1.11 diff -u -r1.10 -r1.11 --- build.properties 13 Feb 2006 22:13:06 -0000 1.10 +++ build.properties 21 Mar 2006 18:33:54 -0000 1.11 @@ -22,14 +22,15 @@ adminconsole.root=../.. mcc.version=1.0 -mcc.nodot.version=10 admin.core=admserv -admin.console=${admin.core}${mcc.nodot.version} +admin.brand=fedora + +admin.console=${admin.brand}-${admin.core}-${mcc.version} console.root=${adminconsole.root}/../built/release/package/java ldapjdk.jar=${adminconsole.root}/../imports/ldapjdk/ldapjdk.jar -base.jar=${console.root}/fedora-base-${mcc.version}.jar +base.jar=${console.root}/${admin.brand}-base-${mcc.version}.jar caplugin.jar=${console.root}/caplugin/default.jar -mcc.core=${console.root}/fedora-mcc-${mcc.version} -nmclf.core=${console.root}/fedora-nmclf-${mcc.version} +mcc.core=${console.root}/${admin.brand}-mcc-${mcc.version} +nmclf.core=${console.root}/${admin.brand}-nmclf-${mcc.version} From fedora-directory-commits at redhat.com Tue Mar 21 18:34:07 2006 From: fedora-directory-commits at redhat.com (Noriko Hosoi (nhosoi)) Date: Tue, 21 Mar 2006 13:34:07 -0500 Subject: [Fedora-directory-commits] adminserver/admserv/newinst/insadm insadm.rc, 1.3, 1.4 Message-ID: <200603211834.k2LIYbfP002275@cvs-int.fedora.redhat.com> Author: nhosoi Update of /cvs/dirsec/adminserver/admserv/newinst/insadm In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv2140/admserv/newinst/insadm Modified Files: insadm.rc Log Message: [Bug 186105] Admin Server Makefile updates for Internal build . get mod_admserv, mod_restartd and mod_nss from /s/b/c (verification, for now) . updated component versions NSPR v4.6, NSS 3.11, JSS 3.7, LDAP C SDK v5.17, ICU 3.4, SetupUtil 1.0 20060307, Console 1.0 20060320, AdminUtil 1.0 20060307 Index: insadm.rc =================================================================== RCS file: /cvs/dirsec/adminserver/admserv/newinst/insadm/insadm.rc,v retrieving revision 1.3 retrieving revision 1.4 diff -u -r1.3 -r1.4 --- insadm.rc 2 Mar 2005 23:31:31 -0000 1.3 +++ insadm.rc 21 Mar 2006 18:33:59 -0000 1.4 @@ -48,7 +48,7 @@ VALUE "FileDescription", "Administration Server Installation Plug-in\0" VALUE "FileVersion", "\0" VALUE "InternalName", "INSADM\0" - VALUE "LegalCopyright", "Copyright (C) 2005 Fedora Project\0" + VALUE "LegalCopyright", "Copyright (C) 2006 Fedora Project\0" VALUE "OriginalFilename", "INSADM.DLL\0" VALUE "ProductName", "Fedora Server Administration Setup\0" VALUE "ProductVersion", "1, 0, 0, 1\0" From fedora-directory-commits at redhat.com Tue Mar 21 18:34:12 2006 From: fedora-directory-commits at redhat.com (Noriko Hosoi (nhosoi)) Date: Tue, 21 Mar 2006 13:34:12 -0500 Subject: [Fedora-directory-commits] adminserver/admserv/newinst/src Makefile, 1.8, 1.9 Message-ID: <200603211834.k2LIYhIb002278@cvs-int.fedora.redhat.com> Author: nhosoi Update of /cvs/dirsec/adminserver/admserv/newinst/src In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv2140/admserv/newinst/src Modified Files: Makefile Log Message: [Bug 186105] Admin Server Makefile updates for Internal build . get mod_admserv, mod_restartd and mod_nss from /s/b/c (verification, for now) . updated component versions NSPR v4.6, NSS 3.11, JSS 3.7, LDAP C SDK v5.17, ICU 3.4, SetupUtil 1.0 20060307, Console 1.0 20060320, AdminUtil 1.0 20060307 Index: Makefile =================================================================== RCS file: /cvs/dirsec/adminserver/admserv/newinst/src/Makefile,v retrieving revision 1.8 retrieving revision 1.9 diff -u -r1.8 -r1.9 --- Makefile 1 Feb 2006 23:04:41 -0000 1.8 +++ Makefile 21 Mar 2006 18:34:05 -0000 1.9 @@ -95,8 +95,12 @@ EXTRA_LIBS+= -ld4r else ifeq ($(NSOS_RELEASE), B.11.11) - CURSES=-lHcurses - EXTRA_LIBS+= -ld4r + ifeq ($(USE_64), 1) + CURSES=-lcurses + else + CURSES=-lHcurses + EXTRA_LIBS+= -ld4r + endif else CURSES=-lcurses endif From fedora-directory-commits at redhat.com Tue Mar 21 18:33:45 2006 From: fedora-directory-commits at redhat.com (Noriko Hosoi (nhosoi)) Date: Tue, 21 Mar 2006 13:33:45 -0500 Subject: [Fedora-directory-commits] adminserver Makefile, 1.17, 1.18 buildpaths.mk, 1.7, 1.8 components.mk, 1.41, 1.42 internal_buildpaths.mk, 1.3, 1.4 nsconfig.mk, 1.25, 1.26 Message-ID: <200603211834.k2LIYjva002283@cvs-int.fedora.redhat.com> Author: nhosoi Update of /cvs/dirsec/adminserver In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv2140 Modified Files: Makefile buildpaths.mk components.mk internal_buildpaths.mk nsconfig.mk Log Message: [Bug 186105] Admin Server Makefile updates for Internal build . get mod_admserv, mod_restartd and mod_nss from /s/b/c (verification, for now) . updated component versions NSPR v4.6, NSS 3.11, JSS 3.7, LDAP C SDK v5.17, ICU 3.4, SetupUtil 1.0 20060307, Console 1.0 20060320, AdminUtil 1.0 20060307 Index: Makefile =================================================================== RCS file: /cvs/dirsec/adminserver/Makefile,v retrieving revision 1.17 retrieving revision 1.18 diff -u -r1.17 -r1.18 --- Makefile 18 Jan 2006 18:24:14 -0000 1.17 +++ Makefile 21 Mar 2006 18:33:37 -0000 1.18 @@ -77,7 +77,7 @@ if test ! -d $(NSPLATFORM_DIR); then mkdir $(NSPLATFORM_DIR); fi; $(PERL5) buildnum.pl -p $(NSPLATFORM_DIR) -nsCommon: start_time $(LIBNSPR) $(LIBSECURITY) $(LIBDBM) $(LIBLDAP) $(LIBADMINUTIL) $(LIBICU) $(SETUPUTIL) $(ADMDOC) end_time +nsCommon: start_time $(LIBNSPR) $(LIBSECURITY) $(LIBDBM) $(LIBLDAP) $(LIBADMINUTIL) $(LIBICU) $(SETUPUTIL) $(MOD_ADMSERV) $(MOD_RESTARTD) $(MOD_NSS) $(ADMDOC) end_time # # Notice that BUILD_MODULE is not supplied directly on this target. Index: buildpaths.mk =================================================================== RCS file: /cvs/dirsec/adminserver/buildpaths.mk,v retrieving revision 1.7 retrieving revision 1.8 diff -u -r1.7 -r1.8 --- buildpaths.mk 17 Feb 2006 15:04:54 -0000 1.7 +++ buildpaths.mk 21 Mar 2006 18:33:37 -0000 1.8 @@ -81,6 +81,10 @@ LDAPSDK_SOURCE_ROOT = $(MOZILLA_SOURCE_ROOT) #LDAP_ROOT = $(BUILD_ROOT)/../ldapsdk-5.16 +MOD_ADMSERV_SOURCE_ROOT = $(BUILD_ROOT)/../mod_admserv +MOD_RESTARTD_SOURCE_ROOT = $(BUILD_ROOT)/../mod_restartd +MOD_NSS_SOURCE_ROOT = $(BUILD_ROOT)/../mod_nss + ICU_SOURCE_ROOT = $(BUILD_ROOT)/../icu #ICU_BUILD_DIR = $(BUILD_ROOT)/../icu-2.4 Index: components.mk =================================================================== RCS file: /cvs/dirsec/adminserver/components.mk,v retrieving revision 1.41 retrieving revision 1.42 diff -u -r1.41 -r1.42 --- components.mk 1 Feb 2006 23:03:41 -0000 1.41 +++ components.mk 21 Mar 2006 18:33:37 -0000 1.42 @@ -37,20 +37,24 @@ #Temporary integration area components INT_NMCSDK = 1 -INT_ICU = 0 -INT_ADMINUTIL = 0 +INT_ICU = 1 +INT_ADMINUTIL = 1 INT_SETUPUTIL = 1 INT_LDAPSDK = 0 INT_ADMDOC = 0 +INT_MOD_ADMSERV = 1 +INT_MOD_RESTARTD = 1 +INT_MOD_NSS = 1 #To control external build vs. internal build BUILD_MODE = ext +ADMIN_BRAND = fedora ############################################# # NSPR Library ############################################ -NSPR_RELDATE = v4.4.1 +NSPR_RELDATE = v4.6 NSPR_NSOBJDIR=$(NSOBJDIR_NAME) @@ -106,7 +110,7 @@ # SECURITY LIBRARY ################################################ -SECURITY_RELDATE = NSS_3_9_3_RTM +SECURITY_RELDATE = NSS_3_11_RTM ifeq ($(INT_NSS), 1) BASE_NSS = $(INT_DIR)/nss/$(SECURITY_RELDATE) @@ -131,7 +135,7 @@ # ICU Library ################################################# -ICU_RELDATE = libicu_2_4/20040820 +ICU_RELDATE = libicu_3_4 ICU_ROOT = $(NSCP_COMPDIR)/libicu ICU_OBJDIR = $(NSOBJDIR_NAME) @@ -158,7 +162,7 @@ # SETUPUTIL ############################################################## -SETUPUTIL_RELDATE = 20051027 +SETUPUTIL_RELDATE = 20060307 SETUPUTIL_FILE = setuputil.tar.gz SETUPUTIL_COMPNAME = setuputil/1.0 @@ -197,7 +201,7 @@ ############################################################### ADMINUTIL_SUF = 10 -ADMINUTIL_RELDATE = 20051026 +ADMINUTIL_RELDATE = 20060307 ADMINUTIL_VERSION = $(ADMINUTIL_RELDATE) ADMINUTIL_ROOT = $(NSCP_COMPDIR)/adminutil ADMINUTIL_COMPNAME = adminutil/1.0 @@ -267,7 +271,7 @@ # LDAP C SDK Library ############################################################# -LDAP_RELDATE = v5.16 +LDAP_RELDATE = v5.17 LDAP_SUF = 50 LDAP_VERSION = $(LDAP_RELDATE) @@ -280,9 +284,84 @@ $(LIBLDAP): ifdef INTERNAL_BUILD ifneq ($(ARCH), WINNT) - $(PERL5) $(RELTOOLS)/ftp_puller.pl -method $(COMPONENT_PULL_METHOD) -objdir $(LDAPSDK_BUILD_DIR) -componentdir $(BASE_LDAPSDK) -files lib,tools,include + $(PERL5) $(RELTOOLS)/ftp_puller.pl -method $(COMPONENT_PULL_METHOD) -objdir $(LDAPSDK_BUILD_DIR) -componentdir $(BASE_LDAPSDK) -files lib,bin,include else - $(PERL5) $(RELTOOLS)/ftp_puller.pl -method FTP -objdir $(LDAPSDK_BUILD_DIR) -componentdir $(BASE_LDAPSDK) -files lib,tools,include + $(PERL5) $(RELTOOLS)/ftp_puller.pl -method FTP -objdir $(LDAPSDK_BUILD_DIR) -componentdir $(BASE_LDAPSDK) -files lib,bin,include +endif +else # INTERNAL_BUILD + @if [ ! -f $@ ]; then echo $@ does not exist - please build or download it ; exit 1 ; fi +endif + +############################################################# +# MOD_ADMSERV +############################################################# + +MOD_ADMSERV_RELDATE = 20060320 +MOD_ADMSERV_SUF = 1.0 +MOD_ADMSERV_VERSION = $(MOD_ADMSERV_RELDATE) + +ifeq ($(INT_MOD_ADMSERV), 1) +BASE_MOD_ADMSERV = $(INT_DIR)/mod_admserv/$(MOD_ADMSERV_SUF)/$(MOD_ADMSERV_VERSION)/$(NSOBJDIR_NAME) +else +BASE_MOD_ADMSERV = $(COMPONENTS_DIR)/mod_admserv/$(MOD_ADMSERV_SUF)/$(MOD_ADMSERV_VERSION)/$(NSOBJDIR_NAME) +endif + +$(MOD_ADMSERV): +ifdef INTERNAL_BUILD +ifneq ($(ARCH), WINNT) + $(PERL5) $(RELTOOLS)/ftp_puller.pl -method $(COMPONENT_PULL_METHOD) -objdir $(MOD_ADMSERV_BUILD_DIR) -componentdir $(BASE_MOD_ADMSERV) -files lib +else + $(PERL5) $(RELTOOLS)/ftp_puller.pl -method FTP -objdir $(MOD_ADMSERV_BUILD_DIR) -componentdir $(BASE_MOD_ADMSERV) -files lib +endif +else # INTERNAL_BUILD + @if [ ! -f $@ ]; then echo $@ does not exist - please build or download it ; exit 1 ; fi +endif + +############################################################# +# MOD_RESTARTD +############################################################# + +MOD_RESTARTD_RELDATE = 20060320 +MOD_RESTARTD_SUF = 1.0 +MOD_RESTARTD_VERSION = $(MOD_RESTARTD_RELDATE) + +ifeq ($(INT_MOD_RESTARTD), 1) +BASE_MOD_RESTARTD = $(INT_DIR)/mod_restartd/$(MOD_RESTARTD_SUF)/$(MOD_RESTARTD_VERSION)/$(NSOBJDIR_NAME) +else +BASE_MOD_RESTARTD = $(COMPONENTS_DIR)/mod_restartd/$(MOD_RESTARTD_SUF)/$(MOD_RESTARTD_VERSION)/$(NSOBJDIR_NAME) +endif + +$(MOD_RESTARTD): +ifdef INTERNAL_BUILD +ifneq ($(ARCH), WINNT) + $(PERL5) $(RELTOOLS)/ftp_puller.pl -method $(COMPONENT_PULL_METHOD) -objdir $(MOD_RESTARTD_BUILD_DIR) -componentdir $(BASE_MOD_RESTARTD) -files lib +else + $(PERL5) $(RELTOOLS)/ftp_puller.pl -method FTP -objdir $(MOD_RESTARTD_BUILD_DIR) -componentdir $(BASE_MOD_RESTARTD) -files lib +endif +else # INTERNAL_BUILD + @if [ ! -f $@ ]; then echo $@ does not exist - please build or download it ; exit 1 ; fi +endif + +############################################################# +# MOD_NSS +############################################################# + +MOD_NSS_RELDATE = 20060320 +MOD_NSS_SUF = 1.0 +MOD_NSS_VERSION = $(MOD_NSS_RELDATE) + +ifeq ($(INT_MOD_NSS), 1) +BASE_MOD_NSS = $(INT_DIR)/mod_nss/$(MOD_NSS_SUF)/$(MOD_NSS_VERSION)/$(NSOBJDIR_NAME) +else +BASE_MOD_NSS = $(COMPONENTS_DIR)/mod_nss/$(MOD_NSS_SUF)/$(MOD_NSS_VERSION)/$(NSOBJDIR_NAME) +endif + +$(MOD_NSS): +ifdef INTERNAL_BUILD +ifneq ($(ARCH), WINNT) + $(PERL5) $(RELTOOLS)/ftp_puller.pl -method $(COMPONENT_PULL_METHOD) -objdir $(MOD_NSS_BUILD_DIR) -componentdir $(BASE_MOD_NSS) -files lib,bin +else + $(PERL5) $(RELTOOLS)/ftp_puller.pl -method FTP -objdir $(MOD_NSS_BUILD_DIR) -componentdir $(BASE_MOD_NSS) -files lib,bin endif else # INTERNAL_BUILD @if [ ! -f $@ ]; then echo $@ does not exist - please build or download it ; exit 1 ; fi @@ -314,7 +393,7 @@ ############################################################# NMCJDK_SUF = 1.0 -NMCJDK_RELDATE = 20051027 +NMCJDK_RELDATE = 20060320 NMCJDK_COMP = console/$(NMCJDK_SUF) @@ -330,7 +409,7 @@ BASE_NMCSDK = $(FED_COMPONENTS_DIR)/$(NMCJDK_COMP)/$(NMCJDK_VERSION)/$(NSOBJDIR_NAME) endif -NMCJDK_DIR = $(BASE_NMCSDK)/java +NMCJDK_DIR = $(BASE_NMCSDK)/$(ADMIN_BRAND)-console-$(NMCJDK_SUF) # since the jar files are packaged as is, they should not be symlink'ed. NMCJDK_METHOD = FTP @@ -339,19 +418,19 @@ ifdef INTERNAL_BUILD mkdir -p $(CLASS_DEST) # grab the jar files - $(PERL5) $(RELTOOLS)/ftp_puller.pl -method $(NMCJDK_METHOD) -objdir $(CLASS_DEST) -componentdir $(NMCJDK_DIR) -files fedora-base-$(NMCJDK_SUF).jar,fedora-mcc-$(NMCJDK_SUF).jar,fedora-mcc-$(NMCJDK_SUF)_en.jar,fedora-nmclf-$(NMCJDK_SUF).jar,fedora-nmclf-$(NMCJDK_SUF)_en.jar,caplugin + $(PERL5) $(RELTOOLS)/ftp_puller.pl -method $(NMCJDK_METHOD) -objdir $(CLASS_DEST) -componentdir $(NMCJDK_DIR)/java -files $(ADMIN_BRAND)-base-$(NMCJDK_SUF).jar,$(ADMIN_BRAND)-mcc-$(NMCJDK_SUF).jar,$(ADMIN_BRAND)-mcc-$(NMCJDK_SUF)_en.jar,$(ADMIN_BRAND)-nmclf-$(NMCJDK_SUF).jar,$(ADMIN_BRAND)-nmclf-$(NMCJDK_SUF)_en.jar # grab the startconsole program - $(PERL5) $(RELTOOLS)/ftp_puller.pl -method $(NMCJDK_METHOD) -objdir $(CLASS_DEST) -componentdir $(BASE_NMCSDK) -files startconsole && chmod +x $(CLASS_DEST)/startconsole + $(PERL5) $(RELTOOLS)/ftp_puller.pl -method $(NMCJDK_METHOD) -objdir $(CLASS_DEST) -componentdir $(NMCJDK_DIR) -files startconsole && chmod +x $(CLASS_DEST)/startconsole else # INTERNAL_BUILD - @if [ ! -f $(CONSOLE_JAR_DIR)/fedora-base-1.0.jar ]; then echo The console jar files are missing from $(CONSOLE_JAR_DIR) - please build or download them ; exit 1 ; fi + @if [ ! -f $(CONSOLE_JAR_DIR)/$(ADMIN_BRAND)-base-$(NMCJDK_SUF).jar ]; then echo The console jar files are missing from $(CONSOLE_JAR_DIR) - please build or download them ; exit 1 ; fi endif ############################################################# # JSS java classes ############################################################# -JSS_SDK_VERSION = JSS_3_5_1_RTM -JSSSDK = jss3.jar +JSS_SDK_VERSION = JSS_3_7_RTM +JSSSDK = jss37.jar XPCLASS = $(JSS_JAR_NAME) ifeq ($(INT_JSS), 1) Index: internal_buildpaths.mk =================================================================== RCS file: /cvs/dirsec/adminserver/internal_buildpaths.mk,v retrieving revision 1.3 retrieving revision 1.4 diff -u -r1.3 -r1.4 --- internal_buildpaths.mk 3 Nov 2005 23:20:38 -0000 1.3 +++ internal_buildpaths.mk 21 Mar 2006 18:33:37 -0000 1.4 @@ -76,6 +76,21 @@ LDAPSDK_BUILD_DIR = $(NSCP_COMPDIR)/ldapsdk/$(NSOBJDIR_NAME) endif # LDAPSDK_SOURCE_ROOT +#MOD_ADMSERV_SOURCE_ROOT = $(BUILD_ROOT)/../mod_admserv +ifndef MOD_ADMSERV_SOURCE_ROOT +MOD_ADMSERV_BUILD_DIR = $(NSCP_COMPDIR)/mod_admserv/$(NSOBJDIR_NAME) +endif # MOD_ADMSERV_SOURCE_ROOT + +#MOD_RESTARTD_SOURCE_ROOT = $(BUILD_ROOT)/../mod_restartd +ifndef MOD_RESTARTD_SOURCE_ROOT +MOD_RESTARTD_BUILD_DIR = $(NSCP_COMPDIR)/mod_restartd/$(NSOBJDIR_NAME) +endif # MOD_RESTARTD_SOURCE_ROOT + +#MOD_NSS_SOURCE_ROOT = $(BUILD_ROOT)/../mod_nss +ifndef MOD_NSS_SOURCE_ROOT +MOD_NSS_BUILD_DIR = $(NSCP_COMPDIR)/mod_nss/$(NSOBJDIR_NAME) +endif # MOD_NSS_SOURCE_ROOT + #ICU_SOURCE_ROOT = $(BUILD_ROOT)/../icu ifndef ICU_SOURCE_ROOT ICU_BUILD_DIR = $(NSCP_COMPDIR)/libicu/$(NSOBJDIR_NAME) Index: nsconfig.mk =================================================================== RCS file: /cvs/dirsec/adminserver/nsconfig.mk,v retrieving revision 1.25 retrieving revision 1.26 diff -u -r1.25 -r1.26 --- nsconfig.mk 24 Feb 2006 22:49:20 -0000 1.25 +++ nsconfig.mk 21 Mar 2006 18:33:37 -0000 1.26 @@ -530,7 +530,7 @@ endif endif -ADM_SUF=10 +ADM_SUF=1.0 # CLEAN THIS UP @@ -728,16 +728,18 @@ # there are some platform specific versions as well FREEBL_LIBS = freebl3 ifeq ($(USE_64), 1) -ifeq ($(ARCH), SOLARIS) -FREEBL_LIBS = freebl_64fpu_3 freebl_64int_3 -endif + ifeq ($(ARCH), SOLARIS) + FREEBL_LIBS = freebl_64fpu_3 freebl_64int_3 + endif else # USE_64 -ifeq ($(ARCH), SOLARIS) -FREEBL_LIBS = freebl_32fpu_3 freebl_32int64_3 freebl_32int_3 -endif # SOLARIS -ifeq ($(ARCH), HPUX) -FREEBL_LIBS = freebl_32fpu_3 freebl_32int_3 -endif # HPUX + ifeq ($(ARCH), SOLARIS) + FREEBL_LIBS = freebl_32fpu_3 freebl_32int64_3 freebl_32int_3 + endif # SOLARIS + ifeq ($(ARCH), HPUX) + ifneq ($(NSOS_TEST1), ia64) # PA-RISC only + FREEBL_LIBS = freebl_32fpu_3 freebl_32int_3 + endif + endif # HPUX endif # USE_64 # These files are only needed at runtime, not to link with @@ -757,7 +759,7 @@ SECURITY_SOLIBS = $(addsuffix .$(DLL_SUFFIX), $(addprefix lib, $(SECURITY_LIBNAMES) $(SECURITY_EXTRA_RUNTIME_LIBNAMES))) # and the .chk files SECURITY_SOLIBS += $(addsuffix .chk, $(addprefix lib, $(SECURITY_NEED_CHK))) -SECURITYOBJNAME = $(addsuffix .so, $(addprefix lib, $(SECURITY_LIBNAMES))) +SECURITYOBJNAME = $(addsuffix .$(DLL_SUFFIX), $(addprefix lib, $(SECURITY_LIBNAMES))) LIBSECURITY = $(addprefix $(SECURITY_LIBPATH)/, $(SECURITYOBJNAME)) SECURITYLINK = -L$(SECURITY_LIBPATH) $(addprefix -l, $(SECURITY_LIBNAMES)) endif @@ -839,7 +841,7 @@ ADMINUTIL_INCLUDE = $(ADMINUTIL_SOURCE_ROOT)/built/adminutil/$(PLATFORM_DEST)/include/adminutil-$(ADMINUTIL_LIB_VERSION) else ADMINUTIL_LIBPATH = $(ADMINUTIL_BUILD_DIR)/lib - ADMINUTIL_INCLUDE = $(ADMINUTIL_BUILD_DIR)/include + ADMINUTIL_INCLUDE = $(ADMINUTIL_BUILD_DIR)/include/adminutil-$(ADMINUTIL_LIB_VERSION) endif ifeq ($(ARCH), WINNT) @@ -851,7 +853,7 @@ ADMINUTIL_LIBNAMES = admsslutil adminutil ADMINUTIL_SOLIB_NAMES = $(addsuffix $(DLL_PRESUF), $(addprefix lib, adminutil admsslutil)) ADMINUTIL_LIBS = $(addsuffix .a, $(addprefix lib, $(ADMINUTIL_LIBNAMES))) - ADMINUTIL_SOLIBS = $(addsuffix .$(DLL_SUFFIX).$(MAJOR_VERSION), $(ADMINUTIL_SOLIB_NAMES)) + ADMINUTIL_SOLIBS = $(addsuffix .$(DLL_SUFFIX).$(ADMINUTIL_LIB_VERSION), $(ADMINUTIL_SOLIB_NAMES)) ADMINUTILOBJNAME = $(ADMINUTIL_SOLIBS) LIBADMINUTIL = $(addprefix $(ADMINUTIL_LIBPATH)/, $(ADMINUTIL_SOLIBS)) ADMINUTILLINK = -L$(ADMINUTIL_LIBPATH) $(addprefix -l, $(ADMINUTIL_LIBNAMES)) @@ -869,7 +871,7 @@ else LDAPSDK_LIBPATH = $(LDAPSDK_BUILD_DIR)/lib LDAPSDK_INCLUDE = $(LDAPSDK_BUILD_DIR)/include - LDAPSDK_BINPATH = $(LDAPSDK_BUILD_DIR)/tools + LDAPSDK_BINPATH = $(LDAPSDK_BUILD_DIR)/bin endif ifeq ($(ARCH), WINNT) @@ -887,6 +889,35 @@ LIBLDAP = $(addprefix $(LDAPSDK_LIBPATH)/, $(LDAPOBJNAME)) ######################################### +# MOD_ADMSERV, RESTARTD, NSS +######################################### +ifdef MOD_ADMSERV_SOURCE_ROOT + MOD_ADMSERV_LIBPATH = $(MOD_ADMSERV_SOURCE_ROOT)/.libs +else + MOD_ADMSERV_LIBPATH = $(MOD_ADMSERV_BUILD_DIR)/lib +endif +ifdef MOD_RESTARTD_SOURCE_ROOT + MOD_RESTARTD_LIBPATH = $(MOD_RESTARTD_SOURCE_ROOT)/.libs +else + MOD_RESTARTD_LIBPATH = $(MOD_RESTARTD_BUILD_DIR)/lib +endif +ifdef MOD_NSS_SOURCE_ROOT + MOD_NSS_LIBPATH = $(MOD_NSS_SOURCE_ROOT)/.libs + MOD_NSS_BINPATH = $(MOD_NSS_SOURCE_ROOT) +else + MOD_NSS_LIBPATH = $(MOD_NSS_BUILD_DIR)/lib + MOD_NSS_BINPATH = $(MOD_NSS_BUILD_DIR)/bin +endif + +MOD_ADMSERV_LIBNAME = libmodadmserv.$(DLL_SUFFIX) +MOD_REATARTD_LIBNAME = libmodrestartd.$(DLL_SUFFIX) +MOD_NSS_LIBNAME = libmodnss.$(DLL_SUFFIX) + +MOD_ADMSERV = $(addprefix $(MOD_ADMSERV_LIBPATH)/, $(MOD_ADMSERV_LIBNAME)) +MOD_RESTARTD = $(addprefix $(MOD_RESTARTD_LIBPATH)/, $(MOD_REATARTD_LIBNAME)) +MOD_NSS = $(addprefix $(MOD_NSS_LIBPATH)/, $(MOD_NSS_LIBNAME)) + +######################################### # NMCSDK ######################################### From fedora-directory-commits at redhat.com Tue Mar 21 19:48:57 2006 From: fedora-directory-commits at redhat.com (Noriko Hosoi (nhosoi)) Date: Tue, 21 Mar 2006 14:48:57 -0500 Subject: [Fedora-directory-commits] adminserver Makefile, 1.18, 1.19 buildpaths.mk, 1.8, 1.9 components.mk, 1.42, 1.43 internal_buildpaths.mk, 1.4, 1.5 nsconfig.mk, 1.26, 1.27 Message-ID: <200603211948.k2LJmv6m004801@cvs-int.fedora.redhat.com> Author: nhosoi Update of /cvs/dirsec/adminserver In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv4776 Modified Files: Makefile buildpaths.mk components.mk internal_buildpaths.mk nsconfig.mk Log Message: [186105] Admin Server Makefile updates for Internal build . stopped pulling and packaging DBM . removed internal/external switch for AdminUtil and SetupUtil Index: Makefile =================================================================== RCS file: /cvs/dirsec/adminserver/Makefile,v retrieving revision 1.18 retrieving revision 1.19 diff -u -r1.18 -r1.19 --- Makefile 21 Mar 2006 18:33:37 -0000 1.18 +++ Makefile 21 Mar 2006 19:48:49 -0000 1.19 @@ -77,7 +77,7 @@ if test ! -d $(NSPLATFORM_DIR); then mkdir $(NSPLATFORM_DIR); fi; $(PERL5) buildnum.pl -p $(NSPLATFORM_DIR) -nsCommon: start_time $(LIBNSPR) $(LIBSECURITY) $(LIBDBM) $(LIBLDAP) $(LIBADMINUTIL) $(LIBICU) $(SETUPUTIL) $(MOD_ADMSERV) $(MOD_RESTARTD) $(MOD_NSS) $(ADMDOC) end_time +nsCommon: start_time $(LIBNSPR) $(LIBSECURITY) $(LIBLDAP) $(LIBADMINUTIL) $(LIBICU) $(SETUPUTIL) $(MOD_ADMSERV) $(MOD_RESTARTD) $(MOD_NSS) $(ADMDOC) end_time # # Notice that BUILD_MODULE is not supplied directly on this target. Index: buildpaths.mk =================================================================== RCS file: /cvs/dirsec/adminserver/buildpaths.mk,v retrieving revision 1.8 retrieving revision 1.9 diff -u -r1.8 -r1.9 --- buildpaths.mk 21 Mar 2006 18:33:37 -0000 1.8 +++ buildpaths.mk 21 Mar 2006 19:48:49 -0000 1.9 @@ -70,23 +70,16 @@ endif NSPR_SOURCE_ROOT = $(MOZILLA_SOURCE_ROOT) -#NSPR_BUILD_DIR = $(BUILD_ROOT)/../nspr-4.4.1 - -DBM_SOURCE_ROOT = $(MOZILLA_SOURCE_ROOT) -#DBM_BUILD_DIR = $(BUILD_ROOT)/../nss-3.9.3 SECURITY_SOURCE_ROOT = $(MOZILLA_SOURCE_ROOT) -#SECURITY_BUILD_DIR = $(BUILD_ROOT)/../nss-3.9.3 LDAPSDK_SOURCE_ROOT = $(MOZILLA_SOURCE_ROOT) -#LDAP_ROOT = $(BUILD_ROOT)/../ldapsdk-5.16 MOD_ADMSERV_SOURCE_ROOT = $(BUILD_ROOT)/../mod_admserv MOD_RESTARTD_SOURCE_ROOT = $(BUILD_ROOT)/../mod_restartd MOD_NSS_SOURCE_ROOT = $(BUILD_ROOT)/../mod_nss ICU_SOURCE_ROOT = $(BUILD_ROOT)/../icu -#ICU_BUILD_DIR = $(BUILD_ROOT)/../icu-2.4 ADMINUTIL_SOURCE_ROOT = $(BUILD_ROOT)/../adminutil #ADMINUTIL_BUILD_DIR = $(NSCP_DISTDIR_FULL_RTL)/adminutil Index: components.mk =================================================================== RCS file: /cvs/dirsec/adminserver/components.mk,v retrieving revision 1.42 retrieving revision 1.43 diff -u -r1.42 -r1.43 --- components.mk 21 Mar 2006 18:33:37 -0000 1.42 +++ components.mk 21 Mar 2006 19:48:49 -0000 1.43 @@ -80,31 +80,6 @@ else # INTERNAL_BUILD @if [ ! -f $@ ]; then echo $@ does not exist - please build or download it ; exit 1 ; fi endif -############################################### -# DBM Library -############################################## - -DBM_RELDATE = DBM_1_61_RTM - -ifeq ($(INT_DBM), 1) -BASE_DBM = $(INT_DIR)/dbm/$(DBM_RELDATE) -else -BASE_DBM = $(COMPONENTS_DIR)/dbm/$(DBM_RELDATE) -endif - -$(LIBDBM): -ifdef INTERNAL_BUILD -ifneq ($(ARCH), WINNT) - $(PERL5) $(RELTOOLS)/ftp_puller.pl -method $(COMPONENT_PULL_METHOD) -objdir $(NSCP_DISTDIR)/dbm -componentdir $(BASE_DBM) -files xpheader.jar -unzip $(NSCP_DISTDIR)/include - $(PERL5) $(RELTOOLS)/ftp_puller.pl -method $(COMPONENT_PULL_METHOD) -objdir $(NSCP_DISTDIR)/dbm -componentdir $(BASE_DBM)/$(NSOBJDIR_NAME) -files mdbinary.jar -unzip $(NSCP_DISTDIR) -else - $(PERL5) $(RELTOOLS)/ftp_puller.pl -method FTP -objdir $(NSCP_DISTDIR)/dbm -componentdir $(BASE_DBM) -files xpheader.jar -unzip $(NSCP_DISTDIR)/include - $(PERL5) $(RELTOOLS)/ftp_puller.pl -method FTP -objdir $(NSCP_DISTDIR)/dbm -componentdir $(BASE_DBM)/$(NSOBJDIR_NAME) -files mdbinary.jar -unzip $(NSCP_DISTDIR) -endif -else # INTERNAL_BUILD - @if [ ! -f $@ ]; then echo $@ does not exist - please build or download it ; exit 1 ; fi -endif - ################################################ # SECURITY LIBRARY @@ -170,7 +145,6 @@ SETUPUTIL_OBJDIR = $(NSOBJDIR_NAME) -ifeq ($(BUILD_MODE), int) ifeq ($(INT_SETUPUTIL), 1) #intenal & integration BASE_SETUPUTIL = $(INT_DIR)/$(SETUPUTIL_COMPNAME)/$(SETUPUTIL_RELDATE)/$(SETUPUTIL_OBJDIR) @@ -178,10 +152,6 @@ #intenal & components BASE_SETUPUTIL = $(COMPONENTS_DIR)/$(SETUPUTIL_COMPNAME)/$(SETUPUTIL_RELDATE)/$(SETUPUTIL_OBJDIR) endif -else -#fedora - BASE_SETUPUTIL = $(FED_COMPONENTS_DIR)/$(SETUPUTIL_COMPNAME)/$(SETUPUTIL_RELDATE)/$(SETUPUTIL_OBJDIR) -endif SETUPUTIL_DEST = $(SETUPUTIL_ROOT)/$(SETUPUTIL_OBJDIR) @@ -208,7 +178,6 @@ ADMINUTILOBJDIR = $(NSOBJDIR_NAME) -ifeq ($(BUILD_MODE), int) ifeq ($(INT_ADMINUTIL), 1) #intenal & integration BASE_ADMINUTIL = $(INT_DIR)/$(ADMINUTIL_COMPNAME)/$(ADMINUTIL_VERSION)/$(ADMINUTILOBJDIR) @@ -216,11 +185,6 @@ #intenal & components BASE_ADMINUTIL = $(COMPONENTS_DIR)/$(ADMINUTIL_COMPNAME)/$(ADMINUTIL_VERSION)/$(ADMINUTILOBJDIR) endif -else -#fedora - BASE_ADMINUTIL = $(FED_COMPONENTS_DIR)/$(ADMINUTIL_COMPNAME)/$(ADMINUTIL_VERSION)/$(ADMINUTILOBJDIR) -endif - $(LIBADMINUTIL): ifdef INTERNAL_BUILD Index: internal_buildpaths.mk =================================================================== RCS file: /cvs/dirsec/adminserver/internal_buildpaths.mk,v retrieving revision 1.4 retrieving revision 1.5 diff -u -r1.4 -r1.5 --- internal_buildpaths.mk 21 Mar 2006 18:33:37 -0000 1.4 +++ internal_buildpaths.mk 21 Mar 2006 19:48:49 -0000 1.5 @@ -61,11 +61,6 @@ NSPR_BUILD_DIR = $(NSCP_DISTDIR) endif # NSPR_SOURCE_ROOT -#DBM_SOURCE_ROOT = $(MOZILLA_SOURCE_ROOT) -ifndef DBM_SOURCE_ROOT -DBM_BUILD_DIR = $(NSCP_DISTDIR) -endif # DBM_SOURCE_ROOT - #SECURITY_SOURCE_ROOT = $(MOZILLA_SOURCE_ROOT) ifndef SECURITY_SOURCE_ROOT SECURITY_BUILD_DIR = $(NSCP_DISTDIR) Index: nsconfig.mk =================================================================== RCS file: /cvs/dirsec/adminserver/nsconfig.mk,v retrieving revision 1.26 retrieving revision 1.27 diff -u -r1.26 -r1.27 --- nsconfig.mk 21 Mar 2006 18:33:37 -0000 1.26 +++ nsconfig.mk 21 Mar 2006 19:48:49 -0000 1.27 @@ -541,7 +541,6 @@ # AS INCLUDE DEFDINED HERE MCC_INCLUDE=-I$(NSROOT)/include \ -I$(NSCP_DISTDIR)/include \ - -I$(DBM_INCLUDE) \ -I$(NSPR_INCLUDE) \ -I$(SECURITY_INCLUDE) \ -I$(ICU_INCLUDE) \ @@ -682,29 +681,6 @@ NSPRLINK = -L$(NSPR_LIBPATH) $(addprefix -l, $(NSPR_LIBNAMES)) endif -############################## -# DBM -############################# - -ifdef NSPR_SOURCE_ROOT - DBM_LIBPATH = $(DBM_SOURCE_ROOT)/dist/$(MOZ_OBJDIR_NAME)/lib - DBM_INCLUDE = $(DBM_SOURCE_ROOT)/dist/public/dbm -else - DBM_LIBPATH = $(DBM_BUILD_DIR)/lib - DBM_INCLUDE = $(DBM_BUILD_DIR)/include -endif -ifeq ($(ARCH), WINNT) -DBM_LIBNAMES = dbm -DBMOBJNAME = $(addsuffix .lib, $(DBM_LIBNAMES)) -LIBDBM = $(addprefix $(DBM_LIBPATH)/, $(DBMOBJNAME)) -else -DBM_LIBNAMES = dbm -DBM_SOLIBS = $(addsuffix .$(DLL_SUFFIX), $(addprefix lib, $(DBM_LIBNAMES))) -DBMROBJNAME = $(addsuffix .a, $(addprefix lib, $(DBM_LIBNAMES))) -LIBDBM = $(addprefix $(DBM_LIBPATH)/, $(DBMROBJNAME)) -DBMLINK = -L$(DBM_LIBPATH) $(addprefix -l, $(DBM_LIBNAMES)) -endif - ############################# # NSS ############################ From fedora-directory-commits at redhat.com Tue Mar 21 22:24:09 2006 From: fedora-directory-commits at redhat.com (Noriko Hosoi (nhosoi)) Date: Tue, 21 Mar 2006 17:24:09 -0500 Subject: [Fedora-directory-commits] adminserver/lib/base file.cpp,1.5,1.6 Message-ID: <200603212224.k2LMOAY3012432@cvs-int.fedora.redhat.com> Author: nhosoi Update of /cvs/dirsec/adminserver/lib/base In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv12329/lib/base Modified Files: file.cpp Log Message: [186105] Admin Server Makefile updates for Internal build javarules.mk: changed to use the appropriate version of JDKs file.cpp: changed use strerror instead of sys_errlist Index: file.cpp =================================================================== RCS file: /cvs/dirsec/adminserver/lib/base/file.cpp,v retrieving revision 1.5 retrieving revision 1.6 diff -u -r1.5 -r1.6 --- file.cpp 18 Aug 2005 19:18:27 -0000 1.5 +++ file.cpp 21 Mar 2006 22:23:50 -0000 1.6 @@ -497,14 +497,6 @@ return 0; } -#ifdef XP_UNIX -#ifdef LINUX -extern const char *const sys_errlist[]; -#else -extern char *sys_errlist[]; -#endif -#endif - #define ERRMSG_SIZE 35 #include "util.h" @@ -561,7 +553,7 @@ lmsg = system_winerr(); SetLastError(0); #else - lmsg = (char *)sys_errlist[errno]; + lmsg = strerror(errno); errno = 0; #endif } From fedora-directory-commits at redhat.com Tue Mar 21 22:23:52 2006 From: fedora-directory-commits at redhat.com (Noriko Hosoi (nhosoi)) Date: Tue, 21 Mar 2006 17:23:52 -0500 Subject: [Fedora-directory-commits] adminserver/admserv/console javarules.mk, 1.5, 1.6 Message-ID: <200603212224.k2LMOMfK012435@cvs-int.fedora.redhat.com> Author: nhosoi Update of /cvs/dirsec/adminserver/admserv/console In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv12329/admserv/console Modified Files: javarules.mk Log Message: [186105] Admin Server Makefile updates for Internal build javarules.mk: changed to use the appropriate version of JDKs file.cpp: changed use strerror instead of sys_errlist Index: javarules.mk =================================================================== RCS file: /cvs/dirsec/adminserver/admserv/console/javarules.mk,v retrieving revision 1.5 retrieving revision 1.6 diff -u -r1.5 -r1.6 --- javarules.mk 9 Sep 2005 18:46:01 -0000 1.5 +++ javarules.mk 21 Mar 2006 22:23:38 -0000 1.6 @@ -26,6 +26,10 @@ # Identify tools, directories, classpath for building the Admin # console +BUILD_ROOT=$(shell cd ../..;pwd) + +include $(BUILD_ROOT)/nsconfig.mk + # Java setup ############################################## # disable optimized builds for now until we can figure out why @@ -39,9 +43,9 @@ PATH_SEP := : ifeq ($(OS), Windows_NT) - GET_JAVA_FROM_PATH := 1 - PATH_SEP := ; - EXE_SUFFIX := .exe + GET_JAVA_FROM_PATH := 1 + PATH_SEP := ; + EXE_SUFFIX := .exe endif # For NT, assume a locally installed JDK @@ -50,42 +54,32 @@ JDKCOMP := $(shell which javac) JDKPRELIB := $(subst bin/javac$(EXE_SUFFIX),lib,$(JDKCOMP)) JDKLIB := $(addprefix $(JDKPRELIB)/,tools.jar) -else + +else # !GET_JAVA_FROM_PATH # For UNIX, use JDK and JAR files over NFS # Use NT classes.zip; doesn't matter that it was compiled on NT # -# Version 1.4.0_01 of the JDK does not seem to run well on RHEL 3.0 ifeq ($(ARCH), Linux) - JDK_VERSION=1.4.2 + JDK_BASE=ibmjdk + JDK_VERSION=1.4.2_SR3 + JDK_VERSDIR=$(JDK_VERSION)/$(NSOBJDIR_NAME) else - ifeq ($(ARCH), HPUX) - JDK_VERSION=1.4.1_05 - else - JDK_VERSION=1.4.0_01 - endif + ifeq ($(ARCH), HPUX) + JDK_BASE=hpjdk + JDK_VERSION=1.4.2_09 + JDK_VERSDIR=$(JDK_VERSION) + else + JDK_BASE=jdk + JDK_VERSION=1.4.2_10 + JDK_VERSDIR=$(JDK_VERSION)/$(NSOBJDIR_NAME) + endif endif - JDK_VERSDIR=jdk$(JDK_VERSION) - JDKLIB=/share/builds/components/jdk/$(JDK_VERSION)/$(PRETTY_ARCH)/lib/tools.jar - ifeq ($(NSOS_ARCH), IRIX) -# Get IRIX compiler from tools directory, currently 1.1.3 - JAVABINDIR=/tools/ns/bin - else - ifeq ($(ARCH), AIX) -# Get AIX compiler from tools directory, currently 1.1.2 - JAVABINDIR=/tools/ns/bin - else - ifeq ($(ARCH), OSF1) - JAVABINDIR=/share/builds/components/jdk/1.1.6beta/OSF1/bin - else -# Solaris, Linux, HP/UX and any others: - JDK_DIR=$(COMPONENTS_DIR)/jdk - JAVABINDIR=$(JDK_DIR)/$(JDK_VERSION)/$(PRETTY_ARCH)/bin - endif - endif - endif -endif + JDK_DIR=$(COMPONENTS_DIR)/$(JDK_BASE) + JDKLIB=$(JDK_DIR)/$(JDK_VERSDIR)/lib/tools.jar + JAVABINDIR=$(JDK_DIR)/$(JDK_VERSDIR)/bin +endif # GET_JAVA_FROM_PATH CLASSPATH := $(JAVA_SRC_DIR)$(PATH_SEP)$(NMCLFJARFILE)$(PATH_SEP)$(LDAPJARFILE)$(PATH_SEP)$(MCCJARFILE)$(PATH_SEP)$(JAVASSLJARFILE)$(PATH_SEP)$(BASEJARFILE)$(PATH_SEP)$(JSSJARFILE) #CLASSPATH := $(JAVA_SRC_DIR)$(PATH_SEP)$(SWINGJARFILE)$(PATH_SEP)$(NMCLFJARFILE)$(PATH_SEP)$(LDAPJARFILE)$(PATH_SEP)$(MCCJARFILE)$(PATH_SEP)$(JAVASSLJARFILE)$(PATH_SEP)$(BASEJARFILE) From fedora-directory-commits at redhat.com Wed Mar 22 17:46:18 2006 From: fedora-directory-commits at redhat.com (Noriko Hosoi (nhosoi)) Date: Wed, 22 Mar 2006 12:46:18 -0500 Subject: [Fedora-directory-commits] directoryconsole build.properties, 1.3, 1.4 build.xml, 1.4, 1.5 Message-ID: <200603221746.k2MHkIAH028377@cvs-int.fedora.redhat.com> Author: nhosoi Update of /cvs/dirsec/directoryconsole In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv28277 Modified Files: build.properties build.xml Log Message: Changed the ldapconsole package name to -ds-.jar Index: build.properties =================================================================== RCS file: /cvs/dirsec/directoryconsole/build.properties,v retrieving revision 1.3 retrieving revision 1.4 diff -u -r1.3 -r1.4 --- build.properties 13 Feb 2006 22:00:39 -0000 1.3 +++ build.properties 22 Mar 2006 17:46:10 -0000 1.4 @@ -21,6 +21,6 @@ lang=en ldapconsole.root=.. -ldapconsole.version=10 -ldapconsole.name=ds${ldapconsole.version} +ldapconsole.version=1.0 brand=fedora +ldapconsole.name=${brand}-ds-${ldapconsole.version} Index: build.xml =================================================================== RCS file: /cvs/dirsec/directoryconsole/build.xml,v retrieving revision 1.4 retrieving revision 1.5 diff -u -r1.4 -r1.5 --- build.xml 13 Feb 2006 22:00:39 -0000 1.4 +++ build.xml 22 Mar 2006 17:46:10 -0000 1.5 @@ -68,8 +68,10 @@ dest="${imports.dir}/console/${console.import}"/> + From fedora-directory-commits at redhat.com Wed Mar 22 18:51:27 2006 From: fedora-directory-commits at redhat.com (Nathan Kinder (nkinder)) Date: Wed, 22 Mar 2006 13:51:27 -0500 Subject: [Fedora-directory-commits] winsync/passwordsync/passsync syncserv.cpp, 1.12, 1.13 Message-ID: <200603221851.k2MIpRSo030796@cvs-int.fedora.redhat.com> Author: nkinder Update of /cvs/dirsec/winsync/passwordsync/passsync In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv30744/passsync Modified Files: syncserv.cpp Log Message: 186171 - Fixed memory leaks in passhook.dll Index: syncserv.cpp =================================================================== RCS file: /cvs/dirsec/winsync/passwordsync/passsync/syncserv.cpp,v retrieving revision 1.12 retrieving revision 1.13 diff -u -r1.12 -r1.13 --- syncserv.cpp 18 Mar 2006 00:36:39 -0000 1.12 +++ syncserv.cpp 22 Mar 2006 18:51:16 -0000 1.13 @@ -375,6 +375,9 @@ ldap_memfree(dn); dn = NULL; + // zero out memory used for password + SecureZeroMemory(tempPassInfo->password, strlen(tempPassInfo->password)); + // free the username and password free(tempPassInfo->username); free(tempPassInfo->password); @@ -658,6 +661,9 @@ tempPassInfo = currentPassInfo; currentPassInfo++; + // zero out memory used for password + SecureZeroMemory(tempPassInfo->password, strlen(tempPassInfo->password)); + // free the username and password free(tempPassInfo->username); free(tempPassInfo->password); From fedora-directory-commits at redhat.com Wed Mar 22 18:51:13 2006 From: fedora-directory-commits at redhat.com (Nathan Kinder (nkinder)) Date: Wed, 22 Mar 2006 13:51:13 -0500 Subject: [Fedora-directory-commits] winsync/passwordsync passhand.cpp, 1.8, 1.9 Message-ID: <200603221851.k2MIphpS030801@cvs-int.fedora.redhat.com> Author: nkinder Update of /cvs/dirsec/winsync/passwordsync In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv30744 Modified Files: passhand.cpp Log Message: 186171 - Fixed memory leaks in passhook.dll Index: passhand.cpp =================================================================== RCS file: /cvs/dirsec/winsync/passwordsync/passhand.cpp,v retrieving revision 1.8 retrieving revision 1.9 diff -u -r1.8 -r1.9 --- passhand.cpp 18 Mar 2006 00:36:33 -0000 1.8 +++ passhand.cpp 22 Mar 2006 18:51:04 -0000 1.9 @@ -200,11 +200,17 @@ int clearSet(PASS_INFO_LIST* passInfoList) { - // ToDo: zero out memory + while (!passInfoList->empty()) { + PASS_INFO& pi = passInfoList->back(); + SecureZeroMemory(pi.password, strlen(pi.password)); + free(pi.password); + free(pi.username); + passInfoList->pop_back(); + } passInfoList->clear(); - return -1; + return 0; } int encrypt(char* plainTextBuf, int plainTextLen, char* cipherTextBuf, int cipherTextLen, int* resultTextLen) From fedora-directory-commits at redhat.com Wed Mar 22 18:51:18 2006 From: fedora-directory-commits at redhat.com (Nathan Kinder (nkinder)) Date: Wed, 22 Mar 2006 13:51:18 -0500 Subject: [Fedora-directory-commits] winsync/passwordsync/passhook passhook.cpp, 1.7, 1.8 Message-ID: <200603221851.k2MIpn9V030804@cvs-int.fedora.redhat.com> Author: nkinder Update of /cvs/dirsec/winsync/passwordsync/passhook In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv30744/passhook Modified Files: passhook.cpp Log Message: 186171 - Fixed memory leaks in passhook.dll Index: passhook.cpp =================================================================== RCS file: /cvs/dirsec/winsync/passwordsync/passhook/passhook.cpp,v retrieving revision 1.7 retrieving revision 1.8 diff -u -r1.7 -r1.8 --- passhook.cpp 19 Apr 2005 22:07:43 -0000 1.7 +++ passhook.cpp 22 Mar 2006 18:51:11 -0000 1.8 @@ -50,8 +50,6 @@ NTSTATUS NTAPI PasswordChangeNotify(PUNICODE_STRING UserName, ULONG RelativeId, PUNICODE_STRING Password) { - char singleByteUsername[PASSHAND_BUF_SIZE]; - char singleBytePassword[PASSHAND_BUF_SIZE]; HANDLE passhookEventHandle = OpenEvent(EVENT_MODIFY_STATE, FALSE, PASSHAND_EVENT_NAME); PASS_INFO newPassInfo; PASS_INFO_LIST passInfoList; @@ -78,18 +76,34 @@ } RegCloseKey(regKey); - _snprintf(singleByteUsername, PASSHAND_BUF_SIZE, "%S", UserName->Buffer); - singleByteUsername[UserName->Length / 2] = '\0'; - _snprintf(singleBytePassword, PASSHAND_BUF_SIZE, "%S", Password->Buffer); - singleBytePassword[Password->Length / 2] = '\0'; + // This memory will be free'd by calling clearSet below + newPassInfo.username = (char*)malloc((UserName->Length / 2) + 1); + newPassInfo.password = (char*)malloc((Password->Length / 2) + 1); + + if (newPassInfo.username && newPassInfo.password) { + _snprintf(newPassInfo.username, (UserName->Length / 2), "%S", UserName->Buffer); + _snprintf(newPassInfo.password, (Password->Length / 2), "%S", Password->Buffer); + newPassInfo.username[UserName->Length / 2] = '\0'; + newPassInfo.password[Password->Length / 2] = '\0'; + } else { + if(outLog.is_open()) { + timeStamp(&outLog); + outLog << "failed to allocate memory for username and password" << endl; + } + free(newPassInfo.username); + free(newPassInfo.password); + goto exit; + } if(outLog.is_open()) { timeStamp(&outLog); - outLog << "user " << singleByteUsername << " password changed" << endl; - //outLog << "user " << singleByteUsername << " password changed to " << singleBytePassword << endl; + outLog << "user " << newPassInfo.username << " password changed" << endl; + //outLog << "user " << newPassInfo.username << " password changed to " << newPassInfo.password << endl; } + // loadSet allocates memory for the usernames and password. We need to be + // sure to free it by calling clearSet. if(loadSet(&passInfoList, "passhook.dat") == 0) { if(outLog.is_open()) @@ -107,10 +121,10 @@ } } - newPassInfo.username = singleByteUsername; - newPassInfo.password = singleBytePassword; + // Add the new change to the list passInfoList.push_back(newPassInfo); + // Save the list to disk if(saveSet(&passInfoList, "passhook.dat") == 0) { if(outLog.is_open()) @@ -128,6 +142,10 @@ } } + // We need to call clearSet so memory gets free'd + clearSet(&passInfoList); + +exit: if(passhookEventHandle == NULL) { if(outLog.is_open()) @@ -140,6 +158,7 @@ else { SetEvent(passhookEventHandle); + CloseHandle(passhookEventHandle); } outLog.close(); From fedora-directory-commits at redhat.com Wed Mar 22 18:53:45 2006 From: fedora-directory-commits at redhat.com (Nathan Kinder (nkinder)) Date: Wed, 22 Mar 2006 13:53:45 -0500 Subject: [Fedora-directory-commits] ldapserver/ldap/synctools/passwordsync/passsync syncserv.cpp, 1.7.2.5, 1.7.2.6 Message-ID: <200603221853.k2MIrjIK030865@cvs-int.fedora.redhat.com> Author: nkinder Update of /cvs/dirsec/ldapserver/ldap/synctools/passwordsync/passsync In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv30812/passsync Modified Files: Tag: Directory71RtmBranch syncserv.cpp Log Message: 186171 - Fixed memory leaks in passhook.dll Index: syncserv.cpp =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/synctools/passwordsync/passsync/syncserv.cpp,v retrieving revision 1.7.2.5 retrieving revision 1.7.2.6 diff -u -r1.7.2.5 -r1.7.2.6 --- syncserv.cpp 18 Mar 2006 00:32:01 -0000 1.7.2.5 +++ syncserv.cpp 22 Mar 2006 18:53:37 -0000 1.7.2.6 @@ -375,6 +375,9 @@ ldap_memfree(dn); dn = NULL; + // zero out memory used for password + SecureZeroMemory(tempPassInfo->password, strlen(tempPassInfo->password)); + // free the username and password free(tempPassInfo->username); free(tempPassInfo->password); @@ -658,6 +661,9 @@ tempPassInfo = currentPassInfo; currentPassInfo++; + // zero out memory used for password + SecureZeroMemory(tempPassInfo->password, strlen(tempPassInfo->password)); + // free the username and password free(tempPassInfo->username); free(tempPassInfo->password); From fedora-directory-commits at redhat.com Wed Mar 22 18:53:34 2006 From: fedora-directory-commits at redhat.com (Nathan Kinder (nkinder)) Date: Wed, 22 Mar 2006 13:53:34 -0500 Subject: [Fedora-directory-commits] ldapserver/ldap/synctools/passwordsync passhand.cpp, 1.7.2.1, 1.7.2.2 Message-ID: <200603221854.k2MIs4SU030871@cvs-int.fedora.redhat.com> Author: nkinder Update of /cvs/dirsec/ldapserver/ldap/synctools/passwordsync In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv30812 Modified Files: Tag: Directory71RtmBranch passhand.cpp Log Message: 186171 - Fixed memory leaks in passhook.dll Index: passhand.cpp =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/synctools/passwordsync/passhand.cpp,v retrieving revision 1.7.2.1 retrieving revision 1.7.2.2 diff -u -r1.7.2.1 -r1.7.2.2 --- passhand.cpp 18 Mar 2006 00:31:54 -0000 1.7.2.1 +++ passhand.cpp 22 Mar 2006 18:53:26 -0000 1.7.2.2 @@ -200,11 +200,17 @@ int clearSet(PASS_INFO_LIST* passInfoList) { - // ToDo: zero out memory + while (!passInfoList->empty()) { + PASS_INFO& pi = passInfoList->back(); + SecureZeroMemory(pi.password, strlen(pi.password)); + free(pi.password); + free(pi.username); + passInfoList->pop_back(); + } passInfoList->clear(); - return -1; + return 0; } int encrypt(char* plainTextBuf, int plainTextLen, char* cipherTextBuf, int cipherTextLen, int* resultTextLen) From fedora-directory-commits at redhat.com Wed Mar 22 18:53:39 2006 From: fedora-directory-commits at redhat.com (Nathan Kinder (nkinder)) Date: Wed, 22 Mar 2006 13:53:39 -0500 Subject: [Fedora-directory-commits] ldapserver/ldap/synctools/passwordsync/passhook passhook.cpp, 1.7, 1.7.2.1 Message-ID: <200603221854.k2MIsApg030874@cvs-int.fedora.redhat.com> Author: nkinder Update of /cvs/dirsec/ldapserver/ldap/synctools/passwordsync/passhook In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv30812/passhook Modified Files: Tag: Directory71RtmBranch passhook.cpp Log Message: 186171 - Fixed memory leaks in passhook.dll Index: passhook.cpp =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/synctools/passwordsync/passhook/passhook.cpp,v retrieving revision 1.7 retrieving revision 1.7.2.1 diff -u -r1.7 -r1.7.2.1 --- passhook.cpp 19 Apr 2005 22:07:43 -0000 1.7 +++ passhook.cpp 22 Mar 2006 18:53:32 -0000 1.7.2.1 @@ -50,8 +50,6 @@ NTSTATUS NTAPI PasswordChangeNotify(PUNICODE_STRING UserName, ULONG RelativeId, PUNICODE_STRING Password) { - char singleByteUsername[PASSHAND_BUF_SIZE]; - char singleBytePassword[PASSHAND_BUF_SIZE]; HANDLE passhookEventHandle = OpenEvent(EVENT_MODIFY_STATE, FALSE, PASSHAND_EVENT_NAME); PASS_INFO newPassInfo; PASS_INFO_LIST passInfoList; @@ -78,18 +76,34 @@ } RegCloseKey(regKey); - _snprintf(singleByteUsername, PASSHAND_BUF_SIZE, "%S", UserName->Buffer); - singleByteUsername[UserName->Length / 2] = '\0'; - _snprintf(singleBytePassword, PASSHAND_BUF_SIZE, "%S", Password->Buffer); - singleBytePassword[Password->Length / 2] = '\0'; + // This memory will be free'd by calling clearSet below + newPassInfo.username = (char*)malloc((UserName->Length / 2) + 1); + newPassInfo.password = (char*)malloc((Password->Length / 2) + 1); + + if (newPassInfo.username && newPassInfo.password) { + _snprintf(newPassInfo.username, (UserName->Length / 2), "%S", UserName->Buffer); + _snprintf(newPassInfo.password, (Password->Length / 2), "%S", Password->Buffer); + newPassInfo.username[UserName->Length / 2] = '\0'; + newPassInfo.password[Password->Length / 2] = '\0'; + } else { + if(outLog.is_open()) { + timeStamp(&outLog); + outLog << "failed to allocate memory for username and password" << endl; + } + free(newPassInfo.username); + free(newPassInfo.password); + goto exit; + } if(outLog.is_open()) { timeStamp(&outLog); - outLog << "user " << singleByteUsername << " password changed" << endl; - //outLog << "user " << singleByteUsername << " password changed to " << singleBytePassword << endl; + outLog << "user " << newPassInfo.username << " password changed" << endl; + //outLog << "user " << newPassInfo.username << " password changed to " << newPassInfo.password << endl; } + // loadSet allocates memory for the usernames and password. We need to be + // sure to free it by calling clearSet. if(loadSet(&passInfoList, "passhook.dat") == 0) { if(outLog.is_open()) @@ -107,10 +121,10 @@ } } - newPassInfo.username = singleByteUsername; - newPassInfo.password = singleBytePassword; + // Add the new change to the list passInfoList.push_back(newPassInfo); + // Save the list to disk if(saveSet(&passInfoList, "passhook.dat") == 0) { if(outLog.is_open()) @@ -128,6 +142,10 @@ } } + // We need to call clearSet so memory gets free'd + clearSet(&passInfoList); + +exit: if(passhookEventHandle == NULL) { if(outLog.is_open()) @@ -140,6 +158,7 @@ else { SetEvent(passhookEventHandle); + CloseHandle(passhookEventHandle); } outLog.close(); From fedora-directory-commits at redhat.com Wed Mar 22 18:55:14 2006 From: fedora-directory-commits at redhat.com (Nathan Kinder (nkinder)) Date: Wed, 22 Mar 2006 13:55:14 -0500 Subject: [Fedora-directory-commits] ldapserver component_versions.mk, 1.35.2.5, 1.35.2.6 Message-ID: <200603221855.k2MItEPM030914@cvs-int.fedora.redhat.com> Author: nkinder Update of /cvs/dirsec/ldapserver In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv30892 Modified Files: Tag: Directory71RtmBranch component_versions.mk Log Message: Pick up new ADSYNC component for bug 186171 Index: component_versions.mk =================================================================== RCS file: /cvs/dirsec/ldapserver/component_versions.mk,v retrieving revision 1.35.2.5 retrieving revision 1.35.2.6 diff -u -r1.35.2.5 -r1.35.2.6 --- component_versions.mk 18 Mar 2006 18:05:15 -0000 1.35.2.5 +++ component_versions.mk 22 Mar 2006 18:55:06 -0000 1.35.2.6 @@ -250,7 +250,7 @@ endif ifndef ADSYNC_VERSION - ADSYNC_VERSION=20060318 + ADSYNC_VERSION=20060322 endif ifndef NT4SYNC_VERSION From fedora-directory-commits at redhat.com Wed Mar 22 19:09:17 2006 From: fedora-directory-commits at redhat.com (Noriko Hosoi (nhosoi)) Date: Wed, 22 Mar 2006 14:09:17 -0500 Subject: [Fedora-directory-commits] directoryconsole build.xml,1.5,1.6 Message-ID: <200603221909.k2MJ9HBK000484@cvs-int.fedora.redhat.com> Author: nhosoi Update of /cvs/dirsec/directoryconsole In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv456 Modified Files: build.xml Log Message: Modified ant move syntax to support ant 1.6.2 Index: build.xml =================================================================== RCS file: /cvs/dirsec/directoryconsole/build.xml,v retrieving revision 1.5 retrieving revision 1.6 diff -u -r1.5 -r1.6 --- build.xml 22 Mar 2006 17:46:10 -0000 1.5 +++ build.xml 22 Mar 2006 19:09:02 -0000 1.6 @@ -70,8 +70,9 @@ - + + + From fedora-directory-commits at redhat.com Wed Mar 22 22:53:58 2006 From: fedora-directory-commits at redhat.com (Noriko Hosoi (nhosoi)) Date: Wed, 22 Mar 2006 17:53:58 -0500 Subject: [Fedora-directory-commits] adminserver/admserv pkgadmin.mk, 1.43, 1.44 Message-ID: <200603222253.k2MMrw2k009527@cvs-int.fedora.redhat.com> Author: nhosoi Update of /cvs/dirsec/adminserver/admserv In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv9510/admserv Modified Files: pkgadmin.mk Log Message: [186105] Admin Server Makefile updates for Internal build Should package symlinks of libadminutil.so.1.0 and libadmsslutil.so.1.0. Index: pkgadmin.mk =================================================================== RCS file: /cvs/dirsec/adminserver/admserv/pkgadmin.mk,v retrieving revision 1.43 retrieving revision 1.44 diff -u -r1.43 -r1.44 --- pkgadmin.mk 21 Mar 2006 18:33:43 -0000 1.43 +++ pkgadmin.mk 22 Mar 2006 22:53:48 -0000 1.44 @@ -244,7 +244,13 @@ if [ `expr $$file : ".*\.$(DLL_SUFFIX)\.[0-9]*$$"` -ne 0 ]; then \ mytmpfile=`echo $$file | sed -e "s/\(.*\)\.$(DLL_SUFFIX)\.[0-9]*$$/\1.$(DLL_SUFFIX)/"`; \ (cd $(ADMIN_DIR)/bin/admin/lib; rm -rf $$mytmpfile; ln -s $$file $$mytmpfile); \ - fi ; \ + fi ; \ + if [ `expr $$file : ".*\.$(DLL_SUFFIX)\.[0-9]*\.[0-9]*$$"` -ne 0 ]; then \ + mytmpfile=`echo $$file | sed -e "s/\(.*\)\.$(DLL_SUFFIX)\.[0-9]*\.[0-9]*$$/\1.$(DLL_SUFFIX)/"`; \ + (cd $(ADMIN_DIR)/bin/admin/lib; rm -rf $$mytmpfile; ln -s $$file $$mytmpfile); \ + mytmpfile=`echo $$file | sed -e "s/\(.*\)\.$(DLL_SUFFIX)\.\([0-9]*\)\.[0-9]*$$/\1.$(DLL_SUFFIX).\2/"`; \ + (cd $(ADMIN_DIR)/bin/admin/lib; rm -rf $$mytmpfile; ln -s $$file $$mytmpfile); \ + fi ; \ done if [ -d $(ADMINUTIL_LIBPATH)/property ] ; then \ $(MKDIR) $(ADMIN_DIR)/bin/admin/lib/property ; \ From fedora-directory-commits at redhat.com Wed Mar 22 23:47:33 2006 From: fedora-directory-commits at redhat.com (Richard Allen Megginson (rmeggins)) Date: Wed, 22 Mar 2006 18:47:33 -0500 Subject: [Fedora-directory-commits] adminutil/tests retrieveSIE.c,1.1,1.2 Message-ID: <200603222347.k2MNlXlu012053@cvs-int.fedora.redhat.com> Author: rmeggins Update of /cvs/dirsec/adminutil/tests In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv11998/adminutil/tests Modified Files: retrieveSIE.c Log Message: Bug(s) fixed: 186280 Bug Description: Close potential security vulnerabilities in CGI code Reviewed by: Noriko (Thanks!) Fix Description: The code was already pretty clean in terms of buffer access. I added some malloc return checking, used some nspr functions where applicable, removed some dead code, and fixed a couple of small memory leaks. Platforms tested: Fedora Core 5 Flag Day: no Doc impact: no QA impact: should be covered by regular nightly and manual testing New Tests integrated into TET: none Index: retrieveSIE.c =================================================================== RCS file: /cvs/dirsec/adminutil/tests/retrieveSIE.c,v retrieving revision 1.1 retrieving revision 1.2 diff -u -r1.1 -r1.2 --- retrieveSIE.c 16 Nov 2005 18:50:21 -0000 1.1 +++ retrieveSIE.c 22 Mar 2006 23:47:25 -0000 1.2 @@ -58,7 +58,8 @@ exit(1); } - sprintf(admroot, "%s/admin-serv/config", svrroot); + snprintf(admroot, len, "%s/admin-serv/config", svrroot); + admroot[len] = '\0'; /* * get the LDAP information from admin server config info From fedora-directory-commits at redhat.com Wed Mar 22 23:47:22 2006 From: fedora-directory-commits at redhat.com (Richard Allen Megginson (rmeggins)) Date: Wed, 22 Mar 2006 18:47:22 -0500 Subject: [Fedora-directory-commits] adminutil/lib/libadminutil admutil.c, 1.2, 1.3 errRpt.c, 1.1.1.1, 1.2 form_post.c, 1.1.1.1, 1.2 uginfo.c, 1.1.1.1, 1.2 Message-ID: <200603222347.k2MNlqSt012058@cvs-int.fedora.redhat.com> Author: rmeggins Update of /cvs/dirsec/adminutil/lib/libadminutil In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv11998/adminutil/lib/libadminutil Modified Files: admutil.c errRpt.c form_post.c uginfo.c Log Message: Bug(s) fixed: 186280 Bug Description: Close potential security vulnerabilities in CGI code Reviewed by: Noriko (Thanks!) Fix Description: The code was already pretty clean in terms of buffer access. I added some malloc return checking, used some nspr functions where applicable, removed some dead code, and fixed a couple of small memory leaks. Platforms tested: Fedora Core 5 Flag Day: no Doc impact: no QA impact: should be covered by regular nightly and manual testing New Tests integrated into TET: none Index: admutil.c =================================================================== RCS file: /cvs/dirsec/adminutil/lib/libadminutil/admutil.c,v retrieving revision 1.2 retrieving revision 1.3 diff -u -r1.2 -r1.3 --- admutil.c 6 Dec 2005 18:38:37 -0000 1.2 +++ admutil.c 22 Mar 2006 23:47:14 -0000 1.3 @@ -986,10 +986,21 @@ LDAPMod *newMod; newMod = (LDAPMod*)PR_Malloc(sizeof(LDAPMod)); + if (!newMod) { + return newMod; + } newMod->mod_op = mode; newMod->mod_type = PL_strdup(namep); + if (namep && !newMod->mod_type) { + deleteMod(newMod); + return NULL; + } if (values) { newMod->mod_values = admutil_strsdup(values); + if (!newMod->mod_values) { + deleteMod(newMod); + return NULL; + } } else if (mode != LDAP_MOD_ADD) { newMod->mod_values = NULL; @@ -997,7 +1008,15 @@ else { /* For LDAP_MOD_ADD attribute value must be specified */ newMod->mod_values = (char**)PR_Malloc(2*sizeof(char*)); + if (!newMod->mod_values) { + deleteMod(newMod); + return NULL; + } newMod->mod_values[0] = PL_strdup(""); + if (!newMod->mod_values[0]) { + deleteMod(newMod); + return NULL; + } newMod->mod_values[1] = NULL; } @@ -1036,7 +1055,11 @@ admUriUnescape(char *s) { char *t, *u; - + + if (!s) { + return; + } + for(t = s, u = s; *t; ++t, ++u) { if((*t == '%') && t[1] && t[2]) { *u = ((t[1] >= 'A' ? ((t[1] & 0xdf) - 'A')+10 : (t[1] - '0'))*16) + @@ -1106,6 +1129,12 @@ memset(admInfo, '\0', sizeof(AdmldapHdnl)); admInfo->configFilePath = PL_strdup(path); + if (!admInfo->configFilePath) { + PR_Free(admInfo); + *errorcode = ADMUTIL_SYSTEM_ERR; + return NULL; + } + admInfo->configInfo = configInfo; @@ -1137,6 +1166,12 @@ } admInfo->serverDirectoryURL = PL_strdup(ldapurl); + if (!admInfo->serverDirectoryURL) { + /* Error open file */ + *errorcode = ADMUTIL_SYSTEM_ERR; + destroyAdmldap((AdmldapInfo)admInfo); + return NULL; + } if (ldap_url_parse(ldapurl, &ldapInfo)) { *errorcode = ADMUTIL_SYSTEM_ERR; Index: errRpt.c =================================================================== RCS file: /cvs/dirsec/adminutil/lib/libadminutil/errRpt.c,v retrieving revision 1.1.1.1 retrieving revision 1.2 diff -u -r1.1.1.1 -r1.2 --- errRpt.c 20 Jul 2005 22:51:32 -0000 1.1.1.1 +++ errRpt.c 22 Mar 2006 23:47:14 -0000 1.2 @@ -126,12 +126,22 @@ char *verbose_err() { /* Convert to use NSPR */ - char errMsg[1024]; - int errMsgLen = 0; - - errMsgLen = PR_GetErrorText(errMsg); - if (errMsgLen) return alert_wrd_wrap(errMsg, WORD_WRAP_WIDTH, "\\n"); - else return NULL; + char *retval = NULL; + char *errMsg = NULL; + PRInt32 errMsgLen = 0; + + errMsgLen = PR_GetErrorTextLength(); + if (errMsgLen > 0) { + errMsg = PR_Malloc(errMsgLen+1); + if (errMsg) { + errMsgLen = PR_GetErrorText(errMsg); + if (errMsgLen) { + retval = alert_wrd_wrap(errMsg, WORD_WRAP_WIDTH, "\\n"); + } + PR_Free(errMsg); + } + } + return retval; } #endif /* XP_WIN32 */ Index: form_post.c =================================================================== RCS file: /cvs/dirsec/adminutil/lib/libadminutil/form_post.c,v retrieving revision 1.1.1.1 retrieving revision 1.2 diff -u -r1.1.1.1 -r1.2 --- form_post.c 20 Jul 2005 22:51:32 -0000 1.1.1.1 +++ form_post.c 22 Mar 2006 23:47:14 -0000 1.2 @@ -36,10 +36,6 @@ #define BIG_LINE 1024 #endif -#if 0 -#define SUCCESS_HTML "success.html" -#endif - static char **input; #ifdef XP_WIN32 @@ -97,27 +93,42 @@ int cl; if(!(tmp = getenv("CONTENT_LENGTH"))) { - if (admutil_i18nResource) { - rpt_err(INCORRECT_USAGE, - (char*)res_getstring(admutil_i18nResource, - DBT_formPost_Browser_err, - admutil_acceptLang), - (char*)res_getstring(admutil_i18nResource, - DBT_formPost_Browser_errDetail, - admutil_acceptLang), - NULL); - } - else { - rpt_err(INCORRECT_USAGE, - "Browser Error", - "Your browser sent no content length with a POST command. Please be sure to use a fully compliant browser.", - NULL); - } + if (admutil_i18nResource) { + rpt_err(INCORRECT_USAGE, + (char*)res_getstring(admutil_i18nResource, + DBT_formPost_Browser_err, + admutil_acceptLang), + (char*)res_getstring(admutil_i18nResource, + DBT_formPost_Browser_errDetail, + admutil_acceptLang), + NULL); + } + else { + rpt_err(INCORRECT_USAGE, + "Browser Error", + "Your browser sent no content length with a POST command. Please be sure to use a fully compliant browser.", + NULL); + } } cl = atoi(tmp); - vars = (char *)PR_Malloc(cl+1); + if (!(vars = (char *)PR_Malloc(cl+1))) { + if (admutil_i18nResource) { + rpt_err(MEMORY_ERROR, + NULL, + (char*)res_getstring(admutil_i18nResource, + DBT_formPost_PostStdinErr, + admutil_acceptLang), + NULL); + } + else { + rpt_err(MEMORY_ERROR, + NULL, + "Could not allocate enough memory to read in the POST parameters.", + NULL); + } + } if( !(fread(vars, 1, cl, in)) ) { if (admutil_i18nResource) { @@ -150,12 +161,28 @@ PR_IMPLEMENT(char **) string_to_vec(char *in) { - char **ans; + char **ans = NULL; int vars = 0; register int x = 0; char *tmp; - in = PL_strdup(in); + if (!(in = PL_strdup(in))) { + if (admutil_i18nResource) { + rpt_err(MEMORY_ERROR, + NULL, + (char*)res_getstring(admutil_i18nResource, + DBT_formPost_PostStdinErr, + admutil_acceptLang), + NULL); + } + else { + rpt_err(MEMORY_ERROR, + NULL, + "Could not allocate enough memory to read in the POST parameters.", + NULL); + } + return ans; + } while(in[x]) if(in[x++]=='=') @@ -169,11 +196,45 @@ PR_Free(in); return(ans); } - ans[x]=PL_strdup(tmp); + + if (!(ans[x]=PL_strdup(tmp))) { + if (admutil_i18nResource) { + rpt_err(MEMORY_ERROR, + NULL, + (char*)res_getstring(admutil_i18nResource, + DBT_formPost_PostStdinErr, + admutil_acceptLang), + NULL); + } + else { + rpt_err(MEMORY_ERROR, + NULL, + "Could not allocate enough memory to read in the POST parameters.", + NULL); + } + return ans; + } + form_unescape(ans[x++]); while((tmp = strtok(NULL, "&"))) { - ans[x] = PL_strdup(tmp); + if (!(ans[x] = PL_strdup(tmp))) { + if (admutil_i18nResource) { + rpt_err(MEMORY_ERROR, + NULL, + (char*)res_getstring(admutil_i18nResource, + DBT_formPost_PostStdinErr, + admutil_acceptLang), + NULL); + } + else { + rpt_err(MEMORY_ERROR, + NULL, + "Could not allocate enough memory to read in the POST parameters.", + NULL); + } + return ans; + } form_unescape(ans[x++]); } @@ -192,7 +253,24 @@ while(input[x]) { /* We want to get rid of the =, so len, len+1 */ if((!strncmp(input[x], varname, len)) && (*(input[x]+len) == '=')) { - ans = PL_strdup(input[x] + len + 1); + if (!(ans = PL_strdup(input[x] + len + 1))) { + if (admutil_i18nResource) { + rpt_err(MEMORY_ERROR, + NULL, + (char*)res_getstring(admutil_i18nResource, + DBT_formPost_PostStdinErr, + admutil_acceptLang), + NULL); + } + else { + rpt_err(MEMORY_ERROR, + NULL, + "Could not allocate enough memory to get the parameter.", + NULL); + } + return ans; + } + if(!strcmp(ans, "")) ans = NULL; break; @@ -247,7 +325,23 @@ if ((!strncmp(input[x], varname, len)) && (*(input[x]+len) == '=') && (*(input[x]+len+1))) { - ans[n] = PL_strdup(input[x] + len + 1); + if (!(ans[n] = PL_strdup(input[x] + len + 1))) { + if (admutil_i18nResource) { + rpt_err(MEMORY_ERROR, + NULL, + (char*)res_getstring(admutil_i18nResource, + DBT_formPost_PostStdinErr, + admutil_acceptLang), + NULL); + } + else { + rpt_err(MEMORY_ERROR, + NULL, + "Could not allocate enough memory to get the parameter.", + NULL); + } + return ans; + } n++; } } @@ -267,54 +361,6 @@ return NULL; } -#if 0 -/* Removed since front end is JAVA, no need to send html page back! */ -PR_IMPLEMENT(void) -return_success(char *description) -{ - char **config=get_adm_config(); - WSACleanup(); - - fprintf(stdout, "\n\n"); - } else -#endif - fprintf(stdout, "alert('Success!\\n%s');", - alert_word_wrap(description, WORD_WRAP_WIDTH, "\\n")); - fprintf(stdout, "\n"); - js_open_referer(); -#ifdef NS_MAIL - char line[BIG_LINE]; - char **config = get_adm_config(); - FILE *html=open_html_file(SUCCESS_HTML); - - WSACleanup(); - - /* Be sure headers are terminated. */ - fputs("\n", stdout); - - while(next_html_line(html, line)) { - if(parse_line(line, config)) { - if(directive_is(line, "SUCCESS_DESCRIPTION")) { - fprintf(stdout, "
Success!\n"); - fprintf(stdout, "
%s\n
", description); - } - } - } -#endif /* NS_MAIL */ - exit(0); -} -#endif /* 0 */ - - PR_IMPLEMENT(void) rm_trail_slash(char *target) Index: uginfo.c =================================================================== RCS file: /cvs/dirsec/adminutil/lib/libadminutil/uginfo.c,v retrieving revision 1.1.1.1 retrieving revision 1.2 diff -u -r1.1.1.1 -r1.2 --- uginfo.c 20 Jul 2005 22:51:32 -0000 1.1.1.1 +++ uginfo.c 22 Mar 2006 23:47:14 -0000 1.2 @@ -299,7 +299,15 @@ return 0; } - mods = (LDAPMod**)PR_Malloc(6*sizeof(LDAPMod*)); + if (!(mods = (LDAPMod**)PR_Malloc(6*sizeof(LDAPMod*)))) { + *error_code = UG_LDAP_SYSTEM_ERR; + if (oldDirectoryURL) PR_Free(oldDirectoryURL); + if (oldBindDN) PR_Free(oldBindDN); + if (oldBindPassword) PR_Free(oldBindPassword); + if (oldDirectoryInfoRef) PR_Free(oldDirectoryInfoRef); + return 0; + } + i = 0; if (directoryInfoRef) { if (oldDirectoryURL) { From fedora-directory-commits at redhat.com Wed Mar 22 23:47:27 2006 From: fedora-directory-commits at redhat.com (Richard Allen Megginson (rmeggins)) Date: Wed, 22 Mar 2006 18:47:27 -0500 Subject: [Fedora-directory-commits] adminutil/lib/libadmsslutil admsslutil.c, 1.2, 1.3 Message-ID: <200603222347.k2MNlwC2012062@cvs-int.fedora.redhat.com> Author: rmeggins Update of /cvs/dirsec/adminutil/lib/libadmsslutil In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv11998/adminutil/lib/libadmsslutil Modified Files: admsslutil.c Log Message: Bug(s) fixed: 186280 Bug Description: Close potential security vulnerabilities in CGI code Reviewed by: Noriko (Thanks!) Fix Description: The code was already pretty clean in terms of buffer access. I added some malloc return checking, used some nspr functions where applicable, removed some dead code, and fixed a couple of small memory leaks. Platforms tested: Fedora Core 5 Flag Day: no Doc impact: no QA impact: should be covered by regular nightly and manual testing New Tests integrated into TET: none Index: admsslutil.c =================================================================== RCS file: /cvs/dirsec/adminutil/lib/libadmsslutil/admsslutil.c,v retrieving revision 1.2 retrieving revision 1.3 diff -u -r1.2 -r1.3 --- admsslutil.c 6 Dec 2005 18:38:42 -0000 1.2 +++ admsslutil.c 22 Mar 2006 23:47:20 -0000 1.3 @@ -144,20 +144,12 @@ filename++; /* Skip '/' */ } - /* basename is either "-cert" or "-key" */ - base = strstr(filename, basename); + /* basename is either "-cert" or "-key" - look for last occurance */ + base = PL_strrstr(filename, basename); if (base == NULL) { return; } - /* - * Find the last occurrence of basename in filename in an unlikely - * scenario that basename (-key or -cert) appears in the prefix - */ - while (strstr(base+1, basename) != NULL) { - base = strstr(base+1, basename); - } - /* Include '-' into prefix */ prefixLen = base-filename+1; if (prefixLen > maxprefixlen) { @@ -188,6 +180,10 @@ /* PKSC11 module must be configured before NSS is initialized */ db_name = PL_strdup("internal (software) "); + if (!db_name) { + return -1; + } + PK11_ConfigurePKCS11(NULL,NULL,NULL,db_name,NULL, NULL,NULL,NULL, /*minPwdLen=*/8, /*pwdRequired=*/1); @@ -272,7 +268,11 @@ if((!certdbFile) || (!keydbFile) || (!admroot)) return -1; - return initNSS(certdbFile, keydbFile); + errCode = initNSS(certdbFile, keydbFile); + PL_Free(certdbFile); + PL_Free(keydbFile); + + return errCode; } void servssl_error(char *fmt, ...) @@ -763,66 +763,6 @@ } fclose(f); - -#ifdef NES - /* add/edit field in magnus.conf */ - modified_security = 0; - linecnt = 0; - PR_snprintf(filename, sizeof(filename), - "%s/admin-serv/config/magnus.conf", sroot); - - f = fopen(filename, "r"); - if (f==NULL) { - servssl_error("Can not open magnus.conf for reading"); - } - - while(fgets(inbuf, sizeof(inbuf), f) != NULL) { - if(lines[linecnt] != NULL) - PR_Free(lines[linecnt]); - if ((strstr(inbuf,"Security ") == inbuf) && - (security && *security != '\0')) { - /* Line starts with "Security" */ - col = strrchr(inbuf,' '); - if (col == NULL) { - servssl_error("Bad format for security field in magnus.conf"); - } - *col=0; - PR_snprintf(buf, sizeof(buf), "%s %s\n", inbuf, security); - lines[linecnt++] = PL_strdup(buf); - modified_security=1; - } - else { - lines[linecnt++] = PL_strdup(inbuf); - } - } - fclose(f); - - if ((!modified_security) && - (security && *security != '\0')) { - /* security not found - put it in */ - if(lines[linecnt] != NULL) - PR_Free(lines[linecnt]); - PR_snprintf(buf, sizeof(buf), "Security %s\n", security); - lines[linecnt++] = PL_strdup(buf); - } - - f = fopen(filename, "w"); - if (f==NULL) { - fclose(f); - servssl_error("Can not open magnus.conf for writing"); - } - - for (i=0; i < linecnt; i++) { - fprintf(f, "%s", lines[i]); - } - - fclose(f); - - for(i=0; i<50; i++) { - if(lines[i] != NULL) - PR_Free(lines[i]); - } -#endif /* NES */ } From fedora-directory-commits at redhat.com Thu Mar 23 15:59:30 2006 From: fedora-directory-commits at redhat.com (Richard Allen Megginson (rmeggins)) Date: Thu, 23 Mar 2006 10:59:30 -0500 Subject: [Fedora-directory-commits] setuputil/installer/unix/lib dialog.cc, 1.1.1.1, 1.2 ux-curse.c, 1.1.1.1, 1.2 ux-util.cc, 1.1.1.1, 1.2 ux-wrapper.cc, 1.1.1.1, 1.2 Message-ID: <200603231559.k2NFxUCV015121@cvs-int.fedora.redhat.com> Author: rmeggins Update of /cvs/dirsec/setuputil/installer/unix/lib In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv15054/setuputil/installer/unix/lib Modified Files: dialog.cc ux-curse.c ux-util.cc ux-wrapper.cc Log Message: Bug(s) fixed: 186280 Bug Description: Close potential security vulnerabilities in CGI code Reviewed by: Nathan & Noriko (Thanks!) Fix Description: Mostly cleaned up usage of sprintf. Platforms tested: Fedora Core 5 Flag Day: no Doc impact: no QA impact: should be covered by regular nightly and manual testing New Tests integrated into TET: none Index: dialog.cc =================================================================== RCS file: /cvs/dirsec/setuputil/installer/unix/lib/dialog.cc,v retrieving revision 1.1.1.1 retrieving revision 1.2 diff -u -r1.1.1.1 -r1.2 --- dialog.cc 29 Jul 2005 22:16:32 -0000 1.1.1.1 +++ dialog.cc 23 Mar 2006 15:59:22 -0000 1.2 @@ -28,6 +28,17 @@ ** HISTORY ** ** $Log$ +** Revision 1.2 2006/03/23 15:59:22 rmeggins +** Bug(s) fixed: 186280 +** Bug Description: Close potential security vulnerabilities in CGI code +** Reviewed by: Nathan & Noriko (Thanks!) +** Fix Description: Mostly cleaned up usage of sprintf. +** Platforms tested: Fedora Core 5 +** Flag Day: no +** Doc impact: no +** QA impact: should be covered by regular nightly and manual testing +** New Tests integrated into TET: none +** ** Revision 1.1.1.1 2005/07/29 22:16:32 foxworth ** Importing new setup sdk for open source project ** @@ -347,7 +358,11 @@ if (_enable8BitInput) { utf8Buf = localToUTF8(_buf); - strcpy(_buf, utf8Buf); + strncpy(_buf, utf8Buf, _bufLen); + if (!memchr(_buf, 0, _bufLen)) { /* string is not null terminated */ + _buf[0] = 0; /* erase to avoid using improperly formed utf8 */ + rc = 0; + } free(utf8Buf); } } @@ -411,12 +426,14 @@ ans = UTF8ToLocal(_defaultAns.data()); else ans = strdup((const char *) _defaultAns); - sprintf(tstr, " [%s]: ", ans); + snprintf(tstr, sizeof(tstr), " [%s]: ", ans); + tstr[sizeof(tstr)-1] = 0; free(ans); } else { - sprintf(tstr, "%c ", ':'); + snprintf(tstr, sizeof(tstr), "%c ", ':'); + tstr[sizeof(tstr)-1] = 0; _buf[0] = 0; } printw(tstr); Index: ux-curse.c =================================================================== RCS file: /cvs/dirsec/setuputil/installer/unix/lib/ux-curse.c,v retrieving revision 1.1.1.1 retrieving revision 1.2 diff -u -r1.1.1.1 -r1.2 --- ux-curse.c 29 Jul 2005 22:16:32 -0000 1.1.1.1 +++ ux-curse.c 23 Mar 2006 15:59:22 -0000 1.2 @@ -56,8 +56,9 @@ va_list arg; va_start(arg, msg); - vsprintf(errbuf, msg, arg); + vsnprintf(errbuf, sizeof(errbuf), msg, arg); va_end(arg); + errbuf[sizeof(errbuf)-1] = 0; printw(errbuf); printw("Press any key to continue.\n"); refresh(); @@ -72,8 +73,9 @@ va_list arg; va_start(arg, msg); - vsprintf(errbuf, msg, arg); + vsnprintf(errbuf, sizeof(errbuf), msg, arg); va_end(arg); + errbuf[sizeof(errbuf)-1] = 0; getyx(stdscr, y, x); Index: ux-util.cc =================================================================== RCS file: /cvs/dirsec/setuputil/installer/unix/lib/ux-util.cc,v retrieving revision 1.1.1.1 retrieving revision 1.2 diff -u -r1.1.1.1 -r1.2 --- ux-util.cc 29 Jul 2005 22:16:33 -0000 1.1.1.1 +++ ux-util.cc 23 Mar 2006 15:59:22 -0000 1.2 @@ -27,6 +27,17 @@ ** UNIX Only ** HISTORY: ** $Log$ +** Revision 1.2 2006/03/23 15:59:22 rmeggins +** Bug(s) fixed: 186280 +** Bug Description: Close potential security vulnerabilities in CGI code +** Reviewed by: Nathan & Noriko (Thanks!) +** Fix Description: Mostly cleaned up usage of sprintf. +** Platforms tested: Fedora Core 5 +** Flag Day: no +** Doc impact: no +** QA impact: should be covered by regular nightly and manual testing +** New Tests integrated into TET: none +** ** Revision 1.1.1.1 2005/07/29 22:16:33 foxworth ** Importing new setup sdk for open source project ** @@ -291,7 +302,8 @@ NSString hn; NVPair *admconf; - sprintf(tstr, "%s/%s", sroot, DEFAULT_ADMINCONF); + snprintf(tstr, sizeof(tstr), "%s/%s", sroot, DEFAULT_ADMINCONF); + tstr[sizeof(tstr)-1] = 0; admconf = new NVPair(tstr); @@ -371,7 +383,8 @@ NVPair *ssconf; NSString ssUser; - sprintf(tstr, "%s/%s", sroot, DEFAULT_SSUSERCONF); + snprintf(tstr, sizeof(tstr), "%s/%s", sroot, DEFAULT_SSUSERCONF); + tstr[sizeof(tstr)-1] = 0; ssconf = new NVPair(tstr); @@ -411,7 +424,8 @@ NVPair *ssconf; NSString ssGroup; - sprintf(tstr, "%s/%s", sroot, DEFAULT_SSUSERCONF); + snprintf(tstr, sizeof(tstr), "%s/%s", sroot, DEFAULT_SSUSERCONF); + tstr[sizeof(tstr)-1] = 0; ssconf = new NVPair(tstr); @@ -450,7 +464,8 @@ NVPair admpw; const char *pwd = NULL; - sprintf(temp, "%s/admin-serv/config/adm.conf", serverRoot); + snprintf(temp, sizeof(temp), "%s/admin-serv/config/adm.conf", serverRoot); + temp[sizeof(temp)-1] = 0; admpw.setFormat(2); admpw.read(temp); @@ -489,12 +504,13 @@ if (uname(&sysname) >= 0) { #if defined(IRIX) /* I want IRIX, not IRIX64 */ - sprintf(tstr, "%s%s", "IRIX", sysname.release); + snprintf(tstr, sizeof(tstr), "%s%s", "IRIX", sysname.release); #elif defined(SOLARIS) || defined(OSF1) || defined(HPUX) - sprintf(tstr, "%s%s", sysname.sysname, sysname.release); + snprintf(tstr, sizeof(tstr), "%s%s", sysname.sysname, sysname.release); #elif defined(AIX) - sprintf(tstr, "%s%s.%s", sysname.sysname, sysname.version, sysname.release); + snprintf(tstr, sizeof(tstr), "%s%s.%s", sysname.sysname, sysname.version, sysname.release); #endif + tstr[sizeof(tstr)-1] = 0; return tstr; } else @@ -537,6 +553,7 @@ if (!strncasecmp(line, "domain ", 7)) { sscanf(&line[7], "%s", domain); + domain[sizeof(domain)-1] = 0; dm = (domain[0] == '.' ? &domain[1] : domain); return dm; } @@ -589,7 +606,8 @@ /* Bug 624241 - sprintf() will wipe out target var first on Linux */ char hncopy[SML_BUF]; strcpy(hncopy, hn); - sprintf(hn, "%s.%s", hncopy, dn.data()); + snprintf(hn, sizeof(hn), "%s.%s", hncopy, dn.data()); + hn[sizeof(hn)-1] = 0; } /* Return whatever we ended up with. */ @@ -710,7 +728,8 @@ return 0; } - sprintf(fn, "/tmp/trychown.%ld", (long) getpid()); + snprintf(fn, sizeof(fn), "/tmp/trychown.%ld", (long) getpid()); + fn[sizeof(fn)-1] = 0; if ((fd = creat(fn, 0777)) == -1) return 0; /* Hmm. */ ret = chown(fn, pw->pw_uid, pw->pw_gid); @@ -826,7 +845,8 @@ } } - sprintf(fn, "/tmp/trychown_grp.%ld", (long) getpid()); + snprintf(fn, sizeof(fn), "/tmp/trychown_grp.%ld", (long) getpid()); + fn[sizeof(fn)-1] = 0; if ((fd = creat(fn, 0777)) == -1) { return 0; /* Hmm. */ @@ -885,11 +905,7 @@ NSString InstUtil::getSelfUserID() { -#if 0 - return cuserid(NULL); -#else return getpwuid(geteuid())->pw_name; -#endif } /********************************************************************* @@ -1066,7 +1082,8 @@ return ("/"); } - strcpy(s, path); + strncpy(s, path, sizeof(s)); + s[sizeof(s)-1] = 0; /* Strip off trailing / */ Index: ux-wrapper.cc =================================================================== RCS file: /cvs/dirsec/setuputil/installer/unix/lib/ux-wrapper.cc,v retrieving revision 1.1.1.1 retrieving revision 1.2 diff -u -r1.1.1.1 -r1.2 --- ux-wrapper.cc 29 Jul 2005 22:16:33 -0000 1.1.1.1 +++ ux-wrapper.cc 23 Mar 2006 15:59:22 -0000 1.2 @@ -29,6 +29,17 @@ ** HISTORY: ** ** $Log$ +** Revision 1.2 2006/03/23 15:59:22 rmeggins +** Bug(s) fixed: 186280 +** Bug Description: Close potential security vulnerabilities in CGI code +** Reviewed by: Nathan & Noriko (Thanks!) +** Fix Description: Mostly cleaned up usage of sprintf. +** Platforms tested: Fedora Core 5 +** Flag Day: no +** Doc impact: no +** QA impact: should be covered by regular nightly and manual testing +** New Tests integrated into TET: none +** ** Revision 1.1.1.1 2005/07/29 22:16:33 foxworth ** Importing new setup sdk for open source project ** @@ -179,12 +190,13 @@ { return; } - sprintf(buf,"[%s] %s", who, level); + snprintf(buf, sizeof(buf), "[%s] %s", who, level); va_start (arg, msg); - vsprintf(buf+strlen(buf), msg, arg); + vsnprintf(buf+strlen(buf), sizeof(buf)-strlen(buf), msg, arg); va_end(arg); + buf[sizeof(buf)-1] = 0; fputs(buf,fp); fputs("\n",fp); From fedora-directory-commits at redhat.com Thu Mar 23 15:59:19 2006 From: fedora-directory-commits at redhat.com (Richard Allen Megginson (rmeggins)) Date: Thu, 23 Mar 2006 10:59:19 -0500 Subject: [Fedora-directory-commits] setuputil/installer/lib prodinfo.cpp, 1.1.1.1, 1.2 setupapi.cpp, 1.1.1.1, 1.2 uninstall.cpp, 1.1.1.1, 1.2 Message-ID: <200603231559.k2NFxnE4015128@cvs-int.fedora.redhat.com> Author: rmeggins Update of /cvs/dirsec/setuputil/installer/lib In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv15054/setuputil/installer/lib Modified Files: prodinfo.cpp setupapi.cpp uninstall.cpp Log Message: Bug(s) fixed: 186280 Bug Description: Close potential security vulnerabilities in CGI code Reviewed by: Nathan & Noriko (Thanks!) Fix Description: Mostly cleaned up usage of sprintf. Platforms tested: Fedora Core 5 Flag Day: no Doc impact: no QA impact: should be covered by regular nightly and manual testing New Tests integrated into TET: none Index: prodinfo.cpp =================================================================== RCS file: /cvs/dirsec/setuputil/installer/lib/prodinfo.cpp,v retrieving revision 1.1.1.1 retrieving revision 1.2 diff -u -r1.1.1.1 -r1.2 --- prodinfo.cpp 29 Jul 2005 22:16:29 -0000 1.1.1.1 +++ prodinfo.cpp 23 Mar 2006 15:59:10 -0000 1.2 @@ -24,6 +24,17 @@ ** Name: prodinfo.c ** ** $Log$ +** Revision 1.2 2006/03/23 15:59:10 rmeggins +** Bug(s) fixed: 186280 +** Bug Description: Close potential security vulnerabilities in CGI code +** Reviewed by: Nathan & Noriko (Thanks!) +** Fix Description: Mostly cleaned up usage of sprintf. +** Platforms tested: Fedora Core 5 +** Flag Day: no +** Doc impact: no +** QA impact: should be covered by regular nightly and manual testing +** New Tests integrated into TET: none +** ** Revision 1.1.1.1 2005/07/29 22:16:29 foxworth ** Importing new setup sdk for open source project ** @@ -239,17 +250,19 @@ continue; } if ( buf[0] == '[' ) { /* install date */ - int n; - char tmp[BUFSIZ]; + int end = 0; for ( i = strlen( buf ) - 1 ; i-- ; ) { if ( buf[i] == ']' ) { buf[i] = '\0'; /* clean up date */ break; } } - n = sscanf (buf + 1, "%s %s %s %s %s", tmp, tmp, tmp, tmp, tmp); + /* need to know if there are at least 5 tokens in buf - end will only be set + if there are at least 5 whitespace delimited tokens in (buf+1) + */ + sscanf (buf + 1, "%*s %*s %*s %*s %*s%n", &end); - if (n == 5) + if (end) { if ( tree->when ) { break; /* this is a previous date, stop reading */ Index: setupapi.cpp =================================================================== RCS file: /cvs/dirsec/setuputil/installer/lib/setupapi.cpp,v retrieving revision 1.1.1.1 retrieving revision 1.2 diff -u -r1.1.1.1 -r1.2 --- setupapi.cpp 29 Jul 2005 22:16:30 -0000 1.1.1.1 +++ setupapi.cpp 23 Mar 2006 15:59:10 -0000 1.2 @@ -1887,10 +1887,9 @@ #else FILE *f = fopen("/etc/resolv.conf", "r"); char line[SML_BUF]; - char *domain; + char domain[SML_BUF]; char *dm; - domain = (char *) malloc(SML_BUF); /* See if there's a domain entry in their resolver configuration */ if (f) { @@ -1898,9 +1897,20 @@ { if (!strncasecmp(line, "domain ", 7)) { - sscanf(&line[7], "%s", domain); - dm = (domain[0] == '.' ? &domain[1] : domain); - return dm; + int end = 0; + int len = strlen(line); + char *begin = &line[7]; + if ((len > 8) && (line[7] == '.')) { + begin = &line[8]; + } + sscanf(begin, "%*s%n", &end); + if (end) { + fclose(f); + strncpy(domain, begin, end); + domain[end] = 0; + dm = strdup(domain); + return dm; + } } } fclose(f); @@ -1913,7 +1923,12 @@ #else getdomainname(domain, SML_BUF); #endif - dm = (domain[0] == '.' ? &domain[1] : domain); + domain[SML_BUF] = 0; + if (domain[0] == '.') { + dm = strdup(&domain[1]); + } else { + dm = strdup(domain); + } #endif return dm; Index: uninstall.cpp =================================================================== RCS file: /cvs/dirsec/setuputil/installer/lib/uninstall.cpp,v retrieving revision 1.1.1.1 retrieving revision 1.2 diff -u -r1.1.1.1 -r1.2 --- uninstall.cpp 29 Jul 2005 22:16:30 -0000 1.1.1.1 +++ uninstall.cpp 23 Mar 2006 15:59:10 -0000 1.2 @@ -28,6 +28,17 @@ ** ** HISTORY: ** $Log$ +** Revision 1.2 2006/03/23 15:59:10 rmeggins +** Bug(s) fixed: 186280 +** Bug Description: Close potential security vulnerabilities in CGI code +** Reviewed by: Nathan & Noriko (Thanks!) +** Fix Description: Mostly cleaned up usage of sprintf. +** Platforms tested: Fedora Core 5 +** Flag Day: no +** Doc impact: no +** QA impact: should be covered by regular nightly and manual testing +** New Tests integrated into TET: none +** ** Revision 1.1.1.1 2005/07/29 22:16:30 foxworth ** Importing new setup sdk for open source project ** @@ -79,7 +90,7 @@ if (moduleNickName) { - sprintf(tstr, "%s%c%s%c%s%c%s.log", + snprintf(tstr, sizeof(tstr), "%s%c%s%c%s%c%s.log", serverRoot, PATH_DELIM, "setup", @@ -90,7 +101,7 @@ } else { - sprintf(tstr, "%s%c%s%c%s%c%s.log", + snprintf(tstr, sizeof(tstr), "%s%c%s%c%s%c%s.log", serverRoot, PATH_DELIM, "setup", @@ -99,6 +110,7 @@ PATH_DELIM, packageNickName); } + tstr[sizeof(tstr)-1] = 0; fp = fopen(tstr, "a"); From fedora-directory-commits at redhat.com Thu Mar 23 15:59:24 2006 From: fedora-directory-commits at redhat.com (Richard Allen Megginson (rmeggins)) Date: Thu, 23 Mar 2006 10:59:24 -0500 Subject: [Fedora-directory-commits] setuputil/installer/unix dl-common.cc, 1.1.1.1, 1.2 dl-dnld.cc, 1.1.1.1, 1.2 dl-inst.cc, 1.1.1.1, 1.2 dl-uninst.cc, 1.1.1.1, 1.2 installer.cc, 1.3, 1.4 product.cc, 1.4, 1.5 uninstaller.cc, 1.1.1.1, 1.2 ux-setup.cc, 1.1.1.1, 1.2 Message-ID: <200603231559.k2NFxsCs015133@cvs-int.fedora.redhat.com> Author: rmeggins Update of /cvs/dirsec/setuputil/installer/unix In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv15054/setuputil/installer/unix Modified Files: dl-common.cc dl-dnld.cc dl-inst.cc dl-uninst.cc installer.cc product.cc uninstaller.cc ux-setup.cc Log Message: Bug(s) fixed: 186280 Bug Description: Close potential security vulnerabilities in CGI code Reviewed by: Nathan & Noriko (Thanks!) Fix Description: Mostly cleaned up usage of sprintf. Platforms tested: Fedora Core 5 Flag Day: no Doc impact: no QA impact: should be covered by regular nightly and manual testing New Tests integrated into TET: none Index: dl-common.cc =================================================================== RCS file: /cvs/dirsec/setuputil/installer/unix/dl-common.cc,v retrieving revision 1.1.1.1 retrieving revision 1.2 diff -u -r1.1.1.1 -r1.2 --- dl-common.cc 29 Jul 2005 22:16:30 -0000 1.1.1.1 +++ dl-common.cc 23 Mar 2006 15:59:17 -0000 1.2 @@ -28,6 +28,17 @@ ** HISTORY ** ** $Log$ +** Revision 1.2 2006/03/23 15:59:17 rmeggins +** Bug(s) fixed: 186280 +** Bug Description: Close potential security vulnerabilities in CGI code +** Reviewed by: Nathan & Noriko (Thanks!) +** Fix Description: Mostly cleaned up usage of sprintf. +** Platforms tested: Fedora Core 5 +** Flag Day: no +** Doc impact: no +** QA impact: should be covered by regular nightly and manual testing +** New Tests integrated into TET: none +** ** Revision 1.1.1.1 2005/07/29 22:16:30 foxworth ** Importing new setup sdk for open source project ** @@ -315,9 +326,10 @@ DialogInput *dl = new DialogInput; if (whatProduct != NULL) - sprintf(tstr, selectionText, whatProduct); + snprintf(tstr, sizeof(tstr), selectionText, whatProduct); else - sprintf(tstr, selectionText); + snprintf(tstr, sizeof(tstr), selectionText); + tstr[sizeof(tstr)-1] = 0; dl->setText(tstr); dl->setSetupAction(NULL); @@ -431,9 +443,10 @@ if (p->isVisible()) { if (p->numVisibleComponents() >= 1) - sprintf(tstr, " %d. %s (%d)\n", ++j, p->get(PKG_NAME), p->numVisibleComponents()); + snprintf(tstr, sizeof(tstr), " %d. %s (%d)\n", ++j, p->get(PKG_NAME), p->numVisibleComponents()); else - sprintf(tstr, " %d. %s\n", ++j, p->get(PKG_NAME)); + snprintf(tstr, sizeof(tstr), " %d. %s\n", ++j, p->get(PKG_NAME)); + tstr[sizeof(tstr)-1] = 0; text2 = text2 + tstr; @@ -525,7 +538,6 @@ char *ldapURL; const char *buf = me->input(); NSString errMsg; - char tmp[XSM_BUF]; LDAPURLDesc *ludpp; char *domain; DialogAction rc = DIALOG_NEXT; @@ -678,7 +690,8 @@ localLdapURL = UTF8ToLocal(me->manager()->getDefaultScript()->get(CONFIG_LDAP_URL)); hostPortURL = stripConfigLdapURL(localLdapURL); - sprintf(text2, " %s", (const char *)hostPortURL); + snprintf(text2, sizeof(text2), " %s", (const char *)hostPortURL); + text2[sizeof(text2)-1] = 0; free (localLdapURL); @@ -842,7 +855,6 @@ const char *ldapURL; const char *buf = me->input(); NSString errMsg; - char tmp[XSM_BUF]; LDAPURLDesc *ludpp; DialogAction rc = DIALOG_NEXT; @@ -893,7 +905,8 @@ localLdapURL = UTF8ToLocal(me->manager()->getDefaultScript()->get(UG_LDAP_URL)); - sprintf(text2, " %s", localLdapURL); + snprintf(text2, sizeof(text2), " %s", localLdapURL); + text2[sizeof(text2)-1] = 0; free (localLdapURL); Index: dl-dnld.cc =================================================================== RCS file: /cvs/dirsec/setuputil/installer/unix/dl-dnld.cc,v retrieving revision 1.1.1.1 retrieving revision 1.2 diff -u -r1.1.1.1 -r1.2 --- dl-dnld.cc 29 Jul 2005 22:16:30 -0000 1.1.1.1 +++ dl-dnld.cc 23 Mar 2006 15:59:17 -0000 1.2 @@ -28,6 +28,17 @@ ** HISTORY ** ** $Log$ +** Revision 1.2 2006/03/23 15:59:17 rmeggins +** Bug(s) fixed: 186280 +** Bug Description: Close potential security vulnerabilities in CGI code +** Reviewed by: Nathan & Noriko (Thanks!) +** Fix Description: Mostly cleaned up usage of sprintf. +** Platforms tested: Fedora Core 5 +** Flag Day: no +** Doc impact: no +** QA impact: should be covered by regular nightly and manual testing +** New Tests integrated into TET: none +** ** Revision 1.1.1.1 2005/07/29 22:16:30 foxworth ** Importing new setup sdk for open source project ** @@ -180,7 +191,8 @@ for (int i = 0; i < p->numName(); i++) { s = p->name(i); - sprintf(tstr, " %d. %s\n", i+1, s); + snprintf(tstr, sizeof(tstr), " %d. %s\n", i+1, s); + tstr[sizeof(tstr)-1] = 0; text2 = text2 + tstr; } me->setText2(text2.data()); @@ -648,7 +660,7 @@ const char *sysVersion = me->manager()->getDefaultScript()->get(SYS_VERSION); int i, j; Bool found = False; - char tmp[5]; + char tmp[20]; setupSelectionDialog(me, platformInfo); @@ -801,17 +813,18 @@ if (err == -1) { - sprintf(errMsg, "ERROR: Can't create directory %s\n", ans); + snprintf(errMsg, sizeof(errMsg), "ERROR: Can't create directory %s\n", ans); } else if (err == -2) { - sprintf(errMsg, "ERROR: %s exists and is not a directory.\n", ans); + snprintf(errMsg, sizeof(errMsg), "ERROR: %s exists and is not a directory.\n", ans); } else if (err == -3) { - sprintf(errMsg, "ERROR: Can't write to %s\n", ans); + snprintf(errMsg, sizeof(errMsg), "ERROR: Can't write to %s\n", ans); } + errMsg[sizeof(errMsg)-1] = 0; DialogAlert alert(errMsg); alert.execute(); Index: dl-inst.cc =================================================================== RCS file: /cvs/dirsec/setuputil/installer/unix/dl-inst.cc,v retrieving revision 1.1.1.1 retrieving revision 1.2 diff -u -r1.1.1.1 -r1.2 --- dl-inst.cc 29 Jul 2005 22:16:31 -0000 1.1.1.1 +++ dl-inst.cc 23 Mar 2006 15:59:17 -0000 1.2 @@ -28,6 +28,17 @@ ** HISTORY ** ** $Log$ +** Revision 1.2 2006/03/23 15:59:17 rmeggins +** Bug(s) fixed: 186280 +** Bug Description: Close potential security vulnerabilities in CGI code +** Reviewed by: Nathan & Noriko (Thanks!) +** Fix Description: Mostly cleaned up usage of sprintf. +** Platforms tested: Fedora Core 5 +** Flag Day: no +** Doc impact: no +** QA impact: should be covered by regular nightly and manual testing +** New Tests integrated into TET: none +** ** Revision 1.1.1.1 2005/07/29 22:16:31 foxworth ** Importing new setup sdk for open source project ** @@ -406,9 +417,10 @@ else if (installer->checkDiskSpace() == False) { char szMsg[2048]; - sprintf(szMsg, "Warning: not enough disk space in the path %s, you can either remove unnecessary \n" \ + snprintf(szMsg, sizeof(szMsg), "Warning: not enough disk space in the path %s, you can either remove unnecessary \n" \ "files on the destination drive and type Yes to continue, or click \n" \ "CTRL-B to go back and select less products to install\n\n", installer->getServerRoot().data()); + szMsg[sizeof(szMsg)-1] = 0; msg = szMsg; me->setText (msg); } @@ -936,7 +948,8 @@ // Ask SS Group ssGroup = me->manager()->getDefaultScript()->get(SS_GROUP); - sprintf(tmp, "%s [%s]: ", "System Group", ssGroup.data()); + snprintf(tmp, sizeof(tmp), "%s [%s]: ", "System Group", ssGroup.data()); + tmp[sizeof(tmp)-1] = 0; me->showString(tmp); if (me->getInput() == 0) Index: dl-uninst.cc =================================================================== RCS file: /cvs/dirsec/setuputil/installer/unix/dl-uninst.cc,v retrieving revision 1.1.1.1 retrieving revision 1.2 diff -u -r1.1.1.1 -r1.2 --- dl-uninst.cc 29 Jul 2005 22:16:31 -0000 1.1.1.1 +++ dl-uninst.cc 23 Mar 2006 15:59:17 -0000 1.2 @@ -28,6 +28,17 @@ ** HISTORY ** ** $Log$ +** Revision 1.2 2006/03/23 15:59:17 rmeggins +** Bug(s) fixed: 186280 +** Bug Description: Close potential security vulnerabilities in CGI code +** Reviewed by: Nathan & Noriko (Thanks!) +** Fix Description: Mostly cleaned up usage of sprintf. +** Platforms tested: Fedora Core 5 +** Flag Day: no +** Doc impact: no +** QA impact: should be covered by regular nightly and manual testing +** New Tests integrated into TET: none +** ** Revision 1.1.1.1 2005/07/29 22:16:31 foxworth ** Importing new setup sdk for open source project ** @@ -334,7 +345,8 @@ LDAPURLDesc *ludpp = NULL; ldap_url_parse ((char *) ldapURL , &ludpp); - sprintf(tmp, "ldap://%s:389/%s", ludpp->lud_host, ludpp->lud_dn); + snprintf(tmp, sizeof(tmp), "ldap://%s:389/%s", ludpp->lud_host, ludpp->lud_dn); + tmp[sizeof(tmp)-1] = 0; ldap_free_urldesc(ludpp); installInfo->set(CONFIG_LDAP_URL, tmp); @@ -402,12 +414,13 @@ if (dp && dp->get(s) && q->isSelected() == False) { // q is dependent on p and q is not selected - sprintf(tstr, + snprintf(tstr, sizeof(tstr), getResource(RES_MESSAGE_UNINST_VERIFYSELECTION1), q->get(PKG_NAME), p->get(PKG_NAME), q->get(PKG_NAME), q->get(PKG_NAME)); + tstr[sizeof(tstr)-1] = 0; DialogAlert alert(tstr); alert.execute(); Index: installer.cc =================================================================== RCS file: /cvs/dirsec/setuputil/installer/unix/installer.cc,v retrieving revision 1.3 retrieving revision 1.4 diff -u -r1.3 -r1.4 --- installer.cc 13 Dec 2005 20:58:22 -0000 1.3 +++ installer.cc 23 Mar 2006 15:59:17 -0000 1.4 @@ -27,6 +27,17 @@ ** ** HISTORY: ** $Log$ +** Revision 1.4 2006/03/23 15:59:17 rmeggins +** Bug(s) fixed: 186280 +** Bug Description: Close potential security vulnerabilities in CGI code +** Reviewed by: Nathan & Noriko (Thanks!) +** Fix Description: Mostly cleaned up usage of sprintf. +** Platforms tested: Fedora Core 5 +** Flag Day: no +** Doc impact: no +** QA impact: should be covered by regular nightly and manual testing +** New Tests integrated into TET: none +** ** Revision 1.3 2005/12/13 20:58:22 nhosoi ** [175418] Admin Server ns-update crashes if necessary attribute-value is not given ** 1) Although Admin Server's PostInstall program ns-update expects it, PostInstall @@ -2292,28 +2303,29 @@ if (err == -1) { - sprintf(errMsg, "Can't create directory %s\n", sroot); + snprintf(errMsg, sizeof(errMsg), "Can't create directory %s\n", sroot); } else if (err == -2) { - sprintf(errMsg, "%s exists and is not a directory.\n", sroot); + snprintf(errMsg, sizeof(errMsg), "%s exists and is not a directory.\n", sroot); } else if (err == -3) { - sprintf(errMsg, "Can't write to %s\n", sroot); + snprintf(errMsg, sizeof(errMsg), "Can't write to %s\n", sroot); } else if (err == -4) { - sprintf(errMsg, + snprintf(errMsg, sizeof(errMsg), getResource(RES_MESSAGE_CHECKSERVERROOT1), sroot); } else { - sprintf(errMsg, + snprintf(errMsg, sizeof(errMsg), getResource(RES_MESSAGE_CHECKSERVERROOT2), sroot); } + errMsg[sizeof(errMsg)-1] = 0; } return errMsg; } @@ -2338,7 +2350,7 @@ } else if (!p->securityChecked()) { - sprintf(errMsg, + snprintf(errMsg, sizeof(errMsg), "You are installing %s over an\n" "existing installation that is of a higher security level.\n" "Installation over an incompatible security level is not\n" @@ -2347,7 +2359,7 @@ } else { - sprintf(errMsg, + snprintf(errMsg, sizeof(errMsg), "You are installing %s over an\n" "existing installation that is incompatible.\n" "Installation over an incompatible version is not\n" @@ -2355,6 +2367,7 @@ } } } + errMsg[sizeof(errMsg)-1] = 0; return errMsg; } @@ -2387,7 +2400,7 @@ { if ((ok = checkUpdate(p)) == False) { - sprintf(errMsg, + snprintf(errMsg, sizeof(errMsg), getResource(RES_MESSAGE_CHECKCOMPONENTDEPENDENCY1), p->get(PKG_NAME)); } @@ -2411,7 +2424,7 @@ msg = getResource(RES_MESSAGE_CHECKCOMPONENTDEPENDENCY6); break; }; - sprintf(errMsg, msg, p->get(PKG_NAME)); + snprintf(errMsg, sizeof(errMsg), msg, p->get(PKG_NAME)); } } @@ -2432,7 +2445,7 @@ */ { // Not compatible - sprintf(errMsg, + snprintf(errMsg, sizeof(errMsg), getResource(RES_MESSAGE_CHECKCOMPONENTDEPENDENCY2), p->get(PKG_NAME), q ? q->get(PKG_NAME) : s.data(), @@ -2447,6 +2460,7 @@ } } + errMsg[sizeof(errMsg)-1] = 0; return errMsg; } @@ -2474,7 +2488,7 @@ { if (err == -1) { - sprintf(errMsg, "Error: Can't find component %s in the package\n", (const char *) nickname); + snprintf(errMsg, sizeof(errMsg), "Error: Can't find component %s in the package\n", (const char *) nickname); } else { @@ -2483,7 +2497,7 @@ loc2 = getUILocation(nickname); if (loc2 < loc1) { - sprintf(errMsg, + snprintf(errMsg, sizeof(errMsg), getResource(RES_MESSAGE_CHECKCOMPONENTDEPENDENCY2), p->get(PKG_NAME), nickname, @@ -2491,7 +2505,7 @@ } else { - sprintf(errMsg, + snprintf(errMsg, sizeof(errMsg), getResource(RES_MESSAGE_CHECKCOMPONENTDEPENDENCY2), p->get(PKG_NAME), nickname, @@ -2502,6 +2516,7 @@ } } + errMsg[sizeof(errMsg)-1] = 0; return errMsg; } @@ -2527,7 +2542,7 @@ { if (err == -1) { - sprintf(errMsg, "Can't find component: %s\n", (const char *) nickname); + snprintf(errMsg, sizeof(errMsg), "Can't find component: %s\n", (const char *) nickname); } else { @@ -2535,14 +2550,17 @@ loc1 = getUILocation(p->get(PKG_NICKNAME)); loc2 = getUILocation(nickname); if (loc2 < loc1) - sprintf(errMsg, "%s's prior component %s is not selected\n", p->get(PKG_NICKNAME), nickname); + snprintf(errMsg, sizeof(errMsg), + "%s's prior component %s is not selected\n", p->get(PKG_NICKNAME), nickname); else if (checkAll) - sprintf(errMsg, "%s's later component %s is not selected\n", p->get(PKG_NICKNAME), nickname); + snprintf(errMsg, sizeof(errMsg), + "%s's later component %s is not selected\n", p->get(PKG_NICKNAME), nickname); } } } } + errMsg[sizeof(errMsg)-1] = 0; return errMsg; } @@ -2604,7 +2622,7 @@ { case -1: - sprintf(errMsg, + snprintf(errMsg, sizeof(errMsg), getResource(RES_MESSAGE_VERIFYSSUSER1), ssUser); break; @@ -2612,7 +2630,7 @@ { NSString err_text(getResource(RES_MESSAGE_VERIFYSSUSER2, RES_GLOBAL_BRAND)); err_text = err_text + getResource(RES_MESSAGE_VERIFYSSUSER3); - sprintf(errMsg, err_text, ssUser); + snprintf(errMsg, sizeof(errMsg), err_text, ssUser); break; } default: @@ -2620,6 +2638,7 @@ break; } + errMsg[sizeof(errMsg)-1] = 0; return errMsg; } @@ -2634,19 +2653,19 @@ switch (err) { case -1: - sprintf(errMsg, + snprintf(errMsg, sizeof(errMsg), getResource(RES_MESSAGE_VERIFYSSGROUP1), ssUser); break; case -2: - sprintf(errMsg, + snprintf(errMsg, sizeof(errMsg), getResource(RES_MESSAGE_VERIFYSSGROUP2), ssGroup); break; case -3: - sprintf(errMsg, + snprintf(errMsg, sizeof(errMsg), getResource(RES_MESSAGE_VERIFYSSGROUP3), ssUser,ssGroup); break; @@ -2655,7 +2674,7 @@ NSString err_text(getResource(RES_MESSAGE_VERIFYSSGROUP4, RES_GLOBAL_BRAND)); err_text = err_text + getResource(RES_MESSAGE_VERIFYSSGROUP5); - sprintf(errMsg, err_text, ssUser,ssGroup); + snprintf(errMsg, sizeof(errMsg), err_text, ssUser,ssGroup); break; } default: @@ -2663,6 +2682,7 @@ break; } + errMsg[sizeof(errMsg)-1] = 0; return errMsg; } @@ -2865,7 +2885,7 @@ if (err == INVALID_ROOT) { - sprintf(errMsg, getResource(RES_MESSAGE_VERIFYINSTALLPRIVILEGE1, RES_GLOBAL_BRAND)); + snprintf(errMsg, sizeof(errMsg), getResource(RES_MESSAGE_VERIFYINSTALLPRIVILEGE1, RES_GLOBAL_BRAND)); } else if (err == INSTALL_DN_ERR) { @@ -2874,7 +2894,7 @@ NSString err_text(getResource(RES_MESSAGE_VERIFYINSTALLPRIVILEGE2, RES_GLOBAL_BRAND)); err_text = err_text + getResource(RES_MESSAGE_VERIFYINSTALLPRIVILEGE22); - sprintf(errMsg, err_text, + snprintf(errMsg, sizeof(errMsg), err_text, DEFAULT_SS_CONTAINER_RDN, DEFAULT_ROOT_DN); } else @@ -2882,14 +2902,15 @@ NSString err_text(getResource(RES_MESSAGE_VERIFYINSTALLPRIVILEGE3, RES_GLOBAL_BRAND)); err_text = err_text + getResource(RES_MESSAGE_VERIFYINSTALLPRIVILEGE32); - sprintf(errMsg, err_text, installDN); + snprintf(errMsg, sizeof(errMsg), err_text, installDN); } } else if (err != OKAY) { - sprintf(errMsg, + snprintf(errMsg, sizeof(errMsg), getResource(RES_MESSAGE_VERIFYINSTALLPRIVILEGE4), ldapUser); } + errMsg[sizeof(errMsg)-1] = 0; return errMsg; } @@ -2926,8 +2947,8 @@ if (err != OKAY) { - sprintf(errMsg, "Setup is unable to detect User Directory Informations from the Server\n"); - + snprintf(errMsg, sizeof(errMsg), "Setup is unable to detect User Directory Informations from the Server\n"); + errMsg[sizeof(errMsg)-1] = 0; } return errMsg; @@ -2950,11 +2971,12 @@ if (err != OKAY) { - sprintf(errMsg, + snprintf(errMsg, sizeof(errMsg), "The Server Configuration directory subtree appears not to be set up\n" "correctly for the installation of Netscape Server products. Please contact\n" "your directory administrator to verify that the you have write\n" "access to %s\n", installDN); + errMsg[sizeof(errMsg)-1] = 0; } return errMsg; Index: product.cc =================================================================== RCS file: /cvs/dirsec/setuputil/installer/unix/product.cc,v retrieving revision 1.4 retrieving revision 1.5 diff -u -r1.4 -r1.5 --- product.cc 23 Feb 2006 17:57:02 -0000 1.4 +++ product.cc 23 Mar 2006 15:59:17 -0000 1.5 @@ -27,6 +27,17 @@ ** ** HISTORY: ** $Log$ +** Revision 1.5 2006/03/23 15:59:17 rmeggins +** Bug(s) fixed: 186280 +** Bug Description: Close potential security vulnerabilities in CGI code +** Reviewed by: Nathan & Noriko (Thanks!) +** Fix Description: Mostly cleaned up usage of sprintf. +** Platforms tested: Fedora Core 5 +** Flag Day: no +** Doc impact: no +** QA impact: should be covered by regular nightly and manual testing +** New Tests integrated into TET: none +** ** Revision 1.4 2006/02/23 17:57:02 nkinder ** https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=182611 ** Bug(s) fixed: 182611 @@ -411,7 +422,8 @@ { char szdir[2048]; //Create an absolute path - sprintf(szdir,"%s/%s",input, dir->d_name); + snprintf(szdir,sizeof(szdir), "%s/%s",input, dir->d_name); + szdir[sizeof(szdir)-1] = 0; //Try removing the directory int i = rmdir(szdir); if (i != 0) @@ -616,7 +628,8 @@ // This is top level master configuration file init(); - sprintf(tstr, "%s/%s", sourceDir.data(), fileName); + snprintf(tstr, sizeof(tstr), "%s/%s", sourceDir.data(), fileName); + tstr[sizeof(tstr)-1] = 0; _packageInfo = new PackageInfo(tstr); if (_packageInfo->isEmpty() || (componentList = _packageInfo->getListItems(PKG_COMPONENTS)) == NULL || _packageInfo->numSections() == 0) @@ -680,7 +693,9 @@ init(); - sprintf(tstr, "%s/%s", sourceDir.data(), fileName); + snprintf(tstr, sizeof(tstr), "%s/%s", sourceDir.data(), fileName); + tstr[sizeof(tstr)-1] = 0; + _packageInfo = new PackageInfo(tstr); if (_packageInfo->isEmpty()) @@ -1277,12 +1292,14 @@ const char *sroot = info->get(SERVER_ROOT); PackageInfo *p = _packageInfo; - sprintf(prodinfo, "%s/nyr", sroot); + snprintf(prodinfo, sizeof(prodinfo), "%s/nyr", sroot); + prodinfo[sizeof(prodinfo)-1] = 0; if (nyr = fopen(prodinfo,"w")) fclose(nyr); // Create new prodinfo - sprintf(prodinfo, "%s/bin/%s/prodinfo", sroot, get(PKG_NICKNAME)); + snprintf(prodinfo, sizeof(prodinfo), "%s/bin/%s/prodinfo", sroot, get(PKG_NICKNAME)); + prodinfo[sizeof(prodinfo)-1] = 0; p->stampTime(); p->write(prodinfo); @@ -1551,6 +1568,9 @@ return errMsg; } +#define STRINGIZE(x) #x +#define MYFMT(size) "%" STRINGIZE(size) "s" + int Product::unInstall(const NSString & serverRoot) const { @@ -1583,11 +1603,12 @@ if (fp = fopen(logFile.data(), "r")) { - while (fscanf(fp, "%s", buf) != EOF) + while (fscanf(fp, MYFMT(MED_BUF), buf) != EOF) { char suffix[MED_BUF] = "\0"; char *p; + buf[sizeof(buf)-1] = 0; s = buf + serverRoot.length() + 1; p = strrchr((char *)s, '/'); @@ -1793,7 +1814,6 @@ { NSString restoreSource; NSString restoreTarget; - char buf[SML_BUF]; char **restoreList, **files; files = restoreList = package()->getListItems(PKG_RESTOREFILES); @@ -2181,11 +2201,8 @@ NSString name; const char *version = NULL; int err = 0; - char errMsg[BIG_BUF]; int position; - errMsg[0] = '\0'; - /* * Go through the product list and determine whether all dependency * are satisfied, i.e. if a product depends on one or more products Index: uninstaller.cc =================================================================== RCS file: /cvs/dirsec/setuputil/installer/unix/uninstaller.cc,v retrieving revision 1.1.1.1 retrieving revision 1.2 diff -u -r1.1.1.1 -r1.2 --- uninstaller.cc 29 Jul 2005 22:16:32 -0000 1.1.1.1 +++ uninstaller.cc 23 Mar 2006 15:59:17 -0000 1.2 @@ -27,6 +27,17 @@ ** ** HISTORY: ** $Log$ +** Revision 1.2 2006/03/23 15:59:17 rmeggins +** Bug(s) fixed: 186280 +** Bug Description: Close potential security vulnerabilities in CGI code +** Reviewed by: Nathan & Noriko (Thanks!) +** Fix Description: Mostly cleaned up usage of sprintf. +** Platforms tested: Fedora Core 5 +** Flag Day: no +** Doc impact: no +** QA impact: should be covered by regular nightly and manual testing +** New Tests integrated into TET: none +** ** Revision 1.1.1.1 2005/07/29 22:16:32 foxworth ** Importing new setup sdk for open source project ** @@ -399,7 +410,7 @@ if (_serverRoot == (char *) NULL) { - sprintf(buf, "ERROR: please specify a server root\n"); + snprintf(buf, sizeof(buf), "ERROR: please specify a server root\n"); rc = -1; } else @@ -408,17 +419,17 @@ if (InstUtil::isServerRoot(_serverRoot) == False) { - sprintf(buf, "ERROR: %s is not a server root\n", _serverRoot.data()); + snprintf(buf, sizeof(buf), "ERROR: %s is not a server root\n", _serverRoot.data()); rc = -1; } else if (_newSuiteSpot.retrieveSuiteSpot(sourceDir, infName) != 0) { - sprintf(buf,"ERROR: uninstallation database not found\n"); + snprintf(buf, sizeof(buf), "ERROR: uninstallation database not found\n"); rc = -1; } else if (_newSuiteSpot.numComponents() == 0) { - sprintf(buf, "ERROR: nothing to remove\n"); + snprintf(buf, sizeof(buf), "ERROR: nothing to remove\n"); rc = -1; } else @@ -433,6 +444,7 @@ if (rc) { + buf[sizeof(buf)-1] = 0; printf(buf); return rc; } Index: ux-setup.cc =================================================================== RCS file: /cvs/dirsec/setuputil/installer/unix/ux-setup.cc,v retrieving revision 1.1.1.1 retrieving revision 1.2 diff -u -r1.1.1.1 -r1.2 --- ux-setup.cc 29 Jul 2005 22:16:32 -0000 1.1.1.1 +++ ux-setup.cc 23 Mar 2006 15:59:17 -0000 1.2 @@ -28,6 +28,17 @@ ** HISTORY ** ** $Log$ +** Revision 1.2 2006/03/23 15:59:17 rmeggins +** Bug(s) fixed: 186280 +** Bug Description: Close potential security vulnerabilities in CGI code +** Reviewed by: Nathan & Noriko (Thanks!) +** Fix Description: Mostly cleaned up usage of sprintf. +** Platforms tested: Fedora Core 5 +** Flag Day: no +** Doc impact: no +** QA impact: should be covered by regular nightly and manual testing +** New Tests integrated into TET: none +** ** Revision 1.1.1.1 2005/07/29 22:16:32 foxworth ** Importing new setup sdk for open source project ** @@ -278,8 +289,6 @@ if (ldapURL && ldap_url_parse(ldapURL, &ludpp) == 0) { - char tmp[10]; - _installInfo->set(CONFIG_LDAP_URL, ldapURL); _installInfo->set(DS_ADMIN_DOMAIN, installDN); @@ -319,17 +328,17 @@ errMsg[0] = 0; break; case INVALID_URL: - sprintf(errMsg, "The URL \"%s\" is not of valid format.\n", localLdapURL); + snprintf(errMsg, sizeof(errMsg), "The URL \"%s\" is not of valid format.\n", localLdapURL); break; case CONN_FAILED: - sprintf(errMsg, + snprintf(errMsg, sizeof(errMsg), "Cannot connect to URL \"%s\".\n" " The server may have been down. Please fix the problem\n" " before proceeding with installation.\n", localLdapURL); break; case INVALID_DN: - sprintf(errMsg, + snprintf(errMsg, sizeof(errMsg), "setup cannot verify the base suffix as specified in\n" " \"%s\".\n" " Please check the base suffix and re-enter the URL.\n", @@ -340,6 +349,7 @@ break; } free(localLdapURL); + errMsg[sizeof(errMsg)-1] = 0; return errMsg; } @@ -359,28 +369,29 @@ switch(err) { case INVALID_INPUT: - sprintf(errMsg, getResource(RES_MESSAGE_VERIFYLDAPUSER1)); + snprintf(errMsg, sizeof(errMsg), getResource(RES_MESSAGE_VERIFYLDAPUSER1)); break; case INVALID_URL: - sprintf(errMsg, getResource(RES_MESSAGE_VERIFYLDAPUSER2), localLdapURL); + snprintf(errMsg, sizeof(errMsg), getResource(RES_MESSAGE_VERIFYLDAPUSER2), localLdapURL); break; case INVALID_AUTH: - sprintf(errMsg, getResource(RES_MESSAGE_VERIFYLDAPUSER3)); + snprintf(errMsg, sizeof(errMsg), getResource(RES_MESSAGE_VERIFYLDAPUSER3)); break; case CONN_FAILED: - sprintf(errMsg, getResource(RES_MESSAGE_VERIFYLDAPUSER4)); + snprintf(errMsg, sizeof(errMsg), getResource(RES_MESSAGE_VERIFYLDAPUSER4)); break; case INVALID_USER: - sprintf(errMsg, getResource(RES_MESSAGE_VERIFYLDAPUSER5)); + snprintf(errMsg, sizeof(errMsg), getResource(RES_MESSAGE_VERIFYLDAPUSER5)); break; default: - sprintf(errMsg, getResource(RES_MESSAGE_VERIFYLDAPUSER6)); + snprintf(errMsg, sizeof(errMsg), getResource(RES_MESSAGE_VERIFYLDAPUSER6)); break; } } free (localLdapURL); + errMsg[sizeof(errMsg)-1] = 0; return errMsg; } @@ -391,7 +402,8 @@ { char filename[200]; - sprintf(filename,"%s/%s", getenv("HOME"), ".nssetup-default"); + snprintf(filename, sizeof(filename), "%s/%s", getenv("HOME"), ".nssetup-default"); + filename[sizeof(filename)-1] = 0; _userDefault.setFormat(1); _userDefault.read(filename); } From fedora-directory-commits at redhat.com Thu Mar 23 20:45:45 2006 From: fedora-directory-commits at redhat.com (Richard Allen Megginson (rmeggins)) Date: Thu, 23 Mar 2006 15:45:45 -0500 Subject: [Fedora-directory-commits] setuputil/installer/include nsdefs.h, 1.1.1.1, 1.2 Message-ID: <200603232045.k2NKjjU5028602@cvs-int.fedora.redhat.com> Author: rmeggins Update of /cvs/dirsec/setuputil/installer/include In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv28529/setuputil/installer/include Modified Files: nsdefs.h Log Message: Use instead of on those platforms that support it. With this fix, we don't get the deprecation warnings when building setuputil. This has been tested on various linux, Solaris 9 with old and new forte, and on HPUX IPF. Thanks to Nathan and Noriko for the reviews. Index: nsdefs.h =================================================================== RCS file: /cvs/dirsec/setuputil/installer/include/nsdefs.h,v retrieving revision 1.1.1.1 retrieving revision 1.2 diff -u -r1.1.1.1 -r1.2 --- nsdefs.h 29 Jul 2005 22:16:28 -0000 1.1.1.1 +++ nsdefs.h 23 Mar 2006 20:45:37 -0000 1.2 @@ -30,6 +30,12 @@ ** HISTORY ** ** $Log$ +** Revision 1.2 2006/03/23 20:45:37 rmeggins +** Use instead of on those platforms that support it. +** With this fix, we don't get the deprecation warnings when building setuputil. +** This has been tested on various linux, Solaris 9 with old and new forte, and on HPUX IPF. +** Thanks to Nathan and Noriko for the reviews. +** ** Revision 1.1.1.1 2005/07/29 22:16:28 foxworth ** Importing new setup sdk for open source project ** @@ -153,7 +159,11 @@ ** Includes ** **********************************************************************/ -#include +#if !defined(HPUX) || defined(_HP_NAMESPACE_STD) +#include +#else +#include /* use old name on older systems */ +#endif #ifdef XP_WIN32 #include From fedora-directory-commits at redhat.com Thu Mar 23 20:45:39 2006 From: fedora-directory-commits at redhat.com (Richard Allen Megginson (rmeggins)) Date: Thu, 23 Mar 2006 15:45:39 -0500 Subject: [Fedora-directory-commits] setuputil nsconfig.mk,1.8,1.9 Message-ID: <200603232046.k2NKk9cZ028607@cvs-int.fedora.redhat.com> Author: rmeggins Update of /cvs/dirsec/setuputil In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv28529/setuputil Modified Files: nsconfig.mk Log Message: Use instead of on those platforms that support it. With this fix, we don't get the deprecation warnings when building setuputil. This has been tested on various linux, Solaris 9 with old and new forte, and on HPUX IPF. Thanks to Nathan and Noriko for the reviews. Index: nsconfig.mk =================================================================== RCS file: /cvs/dirsec/setuputil/nsconfig.mk,v retrieving revision 1.8 retrieving revision 1.9 diff -u -r1.8 -r1.9 --- nsconfig.mk 23 Feb 2006 21:47:45 -0000 1.8 +++ nsconfig.mk 23 Mar 2006 20:45:31 -0000 1.9 @@ -220,15 +220,14 @@ ifdef MODERNHP CC=cc -Ae +ESlit CXX=aCC +ARCH_CFLAGS=-AA # the default on ipf, but also use it elsewhere ifeq ($(NSOS_RELEASE), B.11.23) - ARCH_CFLAGS=-AA ifeq ($(USE_64), 1) BIT_SWITCH=+DD64 else BIT_SWITCH=+DD32 endif else # 11.11 or earlier - ARCH_CFLAGS= ifeq ($(USE_64), 1) BIT_SWITCH=+DA2.0W +DS2.0 else From fedora-directory-commits at redhat.com Fri Mar 24 00:53:05 2006 From: fedora-directory-commits at redhat.com (Noriko Hosoi (nhosoi)) Date: Thu, 23 Mar 2006 19:53:05 -0500 Subject: [Fedora-directory-commits] directoryconsole/src/com/netscape/admin/dirserv about.properties, 1.2, 1.3 dirserv.properties, 1.3, 1.4 Message-ID: <200603240053.k2O0r5JL005634@cvs-int.fedora.redhat.com> Author: nhosoi Update of /cvs/dirsec/directoryconsole/src/com/netscape/admin/dirserv In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv5599/src/com/netscape/admin/dirserv Modified Files: about.properties dirserv.properties Log Message: [186105] Admin Server Makefile updates for Internal build Comment #13 . changed to include the patch number in the jar file name . changed to create a symlink: redhat-ds-7.2.jar pointing redhat-ds-7.2.0.jar Index: about.properties =================================================================== RCS file: /cvs/dirsec/directoryconsole/src/com/netscape/admin/dirserv/about.properties,v retrieving revision 1.2 retrieving revision 1.3 diff -u -r1.2 -r1.3 --- about.properties 28 Oct 2005 18:01:34 -0000 1.2 +++ about.properties 24 Mar 2006 00:52:57 -0000 1.3 @@ -19,7 +19,7 @@ # # Strings and logos used by the DSAboutDialog -aboutDialog-dialogTitle=Fedora Directory Server 1.0 +aboutDialog-dialogTitle=Fedora Directory Server 1.0.2 aboutDialog-productLogo=com/netscape/management/client/images/logo32.gif aboutDialog-productCopyright=Copyright (C) 2001 Sun Microsystems, Inc. Used by permission.\nCopyright (C) 2005 Red Hat, Inc.\nAll rights reserved. aboutDialog-productLicense=Fedora is a trademark of Red Hat, Inc. in the United States and other countries and is used by permission. Index: dirserv.properties =================================================================== RCS file: /cvs/dirsec/directoryconsole/src/com/netscape/admin/dirserv/dirserv.properties,v retrieving revision 1.3 retrieving revision 1.4 diff -u -r1.3 -r1.4 --- dirserv.properties 15 Feb 2006 23:00:50 -0000 1.3 +++ dirserv.properties 24 Mar 2006 00:52:57 -0000 1.4 @@ -164,9 +164,9 @@ # dialog-configtitle=Fedora Directory Server dsAdmin-title=Fedora Directory Server -dsAdmin-version=Version 1.0 +dsAdmin-version=Version 1.0.2 dsAdmin-nsServerPort=Port -dsAdmin-framework-description=Fedora Directory Server Console 1.0 +dsAdmin-framework-description=Fedora Directory Server Console 1.0.2 dsAdmin-remove-server-cgi-failed=ds_remove failure # From fedora-directory-commits at redhat.com Fri Mar 24 00:52:59 2006 From: fedora-directory-commits at redhat.com (Noriko Hosoi (nhosoi)) Date: Thu, 23 Mar 2006 19:52:59 -0500 Subject: [Fedora-directory-commits] directoryconsole build.properties, 1.4, 1.5 build.xml, 1.6, 1.7 Message-ID: <200603240053.k2O0rTTD005640@cvs-int.fedora.redhat.com> Author: nhosoi Update of /cvs/dirsec/directoryconsole In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv5599 Modified Files: build.properties build.xml Log Message: [186105] Admin Server Makefile updates for Internal build Comment #13 . changed to include the patch number in the jar file name . changed to create a symlink: redhat-ds-7.2.jar pointing redhat-ds-7.2.0.jar Index: build.properties =================================================================== RCS file: /cvs/dirsec/directoryconsole/build.properties,v retrieving revision 1.4 retrieving revision 1.5 diff -u -r1.4 -r1.5 --- build.properties 22 Mar 2006 17:46:10 -0000 1.4 +++ build.properties 24 Mar 2006 00:52:50 -0000 1.5 @@ -21,6 +21,8 @@ lang=en ldapconsole.root=.. -ldapconsole.version=1.0 +ldapconsole.version=1.0.2 +ldapconsole.gen.version=1.0 brand=fedora ldapconsole.name=${brand}-ds-${ldapconsole.version} +ldapconsole.gen.name=${brand}-ds-${ldapconsole.gen.version} Index: build.xml =================================================================== RCS file: /cvs/dirsec/directoryconsole/build.xml,v retrieving revision 1.6 retrieving revision 1.7 diff -u -r1.6 -r1.7 --- build.xml 22 Mar 2006 19:09:02 -0000 1.6 +++ build.xml 24 Mar 2006 00:52:51 -0000 1.7 @@ -149,6 +149,12 @@ + + + + + + From fedora-directory-commits at redhat.com Fri Mar 24 01:04:48 2006 From: fedora-directory-commits at redhat.com (Noriko Hosoi (nhosoi)) Date: Thu, 23 Mar 2006 20:04:48 -0500 Subject: [Fedora-directory-commits] console/src/com/netscape/management/client/topology/customview ViewSelectorComponent.java, 1.1.1.1, 1.2 Message-ID: <200603240105.k2O15IvF007726@cvs-int.fedora.redhat.com> Author: nhosoi Update of /cvs/dirsec/console/src/com/netscape/management/client/topology/customview In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv7628/src/com/netscape/management/client/topology/customview Modified Files: ViewSelectorComponent.java Log Message: [186105] Admin Server Makefile updates for Internal build Comment #12 . Preference version number was changed to CONSOLE-MAJOR-VERSION.0 . To do that, introduced Console.MAJOR_VERSION . changed to include the patch number in the jar file name . changed to create a symlink: redhat-mcc-7.2.jar pointing to redhat-mcc-7.2.0.jar Index: ViewSelectorComponent.java =================================================================== RCS file: /cvs/dirsec/console/src/com/netscape/management/client/topology/customview/ViewSelectorComponent.java,v retrieving revision 1.1.1.1 retrieving revision 1.2 diff -u -r1.1.1.1 -r1.2 --- ViewSelectorComponent.java 18 Jul 2005 00:34:20 -0000 1.1.1.1 +++ ViewSelectorComponent.java 24 Mar 2006 01:04:38 -0000 1.2 @@ -80,13 +80,13 @@ pm = new LDAPPreferenceManager(ci.getLDAPConnection(), ci.getUserPreferenceDN(), Framework.IDENTIFIER, - Framework.VERSION); + Framework.MAJOR_VERSION); userViewPreferences = (LDAPPreferences) pm.getPreferences("CustomViews"); // private views privateViewDN = userViewPreferences.getDN(); pm = new LDAPPreferenceManager(ci.getLDAPConnection(), "ou=Global Preferences," + LDAPUtil.getInstalledSoftwareDN(), "admin", - Framework.VERSION); + Framework.MAJOR_VERSION); publicViewPreferences = (LDAPPreferences) pm.getPreferences("PublicViews"); publicViewDN = publicViewPreferences.getDN(); From fedora-directory-commits at redhat.com Fri Mar 24 01:05:19 2006 From: fedora-directory-commits at redhat.com (Noriko Hosoi (nhosoi)) Date: Thu, 23 Mar 2006 20:05:19 -0500 Subject: [Fedora-directory-commits] console/src/com/netscape/management/client/util LDAPUtil.java, 1.1.1.1, 1.2 Message-ID: <200603240105.k2O15Jcr007730@cvs-int.fedora.redhat.com> Author: nhosoi Update of /cvs/dirsec/console/src/com/netscape/management/client/util In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv7628/src/com/netscape/management/client/util Modified Files: LDAPUtil.java Log Message: [186105] Admin Server Makefile updates for Internal build Comment #12 . Preference version number was changed to CONSOLE-MAJOR-VERSION.0 . To do that, introduced Console.MAJOR_VERSION . changed to include the patch number in the jar file name . changed to create a symlink: redhat-mcc-7.2.jar pointing to redhat-mcc-7.2.0.jar Index: LDAPUtil.java =================================================================== RCS file: /cvs/dirsec/console/src/com/netscape/management/client/util/LDAPUtil.java,v retrieving revision 1.1.1.1 retrieving revision 1.2 diff -u -r1.1.1.1 -r1.2 --- LDAPUtil.java 18 Jul 2005 00:34:26 -0000 1.1.1.1 +++ LDAPUtil.java 24 Mar 2006 01:04:54 -0000 1.2 @@ -52,7 +52,7 @@ } public static String getAdminGlobalParameterEntry() { - return "ou=" + Console.VERSION + ", ou=admin, ou=Global Preferences,"+ + return "ou=" + Console.MAJOR_VERSION + ", ou=admin, ou=Global Preferences,"+ _isieDN; } @@ -75,7 +75,7 @@ * @param product RDN for a server (e.g. "ou=admin" for the admin server) */ public static String getGlobalParameterEntry(String product) { - return "ou=" + Console.VERSION + "," + product + ", ou=Global Preferences,"+ + return "ou=" + Console.MAJOR_VERSION + "," + product + ", ou=Global Preferences,"+ _isieDN; } From fedora-directory-commits at redhat.com Fri Mar 24 01:04:56 2006 From: fedora-directory-commits at redhat.com (Noriko Hosoi (nhosoi)) Date: Thu, 23 Mar 2006 20:04:56 -0500 Subject: [Fedora-directory-commits] console/src/com/netscape/management/client/ug ChangeDirectoryDialog.java, 1.1.1.1, 1.2 SearchResultPanel.java, 1.1.1.1, 1.2 Message-ID: <200603240105.k2O15QY5007736@cvs-int.fedora.redhat.com> Author: nhosoi Update of /cvs/dirsec/console/src/com/netscape/management/client/ug In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv7628/src/com/netscape/management/client/ug Modified Files: ChangeDirectoryDialog.java SearchResultPanel.java Log Message: [186105] Admin Server Makefile updates for Internal build Comment #12 . Preference version number was changed to CONSOLE-MAJOR-VERSION.0 . To do that, introduced Console.MAJOR_VERSION . changed to include the patch number in the jar file name . changed to create a symlink: redhat-mcc-7.2.jar pointing to redhat-mcc-7.2.0.jar Index: ChangeDirectoryDialog.java =================================================================== RCS file: /cvs/dirsec/console/src/com/netscape/management/client/ug/ChangeDirectoryDialog.java,v retrieving revision 1.1.1.1 retrieving revision 1.2 diff -u -r1.1.1.1 -r1.2 --- ChangeDirectoryDialog.java 18 Jul 2005 00:34:21 -0000 1.1.1.1 +++ ChangeDirectoryDialog.java 24 Mar 2006 01:04:46 -0000 1.2 @@ -345,7 +345,7 @@ */ private void loadPreferences() { PreferenceManager pm = PreferenceManager.getPreferenceManager( - Framework.IDENTIFIER, Framework.VERSION); + Framework.IDENTIFIER, Framework.MAJOR_VERSION); Preferences p = pm.getPreferences(PREFERENCES_SEARCH_DIRECTORY); String host = p.getString(PREFERENCE_HOST, _info.getUserHost()); @@ -397,7 +397,7 @@ */ private void savePreferences() { PreferenceManager pm = PreferenceManager.getPreferenceManager( - Framework.IDENTIFIER, Framework.VERSION); + Framework.IDENTIFIER, Framework.MAJOR_VERSION); Preferences p = pm.getPreferences(PREFERENCES_SEARCH_DIRECTORY); p.set(PREFERENCE_HOST, _info.getUserHost()); Index: SearchResultPanel.java =================================================================== RCS file: /cvs/dirsec/console/src/com/netscape/management/client/ug/SearchResultPanel.java,v retrieving revision 1.1.1.1 retrieving revision 1.2 diff -u -r1.1.1.1 -r1.2 --- SearchResultPanel.java 18 Jul 2005 00:34:24 -0000 1.1.1.1 +++ SearchResultPanel.java 24 Mar 2006 01:04:46 -0000 1.2 @@ -64,7 +64,7 @@ Vector header = new Vector(); PreferenceManager pm = PreferenceManager.getPreferenceManager( - Framework.IDENTIFIER, Framework.VERSION); + Framework.IDENTIFIER, Framework.MAJOR_VERSION); Preferences p = pm.getPreferences(PREFERENCES_RESULT_TABLE); int count = p.getInt(PREFERENCE_COLUMN_COUNT, -1); From fedora-directory-commits at redhat.com Fri Mar 24 01:04:09 2006 From: fedora-directory-commits at redhat.com (Noriko Hosoi (nhosoi)) Date: Thu, 23 Mar 2006 20:04:09 -0500 Subject: [Fedora-directory-commits] console build.properties, 1.7, 1.8 build.xml, 1.10, 1.11 Message-ID: <200603240105.k2O15njn007743@cvs-int.fedora.redhat.com> Author: nhosoi Update of /cvs/dirsec/console In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv7628 Modified Files: build.properties build.xml Log Message: [186105] Admin Server Makefile updates for Internal build Comment #12 . Preference version number was changed to CONSOLE-MAJOR-VERSION.0 . To do that, introduced Console.MAJOR_VERSION . changed to include the patch number in the jar file name . changed to create a symlink: redhat-mcc-7.2.jar pointing to redhat-mcc-7.2.0.jar Index: build.properties =================================================================== RCS file: /cvs/dirsec/console/build.properties,v retrieving revision 1.7 retrieving revision 1.8 diff -u -r1.7 -r1.8 --- build.properties 29 Nov 2005 18:36:50 -0000 1.7 +++ build.properties 24 Mar 2006 01:04:00 -0000 1.8 @@ -21,15 +21,21 @@ lang=en +console.brand=fedora + console.root=. console.version=10 -console.dotversion=1.0 +console.dotversion=1.0.2 +console.dotgenversion=1.0 -mcc.core=fedora-mcc +mcc.core=${console.brand}-mcc mcc.name=${mcc.core}-${console.dotversion} +mcc.gen.name=${mcc.core}-${console.dotgenversion} -nmclf.core=fedora-nmclf +nmclf.core=${console.brand}-nmclf nmclf.name=${nmclf.core}-${console.dotversion} +nmclf.gen.name=${nmclf.core}-${console.dotgenversion} -base.core=fedora-base +base.core=${console.brand}-base base.name=${base.core}-${console.dotversion} +base.gen.name=${base.core}-${console.dotgenversion} Index: build.xml =================================================================== RCS file: /cvs/dirsec/console/build.xml,v retrieving revision 1.10 retrieving revision 1.11 diff -u -r1.10 -r1.11 --- build.xml 20 Mar 2006 21:54:02 -0000 1.10 +++ build.xml 24 Mar 2006 01:04:00 -0000 1.11 @@ -172,10 +172,10 @@ destdir="${built.classdir}" debug="${compile.debug}" debuglevel="lines,vars,source" - deprecation="${compile.deprecation}" + deprecation="${compile.deprecation}" optimize="${compile.optimize}" verbose="no" - fork="true" + fork="true" excludes="**/CVS/**"> @@ -257,6 +257,22 @@ + + + + + + + + + + + + + + + + @@ -270,6 +286,7 @@ + @@ -285,15 +302,15 @@ - + prefix="${console.brand}-console-${console.dotversion}"> From fedora-directory-commits at redhat.com Fri Mar 24 01:04:16 2006 From: fedora-directory-commits at redhat.com (Noriko Hosoi (nhosoi)) Date: Thu, 23 Mar 2006 20:04:16 -0500 Subject: [Fedora-directory-commits] console/src/com/netscape/management/client AboutDialog.java, 1.4, 1.5 FontPreferencesTab.java, 1.1.1.1, 1.2 Framework.java, 1.1.1.1, 1.2 ResourcePage.java, 1.1.1.1, 1.2 SettingsPreferencesTab.java, 1.1.1.1, 1.2 default.properties, 1.3, 1.4 defaultLicense.properties, 1.3, 1.4 Message-ID: <200603240105.k2O15nal007745@cvs-int.fedora.redhat.com> Author: nhosoi Update of /cvs/dirsec/console/src/com/netscape/management/client In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv7628/src/com/netscape/management/client Modified Files: AboutDialog.java FontPreferencesTab.java Framework.java ResourcePage.java SettingsPreferencesTab.java default.properties defaultLicense.properties Log Message: [186105] Admin Server Makefile updates for Internal build Comment #12 . Preference version number was changed to CONSOLE-MAJOR-VERSION.0 . To do that, introduced Console.MAJOR_VERSION . changed to include the patch number in the jar file name . changed to create a symlink: redhat-mcc-7.2.jar pointing to redhat-mcc-7.2.0.jar Index: AboutDialog.java =================================================================== RCS file: /cvs/dirsec/console/src/com/netscape/management/client/AboutDialog.java,v retrieving revision 1.4 retrieving revision 1.5 diff -u -r1.4 -r1.5 --- AboutDialog.java 2 Dec 2005 21:30:04 -0000 1.4 +++ AboutDialog.java 24 Mar 2006 01:04:07 -0000 1.5 @@ -179,7 +179,7 @@ AboutDialog dialog = new AboutDialog(f, "Fedora Management Console"); - dialog.setProduct(UIManager.getIcon("OptionPane.warningIcon"), "Fedora Management Console\056 Console 1.0\nCopyright (C) Red Hat, Inc.", "\n\nThis software is subject to the terms of a license agreement. Please do not use the software unless you agree to all the license terms"); + dialog.setProduct(UIManager.getIcon("OptionPane.warningIcon"), "Fedora Management Console\056 Console 1.0.2\nCopyright (C) Red Hat, Inc.", "\n\nThis software is subject to the terms of a license agreement. Please do not use the software unless you agree to all the license terms"); dialog.addVendor(UIManager.getIcon("OptionPane.informationIcon"), "Contains Phaos SSL encryption software from Phaos Technology Corporation. Copyright © 1998 Phaos Technology Corporation. All Rights Reserved"); dialog.addVendor(UIManager.getIcon("OptionPane.informationIcon"), "Contains encryption software from RSA Data Security, Inc. Copyright © 1994 RSA Data Security, Inc. All rights reserved."); Index: FontPreferencesTab.java =================================================================== RCS file: /cvs/dirsec/console/src/com/netscape/management/client/FontPreferencesTab.java,v retrieving revision 1.1.1.1 retrieving revision 1.2 diff -u -r1.1.1.1 -r1.2 --- FontPreferencesTab.java 18 Jul 2005 00:34:07 -0000 1.1.1.1 +++ FontPreferencesTab.java 24 Mar 2006 01:04:07 -0000 1.2 @@ -57,7 +57,7 @@ public FontPreferencesTab() { - preferenceManager = PreferenceManager.getPreferenceManager(Framework.IDENTIFIER, Framework.VERSION); + preferenceManager = PreferenceManager.getPreferenceManager(Framework.IDENTIFIER, Framework.MAJOR_VERSION); setTitle(i18n("title")); } Index: Framework.java =================================================================== RCS file: /cvs/dirsec/console/src/com/netscape/management/client/Framework.java,v retrieving revision 1.1.1.1 retrieving revision 1.2 diff -u -r1.1.1.1 -r1.2 --- Framework.java 18 Jul 2005 00:34:07 -0000 1.1.1.1 +++ Framework.java 24 Mar 2006 01:04:07 -0000 1.2 @@ -47,6 +47,7 @@ public class Framework extends JFrame implements IFramework, SuiConstants { public static final String IDENTIFIER = Console.IDENTIFIER; public static final String VERSION = Console.VERSION; + public static final String MAJOR_VERSION = Console.MAJOR_VERSION; public static final String PREFERENCES_GENERAL = "General"; public static final String PREFERENCES_FONTS = "Fonts"; @@ -653,7 +654,7 @@ if (_preferenceManager == null) _preferenceManager = PreferenceManager.getPreferenceManager(IDENTIFIER, - VERSION); + MAJOR_VERSION); Preferences p = _preferenceManager.getPreferences(PREFERENCES_GENERAL); Index: ResourcePage.java =================================================================== RCS file: /cvs/dirsec/console/src/com/netscape/management/client/ResourcePage.java,v retrieving revision 1.1.1.1 retrieving revision 1.2 diff -u -r1.1.1.1 -r1.2 --- ResourcePage.java 18 Jul 2005 00:34:08 -0000 1.1.1.1 +++ ResourcePage.java 24 Mar 2006 01:04:07 -0000 1.2 @@ -223,7 +223,7 @@ */ public void initialize(IFramework framework) { PreferenceManager pm = PreferenceManager.getPreferenceManager( - Framework.IDENTIFIER, Framework.VERSION); + Framework.IDENTIFIER, Framework.MAJOR_VERSION); Preferences p = pm.getPreferences(PREFERENCES_RESOURCES); setMainPanel(p.getBoolean(PREFERENCE_SHOW_TREE, true)); @@ -761,7 +761,7 @@ ResourcePage.this.add(_customPanel); } PreferenceManager pm = PreferenceManager.getPreferenceManager( - Framework.IDENTIFIER, Framework.VERSION); + Framework.IDENTIFIER, Framework.MAJOR_VERSION); Preferences p = pm.getPreferences(PREFERENCES_RESOURCES); p.set(PREFERENCE_SHOW_TREE, _isTreeVisible); } Index: SettingsPreferencesTab.java =================================================================== RCS file: /cvs/dirsec/console/src/com/netscape/management/client/SettingsPreferencesTab.java,v retrieving revision 1.1.1.1 retrieving revision 1.2 diff -u -r1.1.1.1 -r1.2 --- SettingsPreferencesTab.java 18 Jul 2005 00:34:08 -0000 1.1.1.1 +++ SettingsPreferencesTab.java 24 Mar 2006 01:04:07 -0000 1.2 @@ -147,19 +147,19 @@ Console.setLocalPreferencesFlag( !storeDirectoryRadio.isSelected()); PreferenceManager pm = PreferenceManager.getPreferenceManager( - Framework.IDENTIFIER, Framework.VERSION); + Framework.IDENTIFIER, Framework.MAJOR_VERSION); Preferences p = pm.getPreferences(Framework.PREFERENCES_GENERAL); if (storeLocalState != storeDiskRadio.isSelected()) { if (storeDiskRadio.isSelected()) { copyPreferences(pm, new FilePreferenceManager( - Framework.IDENTIFIER, Framework.VERSION)); + Framework.IDENTIFIER, Framework.MAJOR_VERSION)); } else { ConsoleInfo ci = Console.getConsoleInfo(); PreferenceManager toMgr = new LDAPPreferenceManager( ci.getLDAPConnection(), ci.getUserPreferenceDN(), - Framework.IDENTIFIER, Framework.VERSION); + Framework.IDENTIFIER, Framework.MAJOR_VERSION); copyPreferences(pm, toMgr); } } Index: default.properties =================================================================== RCS file: /cvs/dirsec/console/src/com/netscape/management/client/default.properties,v retrieving revision 1.3 retrieving revision 1.4 diff -u -r1.3 -r1.4 --- default.properties 26 Oct 2005 23:16:15 -0000 1.3 +++ default.properties 24 Mar 2006 01:04:07 -0000 1.4 @@ -63,8 +63,8 @@ menu-HelpSearch=&Search menu-HelpIndex=&Index menu-HelpWebHelp=Web-based &Resources -menu-HelpSuiteSpot=&Fedora Website -menu-HelpDocHome=http://fedora.redhat.com +menu-HelpSuiteSpot=Documentation &Home +menu-HelpDocHome=directory.fedora.redhat.com menu-HelpBookshelf=&Bookshelf menu-HelpAbout=&About... @@ -123,5 +123,5 @@ fontTab-fontProfile=Font Profile fontTab-table_tt=Font table of screen elements and corresponding sample font -banner-console=Fedora Management Console 1.0 +banner-console=Fedora Management Console 1.0.2 Index: defaultLicense.properties =================================================================== RCS file: /cvs/dirsec/console/src/com/netscape/management/client/defaultLicense.properties,v retrieving revision 1.3 retrieving revision 1.4 diff -u -r1.3 -r1.4 --- defaultLicense.properties 26 Oct 2005 23:16:15 -0000 1.3 +++ defaultLicense.properties 24 Mar 2006 01:04:07 -0000 1.4 @@ -17,7 +17,7 @@ # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA # END COPYRIGHT BLOCK # -defaultAbout-dialogTitle=Fedora Management Console 1.0 +defaultAbout-dialogTitle=Fedora Management Console 1.0.2 defaultAbout-productLogo=com/netscape/management/client/images/logo32.gif defaultAbout-productCopyright=Copyright (C) 2001 Sun Microsystems, Inc. Used by permission.\nCopyright (C) 2005 Red Hat, Inc.\nAll rights reserved. defaultAbout-productLicense=Fedora is a trademark of Red Hat, Inc. in the United States and other countries and is used by permission. From fedora-directory-commits at redhat.com Fri Mar 24 01:04:39 2006 From: fedora-directory-commits at redhat.com (Noriko Hosoi (nhosoi)) Date: Thu, 23 Mar 2006 20:04:39 -0500 Subject: [Fedora-directory-commits] console/src/com/netscape/management/client/console Console.java, 1.5, 1.6 console.properties, 1.3, 1.4 Message-ID: <200603240105.k2O15n1U007744@cvs-int.fedora.redhat.com> Author: nhosoi Update of /cvs/dirsec/console/src/com/netscape/management/client/console In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv7628/src/com/netscape/management/client/console Modified Files: Console.java console.properties Log Message: [186105] Admin Server Makefile updates for Internal build Comment #12 . Preference version number was changed to CONSOLE-MAJOR-VERSION.0 . To do that, introduced Console.MAJOR_VERSION . changed to include the patch number in the jar file name . changed to create a symlink: redhat-mcc-7.2.jar pointing to redhat-mcc-7.2.0.jar Index: Console.java =================================================================== RCS file: /cvs/dirsec/console/src/com/netscape/management/client/console/Console.java,v retrieving revision 1.5 retrieving revision 1.6 diff -u -r1.5 -r1.6 --- Console.java 9 Feb 2006 23:57:20 -0000 1.5 +++ Console.java 24 Mar 2006 01:04:14 -0000 1.6 @@ -56,7 +56,8 @@ // preference information // public static final String IDENTIFIER = "Console"; - public static final String VERSION = "1.0"; + public static final String VERSION = "1.0.2"; + public static final String MAJOR_VERSION = "1.0"; public static final String PREFERENCES_LOGIN = IDENTIFIER + "." + VERSION + ".Login.preferences"; Index: console.properties =================================================================== RCS file: /cvs/dirsec/console/src/com/netscape/management/client/console/console.properties,v retrieving revision 1.3 retrieving revision 1.4 diff -u -r1.3 -r1.4 --- console.properties 26 Oct 2005 23:16:23 -0000 1.3 +++ console.properties 24 Mar 2006 01:04:14 -0000 1.4 @@ -18,7 +18,7 @@ # END COPYRIGHT BLOCK # console-title=Fedora Management Console -console-displayVersion=1.0 +console-displayVersion=1.0.2 login-username=User ID: login-password=Password: From fedora-directory-commits at redhat.com Fri Mar 24 01:13:39 2006 From: fedora-directory-commits at redhat.com (Noriko Hosoi (nhosoi)) Date: Thu, 23 Mar 2006 20:13:39 -0500 Subject: [Fedora-directory-commits] adminserver/admserv/schema/ldif tasks.ldif, 1.6, 1.7 unixtasks.ldif, 1.5, 1.6 Message-ID: <200603240113.k2O1Ddue007881@cvs-int.fedora.redhat.com> Author: nhosoi Update of /cvs/dirsec/adminserver/admserv/schema/ldif In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv7771/admserv/schema/ldif Modified Files: tasks.ldif unixtasks.ldif Log Message: [186105] Admin Server Makefile updates for Internal build Comment #11 . fixed jss jar file name to jss3.jar; mistakenly put minor version number in the previous checkin (jss37.jar) . changed to include the patch number in the jar file name . fixed admin console package name in the Global Preferences: admserv72.jar -> redhat-admserv-7.2.jar . changed to create a symlink: redhat-admserv-7.2.jar pointing redhat-admserv-7.2.0.jar . introduced CONSOLE-GEN-VERSION and CONSOLE-MAJOR-VERSION in the branding data Index: tasks.ldif =================================================================== RCS file: /cvs/dirsec/adminserver/admserv/schema/ldif/tasks.ldif,v retrieving revision 1.6 retrieving revision 1.7 diff -u -r1.6 -r1.7 --- tasks.ldif 28 Oct 2005 22:44:23 -0000 1.6 +++ tasks.ldif 24 Mar 2006 01:13:30 -0000 1.7 @@ -39,7 +39,7 @@ objectclass: nsAdminObject nshelpref: admin/stopadm.html nsexecref: stopsrv -nsclassname: com.netscape.management.admserv.task.Stop at admserv10.jar +nsclassname: com.netscape.management.admserv.task.Stop at fedora-admserv-1.0.jar dn: cn=Restart, cn=Operation, cn=Tasks objectclass: top @@ -47,7 +47,7 @@ objectclass: nsAdminObject nshelpref: admin/restartadm.html nsexecref: restartsrv -nsclassname: com.netscape.management.admserv.task.Restart at admserv10.jar +nsclassname: com.netscape.management.admserv.task.Restart at fedora-admserv-1.0.jar dn: cn=Authenticate, cn=Operation, cn=Tasks objectclass: top @@ -104,7 +104,7 @@ objectclass: nsAdminObject nshelpref: nsexecref: config -nsclassname: com.netscape.management.admserv.task.ServerSetup at admserv10.jar +nsclassname: com.netscape.management.admserv.task.ServerSetup at fedora-admserv-1.0.jar dn: cn=DirectorySetup, cn=configuration, cn=Tasks objectclass: top @@ -133,7 +133,7 @@ objectclass: nsAdminObject nshelpref: admin/logging.html nsexecref: config -nsclassname: com.netscape.management.admserv.task.Logging at admserv10.jar +nsclassname: com.netscape.management.admserv.task.Logging at fedora-admserv-1.0.jar dn: cn=SecurityOp, cn=configuration, cn=Tasks objectclass: top @@ -148,7 +148,7 @@ objectclass: nsAdminObject nshelpref: admin/certrequest.html nsexecref: -nsclassname: com.netscape.management.admserv.task.CertSetup at admserv10.jar +nsclassname: com.netscape.management.admserv.task.CertSetup at fedora-admserv-1.0.jar dn: cn=SSLActivate, cn=configuration, cn=Tasks objectclass: top Index: unixtasks.ldif =================================================================== RCS file: /cvs/dirsec/adminserver/admserv/schema/ldif/unixtasks.ldif,v retrieving revision 1.5 retrieving revision 1.6 diff -u -r1.5 -r1.6 --- unixtasks.ldif 28 Oct 2005 22:44:23 -0000 1.5 +++ unixtasks.ldif 24 Mar 2006 01:13:30 -0000 1.6 @@ -35,5 +35,5 @@ objectclass: nsAdminObject nshelpref: nsexecref: snmpconf -nsclassname: com.netscape.management.admserv.task.SNMPSetup at admserv10.jar +nsclassname: com.netscape.management.admserv.task.SNMPSetup at fedora-admserv-1.0.jar From fedora-directory-commits at redhat.com Fri Mar 24 01:13:10 2006 From: fedora-directory-commits at redhat.com (Noriko Hosoi (nhosoi)) Date: Thu, 23 Mar 2006 20:13:10 -0500 Subject: [Fedora-directory-commits] adminserver/admserv/console/src/com/netscape/management/admserv/cmdln version.dat, 1.1.1.1, 1.2 Message-ID: <200603240113.k2O1DePS007882@cvs-int.fedora.redhat.com> Author: nhosoi Update of /cvs/dirsec/adminserver/admserv/console/src/com/netscape/management/admserv/cmdln In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv7771/admserv/console/src/com/netscape/management/admserv/cmdln Modified Files: version.dat Log Message: [186105] Admin Server Makefile updates for Internal build Comment #11 . fixed jss jar file name to jss3.jar; mistakenly put minor version number in the previous checkin (jss37.jar) . changed to include the patch number in the jar file name . fixed admin console package name in the Global Preferences: admserv72.jar -> redhat-admserv-7.2.jar . changed to create a symlink: redhat-admserv-7.2.jar pointing redhat-admserv-7.2.0.jar . introduced CONSOLE-GEN-VERSION and CONSOLE-MAJOR-VERSION in the branding data Index: version.dat =================================================================== RCS file: /cvs/dirsec/adminserver/admserv/console/src/com/netscape/management/admserv/cmdln/version.dat,v retrieving revision 1.1.1.1 retrieving revision 1.2 diff -u -r1.1.1.1 -r1.2 --- version.dat 1 Feb 2005 23:14:31 -0000 1.1.1.1 +++ version.dat 24 Mar 2006 01:13:00 -0000 1.2 @@ -1,5 +1,5 @@ -Administration Server Command Line (admconfig) version 6.2 - -Copyright (c) 2001 Netscape Communications Corp. +Administration Server Command Line (admconfig) version 7.2.1 +Copyright (C) 2005 Red Hat, Inc. +All rights reserved. From fedora-directory-commits at redhat.com Fri Mar 24 01:12:37 2006 From: fedora-directory-commits at redhat.com (Noriko Hosoi (nhosoi)) Date: Thu, 23 Mar 2006 20:12:37 -0500 Subject: [Fedora-directory-commits] adminserver/admserv pkgadmin.mk, 1.44, 1.45 Message-ID: <200603240114.k2O1E70v007892@cvs-int.fedora.redhat.com> Author: nhosoi Update of /cvs/dirsec/adminserver/admserv In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv7771/admserv Modified Files: pkgadmin.mk Log Message: [186105] Admin Server Makefile updates for Internal build Comment #11 . fixed jss jar file name to jss3.jar; mistakenly put minor version number in the previous checkin (jss37.jar) . changed to include the patch number in the jar file name . fixed admin console package name in the Global Preferences: admserv72.jar -> redhat-admserv-7.2.jar . changed to create a symlink: redhat-admserv-7.2.jar pointing redhat-admserv-7.2.0.jar . introduced CONSOLE-GEN-VERSION and CONSOLE-MAJOR-VERSION in the branding data Index: pkgadmin.mk =================================================================== RCS file: /cvs/dirsec/adminserver/admserv/pkgadmin.mk,v retrieving revision 1.44 retrieving revision 1.45 diff -u -r1.44 -r1.45 --- pkgadmin.mk 22 Mar 2006 22:53:48 -0000 1.44 +++ pkgadmin.mk 24 Mar 2006 01:12:27 -0000 1.45 @@ -154,7 +154,8 @@ # grab the jar files cd $(ADMIN_JARS) ; \ - cp -p fedora-admserv-$(ADM_SUF).jar fedora-admserv-$(ADM_SUF)_en.jar $(CLIENT_DIR)/java/jars + cp -p $(ADMIN_BRAND)-admserv-$(ADM_SUF).jar $(ADMIN_BRAND)-admserv-$(ADM_SUF)_en.jar $(CLIENT_DIR)/java/jars; \ + (cd $(CLIENT_DIR)/java/jars; ln -s $(ADMIN_BRAND)-admserv-$(ADM_SUF).jar $(ADMIN_BRAND)-admserv-$(ADM_GEN_SUF).jar; ln -s $(ADMIN_BRAND)-admserv-$(ADM_SUF)_en.jar $(ADMIN_BRAND)-admserv-$(ADM_GEN_SUF)_en.jar) # # Cleanup before making distributable zip From fedora-directory-commits at redhat.com Fri Mar 24 01:13:24 2006 From: fedora-directory-commits at redhat.com (Noriko Hosoi (nhosoi)) Date: Thu, 23 Mar 2006 20:13:24 -0500 Subject: [Fedora-directory-commits] adminserver/admserv/newinst/insadm Makefile, 1.13, 1.14 Message-ID: <200603240114.k2O1E7VD007887@cvs-int.fedora.redhat.com> Author: nhosoi Update of /cvs/dirsec/adminserver/admserv/newinst/insadm In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv7771/admserv/newinst/insadm Modified Files: Makefile Log Message: [186105] Admin Server Makefile updates for Internal build Comment #11 . fixed jss jar file name to jss3.jar; mistakenly put minor version number in the previous checkin (jss37.jar) . changed to include the patch number in the jar file name . fixed admin console package name in the Global Preferences: admserv72.jar -> redhat-admserv-7.2.jar . changed to create a symlink: redhat-admserv-7.2.jar pointing redhat-admserv-7.2.0.jar . introduced CONSOLE-GEN-VERSION and CONSOLE-MAJOR-VERSION in the branding data Index: Makefile =================================================================== RCS file: /cvs/dirsec/adminserver/admserv/newinst/insadm/Makefile,v retrieving revision 1.13 retrieving revision 1.14 diff -u -r1.13 -r1.14 --- Makefile 29 Sep 2005 22:12:00 -0000 1.13 +++ Makefile 24 Mar 2006 01:13:08 -0000 1.14 @@ -315,8 +315,8 @@ -rm $(STARTCONZDIR)/console.z mkdir -p $(STARTCONZDIR)/java/jars mkdir -p $(STARTCONZDIR)/bin/base - cp $(ADMIN_JARS)/admserv$(ADM_SUF).jar $(STARTCONZDIR)/java/jars - cp $(ADMIN_JARS)/admserv$(ADM_SUF)_en.jar $(STARTCONZDIR)/java/jars + cp $(ADMIN_JARS)/$(ADMIN_BRAND)-admserv-$(ADM_SUF).jar $(STARTCONZDIR)/java/jars + cp $(ADMIN_JARS)/$(ADMIN_BRAND)-admserv-$(ADM_SUF)_en.jar $(STARTCONZDIR)/java/jars cp $(SRC_ADMSERV)/viewurl.exe $(STARTCONZDIR)/bin/base cp $(SRC_ADMSERV)/jre.inf $(STARTCONZDIR)/java cd $(STARTCONZDIR) ; $(ZIP) -r console.z '*' From fedora-directory-commits at redhat.com Fri Mar 24 01:13:02 2006 From: fedora-directory-commits at redhat.com (Noriko Hosoi (nhosoi)) Date: Thu, 23 Mar 2006 20:13:02 -0500 Subject: [Fedora-directory-commits] adminserver/admserv/console build.properties, 1.11, 1.12 Message-ID: <200603240114.k2O1E7UJ007890@cvs-int.fedora.redhat.com> Author: nhosoi Update of /cvs/dirsec/adminserver/admserv/console In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv7771/admserv/console Modified Files: build.properties Log Message: [186105] Admin Server Makefile updates for Internal build Comment #11 . fixed jss jar file name to jss3.jar; mistakenly put minor version number in the previous checkin (jss37.jar) . changed to include the patch number in the jar file name . fixed admin console package name in the Global Preferences: admserv72.jar -> redhat-admserv-7.2.jar . changed to create a symlink: redhat-admserv-7.2.jar pointing redhat-admserv-7.2.0.jar . introduced CONSOLE-GEN-VERSION and CONSOLE-MAJOR-VERSION in the branding data Index: build.properties =================================================================== RCS file: /cvs/dirsec/adminserver/admserv/console/build.properties,v retrieving revision 1.11 retrieving revision 1.12 diff -u -r1.11 -r1.12 --- build.properties 21 Mar 2006 18:33:54 -0000 1.11 +++ build.properties 24 Mar 2006 01:12:35 -0000 1.12 @@ -21,7 +21,7 @@ # END COPYRIGHT BLOCK adminconsole.root=../.. -mcc.version=1.0 +mcc.version=1.0.2 admin.core=admserv admin.brand=fedora From fedora-directory-commits at redhat.com Fri Mar 24 01:12:29 2006 From: fedora-directory-commits at redhat.com (Noriko Hosoi (nhosoi)) Date: Thu, 23 Mar 2006 20:12:29 -0500 Subject: [Fedora-directory-commits] adminserver components.mk, 1.43, 1.44 nsconfig.mk, 1.27, 1.28 Message-ID: <200603240114.k2O1E7eT007891@cvs-int.fedora.redhat.com> Author: nhosoi Update of /cvs/dirsec/adminserver In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv7771 Modified Files: components.mk nsconfig.mk Log Message: [186105] Admin Server Makefile updates for Internal build Comment #11 . fixed jss jar file name to jss3.jar; mistakenly put minor version number in the previous checkin (jss37.jar) . changed to include the patch number in the jar file name . fixed admin console package name in the Global Preferences: admserv72.jar -> redhat-admserv-7.2.jar . changed to create a symlink: redhat-admserv-7.2.jar pointing redhat-admserv-7.2.0.jar . introduced CONSOLE-GEN-VERSION and CONSOLE-MAJOR-VERSION in the branding data Index: components.mk =================================================================== RCS file: /cvs/dirsec/adminserver/components.mk,v retrieving revision 1.43 retrieving revision 1.44 diff -u -r1.43 -r1.44 --- components.mk 21 Mar 2006 19:48:49 -0000 1.43 +++ components.mk 24 Mar 2006 01:12:20 -0000 1.44 @@ -356,10 +356,11 @@ # Console java classes ############################################################# -NMCJDK_SUF = 1.0 +NMCJDK_SUF = 1.0.2 +NMCJDK_GEN_SUF = 1.0 NMCJDK_RELDATE = 20060320 -NMCJDK_COMP = console/$(NMCJDK_SUF) +NMCJDK_COMP = console/$(NMCJDK_GEN_SUF) NMCJDK_VERSION = $(NMCJDK_RELDATE) @@ -383,6 +384,12 @@ mkdir -p $(CLASS_DEST) # grab the jar files $(PERL5) $(RELTOOLS)/ftp_puller.pl -method $(NMCJDK_METHOD) -objdir $(CLASS_DEST) -componentdir $(NMCJDK_DIR)/java -files $(ADMIN_BRAND)-base-$(NMCJDK_SUF).jar,$(ADMIN_BRAND)-mcc-$(NMCJDK_SUF).jar,$(ADMIN_BRAND)-mcc-$(NMCJDK_SUF)_en.jar,$(ADMIN_BRAND)-nmclf-$(NMCJDK_SUF).jar,$(ADMIN_BRAND)-nmclf-$(NMCJDK_SUF)_en.jar +# make symlinks; cannot FTP symlinked files + -(cd $(CLASS_DEST); ln -s $(ADMIN_BRAND)-base-$(NMCJDK_SUF).jar $(ADMIN_BRAND)-base-$(NMCJDK_GEN_SUF).jar) + -(cd $(CLASS_DEST); ln -s $(ADMIN_BRAND)-mcc-$(NMCJDK_SUF).jar $(ADMIN_BRAND)-mcc-$(NMCJDK_GEN_SUF).jar) + -(cd $(CLASS_DEST); ln -s $(ADMIN_BRAND)-mcc-$(NMCJDK_SUF)_en.jar $(ADMIN_BRAND)-mcc-$(NMCJDK_GEN_SUF)_en.jar) + -(cd $(CLASS_DEST); ln -s $(ADMIN_BRAND)-nmclf-$(NMCJDK_SUF).jar $(ADMIN_BRAND)-nmclf-$(NMCJDK_GEN_SUF).jar) + -(cd $(CLASS_DEST); ln -s $(ADMIN_BRAND)-nmclf-$(NMCJDK_SUF)_en.jar $(ADMIN_BRAND)-nmclf-$(NMCJDK_GEN_SUF)_en.jar) # grab the startconsole program $(PERL5) $(RELTOOLS)/ftp_puller.pl -method $(NMCJDK_METHOD) -objdir $(CLASS_DEST) -componentdir $(NMCJDK_DIR) -files startconsole && chmod +x $(CLASS_DEST)/startconsole else # INTERNAL_BUILD @@ -394,7 +401,8 @@ ############################################################# JSS_SDK_VERSION = JSS_3_7_RTM -JSSSDK = jss37.jar +# xpclass.jar is copied to this name. don't put the minor version number +JSSSDK = jss3.jar XPCLASS = $(JSS_JAR_NAME) ifeq ($(INT_JSS), 1) Index: nsconfig.mk =================================================================== RCS file: /cvs/dirsec/adminserver/nsconfig.mk,v retrieving revision 1.27 retrieving revision 1.28 diff -u -r1.27 -r1.28 --- nsconfig.mk 21 Mar 2006 19:48:49 -0000 1.27 +++ nsconfig.mk 24 Mar 2006 01:12:20 -0000 1.28 @@ -530,7 +530,8 @@ endif endif -ADM_SUF=1.0 +ADM_SUF=1.0.2 +ADM_GEN_SUF=1.0 # CLEAN THIS UP From fedora-directory-commits at redhat.com Fri Mar 24 01:13:32 2006 From: fedora-directory-commits at redhat.com (Noriko Hosoi (nhosoi)) Date: Thu, 23 Mar 2006 20:13:32 -0500 Subject: [Fedora-directory-commits] adminserver/admserv/newinst/src ux-update.cc, 1.19, 1.20 Message-ID: <200603240114.k2O1E7hU007889@cvs-int.fedora.redhat.com> Author: nhosoi Update of /cvs/dirsec/adminserver/admserv/newinst/src In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv7771/admserv/newinst/src Modified Files: ux-update.cc Log Message: [186105] Admin Server Makefile updates for Internal build Comment #11 . fixed jss jar file name to jss3.jar; mistakenly put minor version number in the previous checkin (jss37.jar) . changed to include the patch number in the jar file name . fixed admin console package name in the Global Preferences: admserv72.jar -> redhat-admserv-7.2.jar . changed to create a symlink: redhat-admserv-7.2.jar pointing redhat-admserv-7.2.0.jar . introduced CONSOLE-GEN-VERSION and CONSOLE-MAJOR-VERSION in the branding data Index: ux-update.cc =================================================================== RCS file: /cvs/dirsec/adminserver/admserv/newinst/src/ux-update.cc,v retrieving revision 1.19 retrieving revision 1.20 diff -u -r1.19 -r1.20 --- ux-update.cc 22 Feb 2006 02:28:51 -0000 1.19 +++ ux-update.cc 24 Mar 2006 01:13:15 -0000 1.20 @@ -950,7 +950,7 @@ appEntry->addAttribute("installationTimeStamp", adminInfo->timeStamp()); appEntry->addAttribute("nsExpirationDate", adminInfo->get(PKG_EXPIRY)); appEntry->addAttribute("nsBuildSecurity", adminInfo->get(PKG_SECURITY)); - appEntry->addAttribute("nsServerMigrationClassName", "com.netscape.management.admserv.AdminServerProduct at admserv10.jar"); + appEntry->addAttribute("nsServerMigrationClassName", "com.netscape.management.admserv.AdminServerProduct at fedora-admserv-1.0.jar"); sieEntry->clear(); @@ -1061,7 +1061,7 @@ configEntry->addAttribute ("nsDefaultAcceptLanguage", adminInfo->get(PKG_DEFAULT_LANGUAGE)); - sprintf(tstr, "com.netscape.management.admserv.AdminServer at admserv10.jar@%s", sieDN.data()); + sprintf(tstr, "com.netscape.management.admserv.AdminServer at fedora-admserv-1.0.jar@%s", sieDN.data()); configEntry->addAttribute ("nsClassname", tstr); // Set the appropriate ACI on for this branch @@ -1072,7 +1072,7 @@ else { const char *s; - sprintf(tstr, "com.netscape.management.admserv.AdminServer at admserv10.jar@%s", sieDN.data()); + sprintf(tstr, "com.netscape.management.admserv.AdminServer at fedora-admserv-1.0.jar@%s", sieDN.data()); configEntry->setAttribute ("nsClassname", tstr); configEntry->setAttribute ("nsServerPort", dir); configEntry->setAttribute ("nsSuiteSpotUser", adminUser); From fedora-directory-commits at redhat.com Fri Mar 24 02:50:51 2006 From: fedora-directory-commits at redhat.com (Noriko Hosoi (nhosoi)) Date: Thu, 23 Mar 2006 21:50:51 -0500 Subject: [Fedora-directory-commits] setuputil nsconfig.mk,1.9,1.10 Message-ID: <200603240250.k2O2opkV010270@cvs-int.fedora.redhat.com> Author: nhosoi Update of /cvs/dirsec/setuputil In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv10253 Modified Files: nsconfig.mk Log Message: Don't set "-AA" for HP-UX PA_RISC Index: nsconfig.mk =================================================================== RCS file: /cvs/dirsec/setuputil/nsconfig.mk,v retrieving revision 1.9 retrieving revision 1.10 diff -u -r1.9 -r1.10 --- nsconfig.mk 23 Mar 2006 20:45:31 -0000 1.9 +++ nsconfig.mk 24 Mar 2006 02:50:43 -0000 1.10 @@ -220,14 +220,16 @@ ifdef MODERNHP CC=cc -Ae +ESlit CXX=aCC -ARCH_CFLAGS=-AA # the default on ipf, but also use it elsewhere +# ARCH_CFLAGS=-AA # if set on PA_RISC, build fails by not found ifeq ($(NSOS_RELEASE), B.11.23) + ARCH_CFLAGS=-AA # the default on ipf, but also use it elsewhere ifeq ($(USE_64), 1) BIT_SWITCH=+DD64 else BIT_SWITCH=+DD32 endif else # 11.11 or earlier + ARCH_CFLAGS= ifeq ($(USE_64), 1) BIT_SWITCH=+DA2.0W +DS2.0 else From fedora-directory-commits at redhat.com Fri Mar 24 04:19:57 2006 From: fedora-directory-commits at redhat.com (Noriko Hosoi (nhosoi)) Date: Thu, 23 Mar 2006 23:19:57 -0500 Subject: [Fedora-directory-commits] adminserver components.mk,1.44,1.45 Message-ID: <200603240419.k2O4JvNJ014527@cvs-int.fedora.redhat.com> Author: nhosoi Update of /cvs/dirsec/adminserver In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv14490 Modified Files: components.mk Log Message: Picking up new AdminUtil, SetupUtil, and Console. Index: components.mk =================================================================== RCS file: /cvs/dirsec/adminserver/components.mk,v retrieving revision 1.44 retrieving revision 1.45 diff -u -r1.44 -r1.45 --- components.mk 24 Mar 2006 01:12:20 -0000 1.44 +++ components.mk 24 Mar 2006 04:19:49 -0000 1.45 @@ -137,7 +137,7 @@ # SETUPUTIL ############################################################## -SETUPUTIL_RELDATE = 20060307 +SETUPUTIL_RELDATE = 20060323 SETUPUTIL_FILE = setuputil.tar.gz SETUPUTIL_COMPNAME = setuputil/1.0 @@ -171,7 +171,7 @@ ############################################################### ADMINUTIL_SUF = 10 -ADMINUTIL_RELDATE = 20060307 +ADMINUTIL_RELDATE = 20060323 ADMINUTIL_VERSION = $(ADMINUTIL_RELDATE) ADMINUTIL_ROOT = $(NSCP_COMPDIR)/adminutil ADMINUTIL_COMPNAME = adminutil/1.0 @@ -358,7 +358,7 @@ NMCJDK_SUF = 1.0.2 NMCJDK_GEN_SUF = 1.0 -NMCJDK_RELDATE = 20060320 +NMCJDK_RELDATE = 20060323 NMCJDK_COMP = console/$(NMCJDK_GEN_SUF) From fedora-directory-commits at redhat.com Fri Mar 24 04:48:46 2006 From: fedora-directory-commits at redhat.com (Noriko Hosoi (nhosoi)) Date: Thu, 23 Mar 2006 23:48:46 -0500 Subject: [Fedora-directory-commits] adminutil/lib/libadmsslutil admsslutil.c, 1.3, 1.4 Message-ID: <200603240448.k2O4mk6O014700@cvs-int.fedora.redhat.com> Author: nhosoi Update of /cvs/dirsec/adminutil/lib/libadmsslutil In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv14683 Modified Files: admsslutil.c Log Message: Replaced PL_Free with PR_Free. Index: admsslutil.c =================================================================== RCS file: /cvs/dirsec/adminutil/lib/libadmsslutil/admsslutil.c,v retrieving revision 1.3 retrieving revision 1.4 diff -u -r1.3 -r1.4 --- admsslutil.c 22 Mar 2006 23:47:20 -0000 1.3 +++ admsslutil.c 24 Mar 2006 04:48:38 -0000 1.4 @@ -269,8 +269,8 @@ if((!certdbFile) || (!keydbFile) || (!admroot)) return -1; errCode = initNSS(certdbFile, keydbFile); - PL_Free(certdbFile); - PL_Free(keydbFile); + PR_Free(certdbFile); + PR_Free(keydbFile); return errCode; } From fedora-directory-commits at redhat.com Fri Mar 24 19:05:48 2006 From: fedora-directory-commits at redhat.com (Nathan Kinder (nkinder)) Date: Fri, 24 Mar 2006 14:05:48 -0500 Subject: [Fedora-directory-commits] console/src/com/netscape/management/client/console VersionInfo.java, 1.2, 1.3 genverinfo.sh, 1.2, 1.3 Message-ID: <200603241905.k2OJ5muS019956@cvs-int.fedora.redhat.com> Author: nkinder Update of /cvs/dirsec/console/src/com/netscape/management/client/console In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv19921/src/com/netscape/management/client/console Modified Files: VersionInfo.java genverinfo.sh Log Message: 186612 - Console.getVersionNumber method needs to return version as major.minor Index: VersionInfo.java =================================================================== RCS file: /cvs/dirsec/console/src/com/netscape/management/client/console/VersionInfo.java,v retrieving revision 1.2 retrieving revision 1.3 diff -u -r1.2 -r1.3 --- VersionInfo.java 26 Oct 2005 23:16:23 -0000 1.2 +++ VersionInfo.java 24 Mar 2006 19:05:37 -0000 1.3 @@ -37,7 +37,7 @@ * @return Console Version Number */ public static String getVersionNumber() { - return _resource.getString("console","versionNumber"); + return _resource.getString("console","majorVersionNumber"); } /** Index: genverinfo.sh =================================================================== RCS file: /cvs/dirsec/console/src/com/netscape/management/client/console/genverinfo.sh,v retrieving revision 1.2 retrieving revision 1.3 diff -u -r1.2 -r1.3 --- genverinfo.sh 15 Sep 2005 22:06:49 -0000 1.2 +++ genverinfo.sh 24 Mar 2006 19:05:38 -0000 1.3 @@ -28,11 +28,12 @@ # # -if [ $# -ne 3 ]; then - echo Usage: $0 outputFile versionNumber buildNumberFile +if [ $# -ne 4 ]; then + echo Usage: $0 outputFile versionNumber majorVersionNumber buildNumberFile exit 1 fi echo console-versionNumber=$2 > $1 -bld=`cat $3` +echo console-majorVersionNumber=$3 > $1 +bld=`cat $4` echo console-buildNumber=`eval eval echo $bld` >> $1 From fedora-directory-commits at redhat.com Fri Mar 24 19:05:39 2006 From: fedora-directory-commits at redhat.com (Nathan Kinder (nkinder)) Date: Fri, 24 Mar 2006 14:05:39 -0500 Subject: [Fedora-directory-commits] console build.xml, 1.11, 1.12 startconsole-sandbox, 1.1, 1.2 Message-ID: <200603241906.k2OJ6ALv019960@cvs-int.fedora.redhat.com> Author: nkinder Update of /cvs/dirsec/console In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv19921 Modified Files: build.xml startconsole-sandbox Log Message: 186612 - Console.getVersionNumber method needs to return version as major.minor Index: build.xml =================================================================== RCS file: /cvs/dirsec/console/build.xml,v retrieving revision 1.11 retrieving revision 1.12 diff -u -r1.11 -r1.12 --- build.xml 24 Mar 2006 01:04:00 -0000 1.11 +++ build.xml 24 Mar 2006 19:05:16 -0000 1.12 @@ -63,6 +63,7 @@ + Index: startconsole-sandbox =================================================================== RCS file: /cvs/dirsec/console/startconsole-sandbox,v retrieving revision 1.1 retrieving revision 1.2 diff -u -r1.1 -r1.2 --- startconsole-sandbox 29 Nov 2005 18:36:50 -0000 1.1 +++ startconsole-sandbox 24 Mar 2006 19:05:16 -0000 1.2 @@ -27,6 +27,13 @@ fi # +# Set library path to ensure we pick up our local libraries +# +export LD_LIBRARY_PATH=./lib:${LD_LIBRARY_PATH} +export SHLIB_PATH=./lib:${SHLIB_PATH} +export DYLD_LIBRARY_PATH=./lib:${DYLD_LIBRARY_PATH} + +# # Launch the Console # java -ms8m -mx64m -cp ./java/jss3.jar:./java/ldapjdk.jar:./java/fedora-base-1.0.jar:./java/fedora-mcc-1.0.jar:./java/fedora-mcc-1.0_en.jar:./java/fedora-nmclf-1.0.jar:./java/fedora-nmclf-1.0_en.jar -Djava.library.path=./lib -Djava.util.prefs.systemRoot="$HOME/.fedora-console" -Djava.util.prefs.userRoot="$HOME/.fedora-console" com.netscape.management.client.console.Console $* From fedora-directory-commits at redhat.com Fri Mar 24 19:13:42 2006 From: fedora-directory-commits at redhat.com (Noriko Hosoi (nhosoi)) Date: Fri, 24 Mar 2006 14:13:42 -0500 Subject: [Fedora-directory-commits] adminserver/admserv/cfgstuff admserv.conf, 1.14, 1.15 Message-ID: <200603241913.k2OJDg0t020076@cvs-int.fedora.redhat.com> Author: nhosoi Update of /cvs/dirsec/adminserver/admserv/cfgstuff In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv20013/cfgstuff Modified Files: admserv.conf Log Message: [186105] Admin Server Makefile updates for Internal build Allow FollowSymLinks in java dir Index: admserv.conf =================================================================== RCS file: /cvs/dirsec/adminserver/admserv/cfgstuff/admserv.conf,v retrieving revision 1.14 retrieving revision 1.15 diff -u -r1.14 -r1.15 --- admserv.conf 28 Feb 2006 22:29:39 -0000 1.14 +++ admserv.conf 24 Mar 2006 19:13:32 -0000 1.15 @@ -38,7 +38,7 @@ # directories AllowOverride None - Options None + Options FollowSymLinks Order allow,deny Allow from all From fedora-directory-commits at redhat.com Fri Mar 24 19:13:34 2006 From: fedora-directory-commits at redhat.com (Noriko Hosoi (nhosoi)) Date: Fri, 24 Mar 2006 14:13:34 -0500 Subject: [Fedora-directory-commits] adminserver/admserv pkgadmin.mk, 1.45, 1.46 Message-ID: <200603241914.k2OJED6k020099@cvs-int.fedora.redhat.com> Author: nhosoi Update of /cvs/dirsec/adminserver/admserv In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv20013 Modified Files: pkgadmin.mk Log Message: [186105] Admin Server Makefile updates for Internal build Allow FollowSymLinks in java dir Index: pkgadmin.mk =================================================================== RCS file: /cvs/dirsec/adminserver/admserv/pkgadmin.mk,v retrieving revision 1.45 retrieving revision 1.46 diff -u -r1.45 -r1.46 --- pkgadmin.mk 24 Mar 2006 01:12:27 -0000 1.45 +++ pkgadmin.mk 24 Mar 2006 19:13:11 -0000 1.46 @@ -153,9 +153,15 @@ -$(MKDIR) $(CLIENT_DIR)/java/jars # grab the jar files +ifeq ($(ARCH), WINNT) +# no symlink on Windows + cd $(ADMIN_JARS) ; \ + cp -p $(ADMIN_BRAND)-admserv-$(ADM_SUF).jar $(ADMIN_BRAND)-admserv-$(ADM_SUF)_en.jar $(CLIENT_DIR)/java/jars +else cd $(ADMIN_JARS) ; \ cp -p $(ADMIN_BRAND)-admserv-$(ADM_SUF).jar $(ADMIN_BRAND)-admserv-$(ADM_SUF)_en.jar $(CLIENT_DIR)/java/jars; \ (cd $(CLIENT_DIR)/java/jars; ln -s $(ADMIN_BRAND)-admserv-$(ADM_SUF).jar $(ADMIN_BRAND)-admserv-$(ADM_GEN_SUF).jar; ln -s $(ADMIN_BRAND)-admserv-$(ADM_SUF)_en.jar $(ADMIN_BRAND)-admserv-$(ADM_GEN_SUF)_en.jar) +endif # # Cleanup before making distributable zip From fedora-directory-commits at redhat.com Fri Mar 24 20:16:08 2006 From: fedora-directory-commits at redhat.com (Noriko Hosoi (nhosoi)) Date: Fri, 24 Mar 2006 15:16:08 -0500 Subject: [Fedora-directory-commits] adminserver components.mk,1.45,1.46 Message-ID: <200603242016.k2OKG8SD022486@cvs-int.fedora.redhat.com> Author: nhosoi Update of /cvs/dirsec/adminserver In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv22444 Modified Files: components.mk Log Message: Picking up new console. Index: components.mk =================================================================== RCS file: /cvs/dirsec/adminserver/components.mk,v retrieving revision 1.45 retrieving revision 1.46 diff -u -r1.45 -r1.46 --- components.mk 24 Mar 2006 04:19:49 -0000 1.45 +++ components.mk 24 Mar 2006 20:15:51 -0000 1.46 @@ -358,7 +358,7 @@ NMCJDK_SUF = 1.0.2 NMCJDK_GEN_SUF = 1.0 -NMCJDK_RELDATE = 20060323 +NMCJDK_RELDATE = 20060324 NMCJDK_COMP = console/$(NMCJDK_GEN_SUF) @@ -384,12 +384,14 @@ mkdir -p $(CLASS_DEST) # grab the jar files $(PERL5) $(RELTOOLS)/ftp_puller.pl -method $(NMCJDK_METHOD) -objdir $(CLASS_DEST) -componentdir $(NMCJDK_DIR)/java -files $(ADMIN_BRAND)-base-$(NMCJDK_SUF).jar,$(ADMIN_BRAND)-mcc-$(NMCJDK_SUF).jar,$(ADMIN_BRAND)-mcc-$(NMCJDK_SUF)_en.jar,$(ADMIN_BRAND)-nmclf-$(NMCJDK_SUF).jar,$(ADMIN_BRAND)-nmclf-$(NMCJDK_SUF)_en.jar +ifneq ($(ARCH), WINNT) # make symlinks; cannot FTP symlinked files -(cd $(CLASS_DEST); ln -s $(ADMIN_BRAND)-base-$(NMCJDK_SUF).jar $(ADMIN_BRAND)-base-$(NMCJDK_GEN_SUF).jar) -(cd $(CLASS_DEST); ln -s $(ADMIN_BRAND)-mcc-$(NMCJDK_SUF).jar $(ADMIN_BRAND)-mcc-$(NMCJDK_GEN_SUF).jar) -(cd $(CLASS_DEST); ln -s $(ADMIN_BRAND)-mcc-$(NMCJDK_SUF)_en.jar $(ADMIN_BRAND)-mcc-$(NMCJDK_GEN_SUF)_en.jar) -(cd $(CLASS_DEST); ln -s $(ADMIN_BRAND)-nmclf-$(NMCJDK_SUF).jar $(ADMIN_BRAND)-nmclf-$(NMCJDK_GEN_SUF).jar) -(cd $(CLASS_DEST); ln -s $(ADMIN_BRAND)-nmclf-$(NMCJDK_SUF)_en.jar $(ADMIN_BRAND)-nmclf-$(NMCJDK_GEN_SUF)_en.jar) +endif # grab the startconsole program $(PERL5) $(RELTOOLS)/ftp_puller.pl -method $(NMCJDK_METHOD) -objdir $(CLASS_DEST) -componentdir $(NMCJDK_DIR) -files startconsole && chmod +x $(CLASS_DEST)/startconsole else # INTERNAL_BUILD From fedora-directory-commits at redhat.com Thu Mar 30 00:38:31 2006 From: fedora-directory-commits at redhat.com (Richard Allen Megginson (rmeggins)) Date: Wed, 29 Mar 2006 17:38:31 -0700 Subject: [Fedora-directory-commits] setuputil/installer/include ldapu.h, 1.2, 1.3 nsdefs.h, 1.2, 1.3 Message-ID: <200603300038.k2U0cVDZ000697@cvs-int.fedora.redhat.com> Author: rmeggins Update of /cvs/dirsec/setuputil/installer/include In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv651/setuputil/installer/include Modified Files: ldapu.h nsdefs.h Log Message: Add using namespace std; after the include Remove #include in files that also include nsdefs.h Fix a potential buffer non-termination Index: ldapu.h =================================================================== RCS file: /cvs/dirsec/setuputil/installer/include/ldapu.h,v retrieving revision 1.2 retrieving revision 1.3 diff -u -r1.2 -r1.3 --- ldapu.h 27 Mar 2006 21:18:34 -0000 1.2 +++ ldapu.h 30 Mar 2006 00:38:28 -0000 1.3 @@ -29,6 +29,11 @@ ** ** HISTORY ** $Log$ +** Revision 1.3 2006/03/30 00:38:28 rmeggins +** Add using namespace std; after the include +** Remove #include in files that also include nsdefs.h +** Fix a potential buffer non-termination +** ** Revision 1.2 2006/03/27 21:18:34 nhosoi ** [186642] Directory Server Makefile updates for Internal build ** Changed the createSIE so that caller (Admin Server and Directory Server) passes @@ -275,7 +280,6 @@ #else -#include #include "nsdefs.h" class Ldap; Index: nsdefs.h =================================================================== RCS file: /cvs/dirsec/setuputil/installer/include/nsdefs.h,v retrieving revision 1.2 retrieving revision 1.3 diff -u -r1.2 -r1.3 --- nsdefs.h 23 Mar 2006 20:45:37 -0000 1.2 +++ nsdefs.h 30 Mar 2006 00:38:28 -0000 1.3 @@ -30,6 +30,11 @@ ** HISTORY ** ** $Log$ +** Revision 1.3 2006/03/30 00:38:28 rmeggins +** Add using namespace std; after the include +** Remove #include in files that also include nsdefs.h +** Fix a potential buffer non-termination +** ** Revision 1.2 2006/03/23 20:45:37 rmeggins ** Use instead of on those platforms that support it. ** With this fix, we don't get the deprecation warnings when building setuputil. @@ -161,6 +166,7 @@ **********************************************************************/ #if !defined(HPUX) || defined(_HP_NAMESPACE_STD) #include +using namespace std; #else #include /* use old name on older systems */ #endif From fedora-directory-commits at redhat.com Thu Mar 30 00:38:32 2006 From: fedora-directory-commits at redhat.com (Richard Allen Megginson (rmeggins)) Date: Wed, 29 Mar 2006 17:38:32 -0700 Subject: [Fedora-directory-commits] setuputil/installer/unix/lib ux-wrapper.cc, 1.2, 1.3 Message-ID: <200603300038.k2U0cWpf000708@cvs-int.fedora.redhat.com> Author: rmeggins Update of /cvs/dirsec/setuputil/installer/unix/lib In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv651/setuputil/installer/unix/lib Modified Files: ux-wrapper.cc Log Message: Add using namespace std; after the include Remove #include in files that also include nsdefs.h Fix a potential buffer non-termination Index: ux-wrapper.cc =================================================================== RCS file: /cvs/dirsec/setuputil/installer/unix/lib/ux-wrapper.cc,v retrieving revision 1.2 retrieving revision 1.3 diff -u -r1.2 -r1.3 --- ux-wrapper.cc 23 Mar 2006 15:59:22 -0000 1.2 +++ ux-wrapper.cc 30 Mar 2006 00:38:29 -0000 1.3 @@ -29,6 +29,11 @@ ** HISTORY: ** ** $Log$ +** Revision 1.3 2006/03/30 00:38:29 rmeggins +** Add using namespace std; after the include +** Remove #include in files that also include nsdefs.h +** Fix a potential buffer non-termination +** ** Revision 1.2 2006/03/23 15:59:22 rmeggins ** Bug(s) fixed: 186280 ** Bug Description: Close potential security vulnerabilities in CGI code @@ -191,6 +196,7 @@ return; } snprintf(buf, sizeof(buf), "[%s] %s", who, level); + buf[sizeof(buf)-1] = 0; va_start (arg, msg); vsnprintf(buf+strlen(buf), sizeof(buf)-strlen(buf), msg, arg); From fedora-directory-commits at redhat.com Thu Mar 30 00:38:31 2006 From: fedora-directory-commits at redhat.com (Richard Allen Megginson (rmeggins)) Date: Wed, 29 Mar 2006 17:38:31 -0700 Subject: [Fedora-directory-commits] setuputil/installer/unix installer.h, 1.1.1.1, 1.2 uninstaller.h, 1.1.1.1, 1.2 Message-ID: <200603300038.k2U0cVOU000704@cvs-int.fedora.redhat.com> Author: rmeggins Update of /cvs/dirsec/setuputil/installer/unix In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv651/setuputil/installer/unix Modified Files: installer.h uninstaller.h Log Message: Add using namespace std; after the include Remove #include in files that also include nsdefs.h Fix a potential buffer non-termination Index: installer.h =================================================================== RCS file: /cvs/dirsec/setuputil/installer/unix/installer.h,v retrieving revision 1.1.1.1 retrieving revision 1.2 diff -u -r1.1.1.1 -r1.2 --- installer.h 29 Jul 2005 22:16:31 -0000 1.1.1.1 +++ installer.h 30 Mar 2006 00:38:29 -0000 1.2 @@ -27,6 +27,11 @@ ** HISTORY ** ** $Log$ +** Revision 1.2 2006/03/30 00:38:29 rmeggins +** Add using namespace std; after the include +** Remove #include in files that also include nsdefs.h +** Fix a potential buffer non-termination +** ** Revision 1.1.1.1 2005/07/29 22:16:31 foxworth ** Importing new setup sdk for open source project ** @@ -213,7 +218,6 @@ ** Includes ** **********************************************************************/ -#include extern "C" { #include Index: uninstaller.h =================================================================== RCS file: /cvs/dirsec/setuputil/installer/unix/uninstaller.h,v retrieving revision 1.1.1.1 retrieving revision 1.2 diff -u -r1.1.1.1 -r1.2 --- uninstaller.h 29 Jul 2005 22:16:32 -0000 1.1.1.1 +++ uninstaller.h 30 Mar 2006 00:38:29 -0000 1.2 @@ -27,6 +27,11 @@ ** HISTORY ** ** $Log$ +** Revision 1.2 2006/03/30 00:38:29 rmeggins +** Add using namespace std; after the include +** Remove #include in files that also include nsdefs.h +** Fix a potential buffer non-termination +** ** Revision 1.1.1.1 2005/07/29 22:16:32 foxworth ** Importing new setup sdk for open source project ** @@ -106,8 +111,6 @@ ** Includes ** **********************************************************************/ -#include - extern "C" { #include #include From fedora-directory-commits at redhat.com Thu Mar 30 22:59:27 2006 From: fedora-directory-commits at redhat.com (Nathan Kinder (nkinder)) Date: Thu, 30 Mar 2006 15:59:27 -0700 Subject: [Fedora-directory-commits] winsync/passwordsync passhand.cpp, 1.9, 1.10 passhand.h, 1.7, 1.8 Message-ID: <200603302259.k2UMxRqk032466@cvs-int.fedora.redhat.com> Author: nkinder Update of /cvs/dirsec/winsync/passwordsync In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv32422/passwordsync Modified Files: passhand.cpp passhand.h Log Message: 186657 - Implemented locking around passhook data file access Index: passhand.cpp =================================================================== RCS file: /cvs/dirsec/winsync/passwordsync/passhand.cpp,v retrieving revision 1.9 retrieving revision 1.10 diff -u -r1.9 -r1.10 --- passhand.cpp 22 Mar 2006 18:51:04 -0000 1.9 +++ passhand.cpp 30 Mar 2006 22:59:25 -0000 1.10 @@ -112,6 +112,8 @@ outFile.close(); exit: + // We need to unfreeze plainTextStream so memory gets freed by the destructor + plainTextStream.rdbuf()->freeze(false); free(cipherTextBuf); return result; } @@ -119,18 +121,18 @@ int loadSet(PASS_INFO_LIST* passInfoList, char* filename) { int result = 0; - int i; + int i = 0; fstream inFile; PASS_INFO newPair; strstream* plainTextStream; char* cipherTextBuf = NULL; char* plainTextBuf = NULL; - int usernameLen; - int passwordLen; - int plainTextLen; - int cipherTextLen; + int usernameLen = 0; + int passwordLen = 0; + int plainTextLen = 0; + int cipherTextLen = 0; int resultTextLen = 0; - int pairCount; + int pairCount = 0; // Read in cipher text from file inFile.open(filename, ios::in | ios::binary); @@ -164,6 +166,12 @@ goto exit; } + // Check to see if plainTextbuf contains anything + if (resultTextLen <= 0) { + result = -1; + goto exit; + } + plainTextStream = new strstream(plainTextBuf, resultTextLen); plainTextStream->read((char*)&pairCount, sizeof(pairCount)); Index: passhand.h =================================================================== RCS file: /cvs/dirsec/winsync/passwordsync/passhand.h,v retrieving revision 1.7 retrieving revision 1.8 diff -u -r1.7 -r1.8 --- passhand.h 19 Apr 2005 22:07:43 -0000 1.7 +++ passhand.h 30 Mar 2006 22:59:25 -0000 1.8 @@ -50,7 +50,9 @@ #include "prerror.h" #define PASSHAND_EVENT_NAME "passhand_event" +#define PASSHOOK_MUTEX_NAME "passhook_mutex" +#define PASSHOOK_TIMEOUT 30000 #define PASSHAND_BUF_SIZE 256 using namespace std; From fedora-directory-commits at redhat.com Thu Mar 30 22:59:28 2006 From: fedora-directory-commits at redhat.com (Nathan Kinder (nkinder)) Date: Thu, 30 Mar 2006 15:59:28 -0700 Subject: [Fedora-directory-commits] winsync/passwordsync/passsync syncserv.cpp, 1.13, 1.14 syncserv.h, 1.7, 1.8 Message-ID: <200603302259.k2UMxScX032477@cvs-int.fedora.redhat.com> Author: nkinder Update of /cvs/dirsec/winsync/passwordsync/passsync In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv32422/passwordsync/passsync Modified Files: syncserv.cpp syncserv.h Log Message: 186657 - Implemented locking around passhook data file access Index: syncserv.cpp =================================================================== RCS file: /cvs/dirsec/winsync/passwordsync/passsync/syncserv.cpp,v retrieving revision 1.13 retrieving revision 1.14 diff -u -r1.13 -r1.14 --- syncserv.cpp 22 Mar 2006 18:51:16 -0000 1.13 +++ syncserv.cpp 30 Mar 2006 22:59:26 -0000 1.14 @@ -76,6 +76,7 @@ unsigned long size; passhookEventHandle = CreateEvent(NULL, FALSE, FALSE, PASSHAND_EVENT_NAME); + passhookMutexHandle = CreateMutex(NULL, FALSE, PASSHOOK_MUTEX_NAME); mainLdapConnection = NULL; results = NULL; currentResult = NULL; @@ -211,10 +212,14 @@ timeStamp(&outLog); outLog << "Backing off for " << BackoffTime(GetMinBackoff()) << "ms" << endl; } - WaitForSingleObject(passhookEventHandle, BackoffTime(GetMinBackoff())); + waitRes = WaitForSingleObject(passhookEventHandle, BackoffTime(GetMinBackoff())); if(logLevel > 0) { timeStamp(&outLog); - outLog << "Backoff time expired. Attempting sync" << endl; + if (waitRes == WAIT_TIMEOUT) { + outLog << "Backoff time expired. Attempting sync" << endl; + } else { + outLog << "Received passhook event. Attempting sync" << endl; + } } } @@ -226,24 +231,38 @@ if(passInfoList.size() > 0) { - if(saveSet(&passInfoList, dataFilename) == 0) + // Get mutex for passhook.dat + WaitForSingleObject(passhookMutexHandle, INFINITE); + + // Need to loadSet here so we don't overwrite entries that passhook recently added + if(loadSet(&passInfoList, dataFilename) == 0) { - if(logLevel > 0) + if(saveSet(&passInfoList, dataFilename) == 0) + { + if(logLevel > 0) + { + timeStamp(&outLog); + outLog << passInfoList.size() << " entries saved to data file" << endl; + } + } + else { timeStamp(&outLog); - outLog << passInfoList.size() << " entries saved to data file" << endl; + outLog << "Failed to save entries to data file" << endl; } - } - else - { + } else { timeStamp(&outLog); - outLog << "Failed to save entries to data file" << endl; + outLog << "Failed to load entries from file" << endl; } + + // Release mutex for passhook.dat + ReleaseMutex(passhookMutexHandle); } exit: clearSet(&passInfoList); CloseHandle(passhookEventHandle); + CloseHandle(passhookMutexHandle); } // **************************************************************** @@ -258,6 +277,9 @@ char* dn = NULL; int tempSize = passInfoList.size(); + // Get mutex for passhook.dat + WaitForSingleObject(passhookMutexHandle, INFINITE); + if(loadSet(&passInfoList, dataFilename) == 0) { if((passInfoList.size() - tempSize) > 0) @@ -289,6 +311,9 @@ outLog << "Failed to load entries from file" << endl; } + // Release mutex for passhook.dat + ReleaseMutex(passhookMutexHandle); + if(passInfoList.size() > 0) { if(logLevel > 0) Index: syncserv.h =================================================================== RCS file: /cvs/dirsec/winsync/passwordsync/passsync/syncserv.h,v retrieving revision 1.7 retrieving revision 1.8 diff -u -r1.7 -r1.8 --- syncserv.h 19 Apr 2005 22:07:44 -0000 1.7 +++ syncserv.h 30 Mar 2006 22:59:26 -0000 1.8 @@ -82,6 +82,7 @@ PASS_INFO_LIST passInfoList; HANDLE passhookEventHandle; + HANDLE passhookMutexHandle; // LDAP variables LDAP* mainLdapConnection; @@ -104,7 +105,8 @@ unsigned long maxBackoffTime; int logLevel; bool isRunning; + DWORD waitRes; fstream outLog; }; -#endif \ No newline at end of file +#endif From fedora-directory-commits at redhat.com Thu Mar 30 22:59:28 2006 From: fedora-directory-commits at redhat.com (Nathan Kinder (nkinder)) Date: Thu, 30 Mar 2006 15:59:28 -0700 Subject: [Fedora-directory-commits] winsync/passwordsync/passhook passhook.cpp, 1.8, 1.9 Message-ID: <200603302259.k2UMxSTT032472@cvs-int.fedora.redhat.com> Author: nkinder Update of /cvs/dirsec/winsync/passwordsync/passhook In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv32422/passwordsync/passhook Modified Files: passhook.cpp Log Message: 186657 - Implemented locking around passhook data file access Index: passhook.cpp =================================================================== RCS file: /cvs/dirsec/winsync/passwordsync/passhook/passhook.cpp,v retrieving revision 1.8 retrieving revision 1.9 diff -u -r1.8 -r1.9 --- passhook.cpp 22 Mar 2006 18:51:11 -0000 1.8 +++ passhook.cpp 30 Mar 2006 22:59:25 -0000 1.9 @@ -48,121 +48,74 @@ #define STATUS_SUCCESS ((NTSTATUS)0x00000000L) #endif +DWORD WINAPI SavePasshookChange( LPVOID passinfo ); +static HANDLE passhookMutexHandle; +static unsigned long logLevel; + NTSTATUS NTAPI PasswordChangeNotify(PUNICODE_STRING UserName, ULONG RelativeId, PUNICODE_STRING Password) { - HANDLE passhookEventHandle = OpenEvent(EVENT_MODIFY_STATE, FALSE, PASSHAND_EVENT_NAME); - PASS_INFO newPassInfo; - PASS_INFO_LIST passInfoList; - HKEY regKey; - DWORD type; - unsigned long buffSize; - char regBuff[PASSHAND_BUF_SIZE]; - unsigned long logLevel; + PASS_INFO *newPassInfo = NULL; + HANDLE passhookThreadHandle; fstream outLog; + DWORD waitRes; - RegOpenKey(HKEY_LOCAL_MACHINE, "SOFTWARE\\PasswordSync", ®Key); - buffSize = PASSHAND_BUF_SIZE; - if(RegQueryValueEx(regKey, "Log Level", NULL, &type, (unsigned char*)regBuff, &buffSize) == ERROR_SUCCESS) - { - logLevel = (unsigned long)atoi(regBuff); - } - else - { - logLevel = 0; - } - if(logLevel > 0) - { - outLog.open("passhook.log", ios::out | ios::app); - } - RegCloseKey(regKey); - - // This memory will be free'd by calling clearSet below - newPassInfo.username = (char*)malloc((UserName->Length / 2) + 1); - newPassInfo.password = (char*)malloc((Password->Length / 2) + 1); - - if (newPassInfo.username && newPassInfo.password) { - _snprintf(newPassInfo.username, (UserName->Length / 2), "%S", UserName->Buffer); - _snprintf(newPassInfo.password, (Password->Length / 2), "%S", Password->Buffer); - newPassInfo.username[UserName->Length / 2] = '\0'; - newPassInfo.password[Password->Length / 2] = '\0'; + // This memory will be freed in SavePasshookChange + if ( newPassInfo = (PASS_INFO *) malloc(sizeof(PASS_INFO)) ) { + // These get freed in SavePasshookChange by calling clearSet + newPassInfo->username = (char*)malloc((UserName->Length / 2) + 1); + newPassInfo->password = (char*)malloc((Password->Length / 2) + 1); } else { - if(outLog.is_open()) { - timeStamp(&outLog); - outLog << "failed to allocate memory for username and password" << endl; - } - free(newPassInfo.username); - free(newPassInfo.password); goto exit; } - if(outLog.is_open()) - { - timeStamp(&outLog); - outLog << "user " << newPassInfo.username << " password changed" << endl; - //outLog << "user " << newPassInfo.username << " password changed to " << newPassInfo.password << endl; - } + // Fill in the password change struct + if (newPassInfo->username && newPassInfo->password) { + _snprintf(newPassInfo->username, (UserName->Length / 2), "%S", UserName->Buffer); + _snprintf(newPassInfo->password, (Password->Length / 2), "%S", Password->Buffer); + newPassInfo->username[UserName->Length / 2] = '\0'; + newPassInfo->password[Password->Length / 2] = '\0'; - // loadSet allocates memory for the usernames and password. We need to be - // sure to free it by calling clearSet. - if(loadSet(&passInfoList, "passhook.dat") == 0) - { - if(outLog.is_open()) - { - timeStamp(&outLog); - outLog << passInfoList.size() << " entries loaded from file" << endl; - } - } - else - { - if(outLog.is_open()) - { - timeStamp(&outLog); - outLog << "failed to load entries from file" << endl; - } + // Backoff + newPassInfo->backoffCount = 0; + + // Load time + time(&(newPassInfo->atTime)); + } else { + // Memory error. Free everything we allocated. + free(newPassInfo->username); + free(newPassInfo->password); + free(newPassInfo); + goto exit; } - // Add the new change to the list - passInfoList.push_back(newPassInfo); + // Fire off a thread to do the real work + passhookThreadHandle = CreateThread(NULL, 0, SavePasshookChange, newPassInfo, 0, NULL); - // Save the list to disk - if(saveSet(&passInfoList, "passhook.dat") == 0) - { - if(outLog.is_open()) - { - timeStamp(&outLog); - outLog << passInfoList.size() << " entries saved to file" << endl; - } - } - else - { - if(outLog.is_open()) - { - timeStamp(&outLog); - outLog << "failed to save entries to file" << endl; - } - } + // We need to close the handle to the thread we created. Doing + // this will not terminate the thread. + if (passhookThreadHandle != NULL) { + CloseHandle(passhookThreadHandle); + } else { + // Acquire the mutex so we can log an error + waitRes = WaitForSingleObject(passhookMutexHandle, PASSHOOK_TIMEOUT); - // We need to call clearSet so memory gets free'd - clearSet(&passInfoList); + // If we got the mutex, log the error, otherwise it's not safe to log + if (waitRes == WAIT_OBJECT_0) { + outLog.open("passhook.log", ios::out | ios::app); + + if(outLog.is_open()) { + timeStamp(&outLog); + outLog << "Failed to start thread. Aborting change for " << newPassInfo->username << endl; + } -exit: - if(passhookEventHandle == NULL) - { - if(outLog.is_open()) - { - timeStamp(&outLog); - outLog << "can not get password sync service event handle, service not running" << endl; - } + outLog.close(); - } - else - { - SetEvent(passhookEventHandle); - CloseHandle(passhookEventHandle); + // Release mutex + ReleaseMutex(passhookMutexHandle); + } } - outLog.close(); - +exit: return STATUS_SUCCESS; } @@ -173,5 +126,132 @@ BOOL NTAPI InitializeChangeNotify() { - return TRUE; + HKEY regKey; + DWORD type; + unsigned long buffSize; + char regBuff[PASSHAND_BUF_SIZE]; + fstream outLog; + + // check if logging is enabled + RegOpenKey(HKEY_LOCAL_MACHINE, "SOFTWARE\\PasswordSync", ®Key); + buffSize = PASSHAND_BUF_SIZE; + if(RegQueryValueEx(regKey, "Log Level", NULL, &type, (unsigned char*)regBuff, &buffSize) == ERROR_SUCCESS) + { + logLevel = (unsigned long)atoi(regBuff); + } + else + { + logLevel = 0; + } + RegCloseKey(regKey); + + // Create mutex for passhook data file and log file access + passhookMutexHandle = CreateMutex(NULL, FALSE, PASSHOOK_MUTEX_NAME); + + if (passhookMutexHandle == NULL) { + // Log an error. + outLog.open("passhook.log", ios::out | ios::app); + timeStamp(&outLog); + outLog << "Failed to create passhook mutex. Passhook DLL will not be loaded." << endl; + outLog.close(); + + return FALSE; + } else { + return TRUE; + } +} + +// This function will save the password change to the passhook data file. It +// will be run as a separate thread. +DWORD WINAPI SavePasshookChange( LPVOID passinfo ) +{ + PASS_INFO *newPassInfo = NULL; + PASS_INFO_LIST passInfoList; + HANDLE passhookEventHandle = OpenEvent(EVENT_MODIFY_STATE, FALSE, PASSHAND_EVENT_NAME); + fstream outLog; + + if ((newPassInfo = (PASS_INFO *)passinfo) == NULL) { + goto exit; + } + + // Acquire the mutex for passhook.dat. This mutex also guarantees + // that we can write to outLog safely. + WaitForSingleObject(passhookMutexHandle, INFINITE); + + // Open the log file if logging is enabled + if(logLevel > 0) + { + outLog.open("passhook.log", ios::out | ios::app); + } + + if(outLog.is_open()) + { + timeStamp(&outLog); + outLog << "user " << newPassInfo->username << " password changed" << endl; + //outLog << "user " << newPassInfo->username << " password changed to " << newPassInfo->passname << endl; + } + + // loadSet allocates memory for the usernames and password. We need to be + // sure to free it by calling clearSet. + if(loadSet(&passInfoList, "passhook.dat") == 0) + { + if(outLog.is_open()) + { + timeStamp(&outLog); + outLog << passInfoList.size() << " entries loaded from file" << endl; + } + } + else + { + if(outLog.is_open()) + { + timeStamp(&outLog); + outLog << "failed to load entries from file" << endl; + } + } + + // Add the new change to the list + passInfoList.push_back(*newPassInfo); + + // Save the list to disk + if(saveSet(&passInfoList, "passhook.dat") == 0) + { + if(outLog.is_open()) + { + timeStamp(&outLog); + outLog << passInfoList.size() << " entries saved to file" << endl; + } + } + else + { + // We always want to log this error condition + if(!outLog.is_open()) + { + // We need to open the log since debug logging is turned off + outLog.open("passhook.log", ios::out | ios::app); + } + + timeStamp(&outLog); + outLog << "failed to save entries to file" << endl; + } + + // Close the log file before we release the mutex. + outLog.close(); + + // Release the mutex for passhook.dat + ReleaseMutex(passhookMutexHandle); + + // We need to call clearSet so memory gets free'd + clearSet(&passInfoList); + +exit: + // Free the passed in struct from the heap + free(newPassInfo); + + if (passhookEventHandle != NULL) { + SetEvent(passhookEventHandle); + CloseHandle(passhookEventHandle); + } + + return 0; } From fedora-directory-commits at redhat.com Thu Mar 30 23:09:02 2006 From: fedora-directory-commits at redhat.com (Nathan Kinder (nkinder)) Date: Thu, 30 Mar 2006 16:09:02 -0700 Subject: [Fedora-directory-commits] ldapserver/ldap/synctools/passwordsync/passhook passhook.cpp, 1.7.2.1, 1.7.2.2 Message-ID: <200603302309.k2UN925C002112@cvs-int.fedora.redhat.com> Author: nkinder Update of /cvs/dirsec/ldapserver/ldap/synctools/passwordsync/passhook In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv2067/passwordsync/passhook Modified Files: Tag: Directory71RtmBranch passhook.cpp Log Message: 186657 - Implemented locking around passhook data file access Index: passhook.cpp =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/synctools/passwordsync/passhook/passhook.cpp,v retrieving revision 1.7.2.1 retrieving revision 1.7.2.2 diff -u -r1.7.2.1 -r1.7.2.2 --- passhook.cpp 22 Mar 2006 18:53:32 -0000 1.7.2.1 +++ passhook.cpp 30 Mar 2006 23:08:59 -0000 1.7.2.2 @@ -48,121 +48,74 @@ #define STATUS_SUCCESS ((NTSTATUS)0x00000000L) #endif +DWORD WINAPI SavePasshookChange( LPVOID passinfo ); +static HANDLE passhookMutexHandle; +static unsigned long logLevel; + NTSTATUS NTAPI PasswordChangeNotify(PUNICODE_STRING UserName, ULONG RelativeId, PUNICODE_STRING Password) { - HANDLE passhookEventHandle = OpenEvent(EVENT_MODIFY_STATE, FALSE, PASSHAND_EVENT_NAME); - PASS_INFO newPassInfo; - PASS_INFO_LIST passInfoList; - HKEY regKey; - DWORD type; - unsigned long buffSize; - char regBuff[PASSHAND_BUF_SIZE]; - unsigned long logLevel; + PASS_INFO *newPassInfo = NULL; + HANDLE passhookThreadHandle; fstream outLog; + DWORD waitRes; - RegOpenKey(HKEY_LOCAL_MACHINE, "SOFTWARE\\PasswordSync", ®Key); - buffSize = PASSHAND_BUF_SIZE; - if(RegQueryValueEx(regKey, "Log Level", NULL, &type, (unsigned char*)regBuff, &buffSize) == ERROR_SUCCESS) - { - logLevel = (unsigned long)atoi(regBuff); - } - else - { - logLevel = 0; - } - if(logLevel > 0) - { - outLog.open("passhook.log", ios::out | ios::app); - } - RegCloseKey(regKey); - - // This memory will be free'd by calling clearSet below - newPassInfo.username = (char*)malloc((UserName->Length / 2) + 1); - newPassInfo.password = (char*)malloc((Password->Length / 2) + 1); - - if (newPassInfo.username && newPassInfo.password) { - _snprintf(newPassInfo.username, (UserName->Length / 2), "%S", UserName->Buffer); - _snprintf(newPassInfo.password, (Password->Length / 2), "%S", Password->Buffer); - newPassInfo.username[UserName->Length / 2] = '\0'; - newPassInfo.password[Password->Length / 2] = '\0'; + // This memory will be freed in SavePasshookChange + if ( newPassInfo = (PASS_INFO *) malloc(sizeof(PASS_INFO)) ) { + // These get freed in SavePasshookChange by calling clearSet + newPassInfo->username = (char*)malloc((UserName->Length / 2) + 1); + newPassInfo->password = (char*)malloc((Password->Length / 2) + 1); } else { - if(outLog.is_open()) { - timeStamp(&outLog); - outLog << "failed to allocate memory for username and password" << endl; - } - free(newPassInfo.username); - free(newPassInfo.password); goto exit; } - if(outLog.is_open()) - { - timeStamp(&outLog); - outLog << "user " << newPassInfo.username << " password changed" << endl; - //outLog << "user " << newPassInfo.username << " password changed to " << newPassInfo.password << endl; - } + // Fill in the password change struct + if (newPassInfo->username && newPassInfo->password) { + _snprintf(newPassInfo->username, (UserName->Length / 2), "%S", UserName->Buffer); + _snprintf(newPassInfo->password, (Password->Length / 2), "%S", Password->Buffer); + newPassInfo->username[UserName->Length / 2] = '\0'; + newPassInfo->password[Password->Length / 2] = '\0'; - // loadSet allocates memory for the usernames and password. We need to be - // sure to free it by calling clearSet. - if(loadSet(&passInfoList, "passhook.dat") == 0) - { - if(outLog.is_open()) - { - timeStamp(&outLog); - outLog << passInfoList.size() << " entries loaded from file" << endl; - } - } - else - { - if(outLog.is_open()) - { - timeStamp(&outLog); - outLog << "failed to load entries from file" << endl; - } + // Backoff + newPassInfo->backoffCount = 0; + + // Load time + time(&(newPassInfo->atTime)); + } else { + // Memory error. Free everything we allocated. + free(newPassInfo->username); + free(newPassInfo->password); + free(newPassInfo); + goto exit; } - // Add the new change to the list - passInfoList.push_back(newPassInfo); + // Fire off a thread to do the real work + passhookThreadHandle = CreateThread(NULL, 0, SavePasshookChange, newPassInfo, 0, NULL); - // Save the list to disk - if(saveSet(&passInfoList, "passhook.dat") == 0) - { - if(outLog.is_open()) - { - timeStamp(&outLog); - outLog << passInfoList.size() << " entries saved to file" << endl; - } - } - else - { - if(outLog.is_open()) - { - timeStamp(&outLog); - outLog << "failed to save entries to file" << endl; - } - } + // We need to close the handle to the thread we created. Doing + // this will not terminate the thread. + if (passhookThreadHandle != NULL) { + CloseHandle(passhookThreadHandle); + } else { + // Acquire the mutex so we can log an error + waitRes = WaitForSingleObject(passhookMutexHandle, PASSHOOK_TIMEOUT); - // We need to call clearSet so memory gets free'd - clearSet(&passInfoList); + // If we got the mutex, log the error, otherwise it's not safe to log + if (waitRes == WAIT_OBJECT_0) { + outLog.open("passhook.log", ios::out | ios::app); + + if(outLog.is_open()) { + timeStamp(&outLog); + outLog << "Failed to start thread. Aborting change for " << newPassInfo->username << endl; + } -exit: - if(passhookEventHandle == NULL) - { - if(outLog.is_open()) - { - timeStamp(&outLog); - outLog << "can not get password sync service event handle, service not running" << endl; - } + outLog.close(); - } - else - { - SetEvent(passhookEventHandle); - CloseHandle(passhookEventHandle); + // Release mutex + ReleaseMutex(passhookMutexHandle); + } } - outLog.close(); - +exit: return STATUS_SUCCESS; } @@ -173,5 +126,132 @@ BOOL NTAPI InitializeChangeNotify() { - return TRUE; + HKEY regKey; + DWORD type; + unsigned long buffSize; + char regBuff[PASSHAND_BUF_SIZE]; + fstream outLog; + + // check if logging is enabled + RegOpenKey(HKEY_LOCAL_MACHINE, "SOFTWARE\\PasswordSync", ®Key); + buffSize = PASSHAND_BUF_SIZE; + if(RegQueryValueEx(regKey, "Log Level", NULL, &type, (unsigned char*)regBuff, &buffSize) == ERROR_SUCCESS) + { + logLevel = (unsigned long)atoi(regBuff); + } + else + { + logLevel = 0; + } + RegCloseKey(regKey); + + // Create mutex for passhook data file and log file access + passhookMutexHandle = CreateMutex(NULL, FALSE, PASSHOOK_MUTEX_NAME); + + if (passhookMutexHandle == NULL) { + // Log an error. + outLog.open("passhook.log", ios::out | ios::app); + timeStamp(&outLog); + outLog << "Failed to create passhook mutex. Passhook DLL will not be loaded." << endl; + outLog.close(); + + return FALSE; + } else { + return TRUE; + } +} + +// This function will save the password change to the passhook data file. It +// will be run as a separate thread. +DWORD WINAPI SavePasshookChange( LPVOID passinfo ) +{ + PASS_INFO *newPassInfo = NULL; + PASS_INFO_LIST passInfoList; + HANDLE passhookEventHandle = OpenEvent(EVENT_MODIFY_STATE, FALSE, PASSHAND_EVENT_NAME); + fstream outLog; + + if ((newPassInfo = (PASS_INFO *)passinfo) == NULL) { + goto exit; + } + + // Acquire the mutex for passhook.dat. This mutex also guarantees + // that we can write to outLog safely. + WaitForSingleObject(passhookMutexHandle, INFINITE); + + // Open the log file if logging is enabled + if(logLevel > 0) + { + outLog.open("passhook.log", ios::out | ios::app); + } + + if(outLog.is_open()) + { + timeStamp(&outLog); + outLog << "user " << newPassInfo->username << " password changed" << endl; + //outLog << "user " << newPassInfo->username << " password changed to " << newPassInfo->passname << endl; + } + + // loadSet allocates memory for the usernames and password. We need to be + // sure to free it by calling clearSet. + if(loadSet(&passInfoList, "passhook.dat") == 0) + { + if(outLog.is_open()) + { + timeStamp(&outLog); + outLog << passInfoList.size() << " entries loaded from file" << endl; + } + } + else + { + if(outLog.is_open()) + { + timeStamp(&outLog); + outLog << "failed to load entries from file" << endl; + } + } + + // Add the new change to the list + passInfoList.push_back(*newPassInfo); + + // Save the list to disk + if(saveSet(&passInfoList, "passhook.dat") == 0) + { + if(outLog.is_open()) + { + timeStamp(&outLog); + outLog << passInfoList.size() << " entries saved to file" << endl; + } + } + else + { + // We always want to log this error condition + if(!outLog.is_open()) + { + // We need to open the log since debug logging is turned off + outLog.open("passhook.log", ios::out | ios::app); + } + + timeStamp(&outLog); + outLog << "failed to save entries to file" << endl; + } + + // Close the log file before we release the mutex. + outLog.close(); + + // Release the mutex for passhook.dat + ReleaseMutex(passhookMutexHandle); + + // We need to call clearSet so memory gets free'd + clearSet(&passInfoList); + +exit: + // Free the passed in struct from the heap + free(newPassInfo); + + if (passhookEventHandle != NULL) { + SetEvent(passhookEventHandle); + CloseHandle(passhookEventHandle); + } + + return 0; } From fedora-directory-commits at redhat.com Thu Mar 30 23:09:04 2006 From: fedora-directory-commits at redhat.com (Nathan Kinder (nkinder)) Date: Thu, 30 Mar 2006 16:09:04 -0700 Subject: [Fedora-directory-commits] ldapserver/ldap/synctools/passwordsync/passsync syncserv.cpp, 1.7.2.6, 1.7.2.7 Message-ID: <200603302309.k2UN94ej002118@cvs-int.fedora.redhat.com> Author: nkinder Update of /cvs/dirsec/ldapserver/ldap/synctools/passwordsync/passsync In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv2067/passwordsync/passsync Modified Files: Tag: Directory71RtmBranch syncserv.cpp Log Message: 186657 - Implemented locking around passhook data file access Index: syncserv.cpp =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/synctools/passwordsync/passsync/syncserv.cpp,v retrieving revision 1.7.2.6 retrieving revision 1.7.2.7 diff -u -r1.7.2.6 -r1.7.2.7 --- syncserv.cpp 22 Mar 2006 18:53:37 -0000 1.7.2.6 +++ syncserv.cpp 30 Mar 2006 23:09:00 -0000 1.7.2.7 @@ -76,6 +76,7 @@ unsigned long size; passhookEventHandle = CreateEvent(NULL, FALSE, FALSE, PASSHAND_EVENT_NAME); + passhookMutexHandle = CreateMutex(NULL, FALSE, PASSHOOK_MUTEX_NAME); mainLdapConnection = NULL; results = NULL; currentResult = NULL; @@ -211,10 +212,14 @@ timeStamp(&outLog); outLog << "Backing off for " << BackoffTime(GetMinBackoff()) << "ms" << endl; } - WaitForSingleObject(passhookEventHandle, BackoffTime(GetMinBackoff())); + waitRes = WaitForSingleObject(passhookEventHandle, BackoffTime(GetMinBackoff())); if(logLevel > 0) { timeStamp(&outLog); - outLog << "Backoff time expired. Attempting sync" << endl; + if (waitRes == WAIT_TIMEOUT) { + outLog << "Backoff time expired. Attempting sync" << endl; + } else { + outLog << "Received passhook event. Attempting sync" << endl; + } } } @@ -226,24 +231,38 @@ if(passInfoList.size() > 0) { - if(saveSet(&passInfoList, dataFilename) == 0) + // Get mutex for passhook.dat + WaitForSingleObject(passhookMutexHandle, INFINITE); + + // Need to loadSet here so we don't overwrite entries that passhook recently added + if(loadSet(&passInfoList, dataFilename) == 0) { - if(logLevel > 0) + if(saveSet(&passInfoList, dataFilename) == 0) + { + if(logLevel > 0) + { + timeStamp(&outLog); + outLog << passInfoList.size() << " entries saved to data file" << endl; + } + } + else { timeStamp(&outLog); - outLog << passInfoList.size() << " entries saved to data file" << endl; + outLog << "Failed to save entries to data file" << endl; } - } - else - { + } else { timeStamp(&outLog); - outLog << "Failed to save entries to data file" << endl; + outLog << "Failed to load entries from file" << endl; } + + // Release mutex for passhook.dat + ReleaseMutex(passhookMutexHandle); } exit: clearSet(&passInfoList); CloseHandle(passhookEventHandle); + CloseHandle(passhookMutexHandle); } // **************************************************************** @@ -258,6 +277,9 @@ char* dn = NULL; int tempSize = passInfoList.size(); + // Get mutex for passhook.dat + WaitForSingleObject(passhookMutexHandle, INFINITE); + if(loadSet(&passInfoList, dataFilename) == 0) { if((passInfoList.size() - tempSize) > 0) @@ -289,6 +311,9 @@ outLog << "Failed to load entries from file" << endl; } + // Release mutex for passhook.dat + ReleaseMutex(passhookMutexHandle); + if(passInfoList.size() > 0) { if(logLevel > 0) From fedora-directory-commits at redhat.com Thu Mar 30 23:09:01 2006 From: fedora-directory-commits at redhat.com (Nathan Kinder (nkinder)) Date: Thu, 30 Mar 2006 16:09:01 -0700 Subject: [Fedora-directory-commits] ldapserver/ldap/synctools/passwordsync passhand.cpp, 1.7.2.2, 1.7.2.3 passhand.h, 1.7, 1.7.2.1 Message-ID: <200603302309.k2UN9VMD002123@cvs-int.fedora.redhat.com> Author: nkinder Update of /cvs/dirsec/ldapserver/ldap/synctools/passwordsync In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv2067/passwordsync Modified Files: Tag: Directory71RtmBranch passhand.cpp passhand.h Log Message: 186657 - Implemented locking around passhook data file access Index: passhand.cpp =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/synctools/passwordsync/passhand.cpp,v retrieving revision 1.7.2.2 retrieving revision 1.7.2.3 diff -u -r1.7.2.2 -r1.7.2.3 --- passhand.cpp 22 Mar 2006 18:53:26 -0000 1.7.2.2 +++ passhand.cpp 30 Mar 2006 23:08:57 -0000 1.7.2.3 @@ -112,6 +112,8 @@ outFile.close(); exit: + // We need to unfreeze plainTextStream so memory gets freed by the destructor + plainTextStream.rdbuf()->freeze(false); free(cipherTextBuf); return result; } @@ -119,18 +121,18 @@ int loadSet(PASS_INFO_LIST* passInfoList, char* filename) { int result = 0; - int i; + int i = 0; fstream inFile; PASS_INFO newPair; strstream* plainTextStream; char* cipherTextBuf = NULL; char* plainTextBuf = NULL; - int usernameLen; - int passwordLen; - int plainTextLen; - int cipherTextLen; + int usernameLen = 0; + int passwordLen = 0; + int plainTextLen = 0; + int cipherTextLen = 0; int resultTextLen = 0; - int pairCount; + int pairCount = 0; // Read in cipher text from file inFile.open(filename, ios::in | ios::binary); @@ -164,6 +166,12 @@ goto exit; } + // Check to see if plainTextbuf contains anything + if (resultTextLen <= 0) { + result = -1; + goto exit; + } + plainTextStream = new strstream(plainTextBuf, resultTextLen); plainTextStream->read((char*)&pairCount, sizeof(pairCount)); Index: passhand.h =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/synctools/passwordsync/passhand.h,v retrieving revision 1.7 retrieving revision 1.7.2.1 diff -u -r1.7 -r1.7.2.1 --- passhand.h 19 Apr 2005 22:07:43 -0000 1.7 +++ passhand.h 30 Mar 2006 23:08:57 -0000 1.7.2.1 @@ -50,7 +50,9 @@ #include "prerror.h" #define PASSHAND_EVENT_NAME "passhand_event" +#define PASSHOOK_MUTEX_NAME "passhook_mutex" +#define PASSHOOK_TIMEOUT 30000 #define PASSHAND_BUF_SIZE 256 using namespace std; From fedora-directory-commits at redhat.com Thu Mar 30 23:13:47 2006 From: fedora-directory-commits at redhat.com (Nathan Kinder (nkinder)) Date: Thu, 30 Mar 2006 16:13:47 -0700 Subject: [Fedora-directory-commits] ldapserver/ldap/synctools/passwordsync/passsync syncserv.h, 1.7, 1.7.2.1 Message-ID: <200603302313.k2UNDljV002156@cvs-int.fedora.redhat.com> Author: nkinder Update of /cvs/dirsec/ldapserver/ldap/synctools/passwordsync/passsync In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv2139/passwordsync/passsync Modified Files: Tag: Directory71RtmBranch syncserv.h Log Message: 186657 - Implemented locking around passhook data file access Index: syncserv.h =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/synctools/passwordsync/passsync/syncserv.h,v retrieving revision 1.7 retrieving revision 1.7.2.1 diff -u -r1.7 -r1.7.2.1 --- syncserv.h 19 Apr 2005 22:07:44 -0000 1.7 +++ syncserv.h 30 Mar 2006 23:13:44 -0000 1.7.2.1 @@ -82,6 +82,7 @@ PASS_INFO_LIST passInfoList; HANDLE passhookEventHandle; + HANDLE passhookMutexHandle; // LDAP variables LDAP* mainLdapConnection; @@ -104,7 +105,8 @@ unsigned long maxBackoffTime; int logLevel; bool isRunning; + DWORD waitRes; fstream outLog; }; -#endif \ No newline at end of file +#endif From fedora-directory-commits at redhat.com Thu Mar 30 23:23:57 2006 From: fedora-directory-commits at redhat.com (Nathan Kinder (nkinder)) Date: Thu, 30 Mar 2006 16:23:57 -0700 Subject: [Fedora-directory-commits] ldapserver component_versions.mk, 1.35.2.6, 1.35.2.7 Message-ID: <200603302323.k2UNNvJm002270@cvs-int.fedora.redhat.com> Author: nkinder Update of /cvs/dirsec/ldapserver In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv2253 Modified Files: Tag: Directory71RtmBranch component_versions.mk Log Message: Pick up new ADSYNC component for bug 186657 Index: component_versions.mk =================================================================== RCS file: /cvs/dirsec/ldapserver/component_versions.mk,v retrieving revision 1.35.2.6 retrieving revision 1.35.2.7 diff -u -r1.35.2.6 -r1.35.2.7 --- component_versions.mk 22 Mar 2006 18:55:06 -0000 1.35.2.6 +++ component_versions.mk 30 Mar 2006 23:23:55 -0000 1.35.2.7 @@ -250,7 +250,7 @@ endif ifndef ADSYNC_VERSION - ADSYNC_VERSION=20060322 + ADSYNC_VERSION=20060330 endif ifndef NT4SYNC_VERSION From fedora-directory-commits at redhat.com Fri Mar 31 22:58:37 2006 From: fedora-directory-commits at redhat.com (Richard Allen Megginson (rmeggins)) Date: Fri, 31 Mar 2006 15:58:37 -0700 Subject: [Fedora-directory-commits] adminserver/lib/libsi18n getlang.c, 1.4, 1.5 getstrprop.c, 1.3, 1.4 makstrdb.c, 1.3, 1.4 propset.c, 1.3, 1.4 txtfile.c, 1.3, 1.4 Message-ID: <200603312258.k2VMwbq7028940@cvs-int.fedora.redhat.com> Author: rmeggins Update of /cvs/dirsec/adminserver/lib/libsi18n In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv28761/adminserver/lib/libsi18n Modified Files: getlang.c getstrprop.c makstrdb.c propset.c txtfile.c Log Message: Bug(s) fixed: 186280 Bug Description: adminserver: Close potential security vulnerabilities in CGI code Reviewed by: Rob, Pete, Nathan, Noriko (Thanks!) Fix Description: Most of this just involves making sure that we use PR_snprintf/PL_strncpyz/PL_strcatn where able, or just making sure we use snprintf/strncpy/strncat correctly and null terminate the buffers. I also got rid of some dead code, unused variables, and the like. There are a few cases that are more complex that I have specified below. In some cases I had to change the function signature to add a size parameter in cases where the function was copying to a given char * and the size was assumed (in most cases this was safe but it's still dangerous). Platforms tested: Fedora Core 5 Flag Day: no Doc impact: no Index: getlang.c =================================================================== RCS file: /cvs/dirsec/adminserver/lib/libsi18n/getlang.c,v retrieving revision 1.4 retrieving revision 1.5 diff -u -r1.4 -r1.5 --- getlang.c 18 Aug 2005 19:20:24 -0000 1.4 +++ getlang.c 31 Mar 2006 22:58:34 -0000 1.5 @@ -75,16 +75,22 @@ { switch(type) { case CLIENT_LANGUAGE: - if (language) - strcpy(client_language, language); + if (language) { + strncpy(client_language, language, sizeof(client_language)); + client_language[sizeof(client_language)-1] = 0; + } break; case ADMIN_LANGUAGE: - if (language) - strcpy(admin_language, language); + if (language) { + strncpy(admin_language, language, sizeof(admin_language)); + admin_language[sizeof(admin_language)-1] = 0; + } break; case DEFAULT_LANGUAGE: - if (language) - strcpy(default_language, language); + if (language) { + strncpy(default_language, language, sizeof(default_language)); + default_language[sizeof(default_language)-1] = 0; + } break; } return ; @@ -125,7 +131,7 @@ NSAPI_PUBLIC int -GetFileForLanguage(char* filePath,char* language,char* existingFilePath) +GetFileForLanguage(char* filePath,char* language,char* existingFilePath,size_t existingSize) { /* Input: filePath,language * filePath is of the form "/xxx/xxx/$$LANGDIR/xxx/xxx/filename" @@ -212,7 +218,8 @@ /* Try: /path/language/filename.ext */ if (pattern) { - strcpy(existingFilePath,filePath); + strncpy(existingFilePath,filePath, existingSize); + existingFilePath[existingSize-1] = 0; strReplace(existingFilePath,"$$LANGDIR",acceptLanguageList[iLang]); if (stat(existingFilePath,&info)==0) { @@ -228,14 +235,16 @@ /* Try: /path/filename_language.ext */ { - strcpy(existingFilePath,filePath); + strncpy(existingFilePath,filePath, existingSize); + existingFilePath[existingSize-1] = 0; strReplace(existingFilePath,"$$LANGDIR/",emptyString); pDot = strrchr(existingFilePath,'.'); pSlash = strrchr(existingFilePath,'/'); if (pSlash>=pDot) { pDot = strchr(existingFilePath,'\0'); } - sprintf(lang_modifier,"%c%s",LANG_DELIMIT,acceptLanguageList[iLang]); + snprintf(lang_modifier,sizeof(lang_modifier),"%c%s",LANG_DELIMIT,acceptLanguageList[iLang]); + lang_modifier[sizeof(lang_modifier)-1] = 0; strReplace(pDot,emptyString,lang_modifier); if (stat(existingFilePath,&info)==0) { Index: getstrprop.c =================================================================== RCS file: /cvs/dirsec/adminserver/lib/libsi18n/getstrprop.c,v retrieving revision 1.3 retrieving revision 1.4 diff -u -r1.3 -r1.4 --- getstrprop.c 18 Aug 2005 19:20:24 -0000 1.3 +++ getstrprop.c 31 Mar 2006 22:58:34 -0000 1.4 @@ -154,7 +154,6 @@ #if 0 #include "base/crit.h" #include "base/systhr.h" -static char pathDB[100] = "\0"; static int Initialized = 0; #ifdef XP_UNIX Index: makstrdb.c =================================================================== RCS file: /cvs/dirsec/adminserver/lib/libsi18n/makstrdb.c,v retrieving revision 1.3 retrieving revision 1.4 diff -u -r1.3 -r1.4 --- makstrdb.c 18 Aug 2005 19:20:24 -0000 1.3 +++ makstrdb.c 31 Mar 2006 22:58:34 -0000 1.4 @@ -117,7 +117,6 @@ char* cptr; RESOURCE_TABLE* table; NSRESHANDLE hresdb; - char DBTlibraryName[128]; /* Creating database */ hresdb = NSResCreateTable(DATABASE_NAME, NULL); Index: propset.c =================================================================== RCS file: /cvs/dirsec/adminserver/lib/libsi18n/propset.c,v retrieving revision 1.3 retrieving revision 1.4 diff -u -r1.3 -r1.4 --- propset.c 18 Aug 2005 19:20:24 -0000 1.3 +++ propset.c 31 Mar 2006 22:58:34 -0000 1.4 @@ -117,7 +117,7 @@ char *filepath; char *p, *q; int n; - char linebuf[1000]; + char linebuf[FILE_BUFFER_SIZE+1]; int st; st = PropertiesLanguageStatus(propset, language); Index: txtfile.c =================================================================== RCS file: /cvs/dirsec/adminserver/lib/libsi18n/txtfile.c,v retrieving revision 1.3 retrieving revision 1.4 diff -u -r1.3 -r1.4 --- txtfile.c 18 Aug 2005 19:20:24 -0000 1.3 +++ txtfile.c 31 Mar 2006 22:58:34 -0000 1.4 @@ -25,16 +25,6 @@ #include "txtfile.h" - - -#if 0 -char fileBuffer[FILE_BUFFER_SIZE + 1]; -char *fbCurrent; -int fbSize; -int fbStatus; -#endif - - TEXTFILE * OpenTextFile(char *filename, int access) { TEXTFILE *txtfile; From fedora-directory-commits at redhat.com Fri Mar 31 22:58:36 2006 From: fedora-directory-commits at redhat.com (Richard Allen Megginson (rmeggins)) Date: Fri, 31 Mar 2006 15:58:36 -0700 Subject: [Fedora-directory-commits] adminserver/lib/libadmin admconf.c, 1.5, 1.6 form_get.c, 1.5, 1.6 referer.c, 1.5, 1.6 template.c, 1.6, 1.7 util.c, 1.6, 1.7 Message-ID: <200603312258.k2VMwalN028931@cvs-int.fedora.redhat.com> Author: rmeggins Update of /cvs/dirsec/adminserver/lib/libadmin In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv28761/adminserver/lib/libadmin Modified Files: admconf.c form_get.c referer.c template.c util.c Log Message: Bug(s) fixed: 186280 Bug Description: adminserver: Close potential security vulnerabilities in CGI code Reviewed by: Rob, Pete, Nathan, Noriko (Thanks!) Fix Description: Most of this just involves making sure that we use PR_snprintf/PL_strncpyz/PL_strcatn where able, or just making sure we use snprintf/strncpy/strncat correctly and null terminate the buffers. I also got rid of some dead code, unused variables, and the like. There are a few cases that are more complex that I have specified below. In some cases I had to change the function signature to add a size parameter in cases where the function was copying to a given char * and the size was assumed (in most cases this was safe but it's still dangerous). Platforms tested: Fedora Core 5 Flag Day: no Doc impact: no Index: admconf.c =================================================================== RCS file: /cvs/dirsec/adminserver/lib/libadmin/admconf.c,v retrieving revision 1.5 retrieving revision 1.6 diff -u -r1.5 -r1.6 --- admconf.c 18 Aug 2005 19:20:01 -0000 1.5 +++ admconf.c 31 Mar 2006 22:58:29 -0000 1.6 @@ -93,7 +93,7 @@ if (getenv("HTTP_REFERER")) strcpy(scratch, getenv("HTTP_REFERER")); else /* next sprintf is the 'else' part */ #endif - sprintf(scratch, "%s%s", getenv("SERVER_URL"), getenv("SCRIPT_NAME")); + PR_snprintf(scratch, sizeof(scratch), "%s%s", getenv("SERVER_URL"), getenv("SCRIPT_NAME")); config[2] = STRDUP(scratch); config[3] = STRDUP(CONFIG3_DEF); config[4] = STRDUP(CONFIG4_DEF); @@ -133,7 +133,7 @@ if(!fgets(scratch, 1024, f)) - sprintf(scratch, "%s", CONFIG1_DEF); + PR_snprintf(scratch, sizeof(scratch), "%s", CONFIG1_DEF); else scratch[strlen(scratch)-1] = '\0'; config[1] = STRDUP(scratch); @@ -145,19 +145,19 @@ config[2] = STRDUP(scratch); if(!fgets(scratch, 1024, f)) - sprintf(scratch, "%s", CONFIG3_DEF); + PR_snprintf(scratch, sizeof(scratch), "%s", CONFIG3_DEF); else scratch[strlen(scratch)-1] = '\0'; config[3] = STRDUP(scratch); if(!fgets(scratch, 1024, f)) - sprintf(scratch, "%s", CONFIG4_DEF); + PR_snprintf(scratch, sizeof(scratch), "%s", CONFIG4_DEF); else scratch[strlen(scratch)-1] = '\0'; config[4] = STRDUP(scratch); if(!fgets(scratch, 1024, f)) - sprintf(scratch, "%s", CONFIG5_DEF); + PR_snprintf(scratch, sizeof(scratch), "%s", CONFIG5_DEF); else scratch[strlen(scratch)-1] = '\0'; {int n=0, x=0; for(x=0; scratch[x]; x++) if(scratch[x]==':') n++; Index: form_get.c =================================================================== RCS file: /cvs/dirsec/adminserver/lib/libadmin/form_get.c,v retrieving revision 1.5 retrieving revision 1.6 diff -u -r1.5 -r1.6 --- form_get.c 18 Aug 2005 19:20:01 -0000 1.5 +++ form_get.c 31 Mar 2006 22:58:29 -0000 1.6 @@ -79,7 +79,7 @@ PR_snprintf(filePattern, sizeof(filePattern), "%s%s%s", HTML_DIR, "$$LANGDIR/", filename); - GetFileForLanguage(filePattern,language,line); + GetFileForLanguage(filePattern,language,line,sizeof(line)); if(!(f = fopen(line, "r"))) { report_error(FILE_ERROR, line, "Could not open the HTML file. " "Perhaps the permissions have changed or someone " Index: referer.c =================================================================== RCS file: /cvs/dirsec/adminserver/lib/libadmin/referer.c,v retrieving revision 1.5 retrieving revision 1.6 diff -u -r1.5 -r1.6 --- referer.c 18 Aug 2005 19:20:01 -0000 1.5 +++ referer.c 31 Mar 2006 22:58:29 -0000 1.6 @@ -131,9 +131,14 @@ NSAPI_PUBLIC void redirect_to_script(char *script) { char urlbuf[BIG_LINE]; - + char *ptr; PR_snprintf(urlbuf, sizeof(urlbuf), "%s%s", getenv("SERVER_URL"), getenv("SCRIPT_NAME")); - strcpy(strrchr(urlbuf, '/') + 1, script); + if (ptr = strrchr(urlbuf, '/')) { + int maxsize = sizeof(urlbuf)-((ptr-urlbuf)+2); /* one for the '/' and one for the '0' */ + PL_strncpyz(ptr + 1, script, maxsize); + } else { + PR_snprintf(urlbuf, sizeof(urlbuf), "%s/%s", getenv("SERVER_URL"), script); + } printf("Location: %s\n\n", urlbuf); } Index: template.c =================================================================== RCS file: /cvs/dirsec/adminserver/lib/libadmin/template.c,v retrieving revision 1.6 retrieving revision 1.7 diff -u -r1.6 -r1.7 --- template.c 9 Sep 2005 19:04:01 -0000 1.6 +++ template.c 31 Mar 2006 22:58:29 -0000 1.7 @@ -397,7 +397,7 @@ /* * URL changed to add new "mapfile" parameter for 5.0 help system - Adam */ - util_snprintf( line, BIG_LINE, + util_snprintf( line, sizeof(line), "window.open('%s/manual/help/help?helpdir=admin&token=%s', '" INFO_IDX_NAME"_%s', " HELP_WIN_OPTIONS");", @@ -427,7 +427,7 @@ char outline[BIG_LINE]; if(verify) { - util_snprintf(line, BIG_LINE, "