From fedora-directory-commits at redhat.com Thu Mar 1 03:34:25 2007 From: fedora-directory-commits at redhat.com (Richard Allen Megginson (rmeggins)) Date: Wed, 28 Feb 2007 22:34:25 -0500 Subject: [Fedora-directory-commits] ldapserver/ldap/admin/src create_instance.c, 1.48, 1.49 create_instance.h, 1.15, 1.16 ds_newinst.pl.in, 1.4, 1.5 Message-ID: <200703010334.l213YPe0014405@cvs-int.fedora.redhat.com> Author: rmeggins Update of /cvs/dirsec/ldapserver/ldap/admin/src In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv14385/ldapserver/ldap/admin/src Modified Files: create_instance.c create_instance.h ds_newinst.pl.in Log Message: Resolves: bug 230498 Bug Description: allow ds_newinst with ldapi and no serverport Reviewed by: nkinder, nhosoi (Thanks!) Fix Description: Two new fields have been added to the ds_newinst .inf files: ldapifilepath - the full path and file name of the server ldapi file start_server - if present and has a value of 0, this tells ds_newinst not to start the server - default is 1 The ds_newinst code has been changed to allow an empty or "0" value servport if an ldapifilepath is given (and ENABLE_LDAPI is defined). Either a valid server port or an ldapifilepath must be provided, or both. In addition, I changed ds_newinst.pl to accept a .inf file given on stdin. Platforms tested: RHEL4, FC6 Flag Day: no Doc impact: We will have to document ldapi support on the wiki. Index: create_instance.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/admin/src/create_instance.c,v retrieving revision 1.48 retrieving revision 1.49 diff -u -r1.48 -r1.49 --- create_instance.c 27 Feb 2007 02:57:24 -0000 1.48 +++ create_instance.c 1 Mar 2007 03:34:23 -0000 1.49 @@ -253,7 +253,6 @@ conf->servname = hn; conf->bindaddr = ""; - conf->servport = "80"; conf->cfg_sspt = NULL; conf->suitespot3x_uid = NULL; conf->cfg_sspt_uid = NULL; @@ -331,6 +330,7 @@ /* ----------------- Sanity check a server configuration ------------------ */ char *create_instance_checkport(char *, char *); +char *create_instance_checkports(server_config_s *cf); char *create_instance_checkuser(char *); int create_instance_numbers(char *); int create_instance_exists(char *fn, int type); @@ -441,7 +441,7 @@ */ if (!needToStartServer(cf)) { - if( (t = create_instance_checkport(cf->bindaddr, cf->servport)) ) + if( (t = create_instance_checkports(cf))) { PL_strncpyz(param_name, "servport", BIG_LINE); return t; @@ -1418,6 +1418,20 @@ /* --------------------------- create_instance_check* ---------------------------- */ +char *create_instance_checkports(server_config_s *cf) +{ + /* allow port 0 if ldapifilepath is specified */ +#if defined(ENABLE_LDAPI) + if (!cf->ldapifilepath || strcmp(cf->servport, "0")) { +#endif + return create_instance_checkport(cf->bindaddr, cf->servport); +#if defined(ENABLE_LDAPI) + } +#endif + + return NULL; +} + char *create_instance_checkport(char *addr, char *sport) { @@ -2687,7 +2701,11 @@ fprintf(f, "nsslapd-ssl-check-hostname: on\n"); fprintf(f, "nsslapd-port: %s\n", cf->servport); #if defined(ENABLE_LDAPI) - fprintf(f, "nsslapd-ldapifilepath: %s/%s-%s.socket\n", cf->run_dir, PRODUCT_NAME, cf->servid); + if (cf->ldapifilepath) { + fprintf(f, "nsslapd-ldapifilepath: %s\n", cf->ldapifilepath); + } else { + fprintf(f, "nsslapd-ldapifilepath: %s/%s-%s.socket\n", cf->run_dir, PRODUCT_NAME, cf->servid); + } fprintf(f, "nsslapd-ldapilisten: on\n"); #if defined(ENABLE_AUTOBIND) fprintf(f, "nsslapd-ldapiautobind: on\n"); @@ -4003,9 +4021,10 @@ it or if we are configuring the server to serve as the repository for SuiteSpot (Mission Control) information Only attempt to start the server if the port is not in use + In order to start the server, there must either be an ldapifilepath + specified or a valid port. If the port is not "0" it must be valid. */ - if(needToStartServer(cf) && - !(t = create_instance_checkport(cf->bindaddr, cf->servport))) + if(needToStartServer(cf) && !(t = create_instance_checkports(cf))) { PR_snprintf(big_line, sizeof(big_line),"SERVER_NAMES=slapd-%s",cf->servid); putenv(big_line); @@ -4366,12 +4385,33 @@ } cf->bindaddr = ds_a_get_cgi_var("bindaddr", NULL, NULL); - if (!(cf->servport = ds_a_get_cgi_var("servport", "Server Port", - "Please specify the TCP port number for this server."))) - { +#if defined(ENABLE_LDAPI) + temp = ds_a_get_cgi_var("ldapifilepath", NULL, NULL); + if (NULL != temp) { + cf->ldapifilepath = PL_strdup(temp); + } +#endif + + temp = ds_a_get_cgi_var("servport", NULL, NULL); + if (!temp +#if defined(ENABLE_LDAPI) + && !cf->ldapifilepath +#endif + ) { +#if defined(ENABLE_LDAPI) + ds_show_message("error: either servport or ldapifilepath must be specified."); +#else + ds_show_message("error: servport must be specified."); +#endif return 1; } + if (NULL != temp) { + cf->servport = PL_strdup(temp); + } else { + cf->servport = PL_strdup("0"); + } + cf->cfg_sspt = ds_a_get_cgi_var("cfg_sspt", NULL, NULL); cf->cfg_sspt_uid = ds_a_get_cgi_var("cfg_sspt_uid", NULL, NULL); if (cf->cfg_sspt_uid && *(cf->cfg_sspt_uid) && Index: create_instance.h =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/admin/src/create_instance.h,v retrieving revision 1.15 retrieving revision 1.16 diff -u -r1.15 -r1.16 --- create_instance.h 9 Feb 2007 22:33:59 -0000 1.15 +++ create_instance.h 1 Mar 2007 03:34:23 -0000 1.16 @@ -182,6 +182,9 @@ char *cert_dir; char *sasl_path; char *prefix; +#if defined(ENABLE_LDAPI) + char *ldapifilepath; +#endif } server_config_s; Index: ds_newinst.pl.in =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/admin/src/ds_newinst.pl.in,v retrieving revision 1.4 retrieving revision 1.5 diff -u -r1.4 -r1.5 --- ds_newinst.pl.in 12 Feb 2007 19:39:04 -0000 1.4 +++ ds_newinst.pl.in 1 Mar 2007 03:34:23 -0000 1.5 @@ -44,7 +44,8 @@ sub usage { my $msg = shift; print "Error: $msg\n"; - print "Usage: $0 filename.inf\n"; + print "Usage: $0 [-|filename.inf]\n"; + print "Use - to read from stdin\n"; exit 1 } @@ -136,7 +137,7 @@ } my $filename = $ARGV[0]; -usage("$filename not found") if (! -f $filename); +usage("$filename not found") if ($filename ne "-" && ! -f $filename); my $curSection; # each key in the table is a section name @@ -145,8 +146,14 @@ # and the value is the config param value my %table = (); -open(IN, $filename); -while () { +my $fh; +if ($filename eq "-") { + $fh = \*STDIN; +} else { + open(IN, $filename); + $fh = \*IN; +} +while (<$fh>) { # e.g. [General] if (/^\[(.*?)\]/) { $curSection = $1; @@ -158,7 +165,9 @@ $table{$curSection}->{$1} = $2; } } -close IN; +if ($filename ne "-") { + close IN; +} #printhash (\%table); @@ -171,12 +180,29 @@ addAndCheck(\%cgiargs, "sroot", \%table, "General", "ServerRoot"); addAndCheck(\%cgiargs, "servname", \%table, "General", "FullMachineName"); addAndCheck(\%cgiargs, "servuser", \%table, "General", "SuiteSpotUserID"); -addAndCheck(\%cgiargs, "servport", \%table, "slapd", "ServerPort"); addAndCheck(\%cgiargs, "rootdn", \%table, "slapd", "RootDN"); addAndCheck(\%cgiargs, "rootpw", \%table, "slapd", "RootDNPwd"); addAndCheck(\%cgiargs, "servid", \%table, "slapd", "ServerIdentifier"); addAndCheck(\%cgiargs, "suffix", \%table, "slapd", "Suffix"); +# either servport or ldapifilepath must be specified - the server must +# listen to something . . . +my $canlisten = 0; +if (defined($table{"slapd"}->{"ServerPort"}) && + $table{"slapd"}->{"ServerPort"} > 0) { + $canlisten = 1; + $cgiargs{"servport"} = $table{"slapd"}->{"ServerPort"}; +} else { + $cgiargs{"servport"} = "0"; # 0 means do not listen +} +if (defined($table{"slapd"}->{"ldapifilepath"})) { + $canlisten = 1; + $cgiargs{"ldapifilepath"} = $table{"slapd"}->{"ldapifilepath"}; +} +if (! $canlisten) { + usage("Either ServerPort or ldapifilepath must be specified in the slapd section of $filename"); +} + # the following items are optional $cgiargs{"lock_dir"} = $table{"slapd"}->{"lock_dir"}; @@ -253,7 +279,11 @@ # if for some reason you do not want the server started after instance creation # the following line can be commented out - NOTE that if you are creating the # Configuration DS, it will be started anyway -$cgiargs{start_server} = 1; +if (defined($table{"slapd"}->{"start_server"})) { + $cgiargs{start_server} = $table{"slapd"}->{"start_server"}; +} else { # default is on + $cgiargs{start_server} = 1; +} my $sroot = $cgiargs{sroot}; From fedora-directory-commits at redhat.com Thu Mar 1 22:37:21 2007 From: fedora-directory-commits at redhat.com (Jack Magne (jmagne)) Date: Thu, 1 Mar 2007 17:37:21 -0500 Subject: [Fedora-directory-commits] esc/src/app/xul/esc/chrome/content/esc ESC.js, 1.8, 1.9 Message-ID: <200703012237.l21MbLDC009495@cvs-int.fedora.redhat.com> Author: jmagne Update of /cvs/dirsec/esc/src/app/xul/esc/chrome/content/esc In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv9479 Modified Files: ESC.js Log Message: Further Security Oficer UI changes. Index: ESC.js =================================================================== RCS file: /cvs/dirsec/esc/src/app/xul/esc/chrome/content/esc/ESC.js,v retrieving revision 1.8 retrieving revision 1.9 diff -u -r1.8 -r1.9 --- ESC.js 28 Feb 2007 19:08:43 -0000 1.8 +++ ESC.js 1 Mar 2007 22:37:19 -0000 1.9 @@ -50,6 +50,7 @@ const ESC_IGNORE_KEY_ISSUER_INFO = "esc.ignore.key.issuer.info"; const ESC_FACE_TO_FACE_MODE = "esc.face.to.face.mode"; const ESC_SECURITY_URL="esc.security.url"; +const ESC_SECURE_URL="esc.secure.url"; const CLEAN_TOKEN = "cleanToken"; const UNINITIALIZED = 1; @@ -1137,6 +1138,39 @@ ui_id.setAttribute("src",securityURL); } } + + window.setTimeout('GrantSecurityPagesPrivileges()',1500); +} + +function GrantSecurityPagesPrivileges() +{ + var curSecUrl = null; + var i = 1; + + var capability = "capability.principal.codebase"; + var uni_connect = "UniversalXPConnect"; + var granted = "granted"; + var id = "id"; + + var base_iter = 2; + + while(1) + { + curSecUrl = DoCoolKeyGetConfigValue(ESC_SECURE_URL + "." + i); + + if(curSecUrl) + { + DoCoolKeySetConfigValue(capability + ".p" + base_iter + "." + granted,uni_connect); + + DoCoolKeySetConfigValue(capability + ".p" + base_iter + "." + id,curSecUrl); + } + + if(!curSecUrl) + break; + + i++; + base_iter++; + } } function DoShowFullEnrollmentUI() @@ -2067,6 +2101,11 @@ if(!viewcertsbtn) return; + //hack for CAC cards that now have no CUID reported + + if(!isCool) + keyStatus = "ENROLLED"; + var image_src = SelectImageForKeyStatus(keyStatus,1,1); recordMessage("image_src " + image_src); @@ -2093,12 +2132,15 @@ if(!keyStatus) { + DisableItem(viewcertsbtn); DisableItem(enrollbtn); DisableItem(resetpinbtn); DisableItem(formatbtn); + detailsKeyLabel.setAttribute("value",getBundleString("noKeysPresent")); HideItem(detailsImage); + return; } @@ -2243,7 +2285,6 @@ function CreateAdminListRow(adminListBox,keyType,keyID,keyStatus,reqAuth,isAuthed,keyIssuer,keyIssuedTo) { - //alert("CreateAdminListRow keyType " + keyType + " keyID " + keyID + " keyStatus " + keyStatus); if(!gAdminPage) return null; @@ -2627,6 +2668,7 @@ if (!gCurrentSelectedRow) SelectRowByKeyID(keyType, keyID); + } if(gHiddenPage) @@ -3282,8 +3324,6 @@ netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect"); var isCool = netkey.GetCoolKeyIsReallyCoolKey(keyType, keyID); - //alert("isCool " + isCool); - return isCool; } catch (e) { @@ -3742,6 +3782,7 @@ { SelectRowByKeyID(keyType, keyID); UpdateAdminListRow(keyType,keyID); + UpdateAdminKeyDetailsArea(keyType,keyID); } } @@ -3991,7 +4032,6 @@ } catch(e) { - alert("Problem with nsIPromptService " + e); } } From fedora-directory-commits at redhat.com Thu Mar 1 22:55:05 2007 From: fedora-directory-commits at redhat.com (Jack Magne (jmagne)) Date: Thu, 1 Mar 2007 17:55:05 -0500 Subject: [Fedora-directory-commits] esc/src/app/xul/esc/chrome/content/esc ESC.js, 1.9, 1.10 Message-ID: <200703012255.l21Mt5Po009635@cvs-int.fedora.redhat.com> Author: jmagne Update of /cvs/dirsec/esc/src/app/xul/esc/chrome/content/esc In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv9618 Modified Files: ESC.js Log Message: Minor Security Officer UI fix. Index: ESC.js =================================================================== RCS file: /cvs/dirsec/esc/src/app/xul/esc/chrome/content/esc/ESC.js,v retrieving revision 1.9 retrieving revision 1.10 diff -u -r1.9 -r1.10 --- ESC.js 1 Mar 2007 22:37:19 -0000 1.9 +++ ESC.js 1 Mar 2007 22:55:03 -0000 1.10 @@ -1139,7 +1139,7 @@ } } - window.setTimeout('GrantSecurityPagesPrivileges()',1500); + window.setTimeout('GrantSecurityPagesPrivileges()',5000); } function GrantSecurityPagesPrivileges() From fedora-directory-commits at redhat.com Fri Mar 2 22:37:27 2007 From: fedora-directory-commits at redhat.com (Noriko Hosoi (nhosoi)) Date: Fri, 2 Mar 2007 17:37:27 -0500 Subject: [Fedora-directory-commits] ldapserver/ldap/admin/src create_instance.c, 1.49, 1.50 Message-ID: <200703022237.l22MbRr2024851@cvs-int.fedora.redhat.com> Author: nhosoi Update of /cvs/dirsec/ldapserver/ldap/admin/src In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv24812 Modified Files: create_instance.c Log Message: Resolves: 230673 Summary: LDAPI: referral mode needs LDAPI socket? (Comment #3) Change: if ldapifilepath is not passed, LDAPI is disabled in the newly created instance. Index: create_instance.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/admin/src/create_instance.c,v retrieving revision 1.49 retrieving revision 1.50 diff -u -r1.49 -r1.50 --- create_instance.c 1 Mar 2007 03:34:23 -0000 1.49 +++ create_instance.c 2 Mar 2007 22:37:25 -0000 1.50 @@ -2703,10 +2703,11 @@ #if defined(ENABLE_LDAPI) if (cf->ldapifilepath) { fprintf(f, "nsslapd-ldapifilepath: %s\n", cf->ldapifilepath); + fprintf(f, "nsslapd-ldapilisten: on\n"); } else { fprintf(f, "nsslapd-ldapifilepath: %s/%s-%s.socket\n", cf->run_dir, PRODUCT_NAME, cf->servid); + fprintf(f, "nsslapd-ldapilisten: off\n"); } - fprintf(f, "nsslapd-ldapilisten: on\n"); #if defined(ENABLE_AUTOBIND) fprintf(f, "nsslapd-ldapiautobind: on\n"); #endif /* ENABLE_AUTOBIND */ From fedora-directory-commits at redhat.com Fri Mar 2 22:38:09 2007 From: fedora-directory-commits at redhat.com (Noriko Hosoi (nhosoi)) Date: Fri, 2 Mar 2007 17:38:09 -0500 Subject: [Fedora-directory-commits] ldapserver/ldap/servers/slapd libglobs.c, 1.15, 1.16 Message-ID: <200703022238.l22Mc9aq024929@cvs-int.fedora.redhat.com> Author: nhosoi Update of /cvs/dirsec/ldapserver/ldap/servers/slapd In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv24857 Modified Files: libglobs.c Log Message: Resolves: 230673 Summary: LDAPI: referral mode needs LDAPI socket? (Comment #3) Change: LDAPI is disabled in the initial configuration parameter setting. Index: libglobs.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/libglobs.c,v retrieving revision 1.15 retrieving revision 1.16 diff -u -r1.15 -r1.16 --- libglobs.c 27 Feb 2007 02:57:30 -0000 1.15 +++ libglobs.c 2 Mar 2007 22:38:07 -0000 1.16 @@ -778,7 +778,7 @@ cfg->port = LDAP_PORT; cfg->secureport = LDAPS_PORT; cfg->ldapi_filename = slapi_ch_strdup(SLAPD_LDAPI_DEFAULT_FILENAME); - cfg->ldapi_switch = LDAP_ON; + cfg->ldapi_switch = LDAP_OFF; cfg->ldapi_bind_switch = LDAP_OFF; cfg->ldapi_root_dn = slapi_ch_strdup("cn=Directory Manager"); cfg->ldapi_map_entries = LDAP_OFF; From fedora-directory-commits at redhat.com Sat Mar 3 00:32:24 2007 From: fedora-directory-commits at redhat.com (Richard Allen Megginson (rmeggins)) Date: Fri, 2 Mar 2007 19:32:24 -0500 Subject: [Fedora-directory-commits] ldapserver Makefile.am, 1.31, 1.32 aclocal.m4, 1.24, 1.25 configure, 1.33, 1.34 missing, 1.18, 1.19 install-sh, 1.18, 1.19 depcomp, 1.18, 1.19 compile, 1.18, 1.19 config.sub, 1.17, 1.18 config.guess, 1.17, 1.18 Makefile.in, 1.36, 1.37 Message-ID: <200703030032.l230WOXd003655@cvs-int.fedora.redhat.com> Author: rmeggins Update of /cvs/dirsec/ldapserver In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv3546/ldapserver Modified Files: Makefile.am aclocal.m4 configure missing install-sh depcomp compile config.sub config.guess Makefile.in Log Message: Resolves: bug 230808 Bug Description: Split core schema Reviewed by: prowley (Thanks!) Files: see diff Branch: HEAD Fix Description: Moved all schema not required to start the server from 00core.ldif into a new file called 01common.ldif. Andrew and Satish already did the work to determine which schema are required to start the server, which is the schema needed to be in 00core.ldif. Platforms tested: RHEL4 Flag Day: no Doc impact: no Index: Makefile.am =================================================================== RCS file: /cvs/dirsec/ldapserver/Makefile.am,v retrieving revision 1.31 retrieving revision 1.32 diff -u -r1.31 -r1.32 --- Makefile.am 27 Feb 2007 02:57:24 -0000 1.31 +++ Makefile.am 3 Mar 2007 00:32:16 -0000 1.32 @@ -128,6 +128,7 @@ $(srcdir)/ldap/servers/slapd/tools/rsearch/scripts/dbgen-OrgUnits schema_DATA = $(srcdir)/ldap/schema/00core.ldif \ + $(srcdir)/ldap/schema/01common.ldif \ $(srcdir)/ldap/schema/05rfc2247.ldif \ $(srcdir)/ldap/schema/05rfc2927.ldif \ $(srcdir)/ldap/schema/10presence.ldif \ Index: aclocal.m4 =================================================================== RCS file: /cvs/dirsec/ldapserver/aclocal.m4,v retrieving revision 1.24 retrieving revision 1.25 diff -u -r1.24 -r1.25 --- aclocal.m4 27 Feb 2007 02:57:24 -0000 1.24 +++ aclocal.m4 3 Mar 2007 00:32:16 -0000 1.25 @@ -1597,7 +1597,7 @@ # Append ld.so.conf contents to the search path if test -f /etc/ld.so.conf; then - lt_ld_extra=`awk '/^include / { system(sprintf("cd /etc; cat %s", \[$]2)); skip = 1; } { if (!skip) print \[$]0; skip = 0; }' < /etc/ld.so.conf | $SED -e 's/#.*//;s/[:, ]/ /g;s/=[^=]*$//;s/=[^= ]* / /g;/^$/d' | tr '\n' ' '` + lt_ld_extra=`awk '/^include / { system(sprintf("cd /etc; cat %s 2>/dev/null", \[$]2)); skip = 1; } { if (!skip) print \[$]0; skip = 0; }' < /etc/ld.so.conf | $SED -e 's/#.*//;s/[:, ]/ /g;s/=[^=]*$//;s/=[^= ]* / /g;/^$/d' | tr '\n' ' '` sys_lib_dlsearch_path_spec="/lib${libsuff} /usr/lib${libsuff} $lt_ld_extra" fi @@ -4305,6 +4305,9 @@ # Is the compiler the GNU C compiler? with_gcc=$_LT_AC_TAGVAR(GCC, $1) +gcc_dir=\`gcc -print-file-name=. | $SED 's,/\.$,,'\` +gcc_ver=\`gcc -dumpversion\` + # An ERE matcher. EGREP=$lt_EGREP @@ -4438,11 +4441,11 @@ # Dependencies to place before the objects being linked to create a # shared library. -predep_objects=$lt_[]_LT_AC_TAGVAR(predep_objects, $1) +predep_objects=\`echo $lt_[]_LT_AC_TAGVAR(predep_objects, $1) | \$SED -e "s@\${gcc_dir}@\\\${gcc_dir}@g;s@\${gcc_ver}@\\\${gcc_ver}@g"\` # Dependencies to place after the objects being linked to create a # shared library. -postdep_objects=$lt_[]_LT_AC_TAGVAR(postdep_objects, $1) +postdep_objects=\`echo $lt_[]_LT_AC_TAGVAR(postdep_objects, $1) | \$SED -e "s@\${gcc_dir}@\\\${gcc_dir}@g;s@\${gcc_ver}@\\\${gcc_ver}@g"\` # Dependencies to place before the objects being linked to create a # shared library. @@ -4454,7 +4457,7 @@ # The library search path used internally by the compiler when linking # a shared library. -compiler_lib_search_path=$lt_[]_LT_AC_TAGVAR(compiler_lib_search_path, $1) +compiler_lib_search_path=\`echo $lt_[]_LT_AC_TAGVAR(compiler_lib_search_path, $1) | \$SED -e "s@\${gcc_dir}@\\\${gcc_dir}@g;s@\${gcc_ver}@\\\${gcc_ver}@g"\` # Method to check whether dependent libraries are shared objects. deplibs_check_method=$lt_deplibs_check_method @@ -4534,7 +4537,7 @@ link_all_deplibs=$_LT_AC_TAGVAR(link_all_deplibs, $1) # Compile-time system search path for libraries -sys_lib_search_path_spec=$lt_sys_lib_search_path_spec +sys_lib_search_path_spec=\`echo $lt_sys_lib_search_path_spec | \$SED -e "s@\${gcc_dir}@\\\${gcc_dir}@g;s@\${gcc_ver}@\\\${gcc_ver}@g"\` # Run-time system search path for libraries sys_lib_dlsearch_path_spec=$lt_sys_lib_dlsearch_path_spec @@ -6370,6 +6373,7 @@ done done done +IFS=$as_save_IFS lt_ac_max=0 lt_ac_count=0 # Add /usr/xpg4/bin/sed as it is typically found on Solaris @@ -6402,6 +6406,7 @@ done ]) SED=$lt_cv_path_SED +AC_SUBST([SED]) AC_MSG_RESULT([$SED]) ]) Index: configure =================================================================== RCS file: /cvs/dirsec/ldapserver/configure,v retrieving revision 1.33 retrieving revision 1.34 diff -u -r1.33 -r1.34 --- configure 27 Feb 2007 02:57:24 -0000 1.33 +++ configure 3 Mar 2007 00:32:16 -0000 1.34 @@ -465,7 +465,7 @@ #endif" ac_default_prefix=/opt/$PACKAGE_NAME -ac_subst_vars='SHELL PATH_SEPARATOR PACKAGE_NAME PACKAGE_TARNAME PACKAGE_VERSION PACKAGE_STRING PACKAGE_BUGREPORT exec_prefix prefix program_transform_name bindir sbindir libexecdir datadir sysconfdir sharedstatedir localstatedir libdir includedir oldincludedir infodir mandir build_alias host_alias target_alias DEFS ECHO_C ECHO_N ECHO_T LIBS INSTALL_PROGRAM INSTALL_SCRIPT INSTALL_DATA CYGPATH_W PACKAGE VERSION ACLOCAL AUTOCONF AUTOMAKE AUTOHEADER MAKEINFO install_sh STRIP ac_ct_STRIP INSTALL_STRIP_PROGRAM mkdir_p AWK SET_MAKE am__leading_dot AMTAR am__tar am__untar MAINTAINER_MODE_TRUE MAINTAINER_MODE_FALSE MAINT build build_cpu build_vendor build_os host host_cpu host_vendor host_os CXX CXXFLAGS LDFLAGS CPPFLAGS ac_ct_CXX EXEEXT OBJEXT DEPDIR am__include am__quote AMDEP_TRUE AMDEP_FALSE AMDEPBACKSLASH CXXDEPMODE am__fastdepCXX_TRUE am__fastdepCXX_FALSE CC CFLAGS ac_ct_CC CCDEPMODE am__fastdepCC_TRUE am__fastdepCC_FALSE EGREP LN_S ECHO AR ac_ct_AR RANLIB ac_ct_RANLIB CPP CX! XCPP F77 FFLAGS ac_ct_F77 LIBTOOL LIBOBJS debug_defs BUNDLE_TRUE BUNDLE_FALSE enable_pam_passthru_TRUE enable_pam_passthru_FALSE enable_dna_TRUE enable_dna_FALSE enable_ldapi_TRUE enable_ldapi_FALSE configdir sampledatadir propertydir schemadir serverdir serverplugindir scripttemplatedir instconfigdir WINNT_TRUE WINNT_FALSE LIBSOCKET LIBNSL LIBDL LIBCSTD LIBCRUN initdir HPUX_TRUE HPUX_FALSE SOLARIS_TRUE SOLARIS_FALSE PKG_CONFIG ICU_CONFIG NETSNMP_CONFIG nspr_inc nspr_lib nspr_libdir nss_inc nss_lib nss_libdir ldapsdk_inc ldapsdk_lib ldapsdk_libdir ldapsdk_bindir db_inc db_incdir db_lib db_libdir db_bindir db_libver sasl_inc sasl_lib sasl_libdir svrcore_inc svrcore_lib icu_lib icu_inc icu_bin netsnmp_inc netsnmp_lib netsnmp_libdir netsnmp_link LTLIBOBJS' +ac_subst_vars='SHELL PATH_SEPARATOR PACKAGE_NAME PACKAGE_TARNAME PACKAGE_VERSION PACKAGE_STRING PACKAGE_BUGREPORT exec_prefix prefix program_transform_name bindir sbindir libexecdir datadir sysconfdir sharedstatedir localstatedir libdir includedir oldincludedir infodir mandir build_alias host_alias target_alias DEFS ECHO_C ECHO_N ECHO_T LIBS INSTALL_PROGRAM INSTALL_SCRIPT INSTALL_DATA CYGPATH_W PACKAGE VERSION ACLOCAL AUTOCONF AUTOMAKE AUTOHEADER MAKEINFO install_sh STRIP ac_ct_STRIP INSTALL_STRIP_PROGRAM mkdir_p AWK SET_MAKE am__leading_dot AMTAR am__tar am__untar MAINTAINER_MODE_TRUE MAINTAINER_MODE_FALSE MAINT build build_cpu build_vendor build_os host host_cpu host_vendor host_os CXX CXXFLAGS LDFLAGS CPPFLAGS ac_ct_CXX EXEEXT OBJEXT DEPDIR am__include am__quote AMDEP_TRUE AMDEP_FALSE AMDEPBACKSLASH CXXDEPMODE am__fastdepCXX_TRUE am__fastdepCXX_FALSE CC CFLAGS ac_ct_CC CCDEPMODE am__fastdepCC_TRUE am__fastdepCC_FALSE SED EGREP LN_S ECHO AR ac_ct_AR RANLIB ac_ct_RANLIB CP! P CXXCPP F77 FFLAGS ac_ct_F77 LIBTOOL LIBOBJS debug_defs BUNDLE_TRUE BUNDLE_FALSE enable_pam_passthru_TRUE enable_pam_passthru_FALSE enable_dna_TRUE enable_dna_FALSE enable_ldapi_TRUE enable_ldapi_FALSE configdir sampledatadir propertydir schemadir serverdir serverplugindir scripttemplatedir instconfigdir WINNT_TRUE WINNT_FALSE LIBSOCKET LIBNSL LIBDL LIBCSTD LIBCRUN initdir HPUX_TRUE HPUX_FALSE SOLARIS_TRUE SOLARIS_FALSE PKG_CONFIG ICU_CONFIG NETSNMP_CONFIG nspr_inc nspr_lib nspr_libdir nss_inc nss_lib nss_libdir ldapsdk_inc ldapsdk_lib ldapsdk_libdir ldapsdk_bindir db_inc db_incdir db_lib db_libdir db_bindir db_libver sasl_inc sasl_lib sasl_libdir svrcore_inc svrcore_lib icu_lib icu_inc icu_bin netsnmp_inc netsnmp_lib netsnmp_libdir netsnmp_link LTLIBOBJS' ac_subst_files='' # Initialize some variables set by options. @@ -3832,6 +3832,7 @@ done done done +IFS=$as_save_IFS lt_ac_max=0 lt_ac_count=0 # Add /usr/xpg4/bin/sed as it is typically found on Solaris @@ -3866,6 +3867,7 @@ fi SED=$lt_cv_path_SED + echo "$as_me:$LINENO: result: $SED" >&5 echo "${ECHO_T}$SED" >&6 @@ -4306,7 +4308,7 @@ ;; *-*-irix6*) # Find out which ABI we are using. - echo '#line 4309 "configure"' > conftest.$ac_ext + echo '#line 4311 "configure"' > conftest.$ac_ext if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? @@ -5441,7 +5443,7 @@ # Provide some information about the compiler. -echo "$as_me:5444:" \ +echo "$as_me:5446:" \ "checking for Fortran 77 compiler version" >&5 ac_compiler=`set X $ac_compile; echo $2` { (eval echo "$as_me:$LINENO: \"$ac_compiler --version &5\"") >&5 @@ -6504,11 +6506,11 @@ -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:6507: $lt_compile\"" >&5) + (eval echo "\"\$as_me:6509: $lt_compile\"" >&5) (eval "$lt_compile" 2>conftest.err) ac_status=$? cat conftest.err >&5 - echo "$as_me:6511: \$? = $ac_status" >&5 + echo "$as_me:6513: \$? = $ac_status" >&5 if (exit $ac_status) && test -s "$ac_outfile"; then # The compiler can only warn and ignore the option if not recognized # So say no if there are warnings other than the usual output. @@ -6772,11 +6774,11 @@ -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:6775: $lt_compile\"" >&5) + (eval echo "\"\$as_me:6777: $lt_compile\"" >&5) (eval "$lt_compile" 2>conftest.err) ac_status=$? cat conftest.err >&5 - echo "$as_me:6779: \$? = $ac_status" >&5 + echo "$as_me:6781: \$? = $ac_status" >&5 if (exit $ac_status) && test -s "$ac_outfile"; then # The compiler can only warn and ignore the option if not recognized # So say no if there are warnings other than the usual output. @@ -6876,11 +6878,11 @@ -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:6879: $lt_compile\"" >&5) + (eval echo "\"\$as_me:6881: $lt_compile\"" >&5) (eval "$lt_compile" 2>out/conftest.err) ac_status=$? cat out/conftest.err >&5 - echo "$as_me:6883: \$? = $ac_status" >&5 + echo "$as_me:6885: \$? = $ac_status" >&5 if (exit $ac_status) && test -s out/conftest2.$ac_objext then # The compiler can only warn and ignore the option if not recognized @@ -8345,7 +8347,7 @@ libsuff= case "$host_cpu" in x86_64*|s390x*|powerpc64*) - echo '#line 8348 "configure"' > conftest.$ac_ext + echo '#line 8350 "configure"' > conftest.$ac_ext if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? @@ -8364,7 +8366,7 @@ # Append ld.so.conf contents to the search path if test -f /etc/ld.so.conf; then - lt_ld_extra=`awk '/^include / { system(sprintf("cd /etc; cat %s", \$2)); skip = 1; } { if (!skip) print \$0; skip = 0; }' < /etc/ld.so.conf | $SED -e 's/#.*//;s/[:, ]/ /g;s/=[^=]*$//;s/=[^= ]* / /g;/^$/d' | tr '\n' ' '` + lt_ld_extra=`awk '/^include / { system(sprintf("cd /etc; cat %s 2>/dev/null", \$2)); skip = 1; } { if (!skip) print \$0; skip = 0; }' < /etc/ld.so.conf | $SED -e 's/#.*//;s/[:, ]/ /g;s/=[^=]*$//;s/=[^= ]* / /g;/^$/d' | tr '\n' ' '` sys_lib_dlsearch_path_spec="/lib${libsuff} /usr/lib${libsuff} $lt_ld_extra" fi @@ -9242,7 +9244,7 @@ lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2 lt_status=$lt_dlunknown cat > conftest.$ac_ext < conftest.$ac_ext <&5) + (eval echo "\"\$as_me:11690: $lt_compile\"" >&5) (eval "$lt_compile" 2>conftest.err) ac_status=$? cat conftest.err >&5 - echo "$as_me:11689: \$? = $ac_status" >&5 + echo "$as_me:11694: \$? = $ac_status" >&5 if (exit $ac_status) && test -s "$ac_outfile"; then # The compiler can only warn and ignore the option if not recognized # So say no if there are warnings other than the usual output. @@ -11786,11 +11791,11 @@ -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:11789: $lt_compile\"" >&5) + (eval echo "\"\$as_me:11794: $lt_compile\"" >&5) (eval "$lt_compile" 2>out/conftest.err) ac_status=$? cat out/conftest.err >&5 - echo "$as_me:11793: \$? = $ac_status" >&5 + echo "$as_me:11798: \$? = $ac_status" >&5 if (exit $ac_status) && test -s out/conftest2.$ac_objext then # The compiler can only warn and ignore the option if not recognized @@ -12322,7 +12327,7 @@ libsuff= case "$host_cpu" in x86_64*|s390x*|powerpc64*) - echo '#line 12325 "configure"' > conftest.$ac_ext + echo '#line 12330 "configure"' > conftest.$ac_ext if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? @@ -12341,7 +12346,7 @@ # Append ld.so.conf contents to the search path if test -f /etc/ld.so.conf; then - lt_ld_extra=`awk '/^include / { system(sprintf("cd /etc; cat %s", \$2)); skip = 1; } { if (!skip) print \$0; skip = 0; }' < /etc/ld.so.conf | $SED -e 's/#.*//;s/[:, ]/ /g;s/=[^=]*$//;s/=[^= ]* / /g;/^$/d' | tr '\n' ' '` + lt_ld_extra=`awk '/^include / { system(sprintf("cd /etc; cat %s 2>/dev/null", \$2)); skip = 1; } { if (!skip) print \$0; skip = 0; }' < /etc/ld.so.conf | $SED -e 's/#.*//;s/[:, ]/ /g;s/=[^=]*$//;s/=[^= ]* / /g;/^$/d' | tr '\n' ' '` sys_lib_dlsearch_path_spec="/lib${libsuff} /usr/lib${libsuff} $lt_ld_extra" fi @@ -12726,6 +12731,9 @@ # Is the compiler the GNU C compiler? with_gcc=$GCC_CXX +gcc_dir=\`gcc -print-file-name=. | $SED 's,/\.$,,'\` +gcc_ver=\`gcc -dumpversion\` + # An ERE matcher. EGREP=$lt_EGREP @@ -12859,11 +12867,11 @@ # Dependencies to place before the objects being linked to create a # shared library. -predep_objects=$lt_predep_objects_CXX +predep_objects=\`echo $lt_predep_objects_CXX | \$SED -e "s@\${gcc_dir}@\\\${gcc_dir}@g;s@\${gcc_ver}@\\\${gcc_ver}@g"\` # Dependencies to place after the objects being linked to create a # shared library. -postdep_objects=$lt_postdep_objects_CXX +postdep_objects=\`echo $lt_postdep_objects_CXX | \$SED -e "s@\${gcc_dir}@\\\${gcc_dir}@g;s@\${gcc_ver}@\\\${gcc_ver}@g"\` # Dependencies to place before the objects being linked to create a # shared library. @@ -12875,7 +12883,7 @@ # The library search path used internally by the compiler when linking # a shared library. -compiler_lib_search_path=$lt_compiler_lib_search_path_CXX +compiler_lib_search_path=\`echo $lt_compiler_lib_search_path_CXX | \$SED -e "s@\${gcc_dir}@\\\${gcc_dir}@g;s@\${gcc_ver}@\\\${gcc_ver}@g"\` # Method to check whether dependent libraries are shared objects. deplibs_check_method=$lt_deplibs_check_method @@ -12955,7 +12963,7 @@ link_all_deplibs=$link_all_deplibs_CXX # Compile-time system search path for libraries -sys_lib_search_path_spec=$lt_sys_lib_search_path_spec +sys_lib_search_path_spec=\`echo $lt_sys_lib_search_path_spec | \$SED -e "s@\${gcc_dir}@\\\${gcc_dir}@g;s@\${gcc_ver}@\\\${gcc_ver}@g"\` # Run-time system search path for libraries sys_lib_dlsearch_path_spec=$lt_sys_lib_dlsearch_path_spec @@ -13377,11 +13385,11 @@ -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:13380: $lt_compile\"" >&5) + (eval echo "\"\$as_me:13388: $lt_compile\"" >&5) (eval "$lt_compile" 2>conftest.err) ac_status=$? cat conftest.err >&5 - echo "$as_me:13384: \$? = $ac_status" >&5 + echo "$as_me:13392: \$? = $ac_status" >&5 if (exit $ac_status) && test -s "$ac_outfile"; then # The compiler can only warn and ignore the option if not recognized # So say no if there are warnings other than the usual output. @@ -13481,11 +13489,11 @@ -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:13484: $lt_compile\"" >&5) + (eval echo "\"\$as_me:13492: $lt_compile\"" >&5) (eval "$lt_compile" 2>out/conftest.err) ac_status=$? cat out/conftest.err >&5 - echo "$as_me:13488: \$? = $ac_status" >&5 + echo "$as_me:13496: \$? = $ac_status" >&5 if (exit $ac_status) && test -s out/conftest2.$ac_objext then # The compiler can only warn and ignore the option if not recognized @@ -14930,7 +14938,7 @@ libsuff= case "$host_cpu" in x86_64*|s390x*|powerpc64*) - echo '#line 14933 "configure"' > conftest.$ac_ext + echo '#line 14941 "configure"' > conftest.$ac_ext if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? @@ -14949,7 +14957,7 @@ # Append ld.so.conf contents to the search path if test -f /etc/ld.so.conf; then - lt_ld_extra=`awk '/^include / { system(sprintf("cd /etc; cat %s", \$2)); skip = 1; } { if (!skip) print \$0; skip = 0; }' < /etc/ld.so.conf | $SED -e 's/#.*//;s/[:, ]/ /g;s/=[^=]*$//;s/=[^= ]* / /g;/^$/d' | tr '\n' ' '` + lt_ld_extra=`awk '/^include / { system(sprintf("cd /etc; cat %s 2>/dev/null", \$2)); skip = 1; } { if (!skip) print \$0; skip = 0; }' < /etc/ld.so.conf | $SED -e 's/#.*//;s/[:, ]/ /g;s/=[^=]*$//;s/=[^= ]* / /g;/^$/d' | tr '\n' ' '` sys_lib_dlsearch_path_spec="/lib${libsuff} /usr/lib${libsuff} $lt_ld_extra" fi @@ -15334,6 +15342,9 @@ # Is the compiler the GNU C compiler? with_gcc=$GCC_F77 +gcc_dir=\`gcc -print-file-name=. | $SED 's,/\.$,,'\` +gcc_ver=\`gcc -dumpversion\` + # An ERE matcher. EGREP=$lt_EGREP @@ -15467,11 +15478,11 @@ # Dependencies to place before the objects being linked to create a # shared library. -predep_objects=$lt_predep_objects_F77 +predep_objects=\`echo $lt_predep_objects_F77 | \$SED -e "s@\${gcc_dir}@\\\${gcc_dir}@g;s@\${gcc_ver}@\\\${gcc_ver}@g"\` # Dependencies to place after the objects being linked to create a # shared library. -postdep_objects=$lt_postdep_objects_F77 +postdep_objects=\`echo $lt_postdep_objects_F77 | \$SED -e "s@\${gcc_dir}@\\\${gcc_dir}@g;s@\${gcc_ver}@\\\${gcc_ver}@g"\` # Dependencies to place before the objects being linked to create a # shared library. @@ -15483,7 +15494,7 @@ # The library search path used internally by the compiler when linking # a shared library. -compiler_lib_search_path=$lt_compiler_lib_search_path_F77 +compiler_lib_search_path=\`echo $lt_compiler_lib_search_path_F77 | \$SED -e "s@\${gcc_dir}@\\\${gcc_dir}@g;s@\${gcc_ver}@\\\${gcc_ver}@g"\` # Method to check whether dependent libraries are shared objects. deplibs_check_method=$lt_deplibs_check_method @@ -15563,7 +15574,7 @@ link_all_deplibs=$link_all_deplibs_F77 # Compile-time system search path for libraries -sys_lib_search_path_spec=$lt_sys_lib_search_path_spec +sys_lib_search_path_spec=\`echo $lt_sys_lib_search_path_spec | \$SED -e "s@\${gcc_dir}@\\\${gcc_dir}@g;s@\${gcc_ver}@\\\${gcc_ver}@g"\` # Run-time system search path for libraries sys_lib_dlsearch_path_spec=$lt_sys_lib_dlsearch_path_spec @@ -15705,11 +15716,11 @@ -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:15708: $lt_compile\"" >&5) + (eval echo "\"\$as_me:15719: $lt_compile\"" >&5) (eval "$lt_compile" 2>conftest.err) ac_status=$? cat conftest.err >&5 - echo "$as_me:15712: \$? = $ac_status" >&5 + echo "$as_me:15723: \$? = $ac_status" >&5 if (exit $ac_status) && test -s "$ac_outfile"; then # The compiler can only warn and ignore the option if not recognized # So say no if there are warnings other than the usual output. @@ -15973,11 +15984,11 @@ -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:15976: $lt_compile\"" >&5) + (eval echo "\"\$as_me:15987: $lt_compile\"" >&5) (eval "$lt_compile" 2>conftest.err) ac_status=$? cat conftest.err >&5 - echo "$as_me:15980: \$? = $ac_status" >&5 + echo "$as_me:15991: \$? = $ac_status" >&5 if (exit $ac_status) && test -s "$ac_outfile"; then # The compiler can only warn and ignore the option if not recognized # So say no if there are warnings other than the usual output. @@ -16077,11 +16088,11 @@ -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:16080: $lt_compile\"" >&5) + (eval echo "\"\$as_me:16091: $lt_compile\"" >&5) (eval "$lt_compile" 2>out/conftest.err) ac_status=$? cat out/conftest.err >&5 - echo "$as_me:16084: \$? = $ac_status" >&5 + echo "$as_me:16095: \$? = $ac_status" >&5 if (exit $ac_status) && test -s out/conftest2.$ac_objext then # The compiler can only warn and ignore the option if not recognized @@ -17546,7 +17557,7 @@ libsuff= case "$host_cpu" in x86_64*|s390x*|powerpc64*) - echo '#line 17549 "configure"' > conftest.$ac_ext + echo '#line 17560 "configure"' > conftest.$ac_ext if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? @@ -17565,7 +17576,7 @@ # Append ld.so.conf contents to the search path if test -f /etc/ld.so.conf; then - lt_ld_extra=`awk '/^include / { system(sprintf("cd /etc; cat %s", \$2)); skip = 1; } { if (!skip) print \$0; skip = 0; }' < /etc/ld.so.conf | $SED -e 's/#.*//;s/[:, ]/ /g;s/=[^=]*$//;s/=[^= ]* / /g;/^$/d' | tr '\n' ' '` + lt_ld_extra=`awk '/^include / { system(sprintf("cd /etc; cat %s 2>/dev/null", \$2)); skip = 1; } { if (!skip) print \$0; skip = 0; }' < /etc/ld.so.conf | $SED -e 's/#.*//;s/[:, ]/ /g;s/=[^=]*$//;s/=[^= ]* / /g;/^$/d' | tr '\n' ' '` sys_lib_dlsearch_path_spec="/lib${libsuff} /usr/lib${libsuff} $lt_ld_extra" fi @@ -17950,6 +17961,9 @@ # Is the compiler the GNU C compiler? with_gcc=$GCC_GCJ +gcc_dir=\`gcc -print-file-name=. | $SED 's,/\.$,,'\` +gcc_ver=\`gcc -dumpversion\` + # An ERE matcher. EGREP=$lt_EGREP @@ -18083,11 +18097,11 @@ # Dependencies to place before the objects being linked to create a # shared library. -predep_objects=$lt_predep_objects_GCJ +predep_objects=\`echo $lt_predep_objects_GCJ | \$SED -e "s@\${gcc_dir}@\\\${gcc_dir}@g;s@\${gcc_ver}@\\\${gcc_ver}@g"\` # Dependencies to place after the objects being linked to create a # shared library. -postdep_objects=$lt_postdep_objects_GCJ +postdep_objects=\`echo $lt_postdep_objects_GCJ | \$SED -e "s@\${gcc_dir}@\\\${gcc_dir}@g;s@\${gcc_ver}@\\\${gcc_ver}@g"\` # Dependencies to place before the objects being linked to create a # shared library. @@ -18099,7 +18113,7 @@ # The library search path used internally by the compiler when linking # a shared library. -compiler_lib_search_path=$lt_compiler_lib_search_path_GCJ +compiler_lib_search_path=\`echo $lt_compiler_lib_search_path_GCJ | \$SED -e "s@\${gcc_dir}@\\\${gcc_dir}@g;s@\${gcc_ver}@\\\${gcc_ver}@g"\` # Method to check whether dependent libraries are shared objects. deplibs_check_method=$lt_deplibs_check_method @@ -18179,7 +18193,7 @@ link_all_deplibs=$link_all_deplibs_GCJ # Compile-time system search path for libraries -sys_lib_search_path_spec=$lt_sys_lib_search_path_spec +sys_lib_search_path_spec=\`echo $lt_sys_lib_search_path_spec | \$SED -e "s@\${gcc_dir}@\\\${gcc_dir}@g;s@\${gcc_ver}@\\\${gcc_ver}@g"\` # Run-time system search path for libraries sys_lib_dlsearch_path_spec=$lt_sys_lib_dlsearch_path_spec @@ -18431,6 +18445,9 @@ # Is the compiler the GNU C compiler? with_gcc=$GCC_RC +gcc_dir=\`gcc -print-file-name=. | $SED 's,/\.$,,'\` +gcc_ver=\`gcc -dumpversion\` + # An ERE matcher. EGREP=$lt_EGREP @@ -18564,11 +18581,11 @@ # Dependencies to place before the objects being linked to create a # shared library. -predep_objects=$lt_predep_objects_RC +predep_objects=\`echo $lt_predep_objects_RC | \$SED -e "s@\${gcc_dir}@\\\${gcc_dir}@g;s@\${gcc_ver}@\\\${gcc_ver}@g"\` # Dependencies to place after the objects being linked to create a # shared library. -postdep_objects=$lt_postdep_objects_RC +postdep_objects=\`echo $lt_postdep_objects_RC | \$SED -e "s@\${gcc_dir}@\\\${gcc_dir}@g;s@\${gcc_ver}@\\\${gcc_ver}@g"\` # Dependencies to place before the objects being linked to create a # shared library. @@ -18580,7 +18597,7 @@ # The library search path used internally by the compiler when linking # a shared library. -compiler_lib_search_path=$lt_compiler_lib_search_path_RC +compiler_lib_search_path=\`echo $lt_compiler_lib_search_path_RC | \$SED -e "s@\${gcc_dir}@\\\${gcc_dir}@g;s@\${gcc_ver}@\\\${gcc_ver}@g"\` # Method to check whether dependent libraries are shared objects. deplibs_check_method=$lt_deplibs_check_method @@ -18660,7 +18677,7 @@ link_all_deplibs=$link_all_deplibs_RC # Compile-time system search path for libraries -sys_lib_search_path_spec=$lt_sys_lib_search_path_spec +sys_lib_search_path_spec=\`echo $lt_sys_lib_search_path_spec | \$SED -e "s@\${gcc_dir}@\\\${gcc_dir}@g;s@\${gcc_ver}@\\\${gcc_ver}@g"\` # Run-time system search path for libraries sys_lib_dlsearch_path_spec=$lt_sys_lib_dlsearch_path_spec @@ -25826,6 +25843,7 @@ s, at CCDEPMODE@,$CCDEPMODE,;t t s, at am__fastdepCC_TRUE@,$am__fastdepCC_TRUE,;t t s, at am__fastdepCC_FALSE@,$am__fastdepCC_FALSE,;t t +s, at SED@,$SED,;t t s, at EGREP@,$EGREP,;t t s, at LN_S@,$LN_S,;t t s, at ECHO@,$ECHO,;t t Index: Makefile.in =================================================================== RCS file: /cvs/dirsec/ldapserver/Makefile.in,v retrieving revision 1.36 retrieving revision 1.37 diff -u -r1.36 -r1.37 --- Makefile.in 27 Feb 2007 02:57:24 -0000 1.36 +++ Makefile.in 3 Mar 2007 00:32:16 -0000 1.37 @@ -857,6 +857,7 @@ PATH_SEPARATOR = @PATH_SEPARATOR@ PKG_CONFIG = @PKG_CONFIG@ RANLIB = @RANLIB@ +SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ SOLARIS_FALSE = @SOLARIS_FALSE@ @@ -1043,6 +1044,7 @@ $(srcdir)/ldap/servers/slapd/tools/rsearch/scripts/dbgen-OrgUnits schema_DATA = $(srcdir)/ldap/schema/00core.ldif \ + $(srcdir)/ldap/schema/01common.ldif \ $(srcdir)/ldap/schema/05rfc2247.ldif \ $(srcdir)/ldap/schema/05rfc2927.ldif \ $(srcdir)/ldap/schema/10presence.ldif \ From fedora-directory-commits at redhat.com Sat Mar 3 00:32:18 2007 From: fedora-directory-commits at redhat.com (Richard Allen Megginson (rmeggins)) Date: Fri, 2 Mar 2007 19:32:18 -0500 Subject: [Fedora-directory-commits] ldapserver/ldap/schema 01common.ldif, NONE, 1.1 00core.ldif, 1.8, 1.9 Message-ID: <200703030032.l230WIB9003638@cvs-int.fedora.redhat.com> Author: rmeggins Update of /cvs/dirsec/ldapserver/ldap/schema In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv3546/ldapserver/ldap/schema Modified Files: 00core.ldif Added Files: 01common.ldif Log Message: Resolves: bug 230808 Bug Description: Split core schema Reviewed by: prowley (Thanks!) Files: see diff Branch: HEAD Fix Description: Moved all schema not required to start the server from 00core.ldif into a new file called 01common.ldif. Andrew and Satish already did the work to determine which schema are required to start the server, which is the schema needed to be in 00core.ldif. Platforms tested: RHEL4 Flag Day: no Doc impact: no --- NEW FILE 01common.ldif --- # # BEGIN COPYRIGHT BLOCK # This Program is free software; you can redistribute it and/or modify it under # the terms of the GNU General Public License as published by the Free Software # Foundation; version 2 of the License. # # This Program is distributed in the hope that it will be useful, but WITHOUT # ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS # FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. # # You should have received a copy of the GNU General Public License along with # this Program; if not, write to the Free Software Foundation, Inc., 59 Temple # Place, Suite 330, Boston, MA 02111-1307 USA. # # In addition, as a special exception, Red Hat, Inc. gives You the additional # right to link the code of this Program with code not covered under the GNU # General Public License ("Non-GPL Code") and to distribute linked combinations # including the two, subject to the limitations in this paragraph. Non-GPL Code # permitted under this exception must only link to the code of this Program # through those well defined interfaces identified in the file named EXCEPTION # found in the source code files (the "Approved Interfaces"). The files of # Non-GPL Code may instantiate templates or use macros or inline functions from # the Approved Interfaces without causing the resulting work to be covered by # the GNU General Public License. Only Red Hat, Inc. may make changes or # additions to the list of Approved Interfaces. You must obey the GNU General # Public License in all respects for all of the Program code and other code used # in conjunction with the Program except the Non-GPL Code covered by this # exception. If you modify this file, you may extend this exception to your # version of the file, but you are not obligated to do so. If you do not wish to # provide this exception without modification, you must delete this exception # statement from your version and license this file solely under the GPL without # exception. # # # Copyright (C) 2001 Sun Microsystems, Inc. Used by permission. # Copyright (C) 2005 Red Hat, Inc. # All rights reserved. # END COPYRIGHT BLOCK # # # Core schema, highly recommended but not required to start the Directory Server itself. # dn: cn=schema # # attributes # attributeTypes: ( 2.5.4.1 NAME 'aliasedObjectName' DESC 'Standard LDAP attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE X-ORIGIN 'RFC 2256' ) attributeTypes: ( 2.5.4.2 NAME 'knowledgeInformation' DESC 'Standard LDAP attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'RFC 2256' ) attributeTypes: ( 2.5.4.4 NAME ( 'sn' 'surName' ) DESC 'Standard LDAP attribute type' SUP name X-ORIGIN 'RFC 2256' ) attributeTypes: ( 2.5.4.5 NAME 'serialNumber' DESC 'Standard LDAP attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'RFC 2256' ) attributeTypes: ( 2.5.4.6 NAME ( 'c' 'countryName' ) DESC 'Standard LDAP attribute type' SUP name SINGLE-VALUE X-ORIGIN 'RFC 2256' ) attributeTypes: ( 2.5.4.7 NAME ( 'l' 'locality' 'localityname' ) DESC 'Standard LDAP attribute type' SUP name X-ORIGIN 'RFC 2256' ) attributeTypes: ( 2.5.4.8 NAME ( 'st' 'stateOrProvinceName' ) DESC 'Standard LDAP attribute type' SUP name X-ORIGIN 'RFC 2256' ) attributeTypes: ( 2.5.4.9 NAME ( 'street' 'streetaddress' ) DESC 'Standard LDAP attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'RFC 2256' ) attributeTypes: ( 2.5.4.10 NAME ( 'o' 'organizationname' ) DESC 'Standard LDAP attribute type' SUP name X-ORIGIN 'RFC 2256' ) attributeTypes: ( 2.5.4.11 NAME ( 'ou' 'organizationalUnitName' ) DESC 'Standard LDAP attribute type' SUP name X-ORIGIN 'RFC 2256' ) attributeTypes: ( 2.5.4.12 NAME 'title' DESC 'Standard LDAP attribute type' SUP name X-ORIGIN 'RFC 2256' ) attributeTypes: ( 2.5.4.14 NAME 'searchGuide' DESC 'Standard LDAP attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'RFC 2256' ) attributeTypes: ( 2.5.4.15 NAME 'businessCategory' DESC 'Standard LDAP attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'RFC 2256' ) attributeTypes: ( 2.5.4.16 NAME 'postalAddress' DESC 'Standard LDAP attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'RFC 2256' ) attributeTypes: ( 2.5.4.17 NAME 'postalCode' DESC 'Standard LDAP attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'RFC 2256' ) attributeTypes: ( 2.5.4.18 NAME 'postOfficeBox' DESC 'Standard LDAP attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'RFC 2256' ) attributeTypes: ( 2.5.4.19 NAME 'physicalDeliveryOfficeName' DESC 'Standard LDAP attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'RFC 2256' ) attributeTypes: ( 2.5.4.20 NAME 'telephoneNumber' DESC 'Standard LDAP attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.50 X-ORIGIN 'RFC 2256' ) attributeTypes: ( 2.5.4.21 NAME 'telexNumber' DESC 'Standard LDAP attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'RFC 2256' ) attributeTypes: ( 2.5.4.22 NAME 'teletexTerminalIdentifier' DESC 'Standard LDAP attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'RFC 2256' ) attributeTypes: ( 2.5.4.23 NAME ( 'facsimileTelephoneNumber' 'fax' ) DESC 'Standard LDAP attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.50 X-ORIGIN 'RFC 2256' ) attributeTypes: ( 2.5.4.24 NAME 'x121Address' DESC 'Standard LDAP attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'RFC 2256' ) attributeTypes: ( 2.5.4.25 NAME 'internationaliSDNNumber' DESC 'Standard LDAP attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'RFC 2256' ) attributeTypes: ( 2.5.4.26 NAME 'registeredAddress' DESC 'Standard LDAP attribute type' SUP postalAddress X-ORIGIN 'RFC 2256' ) attributeTypes: ( 2.5.4.27 NAME 'destinationIndicator' DESC 'Standard LDAP attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'RFC 2256' ) attributeTypes: ( 2.5.4.28 NAME 'preferredDeliveryMethod' DESC 'Standard LDAP attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'RFC 2256' ) attributeTypes: ( 2.5.4.29 NAME 'presentationAddress' DESC 'Standard LDAP attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN 'RFC 2256' ) attributeTypes: ( 2.5.4.30 NAME 'supportedApplicationContext' DESC 'Standard LDAP attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'RFC 2256' ) attributeTypes: ( 2.5.4.31 NAME 'member' DESC 'Standard LDAP attribute type' SUP distinguishedName X-ORIGIN 'RFC 2256' ) attributeTypes: ( 2.5.4.32 NAME 'owner' DESC 'Standard LDAP attribute type' SUP distinguishedName X-ORIGIN 'RFC 2256' ) attributeTypes: ( 2.5.4.33 NAME 'roleOccupant' DESC 'Standard LDAP attribute type' SUP distinguishedName X-ORIGIN 'RFC 2256' ) attributeTypes: ( 2.5.4.36 NAME 'userCertificate' DESC 'Standard LDAP attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 X-ORIGIN 'RFC 2256' ) attributeTypes: ( 2.5.4.37 NAME 'cACertificate' DESC 'Standard LDAP attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 X-ORIGIN 'RFC 2256' ) attributeTypes: ( 2.5.4.38 NAME 'authorityRevocationList' DESC 'Standard LDAP attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 X-ORIGIN 'RFC 2256' ) attributeTypes: ( 2.5.4.39 NAME 'certificateRevocationList' DESC 'Standard LDAP attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 X-ORIGIN 'RFC 2256' ) attributeTypes: ( 2.5.4.40 NAME 'crossCertificatePair' DESC 'Standard LDAP attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 X-ORIGIN 'RFC 2256' ) attributeTypes: ( 2.5.4.42 NAME 'givenName' DESC 'Standard LDAP attribute type' SUP name X-ORIGIN 'RFC 2256' ) attributeTypes: ( 2.5.4.43 NAME 'initials' DESC 'Standard LDAP attribute type' SUP name X-ORIGIN 'RFC 2256' ) attributeTypes: ( 2.5.4.44 NAME 'generationQualifier' DESC 'Standard LDAP attribute type' SUP name X-ORIGIN 'RFC 2256' ) attributeTypes: ( 2.5.4.45 NAME 'x500UniqueIdentifier' DESC 'Standard LDAP attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 X-ORIGIN 'RFC 2256' ) attributeTypes: ( 2.5.4.46 NAME 'dnQualifier' DESC 'Standard LDAP attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'RFC 2256' ) attributeTypes: ( 2.5.4.47 NAME 'enhancedSearchGuide' DESC 'Standard LDAP attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'RFC 2256' ) attributeTypes: ( 2.5.4.48 NAME 'protocolInformation' DESC 'Standard LDAP attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'RFC 2256' ) attributeTypes: ( 2.5.4.50 NAME 'uniqueMember' DESC 'Standard LDAP attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'RFC 2256' ) attributeTypes: ( 2.5.4.51 NAME 'houseIdentifier' DESC 'Standard LDAP attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'RFC 2256' ) attributeTypes: ( 2.5.4.52 NAME 'supportedAlgorithms' DESC 'Standard LDAP attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 X-ORIGIN 'RFC 2256' ) attributeTypes: ( 2.5.4.53 NAME 'deltaRevocationList' DESC 'Standard LDAP attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 X-ORIGIN 'RFC 2256' ) attributeTypes: ( 2.5.4.54 NAME 'dmdName' SUP name X-ORIGIN 'RFC 2256' ) attributeTypes: ( 0.9.2342.19200300.100.1.1 NAME ( 'uid' 'userid' ) DESC 'Standard LDAP attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'RFC 1274' ) attributeTypes: ( 0.9.2342.19200300.100.1.3 NAME ( 'mail' 'rfc822mailbox' ) DESC 'Standard LDAP attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'RFC 1274' ) attributeTypes: ( 0.9.2342.19200300.100.1.6 NAME 'roomNumber' DESC 'Standard LDAP attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'RFC 1274' ) attributeTypes: ( 0.9.2342.19200300.100.1.10 NAME 'manager' DESC 'Standard LDAP attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'RFC 1274' ) attributeTypes: ( 0.9.2342.19200300.100.1.20 NAME 'homePhone' DESC 'Standard LDAP attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.50 X-ORIGIN 'RFC 1274' ) attributeTypes: ( 0.9.2342.19200300.100.1.21 NAME 'secretary' DESC 'Standard LDAP attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'RFC 1274' ) attributeTypes: ( 0.9.2342.19200300.100.1.39 NAME 'homePostalAddress' DESC 'Standard LDAP attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'RFC 1274' ) attributeTypes: ( 0.9.2342.19200300.100.1.41 NAME ( 'mobile' 'mobileTelephoneNumber' ) DESC 'Standard LDAP attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.50 X-ORIGIN 'RFC 1274' ) attributeTypes: ( 0.9.2342.19200300.100.1.42 NAME ( 'pager' 'pagerTelephoneNumber' ) DESC 'Standard LDAP attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.50 X-ORIGIN 'RFC 1274' ) attributeTypes: ( 0.9.2342.19200300.100.1.43 NAME ( 'co' 'friendlycountryname' ) DESC 'Standard LDAP attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'RFC 1274' ) attributeTypes: ( 0.9.2342.19200300.100.1.55 NAME 'audio' DESC 'Standard LDAP attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 X-ORIGIN 'RFC 1274' ) attributeTypes: ( 0.9.2342.19200300.100.1.60 NAME 'jpegPhoto' DESC 'inetOrgPerson attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.28 X-ORIGIN 'RFC 2798' ) attributeTypes: ( 1.3.6.1.4.1.250.1.57 NAME ( 'labeledUri' 'labeledurl' ) DESC 'Uniform Resource Identifier with optional label' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'RFC 2079' ) attributeTypes: ( 2.16.840.1.113730.3.1.1 NAME 'carLicense' DESC 'inetOrgPerson attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'RFC 2798' ) attributeTypes: ( 2.16.840.1.113730.3.1.2 NAME 'departmentNumber' DESC 'inetOrgPerson attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'RFC 2798' ) attributeTypes: ( 2.16.840.1.113730.3.1.3 NAME 'employeeNumber' DESC 'inetOrgPerson attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'RFC 2798' ) attributeTypes: ( 2.16.840.1.113730.3.1.4 NAME 'employeeType' DESC 'inetOrgPerson attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'RFC 2798' ) attributeTypes: ( 2.16.840.1.113730.3.1.5 NAME 'changeNumber' DESC 'Changelog attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 X-ORIGIN 'Changelog Internet Draft' ) attributeTypes: ( 2.16.840.1.113730.3.1.6 NAME 'targetDn' DESC 'Changelog attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'Changelog Internet Draft' ) attributeTypes: ( 2.16.840.1.113730.3.1.7 NAME 'changeType' DESC 'Changelog attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Changelog Internet Draft' ) attributeTypes: ( 2.16.840.1.113730.3.1.8 NAME 'changes' DESC 'Changelog attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 X-ORIGIN 'Changelog Internet Draft' ) attributeTypes: ( 2.16.840.1.113730.3.1.9 NAME 'newRdn' DESC 'Changelog attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'Changelog Internet Draft' ) attributeTypes: ( 2.16.840.1.113730.3.1.10 NAME 'deleteOldRdn' DESC 'Changelog attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 X-ORIGIN 'Changelog Internet Draft' ) attributeTypes: ( 2.16.840.1.113730.3.1.11 NAME 'newSuperior' DESC 'Changelog attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'Changelog Internet Draft' ) attributeTypes: ( 2.16.840.1.113730.3.1.34 NAME 'ref' DESC 'LDAP referrals attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'LDAPv3 referrals Internet Draft' ) attributeTypes: ( 2.5.18.10 NAME 'subschemaSubentry' DESC 'Standard LDAP attribute type' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation X-ORIGIN 'RFC 2252' ) attributeTypes: ( 1.3.6.1.4.1.1466.101.120.5 NAME 'namingContexts' DESC 'Standard LDAP attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 USAGE dSAOperation X-ORIGIN 'RFC 2252' ) attributeTypes: ( 1.3.6.1.4.1.1466.101.120.6 NAME 'altServer' DESC 'Standard LDAP attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 USAGE dSAOperation X-ORIGIN 'RFC 2252' ) attributeTypes: ( 1.3.6.1.4.1.1466.101.120.7 NAME 'supportedExtension' DESC 'Standard LDAP attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 USAGE dSAOperation X-ORIGIN 'RFC 2252' ) attributeTypes: ( 1.3.6.1.4.1.1466.101.120.13 NAME 'supportedControl' DESC 'Standard LDAP attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 USAGE dSAOperation X-ORIGIN 'RFC 2252' ) attributeTypes: ( 1.3.6.1.4.1.1466.101.120.14 NAME 'supportedSASLMechanisms' DESC 'Standard LDAP attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 USAGE dSAOperation X-ORIGIN 'RFC 2252' ) attributeTypes: ( 1.3.6.1.4.1.1466.101.120.15 NAME 'supportedLDAPVersion' DESC 'Standard LDAP attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 USAGE dSAOperation X-ORIGIN 'RFC 2252' ) attributeTypes: ( 1.3.6.1.4.1.1466.101.120.16 NAME 'ldapSyntaxes' DESC 'Standard LDAP attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 USAGE directoryOperation X-ORIGIN 'RFC 2252' ) attributeTypes: ( 1.3.6.1.4.1.4203.1.3.5 NAME 'supportedFeatures' DESC 'features supported by the server' EQUALITY objectIdentifierMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 USAGE dSAOperation ) attributeTypes: ( 2.16.840.1.113730.3.1.36 NAME 'nsLicensedFor' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Administration Services' ) attributeTypes: ( 2.16.840.1.113730.3.1.37 NAME 'nsLicenseStartTime' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Administration Services' ) attributeTypes: ( 2.16.840.1.113730.3.1.38 NAME 'nsLicenseEndTime' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Administration Services' ) attributeTypes: ( 2.16.840.1.113730.3.1.39 NAME 'preferredLanguage' DESC 'inetOrgPerson attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'RFC 2798' ) attributeTypes: ( 2.16.840.1.113730.3.1.40 NAME 'userSMIMECertificate' DESC 'inetOrgPerson attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 X-ORIGIN 'RFC 2798' ) attributeTypes: ( 2.16.840.1.113730.3.1.70 NAME 'serverRoot' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Administration Services' ) attributeTypes: ( 2.16.840.1.113730.3.1.71 NAME 'serverProductName' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Administration Services' ) attributeTypes: ( 2.16.840.1.113730.3.1.72 NAME 'serverVersionNumber' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Administration Services' ) attributeTypes: ( 2.16.840.1.113730.3.1.73 NAME 'installationTimeStamp' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Administration Services' ) attributeTypes: ( 2.16.840.1.113730.3.1.74 NAME 'administratorContactInfo' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Administration Services' ) attributeTypes: ( 2.16.840.1.113730.3.1.75 NAME 'adminUrl' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'Netscape Administration Services' ) attributeTypes: ( 2.16.840.1.113730.3.1.76 NAME 'serverHostName' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Administration Services' ) attributeTypes: ( 2.16.840.1.113730.3.1.77 NAME 'changeTime' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.91 NAME 'passwordExpirationTime' DESC 'Netscape defined password policy attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE USAGE directoryOperation X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.92 NAME ( 'passwordExpWarned' 'pwdExpirationWarned' ) DESC 'Netscape defined password policy attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE USAGE directoryOperation X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.93 NAME 'passwordRetryCount' DESC 'Netscape defined password policy attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE USAGE directoryOperation X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.94 NAME 'retryCountResetTime' DESC 'Netscape defined password policy attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE USAGE directoryOperation X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.95 NAME 'accountUnlockTime' DESC 'Netscape defined password policy attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE USAGE directoryOperation X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.96 NAME ( 'passwordHistory' 'pwdHistory' ) DESC 'Netscape defined password policy attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 USAGE directoryOperation X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.97 NAME ( 'passwordMaxAge' 'pwdMaxAge' ) DESC 'Netscape defined password policy attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.98 NAME 'passwordExp' DESC 'Netscape defined password policy attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.99 NAME ( 'passwordMinLength' 'pwdMinLength' ) DESC 'Netscape defined password policy attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.100 NAME 'passwordKeepHistory' DESC 'Netscape defined password policy attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.101 NAME ( 'passwordInHistory' 'pwdInHistory' ) DESC 'Netscape defined password policy attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.102 NAME ( 'passwordChange' 'pwdAllowUserChange' ) DESC 'Netscape defined password policy attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.103 NAME ( 'passwordCheckSyntax' 'pwdCheckSyntax' ) DESC 'Netscape defined password policy attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.104 NAME ( 'passwordWarning' 'pwdExpireWarning' ) DESC 'Netscape defined password policy attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.105 NAME ( 'passwordLockout' 'pwdLockOut' ) DESC 'Netscape defined password policy attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.106 NAME ( 'passwordMaxFailure' 'pwdMaxFailure' ) DESC 'Netscape defined password policy attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.107 NAME 'passwordResetDuration' DESC 'Netscape defined password policy attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.108 NAME 'passwordUnlock' DESC 'Netscape defined password policy attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.109 NAME ( 'passwordLockoutDuration' 'pwdLockoutDuration' ) DESC 'Netscape defined password policy attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.997 NAME 'pwdpolicysubentry' DESC 'Netscape defined password policy attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE USAGE directoryOperation X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.998 NAME ( 'passwordGraceUserTime' 'pwdGraceUserTime' ) DESC 'Netscape defined password policy attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE USAGE directoryOperation X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.999 NAME ( 'passwordGraceLimit' 'pwdGraceLoginLimit' ) DESC 'Netscape defined password policy attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.2075 NAME ( 'passwordMinDigits' 'pwdMinDigits' ) DESC 'Netscape defined password policy attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.2076 NAME ( 'passwordMinAlphas' 'pwdMinAlphas' ) DESC 'Netscape defined password policy attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.2077 NAME ( 'passwordMinUppers' 'pwdMinUppers' ) DESC 'Netscape defined password policy attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.2078 NAME ( 'passwordMinLowers' 'pwdMinLowers' ) DESC 'Netscape defined password policy attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.2079 NAME ( 'passwordMinSpecials' 'pwdMinSpecials' ) DESC 'Netscape defined password policy attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.2080 NAME ( 'passwordMin8bit' 'pwdMin8bit' ) DESC 'Netscape defined password policy attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.2081 NAME ( 'passwordMaxRepeats' 'pwdMaxRepeats' ) DESC 'Netscape defined password policy attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.2082 NAME ( 'passwordMinCategories' 'pwdMinCategories' ) DESC 'Netscape defined password policy attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.2083 NAME ( 'passwordMinTokenLength' 'pwdMinTokenLength' ) DESC 'Netscape defined password policy attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.198 NAME 'memberURL' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.199 NAME 'memberCertificateDescription' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.207 NAME 'vlvBase' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.208 NAME 'vlvScope' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.209 NAME 'vlvFilter' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.210 NAME 'vlvSort' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.213 NAME 'vlvEnabled' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.214 NAME 'passwordAllowChangeTime' DESC 'Netscape defined password policy attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE USAGE directoryOperation X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.216 NAME 'userPKCS12' DESC 'inetOrgPerson attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 X-ORIGIN 'RFC 2798' ) attributeTypes: ( 2.16.840.1.113730.3.1.219 NAME 'vlvUses' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.220 NAME ( 'passwordMustChange' 'pwdMustChange' ) DESC 'Netscape defined password policy attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.221 NAME 'passwordStorageScheme' DESC 'Netscape defined password policy attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.222 NAME ( 'passwordMinAge' 'pwdMinAge' ) DESC 'Netscape defined password policy attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.223 NAME ( 'passwordResetFailureCount' 'pwdFailureCountInterval' ) DESC 'Netscape defined password policy attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.241 NAME 'displayName' DESC 'inetOrgPerson attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'RFC 2798' ) attributeTypes: ( 2.16.840.1.113730.3.1.550 NAME 'cosAttribute' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.551 NAME 'cosspecifier' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.552 NAME 'costargettree' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.553 NAME 'costemplatedn' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.35 NAME 'changeLog' DESC 'the distinguished name of the entry which contains the set of entries comprising this servers changelog' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'Changelog Internet Draft' ) attributeTypes: ( 2.16.840.1.113730.3.1.200 NAME 'changeLogMaximumAge' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.201 NAME 'changeLogMaximumSize' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.205 NAME 'changeLogMaximumConcurrentWrites' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 1.3.6.1.4.1.250.1.60 NAME ( 'ttl' 'timeToLive' ) DESC 'time to live in seconds for cached objects' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'LDAP Caching Internet Draft' ) attributeTypes: ( 0.9.2342.19200300.100.1.7 NAME 'photo' DESC 'Standard LDAP attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 X-ORIGIN 'RFC 1274' ) attributeTypes: ( 2.16.840.1.113730.3.1.612 NAME 'generation' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 1.3.1.1.4.1.453.16.2.103 NAME 'numSubordinates' DESC 'count of immediate subordinates' EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation X-ORIGIN 'numSubordinates Internet Draft' ) attributeTypes: ( 2.5.18.9 NAME 'hasSubordinates' DESC 'if TRUE, subordinate entries may exist' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation X-ORIGIN 'numSubordinates Internet Draft' ) attributeTypes: ( 2.16.840.1.113730.3.1.569 NAME 'cosPriority' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.570 NAME 'nsLookThroughLimit' DESC 'Binder-based search operation look through limit (candidate entries)' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE USAGE directoryOperation X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.571 NAME 'nsSizeLimit' DESC 'Binder-based search operation size limit (entries)' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE USAGE directoryOperation X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.572 NAME 'nsTimeLimit' DESC 'Binder-based search operation time limit (seconds)' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE USAGE directoryOperation X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.573 NAME 'nsIdleTimeout' DESC 'Binder-based connection idle timeout (seconds)' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE USAGE directoryOperation X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.574 NAME 'nsRole' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 NO-USER-MODIFICATION USAGE directoryOperation X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.575 NAME 'nsRoleDN' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 USAGE directoryOperation X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.576 NAME 'nsRoleFilter' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.577 NAME 'cosIndirectSpecifier' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.610 NAME 'nsAccountLock' DESC 'Operational attribute for Account Inactivation' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 USAGE directoryOperation X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.613 NAME 'copiedFrom' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE USAGE directoryOperation X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.614 NAME 'copyingFrom' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE USAGE directoryOperation X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.803 NAME 'nsBackendSuffix' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 USAGE directoryOperation X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.973 NAME 'nsds5ReplConflict' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 USAGE directoryOperation X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.1000 NAME 'nsds7WindowsReplicaSubtree' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.1001 NAME 'nsds7DirectoryReplicaSubtree' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.1002 NAME 'nsds7NewWinUserSyncEnabled' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.1003 NAME 'nsds7NewWinGroupSyncEnabled' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.1004 NAME 'nsds7WindowsDomain' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.1005 NAME 'nsds7DirsyncCookie' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 1.3.6.1.1.4 NAME 'vendorName' EQUALITY 1.3.6.1.4.1.1466.109.114.1 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE NO-USER-MODIFICATION USAGE dSAOperation X-ORIGIN 'RFC 3045' ) attributeTypes: ( 1.3.6.1.1.5 NAME 'vendorVersion' EQUALITY 1.3.6.1.4.1.1466.109.114.1 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE NO-USER-MODIFICATION USAGE dSAOperation X-ORIGIN 'RFC 3045' ) attributeTypes: ( 2.16.840.1.113730.3.1.3023 NAME 'nsViewFilter' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.2063 NAME 'nsEncryptionAlgorithm' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.2064 NAME 'nsSaslMapRegexString' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.2065 NAME 'nsSaslMapBaseDNTemplate' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.2066 NAME 'nsSaslMapFilterTemplate' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) # # objectclasses: # objectClasses: ( 2.5.6.1 NAME 'alias' DESC 'Standard LDAP objectclass' SUP top ABSTRACT MUST ( aliasedObjectName ) X-ORIGIN 'RFC 2256' ) objectClasses: ( 1.3.6.1.4.1.1466.101.120.111 NAME 'extensibleObject' DESC 'LDAPv3 extensible object' SUP top AUXILIARY X-ORIGIN 'RFC 2252' ) objectClasses: ( 2.5.6.2 NAME 'country' DESC 'Standard LDAP objectclass' SUP top MUST ( c ) MAY ( searchGuide $ description ) X-ORIGIN 'RFC 2256' ) objectClasses: ( 2.5.6.3 NAME 'locality' DESC 'Standard LDAP attribute type' SUP top MAY ( description $ l $ searchGuide $ seeAlso $ st $ street ) X-ORIGIN 'RFC 2256' ) objectClasses: ( 2.5.6.4 NAME 'organization' DESC 'Standard LDAP objectclass' SUP top MUST ( o ) MAY ( businessCategory $ description $ destinationIndicator $ facsimileTelephoneNumber $ internationaliSDNNumber $ l $ physicalDeliveryOfficeName $ postOfficeBox $ postalAddress $ postalCode $ preferredDeliveryMethod $ registeredAddress $ searchGuide $ seeAlso $ st $ street $ telephoneNumber $ teletexTerminalIdentifier $ telexNumber $ userPassword $ x121Address ) X-ORIGIN 'RFC 2256' ) objectClasses: ( 2.5.6.5 NAME 'organizationalUnit' DESC 'Standard LDAP objectclass' SUP top MUST ( ou ) MAY ( businessCategory $ description $ destinationIndicator $ facsimileTelephoneNumber $ internationaliSDNNumber $ l $ physicalDeliveryOfficeName $ postOfficeBox $ postalAddress $ postalCode $ preferredDeliveryMethod $ registeredAddress $ searchGuide $ seeAlso $ st $ street $ telephoneNumber $ teletexTerminalIdentifier $ telexNumber $ userPassword $ x121Address ) X-ORIGIN 'RFC 2256' ) objectClasses: ( 2.5.6.6 NAME 'person' DESC 'Standard LDAP objectclass' SUP top MUST ( sn $ cn ) MAY ( description $ seeAlso $ telephoneNumber $ userPassword ) X-ORIGIN 'RFC 2256' ) objectClasses: ( 2.5.6.7 NAME 'organizationalPerson' DESC 'Standard LDAP objectclass' SUP person MAY ( destinationIndicator $ facsimileTelephoneNumber $ internationaliSDNNumber $ l $ ou $ physicalDeliveryOfficeName $ postOfficeBox $ postalAddress $ postalCode $ preferredDeliveryMethod $ registeredAddress $ st $ street $ teletexTerminalIdentifier $ telexNumber $ title $ x121Address ) X-ORIGIN 'RFC 2256' ) objectClasses: ( 2.16.840.1.113730.3.2.2 NAME 'inetOrgPerson' DESC 'Internet extended organizational person objectclass' SUP organizationalPerson MAY ( audio $ businessCategory $ carLicense $ departmentNumber $ displayName $ employeeType $ employeeNumber $ givenName $ homePhone $ homePostalAddress $ initials $ jpegPhoto $ labeledURI $ manager $ mobile $ pager $ photo $ preferredLanguage $ mail $ o $ roomNumber $ secretary $ uid $ x500uniqueIdentifier $ userCertificate $ userSMimeCertificate $ userPKCS12 ) X-ORIGIN 'RFC 2798' ) objectClasses: ( 2.5.6.8 NAME 'organizationalRole' DESC 'Standard LDAP objectclass' SUP top MUST ( cn ) MAY ( description $ destinationIndicator $ facsimileTelephoneNumber $ internationaliSDNNumber $ l $ ou $ physicalDeliveryOfficeName $ postOfficeBox $ postalAddress $ postalCode $ preferredDeliveryMethod $ registeredAddress $ roleOccupant $ seeAlso $ st $ street $ telephoneNumber $ teletexTerminalIdentifier $ telexNumber $ x121Address ) X-ORIGIN 'RFC 2256' ) objectClasses: ( 2.5.6.9 NAME 'groupOfNames' DESC 'Standard LDAP objectclass' SUP top MUST ( cn ) MAY ( member $ businessCategory $ description $ o $ ou $ owner $ seeAlso ) X-ORIGIN 'RFC 2256' ) objectClasses: ( 2.5.6.17 NAME 'groupOfUniqueNames' DESC 'Standard LDAP objectclass' SUP top MUST ( cn ) MAY ( uniqueMember $ businessCategory $ description $ o $ ou $ owner $ seeAlso ) X-ORIGIN 'RFC 2256' ) objectClasses: ( 2.16.840.1.113730.3.2.31 NAME 'groupOfCertificates' DESC 'Netscape defined objectclass' SUP top MUST ( cn ) MAY ( memberCertificateDescription $ businessCategory $ description $ o $ ou $ owner $ seeAlso ) X-ORIGIN 'Netscape Directory Server' ) objectClasses: ( 2.16.840.1.113730.3.2.33 NAME 'groupOfURLs' DESC 'Netscape defined objectclass' SUP top MUST ( cn ) MAY ( memberURL $ businessCategory $ description $ o $ ou $ owner $ seeAlso ) X-ORIGIN 'Netscape Directory Server' ) objectClasses: ( 2.5.6.10 NAME 'residentialPerson' DESC 'Standard LDAP objectclass' SUP person MUST ( l ) MAY ( businessCategory $ destinationIndicator $ facsimileTelephoneNumber $ internationaliSDNNumber $ physicalDeliveryOfficeName $ postOfficeBox $ postalAddress $ postalCode $ preferredDeliveryMethod $ registeredAddress $ st $ street $ teletexTerminalIdentifier $ telexNumber $ x121Address ) X-ORIGIN 'RFC 2256' ) objectClasses: ( 2.5.6.11 NAME 'applicationProcess' DESC 'Standard LDAP objectclass' SUP top MUST ( cn ) MAY ( description $ l $ ou $ seeAlso ) X-ORIGIN 'RFC 2256' ) objectClasses: ( 2.16.840.1.113730.3.2.35 NAME 'LDAPServer' DESC 'Netscape defined objectclass' SUP top MUST ( cn ) MAY ( description $ l $ ou $ seeAlso $ generation $ changeLogMaximumAge $ changeLogMaximumSize ) X-ORIGIN 'Netscape Directory Server' ) objectClasses: ( 2.5.6.12 NAME 'applicationEntity' DESC 'Standard LDAP objectclass' SUP top MUST ( presentationAddress $ cn ) MAY ( description $ l $ o $ ou $ seeAlso $ supportedApplicationContext ) X-ORIGIN 'RFC 2256' ) objectClasses: ( 2.5.6.13 NAME 'dSA' DESC 'Standard LDAP objectclass' SUP applicationEntity MAY ( knowledgeInformation ) X-ORIGIN 'RFC 2256' ) objectClasses: ( 2.5.6.14 NAME 'device' DESC 'Standard LDAP objectclass' SUP top MUST ( cn ) MAY ( description $ l $ o $ ou $ owner $ seeAlso $ serialNumber ) X-ORIGIN 'RFC 2256' ) objectClasses: ( 2.5.6.15 NAME 'strongAuthenticationUser' DESC 'Standard LDAP objectclass' SUP top AUXILIARY MUST ( userCertificate ) X-ORIGIN 'RFC 2256' ) objectClasses: ( 2.5.6.16 NAME 'certificationAuthority' DESC 'Standard LDAP objectclass' SUP top AUXILIARY MUST ( authorityRevocationList $ certificateRevocationList $ cACertificate ) MAY crossCertificatePair X-ORIGIN 'RFC 2256' ) objectClasses: ( 2.5.6.16.2 NAME 'certificationAuthority-V2' DESC 'Standard LDAP objectclass' SUP certificationAuthority MAY deltaRevocationList X-ORIGIN 'RFC 2256' ) objectClasses: ( 2.5.6.18 NAME 'userSecurityInformation' SUP top AUXILIARY MAY ( supportedAlgorithms ) X-ORIGIN 'RFC 2256' ) objectClasses: ( 2.5.6.19 NAME 'cRLDistributionPoint' SUP top STRUCTURAL MUST ( cn ) MAY ( certificateRevocationList $ authorityRevocationList $ deltaRevocationList ) X-ORIGIN 'RFC 2256' ) objectClasses: ( 2.5.6.20 NAME 'dmd' SUP top STRUCTURAL MUST ( dmdName ) MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $ x121Address $ registeredAddress $ destinationIndicator $ preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $ telephoneNumber $ internationaliSDNNumber $ facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $ postalAddress $ physicalDeliveryOfficeName $ st $ l $ description ) X-ORIGIN 'RFC 2256' ) objectClasses: ( 1.3.6.1.4.1.250.3.15 NAME 'labeledURIObject' DESC 'object that contains the URI attribute type' SUP top AUXILIARY MAY ( labeledURI ) X-ORIGIN 'RFC 2079' ) objectClasses: ( 1.3.6.1.4.1.250.3.18 NAME 'cacheObject' DESC 'object that contains the TTL (time to live) attribute type' SUP top MAY ( ttl ) X-ORIGIN 'LDAP Caching Internet Draft' ) objectClasses: ( 2.16.840.1.113730.3.2.10 NAME 'netscapeServer' DESC 'Netscape defined objectclass' SUP top MUST ( cn ) MAY ( description $ serverRoot $ serverProductName $ serverVersionNumber $ installationTimeStamp $ administratorContactInfo $ userpassword $ adminURL $ serverHostName ) X-ORIGIN 'Netscape Administration Services' ) objectClasses: ( 2.16.840.1.113730.3.2.7 NAME 'nsLicenseUser' DESC 'Netscape defined objectclass' SUP top MAY ( nsLicensedFor $ nsLicenseStartTime $ nsLicenseEndTime ) X-ORIGIN 'Netscape Administration Services' ) objectClasses: ( 2.16.840.1.113730.3.2.1 NAME 'changeLogEntry' DESC 'LDAP changelog objectclass' SUP top MUST ( targetdn $ changeTime $ changenumber $ changeType ) MAY ( changes $ newrdn $ deleteoldrdn $ newsuperior ) X-ORIGIN 'Changelog Internet Draft' ) objectClasses: ( 2.16.840.1.113730.3.2.6 NAME 'referral' DESC 'LDAP referrals objectclass' SUP top MAY ( ref ) X-ORIGIN 'LDAPv3 referrals Internet Draft' ) objectClasses: ( 2.16.840.1.113730.3.2.12 NAME 'passwordObject' DESC 'Netscape defined password policy objectclass' SUP top MAY ( pwdpolicysubentry $ passwordExpirationTime $ passwordExpWarned $ passwordRetryCount $ retryCountResetTime $ accountUnlockTime $ passwordHistory $ passwordAllowChangeTime $ passwordGraceUserTime ) X-ORIGIN 'Netscape Directory Server' ) objectClasses: ( 2.16.840.1.113730.3.2.13 NAME 'passwordPolicy' DESC 'Netscape defined password policy objectclass' SUP top MAY ( passwordMaxAge $ passwordExp $ passwordMinLength $ passwordKeepHistory $ passwordInHistory $ passwordChange $ passwordWarning $ passwordLockout $ passwordMaxFailure $ passwordResetDuration $ passwordUnlock $ passwordLockoutDuration $ passwordCheckSyntax $ passwordMustChange $ passwordStorageScheme $ passwordMinAge $ passwordResetFailureCount $ passwordGraceLimit $ passwordMinDigits $ passwordMinAlphas $ passwordMinUppers $ passwordMinLowers $ passwordMinSpecials $ passwordMin8bit $ passwordMaxRepeats $ passwordMinCategories $ passwordMinTokenLength ) X-ORIGIN 'Netscape Directory Server' ) objectClasses: ( 2.16.840.1.113730.3.2.30 NAME 'glue' DESC 'Netscape defined objectclass' SUP top X-ORIGIN 'Netscape Directory Server' ) objectClasses: ( 2.16.840.1.113730.3.2.32 NAME 'netscapeMachineData' DESC 'Netscape defined objectclass' SUP top X-ORIGIN 'Netscape Directory Server' ) objectClasses: ( 2.16.840.1.113730.3.2.38 NAME 'vlvSearch' DESC 'Netscape defined objectclass' SUP top MUST ( cn $ vlvBase $ vlvScope $ vlvFilter ) MAY ( multiLineDescription ) X-ORIGIN 'Netscape Directory Server' ) objectClasses: ( 2.16.840.1.113730.3.2.39 NAME 'nsslapdConfig' DESC 'Netscape defined objectclass' SUP top MAY ( cn ) X-ORIGIN 'Netscape Directory Server' ) objectClasses: ( 2.16.840.1.113730.3.2.39 NAME 'nsslapdConfig' DESC 'Netscape defined objectclass' SUP top MAY ( cn ) X-ORIGIN 'Netscape Directory Server' ) objectClasses: ( 2.16.840.1.113730.3.2.42 NAME 'vlvIndex' DESC 'Netscape defined objectclass' SUP top MUST ( cn $ vlvSort ) MAY ( vlvEnabled $ vlvUses ) X-ORIGIN 'Netscape Directory Server' ) objectClasses: ( 2.16.840.1.113730.3.2.43 NAME 'nsSNMP' DESC 'Netscape defined objectclass' SUP top MUST ( cn $ nsSNMPEnabled ) MAY ( nsSNMPOrganization $ nsSNMPLocation $ nsSNMPContact $ nsSNMPDescription $ nsSNMPName $ nsSNMPMasterHost $ nsSNMPMasterPort ) X-ORIGIN 'Netscape Directory Server' ) objectClasses: ( 2.16.840.1.113730.3.2.84 NAME 'cosDefinition' DESC 'Netscape defined objectclass' SUP top MAY ( costargettree $ costemplatedn $ cosspecifier $ cosattribute $ aci $ cn $ uid ) X-ORIGIN 'Netscape Directory Server' ) objectClasses: ( 2.16.840.1.113719.2.142.6.1.1 NAME 'ldapSubEntry' DESC 'LDAP Subentry class, version 1' SUP top STRUCTURAL MAY ( cn ) X-ORIGIN 'LDAP Subentry Internet Draft' ) objectClasses: ( 2.16.840.1.113730.3.2.93 NAME 'nsRoleDefinition' DESC 'Netscape defined objectclass' SUP ldapSubEntry MAY ( description ) X-ORIGIN 'Netscape Directory Server' ) objectClasses: ( 2.16.840.1.113730.3.2.94 NAME 'nsSimpleRoleDefinition' DESC 'Netscape defined objectclass' SUP nsRoleDefinition X-ORIGIN 'Netscape Directory Server' ) objectClasses: ( 2.16.840.1.113730.3.2.95 NAME 'nsComplexRoleDefinition' DESC 'Netscape defined objectclass' SUP nsRoleDefinition X-ORIGIN 'Netscape Directory Server' ) objectClasses: ( 2.16.840.1.113730.3.2.96 NAME 'nsManagedRoleDefinition' DESC 'Netscape defined objectclass' SUP nsSimpleRoleDefinition X-ORIGIN 'Netscape Directory Server' ) objectClasses: ( 2.16.840.1.113730.3.2.97 NAME 'nsFilteredRoleDefinition' DESC 'Netscape defined objectclass' SUP nsComplexRoleDefinition MUST ( nsRoleFilter ) X-ORIGIN 'Netscape Directory Server' ) objectClasses: ( 2.16.840.1.113730.3.2.98 NAME 'nsNestedRoleDefinition' DESC 'Netscape defined objectclass' SUP nsComplexRoleDefinition MUST ( nsRoleDN ) X-ORIGIN 'Netscape Directory Server' ) objectClasses: ( 2.16.840.1.113730.3.2.99 NAME 'cosSuperDefinition' DESC 'Netscape defined objectclass' SUP ldapSubEntry MUST (cosattribute) MAY ( description ) X-ORIGIN 'Netscape Directory Server' ) objectClasses: ( 2.16.840.1.113730.3.2.100 NAME 'cosClassicDefinition' DESC 'Netscape defined objectclass' SUP cosSuperDefinition MAY ( cosTemplateDn $ cosspecifier ) X-ORIGIN 'Netscape Directory Server' ) objectClasses: ( 2.16.840.1.113730.3.2.101 NAME 'cosPointerDefinition' DESC 'Netscape defined objectclass' SUP cosSuperDefinition MAY ( cosTemplateDn ) X-ORIGIN 'Netscape Directory Server' ) objectClasses: ( 2.16.840.1.113730.3.2.102 NAME 'cosIndirectDefinition' DESC 'Netscape defined objectclass' SUP cosSuperDefinition MAY ( cosIndirectSpecifier ) X-ORIGIN 'Netscape Directory Server' ) objectClasses: ( 2.16.840.1.113730.3.2.103 NAME 'nsDS5ReplicationAgreement' DESC 'Netscape defined objectclass' SUP top MUST ( cn ) MAY ( nsDS5ReplicaHost $ nsDS5ReplicaPort $ nsDS5ReplicaTransportInfo $ nsDS5ReplicaBindDN $ nsDS5ReplicaCredentials $ nsDS5ReplicaBindMethod $ nsDS5ReplicaRoot $ nsDS5ReplicatedAttributeList $ nsDS5ReplicaUpdateSchedule $ nsds5BeginReplicaRefresh $ description $ nsds50ruv $ nsruvReplicaLastModified $ nsds5ReplicaTimeout $ nsds5replicaChangesSentSinceStartup $ nsds5replicaLastUpdateEnd $ nsds5replicaLastUpdateStart $ nsds5replicaLastUpdateStatus $ nsds5replicaUpdateInProgress $ nsds5replicaLastInitEnd $ nsds5replicaLastInitStart $ nsds5replicaLastInitStatus $ nsds5debugreplicatimeout $ nsds5replicaBusyWaitTime $ nsds5replicaSessionPauseTime ) X-ORIGIN 'Netscape Directory Server' ) objectClasses: ( 2.16.840.1.113730.3.2.503 NAME 'nsDSWindowsReplicationAgreement' DESC 'Netscape defined objectclass' SUP top MUST ( cn ) MAY ( nsDS5ReplicaHost $ nsDS5ReplicaPort $ nsDS5ReplicaTransportInfo $ nsDS5ReplicaBindDN $ nsDS5ReplicaCredentials $ nsDS5ReplicaBindMethod $ nsDS5ReplicaRoot $ nsDS5ReplicatedAttributeList $ nsDS5ReplicaUpdateSchedule $ nsds5BeginReplicaRefresh $ description $ nsds50ruv $ nsruvReplicaLastModified $ nsds5ReplicaTimeout $ nsds5replicaChangesSentSinceStartup $ nsds5replicaLastUpdateEnd $ nsds5replicaLastUpdateStart $ nsds5replicaLastUpdateStatus $ nsds5replicaUpdateInProgress $ nsds5replicaLastInitEnd $ nsds5replicaLastInitStart $ nsds5replicaLastInitStatus $ nsds5debugreplicatimeout $ nsds5replicaBusyWaitTime $ nsds5replicaSessionPauseTime $ nsds7WindowsReplicaSubtree $ nsds7DirectoryReplicaSubtree $ nsds7NewWinUserSyncEnabled $ nsds7NewWinGroupSyncEnabled $ nsds7WindowsDomain $ nsds7DirsyncCookie) X-ORIGIN 'Netscape Directory Server' ) objectClasses: ( 2.16.840.1.113730.3.2.104 NAME 'nsContainer' DESC 'Netscape defined objectclass' SUP top MUST ( CN ) X-ORIGIN 'Netscape Directory Server' ) objectClasses: ( 2.16.840.1.113730.3.2.108 NAME 'nsDS5Replica' DESC 'Netscape defined objectclass' SUP top MUST ( nsDS5ReplicaRoot $ nsDS5ReplicaId ) MAY (cn $ nsDS5ReplicaType $ nsDS5ReplicaBindDN $ nsState $ nsDS5ReplicaName $ nsDS5Flags $ nsDS5Task $ nsDS5ReplicaReferral $ nsDS5ReplicaAutoReferral $ nsds5ReplicaPurgeDelay $ nsds5ReplicaTombstonePurgeInterval $ nsds5ReplicaChangeCount $ nsds5ReplicaLegacyConsumer) X-ORIGIN 'Netscape Directory Server' ) objectClasses: ( 2.16.840.1.113730.3.2.113 NAME 'nsTombstone' DESC 'Netscape defined objectclass' SUP top MAY ( nsParentUniqueId $ nscpEntryDN ) X-ORIGIN 'Netscape Directory Server' ) objectClasses: ( 2.16.840.1.113730.3.2.128 NAME 'costemplate' DESC 'Netscape defined objectclass' SUP top MAY ( cn $ cospriority ) X-ORIGIN 'Netscape Directory Server' ) objectClasses: ( 2.16.840.1.113730.3.2.304 NAME 'nsView' DESC 'Netscape defined objectclass' SUP top AUXILIARY MAY ( nsViewFilter $ description ) X-ORIGIN 'Netscape Directory Server' ) objectClasses: ( 2.16.840.1.113730.3.2.316 NAME 'nsAttributeEncryption' DESC 'Netscape defined objectclass' SUP top MUST ( cn $ nsEncryptionAlgorithm ) X-ORIGIN 'Netscape Directory Server' ) objectClasses: ( 2.16.840.1.113730.3.2.317 NAME 'nsSaslMapping' DESC 'Netscape defined objectclass' SUP top MUST ( cn $ nsSaslMapRegexString $ nsSaslMapBaseDNTemplate $ nsSaslMapFilterTemplate ) X-ORIGIN 'Netscape Directory Server' ) Index: 00core.ldif =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/schema/00core.ldif,v retrieving revision 1.8 retrieving revision 1.9 diff -u -r1.8 -r1.9 --- 00core.ldif 10 Feb 2006 18:33:20 -0000 1.8 +++ 00core.ldif 3 Mar 2007 00:32:16 -0000 1.9 @@ -40,7 +40,8 @@ # # Recommended core schema from the X.500 and LDAP standards (RFCs), and # schema used by the Directory Server itself. -# +# This is the schema that is required to bootstrap the server, to start it +# and enable it to read in the other config and schema. dn: cn=schema objectclass: top objectclass: ldapSubentry @@ -55,90 +56,16 @@ # attribute types: # attributeTypes: ( 2.5.4.0 NAME 'objectClass' DESC 'Standard LDAP attribute type' EQUALITY objectIdentifierMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 X-ORIGIN 'RFC 2256' ) -attributeTypes: ( 2.5.4.1 NAME 'aliasedObjectName' DESC 'Standard LDAP attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE X-ORIGIN 'RFC 2256' ) -attributeTypes: ( 2.5.4.2 NAME 'knowledgeInformation' DESC 'Standard LDAP attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'RFC 2256' ) attributeTypes: ( 2.5.4.41 NAME 'name' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} X-ORIGIN 'RFC 2256') attributeTypes: ( 2.5.4.49 NAME ( 'dn' 'distinguishedName' ) DESC 'Standard LDAP attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'RFC 2256' ) attributeTypes: ( 2.5.4.3 NAME ( 'cn' 'commonName' ) DESC 'Standard LDAP attribute type' SUP name X-ORIGIN 'RFC 2256' ) -attributeTypes: ( 2.5.4.4 NAME ( 'sn' 'surName' ) DESC 'Standard LDAP attribute type' SUP name X-ORIGIN 'RFC 2256' ) -attributeTypes: ( 2.5.4.5 NAME 'serialNumber' DESC 'Standard LDAP attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'RFC 2256' ) -attributeTypes: ( 2.5.4.6 NAME ( 'c' 'countryName' ) DESC 'Standard LDAP attribute type' SUP name SINGLE-VALUE X-ORIGIN 'RFC 2256' ) -attributeTypes: ( 2.5.4.7 NAME ( 'l' 'locality' 'localityname' ) DESC 'Standard LDAP attribute type' SUP name X-ORIGIN 'RFC 2256' ) -attributeTypes: ( 2.5.4.8 NAME ( 'st' 'stateOrProvinceName' ) DESC 'Standard LDAP attribute type' SUP name X-ORIGIN 'RFC 2256' ) -attributeTypes: ( 2.5.4.9 NAME ( 'street' 'streetaddress' ) DESC 'Standard LDAP attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'RFC 2256' ) -attributeTypes: ( 2.5.4.10 NAME ( 'o' 'organizationname' ) DESC 'Standard LDAP attribute type' SUP name X-ORIGIN 'RFC 2256' ) -attributeTypes: ( 2.5.4.11 NAME ( 'ou' 'organizationalUnitName' ) DESC 'Standard LDAP attribute type' SUP name X-ORIGIN 'RFC 2256' ) -attributeTypes: ( 2.5.4.12 NAME 'title' DESC 'Standard LDAP attribute type' SUP name X-ORIGIN 'RFC 2256' ) attributeTypes: ( 2.5.4.13 NAME 'description' DESC 'Standard LDAP attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'RFC 2256' ) -attributeTypes: ( 2.5.4.14 NAME 'searchGuide' DESC 'Standard LDAP attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'RFC 2256' ) -attributeTypes: ( 2.5.4.15 NAME 'businessCategory' DESC 'Standard LDAP attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'RFC 2256' ) -attributeTypes: ( 2.5.4.16 NAME 'postalAddress' DESC 'Standard LDAP attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'RFC 2256' ) -attributeTypes: ( 2.5.4.17 NAME 'postalCode' DESC 'Standard LDAP attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'RFC 2256' ) -attributeTypes: ( 2.5.4.18 NAME 'postOfficeBox' DESC 'Standard LDAP attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'RFC 2256' ) -attributeTypes: ( 2.5.4.19 NAME 'physicalDeliveryOfficeName' DESC 'Standard LDAP attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'RFC 2256' ) -attributeTypes: ( 2.5.4.20 NAME 'telephoneNumber' DESC 'Standard LDAP attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.50 X-ORIGIN 'RFC 2256' ) -attributeTypes: ( 2.5.4.21 NAME 'telexNumber' DESC 'Standard LDAP attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'RFC 2256' ) -attributeTypes: ( 2.5.4.22 NAME 'teletexTerminalIdentifier' DESC 'Standard LDAP attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'RFC 2256' ) -attributeTypes: ( 2.5.4.23 NAME ( 'facsimileTelephoneNumber' 'fax' ) DESC 'Standard LDAP attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.50 X-ORIGIN 'RFC 2256' ) -attributeTypes: ( 2.5.4.24 NAME 'x121Address' DESC 'Standard LDAP attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'RFC 2256' ) -attributeTypes: ( 2.5.4.25 NAME 'internationaliSDNNumber' DESC 'Standard LDAP attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'RFC 2256' ) -attributeTypes: ( 2.5.4.26 NAME 'registeredAddress' DESC 'Standard LDAP attribute type' SUP postalAddress X-ORIGIN 'RFC 2256' ) -attributeTypes: ( 2.5.4.27 NAME 'destinationIndicator' DESC 'Standard LDAP attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'RFC 2256' ) -attributeTypes: ( 2.5.4.28 NAME 'preferredDeliveryMethod' DESC 'Standard LDAP attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'RFC 2256' ) -attributeTypes: ( 2.5.4.29 NAME 'presentationAddress' DESC 'Standard LDAP attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN 'RFC 2256' ) -attributeTypes: ( 2.5.4.30 NAME 'supportedApplicationContext' DESC 'Standard LDAP attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'RFC 2256' ) -attributeTypes: ( 2.5.4.31 NAME 'member' DESC 'Standard LDAP attribute type' SUP distinguishedName X-ORIGIN 'RFC 2256' ) -attributeTypes: ( 2.5.4.32 NAME 'owner' DESC 'Standard LDAP attribute type' SUP distinguishedName X-ORIGIN 'RFC 2256' ) -attributeTypes: ( 2.5.4.33 NAME 'roleOccupant' DESC 'Standard LDAP attribute type' SUP distinguishedName X-ORIGIN 'RFC 2256' ) attributeTypes: ( 2.5.4.34 NAME 'seeAlso' DESC 'Standard LDAP attribute type' SUP distinguishedName X-ORIGIN 'RFC 2256' ) attributeTypes: ( 2.5.4.35 NAME 'userPassword' DESC 'Standard LDAP attribute type' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{128} X-ORIGIN 'RFC 2256' ) -attributeTypes: ( 2.5.4.36 NAME 'userCertificate' DESC 'Standard LDAP attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 X-ORIGIN 'RFC 2256' ) -attributeTypes: ( 2.5.4.37 NAME 'cACertificate' DESC 'Standard LDAP attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 X-ORIGIN 'RFC 2256' ) -attributeTypes: ( 2.5.4.38 NAME 'authorityRevocationList' DESC 'Standard LDAP attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 X-ORIGIN 'RFC 2256' ) -attributeTypes: ( 2.5.4.39 NAME 'certificateRevocationList' DESC 'Standard LDAP attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 X-ORIGIN 'RFC 2256' ) -attributeTypes: ( 2.5.4.40 NAME 'crossCertificatePair' DESC 'Standard LDAP attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 X-ORIGIN 'RFC 2256' ) -attributeTypes: ( 2.5.4.42 NAME 'givenName' DESC 'Standard LDAP attribute type' SUP name X-ORIGIN 'RFC 2256' ) -attributeTypes: ( 2.5.4.43 NAME 'initials' DESC 'Standard LDAP attribute type' SUP name X-ORIGIN 'RFC 2256' ) -attributeTypes: ( 2.5.4.44 NAME 'generationQualifier' DESC 'Standard LDAP attribute type' SUP name X-ORIGIN 'RFC 2256' ) -attributeTypes: ( 2.5.4.45 NAME 'x500UniqueIdentifier' DESC 'Standard LDAP attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 X-ORIGIN 'RFC 2256' ) -attributeTypes: ( 2.5.4.46 NAME 'dnQualifier' DESC 'Standard LDAP attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'RFC 2256' ) -attributeTypes: ( 2.5.4.47 NAME 'enhancedSearchGuide' DESC 'Standard LDAP attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'RFC 2256' ) -attributeTypes: ( 2.5.4.48 NAME 'protocolInformation' DESC 'Standard LDAP attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'RFC 2256' ) -attributeTypes: ( 2.5.4.50 NAME 'uniqueMember' DESC 'Standard LDAP attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'RFC 2256' ) -attributeTypes: ( 2.5.4.51 NAME 'houseIdentifier' DESC 'Standard LDAP attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'RFC 2256' ) -attributeTypes: ( 2.5.4.52 NAME 'supportedAlgorithms' DESC 'Standard LDAP attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 X-ORIGIN 'RFC 2256' ) -attributeTypes: ( 2.5.4.53 NAME 'deltaRevocationList' DESC 'Standard LDAP attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 X-ORIGIN 'RFC 2256' ) -attributeTypes: ( 2.5.4.54 NAME 'dmdName' SUP name X-ORIGIN 'RFC 2256' ) -attributeTypes: ( 0.9.2342.19200300.100.1.1 NAME ( 'uid' 'userid' ) DESC 'Standard LDAP attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'RFC 1274' ) -attributeTypes: ( 0.9.2342.19200300.100.1.3 NAME ( 'mail' 'rfc822mailbox' ) DESC 'Standard LDAP attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'RFC 1274' ) -attributeTypes: ( 0.9.2342.19200300.100.1.6 NAME 'roomNumber' DESC 'Standard LDAP attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'RFC 1274' ) -attributeTypes: ( 0.9.2342.19200300.100.1.10 NAME 'manager' DESC 'Standard LDAP attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'RFC 1274' ) -attributeTypes: ( 0.9.2342.19200300.100.1.20 NAME 'homePhone' DESC 'Standard LDAP attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.50 X-ORIGIN 'RFC 1274' ) -attributeTypes: ( 0.9.2342.19200300.100.1.21 NAME 'secretary' DESC 'Standard LDAP attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'RFC 1274' ) -attributeTypes: ( 0.9.2342.19200300.100.1.39 NAME 'homePostalAddress' DESC 'Standard LDAP attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'RFC 1274' ) -attributeTypes: ( 0.9.2342.19200300.100.1.41 NAME ( 'mobile' 'mobileTelephoneNumber' ) DESC 'Standard LDAP attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.50 X-ORIGIN 'RFC 1274' ) -attributeTypes: ( 0.9.2342.19200300.100.1.42 NAME ( 'pager' 'pagerTelephoneNumber' ) DESC 'Standard LDAP attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.50 X-ORIGIN 'RFC 1274' ) -attributeTypes: ( 0.9.2342.19200300.100.1.43 NAME ( 'co' 'friendlycountryname' ) DESC 'Standard LDAP attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'RFC 1274' ) -attributeTypes: ( 0.9.2342.19200300.100.1.55 NAME 'audio' DESC 'Standard LDAP attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 X-ORIGIN 'RFC 1274' ) -attributeTypes: ( 0.9.2342.19200300.100.1.60 NAME 'jpegPhoto' DESC 'inetOrgPerson attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.28 X-ORIGIN 'RFC 2798' ) -attributeTypes: ( 1.3.6.1.4.1.250.1.57 NAME ( 'labeledUri' 'labeledurl' ) DESC 'Uniform Resource Identifier with optional label' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'RFC 2079' ) -attributeTypes: ( 2.16.840.1.113730.3.1.1 NAME 'carLicense' DESC 'inetOrgPerson attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'RFC 2798' ) -attributeTypes: ( 2.16.840.1.113730.3.1.2 NAME 'departmentNumber' DESC 'inetOrgPerson attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'RFC 2798' ) -attributeTypes: ( 2.16.840.1.113730.3.1.3 NAME 'employeeNumber' DESC 'inetOrgPerson attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'RFC 2798' ) -attributeTypes: ( 2.16.840.1.113730.3.1.4 NAME 'employeeType' DESC 'inetOrgPerson attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'RFC 2798' ) -attributeTypes: ( 2.16.840.1.113730.3.1.5 NAME 'changeNumber' DESC 'Changelog attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 X-ORIGIN 'Changelog Internet Draft' ) -attributeTypes: ( 2.16.840.1.113730.3.1.6 NAME 'targetDn' DESC 'Changelog attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'Changelog Internet Draft' ) -attributeTypes: ( 2.16.840.1.113730.3.1.7 NAME 'changeType' DESC 'Changelog attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Changelog Internet Draft' ) -attributeTypes: ( 2.16.840.1.113730.3.1.8 NAME 'changes' DESC 'Changelog attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 X-ORIGIN 'Changelog Internet Draft' ) -attributeTypes: ( 2.16.840.1.113730.3.1.9 NAME 'newRdn' DESC 'Changelog attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'Changelog Internet Draft' ) -attributeTypes: ( 2.16.840.1.113730.3.1.10 NAME 'deleteOldRdn' DESC 'Changelog attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 X-ORIGIN 'Changelog Internet Draft' ) -attributeTypes: ( 2.16.840.1.113730.3.1.11 NAME 'newSuperior' DESC 'Changelog attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'Changelog Internet Draft' ) -attributeTypes: ( 2.16.840.1.113730.3.1.34 NAME 'ref' DESC 'LDAP referrals attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'LDAPv3 referrals Internet Draft' ) attributeTypes: ( 2.5.18.1 NAME 'createTimestamp' DESC 'Standard LDAP attribute type' EQUALITY generalizedTimeMatch ORDERING generalizedTimeOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation X-ORIGIN 'RFC 2252' ) attributeTypes: ( 2.5.18.2 NAME 'modifyTimestamp' DESC 'Standard LDAP attribute type' EQUALITY generalizedTimeMatch ORDERING generalizedTimeOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation X-ORIGIN 'RFC 2252' ) attributeTypes: ( 2.5.18.3 NAME 'creatorsName' DESC 'Standard LDAP attribute type' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation X-ORIGIN 'RFC 2252' ) attributeTypes: ( 2.5.18.4 NAME 'modifiersName' DESC 'Standard LDAP attribute type' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation X-ORIGIN 'RFC 2252' ) -attributeTypes: ( 2.5.18.10 NAME 'subschemaSubentry' DESC 'Standard LDAP attribute type' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation X-ORIGIN 'RFC 2252' ) attributeTypes: ( 2.5.21.5 NAME 'attributeTypes' DESC 'Standard LDAP attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'RFC 2252' ) attributeTypes: ( 2.5.21.6 NAME 'objectClasses' DESC 'Standard LDAP attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'RFC 2252' ) attributeTypes: ( 2.5.21.4 NAME 'matchingRules' DESC 'Standard LDAP attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'RFC 2252' ) @@ -146,74 +73,8 @@ attributeTypes: ( 2.5.21.1 NAME 'dITStructureRules' DESC 'Standard LDAP attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'RFC 2252' ) attributeTypes: ( 2.5.21.2 NAME 'dITContentRules' DESC 'Standard LDAP attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'RFC 2252' ) attributeTypes: ( 2.5.21.7 NAME 'nameForms' DESC 'Standard LDAP attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'RFC 2252' ) -attributeTypes: ( 1.3.6.1.4.1.1466.101.120.5 NAME 'namingContexts' DESC 'Standard LDAP attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 USAGE dSAOperation X-ORIGIN 'RFC 2252' ) -attributeTypes: ( 1.3.6.1.4.1.1466.101.120.6 NAME 'altServer' DESC 'Standard LDAP attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 USAGE dSAOperation X-ORIGIN 'RFC 2252' ) -attributeTypes: ( 1.3.6.1.4.1.1466.101.120.7 NAME 'supportedExtension' DESC 'Standard LDAP attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 USAGE dSAOperation X-ORIGIN 'RFC 2252' ) -attributeTypes: ( 1.3.6.1.4.1.1466.101.120.13 NAME 'supportedControl' DESC 'Standard LDAP attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 USAGE dSAOperation X-ORIGIN 'RFC 2252' ) -attributeTypes: ( 1.3.6.1.4.1.1466.101.120.14 NAME 'supportedSASLMechanisms' DESC 'Standard LDAP attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 USAGE dSAOperation X-ORIGIN 'RFC 2252' ) -attributeTypes: ( 1.3.6.1.4.1.1466.101.120.15 NAME 'supportedLDAPVersion' DESC 'Standard LDAP attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 USAGE dSAOperation X-ORIGIN 'RFC 2252' ) -attributeTypes: ( 1.3.6.1.4.1.1466.101.120.16 NAME 'ldapSyntaxes' DESC 'Standard LDAP attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 USAGE directoryOperation X-ORIGIN 'RFC 2252' ) -attributeTypes: ( 1.3.6.1.4.1.4203.1.3.5 NAME 'supportedFeatures' DESC 'features supported by the server' EQUALITY objectIdentifierMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 USAGE dSAOperation ) -attributeTypes: ( 2.16.840.1.113730.3.1.36 NAME 'nsLicensedFor' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Administration Services' ) -attributeTypes: ( 2.16.840.1.113730.3.1.37 NAME 'nsLicenseStartTime' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Administration Services' ) -attributeTypes: ( 2.16.840.1.113730.3.1.38 NAME 'nsLicenseEndTime' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Administration Services' ) -attributeTypes: ( 2.16.840.1.113730.3.1.39 NAME 'preferredLanguage' DESC 'inetOrgPerson attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'RFC 2798' ) -attributeTypes: ( 2.16.840.1.113730.3.1.40 NAME 'userSMIMECertificate' DESC 'inetOrgPerson attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 X-ORIGIN 'RFC 2798' ) attributeTypes: ( 2.16.840.1.113730.3.1.55 NAME 'aci' DESC 'Netscape defined access control information attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 USAGE directoryOperation X-ORIGIN 'Netscape Directory Server' ) -attributeTypes: ( 2.16.840.1.113730.3.1.70 NAME 'serverRoot' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Administration Services' ) -attributeTypes: ( 2.16.840.1.113730.3.1.71 NAME 'serverProductName' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Administration Services' ) -attributeTypes: ( 2.16.840.1.113730.3.1.72 NAME 'serverVersionNumber' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Administration Services' ) -attributeTypes: ( 2.16.840.1.113730.3.1.73 NAME 'installationTimeStamp' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Administration Services' ) -attributeTypes: ( 2.16.840.1.113730.3.1.74 NAME 'administratorContactInfo' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Administration Services' ) -attributeTypes: ( 2.16.840.1.113730.3.1.75 NAME 'adminUrl' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'Netscape Administration Services' ) -attributeTypes: ( 2.16.840.1.113730.3.1.76 NAME 'serverHostName' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Administration Services' ) -attributeTypes: ( 2.16.840.1.113730.3.1.77 NAME 'changeTime' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Directory Server' ) -attributeTypes: ( 2.16.840.1.113730.3.1.91 NAME 'passwordExpirationTime' DESC 'Netscape defined password policy attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE USAGE directoryOperation X-ORIGIN 'Netscape Directory Server' ) -attributeTypes: ( 2.16.840.1.113730.3.1.92 NAME ( 'passwordExpWarned' 'pwdExpirationWarned' ) DESC 'Netscape defined password policy attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE USAGE directoryOperation X-ORIGIN 'Netscape Directory Server' ) -attributeTypes: ( 2.16.840.1.113730.3.1.93 NAME 'passwordRetryCount' DESC 'Netscape defined password policy attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE USAGE directoryOperation X-ORIGIN 'Netscape Directory Server' ) -attributeTypes: ( 2.16.840.1.113730.3.1.94 NAME 'retryCountResetTime' DESC 'Netscape defined password policy attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE USAGE directoryOperation X-ORIGIN 'Netscape Directory Server' ) -attributeTypes: ( 2.16.840.1.113730.3.1.95 NAME 'accountUnlockTime' DESC 'Netscape defined password policy attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE USAGE directoryOperation X-ORIGIN 'Netscape Directory Server' ) -attributeTypes: ( 2.16.840.1.113730.3.1.96 NAME ( 'passwordHistory' 'pwdHistory' ) DESC 'Netscape defined password policy attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 USAGE directoryOperation X-ORIGIN 'Netscape Directory Server' ) -attributeTypes: ( 2.16.840.1.113730.3.1.97 NAME ( 'passwordMaxAge' 'pwdMaxAge' ) DESC 'Netscape defined password policy attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) -attributeTypes: ( 2.16.840.1.113730.3.1.98 NAME 'passwordExp' DESC 'Netscape defined password policy attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) -attributeTypes: ( 2.16.840.1.113730.3.1.99 NAME ( 'passwordMinLength' 'pwdMinLength' ) DESC 'Netscape defined password policy attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) -attributeTypes: ( 2.16.840.1.113730.3.1.100 NAME 'passwordKeepHistory' DESC 'Netscape defined password policy attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) -attributeTypes: ( 2.16.840.1.113730.3.1.101 NAME ( 'passwordInHistory' 'pwdInHistory' ) DESC 'Netscape defined password policy attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Directory Server' ) -attributeTypes: ( 2.16.840.1.113730.3.1.102 NAME ( 'passwordChange' 'pwdAllowUserChange' ) DESC 'Netscape defined password policy attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) -attributeTypes: ( 2.16.840.1.113730.3.1.103 NAME ( 'passwordCheckSyntax' 'pwdCheckSyntax' ) DESC 'Netscape defined password policy attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) -attributeTypes: ( 2.16.840.1.113730.3.1.104 NAME ( 'passwordWarning' 'pwdExpireWarning' ) DESC 'Netscape defined password policy attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) -attributeTypes: ( 2.16.840.1.113730.3.1.105 NAME ( 'passwordLockout' 'pwdLockOut' ) DESC 'Netscape defined password policy attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) -attributeTypes: ( 2.16.840.1.113730.3.1.106 NAME ( 'passwordMaxFailure' 'pwdMaxFailure' ) DESC 'Netscape defined password policy attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) -attributeTypes: ( 2.16.840.1.113730.3.1.107 NAME 'passwordResetDuration' DESC 'Netscape defined password policy attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Directory Server' ) -attributeTypes: ( 2.16.840.1.113730.3.1.108 NAME 'passwordUnlock' DESC 'Netscape defined password policy attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) -attributeTypes: ( 2.16.840.1.113730.3.1.109 NAME ( 'passwordLockoutDuration' 'pwdLockoutDuration' ) DESC 'Netscape defined password policy attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) -attributeTypes: ( 2.16.840.1.113730.3.1.997 NAME 'pwdpolicysubentry' DESC 'Netscape defined password policy attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE USAGE directoryOperation X-ORIGIN 'Netscape Directory Server' ) -attributeTypes: ( 2.16.840.1.113730.3.1.998 NAME ( 'passwordGraceUserTime' 'pwdGraceUserTime' ) DESC 'Netscape defined password policy attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE USAGE directoryOperation X-ORIGIN 'Netscape Directory Server' ) -attributeTypes: ( 2.16.840.1.113730.3.1.999 NAME ( 'passwordGraceLimit' 'pwdGraceLoginLimit' ) DESC 'Netscape defined password policy attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) -attributeTypes: ( 2.16.840.1.113730.3.1.2075 NAME ( 'passwordMinDigits' 'pwdMinDigits' ) DESC 'Netscape defined password policy attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) -attributeTypes: ( 2.16.840.1.113730.3.1.2076 NAME ( 'passwordMinAlphas' 'pwdMinAlphas' ) DESC 'Netscape defined password policy attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) -attributeTypes: ( 2.16.840.1.113730.3.1.2077 NAME ( 'passwordMinUppers' 'pwdMinUppers' ) DESC 'Netscape defined password policy attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) -attributeTypes: ( 2.16.840.1.113730.3.1.2078 NAME ( 'passwordMinLowers' 'pwdMinLowers' ) DESC 'Netscape defined password policy attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) -attributeTypes: ( 2.16.840.1.113730.3.1.2079 NAME ( 'passwordMinSpecials' 'pwdMinSpecials' ) DESC 'Netscape defined password policy attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) -attributeTypes: ( 2.16.840.1.113730.3.1.2080 NAME ( 'passwordMin8bit' 'pwdMin8bit' ) DESC 'Netscape defined password policy attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) -attributeTypes: ( 2.16.840.1.113730.3.1.2081 NAME ( 'passwordMaxRepeats' 'pwdMaxRepeats' ) DESC 'Netscape defined password policy attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) -attributeTypes: ( 2.16.840.1.113730.3.1.2082 NAME ( 'passwordMinCategories' 'pwdMinCategories' ) DESC 'Netscape defined password policy attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) -attributeTypes: ( 2.16.840.1.113730.3.1.2083 NAME ( 'passwordMinTokenLength' 'pwdMinTokenLength' ) DESC 'Netscape defined password policy attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) -attributeTypes: ( 2.16.840.1.113730.3.1.198 NAME 'memberURL' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'Netscape Directory Server' ) -attributeTypes: ( 2.16.840.1.113730.3.1.199 NAME 'memberCertificateDescription' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'Netscape Directory Server' ) -attributeTypes: ( 2.16.840.1.113730.3.1.207 NAME 'vlvBase' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'Netscape Directory Server' ) -attributeTypes: ( 2.16.840.1.113730.3.1.208 NAME 'vlvScope' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 X-ORIGIN 'Netscape Directory Server' ) -attributeTypes: ( 2.16.840.1.113730.3.1.209 NAME 'vlvFilter' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'Netscape Directory Server' ) -attributeTypes: ( 2.16.840.1.113730.3.1.210 NAME 'vlvSort' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Directory Server' ) -attributeTypes: ( 2.16.840.1.113730.3.1.213 NAME 'vlvEnabled' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 X-ORIGIN 'Netscape Directory Server' ) -attributeTypes: ( 2.16.840.1.113730.3.1.214 NAME 'passwordAllowChangeTime' DESC 'Netscape defined password policy attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE USAGE directoryOperation X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.215 NAME 'oid' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Directory Server' ) -attributeTypes: ( 2.16.840.1.113730.3.1.216 NAME 'userPKCS12' DESC 'inetOrgPerson attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 X-ORIGIN 'RFC 2798' ) -attributeTypes: ( 2.16.840.1.113730.3.1.219 NAME 'vlvUses' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 X-ORIGIN 'Netscape Directory Server' ) -attributeTypes: ( 2.16.840.1.113730.3.1.220 NAME ( 'passwordMustChange' 'pwdMustChange' ) DESC 'Netscape defined password policy attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) -attributeTypes: ( 2.16.840.1.113730.3.1.221 NAME 'passwordStorageScheme' DESC 'Netscape defined password policy attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) -attributeTypes: ( 2.16.840.1.113730.3.1.222 NAME ( 'passwordMinAge' 'pwdMinAge' ) DESC 'Netscape defined password policy attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) -attributeTypes: ( 2.16.840.1.113730.3.1.223 NAME ( 'passwordResetFailureCount' 'pwdFailureCountInterval' ) DESC 'Netscape defined password policy attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.224 NAME 'nsslapd-pluginPath' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.225 NAME 'nsslapd-pluginInitfunc' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.226 NAME 'nsslapd-pluginType' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Directory Server' ) @@ -230,7 +91,6 @@ attributeTypes: ( 2.16.840.1.113730.3.1.237 NAME 'nsSNMPMasterHost' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.238 NAME 'nsSNMPMasterPort' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.593 NAME 'nsSNMPName' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Directory Server' ) -attributeTypes: ( 2.16.840.1.113730.3.1.241 NAME 'displayName' DESC 'inetOrgPerson attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'RFC 2798' ) attributeTypes: ( 2.16.840.1.113730.3.1.242 NAME 'nsSystemIndex' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.327 NAME 'nsIndexType' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.328 NAME 'nsMatchingRule' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Directory Server' ) @@ -238,29 +98,7 @@ attributeTypes: ( 2.16.840.1.113730.3.1.543 NAME 'nsState' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.544 NAME 'nsParentUniqueId' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.545 NAME 'nscpEntryDN' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation X-ORIGIN 'Netscape Directory Server' ) -attributeTypes: ( 2.16.840.1.113730.3.1.550 NAME 'cosAttribute' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Directory Server' ) -attributeTypes: ( 2.16.840.1.113730.3.1.551 NAME 'cosspecifier' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) -attributeTypes: ( 2.16.840.1.113730.3.1.552 NAME 'costargettree' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) -attributeTypes: ( 2.16.840.1.113730.3.1.553 NAME 'costemplatedn' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) -attributeTypes: ( 2.16.840.1.113730.3.1.35 NAME 'changeLog' DESC 'the distinguished name of the entry which contains the set of entries comprising this servers changelog' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'Changelog Internet Draft' ) -attributeTypes: ( 2.16.840.1.113730.3.1.200 NAME 'changeLogMaximumAge' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Directory Server' ) -attributeTypes: ( 2.16.840.1.113730.3.1.201 NAME 'changeLogMaximumSize' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Directory Server' ) -attributeTypes: ( 2.16.840.1.113730.3.1.205 NAME 'changeLogMaximumConcurrentWrites' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 1.3.6.1.4.1.250.1.2 NAME 'multiLineDescription' DESC 'Pilot attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Internet White Pages Pilot' ) -attributeTypes: ( 1.3.6.1.4.1.250.1.60 NAME ( 'ttl' 'timeToLive' ) DESC 'time to live in seconds for cached objects' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'LDAP Caching Internet Draft' ) -attributeTypes: ( 0.9.2342.19200300.100.1.7 NAME 'photo' DESC 'Standard LDAP attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 X-ORIGIN 'RFC 1274' ) -attributeTypes: ( 2.16.840.1.113730.3.1.612 NAME 'generation' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'Netscape Directory Server' ) -attributeTypes: ( 1.3.1.1.4.1.453.16.2.103 NAME 'numSubordinates' DESC 'count of immediate subordinates' EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation X-ORIGIN 'numSubordinates Internet Draft' ) -attributeTypes: ( 2.5.18.9 NAME 'hasSubordinates' DESC 'if TRUE, subordinate entries may exist' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation X-ORIGIN 'numSubordinates Internet Draft' ) -attributeTypes: ( 2.16.840.1.113730.3.1.569 NAME 'cosPriority' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) -attributeTypes: ( 2.16.840.1.113730.3.1.570 NAME 'nsLookThroughLimit' DESC 'Binder-based search operation look through limit (candidate entries)' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE USAGE directoryOperation X-ORIGIN 'Netscape Directory Server' ) -attributeTypes: ( 2.16.840.1.113730.3.1.571 NAME 'nsSizeLimit' DESC 'Binder-based search operation size limit (entries)' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE USAGE directoryOperation X-ORIGIN 'Netscape Directory Server' ) -attributeTypes: ( 2.16.840.1.113730.3.1.572 NAME 'nsTimeLimit' DESC 'Binder-based search operation time limit (seconds)' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE USAGE directoryOperation X-ORIGIN 'Netscape Directory Server' ) -attributeTypes: ( 2.16.840.1.113730.3.1.573 NAME 'nsIdleTimeout' DESC 'Binder-based connection idle timeout (seconds)' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE USAGE directoryOperation X-ORIGIN 'Netscape Directory Server' ) -attributeTypes: ( 2.16.840.1.113730.3.1.574 NAME 'nsRole' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 NO-USER-MODIFICATION USAGE directoryOperation X-ORIGIN 'Netscape Directory Server' ) -attributeTypes: ( 2.16.840.1.113730.3.1.575 NAME 'nsRoleDN' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 USAGE directoryOperation X-ORIGIN 'Netscape Directory Server' ) -attributeTypes: ( 2.16.840.1.113730.3.1.576 NAME 'nsRoleFilter' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) -attributeTypes: ( 2.16.840.1.113730.3.1.577 NAME 'cosIndirectSpecifier' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.578 NAME 'nsDS5ReplicaHost' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.579 NAME 'nsDS5ReplicaPort' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.580 NAME 'nsDS5ReplicaTransportInfo' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) @@ -280,9 +118,6 @@ attributeTypes: ( 2.16.840.1.113730.3.1.607 NAME 'nsDS5Flags' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.608 NAME 'nsDS5Task' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.609 NAME 'nsds5BeginReplicaRefresh' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Directory Server' ) -attributeTypes: ( 2.16.840.1.113730.3.1.610 NAME 'nsAccountLock' DESC 'Operational attribute for Account Inactivation' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 USAGE directoryOperation X-ORIGIN 'Netscape Directory Server' ) -attributeTypes: ( 2.16.840.1.113730.3.1.613 NAME 'copiedFrom' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE USAGE directoryOperation X-ORIGIN 'Netscape Directory Server' ) -attributeTypes: ( 2.16.840.1.113730.3.1.614 NAME 'copyingFrom' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE USAGE directoryOperation X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.682 NAME 'nsds5ReplicaPurgeDelay' DESC 'Netscape defined attribute type' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.684 NAME 'nsds5ReplicaChangeCount' DESC 'Netscape defined attribute type' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.683 NAME 'nsds5ReplicaTombstonePurgeInterval' DESC 'Netscape defined attribute type' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) @@ -292,7 +127,6 @@ attributeTypes: ( 2.16.840.1.113730.3.1.688 NAME 'nsds5replicaLastUpdateStatus' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE NO-USER-MODIFICATION X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.689 NAME 'nsds5replicaUpdateInProgress' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE NO-USER-MODIFICATION X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.802 NAME 'nsds5ReplicaLegacyConsumer' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) -attributeTypes: ( 2.16.840.1.113730.3.1.803 NAME 'nsBackendSuffix' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 USAGE directoryOperation X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.804 NAME 'nsSchemaCSN' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE USAGE directoryOperation X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.805 NAME 'nsds5replicaTimeout' DESC 'Netscape defined attribute type' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.807 NAME 'nsds5replicaLastInitStart' DESC 'Netscape defined attribute type' EQUALITY generalizedTimeMatch ORDERING generalizedTimeOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE NO-USER-MODIFICATION X-ORIGIN 'Netscape Directory Server' ) @@ -301,88 +135,14 @@ attributeTypes: ( 2.16.840.1.113730.3.1.1097 NAME 'nsds5replicaBusyWaitTime' DESC 'Netscape defined attribute type' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.1098 NAME 'nsds5replicaSessionPauseTime' DESC 'Netscape defined attribute type' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.9999999 NAME 'nsds5debugreplicatimeout' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) -attributeTypes: ( 2.16.840.1.113730.3.1.973 NAME 'nsds5ReplConflict' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 USAGE directoryOperation X-ORIGIN 'Netscape Directory Server' ) -attributeTypes: ( 2.16.840.1.113730.3.1.1000 NAME 'nsds7WindowsReplicaSubtree' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) -attributeTypes: ( 2.16.840.1.113730.3.1.1001 NAME 'nsds7DirectoryReplicaSubtree' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) -attributeTypes: ( 2.16.840.1.113730.3.1.1002 NAME 'nsds7NewWinUserSyncEnabled' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) -attributeTypes: ( 2.16.840.1.113730.3.1.1003 NAME 'nsds7NewWinGroupSyncEnabled' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) -attributeTypes: ( 2.16.840.1.113730.3.1.1004 NAME 'nsds7WindowsDomain' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) -attributeTypes: ( 2.16.840.1.113730.3.1.1005 NAME 'nsds7DirsyncCookie' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) -attributeTypes: ( 1.3.6.1.1.4 NAME 'vendorName' EQUALITY 1.3.6.1.4.1.1466.109.114.1 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE NO-USER-MODIFICATION USAGE dSAOperation X-ORIGIN 'RFC 3045' ) -attributeTypes: ( 1.3.6.1.1.5 NAME 'vendorVersion' EQUALITY 1.3.6.1.4.1.1466.109.114.1 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE NO-USER-MODIFICATION USAGE dSAOperation X-ORIGIN 'RFC 3045' ) -attributeTypes: ( 2.16.840.1.113730.3.1.3023 NAME 'nsViewFilter' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'Netscape Directory Server' ) -attributeTypes: ( 2.16.840.1.113730.3.1.2063 NAME 'nsEncryptionAlgorithm' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) -attributeTypes: ( 2.16.840.1.113730.3.1.2064 NAME 'nsSaslMapRegexString' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) -attributeTypes: ( 2.16.840.1.113730.3.1.2065 NAME 'nsSaslMapBaseDNTemplate' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) -attributeTypes: ( 2.16.840.1.113730.3.1.2066 NAME 'nsSaslMapFilterTemplate' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) # -# objectclasses: +# objectclasses # objectClasses: ( 2.5.6.0 NAME 'top' DESC 'Standard LDAP objectclass' ABSTRACT MUST objectClass X-ORIGIN 'RFC 2256' ) -objectClasses: ( 2.5.6.1 NAME 'alias' DESC 'Standard LDAP objectclass' SUP top ABSTRACT MUST ( aliasedObjectName ) X-ORIGIN 'RFC 2256' ) -objectClasses: ( 1.3.6.1.4.1.1466.101.120.111 NAME 'extensibleObject' DESC 'LDAPv3 extensible object' SUP top AUXILIARY X-ORIGIN 'RFC 2252' ) -objectClasses: ( 2.5.6.2 NAME 'country' DESC 'Standard LDAP objectclass' SUP top MUST ( c ) MAY ( searchGuide $ description ) X-ORIGIN 'RFC 2256' ) -objectClasses: ( 2.5.6.3 NAME 'locality' DESC 'Standard LDAP attribute type' SUP top MAY ( description $ l $ searchGuide $ seeAlso $ st $ street ) X-ORIGIN 'RFC 2256' ) -objectClasses: ( 2.5.6.4 NAME 'organization' DESC 'Standard LDAP objectclass' SUP top MUST ( o ) MAY ( businessCategory $ description $ destinationIndicator $ facsimileTelephoneNumber $ internationaliSDNNumber $ l $ physicalDeliveryOfficeName $ postOfficeBox $ postalAddress $ postalCode $ preferredDeliveryMethod $ registeredAddress $ searchGuide $ seeAlso $ st $ street $ telephoneNumber $ teletexTerminalIdentifier $ telexNumber $ userPassword $ x121Address ) X-ORIGIN 'RFC 2256' ) -objectClasses: ( 2.5.6.5 NAME 'organizationalUnit' DESC 'Standard LDAP objectclass' SUP top MUST ( ou ) MAY ( businessCategory $ description $ destinationIndicator $ facsimileTelephoneNumber $ internationaliSDNNumber $ l $ physicalDeliveryOfficeName $ postOfficeBox $ postalAddress $ postalCode $ preferredDeliveryMethod $ registeredAddress $ searchGuide $ seeAlso $ st $ street $ telephoneNumber $ teletexTerminalIdentifier $ telexNumber $ userPassword $ x121Address ) X-ORIGIN 'RFC 2256' ) -objectClasses: ( 2.5.6.6 NAME 'person' DESC 'Standard LDAP objectclass' SUP top MUST ( sn $ cn ) MAY ( description $ seeAlso $ telephoneNumber $ userPassword ) X-ORIGIN 'RFC 2256' ) -objectClasses: ( 2.5.6.7 NAME 'organizationalPerson' DESC 'Standard LDAP objectclass' SUP person MAY ( destinationIndicator $ facsimileTelephoneNumber $ internationaliSDNNumber $ l $ ou $ physicalDeliveryOfficeName $ postOfficeBox $ postalAddress $ postalCode $ preferredDeliveryMethod $ registeredAddress $ st $ street $ teletexTerminalIdentifier $ telexNumber $ title $ x121Address ) X-ORIGIN 'RFC 2256' ) -objectClasses: ( 2.16.840.1.113730.3.2.2 NAME 'inetOrgPerson' DESC 'Internet extended organizational person objectclass' SUP organizationalPerson MAY ( audio $ businessCategory $ carLicense $ departmentNumber $ displayName $ employeeType $ employeeNumber $ givenName $ homePhone $ homePostalAddress $ initials $ jpegPhoto $ labeledURI $ manager $ mobile $ pager $ photo $ preferredLanguage $ mail $ o $ roomNumber $ secretary $ uid $ x500uniqueIdentifier $ userCertificate $ userSMimeCertificate $ userPKCS12 ) X-ORIGIN 'RFC 2798' ) -objectClasses: ( 2.5.6.8 NAME 'organizationalRole' DESC 'Standard LDAP objectclass' SUP top MUST ( cn ) MAY ( description $ destinationIndicator $ facsimileTelephoneNumber $ internationaliSDNNumber $ l $ ou $ physicalDeliveryOfficeName $ postOfficeBox $ postalAddress $ postalCode $ preferredDeliveryMethod $ registeredAddress $ roleOccupant $ seeAlso $ st $ street $ telephoneNumber $ teletexTerminalIdentifier $ telexNumber $ x121Address ) X-ORIGIN 'RFC 2256' ) -objectClasses: ( 2.5.6.9 NAME 'groupOfNames' DESC 'Standard LDAP objectclass' SUP top MUST ( cn ) MAY ( member $ businessCategory $ description $ o $ ou $ owner $ seeAlso ) X-ORIGIN 'RFC 2256' ) -objectClasses: ( 2.5.6.17 NAME 'groupOfUniqueNames' DESC 'Standard LDAP objectclass' SUP top MUST ( cn ) MAY ( uniqueMember $ businessCategory $ description $ o $ ou $ owner $ seeAlso ) X-ORIGIN 'RFC 2256' ) -objectClasses: ( 2.16.840.1.113730.3.2.31 NAME 'groupOfCertificates' DESC 'Netscape defined objectclass' SUP top MUST ( cn ) MAY ( memberCertificateDescription $ businessCategory $ description $ o $ ou $ owner $ seeAlso ) X-ORIGIN 'Netscape Directory Server' ) -objectClasses: ( 2.16.840.1.113730.3.2.33 NAME 'groupOfURLs' DESC 'Netscape defined objectclass' SUP top MUST ( cn ) MAY ( memberURL $ businessCategory $ description $ o $ ou $ owner $ seeAlso ) X-ORIGIN 'Netscape Directory Server' ) -objectClasses: ( 2.5.6.10 NAME 'residentialPerson' DESC 'Standard LDAP objectclass' SUP person MUST ( l ) MAY ( businessCategory $ destinationIndicator $ facsimileTelephoneNumber $ internationaliSDNNumber $ physicalDeliveryOfficeName $ postOfficeBox $ postalAddress $ postalCode $ preferredDeliveryMethod $ registeredAddress $ st $ street $ teletexTerminalIdentifier $ telexNumber $ x121Address ) X-ORIGIN 'RFC 2256' ) -objectClasses: ( 2.5.6.11 NAME 'applicationProcess' DESC 'Standard LDAP objectclass' SUP top MUST ( cn ) MAY ( description $ l $ ou $ seeAlso ) X-ORIGIN 'RFC 2256' ) -objectClasses: ( 2.16.840.1.113730.3.2.35 NAME 'LDAPServer' DESC 'Netscape defined objectclass' SUP top MUST ( cn ) MAY ( description $ l $ ou $ seeAlso $ generation $ changeLogMaximumAge $ changeLogMaximumSize ) X-ORIGIN 'Netscape Directory Server' ) -objectClasses: ( 2.5.6.12 NAME 'applicationEntity' DESC 'Standard LDAP objectclass' SUP top MUST ( presentationAddress $ cn ) MAY ( description $ l $ o $ ou $ seeAlso $ supportedApplicationContext ) X-ORIGIN 'RFC 2256' ) -objectClasses: ( 2.5.6.13 NAME 'dSA' DESC 'Standard LDAP objectclass' SUP applicationEntity MAY ( knowledgeInformation ) X-ORIGIN 'RFC 2256' ) -objectClasses: ( 2.5.6.14 NAME 'device' DESC 'Standard LDAP objectclass' SUP top MUST ( cn ) MAY ( description $ l $ o $ ou $ owner $ seeAlso $ serialNumber ) X-ORIGIN 'RFC 2256' ) -objectClasses: ( 2.5.6.15 NAME 'strongAuthenticationUser' DESC 'Standard LDAP objectclass' SUP top AUXILIARY MUST ( userCertificate ) X-ORIGIN 'RFC 2256' ) -objectClasses: ( 2.5.6.16 NAME 'certificationAuthority' DESC 'Standard LDAP objectclass' SUP top AUXILIARY MUST ( authorityRevocationList $ certificateRevocationList $ cACertificate ) MAY crossCertificatePair X-ORIGIN 'RFC 2256' ) -objectClasses: ( 2.5.6.16.2 NAME 'certificationAuthority-V2' DESC 'Standard LDAP objectclass' SUP certificationAuthority MAY deltaRevocationList X-ORIGIN 'RFC 2256' ) -objectClasses: ( 2.5.6.18 NAME 'userSecurityInformation' SUP top AUXILIARY MAY ( supportedAlgorithms ) X-ORIGIN 'RFC 2256' ) -objectClasses: ( 2.5.6.19 NAME 'cRLDistributionPoint' SUP top STRUCTURAL MUST ( cn ) MAY ( certificateRevocationList $ authorityRevocationList $ deltaRevocationList ) X-ORIGIN 'RFC 2256' ) -objectClasses: ( 2.5.6.20 NAME 'dmd' SUP top STRUCTURAL MUST ( dmdName ) MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $ x121Address $ registeredAddress $ destinationIndicator $ preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $ telephoneNumber $ internationaliSDNNumber $ facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $ postalAddress $ physicalDeliveryOfficeName $ st $ l $ description ) X-ORIGIN 'RFC 2256' ) -objectClasses: ( 1.3.6.1.4.1.250.3.15 NAME 'labeledURIObject' DESC 'object that contains the URI attribute type' SUP top AUXILIARY MAY ( labeledURI ) X-ORIGIN 'RFC 2079' ) -objectClasses: ( 1.3.6.1.4.1.250.3.18 NAME 'cacheObject' DESC 'object that contains the TTL (time to live) attribute type' SUP top MAY ( ttl ) X-ORIGIN 'LDAP Caching Internet Draft' ) objectClasses: ( 2.5.20.1 NAME 'subschema' DESC 'Standard LDAP objectclass' SUP top AUXILIARY MAY ( dITStructureRules $ nameForms $ dITContentRules $ objectClasses $ attributeTypes $ matchingRules $ matchingRuleUse ) X-ORIGIN 'RFC 2252' ) -objectClasses: ( 2.16.840.1.113730.3.2.10 NAME 'netscapeServer' DESC 'Netscape defined objectclass' SUP top MUST ( cn ) MAY ( description $ serverRoot $ serverProductName $ serverVersionNumber $ installationTimeStamp $ administratorContactInfo $ userpassword $ adminURL $ serverHostName ) X-ORIGIN 'Netscape Administration Services' ) -objectClasses: ( 2.16.840.1.113730.3.2.7 NAME 'nsLicenseUser' DESC 'Netscape defined objectclass' SUP top MAY ( nsLicensedFor $ nsLicenseStartTime $ nsLicenseEndTime ) X-ORIGIN 'Netscape Administration Services' ) -objectClasses: ( 2.16.840.1.113730.3.2.1 NAME 'changeLogEntry' DESC 'LDAP changelog objectclass' SUP top MUST ( targetdn $ changeTime $ changenumber $ changeType ) MAY ( changes $ newrdn $ deleteoldrdn $ newsuperior ) X-ORIGIN 'Changelog Internet Draft' ) -objectClasses: ( 2.16.840.1.113730.3.2.6 NAME 'referral' DESC 'LDAP referrals objectclass' SUP top MAY ( ref ) X-ORIGIN 'LDAPv3 referrals Internet Draft' ) -objectClasses: ( 2.16.840.1.113730.3.2.12 NAME 'passwordObject' DESC 'Netscape defined password policy objectclass' SUP top MAY ( pwdpolicysubentry $ passwordExpirationTime $ passwordExpWarned $ passwordRetryCount $ retryCountResetTime $ accountUnlockTime $ passwordHistory $ passwordAllowChangeTime $ passwordGraceUserTime ) X-ORIGIN 'Netscape Directory Server' ) -objectClasses: ( 2.16.840.1.113730.3.2.13 NAME 'passwordPolicy' DESC 'Netscape defined password policy objectclass' SUP top MAY ( passwordMaxAge $ passwordExp $ passwordMinLength $ passwordKeepHistory $ passwordInHistory $ passwordChange $ passwordWarning $ passwordLockout $ passwordMaxFailure $ passwordResetDuration $ passwordUnlock $ passwordLockoutDuration $ passwordCheckSyntax $ passwordMustChange $ passwordStorageScheme $ passwordMinAge $ passwordResetFailureCount $ passwordGraceLimit $ passwordMinDigits $ passwordMinAlphas $ passwordMinUppers $ passwordMinLowers $ passwordMinSpecials $ passwordMin8bit $ passwordMaxRepeats $ passwordMinCategories $ passwordMinTokenLength ) X-ORIGIN 'Netscape Directory Server' ) -objectClasses: ( 2.16.840.1.113730.3.2.30 NAME 'glue' DESC 'Netscape defined objectclass' SUP top X-ORIGIN 'Netscape Directory Server' ) -objectClasses: ( 2.16.840.1.113730.3.2.32 NAME 'netscapeMachineData' DESC 'Netscape defined objectclass' SUP top X-ORIGIN 'Netscape Directory Server' ) -objectClasses: ( 2.16.840.1.113730.3.2.38 NAME 'vlvSearch' DESC 'Netscape defined objectclass' SUP top MUST ( cn $ vlvBase $ vlvScope $ vlvFilter ) MAY ( multiLineDescription ) X-ORIGIN 'Netscape Directory Server' ) -objectClasses: ( 2.16.840.1.113730.3.2.39 NAME 'nsslapdConfig' DESC 'Netscape defined objectclass' SUP top MAY ( cn ) X-ORIGIN 'Netscape Directory Server' ) +objectClasses: ( 2.16.840.1.113719.2.142.6.1.1 NAME 'ldapSubEntry' DESC 'LDAP Subentry class, version 1' SUP top STRUCTURAL MAY ( cn ) X-ORIGIN 'LDAP Subentry Internet Draft' ) objectClasses: ( 2.16.840.1.113730.3.2.40 NAME 'directoryServerFeature' DESC 'Netscape defined objectclass' SUP top MAY ( oid $ cn $ multiLineDescription ) X-ORIGIN 'Netscape Directory Server' ) objectClasses: ( 2.16.840.1.113730.3.2.41 NAME 'nsslapdPlugin' DESC 'Netscape defined objectclass' SUP top MUST ( cn $ nsslapd-pluginPath $ nsslapd-pluginInitFunc $ nsslapd-pluginType $ nsslapd-pluginId $ nsslapd-pluginVersion $ nsslapd-pluginVendor $ nsslapd-pluginDescription $ nsslapd-pluginEnabled ) X-ORIGIN 'Netscape Directory Server' ) -objectClasses: ( 2.16.840.1.113730.3.2.42 NAME 'vlvIndex' DESC 'Netscape defined objectclass' SUP top MUST ( cn $ vlvSort ) MAY ( vlvEnabled $ vlvUses ) X-ORIGIN 'Netscape Directory Server' ) -objectClasses: ( 2.16.840.1.113730.3.2.43 NAME 'nsSNMP' DESC 'Netscape defined objectclass' SUP top MUST ( cn $ nsSNMPEnabled ) MAY ( nsSNMPOrganization $ nsSNMPLocation $ nsSNMPContact $ nsSNMPDescription $ nsSNMPName $ nsSNMPMasterHost $ nsSNMPMasterPort ) X-ORIGIN 'Netscape Directory Server' ) objectClasses: ( 2.16.840.1.113730.3.2.44 NAME 'nsIndex' DESC 'Netscape defined objectclass' SUP top MUST ( cn $ nsSystemIndex ) MAY ( description $ nsIndexType $ nsMatchingRule ) X-ORIGIN 'Netscape Directory Server' ) -objectClasses: ( 2.16.840.1.113730.3.2.84 NAME 'cosDefinition' DESC 'Netscape defined objectclass' SUP top MAY ( costargettree $ costemplatedn $ cosspecifier $ cosattribute $ aci $ cn $ uid ) X-ORIGIN 'Netscape Directory Server' ) -objectClasses: ( 2.16.840.1.113719.2.142.6.1.1 NAME 'ldapSubEntry' DESC 'LDAP Subentry class, version 1' SUP top STRUCTURAL MAY ( cn ) X-ORIGIN 'LDAP Subentry Internet Draft' ) -objectClasses: ( 2.16.840.1.113730.3.2.93 NAME 'nsRoleDefinition' DESC 'Netscape defined objectclass' SUP ldapSubEntry MAY ( description ) X-ORIGIN 'Netscape Directory Server' ) -objectClasses: ( 2.16.840.1.113730.3.2.94 NAME 'nsSimpleRoleDefinition' DESC 'Netscape defined objectclass' SUP nsRoleDefinition X-ORIGIN 'Netscape Directory Server' ) -objectClasses: ( 2.16.840.1.113730.3.2.95 NAME 'nsComplexRoleDefinition' DESC 'Netscape defined objectclass' SUP nsRoleDefinition X-ORIGIN 'Netscape Directory Server' ) -objectClasses: ( 2.16.840.1.113730.3.2.96 NAME 'nsManagedRoleDefinition' DESC 'Netscape defined objectclass' SUP nsSimpleRoleDefinition X-ORIGIN 'Netscape Directory Server' ) -objectClasses: ( 2.16.840.1.113730.3.2.97 NAME 'nsFilteredRoleDefinition' DESC 'Netscape defined objectclass' SUP nsComplexRoleDefinition MUST ( nsRoleFilter ) X-ORIGIN 'Netscape Directory Server' ) -objectClasses: ( 2.16.840.1.113730.3.2.98 NAME 'nsNestedRoleDefinition' DESC 'Netscape defined objectclass' SUP nsComplexRoleDefinition MUST ( nsRoleDN ) X-ORIGIN 'Netscape Directory Server' ) -objectClasses: ( 2.16.840.1.113730.3.2.99 NAME 'cosSuperDefinition' DESC 'Netscape defined objectclass' SUP ldapSubEntry MUST (cosattribute) MAY ( description ) X-ORIGIN 'Netscape Directory Server' ) -objectClasses: ( 2.16.840.1.113730.3.2.100 NAME 'cosClassicDefinition' DESC 'Netscape defined objectclass' SUP cosSuperDefinition MAY ( cosTemplateDn $ cosspecifier ) X-ORIGIN 'Netscape Directory Server' ) -objectClasses: ( 2.16.840.1.113730.3.2.101 NAME 'cosPointerDefinition' DESC 'Netscape defined objectclass' SUP cosSuperDefinition MAY ( cosTemplateDn ) X-ORIGIN 'Netscape Directory Server' ) -objectClasses: ( 2.16.840.1.113730.3.2.102 NAME 'cosIndirectDefinition' DESC 'Netscape defined objectclass' SUP cosSuperDefinition MAY ( cosIndirectSpecifier ) X-ORIGIN 'Netscape Directory Server' ) -objectClasses: ( 2.16.840.1.113730.3.2.103 NAME 'nsDS5ReplicationAgreement' DESC 'Netscape defined objectclass' SUP top MUST ( cn ) MAY ( nsDS5ReplicaHost $ nsDS5ReplicaPort $ nsDS5ReplicaTransportInfo $ nsDS5ReplicaBindDN $ nsDS5ReplicaCredentials $ nsDS5ReplicaBindMethod $ nsDS5ReplicaRoot $ nsDS5ReplicatedAttributeList $ nsDS5ReplicaUpdateSchedule $ nsds5BeginReplicaRefresh $ description $ nsds50ruv $ nsruvReplicaLastModified $ nsds5ReplicaTimeout $ nsds5replicaChangesSentSinceStartup $ nsds5replicaLastUpdateEnd $ nsds5replicaLastUpdateStart $ nsds5replicaLastUpdateStatus $ nsds5replicaUpdateInProgress $ nsds5replicaLastInitEnd $ nsds5replicaLastInitStart $ nsds5replicaLastInitStatus $ nsds5debugreplicatimeout $ nsds5replicaBusyWaitTime $ nsds5replicaSessionPauseTime ) X-ORIGIN 'Netscape Directory Server' ) -objectClasses: ( 2.16.840.1.113730.3.2.503 NAME 'nsDSWindowsReplicationAgreement' DESC 'Netscape defined objectclass' SUP top MUST ( cn ) MAY ( nsDS5ReplicaHost $ nsDS5ReplicaPort $ nsDS5ReplicaTransportInfo $ nsDS5ReplicaBindDN $ nsDS5ReplicaCredentials $ nsDS5ReplicaBindMethod $ nsDS5ReplicaRoot $ nsDS5ReplicatedAttributeList $ nsDS5ReplicaUpdateSchedule $ nsds5BeginReplicaRefresh $ description $ nsds50ruv $ nsruvReplicaLastModified $ nsds5ReplicaTimeout $ nsds5replicaChangesSentSinceStartup $ nsds5replicaLastUpdateEnd $ nsds5replicaLastUpdateStart $ nsds5replicaLastUpdateStatus $ nsds5replicaUpdateInProgress $ nsds5replicaLastInitEnd $ nsds5replicaLastInitStart $ nsds5replicaLastInitStatus $ nsds5debugreplicatimeout $ nsds5replicaBusyWaitTime $ nsds5replicaSessionPauseTime $ nsds7WindowsReplicaSubtree $ nsds7DirectoryReplicaSubtree $ nsds7NewWinUserSyncEnabled $ nsds7NewWinGroupSyncEnabled $ nsds7WindowsDomain $ nsds7DirsyncCookie) X-ORIGIN 'Netscape Directory Server' ) -objectClasses: ( 2.16.840.1.113730.3.2.104 NAME 'nsContainer' DESC 'Netscape defined objectclass' SUP top MUST ( CN ) X-ORIGIN 'Netscape Directory Server' ) -objectClasses: ( 2.16.840.1.113730.3.2.108 NAME 'nsDS5Replica' DESC 'Netscape defined objectclass' SUP top MUST ( nsDS5ReplicaRoot $ nsDS5ReplicaId ) MAY (cn $ nsDS5ReplicaType $ nsDS5ReplicaBindDN $ nsState $ nsDS5ReplicaName $ nsDS5Flags $ nsDS5Task $ nsDS5ReplicaReferral $ nsDS5ReplicaAutoReferral $ nsds5ReplicaPurgeDelay $ nsds5ReplicaTombstonePurgeInterval $ nsds5ReplicaChangeCount $ nsds5ReplicaLegacyConsumer) X-ORIGIN 'Netscape Directory Server' ) objectClasses: ( 2.16.840.1.113730.3.2.109 NAME 'nsBackendInstance' DESC 'Netscape defined objectclass' SUP top MUST ( CN ) X-ORIGIN 'Netscape Directory Server' ) objectClasses: ( 2.16.840.1.113730.3.2.110 NAME 'nsMappingTree' DESC 'Netscape defined objectclass' SUP top MUST ( CN ) X-ORIGIN 'Netscape Directory Server' ) -objectClasses: ( 2.16.840.1.113730.3.2.113 NAME 'nsTombstone' DESC 'Netscape defined objectclass' SUP top MAY ( nsParentUniqueId $ nscpEntryDN ) X-ORIGIN 'Netscape Directory Server' ) -objectClasses: ( 2.16.840.1.113730.3.2.128 NAME 'costemplate' DESC 'Netscape defined objectclass' SUP top MAY ( cn $ cospriority ) X-ORIGIN 'Netscape Directory Server' ) -objectClasses: ( 2.16.840.1.113730.3.2.304 NAME 'nsView' DESC 'Netscape defined objectclass' SUP top AUXILIARY MAY ( nsViewFilter $ description ) X-ORIGIN 'Netscape Directory Server' ) -objectClasses: ( 2.16.840.1.113730.3.2.316 NAME 'nsAttributeEncryption' DESC 'Netscape defined objectclass' SUP top MUST ( cn $ nsEncryptionAlgorithm ) X-ORIGIN 'Netscape Directory Server' ) -objectClasses: ( 2.16.840.1.113730.3.2.317 NAME 'nsSaslMapping' DESC 'Netscape defined objectclass' SUP top MUST ( cn $ nsSaslMapRegexString $ nsSaslMapBaseDNTemplate $ nsSaslMapFilterTemplate ) X-ORIGIN 'Netscape Directory Server' ) From fedora-directory-commits at redhat.com Sat Mar 3 02:46:38 2007 From: fedora-directory-commits at redhat.com (Jack Magne (jmagne)) Date: Fri, 2 Mar 2007 21:46:38 -0500 Subject: [Fedora-directory-commits] esc/src/app/xul/esc/chrome/content/esc ESC.js, 1.10, 1.11 Message-ID: <200703030246.l232kcK9017584@cvs-int.fedora.redhat.com> Author: jmagne Update of /cvs/dirsec/esc/src/app/xul/esc/chrome/content/esc In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv17567 Modified Files: ESC.js Log Message: Fixed issue where the enrolled icon was showing up even with no keys. Index: ESC.js =================================================================== RCS file: /cvs/dirsec/esc/src/app/xul/esc/chrome/content/esc/ESC.js,v retrieving revision 1.10 retrieving revision 1.11 diff -u -r1.10 -r1.11 --- ESC.js 1 Mar 2007 22:55:03 -0000 1.10 +++ ESC.js 3 Mar 2007 02:46:36 -0000 1.11 @@ -2103,7 +2103,7 @@ //hack for CAC cards that now have no CUID reported - if(!isCool) + if(!isCool && !noKey) keyStatus = "ENROLLED"; var image_src = SelectImageForKeyStatus(keyStatus,1,1); From fedora-directory-commits at redhat.com Mon Mar 5 23:42:50 2007 From: fedora-directory-commits at redhat.com (Jack Magne (jmagne)) Date: Mon, 5 Mar 2007 18:42:50 -0500 Subject: [Fedora-directory-commits] esc/rpm esc,1.2,1.3 Message-ID: <200703052342.l25Ngomu023035@cvs-int.fedora.redhat.com> Author: jmagne Update of /cvs/dirsec/esc/rpm In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv23018 Modified Files: esc Log Message: Update to latest. Index: esc =================================================================== RCS file: /cvs/dirsec/esc/rpm/esc,v retrieving revision 1.2 retrieving revision 1.3 diff -u -r1.2 -r1.3 --- esc 27 Sep 2006 17:42:38 -0000 1.2 +++ esc 5 Mar 2007 23:42:48 -0000 1.3 @@ -20,7 +20,7 @@ ESC_PROFILE_BASE=~/.redhat/esc ESC_LOG_FILE=esc.log -ESC_PATH=$LIBDIR/esc-1.0.0 +ESC_PATH=$LIBDIR/esc-1.0.1 ESC_BIN_PATH=/usr/bin ESC_EXEC=esc ESCD_EXEC=escd From fedora-directory-commits at redhat.com Mon Mar 5 23:43:05 2007 From: fedora-directory-commits at redhat.com (Jack Magne (jmagne)) Date: Mon, 5 Mar 2007 18:43:05 -0500 Subject: [Fedora-directory-commits] esc/rpm esc.spec,1.2,1.3 Message-ID: <200703052343.l25Nh5Ng023064@cvs-int.fedora.redhat.com> Author: jmagne Update of /cvs/dirsec/esc/rpm In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv23044 Modified Files: esc.spec Log Message: Update to latest. Index: esc.spec =================================================================== RCS file: /cvs/dirsec/esc/rpm/esc.spec,v retrieving revision 1.2 retrieving revision 1.3 diff -u -r1.2 -r1.3 --- esc.spec 27 Sep 2006 17:42:38 -0000 1.2 +++ esc.spec 5 Mar 2007 23:43:03 -0000 1.3 @@ -18,8 +18,8 @@ # END COPYRIGHT BLOCK Name: esc -Version: 1.0.0 -Release: 16%{?dist} +Version: 1.0.1 +Release: 1%{?dist} Summary: Enterprise Security Client Smart Card Client License: GPL URL: http://directory.fedora.redhat.com/wiki/CoolKey @@ -27,22 +27,8 @@ BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) -Patch1: firefox-1.5.0.1-dumpstack.patch -Patch2: xulrunner-1.8.0.1-coreconf.patch -Patch3: firefox-1.5-with-system-nss.patch -Patch4: firefox-1.1-nss-system-nspr.patch -Patch5: esc-1.0.0-xul-sys-nss-nspr.patch -Patch6: esc-1.0.0-ui-enhance.patch -Patch7: esc-1.0.0-notify-icon-fixes.patch -Patch8: esc-1.0.0-strings-fix.patch -Patch11: esc-1.0.0.strings-1-fix.patch -Patch12: esc-1.0.0-ui-enhance-1.patch -Patch13: esc-1.0.0-pw-reset-fix.patch -Patch14: esc-1.0.0-escd.patch -Patch15: esc-1.0.0-escd1.patch -Patch16: esc-1.0.0-escd2.patch -Patch17: esc-1.0.0-build-fix.patch -Patch18: esc-1.0.0-diag-fix.patch +Patch1: firefox-1.5-with-system-nss.patch +Patch2: firefox-1.1-nss-system-nspr.patch BuildRequires: doxygen fontconfig-devel freetype-devel >= 2.1 BuildRequires: glib2-devel libIDL-devel atk-devel gtk2-devel libjpeg-devel @@ -80,7 +66,7 @@ Source0: %{escname}.tar.bz2 Source1: esc Source2: esc.desktop -Source3: xulrunner-1.8.0.1-source.tar.bz2 +Source3: xulrunner-1.8.0.4-source.tar.bz2 %description @@ -91,20 +77,7 @@ %setup -q -c -n %{escname} -#patch esc to use system nss and nspr. -%patch5 -p1 -b .fix5 -%patch6 -p1 -b .fix6 -%patch7 -p1 -b .fix7 -%patch8 -p1 -b .fix8 -%patch11 -p1 -b .fix11 -%patch12 -p1 -b .fix12 -%patch13 -p1 -b .fix13 -%patch14 -p1 -b .fix14 -%patch15 -p1 -b .fix15 -%patch16 -p1 -b .fix16 -%patch17 -p1 -b .fix17 -%patch18 -p1 -b .fix18 #Unpack xulrunner where esc expects it to be. @@ -116,8 +89,6 @@ %patch1 -p1 -b .fix1 %patch2 -p1 -b .fix2 -%patch3 -p1 -b .fix3 -%patch4 -p1 -b .fix4 %build @@ -130,7 +101,7 @@ cd ../.. -make BUILD_OPT=1 HAVE_LIB_NOTIFY=1 +make BUILD_OPT=1 HAVE_LIB_NOTIFY=1 ESC_VERSION=%{version}-%{release} %install @@ -147,6 +118,7 @@ sed -e 's;\$LIBDIR;'%{_libdir}';g' %{SOURCE1} > $RPM_BUILD_ROOT/%{escbindir}/%{name} + chmod 755 $RPM_BUILD_ROOT/%{escbindir}/esc mkdir -p $RPM_BUILD_ROOT/%{escdir} @@ -213,7 +185,19 @@ fi %changelog -* Fri Sep 22 2006 Jack Magne = 1.0.0-15 +* Mon Mar 05 2007 Jack Magne - 1.0.0-1 +- Stability fixes +* Fri Oct 27 2006 Jack Magne - 1.0.0-19 +- More mac and win fixes. +* Tue Oct 24 2006 Jack Magne - 1.0.0-18 +-rebuilt on RHEL-5 branch +* Sun Oct 4 2006 Jack Magne - 1.0.0-17 +- Diagnostics display fixes, Mac and Window fixes. + +* Sun Oct 01 2006 Jesse Keating - 1.0.0-16 +- rebuilt for unwind info generation, broken in gcc-4.1.1-21 + +* Fri Sep 22 2006 Jack Magne - 1.0.0-15 - Fix to the build version * Fri Sep 22 2006 Jack Magne = 1.0.0-14 From fedora-directory-commits at redhat.com Tue Mar 6 00:15:16 2007 From: fedora-directory-commits at redhat.com (Jack Magne (jmagne)) Date: Mon, 5 Mar 2007 19:15:16 -0500 Subject: [Fedora-directory-commits] esc/src/app/xul/esc/defaults/preferences esc-prefs.js, 1.4, 1.5 Message-ID: <200703060015.l260FG1f027264@cvs-int.fedora.redhat.com> Author: jmagne Update of /cvs/dirsec/esc/src/app/xul/esc/defaults/preferences In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv27248 Modified Files: esc-prefs.js Log Message: Remove unused entries. Index: esc-prefs.js =================================================================== RCS file: /cvs/dirsec/esc/src/app/xul/esc/defaults/preferences/esc-prefs.js,v retrieving revision 1.4 retrieving revision 1.5 diff -u -r1.4 -r1.5 --- esc-prefs.js 9 Feb 2007 22:07:16 -0000 1.4 +++ esc-prefs.js 6 Mar 2007 00:15:14 -0000 1.5 @@ -25,8 +25,7 @@ pref("esc.tps.message.timeout","90"); -pref("esc.factory.mode","no"); -pref("esc.show.tabs.ui","no"); pref("esc.windows.do.capi","yes"); -pref("esc.disable.password.prompt","no"); + +pref("esc.disable.password.prompt","yes"); From fedora-directory-commits at redhat.com Tue Mar 6 18:22:21 2007 From: fedora-directory-commits at redhat.com (Jack Magne (jmagne)) Date: Tue, 6 Mar 2007 13:22:21 -0500 Subject: [Fedora-directory-commits] esc/src/app/xul/esc application.ini, 1.4, 1.5 Message-ID: <200703061822.l26IMLn2019330@cvs-int.fedora.redhat.com> Author: jmagne Update of /cvs/dirsec/esc/src/app/xul/esc In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv19310 Modified Files: application.ini Log Message: Bump build stamp. Index: application.ini =================================================================== RCS file: /cvs/dirsec/esc/src/app/xul/esc/application.ini,v retrieving revision 1.4 retrieving revision 1.5 diff -u -r1.4 -r1.5 --- application.ini 25 Jan 2007 22:08:55 -0000 1.4 +++ application.ini 6 Mar 2007 18:22:19 -0000 1.5 @@ -29,7 +29,7 @@ ; ; This field specifies your application's build ID (timestamp). This field is ; required. -BuildID=00000000020 +BuildID=0000001011 ; ; This ID is just an example. Every XUL app ought to have it's own unique ID. ; You can use the microsoft "guidgen" or "uuidgen" tools, or go on From fedora-directory-commits at redhat.com Wed Mar 7 01:53:39 2007 From: fedora-directory-commits at redhat.com (Noriko Hosoi (nhosoi)) Date: Tue, 6 Mar 2007 20:53:39 -0500 Subject: [Fedora-directory-commits] ldapserver/ldap/servers/slapd daemon.c, 1.12, 1.13 Message-ID: <200703070153.l271rdiW022366@cvs-int.fedora.redhat.com> Author: nhosoi Update of /cvs/dirsec/ldapserver/ldap/servers/slapd In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv22342 Modified Files: daemon.c Log Message: Resolves: 229280 Summary: Add LDAPI (LDAP over unix domain sockets) (Comment #5) Change: Fixed a copy & paste error... Index: daemon.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/daemon.c,v retrieving revision 1.12 retrieving revision 1.13 diff -u -r1.12 -r1.13 --- daemon.c 27 Feb 2007 02:57:30 -0000 1.12 +++ daemon.c 7 Mar 2007 01:53:36 -0000 1.13 @@ -1064,7 +1064,7 @@ LDAPDebug( LDAP_DEBUG_HOUSE, "listening for LDAPI connections on %d\n", socketdesc, 0, 0 ); } else { - ct->fd[FDS_S_TCPS].fd = NULL; + ct->fd[FDS_I_UNIX].fd = NULL; } /* The fds entry for the signalpipe is always FDS_SIGNAL_PIPE */ From fedora-directory-commits at redhat.com Wed Mar 7 21:54:06 2007 From: fedora-directory-commits at redhat.com (Noriko Hosoi (nhosoi)) Date: Wed, 7 Mar 2007 16:54:06 -0500 Subject: [Fedora-directory-commits] ldapserver/ldap/servers/slapd/back-ldbm instance.c, 1.5, 1.6 Message-ID: <200703072154.l27Ls6xZ020277@cvs-int.fedora.redhat.com> Author: nhosoi Update of /cvs/dirsec/ldapserver/ldap/servers/slapd/back-ldbm In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv20261 Modified Files: instance.c Log Message: Resolves: 231221 Summary: A system index of eq for nsds5ReplConflict does not help Change: added a presence index for nsds5ReplConflict Index: instance.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/back-ldbm/instance.c,v retrieving revision 1.5 retrieving revision 1.6 diff -u -r1.5 -r1.6 --- instance.c 10 Nov 2006 23:45:39 -0000 1.5 +++ instance.c 7 Mar 2007 21:54:03 -0000 1.6 @@ -179,7 +179,7 @@ /* For MMR, we need this attribute (to replace use of dncomp in delete). */ argv[ 0 ] = ATTR_NSDS5_REPLCONFLICT; - argv[ 1 ] = "eq"; + argv[ 1 ] = "eq,pres"; argv[ 2 ] = NULL; ldbm_instance_config_add_index_entry(inst, 2, argv, flags); From fedora-directory-commits at redhat.com Wed Mar 7 22:06:21 2007 From: fedora-directory-commits at redhat.com (Noriko Hosoi (nhosoi)) Date: Wed, 7 Mar 2007 17:06:21 -0500 Subject: [Fedora-directory-commits] ldapserver/ldap/servers/slapd pw_mgmt.c, 1.8, 1.9 Message-ID: <200703072206.l27M6Lsa024070@cvs-int.fedora.redhat.com> Author: nhosoi Update of /cvs/dirsec/ldapserver/ldap/servers/slapd In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv20317 Modified Files: pw_mgmt.c Log Message: Resolves: 229513 Summary: CRM #1160370 RHDS does not reset passwordRetryCount to 0 upon a successful BIND Change: If password lockout is on, need_new_pw from the successful bind tries to set passwordRetryCount to 0 in smods, but if passwordExpirationTime is not set and password never expires, the smods is not applied and discarded. Added pw_apply_mods if password lockout is on. Index: pw_mgmt.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/pw_mgmt.c,v retrieving revision 1.8 retrieving revision 1.9 diff -u -r1.8 -r1.9 --- pw_mgmt.c 27 Feb 2007 02:57:30 -0000 1.8 +++ pw_mgmt.c 7 Mar 2007 22:06:19 -0000 1.9 @@ -95,12 +95,14 @@ pw_exp_date = time_plus_sec ( cur_time, pwpolicy->pw_maxage ); - timestring = format_genTime (pw_exp_date); + timestring = format_genTime (pw_exp_date); slapi_mods_add_string(&smods, LDAP_MOD_REPLACE, "passwordExpirationTime", timestring); slapi_ch_free((void **)×tring); slapi_mods_add_string(&smods, LDAP_MOD_REPLACE, "passwordExpWarned", "0"); pw_apply_mods(dn, &smods); + } else if (pwpolicy->pw_lockout == 1) { + pw_apply_mods(dn, &smods); } slapi_mods_done(&smods); delete_passwdPolicy(&pwpolicy); @@ -109,7 +111,7 @@ pw_exp_date = parse_genTime(passwordExpirationTime); - slapi_ch_free((void**)&passwordExpirationTime); + slapi_ch_free((void**)&passwordExpirationTime); /* Check if password has been reset */ if ( pw_exp_date == NO_TIME ) { From fedora-directory-commits at redhat.com Tue Mar 13 01:24:14 2007 From: fedora-directory-commits at redhat.com (Steven W Parkinson (sparkins)) Date: Mon, 12 Mar 2007 21:24:14 -0400 Subject: [Fedora-directory-commits] windowsautoenroll/panel ProxyPanel.cs, 1.1.1.1, NONE Message-ID: <200703130124.l2D1OEjL024449@cvs-int.fedora.redhat.com> Author: sparkins Update of /cvs/dirsec/windowsautoenroll/panel In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv24435 Removed Files: ProxyPanel.cs Log Message: remove old version --- ProxyPanel.cs DELETED --- From fedora-directory-commits at redhat.com Tue Mar 13 01:36:12 2007 From: fedora-directory-commits at redhat.com (Steven W Parkinson (sparkins)) Date: Mon, 12 Mar 2007 21:36:12 -0400 Subject: [Fedora-directory-commits] windowsautoenroll/proxy MSG00001.bin, NONE, 1.1 RedHatCSProxy.idl, NONE, 1.1 RedHatCSProxy_h.h, NONE, 1.1 RedHatCSProxy_i.c, NONE, 1.1 RedHatCSProxy_p.c, NONE, 1.1 RedHatCertSvrProxy.rc, NONE, 1.1 b64.c, NONE, 1.1 b64.h, NONE, 1.1 cert.ico, NONE, 1.1 csproxy.h, NONE, 1.1 dlldata.c, NONE, 1.1 messages.RES, NONE, 1.1 messages.aps, NONE, 1.1 messages.h, NONE, 1.1 messages.mc, NONE, 1.1 messages.rc, NONE, 1.1 p32.ico, NONE, 1.1 proxy.vcproj, NONE, 1.1 registry.cpp, NONE, 1.1 resource.h, NONE, 1.1 service.cpp, NONE, 1.1 stdafx.cpp, NONE, 1.1 stdafx.h, NONE, 1.1 util.cpp, NONE, 1.1 proxy.cpp, 1.1.1.1, 1.2 submit.cpp, 1.1.1.1, 1.2 Message-ID: <200703130136.l2D1aCmV024912@cvs-int.fedora.redhat.com> Author: sparkins Update of /cvs/dirsec/windowsautoenroll/proxy In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv24806/proxy Modified Files: proxy.cpp submit.cpp Added Files: MSG00001.bin RedHatCSProxy.idl RedHatCSProxy_h.h RedHatCSProxy_i.c RedHatCSProxy_p.c RedHatCertSvrProxy.rc b64.c b64.h cert.ico csproxy.h dlldata.c messages.RES messages.aps messages.h messages.mc messages.rc p32.ico proxy.vcproj registry.cpp resource.h service.cpp stdafx.cpp stdafx.h util.cpp Log Message: 0.9.1: new since last release: running as a service, CA failover, support for ICertRequestD2 (IFDEFed), using C++ strings instead of char[], support for additional domain controllers in a forest, decoding PKCS#10 request to find Cert template name, installer, new base 64 decoder, profile mapper --- NEW FILE MSG00001.bin ---  --- NEW FILE RedHatCSProxy.idl --- /** BEGIN COPYRIGHT BLOCK * END COPYRIGHT BLOCK */ import "oaidl.idl"; import "ocidl.idl"; // The contents of this file was written by Red Hat Corp, based on information // in certreqd.h, which is shipped in the MSDN SDK // RH CS Proxy file ------------------------------------------------------------------------ // This file will be processed by the MIDL tool to produce the type library // and marshalling code. import "wtypes.idl"; //import "certif.idl"; // This comes from certbase.idl, but has no corresponding include file typedef struct _CERTTRANSBLOB { unsigned long cb; [size_is(cb), unique] BYTE *pb; } CERTTRANSBLOB; //+-------------------------------------------------------------------------- // ICertRequestD class -- local COM interface, local implementation //+-------------------------------------------------------------------------- [ object, uuid(d99e6e70-fc88-11d0-b498-00a0c90312f3), dual, helpstring("Red Hat ICertRequestD Interface"), pointer_default(unique) ] interface ICertRequestD: IUnknown { import "oaidl.idl"; HRESULT Request( [in] DWORD dwFlags, [unique][string][in] const wchar_t * pwszAuthority, [ref][out][in] DWORD * pdwRequestId, [out] DWORD * pdwDisposition, [unique][string][in] const wchar_t * pwszAttributes, [ref][in] const CERTTRANSBLOB *pctbRequest, [ref][out] CERTTRANSBLOB * pctbCertChain, [ref][out] CERTTRANSBLOB * pctbEncodedCert, [ref][out] CERTTRANSBLOB * pctbDispositionMessage); HRESULT GetCACert( [in] DWORD fchain, [unique][string][in] const wchar_t * pwszAuthority, [ref][out] CERTTRANSBLOB * pctbOut ); HRESULT Ping( [unique][string][in] const wchar_t * pwszAuthority); }; [ object, uuid(5422fd3a-d4b8-4cef-a12e-e87d4ca22e90), dual, helpstring("Red Hat ICertRequestD2 Interface"), pointer_default(unique) ] interface ICertRequestD2: ICertRequestD { import "oaidl.idl"; HRESULT Request2( [unique][string][in] const wchar_t * pwszAuthority, [in] DWORD dwFlags, [unique][string][in] const wchar_t * pwszSerialNumber, [ref][out][in] DWORD * pdwRequestId, [out] DWORD * pdwDisposition, [unique][string][in] const wchar_t * pwszAttributes, [ref][in] const CERTTRANSBLOB *pctbRequest, [ref][out] CERTTRANSBLOB * pctbFullResponse, [ref][out] CERTTRANSBLOB * pctbEncodedCert, [ref][out] CERTTRANSBLOB * pctbDispositionMessage ); HRESULT GetCAProperty( [unique][string][in] const wchar_t *pwszAuthority, [in] LONG PropId, [in] LONG PropIndex, [in] LONG PropType, [ref][out] CERTTRANSBLOB *pctbPropertyValue ); HRESULT GetCAPropertyInfo( [unique][string][in] const wchar_t *pwszAuthority, [out] LONG *pcProperty, [ref][out] CERTTRANSBLOB *pctbPropInfo ); HRESULT Ping2( [unique][string][in] const wchar_t * pwszAuthority); }; [ uuid(96946675-8068-403f-889C-F406D57FE8A2), helpstring("Red Hat Type Library"), version(1.0) ] library redhattypelib { [ uuid(d99e6e74-fc88-11d0-b498-00a0c90312f3), helpstring("Red Hat CCertRequestD Class"), ] coclass CCertRequestD { [default] interface ICertRequestD; } } --- NEW FILE RedHatCSProxy_h.h --- /* this ALWAYS GENERATED file contains the definitions for the interfaces */ /* File created by MIDL compiler version 6.00.0361 */ /* at Wed Feb 07 16:18:20 2007 */ /* Compiler settings for .\RedHatCSProxy.idl: Oicf, W1, Zp8, env=Win32 (32b run) protocol : dce , ms_ext, c_ext, robust error checks: allocation ref bounds_check enum stub_data VC __declspec() decoration level: __declspec(uuid()), __declspec(selectany), __declspec(novtable) DECLSPEC_UUID(), MIDL_INTERFACE() */ //@@MIDL_FILE_HEADING( ) #pragma warning( disable: 4049 ) /* more than 64k source lines */ /* verify that the version is high enough to compile this file*/ #ifndef __REQUIRED_RPCNDR_H_VERSION__ #define __REQUIRED_RPCNDR_H_VERSION__ 475 #endif #include "rpc.h" #include "rpcndr.h" #ifndef __RPCNDR_H_VERSION__ #error this stub requires an updated version of #endif // __RPCNDR_H_VERSION__ #ifndef COM_NO_WINDOWS_H #include "windows.h" #include "ole2.h" #endif /*COM_NO_WINDOWS_H*/ #ifndef __RedHatCSProxy_h_h__ #define __RedHatCSProxy_h_h__ #if defined(_MSC_VER) && (_MSC_VER >= 1020) #pragma once #endif /* Forward Declarations */ #ifndef __ICertRequestD_FWD_DEFINED__ #define __ICertRequestD_FWD_DEFINED__ typedef interface ICertRequestD ICertRequestD; #endif /* __ICertRequestD_FWD_DEFINED__ */ #ifndef __ICertRequestD2_FWD_DEFINED__ #define __ICertRequestD2_FWD_DEFINED__ typedef interface ICertRequestD2 ICertRequestD2; #endif /* __ICertRequestD2_FWD_DEFINED__ */ #ifndef __CCertRequestD_FWD_DEFINED__ #define __CCertRequestD_FWD_DEFINED__ #ifdef __cplusplus typedef class CCertRequestD CCertRequestD; #else typedef struct CCertRequestD CCertRequestD; #endif /* __cplusplus */ #endif /* __CCertRequestD_FWD_DEFINED__ */ /* header files for imported files */ #include "oaidl.h" #include "ocidl.h" #ifdef __cplusplus extern "C"{ #endif void * __RPC_USER MIDL_user_allocate(size_t); void __RPC_USER MIDL_user_free( void * ); /* interface __MIDL_itf_RedHatCSProxy_0000 */ /* [local] */ typedef struct _CERTTRANSBLOB { unsigned long cb; /* [unique][size_is] */ BYTE *pb; } CERTTRANSBLOB; extern RPC_IF_HANDLE __MIDL_itf_RedHatCSProxy_0000_v0_0_c_ifspec; extern RPC_IF_HANDLE __MIDL_itf_RedHatCSProxy_0000_v0_0_s_ifspec; #ifndef __ICertRequestD_INTERFACE_DEFINED__ #define __ICertRequestD_INTERFACE_DEFINED__ /* interface ICertRequestD */ /* [unique][helpstring][dual][uuid][object] */ EXTERN_C const IID IID_ICertRequestD; #if defined(__cplusplus) && !defined(CINTERFACE) MIDL_INTERFACE("d99e6e70-fc88-11d0-b498-00a0c90312f3") ICertRequestD : public IUnknown { public: virtual HRESULT STDMETHODCALLTYPE Request( /* [in] */ DWORD dwFlags, /* [in][string][unique] */ const wchar_t *pwszAuthority, /* [in][out][ref] */ DWORD *pdwRequestId, /* [out] */ DWORD *pdwDisposition, /* [in][string][unique] */ const wchar_t *pwszAttributes, /* [in][ref] */ const CERTTRANSBLOB *pctbRequest, /* [out][ref] */ CERTTRANSBLOB *pctbCertChain, /* [out][ref] */ CERTTRANSBLOB *pctbEncodedCert, /* [out][ref] */ CERTTRANSBLOB *pctbDispositionMessage) = 0; virtual HRESULT STDMETHODCALLTYPE GetCACert( /* [in] */ DWORD fchain, /* [in][string][unique] */ const wchar_t *pwszAuthority, /* [out][ref] */ CERTTRANSBLOB *pctbOut) = 0; virtual HRESULT STDMETHODCALLTYPE Ping( /* [in][string][unique] */ const wchar_t *pwszAuthority) = 0; }; #else /* C style interface */ typedef struct ICertRequestDVtbl { BEGIN_INTERFACE HRESULT ( STDMETHODCALLTYPE *QueryInterface )( ICertRequestD * This, /* [in] */ REFIID riid, /* [iid_is][out] */ void **ppvObject); ULONG ( STDMETHODCALLTYPE *AddRef )( ICertRequestD * This); ULONG ( STDMETHODCALLTYPE *Release )( ICertRequestD * This); HRESULT ( STDMETHODCALLTYPE *Request )( ICertRequestD * This, /* [in] */ DWORD dwFlags, /* [in][string][unique] */ const wchar_t *pwszAuthority, /* [in][out][ref] */ DWORD *pdwRequestId, /* [out] */ DWORD *pdwDisposition, /* [in][string][unique] */ const wchar_t *pwszAttributes, /* [in][ref] */ const CERTTRANSBLOB *pctbRequest, /* [out][ref] */ CERTTRANSBLOB *pctbCertChain, /* [out][ref] */ CERTTRANSBLOB *pctbEncodedCert, /* [out][ref] */ CERTTRANSBLOB *pctbDispositionMessage); HRESULT ( STDMETHODCALLTYPE *GetCACert )( ICertRequestD * This, /* [in] */ DWORD fchain, /* [in][string][unique] */ const wchar_t *pwszAuthority, /* [out][ref] */ CERTTRANSBLOB *pctbOut); HRESULT ( STDMETHODCALLTYPE *Ping )( ICertRequestD * This, /* [in][string][unique] */ const wchar_t *pwszAuthority); END_INTERFACE } ICertRequestDVtbl; interface ICertRequestD { CONST_VTBL struct ICertRequestDVtbl *lpVtbl; }; #ifdef COBJMACROS #define ICertRequestD_QueryInterface(This,riid,ppvObject) \ (This)->lpVtbl -> QueryInterface(This,riid,ppvObject) #define ICertRequestD_AddRef(This) \ (This)->lpVtbl -> AddRef(This) #define ICertRequestD_Release(This) \ (This)->lpVtbl -> Release(This) #define ICertRequestD_Request(This,dwFlags,pwszAuthority,pdwRequestId,pdwDisposition,pwszAttributes,pctbRequest,pctbCertChain,pctbEncodedCert,pctbDispositionMessage) \ (This)->lpVtbl -> Request(This,dwFlags,pwszAuthority,pdwRequestId,pdwDisposition,pwszAttributes,pctbRequest,pctbCertChain,pctbEncodedCert,pctbDispositionMessage) #define ICertRequestD_GetCACert(This,fchain,pwszAuthority,pctbOut) \ (This)->lpVtbl -> GetCACert(This,fchain,pwszAuthority,pctbOut) #define ICertRequestD_Ping(This,pwszAuthority) \ (This)->lpVtbl -> Ping(This,pwszAuthority) #endif /* COBJMACROS */ #endif /* C style interface */ HRESULT STDMETHODCALLTYPE ICertRequestD_Request_Proxy( ICertRequestD * This, /* [in] */ DWORD dwFlags, /* [in][string][unique] */ const wchar_t *pwszAuthority, /* [in][out][ref] */ DWORD *pdwRequestId, /* [out] */ DWORD *pdwDisposition, /* [in][string][unique] */ const wchar_t *pwszAttributes, /* [in][ref] */ const CERTTRANSBLOB *pctbRequest, /* [out][ref] */ CERTTRANSBLOB *pctbCertChain, /* [out][ref] */ CERTTRANSBLOB *pctbEncodedCert, /* [out][ref] */ CERTTRANSBLOB *pctbDispositionMessage); void __RPC_STUB ICertRequestD_Request_Stub( IRpcStubBuffer *This, IRpcChannelBuffer *_pRpcChannelBuffer, PRPC_MESSAGE _pRpcMessage, DWORD *_pdwStubPhase); HRESULT STDMETHODCALLTYPE ICertRequestD_GetCACert_Proxy( ICertRequestD * This, /* [in] */ DWORD fchain, /* [in][string][unique] */ const wchar_t *pwszAuthority, /* [out][ref] */ CERTTRANSBLOB *pctbOut); void __RPC_STUB ICertRequestD_GetCACert_Stub( IRpcStubBuffer *This, IRpcChannelBuffer *_pRpcChannelBuffer, PRPC_MESSAGE _pRpcMessage, DWORD *_pdwStubPhase); HRESULT STDMETHODCALLTYPE ICertRequestD_Ping_Proxy( ICertRequestD * This, /* [in][string][unique] */ const wchar_t *pwszAuthority); void __RPC_STUB ICertRequestD_Ping_Stub( IRpcStubBuffer *This, IRpcChannelBuffer *_pRpcChannelBuffer, PRPC_MESSAGE _pRpcMessage, DWORD *_pdwStubPhase); #endif /* __ICertRequestD_INTERFACE_DEFINED__ */ #ifndef __ICertRequestD2_INTERFACE_DEFINED__ #define __ICertRequestD2_INTERFACE_DEFINED__ /* interface ICertRequestD2 */ /* [unique][helpstring][dual][uuid][object] */ EXTERN_C const IID IID_ICertRequestD2; #if defined(__cplusplus) && !defined(CINTERFACE) MIDL_INTERFACE("5422fd3a-d4b8-4cef-a12e-e87d4ca22e90") ICertRequestD2 : public ICertRequestD { public: virtual HRESULT STDMETHODCALLTYPE Request2( /* [in][string][unique] */ const wchar_t *pwszAuthority, /* [in] */ DWORD dwFlags, /* [in][string][unique] */ const wchar_t *pwszSerialNumber, /* [in][out][ref] */ DWORD *pdwRequestId, /* [out] */ DWORD *pdwDisposition, /* [in][string][unique] */ const wchar_t *pwszAttributes, /* [in][ref] */ const CERTTRANSBLOB *pctbRequest, /* [out][ref] */ CERTTRANSBLOB *pctbFullResponse, /* [out][ref] */ CERTTRANSBLOB *pctbEncodedCert, /* [out][ref] */ CERTTRANSBLOB *pctbDispositionMessage) = 0; virtual HRESULT STDMETHODCALLTYPE GetCAProperty( /* [in][string][unique] */ const wchar_t *pwszAuthority, /* [in] */ LONG PropId, /* [in] */ LONG PropIndex, /* [in] */ LONG PropType, /* [out][ref] */ CERTTRANSBLOB *pctbPropertyValue) = 0; virtual HRESULT STDMETHODCALLTYPE GetCAPropertyInfo( /* [in][string][unique] */ const wchar_t *pwszAuthority, /* [out] */ LONG *pcProperty, /* [out][ref] */ CERTTRANSBLOB *pctbPropInfo) = 0; virtual HRESULT STDMETHODCALLTYPE Ping2( /* [in][string][unique] */ const wchar_t *pwszAuthority) = 0; }; #else /* C style interface */ typedef struct ICertRequestD2Vtbl { BEGIN_INTERFACE HRESULT ( STDMETHODCALLTYPE *QueryInterface )( ICertRequestD2 * This, /* [in] */ REFIID riid, /* [iid_is][out] */ void **ppvObject); ULONG ( STDMETHODCALLTYPE *AddRef )( ICertRequestD2 * This); ULONG ( STDMETHODCALLTYPE *Release )( ICertRequestD2 * This); HRESULT ( STDMETHODCALLTYPE *Request )( ICertRequestD2 * This, /* [in] */ DWORD dwFlags, /* [in][string][unique] */ const wchar_t *pwszAuthority, /* [in][out][ref] */ DWORD *pdwRequestId, /* [out] */ DWORD *pdwDisposition, /* [in][string][unique] */ const wchar_t *pwszAttributes, /* [in][ref] */ const CERTTRANSBLOB *pctbRequest, /* [out][ref] */ CERTTRANSBLOB *pctbCertChain, /* [out][ref] */ CERTTRANSBLOB *pctbEncodedCert, /* [out][ref] */ CERTTRANSBLOB *pctbDispositionMessage); HRESULT ( STDMETHODCALLTYPE *GetCACert )( ICertRequestD2 * This, /* [in] */ DWORD fchain, /* [in][string][unique] */ const wchar_t *pwszAuthority, /* [out][ref] */ CERTTRANSBLOB *pctbOut); HRESULT ( STDMETHODCALLTYPE *Ping )( ICertRequestD2 * This, /* [in][string][unique] */ const wchar_t *pwszAuthority); HRESULT ( STDMETHODCALLTYPE *Request2 )( ICertRequestD2 * This, /* [in][string][unique] */ const wchar_t *pwszAuthority, /* [in] */ DWORD dwFlags, /* [in][string][unique] */ const wchar_t *pwszSerialNumber, /* [in][out][ref] */ DWORD *pdwRequestId, /* [out] */ DWORD *pdwDisposition, /* [in][string][unique] */ const wchar_t *pwszAttributes, /* [in][ref] */ const CERTTRANSBLOB *pctbRequest, /* [out][ref] */ CERTTRANSBLOB *pctbFullResponse, /* [out][ref] */ CERTTRANSBLOB *pctbEncodedCert, /* [out][ref] */ CERTTRANSBLOB *pctbDispositionMessage); HRESULT ( STDMETHODCALLTYPE *GetCAProperty )( ICertRequestD2 * This, /* [in][string][unique] */ const wchar_t *pwszAuthority, /* [in] */ LONG PropId, /* [in] */ LONG PropIndex, /* [in] */ LONG PropType, /* [out][ref] */ CERTTRANSBLOB *pctbPropertyValue); HRESULT ( STDMETHODCALLTYPE *GetCAPropertyInfo )( ICertRequestD2 * This, /* [in][string][unique] */ const wchar_t *pwszAuthority, /* [out] */ LONG *pcProperty, /* [out][ref] */ CERTTRANSBLOB *pctbPropInfo); HRESULT ( STDMETHODCALLTYPE *Ping2 )( ICertRequestD2 * This, /* [in][string][unique] */ const wchar_t *pwszAuthority); END_INTERFACE } ICertRequestD2Vtbl; interface ICertRequestD2 { CONST_VTBL struct ICertRequestD2Vtbl *lpVtbl; }; #ifdef COBJMACROS #define ICertRequestD2_QueryInterface(This,riid,ppvObject) \ (This)->lpVtbl -> QueryInterface(This,riid,ppvObject) #define ICertRequestD2_AddRef(This) \ (This)->lpVtbl -> AddRef(This) #define ICertRequestD2_Release(This) \ (This)->lpVtbl -> Release(This) #define ICertRequestD2_Request(This,dwFlags,pwszAuthority,pdwRequestId,pdwDisposition,pwszAttributes,pctbRequest,pctbCertChain,pctbEncodedCert,pctbDispositionMessage) \ (This)->lpVtbl -> Request(This,dwFlags,pwszAuthority,pdwRequestId,pdwDisposition,pwszAttributes,pctbRequest,pctbCertChain,pctbEncodedCert,pctbDispositionMessage) #define ICertRequestD2_GetCACert(This,fchain,pwszAuthority,pctbOut) \ (This)->lpVtbl -> GetCACert(This,fchain,pwszAuthority,pctbOut) #define ICertRequestD2_Ping(This,pwszAuthority) \ (This)->lpVtbl -> Ping(This,pwszAuthority) #define ICertRequestD2_Request2(This,pwszAuthority,dwFlags,pwszSerialNumber,pdwRequestId,pdwDisposition,pwszAttributes,pctbRequest,pctbFullResponse,pctbEncodedCert,pctbDispositionMessage) \ (This)->lpVtbl -> Request2(This,pwszAuthority,dwFlags,pwszSerialNumber,pdwRequestId,pdwDisposition,pwszAttributes,pctbRequest,pctbFullResponse,pctbEncodedCert,pctbDispositionMessage) #define ICertRequestD2_GetCAProperty(This,pwszAuthority,PropId,PropIndex,PropType,pctbPropertyValue) \ (This)->lpVtbl -> GetCAProperty(This,pwszAuthority,PropId,PropIndex,PropType,pctbPropertyValue) #define ICertRequestD2_GetCAPropertyInfo(This,pwszAuthority,pcProperty,pctbPropInfo) \ (This)->lpVtbl -> GetCAPropertyInfo(This,pwszAuthority,pcProperty,pctbPropInfo) #define ICertRequestD2_Ping2(This,pwszAuthority) \ (This)->lpVtbl -> Ping2(This,pwszAuthority) #endif /* COBJMACROS */ #endif /* C style interface */ HRESULT STDMETHODCALLTYPE ICertRequestD2_Request2_Proxy( ICertRequestD2 * This, /* [in][string][unique] */ const wchar_t *pwszAuthority, /* [in] */ DWORD dwFlags, /* [in][string][unique] */ const wchar_t *pwszSerialNumber, /* [in][out][ref] */ DWORD *pdwRequestId, /* [out] */ DWORD *pdwDisposition, /* [in][string][unique] */ const wchar_t *pwszAttributes, /* [in][ref] */ const CERTTRANSBLOB *pctbRequest, /* [out][ref] */ CERTTRANSBLOB *pctbFullResponse, /* [out][ref] */ CERTTRANSBLOB *pctbEncodedCert, /* [out][ref] */ CERTTRANSBLOB *pctbDispositionMessage); void __RPC_STUB ICertRequestD2_Request2_Stub( IRpcStubBuffer *This, IRpcChannelBuffer *_pRpcChannelBuffer, PRPC_MESSAGE _pRpcMessage, DWORD *_pdwStubPhase); HRESULT STDMETHODCALLTYPE ICertRequestD2_GetCAProperty_Proxy( ICertRequestD2 * This, /* [in][string][unique] */ const wchar_t *pwszAuthority, /* [in] */ LONG PropId, /* [in] */ LONG PropIndex, /* [in] */ LONG PropType, /* [out][ref] */ CERTTRANSBLOB *pctbPropertyValue); void __RPC_STUB ICertRequestD2_GetCAProperty_Stub( IRpcStubBuffer *This, IRpcChannelBuffer *_pRpcChannelBuffer, PRPC_MESSAGE _pRpcMessage, DWORD *_pdwStubPhase); HRESULT STDMETHODCALLTYPE ICertRequestD2_GetCAPropertyInfo_Proxy( ICertRequestD2 * This, /* [in][string][unique] */ const wchar_t *pwszAuthority, /* [out] */ LONG *pcProperty, /* [out][ref] */ CERTTRANSBLOB *pctbPropInfo); void __RPC_STUB ICertRequestD2_GetCAPropertyInfo_Stub( IRpcStubBuffer *This, IRpcChannelBuffer *_pRpcChannelBuffer, PRPC_MESSAGE _pRpcMessage, DWORD *_pdwStubPhase); HRESULT STDMETHODCALLTYPE ICertRequestD2_Ping2_Proxy( ICertRequestD2 * This, /* [in][string][unique] */ const wchar_t *pwszAuthority); void __RPC_STUB ICertRequestD2_Ping2_Stub( IRpcStubBuffer *This, IRpcChannelBuffer *_pRpcChannelBuffer, PRPC_MESSAGE _pRpcMessage, DWORD *_pdwStubPhase); #endif /* __ICertRequestD2_INTERFACE_DEFINED__ */ #ifndef __redhattypelib_LIBRARY_DEFINED__ #define __redhattypelib_LIBRARY_DEFINED__ /* library redhattypelib */ /* [version][helpstring][uuid] */ EXTERN_C const IID LIBID_redhattypelib; EXTERN_C const CLSID CLSID_CCertRequestD; #ifdef __cplusplus class DECLSPEC_UUID("d99e6e74-fc88-11d0-b498-00a0c90312f3") CCertRequestD; #endif #endif /* __redhattypelib_LIBRARY_DEFINED__ */ /* Additional Prototypes for ALL interfaces */ /* end of Additional Prototypes */ #ifdef __cplusplus } #endif #endif --- NEW FILE RedHatCSProxy_i.c --- /* this ALWAYS GENERATED file contains the IIDs and CLSIDs */ /* link this file in with the server and any clients */ /* File created by MIDL compiler version 6.00.0361 */ /* at Wed Feb 07 16:18:20 2007 */ /* Compiler settings for .\RedHatCSProxy.idl: Oicf, W1, Zp8, env=Win32 (32b run) protocol : dce , ms_ext, c_ext, robust error checks: allocation ref bounds_check enum stub_data VC __declspec() decoration level: __declspec(uuid()), __declspec(selectany), __declspec(novtable) DECLSPEC_UUID(), MIDL_INTERFACE() */ //@@MIDL_FILE_HEADING( ) #if !defined(_M_IA64) && !defined(_M_AMD64) #pragma warning( disable: 4049 ) /* more than 64k source lines */ #ifdef __cplusplus extern "C"{ #endif #include #include #ifdef _MIDL_USE_GUIDDEF_ #ifndef INITGUID #define INITGUID #include #undef INITGUID #else #include #endif #define MIDL_DEFINE_GUID(type,name,l,w1,w2,b1,b2,b3,b4,b5,b6,b7,b8) \ DEFINE_GUID(name,l,w1,w2,b1,b2,b3,b4,b5,b6,b7,b8) #else // !_MIDL_USE_GUIDDEF_ #ifndef __IID_DEFINED__ #define __IID_DEFINED__ typedef struct _IID { unsigned long x; unsigned short s1; unsigned short s2; unsigned char c[8]; } IID; #endif // __IID_DEFINED__ #ifndef CLSID_DEFINED #define CLSID_DEFINED typedef IID CLSID; #endif // CLSID_DEFINED #define MIDL_DEFINE_GUID(type,name,l,w1,w2,b1,b2,b3,b4,b5,b6,b7,b8) \ const type name = {l,w1,w2,{b1,b2,b3,b4,b5,b6,b7,b8}} #endif !_MIDL_USE_GUIDDEF_ MIDL_DEFINE_GUID(IID, IID_ICertRequestD,0xd99e6e70,0xfc88,0x11d0,0xb4,0x98,0x00,0xa0,0xc9,0x03,0x12,0xf3); MIDL_DEFINE_GUID(IID, IID_ICertRequestD2,0x5422fd3a,0xd4b8,0x4cef,0xa1,0x2e,0xe8,0x7d,0x4c,0xa2,0x2e,0x90); MIDL_DEFINE_GUID(IID, LIBID_redhattypelib,0x96946675,0x8068,0x403f,0x88,0x9C,0xF4,0x06,0xD5,0x7F,0xE8,0xA2); MIDL_DEFINE_GUID(CLSID, CLSID_CCertRequestD,0xd99e6e74,0xfc88,0x11d0,0xb4,0x98,0x00,0xa0,0xc9,0x03,0x12,0xf3); #undef MIDL_DEFINE_GUID #ifdef __cplusplus } #endif #endif /* !defined(_M_IA64) && !defined(_M_AMD64)*/ --- NEW FILE RedHatCSProxy_p.c --- /* this ALWAYS GENERATED file contains the proxy stub code */ /* File created by MIDL compiler version 6.00.0361 */ /* at Wed Feb 07 16:18:20 2007 */ /* Compiler settings for .\RedHatCSProxy.idl: Oicf, W1, Zp8, env=Win32 (32b run) protocol : dce , ms_ext, c_ext, robust error checks: allocation ref bounds_check enum stub_data VC __declspec() decoration level: __declspec(uuid()), __declspec(selectany), __declspec(novtable) DECLSPEC_UUID(), MIDL_INTERFACE() */ //@@MIDL_FILE_HEADING( ) #if !defined(_M_IA64) && !defined(_M_AMD64) #pragma warning( disable: 4049 ) /* more than 64k source lines */ #if _MSC_VER >= 1200 #pragma warning(push) #endif #pragma warning( disable: 4100 ) /* unreferenced arguments in x86 call */ #pragma warning( disable: 4211 ) /* redefine extent to static */ #pragma warning( disable: 4232 ) /* dllimport identity*/ #define USE_STUBLESS_PROXY /* verify that the version is high enough to compile this file*/ #ifndef __REDQ_RPCPROXY_H_VERSION__ #define __REQUIRED_RPCPROXY_H_VERSION__ 475 #endif #include "rpcproxy.h" #ifndef __RPCPROXY_H_VERSION__ #error this stub requires an updated version of #endif // __RPCPROXY_H_VERSION__ #include "RedHatCSProxy_h.h" #define TYPE_FORMAT_STRING_SIZE 55 #define PROC_FORMAT_STRING_SIZE 403 #define TRANSMIT_AS_TABLE_SIZE 0 #define WIRE_MARSHAL_TABLE_SIZE 0 typedef struct _MIDL_TYPE_FORMAT_STRING { short Pad; unsigned char Format[ TYPE_FORMAT_STRING_SIZE ]; } MIDL_TYPE_FORMAT_STRING; typedef struct _MIDL_PROC_FORMAT_STRING { short Pad; unsigned char Format[ PROC_FORMAT_STRING_SIZE ]; } MIDL_PROC_FORMAT_STRING; static RPC_SYNTAX_IDENTIFIER _RpcTransferSyntax = {{0x8A885D04,0x1CEB,0x11C9,{0x9F,0xE8,0x08,0x00,0x2B,0x10,0x48,0x60}},{2,0}}; extern const MIDL_TYPE_FORMAT_STRING __MIDL_TypeFormatString; extern const MIDL_PROC_FORMAT_STRING __MIDL_ProcFormatString; extern const MIDL_STUB_DESC Object_StubDesc; extern const MIDL_SERVER_INFO ICertRequestD_ServerInfo; extern const MIDL_STUBLESS_PROXY_INFO ICertRequestD_ProxyInfo; extern const MIDL_STUB_DESC Object_StubDesc; extern const MIDL_SERVER_INFO ICertRequestD2_ServerInfo; extern const MIDL_STUBLESS_PROXY_INFO ICertRequestD2_ProxyInfo; #if !defined(__RPC_WIN32__) #error Invalid build platform for this stub. #endif #if !(TARGET_IS_NT50_OR_LATER) #error You need a Windows 2000 or later to run this stub because it uses these features: #error /robust command line switch. #error However, your C/C++ compilation flags indicate you intend to run this app on earlier systems. #error This app will die there with the RPC_X_WRONG_STUB_VERSION error. #endif static const MIDL_PROC_FORMAT_STRING __MIDL_ProcFormatString = { 0, { /* Procedure Request */ 0x33, /* FC_AUTO_HANDLE */ 0x6c, /* Old Flags: object, Oi2 */ /* 2 */ NdrFcLong( 0x0 ), /* 0 */ /* 6 */ NdrFcShort( 0x3 ), /* 3 */ /* 8 */ NdrFcShort( 0x2c ), /* x86 Stack size/offset = 44 */ /* 10 */ NdrFcShort( 0x24 ), /* 36 */ /* 12 */ NdrFcShort( 0x40 ), /* 64 */ /* 14 */ 0x47, /* Oi2 Flags: srv must size, clt must size, has return, has ext, */ 0xa, /* 10 */ /* 16 */ 0x8, /* 8 */ 0x7, /* Ext Flags: new corr desc, clt corr check, srv corr check, */ /* 18 */ NdrFcShort( 0x3 ), /* 3 */ /* 20 */ NdrFcShort( 0x1 ), /* 1 */ /* 22 */ NdrFcShort( 0x0 ), /* 0 */ /* Parameter dwFlags */ /* 24 */ NdrFcShort( 0x48 ), /* Flags: in, base type, */ /* 26 */ NdrFcShort( 0x4 ), /* x86 Stack size/offset = 4 */ /* 28 */ 0x8, /* FC_LONG */ 0x0, /* 0 */ /* Parameter pwszAuthority */ /* 30 */ NdrFcShort( 0xb ), /* Flags: must size, must free, in, */ /* 32 */ NdrFcShort( 0x8 ), /* x86 Stack size/offset = 8 */ /* 34 */ NdrFcShort( 0x2 ), /* Type Offset=2 */ /* Parameter pdwRequestId */ /* 36 */ NdrFcShort( 0x158 ), /* Flags: in, out, base type, simple ref, */ /* 38 */ NdrFcShort( 0xc ), /* x86 Stack size/offset = 12 */ /* 40 */ 0x8, /* FC_LONG */ 0x0, /* 0 */ /* Parameter pdwDisposition */ /* 42 */ NdrFcShort( 0x2150 ), /* Flags: out, base type, simple ref, srv alloc size=8 */ /* 44 */ NdrFcShort( 0x10 ), /* x86 Stack size/offset = 16 */ /* 46 */ 0x8, /* FC_LONG */ 0x0, /* 0 */ /* Parameter pwszAttributes */ /* 48 */ NdrFcShort( 0xb ), /* Flags: must size, must free, in, */ /* 50 */ NdrFcShort( 0x14 ), /* x86 Stack size/offset = 20 */ /* 52 */ NdrFcShort( 0x2 ), /* Type Offset=2 */ /* Parameter pctbRequest */ /* 54 */ NdrFcShort( 0x10b ), /* Flags: must size, must free, in, simple ref, */ /* 56 */ NdrFcShort( 0x18 ), /* x86 Stack size/offset = 24 */ /* 58 */ NdrFcShort( 0x1e ), /* Type Offset=30 */ /* Parameter pctbCertChain */ /* 60 */ NdrFcShort( 0x2113 ), /* Flags: must size, must free, out, simple ref, srv alloc size=8 */ /* 62 */ NdrFcShort( 0x1c ), /* x86 Stack size/offset = 28 */ /* 64 */ NdrFcShort( 0x1e ), /* Type Offset=30 */ /* Parameter pctbEncodedCert */ /* 66 */ NdrFcShort( 0x2113 ), /* Flags: must size, must free, out, simple ref, srv alloc size=8 */ /* 68 */ NdrFcShort( 0x20 ), /* x86 Stack size/offset = 32 */ /* 70 */ NdrFcShort( 0x1e ), /* Type Offset=30 */ /* Parameter pctbDispositionMessage */ /* 72 */ NdrFcShort( 0x2113 ), /* Flags: must size, must free, out, simple ref, srv alloc size=8 */ /* 74 */ NdrFcShort( 0x24 ), /* x86 Stack size/offset = 36 */ /* 76 */ NdrFcShort( 0x1e ), /* Type Offset=30 */ /* Return value */ /* 78 */ NdrFcShort( 0x70 ), /* Flags: out, return, base type, */ /* 80 */ NdrFcShort( 0x28 ), /* x86 Stack size/offset = 40 */ /* 82 */ 0x8, /* FC_LONG */ 0x0, /* 0 */ /* Procedure GetCACert */ /* 84 */ 0x33, /* FC_AUTO_HANDLE */ 0x6c, /* Old Flags: object, Oi2 */ /* 86 */ NdrFcLong( 0x0 ), /* 0 */ /* 90 */ NdrFcShort( 0x4 ), /* 4 */ /* 92 */ NdrFcShort( 0x14 ), /* x86 Stack size/offset = 20 */ /* 94 */ NdrFcShort( 0x8 ), /* 8 */ /* 96 */ NdrFcShort( 0x8 ), /* 8 */ /* 98 */ 0x47, /* Oi2 Flags: srv must size, clt must size, has return, has ext, */ 0x4, /* 4 */ /* 100 */ 0x8, /* 8 */ 0x3, /* Ext Flags: new corr desc, clt corr check, */ /* 102 */ NdrFcShort( 0x1 ), /* 1 */ /* 104 */ NdrFcShort( 0x0 ), /* 0 */ /* 106 */ NdrFcShort( 0x0 ), /* 0 */ /* Parameter fchain */ /* 108 */ NdrFcShort( 0x48 ), /* Flags: in, base type, */ /* 110 */ NdrFcShort( 0x4 ), /* x86 Stack size/offset = 4 */ /* 112 */ 0x8, /* FC_LONG */ 0x0, /* 0 */ /* Parameter pwszAuthority */ /* 114 */ NdrFcShort( 0xb ), /* Flags: must size, must free, in, */ /* 116 */ NdrFcShort( 0x8 ), /* x86 Stack size/offset = 8 */ /* 118 */ NdrFcShort( 0x2 ), /* Type Offset=2 */ /* Parameter pctbOut */ /* 120 */ NdrFcShort( 0x2113 ), /* Flags: must size, must free, out, simple ref, srv alloc size=8 */ /* 122 */ NdrFcShort( 0xc ), /* x86 Stack size/offset = 12 */ /* 124 */ NdrFcShort( 0x1e ), /* Type Offset=30 */ /* Return value */ /* 126 */ NdrFcShort( 0x70 ), /* Flags: out, return, base type, */ /* 128 */ NdrFcShort( 0x10 ), /* x86 Stack size/offset = 16 */ /* 130 */ 0x8, /* FC_LONG */ 0x0, /* 0 */ /* Procedure Ping */ /* 132 */ 0x33, /* FC_AUTO_HANDLE */ 0x6c, /* Old Flags: object, Oi2 */ /* 134 */ NdrFcLong( 0x0 ), /* 0 */ /* 138 */ NdrFcShort( 0x5 ), /* 5 */ /* 140 */ NdrFcShort( 0xc ), /* x86 Stack size/offset = 12 */ /* 142 */ NdrFcShort( 0x0 ), /* 0 */ /* 144 */ NdrFcShort( 0x8 ), /* 8 */ /* 146 */ 0x46, /* Oi2 Flags: clt must size, has return, has ext, */ 0x2, /* 2 */ /* 148 */ 0x8, /* 8 */ 0x1, /* Ext Flags: new corr desc, */ /* 150 */ NdrFcShort( 0x0 ), /* 0 */ /* 152 */ NdrFcShort( 0x0 ), /* 0 */ /* 154 */ NdrFcShort( 0x0 ), /* 0 */ /* Parameter pwszAuthority */ /* 156 */ NdrFcShort( 0xb ), /* Flags: must size, must free, in, */ /* 158 */ NdrFcShort( 0x4 ), /* x86 Stack size/offset = 4 */ /* 160 */ NdrFcShort( 0x2 ), /* Type Offset=2 */ /* Return value */ /* 162 */ NdrFcShort( 0x70 ), /* Flags: out, return, base type, */ /* 164 */ NdrFcShort( 0x8 ), /* x86 Stack size/offset = 8 */ /* 166 */ 0x8, /* FC_LONG */ 0x0, /* 0 */ /* Procedure Request2 */ /* 168 */ 0x33, /* FC_AUTO_HANDLE */ 0x6c, /* Old Flags: object, Oi2 */ /* 170 */ NdrFcLong( 0x0 ), /* 0 */ /* 174 */ NdrFcShort( 0x6 ), /* 6 */ /* 176 */ NdrFcShort( 0x30 ), /* x86 Stack size/offset = 48 */ /* 178 */ NdrFcShort( 0x24 ), /* 36 */ /* 180 */ NdrFcShort( 0x40 ), /* 64 */ /* 182 */ 0x47, /* Oi2 Flags: srv must size, clt must size, has return, has ext, */ 0xb, /* 11 */ /* 184 */ 0x8, /* 8 */ 0x7, /* Ext Flags: new corr desc, clt corr check, srv corr check, */ /* 186 */ NdrFcShort( 0x3 ), /* 3 */ /* 188 */ NdrFcShort( 0x1 ), /* 1 */ /* 190 */ NdrFcShort( 0x0 ), /* 0 */ /* Parameter pwszAuthority */ /* 192 */ NdrFcShort( 0xb ), /* Flags: must size, must free, in, */ /* 194 */ NdrFcShort( 0x4 ), /* x86 Stack size/offset = 4 */ /* 196 */ NdrFcShort( 0x2 ), /* Type Offset=2 */ /* Parameter dwFlags */ /* 198 */ NdrFcShort( 0x48 ), /* Flags: in, base type, */ /* 200 */ NdrFcShort( 0x8 ), /* x86 Stack size/offset = 8 */ /* 202 */ 0x8, /* FC_LONG */ 0x0, /* 0 */ /* Parameter pwszSerialNumber */ /* 204 */ NdrFcShort( 0xb ), /* Flags: must size, must free, in, */ /* 206 */ NdrFcShort( 0xc ), /* x86 Stack size/offset = 12 */ /* 208 */ NdrFcShort( 0x2 ), /* Type Offset=2 */ /* Parameter pdwRequestId */ /* 210 */ NdrFcShort( 0x158 ), /* Flags: in, out, base type, simple ref, */ /* 212 */ NdrFcShort( 0x10 ), /* x86 Stack size/offset = 16 */ /* 214 */ 0x8, /* FC_LONG */ 0x0, /* 0 */ /* Parameter pdwDisposition */ /* 216 */ NdrFcShort( 0x2150 ), /* Flags: out, base type, simple ref, srv alloc size=8 */ /* 218 */ NdrFcShort( 0x14 ), /* x86 Stack size/offset = 20 */ /* 220 */ 0x8, /* FC_LONG */ 0x0, /* 0 */ /* Parameter pwszAttributes */ /* 222 */ NdrFcShort( 0xb ), /* Flags: must size, must free, in, */ /* 224 */ NdrFcShort( 0x18 ), /* x86 Stack size/offset = 24 */ /* 226 */ NdrFcShort( 0x2 ), /* Type Offset=2 */ /* Parameter pctbRequest */ /* 228 */ NdrFcShort( 0x10b ), /* Flags: must size, must free, in, simple ref, */ /* 230 */ NdrFcShort( 0x1c ), /* x86 Stack size/offset = 28 */ /* 232 */ NdrFcShort( 0x1e ), /* Type Offset=30 */ /* Parameter pctbFullResponse */ /* 234 */ NdrFcShort( 0x2113 ), /* Flags: must size, must free, out, simple ref, srv alloc size=8 */ /* 236 */ NdrFcShort( 0x20 ), /* x86 Stack size/offset = 32 */ /* 238 */ NdrFcShort( 0x1e ), /* Type Offset=30 */ /* Parameter pctbEncodedCert */ /* 240 */ NdrFcShort( 0x2113 ), /* Flags: must size, must free, out, simple ref, srv alloc size=8 */ /* 242 */ NdrFcShort( 0x24 ), /* x86 Stack size/offset = 36 */ /* 244 */ NdrFcShort( 0x1e ), /* Type Offset=30 */ /* Parameter pctbDispositionMessage */ /* 246 */ NdrFcShort( 0x2113 ), /* Flags: must size, must free, out, simple ref, srv alloc size=8 */ /* 248 */ NdrFcShort( 0x28 ), /* x86 Stack size/offset = 40 */ /* 250 */ NdrFcShort( 0x1e ), /* Type Offset=30 */ /* Return value */ /* 252 */ NdrFcShort( 0x70 ), /* Flags: out, return, base type, */ /* 254 */ NdrFcShort( 0x2c ), /* x86 Stack size/offset = 44 */ /* 256 */ 0x8, /* FC_LONG */ 0x0, /* 0 */ /* Procedure GetCAProperty */ /* 258 */ 0x33, /* FC_AUTO_HANDLE */ 0x6c, /* Old Flags: object, Oi2 */ /* 260 */ NdrFcLong( 0x0 ), /* 0 */ /* 264 */ NdrFcShort( 0x7 ), /* 7 */ /* 266 */ NdrFcShort( 0x1c ), /* x86 Stack size/offset = 28 */ /* 268 */ NdrFcShort( 0x18 ), /* 24 */ /* 270 */ NdrFcShort( 0x8 ), /* 8 */ /* 272 */ 0x47, /* Oi2 Flags: srv must size, clt must size, has return, has ext, */ 0x6, /* 6 */ /* 274 */ 0x8, /* 8 */ 0x3, /* Ext Flags: new corr desc, clt corr check, */ /* 276 */ NdrFcShort( 0x1 ), /* 1 */ /* 278 */ NdrFcShort( 0x0 ), /* 0 */ /* 280 */ NdrFcShort( 0x0 ), /* 0 */ /* Parameter pwszAuthority */ /* 282 */ NdrFcShort( 0xb ), /* Flags: must size, must free, in, */ /* 284 */ NdrFcShort( 0x4 ), /* x86 Stack size/offset = 4 */ /* 286 */ NdrFcShort( 0x2 ), /* Type Offset=2 */ /* Parameter PropId */ /* 288 */ NdrFcShort( 0x48 ), /* Flags: in, base type, */ /* 290 */ NdrFcShort( 0x8 ), /* x86 Stack size/offset = 8 */ /* 292 */ 0x8, /* FC_LONG */ 0x0, /* 0 */ /* Parameter PropIndex */ /* 294 */ NdrFcShort( 0x48 ), /* Flags: in, base type, */ /* 296 */ NdrFcShort( 0xc ), /* x86 Stack size/offset = 12 */ /* 298 */ 0x8, /* FC_LONG */ 0x0, /* 0 */ /* Parameter PropType */ /* 300 */ NdrFcShort( 0x48 ), /* Flags: in, base type, */ /* 302 */ NdrFcShort( 0x10 ), /* x86 Stack size/offset = 16 */ /* 304 */ 0x8, /* FC_LONG */ 0x0, /* 0 */ /* Parameter pctbPropertyValue */ /* 306 */ NdrFcShort( 0x2113 ), /* Flags: must size, must free, out, simple ref, srv alloc size=8 */ /* 308 */ NdrFcShort( 0x14 ), /* x86 Stack size/offset = 20 */ /* 310 */ NdrFcShort( 0x1e ), /* Type Offset=30 */ /* Return value */ /* 312 */ NdrFcShort( 0x70 ), /* Flags: out, return, base type, */ /* 314 */ NdrFcShort( 0x18 ), /* x86 Stack size/offset = 24 */ /* 316 */ 0x8, /* FC_LONG */ 0x0, /* 0 */ /* Procedure GetCAPropertyInfo */ /* 318 */ 0x33, /* FC_AUTO_HANDLE */ 0x6c, /* Old Flags: object, Oi2 */ /* 320 */ NdrFcLong( 0x0 ), /* 0 */ /* 324 */ NdrFcShort( 0x8 ), /* 8 */ /* 326 */ NdrFcShort( 0x14 ), /* x86 Stack size/offset = 20 */ /* 328 */ NdrFcShort( 0x0 ), /* 0 */ /* 330 */ NdrFcShort( 0x24 ), /* 36 */ /* 332 */ 0x47, /* Oi2 Flags: srv must size, clt must size, has return, has ext, */ 0x4, /* 4 */ /* 334 */ 0x8, /* 8 */ 0x3, /* Ext Flags: new corr desc, clt corr check, */ /* 336 */ NdrFcShort( 0x1 ), /* 1 */ /* 338 */ NdrFcShort( 0x0 ), /* 0 */ /* 340 */ NdrFcShort( 0x0 ), /* 0 */ /* Parameter pwszAuthority */ /* 342 */ NdrFcShort( 0xb ), /* Flags: must size, must free, in, */ /* 344 */ NdrFcShort( 0x4 ), /* x86 Stack size/offset = 4 */ /* 346 */ NdrFcShort( 0x2 ), /* Type Offset=2 */ /* Parameter pcProperty */ /* 348 */ NdrFcShort( 0x2150 ), /* Flags: out, base type, simple ref, srv alloc size=8 */ /* 350 */ NdrFcShort( 0x8 ), /* x86 Stack size/offset = 8 */ /* 352 */ 0x8, /* FC_LONG */ 0x0, /* 0 */ /* Parameter pctbPropInfo */ /* 354 */ NdrFcShort( 0x2113 ), /* Flags: must size, must free, out, simple ref, srv alloc size=8 */ /* 356 */ NdrFcShort( 0xc ), /* x86 Stack size/offset = 12 */ /* 358 */ NdrFcShort( 0x1e ), /* Type Offset=30 */ /* Return value */ /* 360 */ NdrFcShort( 0x70 ), /* Flags: out, return, base type, */ /* 362 */ NdrFcShort( 0x10 ), /* x86 Stack size/offset = 16 */ /* 364 */ 0x8, /* FC_LONG */ 0x0, /* 0 */ /* Procedure Ping2 */ /* 366 */ 0x33, /* FC_AUTO_HANDLE */ 0x6c, /* Old Flags: object, Oi2 */ /* 368 */ NdrFcLong( 0x0 ), /* 0 */ /* 372 */ NdrFcShort( 0x9 ), /* 9 */ /* 374 */ NdrFcShort( 0xc ), /* x86 Stack size/offset = 12 */ /* 376 */ NdrFcShort( 0x0 ), /* 0 */ /* 378 */ NdrFcShort( 0x8 ), /* 8 */ /* 380 */ 0x46, /* Oi2 Flags: clt must size, has return, has ext, */ 0x2, /* 2 */ /* 382 */ 0x8, /* 8 */ 0x1, /* Ext Flags: new corr desc, */ /* 384 */ NdrFcShort( 0x0 ), /* 0 */ /* 386 */ NdrFcShort( 0x0 ), /* 0 */ /* 388 */ NdrFcShort( 0x0 ), /* 0 */ /* Parameter pwszAuthority */ /* 390 */ NdrFcShort( 0xb ), /* Flags: must size, must free, in, */ /* 392 */ NdrFcShort( 0x4 ), /* x86 Stack size/offset = 4 */ /* 394 */ NdrFcShort( 0x2 ), /* Type Offset=2 */ /* Return value */ /* 396 */ NdrFcShort( 0x70 ), /* Flags: out, return, base type, */ /* 398 */ NdrFcShort( 0x8 ), /* x86 Stack size/offset = 8 */ /* 400 */ 0x8, /* FC_LONG */ 0x0, /* 0 */ 0x0 } }; static const MIDL_TYPE_FORMAT_STRING __MIDL_TypeFormatString = { 0, { NdrFcShort( 0x0 ), /* 0 */ /* 2 */ 0x12, 0x8, /* FC_UP [simple_pointer] */ /* 4 */ 0x25, /* FC_C_WSTRING */ 0x5c, /* FC_PAD */ /* 6 */ 0x11, 0x8, /* FC_RP [simple_pointer] */ /* 8 */ 0x8, /* FC_LONG */ 0x5c, /* FC_PAD */ /* 10 */ 0x11, 0xc, /* FC_RP [alloced_on_stack] [simple_pointer] */ /* 12 */ 0x8, /* FC_LONG */ 0x5c, /* FC_PAD */ /* 14 */ 0x11, 0x0, /* FC_RP */ /* 16 */ NdrFcShort( 0xe ), /* Offset= 14 (30) */ /* 18 */ 0x1b, /* FC_CARRAY */ 0x0, /* 0 */ /* 20 */ NdrFcShort( 0x1 ), /* 1 */ /* 22 */ 0x19, /* Corr desc: field pointer, FC_ULONG */ 0x0, /* */ /* 24 */ NdrFcShort( 0x0 ), /* 0 */ /* 26 */ NdrFcShort( 0x1 ), /* Corr flags: early, */ /* 28 */ 0x1, /* FC_BYTE */ 0x5b, /* FC_END */ /* 30 */ 0x16, /* FC_PSTRUCT */ 0x3, /* 3 */ /* 32 */ NdrFcShort( 0x8 ), /* 8 */ /* 34 */ 0x4b, /* FC_PP */ 0x5c, /* FC_PAD */ /* 36 */ 0x46, /* FC_NO_REPEAT */ 0x5c, /* FC_PAD */ /* 38 */ NdrFcShort( 0x4 ), /* 4 */ /* 40 */ NdrFcShort( 0x4 ), /* 4 */ /* 42 */ 0x12, 0x0, /* FC_UP */ /* 44 */ NdrFcShort( 0xffe6 ), /* Offset= -26 (18) */ /* 46 */ 0x5b, /* FC_END */ 0x8, /* FC_LONG */ /* 48 */ 0x8, /* FC_LONG */ 0x5b, /* FC_END */ /* 50 */ 0x11, 0x4, /* FC_RP [alloced_on_stack] */ /* 52 */ NdrFcShort( 0xffea ), /* Offset= -22 (30) */ 0x0 } }; /* Standard interface: __MIDL_itf_RedHatCSProxy_0000, ver. 0.0, GUID={0x00000000,0x0000,0x0000,{0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00}} */ /* Object interface: IUnknown, ver. 0.0, GUID={0x00000000,0x0000,0x0000,{0xC0,0x00,0x00,0x00,0x00,0x00,0x00,0x46}} */ /* Object interface: ICertRequestD, ver. 0.0, GUID={0xd99e6e70,0xfc88,0x11d0,{0xb4,0x98,0x00,0xa0,0xc9,0x03,0x12,0xf3}} */ #pragma code_seg(".orpc") static const unsigned short ICertRequestD_FormatStringOffsetTable[] = { 0, 84, 132 }; static const MIDL_STUBLESS_PROXY_INFO ICertRequestD_ProxyInfo = { &Object_StubDesc, __MIDL_ProcFormatString.Format, &ICertRequestD_FormatStringOffsetTable[-3], 0, 0, 0 }; static const MIDL_SERVER_INFO ICertRequestD_ServerInfo = { &Object_StubDesc, 0, __MIDL_ProcFormatString.Format, &ICertRequestD_FormatStringOffsetTable[-3], 0, 0, 0, 0}; CINTERFACE_PROXY_VTABLE(6) _ICertRequestDProxyVtbl = { &ICertRequestD_ProxyInfo, &IID_ICertRequestD, IUnknown_QueryInterface_Proxy, IUnknown_AddRef_Proxy, IUnknown_Release_Proxy , (void *) (INT_PTR) -1 /* ICertRequestD::Request */ , (void *) (INT_PTR) -1 /* ICertRequestD::GetCACert */ , (void *) (INT_PTR) -1 /* ICertRequestD::Ping */ }; const CInterfaceStubVtbl _ICertRequestDStubVtbl = { &IID_ICertRequestD, &ICertRequestD_ServerInfo, 6, 0, /* pure interpreted */ CStdStubBuffer_METHODS }; /* Object interface: ICertRequestD2, ver. 0.0, GUID={0x5422fd3a,0xd4b8,0x4cef,{0xa1,0x2e,0xe8,0x7d,0x4c,0xa2,0x2e,0x90}} */ #pragma code_seg(".orpc") static const unsigned short ICertRequestD2_FormatStringOffsetTable[] = { 0, 84, 132, 168, 258, 318, 366 }; static const MIDL_STUBLESS_PROXY_INFO ICertRequestD2_ProxyInfo = { &Object_StubDesc, __MIDL_ProcFormatString.Format, &ICertRequestD2_FormatStringOffsetTable[-3], 0, 0, 0 }; static const MIDL_SERVER_INFO ICertRequestD2_ServerInfo = { &Object_StubDesc, 0, __MIDL_ProcFormatString.Format, &ICertRequestD2_FormatStringOffsetTable[-3], 0, 0, 0, 0}; CINTERFACE_PROXY_VTABLE(10) _ICertRequestD2ProxyVtbl = { &ICertRequestD2_ProxyInfo, &IID_ICertRequestD2, IUnknown_QueryInterface_Proxy, IUnknown_AddRef_Proxy, IUnknown_Release_Proxy , (void *) (INT_PTR) -1 /* ICertRequestD::Request */ , (void *) (INT_PTR) -1 /* ICertRequestD::GetCACert */ , (void *) (INT_PTR) -1 /* ICertRequestD::Ping */ , (void *) (INT_PTR) -1 /* ICertRequestD2::Request2 */ , (void *) (INT_PTR) -1 /* ICertRequestD2::GetCAProperty */ , (void *) (INT_PTR) -1 /* ICertRequestD2::GetCAPropertyInfo */ , (void *) (INT_PTR) -1 /* ICertRequestD2::Ping2 */ }; const CInterfaceStubVtbl _ICertRequestD2StubVtbl = { &IID_ICertRequestD2, &ICertRequestD2_ServerInfo, 10, 0, /* pure interpreted */ CStdStubBuffer_METHODS }; static const MIDL_STUB_DESC Object_StubDesc = { 0, NdrOleAllocate, NdrOleFree, 0, 0, 0, 0, 0, __MIDL_TypeFormatString.Format, 1, /* -error bounds_check flag */ 0x50002, /* Ndr library version */ 0, 0x6000169, /* MIDL Version 6.0.361 */ 0, 0, 0, /* notify & notify_flag routine table */ 0x1, /* MIDL flag */ 0, /* cs routines */ 0, /* proxy/server info */ 0 /* Reserved5 */ }; const CInterfaceProxyVtbl * _RedHatCSProxy_ProxyVtblList[] = { ( CInterfaceProxyVtbl *) &_ICertRequestD2ProxyVtbl, ( CInterfaceProxyVtbl *) &_ICertRequestDProxyVtbl, 0 }; const CInterfaceStubVtbl * _RedHatCSProxy_StubVtblList[] = { ( CInterfaceStubVtbl *) &_ICertRequestD2StubVtbl, ( CInterfaceStubVtbl *) &_ICertRequestDStubVtbl, 0 }; PCInterfaceName const _RedHatCSProxy_InterfaceNamesList[] = { "ICertRequestD2", "ICertRequestD", 0 }; #define _RedHatCSProxy_CHECK_IID(n) IID_GENERIC_CHECK_IID( _RedHatCSProxy, pIID, n) int __stdcall _RedHatCSProxy_IID_Lookup( const IID * pIID, int * pIndex ) { IID_BS_LOOKUP_SETUP IID_BS_LOOKUP_INITIAL_TEST( _RedHatCSProxy, 2, 1 ) IID_BS_LOOKUP_RETURN_RESULT( _RedHatCSProxy, 2, *pIndex ) } const ExtendedProxyFileInfo RedHatCSProxy_ProxyFileInfo = { (PCInterfaceProxyVtblList *) & _RedHatCSProxy_ProxyVtblList, (PCInterfaceStubVtblList *) & _RedHatCSProxy_StubVtblList, (const PCInterfaceName * ) & _RedHatCSProxy_InterfaceNamesList, 0, // no delegation & _RedHatCSProxy_IID_Lookup, 2, 2, 0, /* table of [async_uuid] interfaces */ 0, /* Filler1 */ 0, /* Filler2 */ 0 /* Filler3 */ }; #if _MSC_VER >= 1200 #pragma warning(pop) #endif #endif /* !defined(_M_IA64) && !defined(_M_AMD64)*/ --- NEW FILE RedHatCertSvrProxy.rc --- // Microsoft Visual C++ generated resource script. // #include "resource1.h" #define APSTUDIO_READONLY_SYMBOLS ///////////////////////////////////////////////////////////////////////////// // // Generated from the TEXTINCLUDE 2 resource. // #include "afxres.h" ///////////////////////////////////////////////////////////////////////////// #undef APSTUDIO_READONLY_SYMBOLS ///////////////////////////////////////////////////////////////////////////// // English (U.S.) resources #if !defined(AFX_RESOURCE_DLL) || defined(AFX_TARG_ENU) #ifdef _WIN32 LANGUAGE LANG_ENGLISH, SUBLANG_ENGLISH_US #pragma code_page(1252) #endif //_WIN32 #ifdef APSTUDIO_INVOKED ///////////////////////////////////////////////////////////////////////////// // // TEXTINCLUDE // 1 TEXTINCLUDE BEGIN "resource1.h\0" END 2 TEXTINCLUDE BEGIN "#include ""afxres.h""\r\n" "\0" END 3 TEXTINCLUDE BEGIN "\0" END 1 TEXTINCLUDE BEGIN "resource1.h\0" END 2 TEXTINCLUDE BEGIN "#include ""afxres.h""\r\n" "\0" END 3 TEXTINCLUDE BEGIN "\r\n" "\0" END #endif // APSTUDIO_INVOKED #endif // English (U.S.) resources ///////////////////////////////////////////////////////////////////////////// --- NEW FILE b64.c --- /* * Copyright (C), 2000-2006 by the monit project group. * All Rights Reserved. * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License as * published by the Free Software Foundation; either version 2 of the * License, or (at your option) any later version. * * This program is distributed in the hope that it will be useful, but * WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software Foundation, * Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ #include #include #include #include #include "b64.h" /* Private prototypes */ static int is_base64(char c); static char encode(unsigned char u); static unsigned char decode(char c); /** * Implementation of base64 encoding/decoding. * * @author Jan-Henrik Haukeland, * */ /* ------------------------------------------------------------------ Public */ /** * Base64 encode and return size data in 'src'. The caller must free the * returned string. * @param size The size of the data in src * @param src The data to be base64 encode * @return encoded string otherwise NULL */ char *encode_base64(int size, unsigned char *src) { int i; char *out, *p; if(!src) return NULL; if(!size) size= (int)strlen((char *)src); out= calloc(sizeof(char), size*4/3+4); p= out; for(i=0; i>2; b5= ((b1&0x3)<<4)|(b2>>4); b6= ((b2&0xf)<<2)|(b3>>6); b7= b3&0x3f; *p++= encode(b4); *p++= encode(b5); if(i+1not NUL terminated. * @param dest Pointer to memory for holding the decoded string. * Must be large enough to recieve the decoded string. * @param src A base64 encoded string. * @return TRUE (the length of the decoded string) if decode * succeeded otherwise FALSE. */ int decode_base64(unsigned char *dest, const char *src) { if(src && *src) { unsigned char *p= dest; int k, l= (int)strlen(src)+1; unsigned char *buf= calloc(sizeof(unsigned char), l); /* Ignore non base64 chars as per the POSIX standard */ for(k=0, l=0; src[k]; k++) { if(is_base64(src[k])) { buf[l++]= src[k]; } } for(k=0; k>4) ); if(c3 != '=') { *p++=(((b2&0xf)<<4)|(b3>>2) ); } if(c4 != '=') { *p++=(((b3&0x3)<<6)|b4 ); } } free(buf); return (int) (p-dest); } return 0; } /* ----------------------------------------------------------------- Private */ /** * Base64 encode one byte */ static char encode(unsigned char u) { if(u < 26) return 'A'+u; if(u < 52) return 'a'+(u-26); if(u < 62) return '0'+(u-52); if(u == 62) return '+'; return '/'; } /** * Decode a base64 character */ static unsigned char decode(char c) { if(c >= 'A' && c <= 'Z') return(c - 'A'); if(c >= 'a' && c <= 'z') return(c - 'a' + 26); if(c >= '0' && c <= '9') return(c - '0' + 52); if(c == '+') return 62; return 63; } /** * Return TRUE if 'c' is a valid base64 character, otherwise FALSE */ static int is_base64(char c) { if((c >= 'A' && c <= 'Z') || (c >= 'a' && c <= 'z') || (c >= '0' && c <= '9') || (c == '+') || (c == '/') || (c == '=')) { return TRUE; } return FALSE; } --- NEW FILE b64.h --- /* * Copyright (C), 2000-2006 by the monit project group. * All Rights Reserved. * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License as * published by the Free Software Foundation; either version 2 of the * License, or (at your option) any later version. * * This program is distributed in the hope that it will be useful, but * WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software Foundation, * Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ #ifndef BASE64_H #define BASE64_H int decode_base64(unsigned char *dest, const char *src); char *encode_base64(int size, unsigned char *src); #endif --- NEW FILE cert.ico --- --- NEW FILE csproxy.h --- #ifndef CSPROXY_H #define CSPROXY_H #include #include #include #include "RedHatCSProxy_h.h" using std::map; using std::string; using std::vector; #define AEPERR 0x8CA50000 class requestinfo { public: char *PKCS10Request; string *windowsCertTemplateName; map attrs; // attributes parsed from the request map httpvars; // the name/value pairs we're going to send to the CA DWORD disposition; requestinfo() : PKCS10Request(NULL), windowsCertTemplateName(NULL), disposition(0) {}; ~requestinfo() { if (windowsCertTemplateName != NULL) { delete windowsCertTemplateName; } } void parseRequest(const CERTTRANSBLOB *); void parseAttributes(const wchar_t *pwszAttributes); void determineCertificateTemplate(); void populateRequestForTemplate(string &); }; class cainfo { public: char *host; DWORD port; DWORD catype; FILETIME last_success; // The time that we last communicated with the CA FILETIME last_failure; // The time that we last failed to communicate with the CA // XXX fixme bool canService(string *templatename) { return true; } // retry_not_before }; //typedef map atrmap; class profile { public: string rhcsprofilename; }; #define BUFSIZE 8192 class configvars { public: vector all_cas; map profilemap; BYTE certhash[BUFSIZE]; DWORD certhash_size; BYTE cacert[BUFSIZE]; DWORD cacert_size; DWORD icertrequestd2; DWORD retryinterval; }; // this 'context' class is to tie together information about a single // certificate request, as it gets passed to a CA. class context { public: context(configvars *vars) : securitystatus(0), status(0), fatalerror(0), config(vars) {}; configvars* config; requestinfo *request; vector cas; cainfo* selectedca; // a 'stack' of errors caused during enrollment to the selected CA vector errors; int fatalerror; DWORD status; DWORD securitystatus; vector makeCandidateCAList(); vector findRespondingCAs(vector candidates); /* * context - input - dumping ground * certrequest - input - certificate request to submit to CA * cert - output - the certificate (base-64 ascii) is written here * certchain - output - the certificate chain (base-64 ascii) is written here * requestinfo - input - * vars - input - configuration parameters */ LONG submitRequestToCA( string &cert, string &certchain); LONG extractCertFromResponse(string &respX, string &cert_out, string &p7_out); }; /* The 'registry' class encapsulates reading/writing of the config variables from the registry */ class registry { private: configvars *v; // This events gets triggered when the registry changes HANDLE event; HKEY config; public: registry(); bool changed(); void update(); void setupnotification(); configvars* getvars(); }; #define CATYPE_UNKNOWN 0 #define CATYPE_NETSCAPE_61 1 #define CATYPE_REDHAT_71 2 #define CATYPE_REDHAT_72 3 #define CATYPE_REDHAT_73 4 // debug message type (masked with LogLevel registry setting #define LOG_REQ 0x0001 #define LOG_CERT 0x0002 #define LOG_GENERAL 0x0004 #define LOG_D_COM 0x0010 #define LOG_D_CONFIG 0x0020 #define LOG_D_CA 0x0040 #define LOG_D_FUNC 0x0080 #define LOG_D_DETAIL 0x0100 extern void getlogconfig(); extern void debug(const char* pFormat,...); extern void debugt(unsigned int type, const char* pFormat,...); extern "C" HRESULT getConfig(HKEY, configvars *vars); extern "C" LONG getguid(LPCWSTR dchostname, GUID *guid); extern "C" void decodeToBlob( const char *src, CERTTRANSBLOB *blob); extern void exemain(int argc, char **argv); extern int svcmain(int argc, char **argv); extern bool service_running(); #endif --- NEW FILE dlldata.c --- /********************************************************* DllData file -- generated by MIDL compiler DO NOT ALTER THIS FILE This file is regenerated by MIDL on every IDL file compile. To completely reconstruct this file, delete it and rerun MIDL on all the IDL files in this DLL, specifying this file for the /dlldata command line option *********************************************************/ #include #ifdef __cplusplus extern "C" { #endif EXTERN_PROXY_FILE( RedHatCSProxy ) PROXYFILE_LIST_START /* Start of list */ REFERENCE_PROXY_FILE( RedHatCSProxy ), /* End of list */ PROXYFILE_LIST_END DLLDATA_ROUTINES( aProxyFileList, GET_DLL_CLSID ) #ifdef __cplusplus } /*extern "C" */ #endif /* end of generated dlldata file */ --- NEW FILE messages.RES --- --- NEW FILE messages.aps --- --- NEW FILE messages.h --- // // Values are 32 bit values layed out as follows: // // 3 3 2 2 2 2 2 2 2 2 2 2 1 1 1 1 1 1 1 1 1 1 // 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 // +---+-+-+-----------------------+-------------------------------+ // |Sev|C|R| Facility | Code | // +---+-+-+-----------------------+-------------------------------+ // // where // // Sev - is the severity code // // 00 - Success // 01 - Informational // 10 - Warning // 11 - Error // // C - is the Customer code flag // // R - is a reserved bit // // Facility - is the facility code // // Code - is the facility's status code // // // Define the facility codes // // // Define the severity codes // // // MessageId: MSG_RHCSPROXY_DEBUG // // MessageText: // // %1. // #define MSG_RHCSPROXY_DEBUG ((DWORD)0x40000064L) --- NEW FILE messages.mc --- MessageIdTypedef=DWORD MessageId=100 Severity=Informational Facility=Application SymbolicName=MSG_RHCSPROXY_DEBUG Language=English %1. . --- NEW FILE messages.rc --- LANGUAGE 0x9,0x1 1 11 MSG00001.bin --- NEW FILE p32.ico --- Tk??(????????3????&????????w???$4?????????????????????????????????????????????pwwB????2????????3???? #{???????????'7?????????????????????????????????????????????\ZRO????N????????1??%$??????????*;?????????????????p?????s?w_??????????????????djeO????k????????-?? ?????????????????????????????????????????????nvv5??:????????)))|?????????????????222/22&' ***[[[?????????????????????????????????????????????????????????::: --- NEW FILE proxy.vcproj --- --- NEW FILE registry.cpp --- #define _WIN32_DCOM #include #include #include #include "csproxy.h" #include #include #include #include #include registry::registry() { v = NULL; config = NULL; // Create an event to be used to notify when the registry changes event = CreateEvent(NULL, TRUE, FALSE, NULL); HRESULT r; r = RegOpenKeyEx( HKEY_LOCAL_MACHINE, TEXT("SOFTWARE\\Red Hat\\RHCSProxy\\Config"), 0, KEY_READ| KEY_NOTIFY, &config ); if (! FAILED(r)) { update(); } } bool registry::changed() { if (WaitForSingleObject(event, 0) == WAIT_OBJECT_0) return true; else return false; } void registry::update() { if (v != NULL) { delete v; } v = new configvars(); getConfig(config,v); setupnotification(); } void registry::setupnotification() { // Set up registry change notification. RegNotifyChangeKeyValue(config, TRUE, REG_NOTIFY_CHANGE_NAME | REG_NOTIFY_CHANGE_LAST_SET, event, TRUE); } configvars * registry::getvars() { if (changed()) { debug("Registry changed. Re-reading configuration"); update(); getlogconfig(); } return v; } HRESULT getRegistryString(HKEY key, char*name, char**value) { HRESULT r; DWORD size=0; /* first time calling - size is zero, so windows will fill in * the right size, then we allocate the buffer and call again */ r = RegQueryValueEx(key, name, NULL,NULL, (LPBYTE)value, &size ); if (FAILED(r)) return r; *value = (char*)malloc(size); r = RegQueryValueEx(key, name, NULL,NULL, (LPBYTE)*value, &size ); return r; } HRESULT getRegistryDWORD(HKEY key, char *name,DWORD *value) { HRESULT r; char *value_string; r = getRegistryString(key,name,&value_string); if (FAILED(r)) return r; *value = atoi(value_string); free(value_string); return ERROR_SUCCESS; } void freeConfig(configvars **vars) { delete *vars; *vars = NULL; } /* getConfig() will read configuration information from the registry. * You will not usually write data into the registry by hand. Use the * UI to set up the registry as appropriate. * * The registry info is rooted at: HKEY\Local Machine\SOFTWARE\Red Hat\RHCSProxy\Config */ // returns 0 on success HRESULT getConfig(HKEY config, configvars *v) { HRESULT r; debugt(LOG_D_FUNC,"getConfig"); DWORD buffer_size = BUFSIZE; v->certhash_size = buffer_size; v->cacert_size = buffer_size; char *hostname=NULL; INTERNET_PORT portnum = INTERNET_DEFAULT_HTTPS_PORT; DWORD catype = CATYPE_UNKNOWN; CHAR achKey[MAX_PATH]; DWORD achKeySize = MAX_PATH; CHAR achClass[MAX_PATH] = ""; // buffer for class name DWORD cchClassName = MAX_PATH; // size of class string DWORD cSubKeys; // number of subkeys DWORD cbMaxSubKey; // longest subkey size DWORD cchMaxClass; // longest class string DWORD cValues; // number of values for key DWORD cchMaxValue; // longest value name DWORD cbMaxValueData; // longest value data DWORD cbSecurityDescriptor; // size of security descriptor FILETIME ftLastWriteTime; // last write time DWORD i; DWORD retCode; #define MAX_VALUE_NAME 1024 DWORD cchValue = MAX_VALUE_NAME; // get the subkey for 'CertificateAuthorities' HKEY certificateauthorities; r = RegOpenKeyEx(config, TEXT("CertificateAuthorities"), 0,KEY_READ, &certificateauthorities ); if (FAILED(r)) return -2; /* This function queries for the number of subkeys in the * "certificate authorities" key. */ RegQueryInfoKey(certificateauthorities, // key handle achClass, // buffer for class name &cchClassName, // size of class string NULL, // reserved &cSubKeys, // number of subkeys &cbMaxSubKey, // longest subkey size &cchMaxClass, // longest class string &cValues, // number of values for this key &cchMaxValue, // longest value name &cbMaxValueData, // longest value data &cbSecurityDescriptor, // security descriptor &ftLastWriteTime); // last write time /* Loop through each of the certificate authorities in the * registry. Each time through the loop, achKey will be set to * "1", "2", etc.... */ for (i = 0, retCode = ERROR_SUCCESS; retCode == ERROR_SUCCESS; i++) { achKeySize = MAX_PATH; retCode = RegEnumKeyEx(certificateauthorities, i, achKey, &achKeySize, NULL, NULL, NULL, &ftLastWriteTime); if (retCode == (DWORD)ERROR_SUCCESS) { HKEY cainfokey; r = RegOpenKeyEx(certificateauthorities, achKey, 0, KEY_READ, &cainfokey ); if (FAILED(r)) return -3; cainfo *ca = new cainfo(); r = getRegistryString(cainfokey, "hostname", &ca->host); if (FAILED(r)) return -4; debugt(LOG_D_CONFIG,"reading ca hostname: %s",ca->host); r = getRegistryDWORD(cainfokey, "port", &ca->port); if (FAILED(r)) return -4; debugt(LOG_D_CONFIG,"reading ca port: %d",ca->port); r = getRegistryDWORD(cainfokey, "catype", &ca->catype); if (FAILED(r)) return -4; debugt(LOG_D_CONFIG,"reading ca type: %d",ca->catype); FILETIME long_ago = { 0, 0}; ca->last_failure = long_ago; GetSystemTimeAsFileTime(&ca->last_success); v->all_cas.push_back(ca); RegCloseKey(cainfokey); break; // just take the first one for now } } RegCloseKey(certificateauthorities); // Get the Profile Mappings // get the subkey for 'ProfileMap' cchValue = MAX_VALUE_NAME; HKEY profilemap; r = RegOpenKeyEx(config, TEXT("ProfileMap"), 0,KEY_READ, &profilemap ); if (FAILED(r)) return -2; /* This function queries for the number of subkeys in the * "certificate authorities" key. */ RegQueryInfoKey(profilemap, // key handle achClass, // buffer for class name &cchClassName, // size of class string NULL, // reserved &cSubKeys, // number of subkeys &cbMaxSubKey, // longest subkey size &cchMaxClass, // longest class string &cValues, // number of values for this key &cchMaxValue, // longest value name &cbMaxValueData, // longest value data &cbSecurityDescriptor, // security descriptor &ftLastWriteTime); // last write time /* Loop through each of the certificate authorities in the * registry. Each time through the loop, achKey will be set to * "1", "2", etc.... */ for (i = 0, retCode = ERROR_SUCCESS; retCode == ERROR_SUCCESS; i++) { achKeySize = MAX_PATH; retCode = RegEnumKeyEx(profilemap, i, achKey, &achKeySize, NULL, NULL, NULL, &ftLastWriteTime); if (retCode == (DWORD)ERROR_SUCCESS) { HKEY mykey; r = RegOpenKeyEx(profilemap, achKey, 0, KEY_READ, &mykey ); if (FAILED(r)) return -3; char *p; r = getRegistryString(mykey, "CAProfileName", &p); if (FAILED(r)) return -4; debugt(LOG_D_CONFIG,"reading profile name: %s",p); profile pr; pr.rhcsprofilename = p; v->profilemap[string(achKey)] = pr; free(p); RegCloseKey(mykey); } } RegCloseKey(profilemap); // End of profile Mappings // HASH OF AUTH CERTIFICATE r = RegQueryValueEx( config, "AuthenticationCertificate", NULL, NULL, (LPBYTE)v->certhash, &v->certhash_size ); debugt(LOG_D_CONFIG,"reg query result (for AuthenticationCertificate) = %d",r); if (v->certhash_size >= 4) { debugt(LOG_D_CONFIG, "Using Authentication Certificate (hash=0x%02x%02x%02x%02x...)", v->certhash[0], v->certhash[1], v->certhash[2], v->certhash[3]); } else { debugt(LOG_GENERAL,"Error: Authentication Certificate in Registry is too short"); } if (FAILED(r)) return -6; // CA CERTIFICATE r = RegQueryValueEx( config, "CACertificate", NULL, NULL, (LPBYTE)v->cacert, &v->cacert_size ); if (FAILED(r)) { return -7; } debugt(LOG_D_CONFIG,"cacert: 0:%x 1:%x 2:%x, length=%d", v->cacert[0], v->cacert[1], v->cacert[2], v->cacert_size); // Whether or not to do ICertRequestD2 (this code is incomplete) v->icertrequestd2 = 0; size_t p_size = sizeof(DWORD); // Whether to register the ICertRequestD2 interface with DCOM. r = getRegistryDWORD(config, "ICertRequestD2", (LPDWORD)&v->icertrequestd2); // Interval until we retry a CA which had failed r = getRegistryDWORD(config, "RetryInterval", (LPDWORD)&v->retryinterval); return 0; } --- NEW FILE resource.h --- //{{NO_DEPENDENCIES}} // Microsoft Visual C++ generated include file. // Used by testserver.rc // // Next default values for new objects // #ifdef APSTUDIO_INVOKED #ifndef APSTUDIO_READONLY_SYMBOLS #define _APS_NEXT_RESOURCE_VALUE 102 #define _APS_NEXT_COMMAND_VALUE 40002 #define _APS_NEXT_CONTROL_VALUE 1001 #define _APS_NEXT_SYMED_VALUE 101 #endif #endif --- NEW FILE service.cpp --- /** BEGIN COPYRIGHT BLOCK * END COPYRIGHT BLOCK */ #include #include "csproxy.h" #define UNICODE SERVICE_STATUS serviceStatus1; SERVICE_STATUS_HANDLE serviceStatus1Handle; HANDLE killevent; bool running; bool service_running() { return running; } void WINAPI serviceCtrlHandler(DWORD FwdControl) { debug("ServiceCtrlHandler begin %d",FwdControl); switch (FwdControl) { case SERVICE_CONTROL_PAUSE: debug("ServiceCtrlHandler recvd pause"); serviceStatus1.dwCurrentState = SERVICE_PAUSED; break; case SERVICE_CONTROL_CONTINUE: debug("ServiceCtrlHandler recvd continue"); break; case SERVICE_CONTROL_STOP: debug("ServiceCtrlHandler recvd stop"); serviceStatus1.dwWin32ExitCode = 0; serviceStatus1.dwCurrentState = SERVICE_STOPPED; serviceStatus1.dwCheckPoint = 0; serviceStatus1.dwWaitHint = 0; running = false; if (!SetServiceStatus(serviceStatus1Handle,&serviceStatus1)) { debug("ServiceCtrlHandler stop: error setting status"); } break; case SERVICE_CONTROL_INTERROGATE: debug("ServiceCtrlHandler recvd interrogate"); if (!SetServiceStatus(serviceStatus1Handle,&serviceStatus1)) { debug("ServiceCtrlHandler interrogate: error setting status"); } break; default: debug("ServiceCtrlHandler recvd %d",FwdControl); } debug("ServiceCtrlHandler returning %d",FwdControl); } DWORD WINAPI serviceInit(DWORD argc, LPTSTR *argv, DWORD *errorcode) { debug("serviceInit"); exemain(0,NULL); *errorcode = 0; debug("serviceInit returning"); return 0; } void WINAPI ServiceMain1(DWORD argc, LPTSTR *argv) { debug("ServiceMain1: argc = %d",argc); DWORD status; DWORD errorcode; // 1. - register service to get handle serviceStatus1Handle = RegisterServiceCtrlHandler( (LPCSTR)L"Red Hat Certificate Server Proxy", serviceCtrlHandler ); if (serviceStatus1Handle == (SERVICE_STATUS_HANDLE)0) { OutputDebugString((LPCSTR)L"ServiceMain1 - failed to register ctrl handler\n"); debug("ServiceMain1: failed to register ctrl handler"); } killevent = CreateEvent(0, TRUE, FALSE, 0); // 2. set status to 'pending' serviceStatus1.dwServiceType = SERVICE_WIN32; serviceStatus1.dwCurrentState = SERVICE_START_PENDING; serviceStatus1.dwControlsAccepted = SERVICE_ACCEPT_STOP; serviceStatus1.dwWin32ExitCode = 0; serviceStatus1.dwServiceSpecificExitCode = 0; serviceStatus1.dwCheckPoint = 0; serviceStatus1.dwWaitHint = 0; debug("ServiceMain1: setservicestatus=startpending"); SetServiceStatus(serviceStatus1Handle, &serviceStatus1); // 4. if error, set status to stopped, exit /* if (status != NO_ERROR) { serviceStatus1.dwCurrentState = SERVICE_STOPPED; serviceStatus1.dwCheckPoint = 0; serviceStatus1.dwWaitHint = 0; serviceStatus1.dwWin32ExitCode = status; serviceStatus1.dwServiceSpecificExitCode = errorcode; SetServiceStatus(serviceStatus1Handle, &serviceStatus1); return; } */ serviceStatus1.dwCurrentState = SERVICE_RUNNING; serviceStatus1.dwCheckPoint = 0; serviceStatus1.dwWaitHint = 0; serviceStatus1.dwWin32ExitCode = 0; serviceStatus1.dwServiceSpecificExitCode = 0; debug("ServiceMain1: setservicestatus=running"); SetServiceStatus(serviceStatus1Handle, &serviceStatus1); // 3. call initialization debug("ServiceMain1: calling serviceInit"); running = true; status = serviceInit(argc,argv, &errorcode); debug("ServiceMain1 - returning"); return; } int svcmain(int argc, char **argv) { DWORD pid = GetCurrentProcessId(); SERVICE_TABLE_ENTRY servicedispatchtable[] = { { (LPSTR)L"redhatcertsvrservice1", ServiceMain1 }, { NULL, NULL } }; debug("svcmain: calling StartServiceCtrlDispatcher"); if (!StartServiceCtrlDispatcher(servicedispatchtable)) { debug("could not start service dispatcher"); } debug("svcmain: back in svcmain"); //debug("svcmain: sleeping forever"); //while(1) { Sleep(1000); } debug("svcmain: reutrning"); return 0; } --- NEW FILE stdafx.cpp --- // stdafx.cpp : source file that includes just the standard includes // testserver.pch will be the pre-compiled header // stdafx.obj will contain the pre-compiled type information #include "stdafx.h" // TODO: reference any additional headers you need in STDAFX.H // and not in this file --- NEW FILE stdafx.h --- // stdafx.h : include file for standard system include files, // or project specific include files that are used frequently, but // are changed infrequently // #pragma once #define WIN32_LEAN_AND_MEAN // Exclude rarely-used stuff from Windows headers // Windows Header Files: #include // TODO: reference additional headers your program requires here --- NEW FILE util.cpp --- /* printcertnames() will print out, to the console, a list of all certificate names which are available in the MY certificate store, so you can figure out which to use for client-auth. This isn't useful any more, since: 1) There is a UI to do this 2) The selection is based on a hash of the certificate, not its name */ #if 0 void printcertnames() { USES_CONVERSION; HCERTSTORE hMyStore = CertOpenSystemStore( 0, TEXT("MY") ); if (hMyStore) { PCCERT_CONTEXT pCertContext, previous=NULL,test=NULL; CERT_ENHKEY_USAGE enky; enky.cUsageIdentifier = 1; char *x = szOID_PKIX_KP_CLIENT_AUTH; enky.rgpszUsageIdentifier = &x; printf("A list of valid certificates in the MY store follows:\n"); do { pCertContext = CertFindCertificateInStore( hMyStore, X509_ASN_ENCODING, 0, //CERT_FIND_ANY, CERT_FIND_ENHKEY_USAGE, &enky, previous ); if (pCertContext != NULL) { DWORD dwpara = CERT_X500_NAME_STR; char name[MAX_PATH]; DWORD name_size=MAX_PATH; CertGetNameString( pCertContext, CERT_NAME_RDN_TYPE, 0, &dwpara, (LPSTR)&name, name_size ); printf("%s\n",name); BYTE buf[1024]; CERT_BLOB *cn = (CERT_BLOB *)&buf; DWORD bufsize=1024; CertStrToName( X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, name, CERT_OID_NAME_STR, NULL, buf, &bufsize, NULL); test = CertFindCertificateInStore( hMyStore, X509_ASN_ENCODING |PKCS_7_ASN_ENCODING, 0, //CERT_FIND_ANY, CERT_FIND_SUBJECT_NAME, cn, NULL); //printf("tried to find cert by subject = %lx\n",(void*)test); } previous = pCertContext; } while (pCertContext != NULL); } } #endif Index: proxy.cpp =================================================================== RCS file: /cvs/dirsec/windowsautoenroll/proxy/proxy.cpp,v retrieving revision 1.1.1.1 retrieving revision 1.2 diff -u -r1.1.1.1 -r1.2 --- proxy.cpp 29 Jul 2006 00:42:44 -0000 1.1.1.1 +++ proxy.cpp 13 Mar 2007 01:36:10 -0000 1.2 @@ -1,520 +1,1304 @@ -/** BEGIN COPYRIGHT BLOCK - * This Program is free software; you can redistribute it and/or modify it under - * the terms of the GNU General Public License as published by the Free Software - * Foundation; version 2 of the License. - * - * This Program is distributed in the hope that it will be useful, but WITHOUT - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS - * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License along with - * this Program; if not, write to the Free Software Foundation, Inc., 59 Temple - * Place, Suite 330, Boston, MA 02111-1307 USA. - * - * In addition, as a special exception, Red Hat, Inc. gives You the additional - * right to link the code of this Program with code not covered under the GNU - * General Public License ("Non-GPL Code") and to distribute linked combinations - * including the two, subject to the limitations in this paragraph. Non-GPL Code - * permitted under this exception must only link to the code of this Program - * through those well defined interfaces identified in the file named EXCEPTION - * found in the source code files (the "Approved Interfaces"). The files of - * Non-GPL Code may instantiate templates or use macros or inline functions from - * the Approved Interfaces without causing the resulting work to be covered by - * the GNU General Public License. Only Red Hat, Inc. may make changes or - * additions to the list of Approved Interfaces. You must obey the GNU General - * Public License in all respects for all of the Program code and other code used - * in conjunction with the Program except the Non-GPL Code covered by this - * exception. If you modify this file, you may extend this exception to your - * version of the file, but you are not obligated to do so. If you do not wish to - * provide this exception without modification, you must delete this exception - * statement from your version and license this file solely under the GPL without - * exception. - * - * - * Copyright (C) 2006 Red Hat, Inc. - * All rights reserved. - * END COPYRIGHT BLOCK */ - - -#define _WIN32_DCOM -#define _WIN32_WINNT 0x500 - -#include -#include -#include -#include -#include -#include -#include -#include "messages.h" - - -#include "stdafx.h" - -//******************************************************************* -//* Required macros -//******************************************************************* -#define UNICODE // UNICODE - -//******************************************************************* -//* Includes -//******************************************************************* - -#include - -#include -#include "RedHatCSProxy_h.h" // Get CLSID and IID definitions - - -extern LONG submitRequestToCA(char *certrequest, char **cert); - -/* XXX - we are not currently shipping the code required to - implement these functions, so the linker will fail. - */ -extern "C" { - extern size_t b64_decode(char const *src, size_t srcLen, void *dest, size_t destSize); - extern size_t b64_encode(void const *src, size_t srcSize, char *dest, size_t destLen); -}; - - - - - -FILE *fp=NULL; - -void debug(LPCTSTR pFormat,...) -{ - - TCHAR chmsg[1024]; - HANDLE es; - LPTSTR lpszStrings[1]; - va_list pa; - va_start(pa,pFormat); - vsprintf(chmsg, pFormat, pa); - va_end(pa); - - lpszStrings[0] = chmsg; - - es = RegisterEventSource(NULL, "RHCSProxy"); - if (es != NULL) { - ReportEvent(es, EVENTLOG_INFORMATION_TYPE, - CAT_1,MSG_RHCSPROXY_DEBUG, NULL, 1, 0, - (LPCTSTR*) &lpszStrings[0], - NULL); - - DeregisterEventSource(es); - } - puts(chmsg); - if(fp == NULL) { - fp = fopen("C:\\serverlogs\\serverlog.txt","a+"); - } - if (fp != NULL) { - fprintf(fp,"%s\n",chmsg); - fflush(fp); - } -} - - -//******************************************************************* -//* CoHello component object implementation. -//******************************************************************* - - -class CCertRequestD : public ICertRequestD { -public: - // constructors/destructors - CCertRequestD() : m_lRefCount(0) - { - } - - ~CCertRequestD() - { - } - -public: - // IUnknown Methods - STDMETHODIMP QueryInterface(REFIID riid, void **ppv) - { - if (riid==IID_IUnknown||riid==IID_ICertRequestD) { - *ppv= (ICertRequestD *)(this); - } else { - *ppv=NULL; return E_NOINTERFACE ; - } - - AddRef(); - return S_OK; - } - - STDMETHODIMP_(ULONG) AddRef(void) - { - return ++m_lRefCount; - } - - STDMETHODIMP_(ULONG) Release(void) - { - long lCount = m_lRefCount-1; - if (lCount == 0) { - delete this; - } - return lCount; - } - /* - // IDispatch methods - STDMETHODIMP GetTypeInfoCount(UINT FAR* pctinfo) - { - if (pctinfo == NULL) { - return E_INVALIDARG; - } - *pctinfo = 1; - return NOERROR; - } - - STDMETHODIMP GetTypeInfo( - UINT iTInfo, - LCID lcid, - ITypeInfo FAR* FAR* ppTInfo) - { - if (ppTInfo == NULL) - return E_INVALIDARG; - *ppTInfo = NULL; - - if(iTInfo != 0) - return DISP_E_BADINDEX; - - m_ptinfo->AddRef(); // AddRef and return pointer to cached - // typeinfo for this object. - *ppTInfo = m_ptinfo; - - return NOERROR; - } - - - STDMETHODIMP GetIDsOfNames( - REFIID riid, - OLECHAR FAR* FAR* rgszNames, - UINT cNames, - LCID lcid, - DISPID FAR* rgDispId) - { - return DispGetIDsOfNames(m_ptinfo, rgszNames, cNames, rgDispId); - } - - STDMETHODIMP Invoke( - DISPID dispidMember, - REFIID riid, - LCID lcid, - WORD wFlags, - DISPPARAMS FAR* pdispparams, - VARIANT FAR* pvarResult, - EXCEPINFO FAR* pexcepinfo, - UINT FAR* puArgErr) - { - return DispInvoke( - this, m_ptinfo, - dispidMember, wFlags, pdispparams, - pvarResult, pexcepinfo, puArgErr); - } - */ - - - STDMETHODIMP Request( - /* [in] */ DWORD dwFlags, - /* [in][string][unique] */ const wchar_t *pwszAuthority, - /* [in][out][ref] */ DWORD *pdwRequestId, - /* [out] */ DWORD *pdwDisposition, - /* [in][string][unique] */ const wchar_t *pwszAttributes, - /* [in][ref] */ const CERTTRANSBLOB *pctbRequest, - /* [out][ref] */ CERTTRANSBLOB *pctbCertChain, - /* [out][ref] */ CERTTRANSBLOB *pctbEncodedCert, - /* [out][ref] */ CERTTRANSBLOB *pctbDispositionMessage) - { - debug("Request"); - debug("---- Request(flags=%hx, authority=%ws, requestid=%hd, attributes=%ws," - " request[0..6]=%02x:%02x:%02x:%02x:%02x:%02x:%02x", - dwFlags, pwszAuthority, pdwRequestId, pwszAttributes, - pctbRequest->pb[0], - pctbRequest->pb[1], - pctbRequest->pb[2], - pctbRequest->pb[3], - pctbRequest->pb[4], - pctbRequest->pb[5], - pctbRequest->pb[6] - ); - IServerSecurity *iss = NULL; - HRESULT r; - //r = CoGetCallContext(IID_IServerSecurity, (void**)&iss); - - DWORD authsvc; - DWORD authzsvc; - OLECHAR *svrprincname; - DWORD authlevel; - DWORD implevel= -1; - - RPC_AUTHZ_HANDLE privs; - SEC_WINNT_AUTH_IDENTITY *privs_identity = (SEC_WINNT_AUTH_IDENTITY*)&privs; - DWORD caps = EOAC_MAKE_FULLSIC; - - debug("About to call CoQueryClientBlanket"); - r = CoQueryClientBlanket(&authsvc, &authzsvc, &svrprincname, - &authlevel, NULL, &privs, &caps); - debug("CoQueryClientBlanket returned %d",r); - - debug("privs converted"); - /* - char username[200]; - debug("User length: %lx",privs_identity->UserLength); - - for (unsigned int i=0; i< privs_identity->UserLength; i++) { - //for (unsigned int i=0; i< 40; i++) { - username[i] = (char) privs_identity->User[i]; - // sprintf(username+i*3,"%02x:",((char*)privs_identity)[i]); - } - */ - wchar_t* username = (wchar_t*)privs; - - - - DWORD secinfoflags = privs_identity->Flags; - debug("Request: secinfoflags gotten"); - debug("Request: Client Blanket: (authsvc=%hx(%s), authzsvc=%hx(%s), ", - authsvc, authsvc==RPC_C_AUTHN_WINNT? "WINNT SSP":"?" , - authzsvc, authzsvc==RPC_C_AUTHZ_NONE? "AUTHZ_NONE":"?"); - debug("Request: svrprincname=%ws, ", svrprincname); - - debug("Request: authlevel=%hd(%s)",authlevel, authlevel==RPC_C_AUTHN_LEVEL_PKT_PRIVACY? "PKT_PRIVACY":"?"); - debug("Request: secinfoflags=%hd",secinfoflags); - debug("Request: privs.username=%ws",username); - debug("Request: caps=%hx",caps); - - - if (SUCCEEDED(r)) { - - char *b64req=NULL; - size_t b64size = b64_encode(pctbRequest->pb, pctbRequest->cb, NULL, 0); - b64req = (char*)malloc(b64size+1); - b64_encode(pctbRequest->pb, pctbRequest->cb, b64req, b64size); - b64req[b64size] = 0; - //debug("Request: b64encoded cert request=%s",b64req); - - char *cert=NULL; - r = submitRequestToCA(b64req, &cert); - //debug("Request: submit returned %lx",r); - - if (r == 0) { - BYTE *cbin=NULL; - size_t binsize = b64_decode(cert, strlen(cert), NULL, 0); - BYTE* bincert = (BYTE*)malloc(binsize); - binsize = b64_decode(cert, strlen(cert), bincert, binsize); - pctbEncodedCert->pb = bincert; - pctbEncodedCert->cb = binsize; - *pdwDisposition = CR_DISP_ISSUED; - } else { - *pdwDisposition = CR_DISP_DENIED; - } - } - - return S_OK; - } - - STDMETHODIMP GetCACert( - /* [in] */ DWORD fchain, - /* [in][string][unique] */ const wchar_t *pwszAuthority, - /* [out][ref] */ CERTTRANSBLOB *pctbOut) - { - debug("---- GetCACert(%ws)",pwszAuthority); - CERTTRANSBLOB *x = new CERTTRANSBLOB(); - x->cb = 5; - x->pb = (BYTE*)malloc(5); - x->pb[0] = 1; - x->pb[1] = 2; - x->pb[2] = 3; - x->pb[3] = 4; - x->pb[4] = 8; - *pctbOut = *x; - return S_OK; - } - - STDMETHODIMP Ping( - /* [in][string][unique] */ const wchar_t *pwszAuthority) - { - debug("---- Ping(%ws)",pwszAuthority); - return S_OK; - } - - - - - -private: - LONG m_lRefCount; -}; - - - - -// This implementation doesn't 'do' refcounting! -class CCertRequestDFactory : public IClassFactory -{ -public: - // IUnknown Methods - STDMETHODIMP QueryInterface (REFIID riid, void** ppv) - { - - if (riid==IID_IUnknown||riid==IID_IClassFactory) { - *ppv= static_cast(this); - } else { - *ppv=NULL; return E_NOINTERFACE ; - } - - return S_OK; - } - - STDMETHODIMP_(ULONG) AddRef(void) - { - return 1; - } - - STDMETHODIMP_(ULONG) Release(void) - { - return 1; - } - - // IClassFactory Methods - STDMETHODIMP CreateInstance(LPUNKNOWN pUnkOuter, REFIID riid, void **ppv) - { - HRESULT r; - debug("Class factory creating instance of CCertRequestD"); - CCertRequestD *pCertRequestD = new CCertRequestD; - debug("created new CCertrequestd object"); - r = pCertRequestD->QueryInterface(riid, ppv); - debug("queryinterface on new object is 0x%lx",r); - return r; - } - - STDMETHODIMP LockServer(BOOL fLock) - { - return S_OK; - } -}; - -// This code does not seem to be necessary. -HRESULT RegisterInterfaceMarshaler() -{ - HRESULT r; - debug("in registerInterface Marshaler"); - DWORD dwCookie=0; - IUnknown *pUnk=0; - - r = ::DllGetClassObject(IID_ICertRequestD, IID_IUnknown, (void**)&pUnk); - if (FAILED(r)) { - debug("failed to get Class Object"); - return r; - } - - - r = ::CoRegisterClassObject(IID_ICertRequestD, pUnk, - CLSCTX_REMOTE_SERVER, - REGCLS_MULTIPLEUSE, &dwCookie); - if (FAILED(r)) { - debug("failed to register Class Object"); - return r; - } - - ::CoRegisterPSClsid(IID_ICertRequestD, IID_ICertRequestD); - if (FAILED(r)) { - debug("failed to Register PS Clsidt"); - return r; - } - debug("Registered Interface Marshaller"); - - - return S_OK; -} - -//******************************************************************* -//* The factory that can create CertRequestD objects is a globally defined. -//******************************************************************* -CCertRequestDFactory g_CertRequestDClassFactory; - -//******************************************************************* -//* The server component's main() routine. -//******************************************************************* -void exemain(int argc, char **argv) -{ - - - debug("testserver started"); - HRESULT r; - r = CoInitializeEx(NULL, COINIT_MULTITHREADED); - if (FAILED(r)) { - debug("CoInitializeEx failed (%lx)",r); - goto end; - } - - /* - r = RegisterInterfaceMarshaler(); - if (FAILED(r)) { - debug("Register InterfaceMarshaler failed (%lx)",r); - goto end; - } - */ - - - DWORD dwCookie=0; - - r = CoRegisterClassObject(CLSID_CCertRequestD, - &g_CertRequestDClassFactory, - CLSCTX_SERVER | CLSCTX_REMOTE_SERVER, - REGCLS_MULTIPLEUSE, - &dwCookie); - - if (FAILED(r)) { - debug("CoRegisterClassObject failed (%lx)",r); - goto end; - } - debug("Successfully registered class object for CCertRequestD"); - - /* - debug("testing cocreateinstanceex"); - ICertRequestD *icrd=NULL; - - COSERVERINFO si; - si.dwReserved1 = 0; - si.dwReserved2 = 0; - si.pAuthInfo = NULL; - si.pwszName = L"sparkinswindows.sparkins.sfbay.redhat.com"; - - MULTI_QI mi; - mi.pIID = &IID_ICertRequestD; - mi.pItf = NULL; - mi.hr = 0; - - - r = CoCreateInstanceEx( - CLSID_CCertRequestD, - NULL, - CLSCTX_ALL, - &si, - 1, - &mi - ); - - - if (!FAILED(r)) { - ICertRequestD *rq = (ICertRequestD *) mi.pItf; - rq->Ping(L"hello"); - debug("instance created in-process successfully"); - } - */ - - debug("Waiting for requests"); - - // For demonstration, this component will live forever. - //Sleep(INFINITE); -end: - ; - -} - - - +/** BEGIN COPYRIGHT BLOCK + * END COPYRIGHT BLOCK */ + + +#define _WIN32_DCOM +#define _WIN32_WINNT 0x500 + + + +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include +#include +#include +#include + +#include "messages.h" +#include "stdafx.h" + +//******************************************************************* +//* Required macros +//******************************************************************* +#define UNICODE // UNICODE + +//******************************************************************* +//* Includes +//******************************************************************* + +#include + +#include +#include +#include +#include +#include + +using namespace std; + +#include +#include "RedHatCSProxy_h.h" // Get CLSID and IID definitions + +#include "csproxy.h" + + +unsigned int g_logoptions; + + +extern "C" { +#include "b64.h" +}; + +void debug_lower(TCHAR *chmsg); +string guidtostr(GUID *guid); + + + + + +//******************************************************************* +//* CCertRequestD component object implementation. +//******************************************************************* + + +class CCertRequestD : public ICertRequestD2 { + +private: + LONG m_lRefCount; + registry *reg; + +public: + // constructors/destructors + CCertRequestD(registry *r) : m_lRefCount(0) + { + reg = r; + } + + ~CCertRequestD() + { + } + + // IUnknown Methods + STDMETHODIMP QueryInterface(REFIID riid, void **ppv) + { + configvars *vars = reg->getvars(); + GUID guid = riid; + //wchar_t guidstr[128]; + //guidtostr(&guid, guidstr); + //debugt(LOG_D_COM,"queryinterface: %ws",guidstr); + + if (riid==IID_IUnknown) { + debugt(LOG_D_COM,"returning IUnknown"); + *ppv = static_cast ((ICertRequestD*)this); + } else if (riid==IID_ICertRequestD) { + debugt(LOG_D_COM,"returning ICertRequestD"); + *ppv= (ICertRequestD *) this; + } else if (riid==IID_ICertRequestD2 && vars->icertrequestd2) { + debugt(LOG_D_COM,"returning ICertRequestD2"); + try { + *ppv= (ICertRequestD2 *) this; + } catch (exception e) { + debugt(LOG_D_COM,"got exception during cast to ICertRequestD2: message %s",e.what()); + *ppv=NULL; return E_NOINTERFACE ; + } + } else { + *ppv=NULL; return E_NOINTERFACE ; + } + + AddRef(); + return S_OK; + } + + STDMETHODIMP_(ULONG) AddRef(void) + { + return ++m_lRefCount; + } + + STDMETHODIMP_(ULONG) Release(void) + { + long lCount = m_lRefCount-1; + if (lCount == 0) { + delete this; + } + return lCount; + } + + STDMETHODIMP Request( + /* [in] */ DWORD dwFlags, + /* [in][string][unique] */ const wchar_t *pwszAuthority, + /* [in][out][ref] */ DWORD *pdwRequestId, + /* [out] */ DWORD *pdwDisposition, + /* [in][string][unique] */ const wchar_t *pwszAttributes, + /* [in][ref] */ const CERTTRANSBLOB *pctbRequest, + /* [out][ref] */ CERTTRANSBLOB *pctbCertChain, + /* [out][ref] */ CERTTRANSBLOB *pctbEncodedCert, + /* [out][ref] */ CERTTRANSBLOB *pctbDispositionMessage) + { + debugt(LOG_D_FUNC,"Request()"); + return Request2( + pwszAuthority, + dwFlags, + L"", + pdwRequestId, + pdwDisposition, + pwszAttributes, + pctbRequest, + pctbCertChain, // FULL Response / Cert Chain + pctbEncodedCert, + pctbDispositionMessage + ); + } + + STDMETHODIMP Request2( + /* [in][string][unique] */ const wchar_t *pwszAuthority, + /* [in] */ DWORD dwFlags, + /* [in][string][unique] */ const wchar_t *pwszSerialNumber, + /* [in][out][ref] */ DWORD *pdwRequestId, + /* [out] */ DWORD *pdwDisposition, + /* [in][string][unique] */ const wchar_t *pwszAttributes, + /* [in][ref] */ const CERTTRANSBLOB *pctbRequest, + /* [out][ref] */ CERTTRANSBLOB *pctbFullResponse, + /* [out][ref] */ CERTTRANSBLOB *pctbEncodedCert, + /* [out][ref] */ CERTTRANSBLOB *pctbDispositionMessage) + + { + //_asm int 3; + + + + debugt(LOG_D_FUNC,"Request2()"); + if (pctbRequest->cb >7) { + debugt(LOG_D_DETAIL,"---- Request2(flags=%hx, authority=%ws, requestid=%hd, attributes=%ws," + " serial=%ws request[0..6]=%02x:%02x:%02x:%02x:%02x:%02x:%02x", + dwFlags, pwszAuthority, pdwRequestId, pwszAttributes, + pwszSerialNumber, + pctbRequest->pb[0], pctbRequest->pb[1], + pctbRequest->pb[2], pctbRequest->pb[3], + pctbRequest->pb[4], pctbRequest->pb[5], + pctbRequest->pb[6] + ); + } + IServerSecurity *iss = NULL; + HRESULT r; + + +// This code is used to extract security info from the +// COM context. + + DWORD authsvc; + DWORD authzsvc; + OLECHAR *svrprincname; + DWORD authlevel; + DWORD implevel= -1; + + RPC_AUTHZ_HANDLE privs; + SEC_WINNT_AUTH_IDENTITY *privs_identity = (SEC_WINNT_AUTH_IDENTITY*)&privs; + DWORD caps = EOAC_MAKE_FULLSIC; + + debugt(LOG_D_COM,"About to call CoQueryClientBlanket"); + r = CoQueryClientBlanket(&authsvc, &authzsvc, &svrprincname, + &authlevel, NULL, &privs, &caps); + debugt(LOG_D_COM,"CoQueryClientBlanket returned %d",r); + + wchar_t* username = (wchar_t*)privs; + + DWORD secinfoflags = privs_identity->Flags; + debugt(LOG_D_COM,"Request: Client Blanket:" + "(authsvc=%hx(%s), authzsvc=%hx(%s), ", + authsvc, + authsvc==RPC_C_AUTHN_WINNT? "WINNT SSP":"?" , + authzsvc, + authzsvc==RPC_C_AUTHZ_NONE? "AUTHZ_NONE":"?"); + + debugt(LOG_D_COM,"Request: " + "svrprincname=%ws, authlevel=%hd(%s) " + "secinfoflags=%hd privs.username=%ws caps=%hx", + svrprincname, + authlevel, + authlevel==RPC_C_AUTHN_LEVEL_PKT_PRIVACY? "PKT_PRIVACY":"?", + secinfoflags, + username, + caps ); + + configvars *vars = reg->getvars(); + + requestinfo req; + /* Pull apart PKCS#10, putting pieces into request object */ + req.parseRequest(pctbRequest); + + /* Pull apart attribute strings into request object */ + req.parseAttributes(pwszAttributes); + + /* Figure out which type of cert the requestor wants */ + req.determineCertificateTemplate(); + + context cx(vars); + cx.request = &req; + + /* if a profile map exists, convert the windows cert template + * name to a CS profile name. + */ + string csprofile = *(req.windowsCertTemplateName); + if (cx.config->profilemap.find(csprofile) != cx.config->profilemap.end()) { + csprofile = cx.config->profilemap[csprofile].rhcsprofilename; + } + // Copies pieces of the of the request into http name/value pairs + req.populateRequestForTemplate(csprofile); + + + + vector candidatecas = cx.makeCandidateCAList(); + if (candidatecas.size() == 0) { + // uh-oh : no ca can service this type of request + } + + vector respondingcas = cx.findRespondingCAs(candidatecas); + if (respondingcas.size() == 0) { + // uh-oh : all the CA's are down, and we haven't waited long enough to + // retry + } + + + *pdwDisposition = CR_DISP_ERROR; + + string cert, certchain; + + for (unsigned int j=0; jlast_success); + } else { + GetSystemTimeAsFileTime(&cx.selectedca->last_failure); + } + + size_t errors_size = cx.errors.size(); + if (errors_size>0) { + string e = cx.errors[0]; + if (errors_size > 1) { + for (unsigned int k=1; k < errors_size; k++) { + e = " >> "+ cx.errors[k]; + } + } + + debugt(LOG_GENERAL, "%s error was encountered while " + "submitting the certificate request to CA " + "%s:%d. \nFull error details: %s", + cx.fatalerror ? "A fatal" : "A nonfatal", + cx.selectedca->host, cx.selectedca->port, + e.c_str()); + } + + /* If we got a certificate, break */ + if (r == 0) { break; } + + /* Fatal error: We communicated with the CA. The CA + * processed our HTTP request, and returned a + * response which positively indicated that the + * certificate request failed. We do not try to + * post requests to other CA's in the list. + * + * Nonfatal: We could not make a connection to the CA, + * or, the HTTP response was not '200'. In this case, + * we continue to try other CA's in the list. + * + * If the certificate request is waiting for approval + * (in pending state), then this is not a fatal error + * but we don't handle this case well + */ + + if (cx.fatalerror) { + break; + } + } + + if (r == 0) { // success + + decodeToBlob(cert.c_str(), pctbEncodedCert); + //debug("dumping certificate... %s", cert.c_str()); + //debugbuffer(pctbEncodedCert->pb,pctbEncodedCert->cb); + + decodeToBlob(certchain.c_str(), pctbFullResponse); + //debug("dumping cert chain... %s", certchain.c_str()); + //debugbuffer(pctbFullResponse->pb,pctbFullResponse->cb); + + // XXX need to get disposition from req-> + *pdwDisposition = CR_DISP_ISSUED; + } else { + debugt(LOG_CERT,"A certificate was not issued. Failure code %lx",r); + *pdwDisposition = CR_DISP_ERROR; + +#if 0 + /* Here, I want to include the error message from + * cx.errors, and stuff it into the disposition message. + * My hope was that this would get displayed to the + * enrolling application, but that is not the case, + * so maybe I'm doing something wrong here. + */ + if (pctbDispositionMessage != NULL) { + + + USES_CONVERSION; + char* sMultibyte = "hello"; + BSTR sUnicode; + + sUnicode = SysAllocString(A2W(sMultibyte)); + + pctbDispositionMessage->pb = (BYTE*)sUnicode; + pctbDispositionMessage->cb = sizeof(BSTR); + } +#endif + + } + + return S_OK; + } + + + STDMETHODIMP GetCAPropertyInfo( + /* [in][string][unique] */ const wchar_t *pwszAuthority, + /* [out] */ LONG *pcProperty, + /* [out][ref] */ CERTTRANSBLOB *pctbPropInfo) + { + debugt(LOG_D_FUNC,"GetCAPropertyInfo"); + //debugt(LOG_D_DETAIL,"property: %d",pcProperty); + return S_OK; + } + + STDMETHODIMP GetCAProperty( + /* [in][string][unique] */ const wchar_t *pwszAuthority, + /* [in] */ LONG PropId, + /* [in] */ LONG PropIndex, + /* [in] */ LONG PropType, + /* [out][ref] */ CERTTRANSBLOB *pctbPropertyValue) + { + debugt(LOG_D_FUNC,"GetCAProperty: authority=%ws, PropId = %d, PropIndex =%d, PropType = %d", + pwszAuthority, PropId, PropIndex, PropType); + pctbPropertyValue->cb = 0; + pctbPropertyValue->pb = NULL; + return S_OK; + } + + /* GetCACert is not usually called during enrollment, but is called + * during some query operations initiated with the certutil.exe command + */ + STDMETHODIMP GetCACert( + /* [in] */ DWORD fchain, + /* [in][string][unique] */ const wchar_t *pwszAuthority, + /* [out][ref] */ CERTTRANSBLOB *pctbOut) + { + BYTE storage[8192]; + BYTE *b = storage; + unsigned short *msg = NULL; + int s=0; + + char *c = (char*) &fchain; + + debug("---- GetCACert(%d=%x[%c%c%c%c],%ws)",fchain,fchain,c[3],c[2],c[1],c[0],pwszAuthority); + if (pctbOut != NULL) { + debug("---- GetCACert(certtransblob: cb = %d, pb=%lx",pctbOut->cb, pctbOut->pb); + } else { + debug("---- GetCACert(certtransblob=NULL)"); + } + + unsigned long fchain_upper = fchain & 0xFFFF0000; + unsigned long fchain_lower = fchain & 0x0000FFFF; + + // some values of 'fchain' have their name in the first two bytes, and + // and index in the lower two bytes. + // if the first two bytes do indicate one of these types, we will + // mask off those lower two bytes so that we can switch() on it. + if (fchain_upper == 0x65780000 || // ex + fchain_upper == 0x63740000 || // ct + fchain_upper == 0xe3740000 || // pi-t! + fchain_upper == 0xe3f40000 || // pi-?! + fchain_upper == 0x736c0000 || // pi-?! + 0) { + fchain = fchain_upper; + } + + switch (fchain) { + case 0x6E616D65: // name + debug(" parsing 'name'"); + b[0] = 'r'; b[1] = 0; b[2] = 'h'; b[3] = 0; + b[4] = 'c'; b[5] = 0; b[6] = '3'; b[7] = 0; + s = 8; + msg = L"Red Hat Certificate System Proxy"; + break; + case 0x696E666F: // info + debug(" parsing 'info'"); + + CAINFO c; + c.cbSize = sizeof(CAINFO); // not sure about this one? + c.CAType = ENUM_ENTERPRISE_ROOTCA; + c.cCASignatureCerts = 0; + c.cCAExchangeCerts = 0; + c.cExitModules = 0; + c.lPropIdMax = 0; + c.lRoleSeparationEnabled = 0; + c.cKRACertCount = 0; + c.cKRACertUsedCount = 0; + c.fAdvancedServer = 0; + + b = (BYTE*) &c; + s = sizeof(CAINFO); + + break; + case 0x74797065: // type + debug(" parsing 'type'"); + b[0] = 0; b[1] = 0; b[2] = 0; b[3] = 0; // ENUM_ENTERPRISE_ROOTCA=0; + s = 4; + break; + case 0x70726f64: // prod + debug(" parsing 'prod'"); + b[0] = 'r'; b[1] = 0; b[2] = 'h'; b[3] = 0; + b[4] = 'c'; b[5] = 0; b[6] = '4'; b[7] = 0; + s = 8; + msg = L"Red Hat Certificate System Proxy"; + break; + case 0x73740000: // st(atus) + b[0] = 1; // return 'unavailable' + b[1] = 1; // return 'unavailable' + b[2] = 1; // return 'unavailable' + b[3] = 1; // return 'unavailable' + b[4] = 1; // return 'unavailable' + s=5; + /* this returns an array of bytes , with each byte + representing the status of one certificate, as follows: + 0 -- Incomplete + 1 -- Unavailable + 2 -- Revoked + 3 -- Valid + 4 -- Expired + 5 -- Under Submission + >=6 Unknown + */ + break; + case 0x736C0000: // sl (crl) + b[0] = 1; // return 'unavailable' + s=0; + break; + case 0x65780000: // ex (exit?) + msg = L"Red Hat Certificate System Proxy"; + break; + case 0x63740000: // ct + b[0] = 1; + s=1; + break; + case 0xe3740000: // pi-t + b[0] = 1; + s=1; + break; + case 0xe3f40000: // pi-? + b[0] = 1; + s=1; + break; + case 0x66696c65: // file + msg = L"no-file-present"; + break; + case 0x706f6c69: // poli + msg = L"xxxx"; + break; + case 0x73616e69: // sani(tized name) + msg = L"Red Hat Certificate System Proxy"; + break; + case 0x73686172: // shar (shared file name) + msg = L"no-shared-file-present"; + break; + case 0x70617265: // pare (parent ca) + b[0] = 0; + s=0; + msg = L"Parent"; + break; + default: + return -1; + b[0] = 0; + s=0; + break; + } + + /* + x->cb = this->vars->cacert_size; + x->pb = (BYTE*)malloc(this->vars->cacert_size); + memcpy(x->pb,this->vars->cacert,this->vars->cacert_size); + */ + + if (msg != NULL) { + pctbOut->pb = (BYTE*)wcsdup((wchar_t *)msg); + pctbOut->cb = (DWORD) wcslen((wchar_t *)msg) * 2; + } else { + if (s==0) { + pctbOut->pb = NULL; + pctbOut->cb = 0; + } else { + pctbOut->pb = (BYTE*)malloc(s); + memcpy(pctbOut->pb,b,s); + pctbOut->cb = s; + } + } + + return S_OK; + } + + + // Ping is effectively unimplemented + STDMETHODIMP Ping( + /* [in][string][unique] */ const wchar_t *pwszAuthority) + { + debugt(LOG_D_FUNC,"Ping"); + debugt(LOG_D_DETAIL,"Ping - Authority = %ws",pwszAuthority); + return S_OK; + } + + STDMETHODIMP Ping2( + /* [in][string][unique] */ const wchar_t *pwszAuthority) + { + debugt(LOG_D_FUNC,"Ping2"); + debugt(LOG_D_DETAIL,"Ping2 - Authority = %ws",pwszAuthority); + return Ping(pwszAuthority); + } + + + + + + +}; + + + + +// This implementation doesn't 'do' refcounting! +class CCertRequestDFactory : public IClassFactory +{ + registry *reg; +public: + CCertRequestDFactory() + { + reg = new registry(); + reg->update(); + } + // IUnknown Methods + STDMETHODIMP QueryInterface (REFIID riid, void** ppv) + { + + if (riid==IID_IUnknown) { + *ppv = (IUnknown*)this; + } else if (riid==IID_IClassFactory) { + *ppv= static_cast(this); + } else { + *ppv=NULL; + return E_NOINTERFACE; + } + + return S_OK; + } + + STDMETHODIMP_(ULONG) AddRef(void) + { + return 1; + } + + STDMETHODIMP_(ULONG) Release(void) + { + return 1; + } + + + + // IClassFactory Methods + STDMETHODIMP CreateInstance(LPUNKNOWN pUnkOuter, REFIID riid, void **ppv) + { + HRESULT r; + + debugt(LOG_D_COM,"Class factory creating instance of CCertRequestD"); + + + CCertRequestD *pCertRequestD = new CCertRequestD(reg); + debugt(LOG_D_COM,"created new CCertrequestd object"); + r = pCertRequestD->QueryInterface(riid, ppv); + + return r; + } + + STDMETHODIMP LockServer(BOOL fLock) + { + return S_OK; + } + +private: + configvars *vars; +}; + +// This code does not seem to be necessary. +HRESULT RegisterInterfaceMarshaler() +{ + HRESULT r; + debugt(LOG_D_COM,"in registerInterface Marshaler"); + DWORD dwCookie=0; + IUnknown *pUnk=0; + + r = ::DllGetClassObject(IID_ICertRequestD, IID_IUnknown, (void**)&pUnk); + if (FAILED(r)) { + debugt(LOG_D_COM,"failed to get Class Object"); + return r; + } + + + r = ::CoRegisterClassObject(IID_ICertRequestD, pUnk, + CLSCTX_REMOTE_SERVER, + REGCLS_MULTIPLEUSE, &dwCookie); + if (FAILED(r)) { + debugt(LOG_D_COM,"failed to register Class Object"); + return r; + } + + ::CoRegisterPSClsid(IID_ICertRequestD, IID_ICertRequestD); + if (FAILED(r)) { + debugt(LOG_D_COM,"failed to Register PS Clsidt"); + return r; + } + debugt(LOG_D_COM,"Registered Interface Marshaller"); + + + return S_OK; +} + +//******************************************************************* +//* The factory that can create CertRequestD objects is a globally defined. +//******************************************************************* +CCertRequestDFactory *g_CertRequestDClassFactory; + +void getlogconfig() +{ + HRESULT r; + + // read log flags + HKEY config; + r = RegOpenKeyEx(HKEY_LOCAL_MACHINE, + TEXT("SOFTWARE\\Red Hat\\RHCSProxy\\Config"), + 0, //options + KEY_READ, + &config ); + if (FAILED(r)) return; + + + char buf[256]; + DWORD size = 256; + r = RegQueryValueEx( + config, + "LogOptions", + NULL, + NULL, + (LPBYTE)buf, + &size ); + if (FAILED(r)) { + g_logoptions = LOG_REQ |LOG_CERT; + } else { + g_logoptions = atoi(buf); + } +} + + +EXTERN_C const IID IID_ICertRequestD; + +//******************************************************************* +//* The server component's main() routine. +//******************************************************************* +void exemain(int argc, char **argv) +{ + HRESULT r; + + debugt(LOG_D_COM,"Certificate System proxy started"); + + r = CoInitializeEx(NULL, COINIT_MULTITHREADED); + if (FAILED(r)) { + debug("CoInitializeEx failed (%lx)",r); + goto end; + } + + CLSID guid; + r = CLSIDFromString(L"{D99E6E74-FC88-11D0-B498-00A0C90312F3}",&guid); + + r = CoInitializeSecurity((PSECURITY_DESCRIPTOR)&guid, // access permissions + -1, // count of auth services (-1 -> let dcom choose) + NULL, // auth services + NULL, // reserved + RPC_C_AUTHN_LEVEL_CONNECT, + RPC_C_IMP_LEVEL_IDENTIFY, + NULL, // pAuthList + EOAC_APPID, // capabilities + NULL); // reserved + + if (FAILED(r)) { + debug("CoInitializeSecurity failed (%lx)",r); + goto end; + } + + g_CertRequestDClassFactory = new CCertRequestDFactory(); + + DWORD dwCookie=0; + + r = CoRegisterClassObject(CLSID_CCertRequestD, + g_CertRequestDClassFactory, + CLSCTX_SERVER | CLSCTX_REMOTE_SERVER, + REGCLS_MULTIPLEUSE, + &dwCookie); + + if (FAILED(r)) { + debugt(LOG_D_COM,"CoRegisterClassObject failed (%lx)",r); + goto end; + } + debugt(LOG_D_COM,"Successfully registered class object for CCertRequestD"); + + debugt(LOG_D_COM,"Waiting for requests"); + + while (service_running()) { + Sleep(1000); + } + debugt(LOG_D_COM,"Saw stop signal"); +end: + ; + +} + + +LONG getguid(LPCWSTR dchostname, GUID *guid) +{ + + HRESULT hr = S_OK; // COM result variable + ADS_SEARCH_COLUMN col; // COL for iterations + LPWSTR szUsername = NULL; // Username + LPWSTR szPassword = NULL; // Password + LONG r=0; + ADS_SEARCH_HANDLE hSearch; + + // Interface Pointers. + IDirectorySearch *pDSSearch =NULL; + + // Initialize COM. + hr = CoInitializeEx(NULL, COINIT_MULTITHREADED); + if (FAILED(hr)) { + debug("CoInitializeEx failed (%lx)",hr); + goto loser; + } + + + + IADs *rootdse = NULL; + //IADsPropertyList *rootdse_props = NULL; + // Add code to securely retrieve the username and password or + // leave both as NULL to use the default security context. + + // Open a connection with server. + hr = ADsOpenObject(L"LDAP://rootDSE", + szUsername, + szPassword, + ADS_SECURE_AUTHENTICATION, + IID_IADs, + (void **)&rootdse); + if (FAILED(hr)) { r = 10; goto loser; } + +// if (FAILED(hr)) { r = 12; goto loser; } + // XXX Leaks + BSTR dnname = SysAllocString(L"defaultNamingContext"); + VARIANT v; + hr = rootdse->Get(dnname,&v); + if (FAILED(hr)) { r = 11; goto loser; } + + + + + if (dnname == NULL) { r = 4; goto loser; } + + + size_t i = wcslen(v.bstrVal); + // XXX leaks + wchar_t *dc_base_url = (wchar_t *)malloc( (sizeof wchar_t)*(i+20)); + wcscpy(dc_base_url,L"LDAP://"); + wcscat(dc_base_url,v.bstrVal); + hr = ADsOpenObject(dc_base_url, szUsername,szPassword, + ADS_SECURE_AUTHENTICATION, + IID_IDirectorySearch, + (void **)&pDSSearch); + LPWSTR attrs[1]; + attrs[0] = L"objectGUID"; + size_t hostnamelen = wcslen(dchostname); + // XXX Leaks + wchar_t *filter = (wchar_t *)malloc( (sizeof wchar_t)*(hostnamelen+20)); + wcscpy(filter,L"dNSHostName="); + wcscat(filter,dchostname); + hr = pDSSearch->ExecuteSearch(filter,attrs, 1, &hSearch); + + if (FAILED(hr)) { r = 1; goto loser; } + + hr = pDSSearch->GetNextRow(hSearch); + if (hr == S_ADS_NOMORE_ROWS) { r = 13; goto loser; } + if (FAILED(hr)) { r = 2; goto loser; } + + + // column leaked + hr = pDSSearch->GetColumn(hSearch, attrs[0], &col); + if (FAILED(hr)) { r = 3; goto loser; } + + switch (col.dwADsType) + { + case ADSTYPE_OCTET_STRING: + if (guid != NULL) { + memcpy( (LPBYTE)guid, + col.pADsValues[0].OctetString.lpValue, + col.pADsValues[0].OctetString.dwLength); + } + break; + default: + printf("Unexpected ADsType: %d\n", col.dwADsType); + r = 8; + goto loser; + break; + } + r = S_OK; +loser: + if (r != S_OK) { + printf("error code %lx at %d\n",hr,r); + } + if (pDSSearch != NULL) pDSSearch->CloseSearchHandle(hSearch); + return r; +} + + + +/* Attributes is a string consisting of a series of lines, with each + * line consisting of a string of the form: + * name:value + * + * This functions breaks up the attributes string and + * puts it the name/values into an map in req->attrs + */ +void requestinfo::parseAttributes(const wchar_t *pwszAttributes) +{ + debugt(LOG_D_FUNC,"parseAttributes"); + USES_CONVERSION; + istringstream stream(W2A(pwszAttributes)); + string line; + + + while (stream >> line) { + size_t colon = line.find(':'); + + string name = line.substr(0,colon); + string value = line.substr(colon+1); + this->attrs[name] = value; + } + +debugt(LOG_D_FUNC,"parseAttributes (returning)"); +} + + +/* + * base-64 decodes the string in 'src', and puts the binary + * in an allocated buffer inside of blob. This function allocates + * the buffer + */ +void decodeToBlob(const char *src, CERTTRANSBLOB *blob) +{ + debugt(LOG_D_FUNC,"decodeToBlob"); + if (src != NULL) { + // Decode b64 into a binary + // Allocates a little too much, by basing the size on + // the b64 string instead of the binary, but its big enough + // XXX - need to free this + unsigned char *dest = (unsigned char*)calloc(strlen(src),1); + size_t size = decode_base64((unsigned char*)dest,src); + + if (size) { + blob->pb = dest; + blob->cb = (DWORD)size; + } + } + debugt(LOG_D_FUNC,"decodeToBlob (returning)"); +} + + /* + * This function pulls apart the P10 plob, and populates the + * requestinfo structure with useful information from the request + * See http://technet2.microsoft.com/WindowsServer/en/library/d78843f2-f739-4d1f-84ca-f6337f5685d81033.mspx?mfr=true + * for an example request (although it doesn't seem to be exactly + * what the client sends - my test showed that the DC doesn't put a + * SubjectAltName extension in the request, which means I have to + * figure out the DC GUID through other means. sigh. + */ +void requestinfo::parseRequest(const CERTTRANSBLOB *p10) +{ + CERT_REQUEST_INFO *b; + DWORD b_size = 0; + + debugt(LOG_D_FUNC,"parseRequest"); + + this->PKCS10Request = encode_base64(p10->cb, p10->pb); + + // Pull apart the PKCS#10 cert request. + if (! CryptDecodeObjectEx( + X509_ASN_ENCODING, + X509_CERT_REQUEST_TO_BE_SIGNED, + p10->pb, + p10->cb, + CRYPT_DECODE_ALLOC_FLAG, + NULL, // para + &b, + &b_size + ) ) + { + debugt(LOG_D_DETAIL,"failed to parse PKCS#10 - error: %lx:",GetLastError()); + return; + } + + /* For each attribute: */ + for (unsigned int i=0;i cAttribute; i++) { + CRYPT_ATTRIBUTE *a = &b->rgAttribute[i]; + +/* + if (debugt(LOG_D_DETAIL,"A Comparing OID #%d: '%s' == '%s'", + i,szOID_OS_VERSION, a->pszObjId), + strcmp(szOID_OS_VERSION,a->pszObjId) == 0) { + // os version + continue; + } + if (debugt(LOG_D_DETAIL,"B Comparing OID #%d: '%s' == '%s'", + i,szOID_REQUEST_CLIENT_INFO, a->pszObjId), + strcmp(szOID_REQUEST_CLIENT_INFO,a->pszObjId) == 0) { + // client info + continue; + } + */ + debugt(LOG_D_DETAIL,"C Comparing OID #%d: '%s' == '%s' (latter was provided in certificate request)", + i,szOID_RSA_certExtensions, a->pszObjId); + if (strcmp(szOID_RSA_certExtensions,a->pszObjId) == 0) { + // requested extensions + for (DWORD k=0; k < a->cValue; k++) { + CRYPT_ATTR_BLOB *p = &a->rgValue[k]; + CERT_EXTENSIONS ex; + CERT_EXTENSIONS *e = &ex; + DWORD e_size = sizeof(CERT_EXTENSIONS); + if (!CryptDecodeObjectEx(X509_ASN_ENCODING, + X509_EXTENSIONS, + p->pbData, + p->cbData, + CRYPT_DECODE_ALLOC_FLAG, + NULL, + &e, + &e_size + ) ) { + continue; + } + + + for (unsigned int j=0;jcExtension; j++) { + CERT_EXTENSION *c = &e->rgExtension[j]; + if (strcmp(szOID_ENROLL_CERTTYPE_EXTENSION, + c->pszObjId) == 0) { + debug("cert type: %02x %02x %02x %02x", + c->Value.pbData[0], + c->Value.pbData[1], + c->Value.pbData[2], + c->Value.pbData[3] ); + + // XXX need to convert from unicode to ascii + char *d = (char*)c->Value.pbData; + if (d[0] == 0x1e) { // BMPSTRING + int length = d[1]/2; // only half the space is needed as + // we convert UNICODE->ASCII + string *s = new string(); + for (int m=0;mappend(1,d[2 + m*2 +1]); + } + this->windowsCertTemplateName = s; + } + } + } + } + continue; + } + } + debugt(LOG_D_FUNC,"parseRequest (returning)"); +} + + +/* returns how much 'newer' newer is, in seconds */ +unsigned int filetimedeltaseconds(FILETIME older, FILETIME newer) +{ + ULONGLONG o, n, diff; + o = older.dwHighDateTime << (8*sizeof(older.dwHighDateTime)); + o |= older.dwLowDateTime; + n = newer.dwHighDateTime << (8*sizeof(newer.dwHighDateTime)); + n |= newer.dwLowDateTime; + + diff = n-o; + + // diff is in 100ns intervals. + // * 10 intervals per us + // * 1000 us per ms + // * 1000 ms per s + ULONGLONG seconds = diff / ( 10 * 1000 * 1000 ); + unsigned int s = (int) seconds; + + return s; +} + +/* Returns a list of CAs in the order that they should be tried. + */ +vector context::findRespondingCAs(vector candidates) +{ + debugt(LOG_D_FUNC,"findRespondingCAs"); + vector cas; + + FILETIME now; + + GetSystemTimeAsFileTime(&now); + + for (unsigned int i=0;i last_failure, now) + > config->retryinterval ) + { + cas.push_back(config->all_cas[i]); + } + } + debugt(LOG_D_FUNC,"findRespondingCAs (returning)"); + return cas; + +} + +vector context::makeCandidateCAList() +{ + debugt(LOG_D_FUNC,"makeCandidateCAList"); + // make a list of all the CAs which can service the request + vector cas; + for (unsigned int i=0;i all_cas.size(); i++) { + if ( config->all_cas[i]->canService(request->windowsCertTemplateName)) + { + cas.push_back(config->all_cas[i]); + } + } + debugt(LOG_D_FUNC,"makeCandidateCAList (returning)"); + return cas; +} + +/* + * There seems to be two ways for the enrollee to indicate + * what certificate type it wants. Either it can set this + * CertificateTemplate attribute in the request (as does + * IIS), or failing that, it can include the Certificate + * Template extension in the PKCS#10 request + */ + +void requestinfo::determineCertificateTemplate() +{ + debugt(LOG_D_FUNC,"determineCertificateTemplate"); + //req->httpvars["CertificateTemplate"] = *(this->windowsCertTemplateName); + + if (windowsCertTemplateName == NULL) { + // IIS doesn't put it's cert template inside the PKCS#10 request, it sets it + // in this attribute: + windowsCertTemplateName = new string(attrs["CertificateTemplate"]); + } + if (*windowsCertTemplateName == "WebServer") { + // hopefully, IIS puts the CN requested into the PKCS#10. + } + if (*windowsCertTemplateName == "DomainController") { + USES_CONVERSION; + + GUID gu; + const char *ccm = attrs["ccm"].c_str(); + const wchar_t *ccmw = A2W(ccm); + + HRESULT r = getguid(ccmw,&gu); + if (FAILED(r)) { + disposition = CR_DISP_ERROR; + goto loser; + } + string guidstr = guidtostr(&gu); + attrs["GUID"] = guidstr; + } + + +loser: + debugt(LOG_D_FUNC,"determineCertificateTemplate (returning)"); + return; +} + + +void requestinfo::populateRequestForTemplate(string &csprofile) +{ + debugt(LOG_D_FUNC,"populateRequestForTemplate"); + /* copy all attributes into HTTP vars */ + map copy(this->attrs.begin(), this->attrs.end()); + this->httpvars = copy; + + this->httpvars["cert_request_type"] = "pkcs10"; + this->httpvars["cert_request"] = this->PKCS10Request; + const char *s = this->httpvars["cert_request"].c_str(); + this->httpvars["requestor_phone"] = "unknown"; + this->httpvars["profileId"] = csprofile; + debugt(LOG_D_FUNC,"populateRequestForTemplate (returning)"); +} + + + + +void main(int argc, char **argv) +{ + + int i; + int interactive=1; // FORCE for now! + int test=0; + int configtest=0; + int dogetguid=0; + int service=0; + + getlogconfig(); + + debug("argc = %d",argc); + for (i=0;i2048) length = 2048; + + + int partsize=64; + for (int i=0; i partsize) count=partsize; + debugt(LOG_D_DETAIL, "Dumping buffer. Size = %d, Offset=%d", + length, i); + debugbuffer2(buf, count, i); + } + + +} + +void debug(const char* pFormat,...) +{ + int type = LOG_D_DETAIL; + if (should_log(type)) { + TCHAR chmsg[10240]; + va_list pa; + va_start(pa,pFormat); + vsprintf(chmsg, pFormat, pa); + va_end(pa); + debug_lower(chmsg); + } +} + +void debugt(unsigned int type, const char * pFormat,...) +{ + if (should_log(type)) { + TCHAR chmsg[10240]; + va_list pa; + va_start(pa,pFormat); + vsprintf(chmsg, pFormat, pa); + va_end(pa); + debug_lower(chmsg); + } +} + +void debug_lower(TCHAR *chmsg) +{ + LPTSTR lpszStrings[1]; + HANDLE es; + + TCHAR msg[10240]; + /* don't print thread ID unless we're logging detail messages */ + if (should_log(LOG_D_DETAIL)) { + sprintf(msg,"thread=%x %s",GetCurrentThreadId(),chmsg); + } else { + sprintf(msg,"%s",chmsg); + } + lpszStrings[0] = msg; + + es = RegisterEventSource(NULL, "RHCSProxy"); + + if (es != NULL) { + ReportEvent(es, //event source + EVENTLOG_INFORMATION_TYPE, //event type + 0, // category + MSG_RHCSPROXY_DEBUG, // message id + NULL, // SID - security identifier + 1, // number of strings supplied + 0, // length of binary data + (LPCTSTR*) &lpszStrings[0], // strings + NULL); // binary data + printf("%s\n",msg); + DeregisterEventSource(es); + } + +} + +string guidtostr(GUID *guid) { + char str[40]; + + sprintf(str, "%08lX%04X%04X%02X%02X%02X%02X%02X%02X%02X%02X", + guid->Data1, guid->Data2, guid->Data3, + guid->Data4[0], guid->Data4[1], guid->Data4[2], guid->Data4[3], + guid->Data4[4], guid->Data4[5], guid->Data4[6], guid->Data4[7] ); + + return string(str); +} + Index: submit.cpp =================================================================== RCS file: /cvs/dirsec/windowsautoenroll/proxy/submit.cpp,v retrieving revision 1.1.1.1 retrieving revision 1.2 diff -u -r1.1.1.1 -r1.2 --- submit.cpp 29 Jul 2006 00:42:44 -0000 1.1.1.1 +++ submit.cpp 13 Mar 2007 01:36:10 -0000 1.2 @@ -1,663 +1,591 @@ -/** BEGIN COPYRIGHT BLOCK - * This Program is free software; you can redistribute it and/or modify it under - * the terms of the GNU General Public License as published by the Free Software - * Foundation; version 2 of the License. - * - * This Program is distributed in the hope that it will be useful, but WITHOUT - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS - * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License along with - * this Program; if not, write to the Free Software Foundation, Inc., 59 Temple - * Place, Suite 330, Boston, MA 02111-1307 USA. - * - * In addition, as a special exception, Red Hat, Inc. gives You the additional - * right to link the code of this Program with code not covered under the GNU - * General Public License ("Non-GPL Code") and to distribute linked combinations - * including the two, subject to the limitations in this paragraph. Non-GPL Code - * permitted under this exception must only link to the code of this Program - * through those well defined interfaces identified in the file named EXCEPTION - * found in the source code files (the "Approved Interfaces"). The files of - * Non-GPL Code may instantiate templates or use macros or inline functions from - * the Approved Interfaces without causing the resulting work to be covered by - * the GNU General Public License. Only Red Hat, Inc. may make changes or - * additions to the list of Approved Interfaces. You must obey the GNU General - * Public License in all respects for all of the Program code and other code used - * in conjunction with the Program except the Non-GPL Code covered by this - * exception. If you modify this file, you may extend this exception to your - * version of the file, but you are not obligated to do so. If you do not wish to - * provide this exception without modification, you must delete this exception - * statement from your version and license this file solely under the GPL without - * exception. - * - * - * Copyright (C) 2006 Red Hat, Inc. - * All rights reserved. - * END COPYRIGHT BLOCK */ - -#define _WIN32_DCOM - - -#include -#include -#include - -#include -#include -#include -#include -#include - -#include - -#include -#include - -#include - -extern void debug(LPCTSTR pFormat,...); - - -int add_char(char *p, char c) -{ - int i=1; - char *h = "0123456789abcdef"; - if ( isalnum(c) || c == '-' || c == '_' || c == '.' || c == '~') { - *p = c; - } else { - *p++ = '%'; - *p++ = h[((c & 0xf0) >> 4)]; - *p++ = h[c & 0x0f]; - i=3; - } - return i; -} - -char *make_nv(char *name, char*value) -{ - //alloc mem for worst case, everything needs to be encoded, plus =, plus terminating 0 - char *p = NULL; - char *r; - r = (char*)malloc(strlen(name)*3 + strlen(value)*3 +1 +1); - p=r; - while (1) { - if (*name) { - p += add_char(p,*name); - name++; - if (*name == 0) { - *p = '='; - p++; - } - } else { - if (*value) { - p += add_char(p,*value); - value++; - } else { - break; - } - } - - } - *p = 0; - return r; -} - - -char *buildRequestString(char *certrequest) -{ - char *p[10]; - int c=0; - int i=0, s=0; - - if (certrequest == NULL) { return NULL; } - - p[c++] = make_nv("cert_request_type", "pkcs10"); - - p[c++] = make_nv("cert_request", certrequest); - p[c++] = make_nv("requestor_phone", "650 650 6500"); - p[c++] = make_nv("profileId", "caAgentServerCert"); - p[c] = NULL; - - for (i=0; i buffersize) { - printf("CA returned too much data.\n"); - r = -2; - goto loser; - } - if (!WinHttpReadData( hRequest, (LPVOID)&response[index], dwSize, (LPDWORD)&dwDownloaded)) { - printf("Error %u in WinHttpReadData.\n", GetLastError()); - r = -3; - goto loser; - } - else { - index += dwDownloaded; - response[index] = 0; - } - - } while (dwSize>0); - -loser: - if (r) { - free(response); - *buffer = NULL; - } else { - *buffer = response; - } - return r; -} - -// modifies 'response' -// fills in 'cert' with a pointer to the cert returned from the CA -LONG extractCertFromResponse(char *response, char**c) -{ - LONG r=0; - char *cert = NULL; - - *c = NULL; - printf("Response from CA: %s\n",response); - char *beginmarker = "-----BEGIN CERTIFICATE-----"; - char *begincert = strstr(response,beginmarker); - if (begincert == NULL) { - r = -1; - goto loser; - } - begincert += strlen(beginmarker); - char *endcert = strstr(begincert,"-----END CERTIFICATE-----"); - if (endcert == NULL) { - r = -2; - goto loser; - } - *endcert =0; - cert = begincert; - int s,d; - - for (s=0,d=0; begincert[s]; ) { - if (begincert[s] == '\\') { - if (begincert[s+1] == 0) { break; } // malformed input - backslash at end of str - s+=2; // skip over slash and escaped char - continue; - } - cert[d] = begincert[s]; - d++; - s++; - } - cert[d] = 0; - *c = strdup(cert); -loser: - return r; -} - -// returns 0 on success -LONG submitRequestToCA(char *certrequest, char **cert) - -{ - LONG r=0; - - char *hostname = NULL; - int port = 0; - char *clientcertname = NULL; - char *response=NULL; - - debug("submit: begin"); - - if (getConfig(&hostname, &port, &clientcertname)) { - return r | 0x8C01000; - } - debug("submit: after getConfig... %s, %d, %s", hostname, port, clientcertname); - - BOOL bResults = FALSE; - HINTERNET hSession = NULL, - hConnect = NULL, - hRequest = NULL; - - - // Find the hostname for the CA by looking in the registry - - USES_CONVERSION; - - // Use WinHttpOpen to obtain a session handle. - // We just use the o/s defined proxy settings - hSession = WinHttpOpen( L"Red Hat CS AutoEnrollment Proxy/0.1", //User Agent - WINHTTP_ACCESS_TYPE_DEFAULT_PROXY, - WINHTTP_NO_PROXY_NAME, - WINHTTP_NO_PROXY_BYPASS, - 0); // 0= synchronous - - // Specify an HTTP server. - if (hSession == NULL) { - r = -4; - goto loser; - } - debug("submit: after WinHttpOpen"); -// Install the status callback function. - - WINHTTP_STATUS_CALLBACK isCallback = WinHttpSetStatusCallback( hSession, - (WINHTTP_STATUS_CALLBACK)Callback, -// WINHTTP_CALLBACK_FLAG_ALL_NOTIFICATIONS |WINHTTP_CALLBACK_FLAG_SECURE_FAILURE, - WINHTTP_CALLBACK_FLAG_SECURE_FAILURE, - NULL); - - - hConnect = WinHttpConnect( hSession, A2W(hostname), - port, 0); - - // Create an HTTP Request handle. - if (hConnect == NULL) { - r = -5; - goto loser; - } - debug("submit: after WinHttpConnect"); - - hRequest = WinHttpOpenRequest( hConnect, L"POST", L"/ca/ee/ca/profileSubmitSSLClient", - NULL, WINHTTP_NO_REFERER, - WINHTTP_DEFAULT_ACCEPT_TYPES, - WINHTTP_FLAG_SECURE - ); - - // Set SSL Client Certificate to use - if (hRequest == NULL) { - r = -6; - goto loser; - } - debug("submit: after WinHttpOpenRequest"); - - r = setClientCertificate(hRequest, clientcertname); - debug("submit: setClientCertificate returned %lx",r); - if (FAILED(r)) { - r |= 0x8C05000; - goto loser; - } - debug("submit: after setClientCertificate"); - - char *req = buildRequestString(certrequest); - if (req == NULL) { - r = -9; - goto loser; - } - debug("submit: after buildRequestString (req length = %d)", strlen(req)); - - // Send a Request. - if (hRequest) { - bResults = WinHttpSendRequest( hRequest, - L"Content-Type: application/x-www-form-urlencoded", -1, - req, strlen(req), - strlen(req), 0); - if (!bResults) { - r = -7; - goto loser; - } - bResults = WinHttpReceiveResponse(hRequest, NULL); - if (!bResults) { - r = -8; - goto loser; - } - - } - - - - if (r = readHTTPResponse(hRequest,&response )) { - r |= 0x8C03000; - goto loser; - } - - char *c=NULL; - if (response != NULL) { - if (r = extractCertFromResponse(response, &c)) { - r |= 0x8C04000; - goto loser; - } else { - *cert = c; - //printf("returned certificate: %s\n",c); - } - - } - - - - - // Close any open handles. -loser: - if (r) { - if ((r & 0x8C000000) == 0x8C000000) { - // r was set in one of the subroutines - } else { - r |= 0x8C02000; // r was -1, -2, -3, etc... - } - - debug("submit: returning r=%lx\n",r); - - if (response) { free(response); } - if (cert) { free(cert); } - - if (hRequest) WinHttpCloseHandle(hRequest); - if (hConnect) WinHttpCloseHandle(hConnect); - if (hSession) WinHttpCloseHandle(hSession); - - } - - return r; -} - -void test_submit() -{ - char *c=NULL; - char *req = "-----BEGIN NEW CERTIFICATE REQUEST-----MIIDLzCCApgCAQAwHzEdMBsGA1UEAxMUYmFieXJ1dGguZXhhbXBsZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKTWQ0muj0iH6oM+ZvYN9mRfgg3I48GR0IOfX78JfLw6eg7BmWS/NFe0x03X7ts5lbDLhYusmavMBlryJ7v6/aZZp9RuEMlb7SV7m3zZGSZBrKZEQhC8ibfsRf31jXKJJkiuYR8XDl+7Txrlu68DSTM3+SoZKEyMG2cQOBHTqW/3AgMBAAGgggHOMBoGCisGAQQBgjcNAgMxDBYKNS4yLjM3OTAuMjBQBgkqhkiG9w0BCQ4xQzBBMB0GA1UdDgQWBBRxbsYJogSaIeyJRok4+lf12vdGLjATBgNVHSUEDDAKBggrBgEFBQcDATALBgNVHQ8EBAMCBaAwXgYJKwYBBAGCNxUUMVEwTwIBAQwpc3BhcmtpbnN3aW5kb3dzLnNwYXJraW5zLnNmYmF5LnJlZGhhdC5jb20MFlNQQVJLSU5TXEFkbWluaXN0cmF0b3IMB2NlcnRyZXEwgf0GCisGAQQBgjcNAgIxge4wgesCAQEeWgBNAGkAYwByAG8AcwBvAGYAdAAgAFIAUwBBACAAUwBDAGgAYQBuAG4AZQBsACAAQwByAHkAcAB0AG8AZwByAGEAcABoAGkAYwAgAFAAcgBvAHYAaQBkAGUAcgOBiQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMA0GCSqGSIb3DQEBBQUAA4GBAIk/LJXtwbQ7JfK! 7bEqGcx95VL5d74TadVwuORfLLn8kX4bcfIXuMu7beh1ay4RD3vD43i65OA6vTQ9qr6BMQU9tXvbT8gBWRZ0bntNlm53IeEm7Iwc925Fr39A1SYMU6isUauCF9BjPwNaz3uswUjynqd+/BVp8rDLdTzjW35k3-----END NEW CERTIFICATE REQUEST-----"; - LONG r=0; - - r = submitRequestToCA(req, &c); - printf("submit returned error: %lx\n", r); -} - - - -#ifdef SUBMIT_MAIN - -int APIENTRY WinMain(HINSTANCE i, HINSTANCE p, LPSTR cmdline, int cmdshow) -{ - - test_submit(); - - return 0; -} - -void main() -{ - - test_submit(); -} - -#endif - - - - - +/** BEGIN COPYRIGHT BLOCK + * END COPYRIGHT BLOCK */ + +#define _WIN32_DCOM + + +#include +#include +#include + +#include +#include +#include +#include +#include + +#include + +#include +#include + +#include +#include "csproxy.h" + +#include +#include +#include +#include +#include + +using namespace std; + + + +string urlencode(string s) +{ + string r; + string h = "0123456789abcdef"; + const char *before_encoding = s.c_str(); + for (unsigned int i=0;i> 4),1) + h.substr(c & 0x0f,1); + } + } + const char *after_encoding = r.c_str(); + return r; +} + +/* + * build a string, given a set of name/value pairs + * The caller is responsible for returning the returned string + */ +string buildRequestString(requestinfo *r) +{ + string s; + map &httpvars = r->httpvars; + for (map::iterator i = httpvars.begin(); + i!= httpvars.end(); ++i) { + + s += urlencode(i->first) + "=" + urlencode(i->second) + "&"; + } + return s; +} + + + + +/* This callback is called when an error is encountered during + * the HTTP transaction. + * TODO: expand the security status variable to meaningful english + */ + +void Callback ( + HINTERNET hInternet, + DWORD_PTR dwContext, + DWORD dwInternetStatus, + LPVOID lpvStatusInformation, + DWORD dwStatusInformationLength ) +{ + + debugt(LOG_D_DETAIL,"callback status type = %lx\n", dwInternetStatus); + + if (dwInternetStatus == WINHTTP_CALLBACK_STATUS_SECURE_FAILURE) { + DWORD status = * ((DWORD*)lpvStatusInformation); + + // Retrieve the application-specific context pointer + context *ctx; + DWORD ctx_size=sizeof(ctx); + WinHttpQueryOption(hInternet, WINHTTP_OPTION_CONTEXT_VALUE, + &ctx, &ctx_size ); + + string error = ""; + if (status & 0x01) error += "Certificate Revocation Check Failed. "; + if (status & 0x02) error += "Invalid Certificate. "; + if (status & 0x04) error += "Certificate Revoked. "; + if (status & 0x08) error += "Invalid CA. "; + if (status & 0x10) error += "Certificate CN (Common Name) invalid. "; + if (status & 0x20) error += "Certificate Date Invalid. "; + if (status & 0x40) error += "Wrong usage (key usage, extended key usage) for certificate. "; + + char *hostname = "UNKNOWN"; + DWORD port = 0; + if (ctx != NULL) { + cainfo *ca = ctx->selectedca; + if (ca != NULL) { + hostname = ctx->selectedca->host; + port = ctx->selectedca->port; + ctx->status = 1; + ctx->securitystatus = status; + } + } + + debugt(LOG_D_DETAIL,"Cannot create SSL connection to CA: %s:%d. " + "The analysis of the server certificate (and chain) reports: %lx (%s)." + "Note: Due to some as yet unidentified issue, this thread will crash, and " + "failover will not happen for this request.\n", + hostname, port, status, error.c_str()); + } + return; + +} + + + +/* + * Set the client certificate to use for this SSL socket. + */ +LONG setClientCertificate(HINTERNET hRequest, BYTE *clientcerthash, DWORD clientcerthash_size) +{ + debugt(LOG_D_FUNC,"setClientCertificate"); + LONG r=0; + /* + +When running as a service, I would prefer for the service to be able to access its +own certificate/key profile, but it doesn't seem to be able to do that by accessing +the 'MY' store. + + BOOL WINAPI CertEnumSystemStore( + DWORD dwFlags, + void* pvSystemStoreLocationPara, + void* pvArg, + PFN_CERT_ENUM_SYSTEM_STORE pfnEnum + ); + +Parameters +dwFlags +[in] Specifies the location of the system store. The following flag values are defined. +CERT_SYSTEM_STORE_CURRENT_USER +CERT_SYSTEM_STORE_CURRENT_SERVICE +*/ + + + + HCERTSTORE hMyStore = CertOpenSystemStore( 0, TEXT("MY") ); + if (hMyStore) { + CERT_ID c; + c.dwIdChoice = CERT_ID_SHA1_HASH; + c.HashId.cbData = clientcerthash_size; + c.HashId.pbData = clientcerthash; + PCCERT_CONTEXT pCertContext = + CertFindCertificateInStore( hMyStore, + X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, + 0, + CERT_FIND_CERT_ID, + &c, + NULL ); + if (pCertContext == NULL) { + debug("submit: could not find certificate with supplied hash."); + r = -1; + goto loser; + } + + WinHttpSetOption( hRequest, + WINHTTP_OPTION_CLIENT_CERT_CONTEXT, + (LPVOID) pCertContext, + sizeof(CERT_CONTEXT) ); + + // WinHttpSetOption will dup the cert, we can free it here. + CertFreeCertificateContext( pCertContext ); + } else { + r = -2; + goto loser; + } +loser: + return r; +} + +/* Read the response from the socket, and stuff it into a buffer + * The buffer is allocated by this function and it's the responsibility + * of the caller to free it. + */ +LONG readHTTPResponse(HINTERNET hRequest, string &s) +{ + debugt(LOG_D_FUNC,"readHTTPResponse"); + LONG r=0; + int index = 0; + int dwDownloaded=0; + int dwSize =0; + int buffersize = 100000; + char *response = (char*)malloc(buffersize); + response[0] = 0; + + do + { + // Check for available data. + if (!WinHttpQueryDataAvailable( hRequest, (LPDWORD) &dwSize)) { + r = -1; + goto loser; + } + debugt(LOG_D_DETAIL,"readHttpresponse2"); + if (index + dwSize > buffersize) { + debugt(LOG_D_DETAIL,"CA returned too much data."); + r = -2; + goto loser; + } + debugt(LOG_D_DETAIL,"readHttpresponse3"); + if (!WinHttpReadData( hRequest, (LPVOID)&response[index], dwSize, (LPDWORD)&dwDownloaded)) { + debugt(LOG_D_DETAIL,"Error %u in WinHttpReadData.\n", GetLastError()); + r = -3; + goto loser; + } + else { + index += dwDownloaded; + response[index] = 0; + } + } while (dwSize>0); + +loser: + if (r) { + s = ""; + debugt(LOG_D_DETAIL,"readHttpresponse: returned empty string"); + } else { + s = response; + debugt(LOG_D_DETAIL,"readHttpresponse: returned string len:%d",strlen(response)); + } + free(response); + + return r; +} + + +/* Get one line of data at a time + * This function will modify not only the content of the char array + * pointed to by *start, by replacing newlines with NULs, but also + * modify *start itself, making it advance to the position after the + * newline. This function can then be called once more to get the next + * line. + * Returns a pointer to a NUL terminated string - one line at a time. + * This function doesn't allocate any extra buffer, so the caller + * should not free the pointer it returns. + */ + + +char *readline(char **start) +{ + if (**start == 0) { + return NULL; + } + char *r = *start; + int i=0; + for (i=0;; i++) { + if ((*start)[i] == 0) { // this is the case where response terminates with + *start = (*start) + i; // no newline. the next pass will return a null + break; + } + if ((*start)[i] == '\n' ) { + (*start)[i] = 0; + *start = (*start) + i +1; // skip over null + break; + } + } + return r; +} + + +/* + * The interesting part of the response from the CA is a series + * of var x = "YYYY"; statements. + * This function returns the 'YYYY' part. + */ +string getvalue(string s) +{ + size_t beginquote = s.find("\""); + size_t endquote = s.find("\"",beginquote+1); + return s.substr(beginquote+1,endquote-beginquote-1); +} + +/* + * Remove the PEM headers so that just the base-64 cert is inside + */ +void removePEM(string &s) +{ + string BEGINMARKER("-----BEGIN CERTIFICATE-----"); + string ENDMARKER("-----END CERTIFICATE-----"); + + size_t end_of_beginmarker = BEGINMARKER.length(); + size_t start_of_endmarker = s.find(ENDMARKER); + + if (start_of_endmarker == string.npos) start_of_endmarker = 0; + + s = s.substr(end_of_beginmarker, start_of_endmarker-end_of_beginmarker); + +} + +/* + * Remove any newlines (which are represented as \r or \n) + */ + +void removenewlines(string &s) +{ + string r; + int escaping=0; + + size_t j = s.length(); + for (size_t i=0; i") != string.npos) { + goto loser; + } + if (line.find("errorReason") != string.npos) { + string s = getvalue(line); + debugt(LOG_D_DETAIL,"errorReason checking: error value = %s", s.c_str()); + if (s != "") { + debugt(LOG_D_DETAIL,"CA %s:%d returned the following error: %s", + selectedca->host, selectedca->port, s.c_str() + ); + errors.push_back( string("CA reported: ") + s ); + if (s == "Authentication Error") { + fatalerror = 1; + } + r=1; + goto loser; + } + } + } +loser: + return r; +} + +// returns 0 on success +LONG context::submitRequestToCA(string &cert, string& certchain) +{ + LONG r=0; + string req; + + char *c=NULL; + char *cchain=NULL; + + debugt(LOG_D_FUNC,"submitRequestToCA"); + + BOOL bResults = FALSE; + HINTERNET hSession = NULL, + hConnect = NULL, + hRequest = NULL; + + USES_CONVERSION; + + // Use WinHttpOpen to obtain a session handle. + // We just use the o/s defined proxy settings + hSession = WinHttpOpen( L"Red Hat CS Auto Enrollment Proxy/0.9.1", //User Agent + WINHTTP_ACCESS_TYPE_DEFAULT_PROXY, + WINHTTP_NO_PROXY_NAME, + WINHTTP_NO_PROXY_BYPASS, + 0); // 0= synchronous + + // Specify an HTTP server. + if (hSession == NULL) { + r = 4; + goto loser; + } + debugt(LOG_D_DETAIL,"submit: after WinHttpOpen"); + + hConnect = WinHttpConnect( hSession, A2W(selectedca->host), + (INTERNET_PORT)selectedca->port, 0); + + // Create an HTTP Request handle. + if (hConnect == NULL) { + r = 5; + goto loser; + } + debug("submit: after WinHttpConnect"); + + + wchar_t *url = L"/ca/profileSubmitSSLClient"; + + if ( (selectedca->catype == CATYPE_REDHAT_72) || + (selectedca->catype == CATYPE_REDHAT_73) ) { + url = L"/ca/ee/ca/profileSubmitSSLClient"; + } + + + hRequest = WinHttpOpenRequest( hConnect, L"POST", url, + NULL, WINHTTP_NO_REFERER, + WINHTTP_DEFAULT_ACCEPT_TYPES, + WINHTTP_FLAG_SECURE + ); + + // Set SSL Client Certificate to use + if (hRequest == NULL) { + r = 6; + goto loser; + } + debug("submit: after WinHttpOpenRequest"); + + r = setClientCertificate(hRequest, config->certhash, config->certhash_size); + debug("submit: setClientCertificate returned %lx",r); + if (FAILED(r)) { + r = (r &0xffff) | 0x8C050000; + goto loser; + } + debug("submit: after setClientCertificate"); + + req = buildRequestString(request); + if (req.length() == 0) { + r = 7; + goto loser; + } + debug("submit: after buildRequestString (req length = %d)", req.length()); + + //WinHttpSetOption(hSession, WINHTTP_OPTION_CONTEXT_VALUE, ctx, sizeof(ctx) ); + + + WINHTTP_STATUS_CALLBACK isCallback = WinHttpSetStatusCallback( hRequest, + (WINHTTP_STATUS_CALLBACK)Callback, + WINHTTP_CALLBACK_FLAG_SECURE_FAILURE, + NULL); + + + // Send a Request. + if (hRequest) { + const char *req_c = req.c_str(); + + bResults = WinHttpSendRequest( + hRequest, // HINTERNET hRequest, + L"Content-Type: application/x-www-form-urlencoded\r\n", + -1, // DWORD dwHeadersLength, + (void*)req_c, // LPVOID lpOptional (HTTP POST data) + (DWORD)strlen(req_c), // DWORD dwOptionalLength, + (DWORD)strlen(req_c), // DWORD dwTotalLength, + 0); // context pointer + + if (!bResults) { + r = GetLastError(); + r = (r &0xffff) | 0x8C060000; + goto loser; + } + bResults = WinHttpReceiveResponse(hRequest, NULL); + if (!bResults) { + r = GetLastError(); + r = 9; + goto loser; + } + } + + { + string response=""; + + if (r = readHTTPResponse(hRequest, response )) { + r = (r &0xffff) | 0x8C030000; + goto loser; + } + debug("readHTTPResponse returned %d",r); + + if (response.length() > 100) { + char *end=NULL; + if (r = extractCertFromResponse(response, cert, certchain)) { + debug("extractCertFromResponse returned %d",r); + r = (r &0xffff) | 0x8C040000; + goto loser; + } + } + } + + // Close any open handles. +loser: + if (r) { + if ((r & 0xFF000000) == 0x8C000000) { + // r was set in one of the subroutines + debug("submit: r was set in subr: r=%lx",r); + } else { + debug("submit: r: r=%d",r); + + r = (r &0xffff) | 0x8C020000; // r was -1, -2, -3, etc... + } + + debug("submit: returning r=%lx",r); + + } + + debug("submit: 1"); + + if (hRequest) WinHttpCloseHandle(hRequest); + + if (hConnect) WinHttpCloseHandle(hConnect); + + if (hSession) WinHttpCloseHandle(hSession); + + debug("submit: returning\n"); + return r; +} + +void test_submit() +{ + char *c=NULL; + char *req = "-----BEGIN NEW CERTIFICATE REQUEST-----MIIDLzCCApgCAQAwHzEdMBsGA1UEAxMUYmFieXJ1dGguZXhhbXBsZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKTWQ0muj0iH6oM+ZvYN9mRfgg3I48GR0IOfX78JfLw6eg7BmWS/NFe0x03X7ts5lbDLhYusmavMBlryJ7v6/aZZp9RuEMlb7SV7m3zZGSZBrKZEQhC8ibfsRf31jXKJJkiuYR8XDl+7Txrlu68DSTM3+SoZKEyMG2cQOBHTqW/3AgMBAAGgggHOMBoGCisGAQQBgjcNAgMxDBYKNS4yLjM3OTAuMjBQBgkqhkiG9w0BCQ4xQzBBMB0GA1UdDgQWBBRxbsYJogSaIeyJRok4+lf12vdGLjATBgNVHSUEDDAKBggrBgEFBQcDATALBgNVHQ8EBAMCBaAwXgYJKwYBBAGCNxUUMVEwTwIBAQwpc3BhcmtpbnN3aW5kb3dzLnNwYXJraW5zLnNmYmF5LnJlZGhhdC5jb20MFlNQQVJLSU5TXEFkbWluaXN0cmF0b3IMB2NlcnRyZXEwgf0GCisGAQQBgjcNAgIxge4wgesCAQEeWgBNAGkAYwByAG8AcwBvAGYAdAAgAFIAUwBBACAAUwBDAGgAYQBuAG4AZQBsACAAQwByAHkAcAB0AG8AZwByAGEAcABoAGkAYwAgAFAAcgBvAHYAaQBkAGUAcgOBiQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMA0GCSqGSIb3DQEBBQUAA4GBAIk/LJXtwbQ7JfK! 7bEqGcx95VL5d74TadVwuORfLLn8kX4bcfIXuMu7beh1ay4RD3vD43i65OA6vTQ9qr6BMQU9tXvbT8gBWRZ0bntNlm53IeEm7Iwc925Fr39A1SYMU6isUauCF9BjPwNaz3uswUjynqd+/BVp8rDLdTzjW35k3-----END NEW CERTIFICATE REQUEST-----"; + LONG r=0; + +// r = submitRequestToCA(req, &c, NULL,NULL,NULL); // this will break - must pass in vars as 4th arg + printf("submit returned error: %lx\n", r); +} + + + +void testmain() +{ + + test_submit(); +} + + + From fedora-directory-commits at redhat.com Tue Mar 13 01:36:12 2007 From: fedora-directory-commits at redhat.com (Steven W Parkinson (sparkins)) Date: Mon, 12 Mar 2007 21:36:12 -0400 Subject: [Fedora-directory-commits] windowsautoenroll aep.nsi, NONE, 1.1 windowsautoenroll.sln, NONE, 1.1 Message-ID: <200703130136.l2D1aCps024903@cvs-int.fedora.redhat.com> Author: sparkins Update of /cvs/dirsec/windowsautoenroll In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv24806 Added Files: aep.nsi windowsautoenroll.sln Log Message: 0.9.1: new since last release: running as a service, CA failover, support for ICertRequestD2 (IFDEFed), using C++ strings instead of char[], support for additional domain controllers in a forest, decoding PKCS#10 request to find Cert template name, installer, new base 64 decoder, profile mapper --- NEW FILE aep.nsi --- ; Generated NSIS script file (generated by makensitemplate.phtml 0.21) ; by 66.187.237.200 on Jul 09 06 @ 17:08 ; NOTE: this .NSI script is designed for NSIS v1.8+ Name "AEP" OutFile "aep-0.9.1-1.win32.i386.exe" ; Some default compiler settings (uncomment and change at will): ; SetCompress auto ; (can be off or force) ; SetDatablockOptimize on ; (can be off) ; CRCCheck on ; (can be off) ; AutoCloseWindow false ; (can be true for the window go away automatically at end) ; SetDateSave off ; (can be on to have files restored to their orginal date) InstallDir "$PROGRAMFILES\RHCSProxy" InstallDirRegKey HKEY_LOCAL_MACHINE "SOFTWARE\Red Hat\RHCSProxy" "" ; DirShow show ; (make this hide to not let the user change it) DirText "Select the directory to install RHCSProxy in:" !define BUILDTYPE "Release" #!define BUILDTYPE "Debug" Section "" ; (default section) SetOutPath "$INSTDIR" IfFileExists $SYSDIR\mscoree.dll dotnetpresent dotnetnotpresent dotnetnotpresent: MessageBox MB_OK "$SYSDIR\mscoree.dll not found. You must install the .NET 1.1 runtime before proceeding" Quit dotnetpresent: file /oname=$INSTDIR\rhcsproxy.exe "proxy\${BUILDTYPE}\rhcsproxy.exe" file /oname=$INSTDIR\messages.dll "proxy\${BUILDTYPE}\messages.dll" file /oname=$INSTDIR\panel.exe "panel\bin\${BUILDTYPE}\panel.exe" createDirectory "$SMPROGRAMS\Red Hat Auto Enrollment Proxy" createShortCut "$SMPROGRAMS\Red Hat Auto Enrollment Proxy\Auto Enrollment Proxy Options.lnk" "$INSTDIR\panel.exe" ; Uninstall stuff.. WriteRegStr HKEY_LOCAL_MACHINE "Software\Microsoft\Windows\CurrentVersion\Uninstall\RHCSProxy" "DisplayName" "RHCSProxy 0.9.1" WriteRegStr HKEY_LOCAL_MACHINE "Software\Microsoft\Windows\CurrentVersion\Uninstall\RHCSProxy" "UninstallString" '"$INSTDIR\uninst.exe"' WriteRegStr HKEY_LOCAL_MACHINE "Software\Microsoft\Windows\CurrentVersion\Uninstall\RHCSProxy" "Publisher" "Red Hat" WriteRegStr HKEY_LOCAL_MACHINE "Software\Microsoft\Windows\CurrentVersion\Uninstall\RHCSProxy" "URLInfoAbout" "http://directory.fedora.redhat.com/wiki/aep" WriteRegStr HKEY_LOCAL_MACHINE "Software\Microsoft\Windows\CurrentVersion\Uninstall\RHCSProxy" "DisplayVersion" "0.9.1" WriteRegDWORD HKEY_LOCAL_MACHINE "Software\Microsoft\Windows\CurrentVersion\Uninstall\RHCSProxy" "VersionMajor" 0 WriteRegDWORD HKEY_LOCAL_MACHINE "Software\Microsoft\Windows\CurrentVersion\Uninstall\RHCSProxy" "VersionMinor" 9 ; write out uninstaller WriteUninstaller "$INSTDIR\uninst.exe" ReadRegStr $1 HKEY_LOCAL_MACHINE "SOFTWARE\Red Hat\RHCSProxy" "" StrCmp $1 "" noexistingconfig existingconfig existingconfig: MessageBox MB_YESNO "Do you want to erase the existing configuration?" IDYES erase IDNO donterase noexistingconfig: erase: ;;;;;;;;;;;; COPIED FROM UNINSTALL SECTION BELOW DeleteRegKey HKEY_LOCAL_MACHINE "SOFTWARE\Red Hat\RHCSProxy" DeleteRegKey HKEY_CLASSES_ROOT "CLSID\{D99E6E74-FC88-11D0-B498-00A0C90312F3}" DeleteRegKey HKEY_CLASSES_ROOT "AppID\{D99E6E74-FC88-11D0-B498-00A0C90312F3}" DeleteRegKey HKEY_LOCAL_MACHINE "SYSTEM\CurrentControlSet\Services\Eventlog\Application" DeleteRegKey HKEY_LOCAL_MACHINE "SYSTEM\CurrentControlSet\Services\rhcsproxy" Exec "sc stop rhcsproxy" Exec "sc delete rhcsproxy" ;;;;;;;;;;;;;;; COPIED FROM UNINSTALL SECTION BELOW WriteRegStr HKEY_LOCAL_MACHINE "SOFTWARE\Red Hat\RHCSProxy" "" "$INSTDIR" WriteRegStr HKEY_LOCAL_MACHINE "SOFTWARE\Red Hat\RHCSProxy\Config" "RequestType" "PKCS10" WriteRegStr HKEY_LOCAL_MACHINE "SOFTWARE\Red Hat\RHCSProxy\Config" "LogOptions" "7" WriteRegDWORD HKEY_LOCAL_MACHINE "SOFTWARE\Red Hat\RHCSProxy\Config" "ICertRequestD2" 0x00 WriteRegDWORD HKEY_LOCAL_MACHINE "SOFTWARE\Red Hat\RHCSProxy\Config" "RetryInterval" 0x1e WriteRegStr HKEY_LOCAL_MACHINE "SOFTWARE\Red Hat\RHCSProxy\Config\CertificateAuthorities" "" "" WriteRegStr HKEY_LOCAL_MACHINE "SOFTWARE\Red Hat\RHCSProxy\Config\ProfileMap\WebServer" "CAProfileName" "caAgentServerCert" WriteRegStr HKEY_CLASSES_ROOT "CLSID\{D99E6E74-FC88-11D0-B498-00A0C90312F3}" "" "CertSrv Request" WriteRegStr HKEY_CLASSES_ROOT "CLSID\{D99E6E74-FC88-11D0-B498-00A0C90312F3}" "AppID" "{D99E6E74-FC88-11D0-B498-00A0C90312F3}" WriteRegStr HKEY_CLASSES_ROOT "CLSID\{D99E6E74-FC88-11D0-B498-00A0C90312F3}\LocalServer32" "" "$INSTDIR\rhcsproxy.exe" WriteRegStr HKEY_CLASSES_ROOT "CLSID\{D99E6E74-FC88-11D0-B498-00A0C90312F3}\ProgID" "" "CertSrv.Request.1" WriteRegStr HKEY_CLASSES_ROOT "CLSID\{D99E6E74-FC88-11D0-B498-00A0C90312F3}\VersionIndependentProgID" "" "CertSrv.Request" ; AppID entry describes how the imeplementation is run (what user to run as, permissions, ; whether to run as a service or not WriteRegStr HKEY_CLASSES_ROOT "AppID\{D99E6E74-FC88-11D0-B498-00A0C90312F3}" "" "Red Hat Auto Enrollment Proxy" WriteRegBin HKEY_CLASSES_ROOT "AppID\{D99E6E74-FC88-11D0-B498-00A0C90312F3}" "AccessPermission" 01000480340000005000000000000000140000000200200001000000000018000100000001010000000000010000000000000000010500000000000515000000a065cf7e784b9b5fe77c877036bb0000010500000000000515000000a065cf7e784b9b5fe77c877036bb0000 WriteRegBin HKEY_CLASSES_ROOT "AppID\{D99E6E74-FC88-11D0-B498-00A0C90312F3}" "LocalPermission" 01000480800000009c000000000000001400000002006c0004000000000018000100000001020000000000052000000020020000000024000100000001050000000000051500000024ba75ff215749d4762dbdcf540400000000140001000000010100000000000504000000000014000100000001010000000000051200000001050000000000051500000024ba75ff215749d4762dbdcff401000001050000000000051500000024ba75ff215749d4762dbdcf01020000 WriteRegStr HKEY_CLASSES_ROOT "AppID\{D99E6E74-FC88-11D0-B498-00A0C90312F3}" "LocalService" "rhcsproxy" ; 2= 'connect' WriteRegDWORD HKEY_CLASSES_ROOT "AppID\{D99E6E74-FC88-11D0-B498-00A0C90312F3}" "AuthenticationLevel" 0x2 ; Set up as a service ;WriteRegStr HKEY_CLASSES_ROOT "AppID\{D99E6E74-FC88-11D0-B498-00A0C90312F3}" "LocalServer" "rhcsproxy" ;WriteRegStr HKEY_LOCAL_MACHINE "SYSTEM\CurrentControlSet\Services\rhcsproxy" "DisplayName" "Red Hat Auto Enrollment Proxy" ;WriteRegStr HKEY_LOCAL_MACHINE "SYSTEM\CurrentControlSet\Services\rhcsproxy" "Description" "Forwards Certificate Requests from the domain to a Red Hat Certicate Authority" ;WriteRegStr HKEY_LOCAL_MACHINE "SYSTEM\CurrentControlSet\Services\rhcsproxy" "ImagePath" "$INSTDIR\rhcsproxy.exe" ;WriteRegDWORD HKEY_LOCAL_MACHINE "SYSTEM\CurrentControlSet\Services\rhcsproxy" "Start" 0x3 ;WriteRegDWORD HKEY_LOCAL_MACHINE "SYSTEM\CurrentControlSet\Services\rhcsproxy" "Type" 0x10 ;WriteRegDWORD HKEY_LOCAL_MACHINE "SYSTEM\CurrentControlSet\Services\rhcsproxy" "ErrorControl" 0x1 Exec 'sc create rhcsproxy start= demand type= own error= normal binPath= "$INSTDIR\rhcsproxy.exe -s" DisplayName= "Red Hat Auto Enrollment Proxy"' WriteRegStr HKEY_LOCAL_MACHINE "SYSTEM\CurrentControlSet\Services\rhcsproxy" "Description" "Forwards Certificate Requests from the domain to a Red Hat Certicate Authority" ; Event log messages WriteRegStr HKEY_LOCAL_MACHINE "SYSTEM\CurrentControlSet\Services\Eventlog\Application" "" "RHCSProxy" WriteRegStr HKEY_LOCAL_MACHINE "SYSTEM\CurrentControlSet\Services\Eventlog\Application\RHCSProxy" "EventMessageFile" "$INSTDIR\messages.dll" WriteRegDWORD HKEY_LOCAL_MACHINE "SYSTEM\CurrentControlSet\Services\Eventlog\Application\RHCSProxy" "TypesSupported" 0x0f donterase: SetDetailsView show DetailPrint "" DetailPrint "Installation Completed." DetailPrint "" DetailPrint "Be sure to choose the user the service will run as:" DetailPrint "In the services control panel, right click on 'Red Hat Auto Enrollment Proxy'" DetailPrint "service, select the Log On tab, and enter the user's credentials under" DetailPrint "'This account' (e.g. Administrator)" DetailPrint "" DetailPrint "Also, start dcomcnfg and change the run identity of the Red Hat" DetailPrint "Auto Enrollment Proxy DCOM component to match the service credentials." SectionEnd ; end of default section ; begin uninstall settings/section UninstallText "This will uninstall Red Hat Auto Enrollment Proxy from your system. All configuration will be erased." Section Uninstall ;;;;;;;;;;;;;;;;;;;;;;;;;;; COPY THIS INTO REMOVECONFIG SECTION ABOVE DeleteRegKey HKEY_LOCAL_MACHINE "SOFTWARE\Red Hat\RHCSProxy" DeleteRegKey HKEY_CLASSES_ROOT "CLSID\{D99E6E74-FC88-11D0-B498-00A0C90312F3}" DeleteRegKey HKEY_CLASSES_ROOT "AppID\{D99E6E74-FC88-11D0-B498-00A0C90312F3}" DeleteRegKey HKEY_LOCAL_MACHINE "SYSTEM\CurrentControlSet\Services\Eventlog\Application\RHCSProxy" DeleteRegKey HKEY_LOCAL_MACHINE "SYSTEM\CurrentControlSet\Services\rhcsproxy" Exec "sc stop rhcsproxy" Exec "sc delete rhcsproxy" ;;;;;;;;;;;;;;;;;;;;;;;;;;; end of cut and paste section Delete "$INSTDIR\uninst.exe" Delete "$INSTDIR\rhcsproxy.exe" Delete "$SMPROGRAMS\Red Hat Auto Enrollment Proxy\Auto Enrollment Proxy Options.lnk" Delete /REBOOTOK "$INSTDIR\messages.dll" Delete "$INSTDIR\ProxyPanel.exe" RMDir /REBOOTOK "$INSTDIR" DeleteRegKey HKEY_LOCAL_MACHINE "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RHCSProxy" RMDir "$INSTDIR" SectionEnd ; end of uninstall section ; eof --- NEW FILE windowsautoenroll.sln --- Microsoft Visual Studio Solution File, Format Version 8.00 Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "panel", "panel\panel.csproj", "{8BCDD8FE-11BC-4CC0-A66C-03DF9C746A91}" ProjectSection(ProjectDependencies) = postProject EndProjectSection EndProject Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "proxy", "proxy\proxy.vcproj", "{BCE7AE2E-C0C2-4B5A-B05C-02DF16CC9F70}" ProjectSection(ProjectDependencies) = postProject EndProjectSection EndProject Global GlobalSection(SolutionConfiguration) = preSolution Debug = Debug Release = Release EndGlobalSection GlobalSection(ProjectConfiguration) = postSolution {8BCDD8FE-11BC-4CC0-A66C-03DF9C746A91}.Debug.ActiveCfg = Debug|.NET {8BCDD8FE-11BC-4CC0-A66C-03DF9C746A91}.Debug.Build.0 = Debug|.NET {8BCDD8FE-11BC-4CC0-A66C-03DF9C746A91}.Release.ActiveCfg = Release|.NET {8BCDD8FE-11BC-4CC0-A66C-03DF9C746A91}.Release.Build.0 = Release|.NET {BCE7AE2E-C0C2-4B5A-B05C-02DF16CC9F70}.Debug.ActiveCfg = Debug|Win32 {BCE7AE2E-C0C2-4B5A-B05C-02DF16CC9F70}.Debug.Build.0 = Debug|Win32 {BCE7AE2E-C0C2-4B5A-B05C-02DF16CC9F70}.Release.ActiveCfg = Release|Win32 {BCE7AE2E-C0C2-4B5A-B05C-02DF16CC9F70}.Release.Build.0 = Release|Win32 EndGlobalSection GlobalSection(ExtensibilityGlobals) = postSolution EndGlobalSection GlobalSection(ExtensibilityAddIns) = postSolution EndGlobalSection EndGlobal From fedora-directory-commits at redhat.com Tue Mar 13 01:36:12 2007 From: fedora-directory-commits at redhat.com (Steven W Parkinson (sparkins)) Date: Mon, 12 Mar 2007 21:36:12 -0400 Subject: [Fedora-directory-commits] windowsautoenroll/panel AssemblyInfo.cs, NONE, 1.1 ProxyPanel.cs, 1.2, 1.3 ProxyPanel.resx, NONE, 1.1 WinCapi.cs, NONE, 1.1 cert.ico, NONE, 1.1 panel.csproj, NONE, 1.1 panel.csproj.user, NONE, 1.1 Message-ID: <200703130136.l2D1aCSl024909@cvs-int.fedora.redhat.com> Author: sparkins Update of /cvs/dirsec/windowsautoenroll/panel In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv24806/panel Added Files: AssemblyInfo.cs ProxyPanel.cs ProxyPanel.resx WinCapi.cs cert.ico panel.csproj panel.csproj.user Log Message: 0.9.1: new since last release: running as a service, CA failover, support for ICertRequestD2 (IFDEFed), using C++ strings instead of char[], support for additional domain controllers in a forest, decoding PKCS#10 request to find Cert template name, installer, new base 64 decoder, profile mapper --- NEW FILE AssemblyInfo.cs --- using System.Reflection; using System.Runtime.CompilerServices; // // General Information about an assembly is controlled through the following // set of attributes. Change these attribute values to modify the information // associated with an assembly. // [assembly: AssemblyTitle("Certificate System Auto Enrollment Proxy")] [assembly: AssemblyDescription("")] [assembly: AssemblyConfiguration("")] [assembly: AssemblyCompany("Red Hat")] [assembly: AssemblyProduct("Auto Enrollment Proxy")] [assembly: AssemblyCopyright("")] [assembly: AssemblyTrademark("")] [assembly: AssemblyCulture("")] // // Version information for an assembly consists of the following four values: // // Major Version // Minor Version // Build Number // Revision // // You can specify all the values or you can default the Revision and Build Numbers // by using the '*' as shown below: [assembly: AssemblyVersion("1.0.*")] // // In order to sign your assembly you must specify a key to use. Refer to the // Microsoft .NET Framework documentation for more information on assembly signing. // // Use the attributes below to control which key is used for signing. // // Notes: // (*) If no key is specified, the assembly is not signed. // (*) KeyName refers to a key that has been installed in the Crypto Service // Provider (CSP) on your machine. KeyFile refers to a file which contains // a key. // (*) If the KeyFile and the KeyName values are both specified, the // following processing occurs: // (1) If the KeyName can be found in the CSP, that key is used. // (2) If the KeyName does not exist and the KeyFile does exist, the key // in the KeyFile is installed into the CSP and used. // (*) In order to create a KeyFile, you can use the sn.exe (Strong Name) utility. // When specifying the KeyFile, the location of the KeyFile should be // relative to the project output directory which is // %Project Directory%\obj\. For example, if your KeyFile is // located in the project directory, you would specify the AssemblyKeyFile // attribute as [assembly: AssemblyKeyFile("..\\..\\mykey.snk")] // (*) Delay Signing is an advanced option - see the Microsoft .NET Framework // documentation for more information on this. // [assembly: AssemblyDelaySign(false)] [assembly: AssemblyKeyFile("")] [assembly: AssemblyKeyName("")] Index: ProxyPanel.cs =================================================================== RCS file: ProxyPanel.cs diff -N ProxyPanel.cs --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ ProxyPanel.cs 13 Mar 2007 01:36:10 -0000 1.3 @@ -0,0 +1,1369 @@ +using System; +using System.Drawing; +using System.Collections; +using System.ComponentModel; +using System.Windows.Forms; +using System.IO; +using System.Data; +using System.DirectoryServices; +using System.Net; +using System.Security.Cryptography; +using System.Security.Cryptography.X509Certificates; +using Microsoft.Win32; +using System.Diagnostics; +//using ActiveDs; + + + + +namespace ProxyPanel +{ + /// + /// Summary description for ProxyPanel. + /// + + public class ProxyPanel : System.Windows.Forms.Form + { + private System.Windows.Forms.TabPage caconfig; + private System.Windows.Forms.TabPage debug; + private System.Windows.Forms.TextBox hosttextbox; + private System.Windows.Forms.TextBox porttextbox; + private System.Windows.Forms.GroupBox groupBox1; + private System.Windows.Forms.GroupBox groupBox2; + private System.Windows.Forms.GroupBox groupBox3; + private System.Windows.Forms.RadioButton pkcs10; + private System.Windows.Forms.RadioButton cmc; + private System.Windows.Forms.GroupBox groupBox4; + private System.Windows.Forms.Button apply; + private System.Windows.Forms.Button cancel; + private System.Windows.Forms.Button help; + private System.Windows.Forms.Button populateLDAP; + private System.Windows.Forms.TabControl caCertificateTab; + private System.Windows.Forms.TabPage caCertificatePanel; + private System.Windows.Forms.TextBox certtextbox; + + private System.Windows.Forms.Label label1; + private System.Windows.Forms.Label label2; + private System.Windows.Forms.Label label4; + + private byte[] cacertificate_bin = null; + private byte[] config_clientCertificate = null; + private bool config_calistchanged = false; + private bool config_cacertificate = false; + + private CertIdentifier[] cids = null; + private System.Windows.Forms.ComboBox clientCertSelection; + private System.Windows.Forms.Button removeca; + private System.Windows.Forms.Button addca; + private System.Windows.Forms.ListView calist; + private System.Windows.Forms.ColumnHeader Host; + private System.Windows.Forms.ColumnHeader Port; + private System.Windows.Forms.TabPage adpanel; + private System.Windows.Forms.TabPage about; + private System.Windows.Forms.TextBox caname; + private System.Windows.Forms.Button setcacert; + private System.Windows.Forms.Label label3; + private System.Windows.Forms.Label label6; + private System.Windows.Forms.Label label7; + + private string begincertificate_str = "-----BEGIN CERTIFICATE-----"; + private string endcertificate_str = "-----END CERTIFICATE-----"; + private System.Windows.Forms.TextBox dslog; + private System.Windows.Forms.Label label8; + private System.Windows.Forms.CheckBox overwrite; + private System.Windows.Forms.Label label10; + private System.Windows.Forms.Label label9; + private System.Windows.Forms.Label label11; + private System.Windows.Forms.Button launchEventViewer; + private System.Windows.Forms.CheckBox log_d_detail; + private System.Windows.Forms.CheckBox log_d_func; + private System.Windows.Forms.CheckBox log_d_ca; + private System.Windows.Forms.CheckBox log_d_config; + private System.Windows.Forms.CheckBox log_d_com; + private System.Windows.Forms.CheckBox log_cert; + private System.Windows.Forms.CheckBox log_req; + private System.Windows.Forms.OpenFileDialog openFileDialog1; + private System.Windows.Forms.Label label12; + private System.Windows.Forms.Button load; + private System.Windows.Forms.Label label5; + private System.Windows.Forms.ComboBox catypecombobox; + private System.Windows.Forms.ColumnHeader CAType; + private System.Windows.Forms.CheckBox log_misc; + private System.Windows.Forms.LinkLabel linkLabel1; + + /// + /// Required designer variable. + /// + private System.ComponentModel.Container components = null; + + public ProxyPanel() + { + // + // Required for Windows Form Designer support + // + + + InitializeComponent(); + try + { + initializeClientCertUI(); + + getCAListRegistry(); + getCACertRegistry(); + getLogOptionsRegistry(); + } + catch (Exception e) + { + MessageBox.Show("Error in initialization. Continue? " + + e.StackTrace, "Alert", MessageBoxButtons.OKCancel); + } + + } + + private void initializeClientCertUI() + { + populateClientCertificates(); + + // Add list of client certs to drop-down + addCertsToComboBox(); + + // Read current cert selection from registry and + // figure out which one to select in the drop-down + getClientCertRegistryConfig(); + } + + private void populateClientCertificates() + { + WinCapi wc = new WinCapi(); + cids = wc.getMyCertNames(); + + } + + /// + /// Clean up any resources being used. + /// + protected override void Dispose( bool disposing ) + { + if( disposing ) + { + if (components != null) + { + components.Dispose(); + } + } + base.Dispose( disposing ); + } + + #region Windows Form Designer generated code + /// + /// Required method for Designer support - do not modify + /// the contents of this method with the code editor. + /// + private void InitializeComponent() + { + System.Resources.ResourceManager resources = new System.Resources.ResourceManager(typeof(ProxyPanel)); + this.caCertificateTab = new System.Windows.Forms.TabControl(); + this.about = new System.Windows.Forms.TabPage(); + this.linkLabel1 = new System.Windows.Forms.LinkLabel(); + this.label7 = new System.Windows.Forms.Label(); + this.label6 = new System.Windows.Forms.Label(); + this.label3 = new System.Windows.Forms.Label(); + this.caCertificatePanel = new System.Windows.Forms.TabPage(); + this.load = new System.Windows.Forms.Button(); + this.label12 = new System.Windows.Forms.Label(); + this.setcacert = new System.Windows.Forms.Button(); + this.caname = new System.Windows.Forms.TextBox(); + this.certtextbox = new System.Windows.Forms.TextBox(); + this.adpanel = new System.Windows.Forms.TabPage(); + this.groupBox4 = new System.Windows.Forms.GroupBox(); + this.overwrite = new System.Windows.Forms.CheckBox(); + this.label8 = new System.Windows.Forms.Label(); + this.dslog = new System.Windows.Forms.TextBox(); + this.label4 = new System.Windows.Forms.Label(); + this.populateLDAP = new System.Windows.Forms.Button(); + this.caconfig = new System.Windows.Forms.TabPage(); + this.label5 = new System.Windows.Forms.Label(); + this.groupBox3 = new System.Windows.Forms.GroupBox(); + this.cmc = new System.Windows.Forms.RadioButton(); + this.pkcs10 = new System.Windows.Forms.RadioButton(); + this.groupBox2 = new System.Windows.Forms.GroupBox(); + this.clientCertSelection = new System.Windows.Forms.ComboBox(); + this.label2 = new System.Windows.Forms.Label(); + this.porttextbox = new System.Windows.Forms.TextBox(); + this.label1 = new System.Windows.Forms.Label(); + this.hosttextbox = new System.Windows.Forms.TextBox(); + this.removeca = new System.Windows.Forms.Button(); + this.addca = new System.Windows.Forms.Button(); + this.calist = new System.Windows.Forms.ListView(); + this.Host = new System.Windows.Forms.ColumnHeader(); + this.Port = new System.Windows.Forms.ColumnHeader(); + this.CAType = new System.Windows.Forms.ColumnHeader(); + this.groupBox1 = new System.Windows.Forms.GroupBox(); + this.catypecombobox = new System.Windows.Forms.ComboBox(); + this.debug = new System.Windows.Forms.TabPage(); + this.log_misc = new System.Windows.Forms.CheckBox(); + this.log_d_detail = new System.Windows.Forms.CheckBox(); + this.log_d_func = new System.Windows.Forms.CheckBox(); + this.log_d_ca = new System.Windows.Forms.CheckBox(); + this.log_d_config = new System.Windows.Forms.CheckBox(); + this.log_d_com = new System.Windows.Forms.CheckBox(); + this.launchEventViewer = new System.Windows.Forms.Button(); + this.label11 = new System.Windows.Forms.Label(); + this.label10 = new System.Windows.Forms.Label(); + this.log_cert = new System.Windows.Forms.CheckBox(); + this.log_req = new System.Windows.Forms.CheckBox(); + this.label9 = new System.Windows.Forms.Label(); + this.apply = new System.Windows.Forms.Button(); + this.cancel = new System.Windows.Forms.Button(); + this.help = new System.Windows.Forms.Button(); + this.openFileDialog1 = new System.Windows.Forms.OpenFileDialog(); + this.caCertificateTab.SuspendLayout(); + this.about.SuspendLayout(); + this.caCertificatePanel.SuspendLayout(); + this.adpanel.SuspendLayout(); + this.groupBox4.SuspendLayout(); + this.caconfig.SuspendLayout(); + this.groupBox3.SuspendLayout(); + this.groupBox2.SuspendLayout(); + this.groupBox1.SuspendLayout(); + this.debug.SuspendLayout(); + this.SuspendLayout(); + // + // caCertificateTab + // + this.caCertificateTab.Controls.Add(this.about); + this.caCertificateTab.Controls.Add(this.caCertificatePanel); + this.caCertificateTab.Controls.Add(this.adpanel); + this.caCertificateTab.Controls.Add(this.caconfig); + this.caCertificateTab.Controls.Add(this.debug); + this.caCertificateTab.Dock = System.Windows.Forms.DockStyle.Fill; + this.caCertificateTab.Location = new System.Drawing.Point(0, 0); + this.caCertificateTab.Name = "caCertificateTab"; + this.caCertificateTab.SelectedIndex = 0; + this.caCertificateTab.Size = new System.Drawing.Size(488, 421); + this.caCertificateTab.SizeMode = System.Windows.Forms.TabSizeMode.FillToRight; + this.caCertificateTab.TabIndex = 0; + // + // about + // + this.about.Controls.Add(this.linkLabel1); + this.about.Controls.Add(this.label7); + this.about.Controls.Add(this.label6); + this.about.Controls.Add(this.label3); + this.about.Location = new System.Drawing.Point(4, 22); + this.about.Name = "about"; + this.about.Size = new System.Drawing.Size(480, 395); + this.about.TabIndex = 6; + this.about.Text = "About"; + // + // linkLabel1 + // + this.linkLabel1.Location = new System.Drawing.Point(24, 96); + this.linkLabel1.Name = "linkLabel1"; + this.linkLabel1.Size = new System.Drawing.Size(312, 23); + this.linkLabel1.TabIndex = 5; + this.linkLabel1.TabStop = true; + this.linkLabel1.Text = "http://directory.fedora.redhat.com/wiki/aep"; + // + // label7 + // + this.label7.Location = new System.Drawing.Point(24, 72); + this.label7.Name = "label7"; + this.label7.Size = new System.Drawing.Size(320, 23); + this.label7.TabIndex = 3; + this.label7.Text = "Version 0.9.1, March 8 , 2007"; + this.label7.Click += new System.EventHandler(this.label7_Click); + // + // label6 + // + this.label6.Location = new System.Drawing.Point(24, 48); + this.label6.Name = "label6"; + this.label6.Size = new System.Drawing.Size(320, 23); + this.label6.TabIndex = 2; + this.label6.Text = "Auto Enrollment Proxy Control Panel"; + // + // label3 + // + this.label3.Font = new System.Drawing.Font("Microsoft Sans Serif", 12F, System.Drawing.FontStyle.Underline, System.Drawing.GraphicsUnit.Point, ((System.Byte)(0))); + this.label3.Location = new System.Drawing.Point(16, 16); + this.label3.Name = "label3"; + this.label3.Size = new System.Drawing.Size(328, 24); + this.label3.TabIndex = 0; + this.label3.Text = "Auto Enrollment Proxy"; + // + // caCertificatePanel + // + this.caCertificatePanel.Controls.Add(this.load); + this.caCertificatePanel.Controls.Add(this.label12); + this.caCertificatePanel.Controls.Add(this.setcacert); + this.caCertificatePanel.Controls.Add(this.caname); + this.caCertificatePanel.Controls.Add(this.certtextbox); + this.caCertificatePanel.Location = new System.Drawing.Point(4, 22); + this.caCertificatePanel.Name = "caCertificatePanel"; + this.caCertificatePanel.Size = new System.Drawing.Size(480, 395); + this.caCertificatePanel.TabIndex = 5; + this.caCertificatePanel.Text = "CA Certificate"; + // + // load + // + this.load.Location = new System.Drawing.Point(16, 24); + this.load.Name = "load"; + this.load.Size = new System.Drawing.Size(96, 23); + this.load.TabIndex = 5; + this.load.Text = "Load From File"; + this.load.Click += new System.EventHandler(this.load_Click); + // + // label12 + // + this.label12.Location = new System.Drawing.Point(16, 320); + this.label12.Name = "label12"; + this.label12.Size = new System.Drawing.Size(72, 23); + this.label12.TabIndex = 4; + this.label12.Text = "CA Name"; + // + // setcacert + // + this.setcacert.Location = new System.Drawing.Point(16, 280); + this.setcacert.Name = "setcacert"; + this.setcacert.Size = new System.Drawing.Size(96, 23); + this.setcacert.TabIndex = 3; + this.setcacert.Text = "Set"; + this.setcacert.Click += new System.EventHandler(this.setcacert_Click); + // + // caname + // + this.caname.Location = new System.Drawing.Point(96, 320); + this.caname.Name = "caname"; + this.caname.ReadOnly = true; + this.caname.Size = new System.Drawing.Size(352, 20); + this.caname.TabIndex = 1; + this.caname.Text = ""; + // + // certtextbox + // + this.certtextbox.Font = new System.Drawing.Font("Courier New", 8.25F, System.Drawing.FontStyle.Regular, System.Drawing.GraphicsUnit.Point, ((System.Byte)(0))); + this.certtextbox.Location = new System.Drawing.Point(16, 64); + this.certtextbox.Multiline = true; + this.certtextbox.Name = "certtextbox"; + this.certtextbox.ScrollBars = System.Windows.Forms.ScrollBars.Vertical; + this.certtextbox.Size = new System.Drawing.Size(432, 208); + this.certtextbox.TabIndex = 0; + this.certtextbox.Text = ""; + // + // adpanel + // + this.adpanel.AutoScroll = true; + this.adpanel.Controls.Add(this.groupBox4); + this.adpanel.Location = new System.Drawing.Point(4, 22); + this.adpanel.Name = "adpanel"; + this.adpanel.Size = new System.Drawing.Size(480, 395); + this.adpanel.TabIndex = 0; + this.adpanel.Text = "Active Directory"; + // + // groupBox4 + // + this.groupBox4.Controls.Add(this.overwrite); + this.groupBox4.Controls.Add(this.label8); + this.groupBox4.Controls.Add(this.dslog); + this.groupBox4.Controls.Add(this.label4); + this.groupBox4.Controls.Add(this.populateLDAP); + this.groupBox4.Location = new System.Drawing.Point(8, 8); + this.groupBox4.Name = "groupBox4"; + this.groupBox4.Size = new System.Drawing.Size(448, 304); + this.groupBox4.TabIndex = 0; + this.groupBox4.TabStop = false; + this.groupBox4.Text = "Active Directory Setup"; + // + // overwrite + // + this.overwrite.Location = new System.Drawing.Point(168, 64); + this.overwrite.Name = "overwrite"; + this.overwrite.Size = new System.Drawing.Size(160, 24); + this.overwrite.TabIndex = 4; + this.overwrite.Text = "Overwrite existing settings"; + // + // label8 + // + this.label8.Location = new System.Drawing.Point(40, 104); + this.label8.Name = "label8"; + this.label8.Size = new System.Drawing.Size(100, 16); + this.label8.TabIndex = 3; + this.label8.Text = "Log:"; + // + // dslog + // + this.dslog.Location = new System.Drawing.Point(32, 120); + this.dslog.Multiline = true; + this.dslog.Name = "dslog"; + this.dslog.ScrollBars = System.Windows.Forms.ScrollBars.Vertical; + this.dslog.Size = new System.Drawing.Size(384, 152); + this.dslog.TabIndex = 2; + this.dslog.Text = ""; + // + // label4 + // + this.label4.Location = new System.Drawing.Point(168, 40); + this.label4.Name = "label4"; + this.label4.Size = new System.Drawing.Size(248, 23); + this.label4.TabIndex = 1; + this.label4.Text = "Populate AD with CA service settings"; + // + // populateLDAP + // + this.populateLDAP.CausesValidation = false; + this.populateLDAP.Enabled = false; + this.populateLDAP.Location = new System.Drawing.Point(32, 40); + this.populateLDAP.Name = "populateLDAP"; + this.populateLDAP.Size = new System.Drawing.Size(112, 23); + this.populateLDAP.TabIndex = 0; + this.populateLDAP.Text = "Populate AD"; + this.populateLDAP.Click += new System.EventHandler(this.populateLDAP_Click); + // + // caconfig + // + this.caconfig.Controls.Add(this.label5); + this.caconfig.Controls.Add(this.groupBox3); + this.caconfig.Controls.Add(this.groupBox2); + this.caconfig.Controls.Add(this.label2); + this.caconfig.Controls.Add(this.porttextbox); + this.caconfig.Controls.Add(this.label1); + this.caconfig.Controls.Add(this.hosttextbox); + this.caconfig.Controls.Add(this.removeca); + this.caconfig.Controls.Add(this.addca); + this.caconfig.Controls.Add(this.calist); + this.caconfig.Controls.Add(this.groupBox1); + this.caconfig.Location = new System.Drawing.Point(4, 22); + this.caconfig.Name = "caconfig"; + this.caconfig.Size = new System.Drawing.Size(480, 395); + this.caconfig.TabIndex = 1; + this.caconfig.Text = "CA Connection"; + // + // label5 + // + this.label5.Location = new System.Drawing.Point(256, 88); + this.label5.Name = "label5"; + this.label5.Size = new System.Drawing.Size(56, 16); + this.label5.TabIndex = 10; + this.label5.Text = "CA Type:"; + // + // groupBox3 + // + this.groupBox3.Controls.Add(this.cmc); + this.groupBox3.Controls.Add(this.pkcs10); + this.groupBox3.Location = new System.Drawing.Point(8, 240); + this.groupBox3.Name = "groupBox3"; + this.groupBox3.Size = new System.Drawing.Size(448, 88); + this.groupBox3.TabIndex = 9; + this.groupBox3.TabStop = false; + this.groupBox3.Text = "Request Submission"; + this.groupBox3.Visible = false; + // + // cmc + // + this.cmc.Enabled = false; + this.cmc.Location = new System.Drawing.Point(32, 48); + this.cmc.Name = "cmc"; + this.cmc.Size = new System.Drawing.Size(336, 24); + this.cmc.TabIndex = 7; + this.cmc.Text = "Encapsulate PKCS#10 request in signed CMC request"; + this.cmc.Visible = false; + // + // pkcs10 + // + this.pkcs10.Checked = true; + this.pkcs10.Location = new System.Drawing.Point(32, 24); + this.pkcs10.Name = "pkcs10"; + this.pkcs10.Size = new System.Drawing.Size(344, 24); + this.pkcs10.TabIndex = 6; + this.pkcs10.TabStop = true; + this.pkcs10.Text = "Forward original PKCS#10 request over SSL w/Client Auth"; + this.pkcs10.Visible = false; + // + // groupBox2 + // + this.groupBox2.Controls.Add(this.clientCertSelection); + this.groupBox2.Location = new System.Drawing.Point(8, 160); + this.groupBox2.Name = "groupBox2"; + this.groupBox2.Size = new System.Drawing.Size(448, 64); + this.groupBox2.TabIndex = 8; + this.groupBox2.TabStop = false; + this.groupBox2.Text = "Authentication to CA - Choose SSL Client Certificate"; + // + // clientCertSelection + // + this.clientCertSelection.DropDownStyle = System.Windows.Forms.ComboBoxStyle.DropDownList; + this.clientCertSelection.Location = new System.Drawing.Point(16, 24); + this.clientCertSelection.Name = "clientCertSelection"; + this.clientCertSelection.Size = new System.Drawing.Size(416, 21); + this.clientCertSelection.TabIndex = 1; + this.clientCertSelection.SelectionChangeCommitted += new System.EventHandler(this.change_Certificate); + // + // label2 + // + this.label2.Location = new System.Drawing.Point(256, 64); + this.label2.Name = "label2"; + this.label2.Size = new System.Drawing.Size(32, 16); + this.label2.TabIndex = 0; + this.label2.Text = "Port:"; + // + // porttextbox + // + this.porttextbox.Location = new System.Drawing.Point(320, 64); + this.porttextbox.Name = "porttextbox"; + this.porttextbox.Size = new System.Drawing.Size(64, 20); + this.porttextbox.TabIndex = 2; + this.porttextbox.Text = ""; + // + // label1 + // + this.label1.Location = new System.Drawing.Point(256, 40); + this.label1.Name = "label1"; + this.label1.Size = new System.Drawing.Size(32, 16); + this.label1.TabIndex = 0; + this.label1.Text = "Host:"; + // + // hosttextbox + // + this.hosttextbox.Location = new System.Drawing.Point(320, 40); + this.hosttextbox.Name = "hosttextbox"; + this.hosttextbox.Size = new System.Drawing.Size(120, 20); + this.hosttextbox.TabIndex = 1; + this.hosttextbox.Text = ""; + // + // removeca + // + this.removeca.Location = new System.Drawing.Point(368, 120); + this.removeca.Name = "removeca"; + this.removeca.TabIndex = 4; + this.removeca.Text = "Remove CA"; + this.removeca.Click += new System.EventHandler(this.removeca_Click); + // + // addca + // + this.addca.Location = new System.Drawing.Point(272, 120); + this.addca.Name = "addca"; + this.addca.TabIndex = 3; + this.addca.Text = "Add CA"; + this.addca.Click += new System.EventHandler(this.addca_Click); + // + // calist + // + this.calist.Columns.AddRange(new System.Windows.Forms.ColumnHeader[] { + this.Host, + this.Port, + this.CAType}); + this.calist.HeaderStyle = System.Windows.Forms.ColumnHeaderStyle.Nonclickable; + this.calist.Location = new System.Drawing.Point(16, 32); + this.calist.MultiSelect = false; + this.calist.Name = "calist"; + this.calist.Size = new System.Drawing.Size(232, 112); + this.calist.TabIndex = 0; + this.calist.View = System.Windows.Forms.View.Details; + // + // Host + // + this.Host.Text = "Host"; + this.Host.Width = 106; + // + // Port + // + this.Port.Text = "Port"; + this.Port.Width = 37; + // + // CAType + // + this.CAType.Text = "CA Type"; + // + // groupBox1 + // + this.groupBox1.Controls.Add(this.catypecombobox); + this.groupBox1.Location = new System.Drawing.Point(8, 16); + this.groupBox1.Name = "groupBox1"; + this.groupBox1.Size = new System.Drawing.Size(448, 136); + this.groupBox1.TabIndex = 7; + this.groupBox1.TabStop = false; + this.groupBox1.Text = "CA Connection Pool"; + // + // catypecombobox + // + this.catypecombobox.DropDownStyle = System.Windows.Forms.ComboBoxStyle.DropDownList; + this.catypecombobox.Items.AddRange(new object[] { + "Netscape CMS 6.1 or earlier", + "Red Hat CS 7.1", + "Red Hat CS 7.2"}); + this.catypecombobox.Location = new System.Drawing.Point(312, 72); + this.catypecombobox.Name = "catypecombobox"; + this.catypecombobox.Size = new System.Drawing.Size(121, 21); + this.catypecombobox.TabIndex = 0; + // + // debug + // + this.debug.Controls.Add(this.log_misc); + this.debug.Controls.Add(this.log_d_detail); + this.debug.Controls.Add(this.log_d_func); + this.debug.Controls.Add(this.log_d_ca); + this.debug.Controls.Add(this.log_d_config); + this.debug.Controls.Add(this.log_d_com); + this.debug.Controls.Add(this.launchEventViewer); + this.debug.Controls.Add(this.label11); + this.debug.Controls.Add(this.label10); + this.debug.Controls.Add(this.log_cert); + this.debug.Controls.Add(this.log_req); + this.debug.Controls.Add(this.label9); + this.debug.Location = new System.Drawing.Point(4, 22); + this.debug.Name = "debug"; + this.debug.Size = new System.Drawing.Size(480, 395); + this.debug.TabIndex = 2; + this.debug.Text = "Logging"; + // + // log_misc + // + this.log_misc.Location = new System.Drawing.Point(224, 48); + this.log_misc.Name = "log_misc"; + this.log_misc.Size = new System.Drawing.Size(152, 24); + this.log_misc.TabIndex = 14; + this.log_misc.Text = "Miscellaneous"; + // + // log_d_detail + // + this.log_d_detail.Location = new System.Drawing.Point(224, 192); + this.log_d_detail.Name = "log_d_detail"; + this.log_d_detail.Size = new System.Drawing.Size(160, 24); + this.log_d_detail.TabIndex = 13; + this.log_d_detail.Text = "Extra detail"; + // + // log_d_func + // + this.log_d_func.Location = new System.Drawing.Point(224, 160); + this.log_d_func.Name = "log_d_func"; + this.log_d_func.Size = new System.Drawing.Size(160, 24); + this.log_d_func.TabIndex = 12; + this.log_d_func.Text = "Function call entry/exit"; + // + // log_d_ca + // + this.log_d_ca.Location = new System.Drawing.Point(48, 224); + this.log_d_ca.Name = "log_d_ca"; + this.log_d_ca.Size = new System.Drawing.Size(160, 24); + this.log_d_ca.TabIndex = 11; + this.log_d_ca.Text = "CA Communication"; + // + // log_d_config + // + this.log_d_config.Location = new System.Drawing.Point(48, 192); + this.log_d_config.Name = "log_d_config"; + this.log_d_config.Size = new System.Drawing.Size(160, 24); + this.log_d_config.TabIndex = 10; + this.log_d_config.Text = "Configuration / Registry"; + // + // log_d_com + // + this.log_d_com.Location = new System.Drawing.Point(48, 160); + this.log_d_com.Name = "log_d_com"; + this.log_d_com.Size = new System.Drawing.Size(160, 24); + this.log_d_com.TabIndex = 9; + this.log_d_com.Text = "COM / DCOM"; + // + // launchEventViewer + // + this.launchEventViewer.Location = new System.Drawing.Point(304, 280); + this.launchEventViewer.Name = "launchEventViewer"; + this.launchEventViewer.Size = new System.Drawing.Size(128, 23); + this.launchEventViewer.TabIndex = 8; + this.launchEventViewer.Text = "Launch Event Viewer"; + this.launchEventViewer.Click += new System.EventHandler(this.launchEventViewer_Click); + // + // label11 + // + this.label11.Location = new System.Drawing.Point(24, 280); + this.label11.Name = "label11"; + this.label11.Size = new System.Drawing.Size(240, 23); + this.label11.TabIndex = 7; + this.label11.Text = "All logs are written to the \'application\' event log"; + // + // label10 + // + this.label10.Location = new System.Drawing.Point(16, 16); + this.label10.Name = "label10"; + this.label10.Size = new System.Drawing.Size(240, 23); + this.label10.TabIndex = 6; + this.label10.Text = "Logging Events"; + // + // log_cert + // + this.log_cert.Location = new System.Drawing.Point(48, 80); + this.log_cert.Name = "log_cert"; + this.log_cert.Size = new System.Drawing.Size(152, 24); + this.log_cert.TabIndex = 5; + this.log_cert.Text = "Certificate Issuance"; + // + // log_req + // + this.log_req.Location = new System.Drawing.Point(48, 48); + this.log_req.Name = "log_req"; + this.log_req.Size = new System.Drawing.Size(152, 24); + this.log_req.TabIndex = 3; + this.log_req.Text = "Request Processing"; + // + // label9 + // + this.label9.Location = new System.Drawing.Point(24, 128); + this.label9.Name = "label9"; + this.label9.Size = new System.Drawing.Size(240, 23); + this.label9.TabIndex = 4; + this.label9.Text = "Debug events"; + // + // apply + // + this.apply.Location = new System.Drawing.Point(264, 384); + this.apply.Name = "apply"; + this.apply.Size = new System.Drawing.Size(64, 24); + this.apply.TabIndex = 8; + this.apply.Text = "Apply"; + this.apply.Click += new System.EventHandler(this.apply_Click); + // + // cancel + // + this.cancel.Location = new System.Drawing.Point(336, 384); + this.cancel.Name = "cancel"; + this.cancel.Size = new System.Drawing.Size(64, 24); + this.cancel.TabIndex = 9; + this.cancel.Text = "Cancel"; + this.cancel.Click += new System.EventHandler(this.cancel_Click); + // + // help + // + this.help.Enabled = false; + this.help.Location = new System.Drawing.Point(408, 384); + this.help.Name = "help"; + this.help.Size = new System.Drawing.Size(64, 24); + this.help.TabIndex = 3; + this.help.Text = "Help"; + // + // ProxyPanel + // + this.AutoScaleBaseSize = new System.Drawing.Size(5, 13); + this.ClientSize = new System.Drawing.Size(488, 421); + this.Controls.Add(this.help); + this.Controls.Add(this.cancel); + this.Controls.Add(this.apply); + this.Controls.Add(this.caCertificateTab); + this.FormBorderStyle = System.Windows.Forms.FormBorderStyle.SizableToolWindow; + this.Icon = ((System.Drawing.Icon)(resources.GetObject("$this.Icon"))); + this.Name = "ProxyPanel"; + this.Text = "Certificate System Proxy Configuration"; + this.caCertificateTab.ResumeLayout(false); + this.about.ResumeLayout(false); + this.caCertificatePanel.ResumeLayout(false); + this.adpanel.ResumeLayout(false); + this.groupBox4.ResumeLayout(false); + this.caconfig.ResumeLayout(false); + this.groupBox3.ResumeLayout(false); + this.groupBox2.ResumeLayout(false); + this.groupBox1.ResumeLayout(false); + this.debug.ResumeLayout(false); + this.ResumeLayout(false); + + } + #endregion + + + /// + /// The main entry point for the application. + /// + [STAThread] + static void Main() + { + Application.Run(new ProxyPanel()); + } + + private void populateLDAP_Click(object sender, System.EventArgs e) + { + + String name = System.Security.Principal.WindowsIdentity.GetCurrent().Name.ToString(); + + if (certtextbox.Text == "") + { + DialogResult dr = MessageBox.Show("No CA Certificate has been set in the CA Certificate tab. Continue?", "Alert", MessageBoxButtons.OKCancel); + if (dr == DialogResult.Cancel) + { + return; + } + } + clearADLog(); + // Find the Configuration Naming Context from the RootDSE + DirectoryEntry rootDSE = new DirectoryEntry("LDAP://RootDSE"); + rootDSE.AuthenticationType = AuthenticationTypes.Secure; + String cnc = rootDSE.Properties["configurationNamingContext"][0].ToString(); + String rootpath = rootDSE.Path; + rootpath.Replace("RootDSE",""); + + adLog("Configuration Naming Context: "+cnc); + // Traverse down the Conviguration Naming Context... + DirectoryEntry configBase = new DirectoryEntry("LDAP://"+cnc); + configBase.AuthenticationType = AuthenticationTypes.Secure; + + DirectorySearcher ds = new DirectorySearcher(); + + // Find CN=Services subtree of CN=Configuration + ds.SearchRoot = configBase; + ds.SearchScope = SearchScope.OneLevel; + ds.Filter = "(CN=Services)"; + SearchResult servicesResult = ds.FindOne(); + + DirectoryEntry servicesBase = servicesResult.GetDirectoryEntry(); + String sb_n = servicesBase.Path; + adLog("Services base: "+sb_n); + + if (servicesBase == null) + { + DialogResult dr = MessageBox.Show("Error: Could not locate 'CN=Services' under base"+ + ds.SearchRoot.Name.ToString()); + } + + // Find "CN=Public Key Services" subtree of CN=Services + ds.SearchRoot = servicesBase; + ds.Filter = "(CN=Public Key Services)"; + SearchResult pubkeyResult = ds.FindOne(); + DirectoryEntry pubkeyServicesBase = pubkeyResult.GetDirectoryEntry(); + adLog("Services base: "+pubkeyServicesBase.Path); + + if (pubkeyServicesBase == null) + { + MessageBox.Show("Error: Could not locate 'CN=Public Key Services' under base"+ + ds.SearchRoot.Name.ToString()); + return; + } + + // Find other subtrees of "CN=Public Key Services" + ds.SearchRoot = pubkeyServicesBase; + + ds.Filter = "(CN=Certificate Templates)"; + SearchResult certificateTemplatesBaseResult = ds.FindOne(); + DirectoryEntry certificateTemplatesBase = certificateTemplatesBaseResult.GetDirectoryEntry(); + certificateTemplatesBase.AuthenticationType = AuthenticationTypes.Secure; + + ds.Filter = "(CN=Certification Authorities)"; + SearchResult certificationAuthoritiesBaseResult = ds.FindOne(); + DirectoryEntry certificationAuthoritiesBase = certificationAuthoritiesBaseResult.GetDirectoryEntry(); + certificationAuthoritiesBase.AuthenticationType = AuthenticationTypes.Secure; + + ds.Filter = "(CN=Enrollment Services)"; + SearchResult enrollmentServicesBaseResult = ds.FindOne(); + DirectoryEntry enrollmentServicesBase = enrollmentServicesBaseResult.GetDirectoryEntry(); + enrollmentServicesBase.AuthenticationType = AuthenticationTypes.Secure; + + // I used to have code to add the certificate templates, but while the + // WebServer template works fine, the same cannot be said for the DomainController + // template. A better way to set up the templates is to use the Certificate Templates + // Snap-in in MCC (MCC should ask you to populate the templates when the Snap-in + // is started. + + //addCertificateTemplates(certificateTemplatesBase); + + // xxx hardcoded string here + //String cacertb64 = "MIIB8TCCAZugAwIBAgIBATANBgkqhkiG9w0BAQUFADBJMScwJQYDVQQKEx5TZmJheSBSZWRoYXQgRG9tYWluIDIwMDYwNTEwZTExHjAcBgNVBAMTFUNlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0wNjA1MTAyMTE2NDVaFw0wODA0MjkyMTE2NDVaMEkxJzAlBgNVBAoTHlNmYmF5IFJlZGhhdCBEb21haW4gMjAwNjA1MTBlMTEeMBwGA1UEAxMVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAMHjZuV2cWg0Gg8vuVHMaw8dhnbN+28w2TFMiNyqCodCuXCFiduHMRpFkmd9s3Png8oUnceRlGls04CSUIO8g9kCAwEAAaNuMGwwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAcYwSQYIKwYBBQUHAQEEPTA7MDkGCCsGAQUFBzABhi1odHRwOi8vYWlyLnNmYmF5LnJlZGhhdC5jb206OTA4MC9vY3NwL2VlL29jc3AwDQYJKoZIhvcNAQEFBQADQQACdQDRYLpJywjd5SfVmPLNEFaLvi3q5E37t6eD7tNuNE42LU+GLN8e95QHDzG3tCKnT6HjP9wWvcrFBWaxJBU0"; + String cacertb64 = certtextbox.Text. + Replace(begincertificate_str,""). + Replace(endcertificate_str,""); + byte[] cacert = Convert.FromBase64String(cacertb64); + DirectoryEntry d = addCertificationAuthorities(certificationAuthoritiesBase,cacert); + addEnrollmentServices(enrollmentServicesBase, d, cacert); + + } + + + byte[] daysToByteArray(ulong days) + { + ulong x = days * 86400 * 10000000; + x = 0-x; + byte[] r = new byte[8]; + for (int i=0;i<8;i++) + { + r[i] = (byte) (x & 0xff); + x>>=8; + } + return r; + } + + + + + void clearADLog() + { + dslog.Clear(); + } + + void adLog(string s) + { + dslog.AppendText(s+"\r\n"); + } + + private void addCertsToComboBox() + { + string[] sn = new string[cids.Length]; + int sl=0; + foreach (CertIdentifier c in cids) + { + sn[sl] = c.subjectname; + sl++; + } + this.clientCertSelection.Text = sn[0]; + this.clientCertSelection.Items.AddRange(sn); + } + + DirectoryEntry addCertificationAuthorities(DirectoryEntry d, byte[] cacert) + { + DirectoryEntry n = null; + adLog("Searching for 'CN=Red Hat Certificate System Proxy' under base "+d.Name); + try + { + n = d.Children.Find("CN=Red Hat Certificate System Proxy"); + } catch (Exception e) + { + String s = e.Message; + } + if (n != null) { + adLog("Found "+n.Name); + if (overwrite.Checked) + { + adLog("Removing"); + d.Children.Remove(n); + } + else + { + return n; + } + } + + adLog("Adding 'CN=Red Hat Certificate System Proxy'"); + n = d.Children.Add("CN=Red Hat Certificate System Proxy","certificationAuthority"); + n.Properties["cn"].Add("Red Hat Certificate System Proxy"); + byte[] b = new byte[1]; + b[0] = 0; + n.Properties["certificateRevocationList"].Add(b); + if (cacert != null) + { + n.Properties["caCertificate"].Add(cacert); + } + n.Properties["authorityRevocationList"].Add(b); + n.CommitChanges(); + return n; + } + + void addEnrollmentServices(DirectoryEntry d, DirectoryEntry ca, byte[] cacert) + { + String entryname = "CN=Red Hat Certificate System Proxy"; + DirectoryEntry n=null; + adLog("Searching for 'CN=Red Hat Certificate System Proxy' under base "+d.Name); + try + { + n = d.Children.Find(entryname); + } + catch (Exception e) { String s = e.Message; } + if (n != null) { + adLog("Found "+n.Name); + if (overwrite.Checked) + { + adLog("Removing"); + d.Children.Remove(n); + } + else + { + return; + } + } + + adLog("Adding '"+entryname+"'"); + n = d.Children.Add(entryname,"pkiEnrollmentService"); + String hostname = Dns.GetHostName(); + IPHostEntry ipe = Dns.GetHostByName(hostname); + String name = ipe.HostName; + + + adLog("Adding attribute: dNSHostName: "+name); + n.Properties["dNSHostName"].Add( name ); + if (cacert != null) + { + n.Properties["caCertificate"].Add (cacert); + } + // XXX hardcoded!! + //n.Properties["caCertificateDN"].Add (ca.Name); + string can = ca.Name; + adLog("Adding attribute: caCertificateDN: "+can); + n.Properties["caCertificateDN"].Add ("CN=Certificate Authority,O=Sfbay Redhat Domain 20060510e1"); + n.Properties["certificateTemplates"].Add("WebServer"); + n.Properties["certificateTemplates"].Add("User"); + n.Properties["certificateTemplates"].Add("Workstation"); + n.Properties["certificateTemplates"].Add("Machine"); + n.Properties["certificateTemplates"].Add("DomainController"); + n.CommitChanges(); + + } + + + + private void cancel_Click(object sender, System.EventArgs e) + { + DialogResult dr = MessageBox.Show("Discard unsaved changes?", "Alert", MessageBoxButtons.OKCancel); + if (dr == DialogResult.Cancel) + { + return; + } + + Close(); + } + + private RegistryKey getConfigRoot() + { + RegistryKey r = Registry.LocalMachine. + OpenSubKey("SOFTWARE\\Red Hat\\RHCSProxy"); + RegistryKey r2 = r.OpenSubKey("Config",true); + return r2; + } + + private static bool compareByteArrays (byte[] data1, byte[] data2) + { + // If both are null, they're equal + if (data1==null && data2==null) + { + return true; + } + // If either but not both are null, they're not equal + if (data1==null || data2==null) + { + return false; + } + if (data1.Length != data2.Length) + { + return false; + } + for (int i=0; i < data1.Length; i++) + { + if (data1[i] != data2[i]) + { + return false; + } + } + return true; + } + + private void getClientCertRegistryConfig() + { + RegistryKey r = getConfigRoot(); + byte[] b = (byte[])r.GetValue("AuthenticationCertificate"); + if (b == null) { return; } + + for (int i=0; i 0; + log_cert.Checked = (options & LOG_CERT) > 0; + log_misc.Checked = (options & LOG_MISC) > 0; + log_d_com.Checked = (options & LOG_D_COM) > 0; + log_d_config.Checked = (options & LOG_D_CONFIG) > 0; + log_d_ca.Checked = (options & LOG_D_CA) > 0; + log_d_func.Checked = (options & LOG_D_FUNC) > 0; + log_d_detail.Checked = (options & LOG_D_DETAIL) > 0; + } + + // 2) applying changes back to the registry + + private void saveLogOptionsRegistry() + { + long options = 0; + + options |= log_req.Checked ? LOG_REQ : 0; + options |= log_cert.Checked ? LOG_CERT : 0; + options |= log_misc.Checked ? LOG_MISC : 0; + + options |= log_d_com.Checked ? LOG_D_COM : 0; + options |= log_d_config.Checked ? LOG_D_CONFIG : 0; + options |= log_d_ca.Checked ? LOG_D_CA : 0; + options |= log_d_func.Checked ? LOG_D_FUNC : 0; + options |= log_d_detail.Checked ? LOG_D_DETAIL : 0; + getConfigRoot().SetValue("LogOptions",options); + } + + private void load_Click(object sender, System.EventArgs e) + { + if (openFileDialog1.ShowDialog() != DialogResult.OK) + { + return; + } + + // read selected file into buffer + FileStream fs = new FileStream(openFileDialog1.FileName, FileMode.Open, FileAccess.Read); + BinaryReader br = new BinaryReader(fs); + byte[] b = new byte[10240]; + int bytes = br.Read(b,0,10240); + byte[] c = new byte[bytes]; + Array.Copy(b,0,c,0,bytes); + // convert to base 64 + + string s = Convert.ToBase64String(c); + // convert to PEM, adding begin/end certificate markers, and truncating to max + // 30 chars per line. + string o = begincertificate_str+"\r\n"; + + int i=0; + int maxline = 50; + while (i < s.Length) + { + int j = maxline; + if (s.Length-i < maxline) { j = s.Length-i; } + o = o + s.Substring(i,j) + "\r\n"; + i += maxline; + } + o+= endcertificate_str +"\r\n"; + + certtextbox.Text = o; + setcacert_Click(sender,e); // args ignored by callee + + + } + + private void label7_Click(object sender, System.EventArgs e) + { + + } + } +} --- NEW FILE ProxyPanel.resx --- text/microsoft-resx 1.3 System.Resources.ResXResourceReader, System.Windows.Forms, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 System.Resources.ResXResourceWriter, System.Windows.Forms, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 True False True Private Private 8, 8 False True True Private Private 8, 8 Private Private False False Private Private False Private Private False Private Private False True True Private Private 8, 8 False Private Private False Private Private False Private Private Private False Private Private False Private False True True Private Private 8, 8 Private 8, 8 True False True Private False Private Private False Private Private Private False Private False Private Private Private False Private False True True Private Private 8, 8 False Private Private Private 8, 8 False True True Private False Private Private False Private Private Private 8, 8 True False True Private Private False Private False Private Private Private False Private False Private Private Private False Private False Private Private False Private Private False Private Private Private Private Private Private Private Private Private 8, 8 True False True Private Private False Private False True True Private Private 8, 8 False Private Private False Private Private False Private Private False Private Private False Private Private False Private Private False Private Private False Private Private False Private Private False Private Private False Private Private False Private Private False Private Private False Private Private False Private Private Private Private 17, 17 False (Default) False False 8, 8 True 80 True ProxyPanel Private AAABAAIAEBAQAAAAAAAoAQAAJgAAACAgEAAAAAAA6AIAAE4BAAAoAAAAEAAAACAAAAABAAQAAAAAAIAA AAAAAAAAAAAAABAAAAAQAAAAAAAAAAAAgAAAgAAAAICAAIAAAACAAIAAgIAAAICAgADAwMAAAAD/AAD/ AAAA//8A/wAAAP8A/wD//wAA////AAAAAAAAAAAAAAAAAHd3d3d3cAAAe7u7t3/4hwh7uIu3eIiI/3u4 C7d4+I/4e7cLt3j/+Ih7twu3ePiIj3u7u7t4+IiPe7u7t3j/iP/3CIgIePiIiIcIiAh4j/iIj3AHAHiI iI/4d3AACHd4iIiPcAAAAAh3ePhwAAAAAAAId3AA//8AAL8AAAAHAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAQAAAAEAAIADAAD4BwAA/4cAACgAAAAgAAAAQAAAAAEABAAAAAAAAAIAAAAA AAAAAAAAEAAAABAAAAAAAAAAAACAAACAAAAAgIAAgAAAAIAAgACAgAAAgICAAMDAwAAAAP8AAP8AAAD/ /wD/AAAA/wD/AP//AAD///8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8AcAAAAAAAAA AAAAAAAACPh3AAcAAAAAMzMzMzMzAAj///h3AAcAA7u7u7u7MzAP+IiP//h3AAu7u7ALu7MwD/iIiIj/ //h7u7uwA7uzMA/4///4iIj/e7u7sAO7szAPiP+I//+IiHu7u7AAO7MwD/j/eHeI//97u7swADuzMA+I ////93eIe7u7swO7szAP+P+P///4iHu7u7u7u7MwD/j/iHiI//97uzuIiIuzMA/4/4j4iHf/ezdwf/+H M4AP+P+IeIj//3O4cHiIiAAAD4j///+IiP+DOHBzM3hwAA+I//+P/////whwADAHcAAPiP/4h4iP//8I hwAAd3cAD4j/iP+Ih4iPd4d3d3dwAA/4/4h4iP+Id3CId3d3cAAP+I//+Ih4iP/3eId3dwAAD/iIj/// +Ih4iHB4iHAAAA//+IiIj///+IiIcAAAAAAHeP//iIeIj////4jwAAAAAAB3eP//iIiIj/+I8AAAAAAH AAB3eP/4iIiIiPAAAAAAAAAHAAAHeP/4iIjwAAAAAAAAAAAAcAAHeP//8AAAAAAAAAAAAAAAcAAHePAA AAAAAAAAAAAAAAAAcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD//////////wP/ wAEAP4AAAAMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAA AAEAAAABAAAAAwAAAAcAAAAPAAAAHwAAAD8AAAA/4AAAP/4AAD//8AA///8AP///8D///////////w== --- NEW FILE WinCapi.cs --- using System; using System.Collections; using System.Runtime.InteropServices; using System.Security.Cryptography.X509Certificates; using System.ComponentModel; namespace ProxyPanel { /// /// /// /// public struct CertIdentifier { public string subjectname; public byte[] hash; } public class WinCapi { /* HCERTSTORE WINAPI CertOpenSystemStore(HCRYPTPROV hprov, LPTCSTR szSubsystemProtocol); BOOL WINAPI CertCloseStore(HCERTSTORE hCertStore, DWORD dwFlags); PCCERT_CONTEXT WINAPI CertFindCertificateInStore( HCERTSTORE hCertStore, DWORD dwCertEncodingType, DWORD dwFindFlags, DWORD dwFindType, const void* pvFindPara, PCCERT_CONTEXT pPrevCertContext); BOOL WINAPI CertFreeCertificateContext( PCCERT_CONTEXT pCertContext ); */ [DllImport("crypt32.dll", CharSet=CharSet.Auto, SetLastError=true)] public static extern IntPtr CertOpenSystemStore( IntPtr hCryptProv, string storename) ; [DllImport("crypt32.dll", SetLastError=true)] public static extern bool CertCloseStore( IntPtr hCertStore, uint dwFlags) ; [DllImport("crypt32.dll", SetLastError=true)] public static extern IntPtr CertFindCertificateInStore( IntPtr hCertStore, uint dwCertEncodingType, uint dwFindFlags, uint dwFindType, [In, MarshalAs(UnmanagedType.LPWStr)]String pszFindString, IntPtr pPrevCertCntxt) ; [DllImport("crypt32.dll", SetLastError=true)] public static extern bool CertFreeCertificateContext( IntPtr hCertStore) ; public WinCapi() { } private byte[] hexToByteArray(string s) { if (s == null || s.Length == 0 || (s.Length %2 != 0)) { return null; } byte[] b = new byte[s.Length/2]; for (int i=0; i --- NEW FILE panel.csproj.user --- From fedora-directory-commits at redhat.com Wed Mar 14 16:25:36 2007 From: fedora-directory-commits at redhat.com (Richard Allen Megginson (rmeggins)) Date: Wed, 14 Mar 2007 12:25:36 -0400 Subject: [Fedora-directory-commits] ldapserver/ldap/servers/slapd/back-ldbm vlv.c, 1.6, 1.6.2.1 Message-ID: <200703141625.l2EGPa9l015193@cvs-int.fedora.redhat.com> Author: rmeggins Update of /cvs/dirsec/ldapserver/ldap/servers/slapd/back-ldbm In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv15177/ldapserver/ldap/servers/slapd/back-ldbm Modified Files: Tag: Directory71RtmBranch vlv.c Log Message: Resolves: bug 231507 Bug Description: Modification of directory entries with VLV-indexed null-value attributes results in server crash Reviewed by: nkinder, nhosoi, prowley (Thanks!) Fix Description: The value lowest_value is defined outside the loop that loops through all the attributes in the vlv sort specification (e.g. usually something like cn givenname o ou sn if defined by the console browsing index). lowest_value is not reset for each loop iteration. So if it goes through the loop one time for e.g. givenname, and givenname has values, lowest_value will point to the lowest value of givenname until the key is created, then it is freed. So the next loop iteration uses o, and if for example o does not have any values, lowest_value will point to the already freed memory used by the givenname iteration, which is now garbage (e.g. the lowest_value->bv_len may be very large, which is the probably cause of the malloc out of memory errors seen by the customer). The solution is to reset lowest_value to NULL before each loop iteration (I did this by moving the declaration and initialization of lowest_value inside the loop scope) and testing for lowest_va! lue == NULL before trying to use it. Platforms tested: RHEL4 Flag Day: no Doc impact: no QA impact: should be covered by regular nightly and manual testing New Tests integrated into TET: none Index: vlv.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/back-ldbm/vlv.c,v retrieving revision 1.6 retrieving revision 1.6.2.1 diff -u -r1.6 -r1.6.2.1 --- vlv.c 19 Apr 2005 22:07:38 -0000 1.6 +++ vlv.c 14 Mar 2007 16:25:34 -0000 1.6.2.1 @@ -499,7 +499,7 @@ static struct vlv_key * vlv_create_key(struct vlvIndex* p, struct backentry* e) { - struct berval val, *lowest_value = NULL; + struct berval val; unsigned char char_min = 0x00; unsigned char char_max = 0xFF; struct vlv_key *key= vlv_key_new(); @@ -521,7 +521,7 @@ /* xxxPINAKI */ /* need to free some stuff! */ Slapi_Value **cvalue = NULL; - struct berval **value = NULL; + struct berval **value = NULL, *lowest_value = NULL; int free_value= 0; if (attr != NULL && !valueset_isempty(&attr->a_present_values)) { @@ -578,7 +578,7 @@ unsigned int i; char *attributeValue = NULL; /* Bug 605477 : Don't malloc 0 bytes */ - if (attr != NULL && lowest_value->bv_len != 0) { + if (attr != NULL && lowest_value && lowest_value->bv_len != 0) { attributeValue = (char*)slapi_ch_malloc(lowest_value->bv_len); for(i=0;ibv_len;i++) { @@ -606,7 +606,7 @@ /* If the forward-sorted attribute is absent or has no * value, we need to use the value of 0xFF. */ - if (attr != NULL && lowest_value->bv_len > 0) { + if (attr != NULL && lowest_value && lowest_value->bv_len > 0) { vlv_key_addattr(key,lowest_value); } else { val.bv_val = (void*)&char_max; From fedora-directory-commits at redhat.com Wed Mar 14 16:36:15 2007 From: fedora-directory-commits at redhat.com (Richard Allen Megginson (rmeggins)) Date: Wed, 14 Mar 2007 12:36:15 -0400 Subject: [Fedora-directory-commits] ldapserver/ldap/servers/slapd/back-ldbm vlv.c, 1.12, 1.13 Message-ID: <200703141636.l2EGaFIQ015684@cvs-int.fedora.redhat.com> Author: rmeggins Update of /cvs/dirsec/ldapserver/ldap/servers/slapd/back-ldbm In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv15668 Modified Files: vlv.c Log Message: Resolves: bug 231507 Bug Description: Modification of directory entries with VLV-indexed null-value attributes results in server crash Reviewed by: nkinder, nhosoi, prowley (Thanks!) Fix Description: The value lowest_value is defined outside the loop that loops through all the attributes in the vlv sort specification (e.g. usually something like cn givenname o ou sn if defined by the console browsing index). lowest_value is not reset for each loop iteration. So if it goes through the loop one time for e.g. givenname, and givenname has values, lowest_value will point to the lowest value of givenname until the key is created, then it is freed. So the next loop iteration uses o, and if for example o does not have any values, lowest_value will point to the already freed memory used by the givenname iteration, which is now garbage (e.g. the lowest_value->bv_len may be very large, which is the probably cause of the malloc out of memory errors seen by the customer). The solution is to reset lowest_value to NULL before each loop iteration (I did this by moving the declaration and initialization of lowest_value inside the loop scope) and testing for lowest_va! lue == NULL before trying to use it. Platforms tested: RHEL4 Flag Day: no Doc impact: no Index: vlv.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/back-ldbm/vlv.c,v retrieving revision 1.12 retrieving revision 1.13 diff -u -r1.12 -r1.13 --- vlv.c 7 Dec 2006 21:15:00 -0000 1.12 +++ vlv.c 14 Mar 2007 16:36:13 -0000 1.13 @@ -508,7 +508,7 @@ static struct vlv_key * vlv_create_key(struct vlvIndex* p, struct backentry* e) { - struct berval val, *lowest_value = NULL; + struct berval val; unsigned char char_min = 0x00; unsigned char char_max = 0xFF; struct vlv_key *key= vlv_key_new(); @@ -530,7 +530,7 @@ /* xxxPINAKI */ /* need to free some stuff! */ Slapi_Value **cvalue = NULL; - struct berval **value = NULL; + struct berval **value = NULL, *lowest_value = NULL; int free_value= 0; if (attr != NULL && !valueset_isempty(&attr->a_present_values)) { @@ -587,7 +587,7 @@ unsigned int i; char *attributeValue = NULL; /* Bug 605477 : Don't malloc 0 bytes */ - if (attr != NULL && lowest_value->bv_len != 0) { + if (attr != NULL && lowest_value && lowest_value->bv_len != 0) { attributeValue = (char*)slapi_ch_malloc(lowest_value->bv_len); for(i=0;ibv_len;i++) { @@ -615,7 +615,7 @@ /* If the forward-sorted attribute is absent or has no * value, we need to use the value of 0xFF. */ - if (attr != NULL && lowest_value->bv_len > 0) { + if (attr != NULL && lowest_value && lowest_value->bv_len > 0) { vlv_key_addattr(key,lowest_value); } else { val.bv_val = (void*)&char_max; From fedora-directory-commits at redhat.com Thu Mar 15 18:21:45 2007 From: fedora-directory-commits at redhat.com (Richard Allen Megginson (rmeggins)) Date: Thu, 15 Mar 2007 14:21:45 -0400 Subject: [Fedora-directory-commits] ldapserver/ldap/servers/slapd backend_manager.c, 1.7, 1.8 mapping_tree.c, 1.8, 1.9 Message-ID: <200703151821.l2FILjhA026138@cvs-int.fedora.redhat.com> Author: rmeggins Update of /cvs/dirsec/ldapserver/ldap/servers/slapd In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv26089/ldapserver/ldap/servers/slapd Modified Files: backend_manager.c mapping_tree.c Log Message: Resolves: bug 232377 Bug Description: PAM passthru ENTRY method not working Reviewed by: prowley (Thanks!) Fix Description: There are several problems. 1) For the ENTRY method to perform the internal search to get the entry for the bind DN, it must have a component ID (aka plugin identity). The code was already there to get/set it, but it was never initialized in the init function. 2) You cannot mix slapi_sdn_new* with slapi_sdn_init* - slapi_sdn_init will erase the knowledge that the Slapi_DN was allocated with malloc and it will not free it in slapi_sdn_free(). 3) People may assume they can specify a subtree (e.g. ou=people,dc=example,dc=com) instead of a suffix for the list of included/excluded suffixes. The error message will not print a list of valid suffixes for the admin to use. 4) slapi_be_exist was failing because the database does not notify the mapping tree code that the backend is started during startup. This works fine under normal conditions because most all of the code in mapping_tree.c will lookup the backend if the mtn_be pointer in the mapping tree node is NULL. However, slapi_be_exist and slapi_be_select do not do this. The proper solution is to call slapi_mtn_be_started() at database startup time. This is the same thing that happens when a backend is added at runtime. Platforms tested: FC6 Flag Day: no Doc impact: no Index: backend_manager.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/backend_manager.c,v retrieving revision 1.7 retrieving revision 1.8 diff -u -r1.7 -r1.8 --- backend_manager.c 10 Nov 2006 23:45:40 -0000 1.7 +++ backend_manager.c 15 Mar 2007 18:21:37 -0000 1.8 @@ -80,6 +80,10 @@ backends[i] = be; nbackends++; + + slapi_log_error(SLAPI_LOG_TRACE, "slapi_be_new", + "Added new backend name [%s] type [%s] nbackends [%d]\n", + name, type, nbackends); return( be ); } Index: mapping_tree.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/mapping_tree.c,v retrieving revision 1.8 retrieving revision 1.9 diff -u -r1.8 -r1.9 --- mapping_tree.c 14 Dec 2006 23:16:54 -0000 1.8 +++ mapping_tree.c 15 Mar 2007 18:21:37 -0000 1.9 @@ -324,6 +324,12 @@ node->mtn_dstr_plg_name = plg_fct; node->mtn_dstr_plg = plg; + slapi_log_error(SLAPI_LOG_TRACE, "mapping_tree", + "Created new mapping tree node for suffix [%s] backend [%s] [%p]\n", + slapi_sdn_get_dn(dn), + backend_names && backend_names[0] ? backend_names[0] : "null", + be ? be[0] : NULL); + return node; } From fedora-directory-commits at redhat.com Thu Mar 15 18:21:45 2007 From: fedora-directory-commits at redhat.com (Richard Allen Megginson (rmeggins)) Date: Thu, 15 Mar 2007 14:21:45 -0400 Subject: [Fedora-directory-commits] ldapserver/ldap/servers/slapd/back-ldbm instance.c, 1.6, 1.7 Message-ID: <200703151821.l2FILjNH026144@cvs-int.fedora.redhat.com> Author: rmeggins Update of /cvs/dirsec/ldapserver/ldap/servers/slapd/back-ldbm In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv26089/ldapserver/ldap/servers/slapd/back-ldbm Modified Files: instance.c Log Message: Resolves: bug 232377 Bug Description: PAM passthru ENTRY method not working Reviewed by: prowley (Thanks!) Fix Description: There are several problems. 1) For the ENTRY method to perform the internal search to get the entry for the bind DN, it must have a component ID (aka plugin identity). The code was already there to get/set it, but it was never initialized in the init function. 2) You cannot mix slapi_sdn_new* with slapi_sdn_init* - slapi_sdn_init will erase the knowledge that the Slapi_DN was allocated with malloc and it will not free it in slapi_sdn_free(). 3) People may assume they can specify a subtree (e.g. ou=people,dc=example,dc=com) instead of a suffix for the list of included/excluded suffixes. The error message will not print a list of valid suffixes for the admin to use. 4) slapi_be_exist was failing because the database does not notify the mapping tree code that the backend is started during startup. This works fine under normal conditions because most all of the code in mapping_tree.c will lookup the backend if the mtn_be pointer in the mapping tree node is NULL. However, slapi_be_exist and slapi_be_select do not do this. The proper solution is to call slapi_mtn_be_started() at database startup time. This is the same thing that happens when a backend is added at runtime. Platforms tested: FC6 Flag Day: no Doc impact: no Index: instance.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/back-ldbm/instance.c,v retrieving revision 1.6 retrieving revision 1.7 diff -u -r1.6 -r1.7 --- instance.c 7 Mar 2007 21:54:03 -0000 1.6 +++ instance.c 15 Mar 2007 18:21:43 -0000 1.7 @@ -278,6 +278,7 @@ rc = rc1; } else { vlv_init(inst); + slapi_mtn_be_started(inst->inst_be); } inst_obj = objset_next_obj(li->li_instance_set, inst_obj); } From fedora-directory-commits at redhat.com Thu Mar 15 18:21:40 2007 From: fedora-directory-commits at redhat.com (Richard Allen Megginson (rmeggins)) Date: Thu, 15 Mar 2007 14:21:40 -0400 Subject: [Fedora-directory-commits] ldapserver/ldap/servers/plugins/pam_passthru README, 1.5, 1.6 pam_ptconfig.c, 1.8, 1.9 pam_ptpreop.c, 1.6, 1.7 Message-ID: <200703151822.l2FIM9jQ026170@cvs-int.fedora.redhat.com> Author: rmeggins Update of /cvs/dirsec/ldapserver/ldap/servers/plugins/pam_passthru In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv26089/ldapserver/ldap/servers/plugins/pam_passthru Modified Files: README pam_ptconfig.c pam_ptpreop.c Log Message: Resolves: bug 232377 Bug Description: PAM passthru ENTRY method not working Reviewed by: prowley (Thanks!) Fix Description: There are several problems. 1) For the ENTRY method to perform the internal search to get the entry for the bind DN, it must have a component ID (aka plugin identity). The code was already there to get/set it, but it was never initialized in the init function. 2) You cannot mix slapi_sdn_new* with slapi_sdn_init* - slapi_sdn_init will erase the knowledge that the Slapi_DN was allocated with malloc and it will not free it in slapi_sdn_free(). 3) People may assume they can specify a subtree (e.g. ou=people,dc=example,dc=com) instead of a suffix for the list of included/excluded suffixes. The error message will not print a list of valid suffixes for the admin to use. 4) slapi_be_exist was failing because the database does not notify the mapping tree code that the backend is started during startup. This works fine under normal conditions because most all of the code in mapping_tree.c will lookup the backend if the mtn_be pointer in the mapping tree node is NULL. However, slapi_be_exist and slapi_be_select do not do this. The proper solution is to call slapi_mtn_be_started() at database startup time. This is the same thing that happens when a backend is added at runtime. Platforms tested: FC6 Flag Day: no Doc impact: no Index: README =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/plugins/pam_passthru/README,v retrieving revision 1.5 retrieving revision 1.6 diff -u -r1.5 -r1.6 --- README 15 Sep 2006 21:20:36 -0000 1.5 +++ README 15 Mar 2007 18:21:37 -0000 1.6 @@ -155,7 +155,9 @@ pam_acct_mgmt() somewhere during the pam handshakes and before pam_end() to get this information. We also try to return an appropriate LDAP error code. + PAM Error Code LDAP Error Code Meaning +============== =============== ======= PAM_USER_UNKNOWN LDAP_NO_SUCH_OBJECT User ID does not exist PAM_AUTH_ERROR LDAP_INVALID_CREDENTIALS Password is not correct PAM_ACCT_EXPIRED LDAP_INVALID_CREDENTIALS User's password is expired @@ -163,6 +165,7 @@ PAM_NEW_AUTHTOK_REQD LDAP_INVALID_CREDENTIALS User's password has expired and must be renewed PAM_MAXTRIES LDAP_CONSTRAINT_VIOLATION Max retry count has been exceeded Other codes LDAP_OPERATIONS_ERROR PAM config is incorrect, machine problem, etc. + There are three controls we might possibly add to the response: * the auth response control - returned upon success - contains the BIND DN (u: not currently supported) * LDAP_CONTROL_PWEXPIRED - returned when PAM reports ACCT_EXPIRED or NEW_AUTHTOK_REQD @@ -182,7 +185,7 @@ 1. Shutdown the server 2. Make sure the slapd-instance/config/schema contains the 60pam-config.ldif file -3. Make sure serverroot/lib/pam-passthru-plugin.so exists +3. Make sure plugindir/libpam-passthru-plugin.so exists 4. Make sure /etc/pam.d/ldapserver exists and is configured correctly 5. If the configuration is not already in dse.ldif, append the following to slapd-instance/config/dse.ldif @@ -192,7 +195,7 @@ objectclass: extensibleObject objectclass: pamConfig cn: PAM Pass Through Auth -nsslapd-pluginpath: /opt/ldapserver/lib/pam-passthru-plugin.so +nsslapd-pluginpath: /path/to/libpam-passthru-plugin.so nsslapd-plugininitfunc: pam_passthruauth_init nsslapd-plugintype: preoperation nsslapd-pluginenabled: on @@ -210,7 +213,25 @@ o=NetscapeRoot may be omitted if this is not a configuration DS. Then restart slapd. +Testing + +I find it convenient to just test against regular /etc/passwd accounts. +0) Create a server instance with suffix dc=example,dc=com and load the Example.ldif file +1) cd /etc/pam.d +2) cp system-auth ldapserver (make sure ldapserver is readable by nobody or whatever your ldap server account is) +3) useradd scarter (or any uid from Example.ldif) +4) passwd scarter - use a different password than the LDAP password +5) Make sure /etc/shadow is readable by nobody or whatever your ldap server account is + +You might want to turn off pamSecure for testing purposes unless you have already set up your server and ldap clients to use TLS. + +Then you can run a test like this: +ldapsearch -x -D "uid=scarter,ou=people,dc=example,dc=com" -w thepassword -s base -b "" + +Check /var/log/secure for any PAM authentication failures + See Also + PAM API for Linux http://www.kernel.org/pub/linux/libs/pam/Linux-PAM-html/pam_appl.html PAM API for Solaris Writing PAM Applications and Services from the Solaris Security for Developers Guide http://docs.sun.com/app/docs/doc/816-4863/6mb20lvfh?a=view PAM API for HP-UX http://docs.hp.com/en/B2355-60103/pam.3.html Index: pam_ptconfig.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/plugins/pam_passthru/pam_ptconfig.c,v retrieving revision 1.8 retrieving revision 1.9 diff -u -r1.8 -r1.9 --- pam_ptconfig.c 10 Nov 2006 23:45:03 -0000 1.8 +++ pam_ptconfig.c 15 Mar 2007 18:21:37 -0000 1.9 @@ -266,7 +266,23 @@ return err; } - + +static void +print_suffixes() +{ + void *cookie = NULL; + Slapi_DN *sdn = NULL; + slapi_log_error(SLAPI_LOG_FATAL, PAM_PASSTHRU_PLUGIN_SUBSYSTEM, + "The following is the list of valid suffixes to use with " + PAMPT_EXCLUDES_ATTR " and " PAMPT_INCLUDES_ATTR ":\n"); + for (sdn = slapi_get_first_suffix(&cookie, 1); + sdn && cookie; + sdn = slapi_get_next_suffix(&cookie, 1)) { + slapi_log_error(SLAPI_LOG_FATAL, PAM_PASSTHRU_PLUGIN_SUBSYSTEM, + "\t%s\n", slapi_sdn_get_dn(sdn)); + } +} + /* Validate the pending changes in the e entry. */ @@ -295,30 +311,27 @@ if (missing_suffix != PAMPT_MISSING_SUFFIX_IGNORE) { char **missing_list = NULL; - Slapi_DN *comp_dn = slapi_sdn_new(); /* get the list of excluded suffixes */ excludes = slapi_entry_attr_get_charray(e, PAMPT_EXCLUDES_ATTR); for (ii = 0; excludes && excludes[ii]; ++ii) { - slapi_sdn_init_dn_byref(comp_dn, excludes[ii]); + Slapi_DN *comp_dn = slapi_sdn_new_dn_byref(excludes[ii]); if (!slapi_be_exist(comp_dn)) { charray_add(&missing_list, slapi_ch_strdup(excludes[ii])); } - slapi_sdn_done(comp_dn); + slapi_sdn_free(&comp_dn); } /* get the list of included suffixes */ includes = slapi_entry_attr_get_charray(e, PAMPT_INCLUDES_ATTR); for (ii = 0; includes && includes[ii]; ++ii) { - slapi_sdn_init_dn_byref(comp_dn, includes[ii]); + Slapi_DN *comp_dn = slapi_sdn_new_dn_byref(includes[ii]); if (!slapi_be_exist(comp_dn)) { charray_add(&missing_list, slapi_ch_strdup(includes[ii])); } - slapi_sdn_done(comp_dn); + slapi_sdn_free(&comp_dn); } - slapi_sdn_free(&comp_dn); - if (missing_list) { PRUint32 size = PR_snprintf(returntext, SLAPI_DSE_RETURNTEXT_SIZE, @@ -333,6 +346,7 @@ } slapi_ch_array_free(missing_list); missing_list = NULL; + print_suffixes(); if (missing_suffix != PAMPT_MISSING_SUFFIX_ERROR) { slapi_log_error(SLAPI_LOG_FATAL, PAM_PASSTHRU_PLUGIN_SUBSYSTEM, "Warning: %s\n", returntext); @@ -398,8 +412,7 @@ Pam_PassthruSuffix *newone = NULL; if (suffix) { newone = (Pam_PassthruSuffix *)slapi_ch_malloc(sizeof(Pam_PassthruSuffix)); - newone->pamptsuffix_dn = slapi_sdn_new(); - slapi_sdn_init_dn_byval(newone->pamptsuffix_dn, suffix); + newone->pamptsuffix_dn = slapi_sdn_new_dn_byval(suffix); newone->pamptsuffix_next = NULL; } return newone; @@ -532,8 +545,7 @@ Pam_PassthruSuffix *try; int ret = LDAP_SUCCESS; - comp_dn = slapi_sdn_new(); - slapi_sdn_init_dn_byref(comp_dn, binddn); + comp_dn = slapi_sdn_new_dn_byref(binddn); slapi_lock_mutex(cfg->lock); if (!cfg->pamptconfig_includes && !cfg->pamptconfig_excludes) { Index: pam_ptpreop.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/plugins/pam_passthru/pam_ptpreop.c,v retrieving revision 1.6 retrieving revision 1.7 diff -u -r1.6 -r1.7 --- pam_ptpreop.c 10 Nov 2006 23:45:03 -0000 1.6 +++ pam_ptpreop.c 15 Mar 2007 18:21:37 -0000 1.7 @@ -85,6 +85,9 @@ slapi_log_error( SLAPI_LOG_PLUGIN, PAM_PASSTHRU_PLUGIN_SUBSYSTEM, "=> pam_passthruauth_init\n" ); + slapi_pblock_get (pb, SLAPI_PLUGIN_IDENTITY, &pam_passthruauth_plugin_identity); + PR_ASSERT (pam_passthruauth_plugin_identity); + if ( slapi_pblock_set( pb, SLAPI_PLUGIN_VERSION, (void *)SLAPI_PLUGIN_VERSION_01 ) != 0 || slapi_pblock_set( pb, SLAPI_PLUGIN_DESCRIPTION, From fedora-directory-commits at redhat.com Thu Mar 15 21:34:35 2007 From: fedora-directory-commits at redhat.com (Noriko Hosoi (nhosoi)) Date: Thu, 15 Mar 2007 17:34:35 -0400 Subject: [Fedora-directory-commits] ldapserver/ldap/servers/slapd/back-ldbm back-ldbm.h, 1.8, 1.9 dblayer.c, 1.17, 1.18 dbversion.c, 1.7, 1.8 ldbm_config.c, 1.10, 1.11 proto-back-ldbm.h, 1.10, 1.11 start.c, 1.6, 1.7 upgrade.c, 1.6, 1.7 Message-ID: <200703152134.l2FLYZ9R010936@cvs-int.fedora.redhat.com> Author: nhosoi Update of /cvs/dirsec/ldapserver/ldap/servers/slapd/back-ldbm In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv10655 Modified Files: back-ldbm.h dblayer.c dbversion.c ldbm_config.c proto-back-ldbm.h start.c upgrade.c Log Message: Resolves: 232050 Summary: Change format of DBVERSION and guardian files (Comment #4) 1) introduced new strings for DBVERSION 2) added the logic to compare the new DBVERSION strings note: we don't store the current db version string in the backend source code any more. Instead, we get it from Berkeley DB header file db.h. Index: back-ldbm.h =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/back-ldbm/back-ldbm.h,v retrieving revision 1.8 retrieving revision 1.9 diff -u -r1.8 -r1.9 --- back-ldbm.h 10 Nov 2006 23:45:39 -0000 1.8 +++ back-ldbm.h 15 Mar 2007 21:34:32 -0000 1.9 @@ -134,26 +134,29 @@ #define LDBM_VERSION_MAXBUF 64 #define LDBM_DATABASE_TYPE_NAME "ldbm database" /* + * 232050: Change format of DBVERSION and guardian files + * new format: + * implementation/version/server backend plugin name[/other tag][/other tag].... + * For example: + * bdb/4.2/libback-ldbm/newidl + * This indicates that the files use Berkeley DB version 4.2, they are used + * by the server libback-ldbm database plugin, and the index files use the + * newidl format. + * Starting from DS7.2 + */ +#define BDB_IMPL "bdb" +#define BDB_BACKEND "libback-ldbm" /* This backend plugin */ + +/* * While we support both new and old idl index, * we distinguish them by the following 2 macros. * When we drop the old idl code, we eliminate LDBM_VERSION_OLD. * bug #604922 */ -/* To set new idl default, uncomment it. */ -#define USE_NEW_IDL 1 - #define LDBM_VERSION_BASE "Netscape-ldbm/" #define LDBM_VERSION "Netscape-ldbm/7.0" /* db42: new idl -> old */ #define LDBM_VERSION_NEW "Netscape-ldbm/7.0_NEW" /* db42: new idl */ - /* used only when - * USE_NEW_IDL is - * NOT defined - */ #define LDBM_VERSION_OLD "Netscape-ldbm/7.0_CLASSIC" /* db42: old idl */ - /* used only when - * USE_NEW_IDL is - * defined - */ #define LDBM_VERSION_62 "Netscape-ldbm/6.2" /* db33: new idl */ #define LDBM_VERSION_61 "Netscape-ldbm/6.1" /* db33: new idl */ #define LDBM_VERSION_60 "Netscape-ldbm/6.0" /* db33: old idl */ @@ -364,7 +367,7 @@ void *ai_plugin; char **ai_index_rules; /* matching rule OIDs */ void *ai_dblayer; /* private data used by the dblayer code */ - PRInt32 ai_dblayer_count; /* used by the dblayer code */ + PRInt32 ai_dblayer_count; /* used by the dblayer code */ idl_private *ai_idl; /* private data used by the IDL code (eg locking the IDLs) */ attrcrypt_private *ai_attrcrypt; /* private data used by the attribute encryption code (eg is it enabled or not) */ }; @@ -380,7 +383,9 @@ typedef struct id_array Id_Array; struct _db_upgrade_info { - char* old_version_string; + char *old_version_string; + int old_dbversion_major; + int old_dbversion_minor; int type; int action; }; @@ -396,8 +401,17 @@ #define DBVERSION_NO_UPGRADE 0x0 #define DBVERSION_NEED_IDL_OLD2NEW 0x100 #define DBVERSION_NEED_IDL_NEW2OLD 0x200 -#define DBVERSION_UPGRADE_3_4 0x400 -#define DBVERSION_NOT_SUPPORTED 0x800 +#define DBVERSION_UPGRADE_3_4 0x400 /* bdb 3.3 -> 4.2 */ + /* The log file format changed; + * No database formats changed; + * db extention: .db3 -> .db4 + */ +#define DBVERSION_UPGRADE_4_4 0x800 /* bdb 4.2 -> 4.3 -> 4.4 -> 4.5 */ + /* The log file format changed; + * No database formats changed; + * no db extention change + */ +#define DBVERSION_NOT_SUPPORTED 0x10000000 #define DBVERSION_TYPE 0x1 #define DBVERSION_ACTION 0x2 Index: dblayer.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/back-ldbm/dblayer.c,v retrieving revision 1.17 retrieving revision 1.18 diff -u -r1.17 -r1.18 --- dblayer.c 12 Feb 2007 21:13:07 -0000 1.17 +++ dblayer.c 15 Mar 2007 21:34:32 -0000 1.18 @@ -346,7 +346,7 @@ dblayer_private *priv = (dblayer_private*)li->li_dblayer_private; DB_ENV *pEnv = priv->dblayer_env->dblayer_DB_ENV; char *home_dir = dblayer_get_home_dir(li, NULL); - if (home_dir) + if (home_dir && *home_dir) pEnv->remove(pEnv, home_dir, DB_FORCE); } @@ -815,18 +815,18 @@ #ifdef LINUX { struct sysinfo si; - size_t pages_per_mem_unit = 0; - size_t mem_units_per_page = 0; /* We don't know if these units are really pages */ + size_t pages_per_mem_unit = 0; + size_t mem_units_per_page = 0; /* We don't know if these units are really pages */ sysinfo(&si); *pagesize = getpagesize(); - if (si.mem_unit > *pagesize) { - pages_per_mem_unit = si.mem_unit / *pagesize; - *pages = si.totalram * pages_per_mem_unit; - } else { - mem_units_per_page = *pagesize / si.mem_unit; - *pages = si.totalram / mem_units_per_page; - } + if (si.mem_unit > *pagesize) { + pages_per_mem_unit = si.mem_unit / *pagesize; + *pages = si.totalram * pages_per_mem_unit; + } else { + mem_units_per_page = *pagesize / si.mem_unit; + *pages = si.totalram / mem_units_per_page; + } *availpages = dblayer_getvirtualmemsize() / *pagesize; /* okay i take that back, linux's method is more retarded here. * hopefully linux doesn't have the FILE* problem that solaris does @@ -861,7 +861,7 @@ if (rval < 0) /* pstat_getstatic failed */ return; *pagesize = pst.page_size; - *pages = pst.physical_memory; + *pages = pst.physical_memory; *availpages = dblayer_getvirtualmemsize() / *pagesize; if (procpages) { @@ -894,21 +894,21 @@ } } #endif - /* If this is a 32-bit build, it might be running on a 64-bit machine, - * in which case, if the box has tons of ram, we can end up telling - * the auto cache code to use more memory than the process can address. - * so we cap the number returned here. - */ + /* If this is a 32-bit build, it might be running on a 64-bit machine, + * in which case, if the box has tons of ram, we can end up telling + * the auto cache code to use more memory than the process can address. + * so we cap the number returned here. + */ #if defined(__LP64__) || defined (_LP64) #else - { - size_t one_gig_pages = GIGABYTE / *pagesize; - if (*pages > (2 * one_gig_pages) ) { - LDAPDebug(LDAP_DEBUG_TRACE,"More than 2Gbytes physical memory detected. Since this is a 32-bit process, truncating memory size used for auto cache calculations to 2Gbytes\n", - 0, 0, 0); - *pages = (2 * one_gig_pages); - } - } + { + size_t one_gig_pages = GIGABYTE / *pagesize; + if (*pages > (2 * one_gig_pages) ) { + LDAPDebug(LDAP_DEBUG_TRACE,"More than 2Gbytes physical memory detected. Since this is a 32-bit process, truncating memory size used for auto cache calculations to 2Gbytes\n", + 0, 0, 0); + *pages = (2 * one_gig_pages); + } + } #endif } @@ -921,21 +921,21 @@ dblayer_sys_pages(&pagesize, &pages, &procpages, &availpages); if (!pagesize || !pages) return 1; /* do nothing when we can't get the avail mem */ - /* If the requested cache size is larger than the remaining pysical memory - * after the current working set size for this process has been subtracted, - * then we say that's insane and try to correct. - */ + /* If the requested cache size is larger than the remaining pysical memory + * after the current working set size for this process has been subtracted, + * then we say that's insane and try to correct. + */ issane = (int)(*cachesize / pagesize) <= (pages - procpages); if (!issane) { - *cachesize = (size_t)((pages - procpages) * pagesize); - } - /* We now compensate for DB's own compensation for metadata size - * They increase the actual cache size by 25%, but only for sizes - * less than 500Meg. - */ - if (*cachesize < 500*MEGABYTE) { - *cachesize = (size_t)((double)*cachesize * (double)0.8); - } + *cachesize = (size_t)((pages - procpages) * pagesize); + } + /* We now compensate for DB's own compensation for metadata size + * They increase the actual cache size by 25%, but only for sizes + * less than 500Meg. + */ + if (*cachesize < 500*MEGABYTE) { + *cachesize = (size_t)((double)*cachesize * (double)0.8); + } return issane; } @@ -1153,7 +1153,8 @@ } home_dir = dblayer_get_home_dir(li, NULL); /* user specified db home */ - if (!charray_utf8_inlist(priv->dblayer_data_directories, home_dir)) + if (home_dir && *home_dir && + !charray_utf8_inlist(priv->dblayer_data_directories, home_dir)) { charray_add(&(priv->dblayer_data_directories), home_dir); } @@ -1206,6 +1207,10 @@ else { parent_dir = dblayer_get_home_dir(li, NULL); + if (!parent_dir || !*parent_dir) { + buf = NULL; + return buf; + } mylen = strlen(parent_dir); inst->inst_parent_dir_name = slapi_ch_strdup(parent_dir); } @@ -1382,6 +1387,7 @@ log_dir = priv->dblayer_log_directory; /* nsslapd-db-logdirectory */ if (log_dir && *log_dir) { + /* checking the user defined log dir's accessability */ return_value = dblayer_grok_directory(log_dir, DBLAYER_DIRECTORY_READWRITE_ACCESS); if (0 != return_value) { @@ -1391,6 +1397,11 @@ return return_value; } } + else + { + /* using the home dir for the log dir, which is already checked */ + log_dir = dblayer_get_home_dir(li, NULL); + } /* Sanity check on cache size on platforms which allow us to figure out * the available phys mem */ @@ -1525,6 +1536,15 @@ dblayer_strerror(return_value), 0); return return_value; } + /* remove transaction logs */ + return_value = dblayer_delete_transaction_logs(log_dir); + if (return_value) + { + LDAPDebug(LDAP_DEBUG_ANY, + "dblayer_start: failed to remove old transaction logs (%d)\n", + return_value, 0, 0); + return return_value; + } dbmode = DBLAYER_NORMAL_MODE; if ((return_value = dblayer_make_env(&pEnv, li)) != 0) @@ -1687,22 +1707,22 @@ if (pagesize) { char s[32]; /* big enough to hold %ld */ int import_pages; - int pages_limit = (200 * 1024) / (pagesize/1024); + int pages_limit = (200 * 1024) / (pagesize/1024); import_pages = (li->li_import_cache_autosize * pages) / 125; - /* We don't want to go wild with memory when auto-sizing, cap the - * cache size at 200 Megs to try to avoid situations where we - * attempt to allocate more memory than there is free page pool for, or - * where there's some system limit on the size of process memory - */ - if (import_pages > pages_limit) { - import_pages = pages_limit; - } + /* We don't want to go wild with memory when auto-sizing, cap the + * cache size at 200 Megs to try to avoid situations where we + * attempt to allocate more memory than there is free page pool for, or + * where there's some system limit on the size of process memory + */ + if (import_pages > pages_limit) { + import_pages = pages_limit; + } LDAPDebug(LDAP_DEBUG_ANY, "cache autosizing: import cache: %dk \n", import_pages*(pagesize/1024), NULL, NULL); LDAPDebug(LDAP_DEBUG_ANY, "li_import_cache_autosize: %d, import_pages: %d, pagesize: %d\n", li->li_import_cache_autosize, import_pages, - pagesize); + pagesize); sprintf(s, "%lu", (unsigned long)(import_pages * pagesize)); ldbm_config_internal_set(li, CONFIG_IMPORT_CACHESIZE, s); @@ -1742,7 +1762,7 @@ return 0; } - attrcrypt_init(inst); + attrcrypt_init(inst); /* Get the name of the directory that holds index files * for this instance. */ @@ -1753,8 +1773,14 @@ } inst_dirp = dblayer_get_full_inst_dir(li, inst, inst_dir, MAXPATHLEN); - return_value = dblayer_grok_directory(inst_dirp, + if (inst_dirp && *inst_dirp) { + return_value = dblayer_grok_directory(inst_dirp, DBLAYER_DIRECTORY_READWRITE_ACCESS); + } else { + LDAPDebug(LDAP_DEBUG_ANY,"Can't start because the database instance " + "directory is NULL\n", 0, 0, 0); + goto errout; + } if (0 != return_value) { LDAPDebug(LDAP_DEBUG_ANY,"Can't start because the database instance " "directory \"%s\" either doesn't exist, " @@ -1770,18 +1796,20 @@ /* Read the dbversion file if there is one, and create it * if it doesn't exist. */ if (dbversion_exists(li, inst_dirp)) { - char ldbmversion[LDBM_VERSION_MAXBUF]; - char dataversion[LDBM_VERSION_MAXBUF]; + char *ldbmversion = NULL; + char *dataversion = NULL; - if (dbversion_read(li, inst_dirp, ldbmversion, dataversion) != 0) { + if (dbversion_read(li, inst_dirp, &ldbmversion, &dataversion) != 0) { LDAPDebug(LDAP_DEBUG_ANY, "Warning: Unable to read dbversion " "file in %s\n", inst->inst_dir_name, 0, 0); } else { int rval = 0; /* check the DBVERSION and reset idl-switch if needed (DS6.2) */ /* from the next major rel, we won't do this and just upgrade */ - if (!(li->li_flags & LI_FORCE_MOD_CONFIG)) + if (!(li->li_flags & LI_FORCE_MOD_CONFIG)) { adjust_idl_switch(ldbmversion, li); + } + slapi_ch_free_string(&ldbmversion); /* check to make sure these instance was made with the correct * version. */ @@ -1810,8 +1838,10 @@ } /* record the dataversion */ - if (dataversion[0] != '\0') { - inst->inst_dataversion = slapi_ch_strdup(dataversion); + if (dataversion != NULL && *dataversion != '\0') { + inst->inst_dataversion = dataversion; + } else { + slapi_ch_free_string(&dataversion); } rval = ldbm_upgrade(inst, rval); @@ -1888,8 +1918,8 @@ cachesize = 1048576; } priv->dblayer_cachesize = cachesize; - /* We always auto-calculate ncache for the import region */ - priv->dblayer_ncache = 0; + /* We always auto-calculate ncache for the import region */ + priv->dblayer_ncache = 0; /* use our own env */ return_value = dblayer_make_env(&mypEnv, li); @@ -2026,10 +2056,10 @@ if (mode & DBLAYER_NORMAL_MODE) { dbversion_write(li, inst_dirp, NULL); - /* richm - not sure if need to acquire the be lock first? */ - /* need to set state back to started - set to stopped in - dblayer_instance_close */ - be->be_state = BE_STATE_STARTED; + /* richm - not sure if need to acquire the be lock first? */ + /* need to set state back to started - set to stopped in + dblayer_instance_close */ + be->be_state = BE_STATE_STARTED; } /* @@ -2136,8 +2166,17 @@ priv->dblayer_spin_count = 0; inst_dirp = dblayer_get_full_inst_dir(li, inst, inst_dir, MAXPATHLEN); - priv->dblayer_home_directory = - slapi_ch_smprintf("%s/dbenv", inst_dirp); + if (inst_dirp && *inst_dirp) + { + priv->dblayer_home_directory = slapi_ch_smprintf("%s/dbenv", inst_dirp); + } + else + { + LDAPDebug(LDAP_DEBUG_ANY, + "Instance dir is NULL: persistent id2entry is not available\n", + 0, 0, 0); + goto done; + } priv->dblayer_log_directory = slapi_ch_strdup(priv->dblayer_home_directory); prst = PR_GetFileInfo(inst_dirp, &prfinfo); @@ -2263,7 +2302,10 @@ inst_dirp = dblayer_get_full_inst_dir(inst->inst_li, inst, inst_dir, MAXPATHLEN); - envdir = slapi_ch_smprintf("%s/dbenv", inst_dirp); + if (inst_dirp && *inst_dirp) + { + envdir = slapi_ch_smprintf("%s/dbenv", inst_dirp); + } done: if (pDB) @@ -2272,8 +2314,8 @@ pEnv->close(pEnv, 0); if (envdir) { ldbm_delete_dirs(envdir); - slapi_ch_free_string(&envdir); - } + slapi_ch_free_string(&envdir); + } if (inst_dirp != inst_dir) slapi_ch_free_string(&inst_dirp); return 0; @@ -2336,7 +2378,13 @@ char inst_dir[MAXPATHLEN]; char *inst_dirp = dblayer_get_full_inst_dir(inst->inst_li, inst, inst_dir, MAXPATHLEN); - return_value = env->remove(env, inst_dirp, 0); + if (inst_dirp && *inst_dir) { + return_value = env->remove(env, inst_dirp, 0); + } + else + { + return_value = -1; + } if (return_value == EBUSY) { return_value = 0; /* something else is using the env so ignore */ } @@ -2457,7 +2505,7 @@ if (return_value == 0) { char *home_dir = dblayer_get_home_dir(li, NULL); if (home_dir) - return_value = env->remove(env, home_dir, 0); + return_value = env->remove(env, home_dir, 0); if (0 == return_value && !((DBLAYER_ARCHIVE_MODE|DBLAYER_EXPORT_MODE) & dbmode) && !priv->dblayer_bad_stuff_happened) { @@ -2670,6 +2718,11 @@ /* create a file with abs path, then try again */ inst_dirp = dblayer_get_full_inst_dir(li, inst, inst_dir, MAXPATHLEN); + if (!inst_dirp || !*inst_dirp) + { + return_value = -1; + goto out; + } abs_file_name = slapi_ch_smprintf("%s%c%s", inst_dirp, get_sep(inst_dirp), file_name); DB_OPEN(pENV->dblayer_openflags, @@ -2678,7 +2731,9 @@ dbp->close(dbp, 0); return_value = db_create(ppDB, pENV->dblayer_DB_ENV, 0); if (0 != return_value) + { goto out; + } dbp = *ppDB; slapi_ch_free_string(&abs_file_name); @@ -2895,7 +2950,7 @@ dblayer_private *priv = (dblayer_private*) li->li_dblayer_private; struct dblayer_private_env *pEnv = priv->dblayer_env; ldbm_instance *inst = (ldbm_instance *) be->be_instance_info; - dblayer_handle *handle; + dblayer_handle *handle = NULL; char dbName[MAXPATHLEN]; char *dbNamep; char *p; @@ -2961,19 +3016,26 @@ } } dbNamep = dblayer_get_full_inst_dir(li, inst, dbName, MAXPATHLEN); - dbbasenamelen = strlen(dbNamep); - dbnamelen = dbbasenamelen + strlen(a->ai_type) + 6; - if (dbnamelen > MAXPATHLEN) + if (dbNamep && *dbNamep) { + dbbasenamelen = strlen(dbNamep); + dbnamelen = dbbasenamelen + strlen(a->ai_type) + 6; + if (dbnamelen > MAXPATHLEN) + { + dbNamep = (char *)slapi_ch_realloc(dbNamep, dbnamelen); + } + p = dbNamep + dbbasenamelen; + sprintf(p, "%c%s%s", + get_sep(dbNamep), a->ai_type, LDBM_FILENAME_SUFFIX); + rc = dblayer_db_remove_ex(pEnv, dbNamep, 0, use_lock); + a->ai_dblayer = NULL; + if (dbNamep != dbName) + slapi_ch_free_string(&dbNamep); + } + else { - dbNamep = (char *)slapi_ch_realloc(dbNamep, dbnamelen); + rc = -1; } - p = dbNamep + dbbasenamelen; - sprintf(p, "%c%s%s", get_sep(dbNamep), a->ai_type, LDBM_FILENAME_SUFFIX); - rc = dblayer_db_remove_ex(pEnv, dbNamep, 0, use_lock); - a->ai_dblayer = NULL; slapi_ch_free((void **)&handle); - if (dbNamep != dbName) - slapi_ch_free_string(&dbNamep); } else { /* no handle to close */ } @@ -3262,7 +3324,7 @@ /* sleep for a while, updating perf counters if we need to */ perfctrs_wait(1000,priv->perf_private,priv->dblayer_env->dblayer_DB_ENV); } - + DECR_THREAD_COUNT(priv); LDAPDebug(LDAP_DEBUG_TRACE, "Leaving perf_threadmain\n", 0, 0, 0); return 0; @@ -3448,7 +3510,7 @@ interval = PR_MillisecondsToInterval(DBLAYER_SLEEP_INTERVAL); home_dir = dblayer_get_home_dir(li, NULL); - if (NULL == home_dir) + if (NULL == home_dir || '\0' == *home_dir) { LDAPDebug(LDAP_DEBUG_ANY, "Checkpoint thread failed due to missing db home directory info\n", @@ -3869,7 +3931,7 @@ return -1; } PR_snprintf(line,sizeof(line),"cachesize:%lu\nncache:%d\nversion:%d\n", - priv->dblayer_cachesize, priv->dblayer_ncache, 3); + priv->dblayer_cachesize, priv->dblayer_ncache, DB_VERSION_MAJOR); num_bytes = strlen(line); return_value = slapi_write_buffer(prfd, line, num_bytes); if (return_value != num_bytes) @@ -4079,17 +4141,17 @@ if (NULL != li) { - if (startdb) - { - /* close immediately; no need to run db threads */ - rval = dblayer_start(li, DBLAYER_NORMAL_MODE|DBLAYER_NO_DBTHREADS_MODE); - if (rval) - { - LDAPDebug(LDAP_DEBUG_ANY, "_dblayer_delete_instance_dir: dblayer_start failed! %s (%d)\n", - dblayer_strerror(rval), rval, 0); - goto done; - } - } + if (startdb) + { + /* close immediately; no need to run db threads */ + rval = dblayer_start(li, DBLAYER_NORMAL_MODE|DBLAYER_NO_DBTHREADS_MODE); + if (rval) + { + LDAPDebug(LDAP_DEBUG_ANY, "_dblayer_delete_instance_dir: dblayer_start failed! %s (%d)\n", + dblayer_strerror(rval), rval, 0); + goto done; + } + } priv = (dblayer_private*)li->li_dblayer_private; if (NULL != priv) { @@ -4101,16 +4163,23 @@ dblayer_get_instance_data_dir(inst->inst_be); inst_dirp = dblayer_get_full_inst_dir(li, inst, inst_dir, MAXPATHLEN); - dirhandle = PR_OpenDir(inst_dirp); + if (inst_dirp && *inst_dirp) { + dirhandle = PR_OpenDir(inst_dirp); + } if (! dirhandle) { if ( PR_GetError() == PR_FILE_NOT_FOUND_ERROR ) { /* the directory does not exist... that's not an error */ rval = 0; goto done; } - LDAPDebug(LDAP_DEBUG_ANY, - "_dblayer_delete_instance_dir: PR_OpenDir(%s) failed (%d): %s\n", - inst_dirp, PR_GetError(),slapd_pr_strerror(PR_GetError())); + if (inst_dirp && *inst_dirp) { + LDAPDebug(LDAP_DEBUG_ANY, + "_dblayer_delete_instance_dir: inst_dir is NULL\n", 0, 0, 0); + } else { + LDAPDebug(LDAP_DEBUG_ANY, + "_dblayer_delete_instance_dir: PR_OpenDir(%s) failed (%d): %s\n", + inst_dirp, PR_GetError(),slapd_pr_strerror(PR_GetError())); + } rval = -1; goto done; } @@ -4148,15 +4217,15 @@ } } PR_CloseDir(dirhandle); - if (pEnv && startdb) - { - rval = dblayer_close(li, DBLAYER_NORMAL_MODE); - if (rval) - { - LDAPDebug(LDAP_DEBUG_ANY, "_dblayer_delete_instance_dir: dblayer_close failed! %s (%d)\n", - dblayer_strerror(rval), rval, 0); - } - } + if (pEnv && startdb) + { + rval = dblayer_close(li, DBLAYER_NORMAL_MODE); + if (rval) + { + LDAPDebug(LDAP_DEBUG_ANY, "_dblayer_delete_instance_dir: dblayer_close failed! %s (%d)\n", + dblayer_strerror(rval), rval, 0); + } + } done: /* remove the directory itself too */ if (0 == rval) @@ -4276,7 +4345,7 @@ { log_dir = dblayer_get_home_dir(li, NULL); } - if (instance == NULL) + if (instance == NULL && log_dir && *log_dir) { ret = dblayer_delete_transaction_logs(log_dir); if(ret) { @@ -4565,17 +4634,25 @@ return return_value; } - inst_dirp = dblayer_get_full_inst_dir(inst->inst_li, inst, - inst_dir, MAXPATHLEN); if (is_fullpath(src_dir)) new_src_dir = src_dir; else { - int len = strlen(inst_dirp); + int len; + inst_dirp = dblayer_get_full_inst_dir(inst->inst_li, inst, + inst_dir, MAXPATHLEN); + if (!inst_dirp || !*inst_dirp) + { + LDAPDebug(LDAP_DEBUG_ANY, "Instance dir is NULL.\n", 0, 0, 0); + return return_value; + } + len = strlen(inst_dirp); sep = get_sep(inst_dirp); if (*(inst_dirp+len-1) == sep) sep = '\0'; new_src_dir = slapi_ch_smprintf("%s%c%s", inst_dirp, sep, src_dir); + if (inst_dirp != inst_dir) + slapi_ch_free_string(&inst_dirp); } dirhandle = PR_OpenDir(new_src_dir); @@ -4619,6 +4696,10 @@ if (!is_fullpath(dest_dir)) { prefix = dblayer_get_home_dir(li, NULL); + if (!prefix || !*prefix) + { + continue; + } mysep = get_sep(prefix); } @@ -4711,7 +4792,7 @@ priv = (dblayer_private*)li->li_dblayer_private; PR_ASSERT(NULL != priv); home_dir = dblayer_get_home_dir(li, NULL); - if (NULL == home_dir) + if (NULL == home_dir || '\0' == *home_dir) { LDAPDebug(LDAP_DEBUG_ANY, "Backup failed due to missing db home directory info\n", 0, 0, 0); @@ -4789,8 +4870,25 @@ inst = (ldbm_instance *)object_get_data(inst_obj); inst_dirp = dblayer_get_full_inst_dir(inst->inst_li, inst, inst_dir, MAXPATHLEN); - return_value = dblayer_copy_directory(li, task, inst_dirp, - dest_dir, 0 /* backup */, &cnt, 0, 0, 0); + if (inst_dirp && *inst_dirp) + { + return_value = dblayer_copy_directory(li, task, inst_dirp, + dest_dir, 0 /* backup */, &cnt, 0, 0, 0); + } + else + { + LDAPDebug(LDAP_DEBUG_ANY, + "ERROR: Instance dir is empty\n", 0, 0, 0); + if (task) { + slapi_task_log_notice(task, + "ERROR: Instance dir is empty\n"); + } + if (listA) { + free(listA); + } + dblayer_txn_abort(li,&txn); + return -1; + } if (return_value != 0) { LDAPDebug(LDAP_DEBUG_ANY, "ERROR: error copying directory (%s -> %s): err=%d\n", @@ -5266,7 +5364,7 @@ home_dir = dblayer_get_home_dir(li, NULL); - if (NULL == home_dir) + if (NULL == home_dir || '\0' == *home_dir) { LDAPDebug(LDAP_DEBUG_ANY, "Restore failed due to missing db home directory info\n", 0, 0, 0); @@ -5470,10 +5568,10 @@ /* [605024] check the DBVERSION and reset idl-switch if needed */ if (dbversion_exists(li, home_dir)) { - char ldbmversion[LDBM_VERSION_MAXBUF]; - char dataversion[LDBM_VERSION_MAXBUF]; + char *ldbmversion = NULL; + char *dataversion = NULL; - if (dbversion_read(li, home_dir, ldbmversion, dataversion) != 0) + if (dbversion_read(li, home_dir, &ldbmversion, &dataversion) != 0) { LDAPDebug(LDAP_DEBUG_ANY, "Warning: Unable to read dbversion " "file in %s\n", home_dir, 0, 0); @@ -5481,11 +5579,13 @@ else { adjust_idl_switch(ldbmversion, li); + slapi_ch_free_string(&ldbmversion); + slapi_ch_free_string(&ldbmversion); } } return_value = check_db_version(li, &action); - if (action & DBVERSION_UPGRADE_3_4) + if (action & (DBVERSION_UPGRADE_3_4|DBVERSION_UPGRADE_4_4)) { dbmode = DBLAYER_CLEAN_RECOVER_MODE;/* upgrade: remove logs & recover */ } @@ -5586,6 +5686,9 @@ */ full_namep = dblayer_get_full_inst_dir(inst->inst_li, inst, full_name, MAXPATHLEN); + if (!full_namep || !*full_namep) { + return ret; + } /* Does this directory already exist? */ if ((db_dir = PR_OpenDir(full_namep)) != NULL) { /* yep. */ @@ -5622,6 +5725,11 @@ inst_dirp = dblayer_get_full_inst_dir(inst->inst_li, inst, inst_dir, MAXPATHLEN); + if (!inst_dirp || !*inst_dirp) + { + rval = -1; + goto done; + } dirhandle = PR_OpenDir(inst_dirp); if (NULL == dirhandle) @@ -5672,6 +5780,11 @@ li = inst->inst_li; priv = (dblayer_private*)li->li_dblayer_private; inst_dirp = dblayer_get_full_inst_dir(li, inst, inst_dir, MAXPATHLEN); + if (!inst_dirp || *inst_dirp) { + LDAPDebug(LDAP_DEBUG_ANY, + "update_db_ext: instance dir is NULL\n", 0, 0, 0); + return -1; /* non zero */ + } for (a = (struct attrinfo *)avl_getfirst(inst->inst_attrs); NULL != a; a = (struct attrinfo *)avl_getnext()) Index: dbversion.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/back-ldbm/dbversion.c,v retrieving revision 1.7 retrieving revision 1.8 diff -u -r1.7 -r1.8 --- dbversion.c 10 Nov 2006 23:45:39 -0000 1.7 +++ dbversion.c 15 Mar 2007 21:34:32 -0000 1.8 @@ -105,19 +105,13 @@ * (406922) */ if (idl_get_idl_new()) { -#if defined(USE_NEW_IDL) - sprintf( buf, "%s\n", LDBM_VERSION ); -#else - sprintf( buf, "%s\n", LDBM_VERSION_NEW ); -#endif + sprintf(buf, "%s/%d.%d/%s\n", + BDB_IMPL, DB_VERSION_MAJOR, DB_VERSION_MINOR, BDB_BACKEND); } else { -#if defined(USE_NEW_IDL) - sprintf( buf, "%s\n", LDBM_VERSION_OLD ); -#else - sprintf( buf, "%s\n", LDBM_VERSION ); -#endif + sprintf(buf, "%s/%d.%d/%s\n", + BDB_IMPL, DB_VERSION_MAJOR, DB_VERSION_MINOR, BDB_BACKEND); } len = strlen( buf ); if ( slapi_write_buffer( prfd, buf, len ) != len ) @@ -149,7 +143,7 @@ */ int dbversion_read(struct ldbminfo *li, const char *directory, - char *ldbmversion, char *dataversion) + char **ldbmversion, char **dataversion) { char filename[ MAXPATHLEN*2 ]; PRFileDesc *prfd; @@ -157,15 +151,15 @@ char * iter = NULL; if (!is_fullpath((char *)directory)) { - rc = -1; + return rc; + } + + if (NULL == ldbmversion) { return rc; } mk_dbversion_fullpath(li, directory, filename); - ldbmversion[0]= '\0'; - dataversion[0]= '\0'; - /* Open the file */ if (( prfd = PR_Open( filename, PR_RDONLY, SLAPD_DEFAULT_FILE_MODE )) == NULL ) @@ -180,15 +174,15 @@ if ( nr > 0 && nr != (PRInt32)LDBM_VERSION_MAXBUF-1 ) { char *t; - buf[nr]= '\0'; - t= ldap_utf8strtok_r(buf,"\n", &iter); - if(t!=NULL) + buf[nr] = '\0'; + t = ldap_utf8strtok_r(buf,"\n", &iter); + if(NULL != t) { - strcpy(ldbmversion,t); - t= ldap_utf8strtok_r(NULL,"\n", &iter); - if(t!=NULL && t[0]!='\0') + *ldbmversion = slapi_ch_strdup(t); + t = ldap_utf8strtok_r(NULL,"\n", &iter); + if(NULL != dataversion && t != NULL && t[0] != '\0') { - strcpy(dataversion,t); + *dataversion = slapi_ch_strdup(t); } } } Index: ldbm_config.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/back-ldbm/ldbm_config.c,v retrieving revision 1.10 retrieving revision 1.11 diff -u -r1.10 -r1.11 --- ldbm_config.c 4 Dec 2006 18:36:57 -0000 1.10 +++ ldbm_config.c 15 Mar 2007 21:34:32 -0000 1.11 @@ -1214,11 +1214,7 @@ {CONFIG_CACHE_AUTOSIZE, CONFIG_TYPE_INT, "0", &ldbm_config_cache_autosize_get, &ldbm_config_cache_autosize_set, 0}, {CONFIG_CACHE_AUTOSIZE_SPLIT, CONFIG_TYPE_INT, "50", &ldbm_config_cache_autosize_split_get, &ldbm_config_cache_autosize_split_set, 0}, {CONFIG_IMPORT_CACHESIZE, CONFIG_TYPE_SIZE_T, "20000000", &ldbm_config_import_cachesize_get, &ldbm_config_import_cachesize_set, CONFIG_FLAG_ALWAYS_SHOW|CONFIG_FLAG_ALLOW_RUNNING_CHANGE}, -#if defined(USE_NEW_IDL) {CONFIG_IDL_SWITCH, CONFIG_TYPE_STRING, "new", &ldbm_config_idl_get_idl_new, &ldbm_config_idl_set_tune, CONFIG_FLAG_ALWAYS_SHOW}, -#else - {CONFIG_IDL_SWITCH, CONFIG_TYPE_STRING, "old", &ldbm_config_idl_get_idl_new, &ldbm_config_idl_set_tune, CONFIG_FLAG_ALWAYS_SHOW}, -#endif {CONFIG_BYPASS_FILTER_TEST, CONFIG_TYPE_STRING, "on", &ldbm_config_get_bypass_filter_test, &ldbm_config_set_bypass_filter_test, CONFIG_FLAG_ALWAYS_SHOW|CONFIG_FLAG_ALLOW_RUNNING_CHANGE}, {CONFIG_USE_VLV_INDEX, CONFIG_TYPE_ONOFF, "on", &ldbm_config_get_use_vlv_index, &ldbm_config_set_use_vlv_index, CONFIG_FLAG_ALWAYS_SHOW|CONFIG_FLAG_ALLOW_RUNNING_CHANGE}, {CONFIG_DB_LOCKDOWN, CONFIG_TYPE_ONOFF, "off", &ldbm_config_db_lockdown_get, &ldbm_config_db_lockdown_set, 0}, Index: proto-back-ldbm.h =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/back-ldbm/proto-back-ldbm.h,v retrieving revision 1.10 retrieving revision 1.11 diff -u -r1.10 -r1.11 --- proto-back-ldbm.h 1 Dec 2006 21:57:57 -0000 1.10 +++ proto-back-ldbm.h 15 Mar 2007 21:34:32 -0000 1.11 @@ -563,7 +563,7 @@ */ int dbversion_write(struct ldbminfo *li, const char *dir, const char *dversion); int dbversion_read(struct ldbminfo *li, const char *directory, - char *ldbmversion, char *dataversion); + char **ldbmversion, char **dataversion); int dbversion_exists(struct ldbminfo *li, const char *directory); /* Index: start.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/back-ldbm/start.c,v retrieving revision 1.6 retrieving revision 1.7 diff -u -r1.6 -r1.7 --- start.c 10 Nov 2006 23:45:39 -0000 1.6 +++ start.c 15 Mar 2007 21:34:32 -0000 1.7 @@ -163,7 +163,7 @@ return SLAPI_FAIL_GENERAL; } - if (action & DBVERSION_UPGRADE_3_4) + if (action & (DBVERSION_UPGRADE_3_4|DBVERSION_UPGRADE_4_4)) { retval = dblayer_start(li,DBLAYER_CLEAN_RECOVER_MODE); } Index: upgrade.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/back-ldbm/upgrade.c,v retrieving revision 1.6 retrieving revision 1.7 diff -u -r1.6 -r1.7 --- upgrade.c 10 Nov 2006 23:45:39 -0000 1.6 +++ upgrade.c 15 Mar 2007 21:34:32 -0000 1.7 @@ -45,9 +45,6 @@ #include "back-ldbm.h" -#if 0 -static char* filename = "upgrade.c"; -#endif /* * ldbm_compat_versions holds DBVERSION strings for all versions of the * database with which we are (upwards) compatible. If check_db_version @@ -56,16 +53,13 @@ */ db_upgrade_info ldbm_version_suss[] = { -#if defined(USE_NEW_IDL) - {LDBM_VERSION,DBVERSION_NEW_IDL,DBVERSION_NO_UPGRADE}, - {LDBM_VERSION_OLD,DBVERSION_OLD_IDL,DBVERSION_NO_UPGRADE}, -#else - /* default: old idl (DS6.2) */ - {LDBM_VERSION_NEW,DBVERSION_NEW_IDL,DBVERSION_NO_UPGRADE}, - {LDBM_VERSION,DBVERSION_OLD_IDL,DBVERSION_NO_UPGRADE}, -#endif - {LDBM_VERSION_61,DBVERSION_NEW_IDL,DBVERSION_UPGRADE_3_4}, - {LDBM_VERSION_60,DBVERSION_OLD_IDL,DBVERSION_UPGRADE_3_4}, + /* for bdb/#.#/..., we don't have to put the version number in the 2nd col + since DBVERSION keeps it */ + {BDB_IMPL, 0, 0, DBVERSION_NEW_IDL, DBVERSION_NO_UPGRADE}, + {LDBM_VERSION, 4, 2, DBVERSION_NEW_IDL, DBVERSION_NO_UPGRADE}, + {LDBM_VERSION_OLD, 4, 2, DBVERSION_OLD_IDL, DBVERSION_NO_UPGRADE}, + {LDBM_VERSION_61, 3, 3, DBVERSION_NEW_IDL, DBVERSION_UPGRADE_3_4}, + {LDBM_VERSION_60, 3, 3, DBVERSION_OLD_IDL, DBVERSION_UPGRADE_3_4}, {NULL,0,0} }; @@ -79,11 +73,12 @@ lookup_dbversion(char *dbversion, int flag) { int i, matched = 0; - int rval = 0; + int rval = DBVERSION_NO_UPGRADE; for ( i = 0; ldbm_version_suss[i].old_version_string != NULL; ++i ) { - if ( strcmp( dbversion, ldbm_version_suss[i].old_version_string ) == 0 ) + if (PL_strncasecmp(dbversion, ldbm_version_suss[i].old_version_string, + strlen(ldbm_version_suss[i].old_version_string)) == 0) { matched = 1; break; @@ -97,7 +92,42 @@ } if ( flag & DBVERSION_ACTION ) { - rval |= ldbm_version_suss[i].action; + int dbmajor = 0, dbminor = 0; + if (0 == ldbm_version_suss[i].old_dbversion_major) + { + /* case of bdb/#.#/... */ + char *p = strchr(dbversion, '/'); + char *endp = dbversion + strlen(dbversion); + if (NULL != p && p < endp) + { + char *dotp = strchr(++p, '.'); + if (NULL != dotp) + { + *dotp = '\0'; + dbmajor = strtol(p, (char **)NULL, 10); + dbminor = strtol(++dotp, (char **)NULL, 10); + } + else + { + dbmajor = strtol(p, (char **)NULL, 10); + } + } + } + else + { + dbmajor = ldbm_version_suss[i].old_dbversion_major; + dbminor = ldbm_version_suss[i].old_dbversion_minor; + } + if (dbmajor < DB_VERSION_MAJOR) + { + /* 3.3 -> 4.x */ + rval |= ldbm_version_suss[i].action; + } + else if (dbminor < DB_VERSION_MINOR) + { + /* 4.low -> 4.high */ + rval |= DBVERSION_UPGRADE_4_4; + } } } return rval; @@ -113,20 +143,23 @@ * * action: 0: nothing is needed * DBVERSION_UPGRADE_3_4: db3->db4 uprev is needed + * DBVERSION_UPGRADE_4_4: db4->db4 uprev is needed */ int check_db_version( struct ldbminfo *li, int *action ) { int value = 0; - char ldbmversion[BUFSIZ]; - char dataversion[BUFSIZ]; + char *ldbmversion = NULL; + char *dataversion = NULL; *action = 0; - dbversion_read(li, li->li_directory,ldbmversion,dataversion); - if (0 == strlen(ldbmversion)) + dbversion_read(li, li->li_directory, &ldbmversion, &dataversion); + if (NULL == ldbmversion || '\0' == *ldbmversion) { + slapi_ch_free_string(&dataversion); return 0; + } - value = lookup_dbversion( ldbmversion, DBVERSION_TYPE | DBVERSION_ACTION); + value = lookup_dbversion( ldbmversion, DBVERSION_TYPE | DBVERSION_ACTION ); if ( !value ) { LDAPDebug( LDAP_DEBUG_ANY, @@ -136,6 +169,8 @@ /* * A non-zero return here will cause slapd to exit during startup. */ + slapi_ch_free_string(&ldbmversion); + slapi_ch_free_string(&dataversion); return DBVERSION_NOT_SUPPORTED; } if ( value & DBVERSION_UPGRADE_3_4 ) @@ -143,6 +178,13 @@ dblayer_set_recovery_required(li); *action = DBVERSION_UPGRADE_3_4; } + else if ( value & DBVERSION_UPGRADE_4_4 ) + { + dblayer_set_recovery_required(li); + *action = DBVERSION_UPGRADE_4_4; + } + slapi_ch_free_string(&ldbmversion); + slapi_ch_free_string(&dataversion); return 0; } @@ -160,13 +202,14 @@ * DBVERSION_NOT_SUPPORTED: not supported * * DBVERSION_UPGRADE_3_4: db3->db4 uprev is needed + * DBVERSION_UPGRADE_4_4: db4->db4 uprev is needed */ int check_db_inst_version( ldbm_instance *inst ) { int value = 0; - char ldbmversion[BUFSIZ]; - char dataversion[BUFSIZ]; + char *ldbmversion = NULL; + char *dataversion = NULL; int rval = 0; char inst_dir[MAXPATHLEN*2]; char *inst_dirp = NULL; @@ -174,11 +217,12 @@ inst_dirp = dblayer_get_full_inst_dir(inst->inst_li, inst, inst_dir, MAXPATHLEN*2); - dbversion_read(inst->inst_li, inst_dirp,ldbmversion,dataversion); - if (0 == strlen(ldbmversion)) + dbversion_read(inst->inst_li, inst_dirp, &ldbmversion, &dataversion); + if (NULL == ldbmversion || '\0' == *ldbmversion) { return rval; + } - value = lookup_dbversion( ldbmversion, DBVERSION_TYPE | DBVERSION_ACTION); + value = lookup_dbversion( ldbmversion, DBVERSION_TYPE | DBVERSION_ACTION ); if ( !value ) { LDAPDebug( LDAP_DEBUG_ANY, @@ -188,6 +232,8 @@ /* * A non-zero return here will cause slapd to exit during startup. */ + slapi_ch_free_string(&ldbmversion); + slapi_ch_free_string(&dataversion); return DBVERSION_NOT_SUPPORTED; } @@ -205,8 +251,14 @@ { rval |= DBVERSION_UPGRADE_3_4; } + else if ( value & DBVERSION_UPGRADE_4_4 ) + { + rval |= DBVERSION_UPGRADE_4_4; + } if (inst_dirp != inst_dir) slapi_ch_free_string(&inst_dirp); + slapi_ch_free_string(&ldbmversion); + slapi_ch_free_string(&dataversion); return rval; } @@ -221,13 +273,9 @@ int rval = 0; li->li_flags |= LI_FORCE_MOD_CONFIG; -#if defined(USE_NEW_IDL) - if ((0 == strcmp(ldbmversion, LDBM_VERSION)) || - (0 == strcmp(ldbmversion, LDBM_VERSION_61))) /* db: new idl */ -#else - if ((0 == strcmp(ldbmversion, LDBM_VERSION_NEW)) || - (0 == strcmp(ldbmversion, LDBM_VERSION_61))) /* db: new idl */ -#endif + if ((0 == PL_strncasecmp(ldbmversion, BDB_IMPL, strlen(BDB_IMPL))) || + (0 == PL_strcmp(ldbmversion, LDBM_VERSION)) || + (0 == PL_strcmp(ldbmversion, LDBM_VERSION_61))) /* db: new idl */ { if (!idl_get_idl_new()) /* config: old idl */ { @@ -239,13 +287,8 @@ ldbmversion, 0, 0); } } -#if defined(USE_NEW_IDL) else if ((0 == strcmp(ldbmversion, LDBM_VERSION_OLD)) || (0 == strcmp(ldbmversion, LDBM_VERSION_60))) /* db: old */ -#else - else if ((0 == strcmp(ldbmversion, LDBM_VERSION)) || /* ds6.2: old */ - (0 == strcmp(ldbmversion, LDBM_VERSION_60))) /* db: old */ -#endif { if (idl_get_idl_new()) /* config: new */ { @@ -289,7 +332,6 @@ int rval = dblayer_update_db_ext(inst, LDBM_SUFFIX_OLD, LDBM_SUFFIX); if (0 == rval) { -#if defined(USE_NEW_IDL) if (idl_get_idl_new()) { LDAPDebug(LDAP_DEBUG_ANY, @@ -302,11 +344,6 @@ "ldbm_upgrade: Upgrading instance %s to %s%s is successfully done.\n", inst->inst_name, LDBM_VERSION_OLD, 0); } -#else - LDAPDebug(LDAP_DEBUG_ANY, - "ldbm_upgrade: Upgrading instance %s to %s%s is successfully done.\n", - inst->inst_name, LDBM_VERSION_BASE, PRODUCTTEXT); -#endif } else { From fedora-directory-commits at redhat.com Thu Mar 15 21:40:36 2007 From: fedora-directory-commits at redhat.com (Noriko Hosoi (nhosoi)) Date: Thu, 15 Mar 2007 17:40:36 -0400 Subject: [Fedora-directory-commits] ldapserver/ldap/servers/plugins/replication cl5_api.c, 1.13, 1.14 cl5_api.h, 1.6, 1.7 repl_shared.h, 1.6, 1.7 Message-ID: <200703152140.l2FLeamd011032@cvs-int.fedora.redhat.com> Author: nhosoi Update of /cvs/dirsec/ldapserver/ldap/servers/plugins/replication In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv11001 Modified Files: cl5_api.c cl5_api.h repl_shared.h Log Message: Resolves: 232050 Summary: Change format of DBVERSION and guardian files (Comment #6) 1) introduced new strings for DBVERSION 2) added the logic to compare the new DBVERSION strings note: we don't store the current db version string in the replication code any more. Instead, we get it from Berkeley DB header file db.h. Index: cl5_api.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/plugins/replication/cl5_api.c,v retrieving revision 1.13 retrieving revision 1.14 diff -u -r1.13 -r1.14 --- cl5_api.c 12 Feb 2007 21:13:07 -0000 1.13 +++ cl5_api.c 15 Mar 2007 21:40:34 -0000 1.14 @@ -62,8 +62,6 @@ #include "cl5_clcache.h" /* To use the Changelog Cache */ #include "repl5.h" /* for agmt_get_consumer_rid() */ -#define CL5_TYPE "Changelog5" /* changelog type */ -#define VERSION_SIZE 127 /* size of the buffer to hold changelog version */ #define GUARDIAN_FILE "guardian" /* name of the guardian file */ #define VERSION_FILE "DBVERSION" /* name of the version file */ #define MAX_TRIALS 50 /* number of retries on db operations */ @@ -287,7 +285,7 @@ static void _cl5SetDBConfig (const CL5DBConfig *config); static void _cl5InitDBEnv(DB_ENV *dbEnv); static int _cl5CheckDBVersion (); -static int _cl5ReadDBVersion (const char *dir, char *clVersion); +static int _cl5ReadDBVersion (const char *dir, char *clVersion, int buflen); static int _cl5WriteDBVersion (); static int _cl5CheckGuardian (); static int _cl5ReadGuardian (char *buff); @@ -2214,6 +2212,52 @@ return CL5_SUCCESS; } +static int _cl5RemoveLogs () +{ + int rc = CL5_DB_ERROR; + char filename1[MAXPATHLEN]; + PRDir *dirhandle = NULL; + dirhandle = PR_OpenDir(s_cl5Desc.dbDir); + if (NULL != dirhandle) { + PRDirEntry *direntry = NULL; + int pre = 0; + PRFileInfo info; + + while (NULL != (direntry = + PR_ReadDir(dirhandle, PR_SKIP_DOT | PR_SKIP_DOT_DOT))) + { + if (NULL == direntry->name) { + /* NSPR doesn't behave like the docs say it should */ + slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name_cl, + "_cl5RemoveLogs: PR_ReadDir failed (%d): %s\n", + PR_GetError(),slapd_pr_strerror(PR_GetError())); + break; + } + PR_snprintf(filename1, MAXPATHLEN, + "%s/%s", s_cl5Desc.dbDir, direntry->name); + pre = PR_GetFileInfo(filename1, &info); + if (pre == PR_SUCCESS && PR_FILE_DIRECTORY == info.type) { + continue; + } + if (0 == strncmp(direntry->name, "log.", 4)) + { + slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name_cl, + "Deleting log file: (%s)\n", filename1); + unlink(filename1); + } + rc = CL5_SUCCESS; + } + PR_CloseDir(dirhandle); + } + else if (PR_FILE_NOT_FOUND_ERROR != PR_GetError()) + { + slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name_cl, + "_cl5RemoveLogs:: PR_OpenDir(%s) failed (%d): %s\n", + s_cl5Desc.dbDir, PR_GetError(),slapd_pr_strerror(PR_GetError())); + } + return rc; +} + static int _cl5AppInit (PRBool *didRecovery) { int rc; @@ -2286,7 +2330,10 @@ if ((flags & DB_RECOVER) || (flags & DB_RECOVER_FATAL)) { if (CL5_OPEN_CLEAN_RECOVER == s_cl5Desc.dbOpenMode) + { _cl5RemoveEnv(); + _cl5RemoveLogs(); + } rc = _cl5Recover (flags, dbEnv); if (rc != CL5_SUCCESS) @@ -3219,7 +3266,8 @@ /* upgrade from db33 to db41 * 1. Run recovery on the database environment using the DB_ENV->open method * 2. Remove any Berkeley DB environment using the DB_ENV->remove method - * 3. extention .db3 -> .db4 ### koko kara !!! + * 3. Remove any Berkeley DB transaction log files + * 4. extention .db3 -> .db4 */ static int _cl5Upgrade3_4(char *fromVersion, char *toVersion) { @@ -3239,6 +3287,7 @@ "_cl5Upgrade3_4: failed to open the db env\n"); return rc; } + s_cl5Desc.dbOpenMode = backup; dir = PR_OpenDir(s_cl5Desc.dbDir); if (dir == NULL) @@ -3317,6 +3366,48 @@ return rc; } +/* upgrade from db41 -> db42 -> db43 -> db44 -> db45 + * 1. Run recovery on the database environment using the DB_ENV->open method + * 2. Remove any Berkeley DB environment using the DB_ENV->remove method + * 3. Remove any Berkeley DB transaction log files + */ +static int _cl5Upgrade4_4(char *fromVersion, char *toVersion) +{ + PRDirEntry *entry = NULL; + DB *thisdb = NULL; + CL5OpenMode backup; + int rc = 0; + + backup = s_cl5Desc.dbOpenMode; + s_cl5Desc.dbOpenMode = CL5_OPEN_CLEAN_RECOVER; + /* CL5_OPEN_CLEAN_RECOVER does 1 and 2 */ + rc = _cl5AppInit (NULL); + if (rc != CL5_SUCCESS) + { + slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name_cl, + "_cl5Upgrade4_4: failed to open the db env\n"); + return rc; + } + s_cl5Desc.dbOpenMode = backup; + + /* update the version file */ + _cl5WriteDBVersion (); + + /* update the guardian file */ + _cl5WriteGuardian (); + slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name_cl, + "Upgrading from %s to %s is successfully done (%s)\n", + fromVersion, toVersion, s_cl5Desc.dbDir); + + if (s_cl5Desc.dbEnv) + { + DB_ENV *dbEnv = s_cl5Desc.dbEnv; + dbEnv->close(dbEnv, 0); + s_cl5Desc.dbEnv = NULL; + } + return rc; +} + static int _cl5CheckDBVersion () { char clVersion [VERSION_SIZE + 1]; @@ -3332,48 +3423,87 @@ } } else - { - PR_snprintf (clVersion, VERSION_SIZE, "%s/%s/%s", CL5_TYPE, REPL_PLUGIN_NAME, - CHANGELOG_DB_VERSION); - rc = _cl5ReadDBVersion (s_cl5Desc.dbDir, dbVersion); + { + char *versionp = NULL; + char *versionendp = NULL; + char *dotp = NULL; + int dbmajor = 0; + int dbminor = 0; + + PR_snprintf (clVersion, VERSION_SIZE, "%s/%d.%d/%s", + BDB_IMPL, DB_VERSION_MAJOR, DB_VERSION_MINOR, BDB_REPLPLUGIN); + + rc = _cl5ReadDBVersion (s_cl5Desc.dbDir, dbVersion, sizeof(dbVersion)); if (rc != CL5_SUCCESS) { slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name_cl, "_cl5CheckDBVersion: invalid dbversion\n"); rc = CL5_BAD_DBVERSION; + goto bailout; + } + versionendp = dbVersion + strlen(dbVersion); + /* get the version number */ + /* old DBVERSION string: CL5_TYPE/REPL_PLUGIN_NAME/#.# */ + if (PL_strncmp(dbVersion, CL5_TYPE, strlen(CL5_TYPE)) == 0) + { + versionp = strrchr(dbVersion, '/'); + } + /* new DBVERSION string: bdb/#.#/libreplication-plugin */ + else if (PL_strncmp(dbVersion, BDB_IMPL, strlen(BDB_IMPL)) == 0) + { + versionp = strchr(dbVersion, '/'); + } + if (NULL == versionp || versionp == versionendp) + { + slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name_cl, + "_cl5CheckDBVersion: invalid dbversion: %s\n", dbVersion); + rc = CL5_BAD_DBVERSION; + goto bailout; + } + dotp = strchr(++versionp, '.'); + if (NULL != dotp) + { + *dotp = '\0'; + dbmajor = strtol(versionp, (char **)NULL, 10); + dbminor = strtol(++dotp, (char **)NULL, 10); + *dotp = '.'; + } + else + { + dbmajor = strtol(versionp, (char **)NULL, 10); } - else if (strcasecmp (clVersion, dbVersion) != 0) + + if (dbmajor < DB_VERSION_MAJOR) { - char prevClVersion [VERSION_SIZE + 1]; - PR_snprintf (prevClVersion, VERSION_SIZE, "%s/%s/%s", - CL5_TYPE, REPL_PLUGIN_NAME, CHANGELOG_DB_VERSION_PREV); - if (strcasecmp (prevClVersion, dbVersion) == 0) + /* upgrade */ + rc = _cl5Upgrade3_4(dbVersion, clVersion); + if (rc != CL5_SUCCESS) { - /* upgrade */ - rc = _cl5Upgrade3_4(prevClVersion, clVersion); - if (rc != CL5_SUCCESS) - { - slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name_cl, + slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name_cl, "_cl5CheckDBVersion: upgrade %s -> %s failed\n", - CHANGELOG_DB_VERSION_PREV, CHANGELOG_DB_VERSION); - rc = CL5_BAD_DBVERSION; - } + dbVersion, clVersion); + rc = CL5_BAD_DBVERSION; } - else + } + else if (dbminor < DB_VERSION_MINOR) + { + /* minor upgrade */ + rc = _cl5Upgrade4_4(dbVersion, clVersion); + if (rc != CL5_SUCCESS) { slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name_cl, - "_cl5CheckDBVersion: invalid dbversion\n"); + "_cl5CheckDBVersion: upgrade %s -> %s failed\n", + dbVersion, clVersion); rc = CL5_BAD_DBVERSION; } } - } - +bailout: return rc; } -static int _cl5ReadDBVersion (const char *dir, char *clVersion) +static int _cl5ReadDBVersion (const char *dir, char *clVersion, int buflen) { int rc; PRFileDesc *file; @@ -3416,7 +3546,7 @@ { if (clVersion) { - strcpy(clVersion, tok); + PL_strncpyz(clVersion, tok, buflen); } } @@ -3442,7 +3572,8 @@ PR_snprintf (fName, MAXPATHLEN, "%s/%s", s_cl5Desc.dbDir, VERSION_FILE); - file = PR_Open (fName, PR_WRONLY | PR_CREATE_FILE, s_cl5Desc.dbConfig.fileMode); + file = PR_Open (fName, PR_WRONLY | PR_CREATE_FILE | PR_TRUNCATE, + s_cl5Desc.dbConfig.fileMode); if (file == NULL) { slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name_cl, @@ -3452,10 +3583,10 @@ } /* write changelog version */ - PR_snprintf (clVersion, VERSION_SIZE, "%s/%s/%s\n", CL5_TYPE, REPL_PLUGIN_NAME, - CHANGELOG_DB_VERSION); + PR_snprintf (clVersion, VERSION_SIZE, "%s/%d.%d/%s\n", + BDB_IMPL, DB_VERSION_MAJOR, DB_VERSION_MINOR, BDB_REPLPLUGIN); - len = strlen (clVersion); + len = strlen(clVersion); size = slapi_write_buffer (file, clVersion, len); if (size != len) { @@ -3492,15 +3623,26 @@ } else { - PR_snprintf (plVersion, VERSION_SIZE, "%s/%s/%s", CL5_TYPE, REPL_PLUGIN_NAME, - CHANGELOG_DB_VERSION); + PR_snprintf (plVersion, VERSION_SIZE, "%s/%d.%d/%s\n", + BDB_IMPL, DB_VERSION_MAJOR, DB_VERSION_MINOR, BDB_REPLPLUGIN); rc = _cl5ReadGuardian (dbVersion); if (rc != CL5_SUCCESS || strcasecmp (plVersion, dbVersion) != 0) { - slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name_cl, - "_cl5CheckGuardian: missing or invalid guardian file\n"); - return (CL5_BAD_FORMAT); + PR_snprintf (plVersion, VERSION_SIZE, "%s/%s/%s", + CL5_TYPE, REPL_PLUGIN_NAME, CHANGELOG_DB_VERSION); + if (strcasecmp (plVersion, dbVersion) != 0) + { + slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name_cl, + "_cl5CheckGuardian: found old style of guardian file: %s\n", + dbVersion); + } + else + { + slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name_cl, + "_cl5CheckGuardian: missing or invalid guardian file\n"); + return (CL5_BAD_FORMAT); + } } /* remove guardian file */ @@ -3534,8 +3676,8 @@ return CL5_SYSTEM_ERROR; } - PR_snprintf (version, VERSION_SIZE, "%s/%s/%s\n", CL5_TYPE, REPL_PLUGIN_NAME, - CHANGELOG_DB_VERSION); + PR_snprintf (version, VERSION_SIZE, "%s/%d.%d/%s\n", + BDB_IMPL, DB_VERSION_MAJOR, DB_VERSION_MINOR, BDB_REPLPLUGIN); len = strlen (version); size = slapi_write_buffer (file, version, len); Index: cl5_api.h =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/plugins/replication/cl5_api.h,v retrieving revision 1.6 retrieving revision 1.7 diff -u -r1.6 -r1.7 --- cl5_api.h 10 Nov 2006 23:45:17 -0000 1.6 +++ cl5_api.h 15 Mar 2007 21:40:34 -0000 1.7 @@ -48,6 +48,10 @@ #include "repl5.h" #include "repl5_prot_private.h" +#define BDB_IMPL "bdb" /* changelog type */ +#define BDB_REPLPLUGIN "libreplication-plugin" /* This backend plugin */ + + #define CL5_TYPE "Changelog5" /* changelog type */ #define VERSION_SIZE 127 /* size of the buffer to hold changelog version */ #define CL5_DEFAULT_CONFIG -1 /* value that indicates to changelog to use default */ Index: repl_shared.h =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/plugins/replication/repl_shared.h,v retrieving revision 1.6 retrieving revision 1.7 diff -u -r1.6 -r1.7 --- repl_shared.h 10 Nov 2006 23:45:17 -0000 1.6 +++ repl_shared.h 15 Mar 2007 21:40:34 -0000 1.7 @@ -128,11 +128,8 @@ * a different version for the plugin itself and this particular version is only * used for the changelog database */ -/* - * Changed version from 2.0 to 3.0 when we switched from libdb33 to libdb41 - * noriko 20021203 - */ -#define CHANGELOG_DB_VERSION_PREV "3.0" +/* the current CHANGELOG_DB_VERSION: DB_VERSION_MAJOR"."DB_VERSION_MINOR" */ +/* this string is left for the backward compatibility */ #define CHANGELOG_DB_VERSION "4.0" extern char *repl_plugin_name; extern char *windows_repl_plugin_name; From fedora-directory-commits at redhat.com Fri Mar 16 20:29:59 2007 From: fedora-directory-commits at redhat.com (Richard Allen Megginson (rmeggins)) Date: Fri, 16 Mar 2007 16:29:59 -0400 Subject: [Fedora-directory-commits] ldapserver/wrappers initscript.in, 1.3, 1.4 Message-ID: <200703162029.l2GKTxQX027256@cvs-int.fedora.redhat.com> Author: rmeggins Update of /cvs/dirsec/ldapserver/wrappers In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv27240 Modified Files: initscript.in Log Message: Resolves: bug 232684 Description: need initscripts for Solaris Reviewed by: nhosoi (Thanks!) Fix Description: I was able to mostly use the linux initscript. The biggest issue was that Solaris does not support bash for init scripts, so I had to convert all of the bash-isms to just use plain old Bourne shell syntax. I removed the grep for the pids and just used kill -0, so I don't need the pids list or pidof anymore. Solaris mounts /var/run in tmpfs (i.e. memory disk) which is removed upon reboot, so we have to create and set permission on /var/run if it doesn't exist. Solaris also doesn't provide a library of useful shell functions, so I had to define success() and failure() if they don't exist. Platforms tested: Solaris 9 Flag day: no Doc: Yes - we will need to document the init scripts. Index: initscript.in =================================================================== RCS file: /cvs/dirsec/ldapserver/wrappers/initscript.in,v retrieving revision 1.3 retrieving revision 1.4 diff -u -r1.3 -r1.4 --- initscript.in 12 Feb 2007 20:10:21 -0000 1.3 +++ initscript.in 16 Mar 2007 20:29:57 -0000 1.4 @@ -1,4 +1,4 @@ -#!/bin/bash +#!/bin/sh # # @package_name@ This starts and stops @package_name@ # @@ -11,24 +11,66 @@ # # Source function library. +if [ -f /etc/rc.d/init.d/functions ] ; then . /etc/rc.d/init.d/functions +fi # Source networking configuration. +if [ -f /etc/sysconfig/network ] ; then . /etc/sysconfig/network +fi # Check that networking is up. -if [ ${NETWORKING} = "no" ] +if [ "${NETWORKING}" = "no" ] then echo "Networking is down" exit 0 fi +# failure and success are not defined on some platforms +type failure > /dev/null 2>&1 || { +failure() +{ + echo " FAILED\c" +} +} + +type success > /dev/null 2>&1 || { +success() +{ + echo " SUCCESS\c" +} +} -exec="@sbindir@/ns-slapd" +# On Solaris /var/run is in tmpfs and gets wiped out upon reboot +# we have to recreate the /var/run/@package_name@ directory +# We also have to make sure that the directory is writable +# by the directory server process +# the argument to this function is the server instance directory, +# which must have a dse.ldif file in it +fix_pid_dir_ownership() +{ + if [ ! -d $piddir ] ; then + mkdir -p $piddir + owner=`grep \^nsslapd-localuser $1/dse.ldif | awk '{print $2}'` + if [ -n "$owner" ] ; then + chown $owner $piddir + chmod 700 $piddir + fi + fi +} + +baseexec="ns-slapd" +exec="@sbindir@/$baseexec" prog="@package_name@" # Lockfile -lockfile="@localstatedir@/lock/subsys/@package_name@" +if [ -d "@localstatedir@/lock/subsys" ] ; then + lockfile="@localstatedir@/lock/subsys/@package_name@" +else + lockfile="@localstatedir@/lock/@package_name@/lock" +fi # PID directory piddir="@localstatedir@/run/@package_name@" + # Instance basedir instbase="@instconfigdir@" @@ -38,13 +80,11 @@ umask 077 -pids=$(pidof $exec) - INSTANCES="" for FILE in `/bin/ls -d $instbase/slapd-* 2>/dev/null`; do if [ -d "$FILE" ] ; then - inst=$(echo "$FILE" | sed -e "s|$instbase/slapd-||") + inst=`echo "$FILE" | sed -e "s|$instbase/slapd-||"` INSTANCES="$INSTANCES $inst" fi done @@ -56,7 +96,7 @@ fi done if [ "$2" != "$INSTANCES" ]; then - echo -n "$2 is an invalid @package_name@ instance" + echo "$2 is an invalid @package_name@ instance\c" failure; echo exit 1 fi @@ -64,13 +104,14 @@ start() { if [ -n "$INSTANCES" ]; then - export LD_LIBRARY_PATH=@libdir@/@package_name@:@nss_libdir@ + LD_LIBRARY_PATH=@libdir@/@package_name@:@nss_libdir@ + export LD_LIBRARY_PATH echo "Starting $prog: " # Start every slapd instance that isn't already running errors=0 successes=0 for instance in $INSTANCES; do - echo -n " $instance..." + echo " $instance...\c" # the server creates pidfile and writes the pid to it when it is fully # started and available to serve clients pidfile=$piddir/slapd-$instance.pid @@ -79,15 +120,15 @@ # die a horrible death (e.g. shared lib problem, oom, etc.) startpidfile=$piddir/slapd-$instance.startpid server_running=0 - if [ -e $pidfile ]; then - pid=$(cat $pidfile) - if [ $(echo "$pids" | grep -c $pid) -ge 1 ]; then - echo -n " already running" + if [ -f $pidfile ]; then + pid=`cat $pidfile` + if kill -0 $pid > /dev/null 2>&1 ; then + echo " already running\c" success; echo - let successes=successes+1 + successes=`expr $successes + 1` server_running=1 else - echo -n " not running, but pid file exists - attempt to start anyway..." + echo " not running, but pid file exists - attempt to start anyway...\c" rm -f $pidfile fi fi @@ -95,12 +136,13 @@ if [ $server_running -eq 0 ] ; then rm -f $pidfile rm -f $startpidfile + fix_pid_dir_ownership $instbase/slapd-$instance $exec -D $instbase/slapd-$instance -i $pidfile -w $startpidfile if [ $? -eq 0 ]; then server_started=1 # well, perhaps not running, but started ok else failure; echo - let errors=errors+1 + errors=`expr $errors + 1` fi fi # ok, if we started the server successfully, let's see if it is really @@ -119,7 +161,7 @@ done if test ! -f $startpidfile ; then failure; echo - let errors=errors+1 + errors=`expr $errors + 1` server_started=0 fi fi @@ -144,10 +186,10 @@ done if kill -0 $pid > /dev/null 2>&1 && test -f $pidfile ; then success; echo - let successes=successes+1 + successes=`expr $successes + 1` else failure; echo - let errors=errors+1 + errors=`expr $errors + 1` fi fi rm -f $startpidfile @@ -168,17 +210,17 @@ errors=0 for instance in $INSTANCES; do pidfile=$piddir/slapd-$instance.pid - if [ -e $pidfile ]; then - pid=$(cat $pidfile) - echo -n " $instance..." + if [ -f $pidfile ]; then + pid=`cat $pidfile` + echo " $instance...\c" server_stopped=0 - if [ $(echo "$pids" | grep -c $pid) -ge 1 ]; then + if kill -0 $pid > /dev/null 2>&1 ; then kill $pid if [ $? -eq 0 ]; then server_stopped=1 else failure; echo - let errors=errors+1 + errors=`expr $errors + 1` fi fi if [ $server_stopped -eq 1 ] ; then @@ -198,7 +240,7 @@ done if test -f $pidfile ; then failure; echo - let errors=errors+1 + errors=`expr $errors + 1` else success; echo rm -f $pidfile @@ -207,7 +249,7 @@ fi done if [ $errors -ge 1 ]; then - echo -n "*** Error: $errors instance(s) unsuccessfully stopped" + echo "*** Error: $errors instance(s) unsuccessfully stopped\c" failure; echo else rm -f $lockfile @@ -222,9 +264,9 @@ status() { for instance in $INSTANCES; do - if [ -e $piddir/slapd-$instance.pid ]; then - pid=$(cat $piddir/slapd-$instance.pid) - if [ $(echo "$pids" | grep -c $pid) -ge 1 ]; then + if [ -f $piddir/slapd-$instance.pid ]; then + pid=`cat $piddir/slapd-$instance.pid` + if kill -0 $pid > /dev/null 2>&1 ; then echo "$prog $instance (pid $pid) is running..." else echo "$prog $instance dead but pid file exists" @@ -244,6 +286,7 @@ [ ! -f $lockfile ] || restart ;; *) - echo $"Usage: $0 {start|stop|status|restart|condrestart} [instance-name]" + echo Unknown command $1 + echo "Usage: $0 {start|stop|status|restart|condrestart} [instance-name]" exit 2 esac From fedora-directory-commits at redhat.com Fri Mar 16 21:32:46 2007 From: fedora-directory-commits at redhat.com (Richard Allen Megginson (rmeggins)) Date: Fri, 16 Mar 2007 17:32:46 -0400 Subject: [Fedora-directory-commits] ldapserver/ldap/admin/src migrateTo11.in, NONE, 1.1 Message-ID: <200703162132.l2GLWkEI032548@cvs-int.fedora.redhat.com> Author: rmeggins Update of /cvs/dirsec/ldapserver/ldap/admin/src In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv32489/ldapserver/ldap/admin/src Added Files: migrateTo11.in Log Message: Resolves: bug 231905 Bug Description: migration: Migrate from 1.0.x to 1.1 Reviewed by: nhosoi (Thanks!) Fix Description: The basic strategy is 1) shutdown the old servers - databases should be quiescent 2) run the migration script - this will copy all of the files (under /opt/fedora-ds/slapd-* by default) to their new FHS style locations, and fix up any entries and attributes that are obsolete or have changed (e.g. values that refer to paths) 3) service fedora-ds start The migration script does not need to do anything to the database files - the new database code added by Noriko will handle the database upgrade automagically, but I'm leaving the database upgrade code in the script, commented out, in case we need it in the future. This also fixes an annoying problem with automake - it would build ds_newinst.pl from ds_newinst.pl.in in the source ldap/admin/src directory, and use that version. This is really a problem with multi platform builds, where you want to share the ldapserver source code among multiple platforms. With the fix, built/ldap/admin/src/ds_newinst.pl is generated from srcdir/ldap/admin/src/ds_newinst.pl.in, and srcdir/ldap/admin/src/ds_newinst.pl is not written. Platforms tested: FC6 Flag Day: no Doc impact: Yes - we need to document migration --- NEW FILE migrateTo11.in --- #!/usr/bin/env perl # # BEGIN COPYRIGHT BLOCK # This Program is free software; you can redistribute it and/or modify it under # the terms of the GNU General Public License as published by the Free Software # Foundation; version 2 of the License. # # This Program is distributed in the hope that it will be useful, but WITHOUT # ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS # FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. # # You should have received a copy of the GNU General Public License along with # this Program; if not, write to the Free Software Foundation, Inc., 59 Temple # Place, Suite 330, Boston, MA 02111-1307 USA. # # In addition, as a special exception, Red Hat, Inc. gives You the additional # right to link the code of this Program with code not covered under the GNU # General Public License ("Non-GPL Code") and to distribute linked combinations # including the two, subject to the limitations in this paragraph. Non-GPL Code # permitted under this exception must only link to the code of this Program # through those well defined interfaces identified in the file named EXCEPTION # found in the source code files (the "Approved Interfaces"). The files of # Non-GPL Code may instantiate templates or use macros or inline functions from # the Approved Interfaces without causing the resulting work to be covered by # the GNU General Public License. Only Red Hat, Inc. may make changes or # additions to the list of Approved Interfaces. You must obey the GNU General # Public License in all respects for all of the Program code and other code used # in conjunction with the Program except the Non-GPL Code covered by this # exception. If you modify this file, you may extend this exception to your # version of the file, but you are not obligated to do so. If you do not wish to # provide this exception without modification, you must delete this exception # statement from your version and license this file solely under the GPL without # exception. # # Copyright (C) 2007 Red Hat, Inc. # All rights reserved. # END COPYRIGHT BLOCK # # cmd line parsing use Getopt::Long; # tempfiles use File::Temp qw(tempfile tempdir); # load perldap use Mozilla::LDAP::Conn; use Mozilla::LDAP::Utils qw(normalizeDN); use Mozilla::LDAP::API qw(ldap_explode_dn); use Mozilla::LDAP::LDIF; # these are the attributes for which we will always use # the new value, or which do not apply anymore my %ignoreOld = ( 'nsslapd-errorlog' => 'nsslapd-errorlog', 'nsslapd-accesslog' => 'nsslapd-accesslog', 'nsslapd-auditlog' => 'nsslapd-auditlog', 'nskeyfile' => 'nsKeyfile', 'nscertfile' => 'nsCertfile', 'nsslapd-pluginpath' => 'nsslapd-pluginPath', 'nsslapd-plugintype' => 'nsslapd-pluginType', 'nsslapd-pluginversion' => 'nsslapd-pluginVersion', 'nsslapd-plugin-depends-on-named' => 'nsslapd-plugin-depends-on-named', # these are new attrs that we should just pass through 'nsslapd-schemadir' => 'nsslapd-schemadir', 'nsslapd-lockdir' => 'nsslapd-lockdir', 'nsslapd-tmpdir' => 'nsslapd-tmpdir', 'nsslapd-certdir' => 'nsslapd-certdir', 'nsslapd-ldapifilepath' => 'nsslapd-ldapifilepath', 'nsslapd-ldapilisten' => 'nsslapd-ldapilisten', 'nsslapd-ldapiautobind' => 'nsslapd-ldapiautobind', 'nsslapd-ldapimaprootdn' => 'nsslapd-ldapimaprootdn', 'nsslapd-ldapimaptoentries' => 'nsslapd-ldapimaptoentries', 'nsslapd-ldapiuidnumbertype' => 'nsslapd-ldapiuidnumbertype', 'nsslapd-ldapigidnumbertype' => 'nsslapd-ldapigidnumbertype', 'nsslapd-ldapientrysearchbase' => 'nsslapd-ldapientrysearchbase', 'nsslapd-ldapiautodnsuffix' => 'nsslapd-ldapiautodnsuffix' ); # these are the attributes for which we will always use # the old value my %alwaysUseOld = ( 'aci' => 'aci' ); # global vars used throughout script + subs my $pkgname = "@package_name@"; # this is the new pkgname which may be something like # fedora-ds-base - we have to strip off the -suffix if ($pkgname =~ /-(core|base)$/) { $pkgname =~ s/-(core|base)$//; } my $oldpkgname = $pkgname; my $oldsroot = "/opt/$oldpkgname"; # figure out the current bdb version my $db_version=`db_verify -V`; my ($db_major_version, $db_minor_version); if ($db_version =~ /Berkeley DB (\d+)\.(\d+)/) { $db_major_version = $1; $db_minor_version = $2; } my $db_verstr = "bdb/${db_major_version}.${db_minor_version}/libback-ldbm"; my $debuglevel = 0; # use like this: # debug(3, "message"); # this will only print "message" if $debuglevel is 3 or higher (-vvv on the command line) sub debug { my ($level, @rest) = @_; if ($level <= $debuglevel) { print STDERR "+" x $level, @rest; } } sub getNewDbDir { my ($ent, $attr, $inst) = @_; my %objclasses = map { lc($_) => $_ } $ent->getValues('objectclass'); my $cn = $ent->getValues('cn'); my $newval; if ($objclasses{nsbackendinstance}) { $newval = "@localstatedir@/lib/$pkgname/$inst/db/$cn"; } elsif (lc $cn eq 'config') { $newval = "@localstatedir@/lib/$pkgname/$inst/db"; } elsif (lc $cn eq 'changelog5') { $newval = "@localstatedir@/lib/$pkgname/$inst/cldb"; } debug(2, "New value [$newval] for attr $attr in entry ", $ent->getDN(), "\n"); return $newval; } sub migrateCredentials { my ($ent, $attr, $inst) = @_; my $oldval = $ent->getValues($attr); debug(3, "Executing migratecred -o $oldsroot/$inst -n @instconfigdir@/$inst -c $oldval . . .\n"); my $newval = `migratecred -o $oldsroot/$inst -n @instconfigdir@/$inst -c $oldval`; debug(3, "Converted old value [$oldval] to new value [$newval] for attr $attr in entry ", $ent->getDN(), "\n"); return $newval; } # these are attributes that we have to transform from # the old value to the new value (e.g. a pathname) # The key of this hash is the attribute name. The value # is an anonymous sub which takes two arguments - the entry # and the old value. The return value of the sub is # the new value my %transformAttr = ( 'nsslapd-directory' => \&getNewDbDir, 'nsslapd-db-logdirectory' => \&getNewDbDir, 'nsslapd-changelogdir' => \&getNewDbDir, 'nsds5replicacredentials' => \&migrateCredentials, 'nsmultiplexorcredentials' => \&migrateCredentials ); #nsslapd-directory - if same as old path, convert to new, otherwise, leave it #nsslapd-logdirectory - if same as old path, convert to new, otherwise, leave it #nsslapd-accesslog #nsslapd-errorlog #nsslapd-auditlog #nskeyfile #nscertfile #dn: cn=Internationalization Plugin #nsslapd-pluginArg0: $inst/config/slapd-collations.conf #dn: cn=referential integrity postoperation #nsslapd-pluginarg1: $inst/logs/referint # don't forget changelogdb and certmap.conf # [General] # FullMachineName= localhost.localdomain # SuiteSpotUserID= nobody # ServerRoot= /usr/lib64/fedora-ds # [slapd] # ServerPort= 1100 # ServerIdentifier= localhost # Suffix= dc=example,dc=com # RootDN= cn=Directory Manager # RootDNPwd= Secret123 sub createInfFileFromDseLdif { my $oldroot = shift; my $inst = shift; my $fname = "$oldroot/$inst/config/dse.ldif"; my $id; ($id = $inst) =~ s/^slapd-//; open( DSELDIF, "$fname" ) || die "Can't open $fname: $!"; my ($outfh, $inffile) = tempfile(SUFFIX => '.inf'); my $in = new Mozilla::LDAP::LDIF(*DSELDIF) ; while ($ent = readOneEntry $in) { my $dn = $ent->getDN(); if ($dn =~ /cn=config/) { print $outfh "[General]\n"; print $outfh "FullMachineName = ", $ent->getValues('nsslapd-localhost'), "\n"; print $outfh "SuiteSpotUserID = ", $ent->getValues('nsslapd-localuser'), "\n"; print $outfh "ServerRoot = @serverdir@\n"; print $outfh "[slapd]\n"; print $outfh "RootDN = ", $ent->getValues('nsslapd-rootdn'), "\n"; print $outfh "RootDNPwd = ", $ent->getValues('nsslapd-rootpw'), "\n"; print $outfh "ServerPort = ", $ent->getValues('nsslapd-port'), "\n"; print $outfh "ServerIdentifier = $id\n"; print $outfh "Suffix = o=deleteAfterMigration\n"; print $outfh "start_server= 0\n"; last; } } close $outfh; close DSELDIF; return $inffile; } sub makeNewInst { my ($ds_newinst, $inffile) = @_; system ($ds_newinst, $inffile) == 0 or die "Could not create new instance using $ds_newinst with inffile $inffile: $?"; } sub copyDatabaseDirs { my $srcdir = shift; my $destdir = shift; if (-d $srcdir && ! -d $destdir) { debug(0, "Copying database directory $srcdir to $destdir\n"); system ("cp -p -r $srcdir $destdir") == 0 or die "Could not copy database directory $srcdir to $destdir: $?"; } elsif (! -d $srcdir) { die "Error: database directory $srcdir does not exist"; } else { debug(0, "The destination directory $destdir already exists, copying files/dirs individually\n"); foreach my $file (glob("$srcdir/*")) { debug(3, "Copying $file to $destdir\n"); if (-f $file) { system ("cp -p $file $destdir") == 0 or die "Error: could not copy $file to $destdir: $!"; } elsif (-d $file) { system ("cp -p -r $file $destdir") == 0 or die "Error: could not copy $file to $destdir: $!"; } } } } sub copyDatabases { my $oldroot = shift; my $inst = shift; my $newdbdir = shift; # global config and instance specific config are children of this entry my $basedbdn = normalizeDN("cn=ldbm database,cn=plugins,cn=config"); # get the list of databases, their index and transaction log locations my $fname = "$oldroot/$inst/config/dse.ldif"; open( DSELDIF, "$fname" ) || die "Can't open $fname: $!"; my $in = new Mozilla::LDAP::LDIF(*DSELDIF); my $targetdn = normalizeDN("cn=config,cn=ldbm database,cn=plugins,cn=config"); while ($ent = readOneEntry $in) { next if (!$ent->getDN()); # just skip root dse # look for the one level children of $basedbdn my @rdns = ldap_explode_dn($ent->getDN(), 0); my $parentdn = normalizeDN(join(',', @rdns[1..$#rdns])); if ($parentdn eq $basedbdn) { my $cn = $ent->getValues('cn'); my %objclasses = map { lc($_) => $_ } $ent->getValues('objectclass'); if ($cn eq 'config') { # global config debug(1, "Found ldbm database plugin config entry ", $ent->getDN(), "\n"); my $dir = $ent->getValues('nsslapd-directory'); my $homedir = $ent->getValues('nsslapd-db-home-directory'); my $logdir = $ent->getValues('nsslapd-db-logdirectory'); debug(1, "old db dir = $dir homedir = $homedir logdir = $logdir\n"); my $srcdir = $homedir || $dir || "$oldroot/$inst/db"; copyDatabaseDirs($srcdir, $newdbdir); copyDatabaseDirs($logdir, $newdbdir) if ($logdir && $logdir ne $srcdir); } elsif ($objclasses{nsbackendinstance}) { debug(1, "Found ldbm database instance entry ", $ent->getDN(), "\n"); my $dir = $ent->getValues('nsslapd-directory'); # the default db instance directory is # $oldroot/$inst/$cn debug(1, "old instance $cn dbdir $dir\n"); my $srcdir = $dir || "$oldroot/$inst/db/$cn"; copyDatabaseDirs($srcdir, "$newdbdir/$cn"); } # else just ignore for now } } close DSELDIF; # server automagically upgrades database if needed # upgradeDatabase($newdbdir); # fix the DBVERSION files # updateDBVERSION($newdbdir); # fix guardian files # updateDBguardian($newdbdir); } sub copySecurityFiles { my $oldroot = shift; my $inst = shift; my $destdir = shift; if (! -d "$oldroot/alias") { debug(0, "Error: security file directory $oldroot/alias not found\n"); } elsif (! -d $destdir) { debug(0, "Error: new security file directory $destdir not found\n"); } else { debug(1, "Copying $oldroot/alias/$inst-cert8.db to $destdir/cert8.db\n"); system ("cp -p $oldroot/alias/$inst-cert8.db $destdir/cert8.db") == 0 or die "Error: could not copy $oldroot/alias/$inst-cert8.db to $destdir/cert8.db: $!"; debug(1, "Copying $oldroot/alias/$inst-key3.db to $destdir/key3.db\n"); system ("cp -p $oldroot/alias/$inst-key3.db $destdir/key3.db") == 0 or die "Error: could not copy $oldroot/alias/$inst-key3.db to $destdir/key3.db: $!"; debug(1, "Copying $oldroot/alias/secmod.db to $destdir/secmod.db\n"); system ("cp -p $oldroot/alias/secmod.db $destdir/secmod.db") == 0 or die "Error: could not copy $oldroot/alias/secmod.db to $destdir/secmod.db: $!"; if (-f "$oldroot/alias/$inst-pin.txt") { debug(1, "Copying $oldroot/alias/$inst-pin.txt to $destdir/pin.txt\n"); system ("cp -p $oldroot/alias/$inst-pin.txt $destdir/pin.txt") == 0 or die "Error: could not copy $oldroot/alias/$inst-pin.txt to $destdir/pin.txt: $!"; } if (-f "$oldroot/shared/config/certmap.conf") { debug(1, "Copying $oldroot/shared/config/certmap.conf to $destdir/certmap.conf\n"); system ("cp -p $oldroot/shared/config/certmap.conf $destdir/certmap.conf") == 0 or die "Error: could not copy $oldroot/shared/config/certmap.conf to $destdir/certmap.conf: $!"; } } } sub copyChangelogDB { my $oldroot = shift; my $inst = shift; my $newdbdir = shift; # changelog config entry my $cldn = normalizeDN("cn=changelog5, cn=config"); my $fname = "$oldroot/$inst/config/dse.ldif"; open( DSELDIF, "$fname" ) || die "Can't open $fname: $!"; my $in = new Mozilla::LDAP::LDIF(*DSELDIF); while ($ent = readOneEntry $in) { my $targetdn = normalizeDN($ent->getDN()); if ($targetdn eq $cldn) { my $oldcldir = $ent->getValues('nsslapd-changelogdir'); debug(1, "old cldb dir = $oldcldir\n"); my $srcdir = $oldcldir || "$oldroot/$inst/cldb"; copyDatabaseDirs($srcdir, $newdbdir); # server automagically upgrades database if needed # upgradeDatabase($newdbdir); last; } } close DSELDIF; } sub fixAttrsInEntry { my ($ent, $inst) = @_; for my $attr (keys %{$ent}) { my $lcattr = lc $attr; if ($transformAttr{$lcattr}) { $ent->setValues($attr, &{$transformAttr{$lcattr}}($ent, $attr, $inst)); } } } sub mergeEntries { my ($old, $new, $inst) = @_; my %inoldonly; # attrs in old entry but not new one my %innewonly; # attrs in new entry but not old one my @attrs; # attrs common to old and new # if the attribute exists in the old entry but not the new one # we should probably add it (checking for special cases first) # if the attribute exists in the new entry but not the old one # we might have to delete it from the new entry # first, get a list of all attributes foreach my $attr (keys %{$old}) { if (! $new->exists($attr)) { $inoldonly{$attr} = $attr; } else { push @attrs, $attr; } } foreach my $attr (keys %{$new}) { if (! $old->exists($attr)) { $innewonly{$attr} = $attr; } } # iterate through the attr lists my $cn = lc $new->getValues("cn"); foreach my $attr (keys %inoldonly, keys %innewonly, @attrs) { my $lcattr = lc $attr; if ($ignoreOld{$lcattr}) { next; # use new value or just omit if attr is obsolete } elsif ($transformAttr{$lcattr}) { # only transform if the value is in the old entry if (!$innewonly{$attr}) { $new->setValues($attr, &{$transformAttr{$lcattr}}($old, $attr, $inst)); } } elsif ($cn eq "internationalization plugin" and $lcattr eq "nsslapd-pluginarg0") { next; # use the new value of this path name } elsif ($cn eq "referential integrity postoperation" and $lcattr eq "nsslapd-pluginarg1") { next; # use the new value of this path name } elsif ($innewonly{$attr}) { $new->remove($attr); # in new but not old - just remove it } else { $new->setValues($attr, $old->getValues($attr)); # use old value } } } sub mergeDseLdif { my $oldroot = shift; my $inst = shift; my $ent; # first, read in old file my %olddse; # map of normalized DN to Entry my @olddns; # the DNs in their original order my $fname = "$oldroot/$inst/config/dse.ldif"; open( OLDDSELDIF, $fname ) || die "Can't open $fname: $!"; my $in = new Mozilla::LDAP::LDIF(*OLDDSELDIF); while ($ent = readOneEntry $in) { my $dn = normalizeDN($ent->getDN()); push @olddns, $dn; $olddse{$dn} = $ent; } close OLDDSELDIF; # next, read in new file my %newdse; # map of normalized DN to Entry my @newdns; # the DNs in their original order that are not in olddns $fname = "@instconfigdir@/$inst/dse.ldif"; open( NEWDSELDIF, $fname ) || die "Can't open $fname: $!"; $in = new Mozilla::LDAP::LDIF(*NEWDSELDIF); while ($ent = readOneEntry $in) { my $dn = normalizeDN($ent->getDN()); $newdse{$dn} = $ent; if (! exists $olddse{$dn}) { push @newdns, $dn; } } close NEWDSELDIF; # temp file for new, merged dse.ldif my ($dsefh, $tmpdse) = tempfile(SUFFIX => '.ldif'); # now, compare entries # if the entry exists in the old tree but not the new, add it # if the entry exists in the new tree but not the old, delete it # otherwise, merge the entries # @olddns contains the dns in the old dse.ldif, including ones that # may also be in the new dse.ldif # @newdns contains dns that are only in the new dse.ldif for my $dn (@olddns, @newdns) { my $oldent = $olddse{$dn}; my $newent = $newdse{$dn}; my $outputent; if ($oldent && !$newent) { # may have to fix up some values in the old entry fixAttrsInEntry($oldent, $inst); # output $oldent $outputent = $oldent; } elsif (!$oldent && $newent) { next if ($dn =~ /o=deleteAfterMigration/i); # output $newent $outputent = $newent; } else { #merge # $newent will contain the merged entry mergeEntries($oldent, $newent, $inst); $outputent = $newent; } # special fix for rootDSE - perldap doesn't like "" for a dn if (! $outputent->getDN()) { my $ary = $outputent->getLDIFrecords(); shift @$ary; # remove "dn" shift @$ary; # remove the empty dn value print $dsefh "dn:\n"; print $dsefh (Mozilla::LDAP::LDIF::pack_LDIF (78, $ary), "\n"); } else { Mozilla::LDAP::LDIF::put_LDIF($dsefh, 78, $outputent); } } close $dsefh; return $tmpdse; } sub usage { print STDERR < \$debuglevel, 'instance|i=s' => \@instances, 'oldsroot|o=s' => \$oldsroot, 'help|h' => sub { &usage }); # get list of instances to migrate if (! @instances) { # an instance must be a directory called $oldsroot/slapd-something and the file # $oldsroot/slapd-something/config/dse.ldif must exist @instances = grep { -d && -f "$_/config/dse.ldif" && ($_ =~ s,$oldsroot/,,) } glob("$oldsroot/slapd-*"); } die "No instances found to migrate" unless (@instances); # find ds_newinst.pl - in same directory as this script or in PATH my $ds_newinst; ($ds_newinst = $0) =~ s|/[^/]+$|/ds_newinst.pl|; if (! -x $ds_newinst) { $ds_newinst = "ds_newinst.pl"; # just get from path } # for each instance foreach my $inst (@instances) { # set instance specific defaults my $newdbdir = "@localstatedir@/lib/$pkgname/$inst/db"; my $newcertdir = "@instconfigdir@/$inst"; my $newcldbdir = "@localstatedir@/lib/$pkgname/$inst/cldb"; # extract the information needed for ds_newinst.pl my $inffile = createInfFileFromDseLdif($oldsroot, $inst); debug(2, "Using inffile $inffile created from $oldsroot/$inst\n"); # create the new instance makeNewInst($ds_newinst, $inffile); unlink($inffile); # copy over the files/directories # copy the databases copyDatabases($oldsroot, $inst, $newdbdir); # copy the security related files copySecurityFiles($oldsroot, $inst, $newcertdir); # copy the repl changelog database copyChangelogDB($oldsroot, $inst, $newcldbdir); # merge the old info into the new dse.ldif my $tmpdse = mergeDseLdif($oldsroot, $inst); # get user/group of new dse my ($dev, $ino, $mode, $uid, $gid, @rest) = stat "@instconfigdir@/$inst/dse.ldif"; # save the original new dse.ldif system("cp -p @instconfigdir@/$inst/dse.ldif @instconfigdir@/$inst/dse.ldif.premigrate"); # copy the new one system("cp $tmpdse @instconfigdir@/$inst/dse.ldif"); # change owner/group chmod $mode, "@instconfigdir@/$inst/dse.ldif"; chown $uid, $gid, "@instconfigdir@/$inst/dse.ldif"; # remove the temp one unlink($tmpdse); } debug(0, "\n\nDone! Migration is complete.\n"); debug(0, "You can start your new servers with: service fedora-ds start\n"); # the server automagically upgrades the databases, so these are not needed for now # sub upgradeDatabase { # my $newdbdir = shift; # # now, recover the database to flush the data from the log file(s) # # into the .db4 (index) files # debug(0, "Recovering and flushing log files in $newdbdir . . .\n"); # my $vflag = ""; # if ($debuglevel > 2) { # $vflag = "-v"; # } # system("db42_recover $vflag -h $newdbdir") == 0 or # die "Error: could not recover the db files in $newdbdir: $!"; # # then, remove the log file(s) (log.xxxxx) and the old memory region files (__db.XXX files) # debug(0, "Removing old log and memory region files in $newdbdir . . .\n"); # system("rm -f $newdbdir/log.* $newdbdir/__db.*") == 0 or # die "Error: could not remove log and mem region files in $newdbdir: $!"; # # finally, upgrade the index files # debug(0, "Upgrading all database files in $newdbdir . . .\n"); # for my $dbfile (<$newdbdir/*/*.db4>) { # debug(2, "Upgrading database file $dbfile . . .\n"); # system("db_upgrade -h $newdbdir $dbfile") == 0 or # die "Error: could not upgrade database file $dbfile: $!"; # } # for my $dbfile (<$newdbdir/*.db4>) { # debug(2, "Upgrading database file $dbfile . . .\n"); # system("db_upgrade -h $newdbdir $dbfile") == 0 or # die "Error: could not upgrade database file $dbfile: $!"; # } # } # sub updateDBVERSION { # my $newdbdir = shift; # my $fname = "$newdbdir/DBVERSION"; # my @flist = ($fname); # push @flist, glob("$newdbdir/*/DBVERSION"); # for $fname (@flist) { # if (-f $fname) { # debug(2, "Updating $fname to $db_verstr\n"); # open(FNAME, ">$fname") or die "Can't write $fname: $!"; # print FNAME $db_verstr, "\n"; # close FNAME; # } else { # debug(0, "No $fname - skipping\n"); # } # } # } # sub updateDBguardian { # my $newdbdir = shift; # my $fname = "$newdbdir/guardian"; # my @flist = ($fname); # push @flist, glob("$newdbdir/*/guardian"); # for $fname (@flist) { # if (-f $fname) { # debug(2, "Updating $fname to $db_verstr\n"); # open(FNAME, "$fname") or die "Can't read $fname: $!"; # my @lines = ; # close FNAME; # open(FNAME, ">$fname") or die "Can't write $fname: $!"; # for (@lines) { # if (/^version:/) { # print FNAME "version:$db_verstr\n"; # } else { # print FNAME; # } # } # close FNAME; # } else { # debug(0, "No $fname - skipping\n"); # } # } # } From fedora-directory-commits at redhat.com Fri Mar 16 21:32:46 2007 From: fedora-directory-commits at redhat.com (Richard Allen Megginson (rmeggins)) Date: Fri, 16 Mar 2007 17:32:46 -0400 Subject: [Fedora-directory-commits] ldapserver/ldap/servers/slapd/tools migratecred.c, 1.7, 1.8 Message-ID: <200703162132.l2GLWklY032554@cvs-int.fedora.redhat.com> Author: rmeggins Update of /cvs/dirsec/ldapserver/ldap/servers/slapd/tools In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv32489/ldapserver/ldap/servers/slapd/tools Modified Files: migratecred.c Log Message: Resolves: bug 231905 Bug Description: migration: Migrate from 1.0.x to 1.1 Reviewed by: nhosoi (Thanks!) Fix Description: The basic strategy is 1) shutdown the old servers - databases should be quiescent 2) run the migration script - this will copy all of the files (under /opt/fedora-ds/slapd-* by default) to their new FHS style locations, and fix up any entries and attributes that are obsolete or have changed (e.g. values that refer to paths) 3) service fedora-ds start The migration script does not need to do anything to the database files - the new database code added by Noriko will handle the database upgrade automagically, but I'm leaving the database upgrade code in the script, commented out, in case we need it in the future. This also fixes an annoying problem with automake - it would build ds_newinst.pl from ds_newinst.pl.in in the source ldap/admin/src directory, and use that version. This is really a problem with multi platform builds, where you want to share the ldapserver source code among multiple platforms. With the fix, built/ldap/admin/src/ds_newinst.pl is generated from srcdir/ldap/admin/src/ds_newinst.pl.in, and srcdir/ldap/admin/src/ds_newinst.pl is not written. Platforms tested: FC6 Flag Day: no Doc impact: Yes - we need to document migration Index: migratecred.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/tools/migratecred.c,v retrieving revision 1.7 retrieving revision 1.8 diff -u -r1.7 -r1.8 --- migratecred.c 10 Nov 2006 23:45:51 -0000 1.7 +++ migratecred.c 16 Mar 2007 21:32:44 -0000 1.8 @@ -46,6 +46,9 @@ #include #include #include +#ifdef HAVE_UNISTD_H +#include +#endif #ifndef _WIN32 #include /* MAXPATHLEN */ @@ -56,7 +59,8 @@ static void usage(char *name) { - fprintf(stderr, "usage: %s -o 5.0InstancePath -n 5.1InstancePath -c 5.0Credential\n", name); + fprintf(stderr, "usage: %s -o OldInstancePath -n NewInstancePath -c OldCredential [-p NewPluginPath]\n", name); + fprintf(stderr, "New plugin path defaults to [%s] if not given\n", PLUGINDIR); exit(1); } @@ -76,18 +80,18 @@ } #endif -/* Script used during 5.0 to 5.1 migration: replication and +/* Script used during migration: replication and chaining backend credentials must be converted. Assumption: the built-in des-plugin.so lib has been used - in 5.0 and is used in 5.1 + in the old version and is used in the new version Usage: migrateCred - -o <5.0 instance path> - -n <5.1 instance path> - -c <5.0 credential, with prefix> + -o + -n + -c - Return 5.1 credential with prefix + Return new credential with prefix */ int @@ -96,6 +100,7 @@ char *cmd = argv[0]; char *oldpath = NULL; char *newpath = NULL; + char *pluginpath = NULL; char *prefixCred = NULL; char *cred = NULL; @@ -104,7 +109,7 @@ char libpath[MAXPATHLEN]; char *shared_lib; - char *opts = "o:n:c:"; + char *opts = "o:n:c:p:"; int i; while (( i = getopt( argc, argv, opts )) != EOF ) @@ -144,6 +149,13 @@ } } break; + case 'p': + pluginpath = strdup(optarg); +#ifdef _WIN32 + dostounixpath(pluginpath); +#endif /* _WIN32 */ + + break; default: usage(cmd); } @@ -177,13 +189,26 @@ #endif #endif - snprintf(libpath, sizeof(libpath), "%s/../lib/des-plugin%s", newpath, shared_lib); - libpath[sizeof(libpath)-1] = 0; + if (!pluginpath) { + pluginpath = strdup(PLUGINDIR); +#ifdef _WIN32 + dostounixpath(pluginpath); +#endif /* _WIN32 */ + } + + if (access(pluginpath, R_OK)) { + snprintf(libpath, sizeof(libpath), "%s/../lib/des-plugin%s", newpath, shared_lib); + libpath[sizeof(libpath)-1] = 0; + } else { + snprintf(libpath, sizeof(libpath), "%s/libdes-plugin%s", pluginpath, shared_lib); + libpath[sizeof(libpath)-1] = 0; + } fct = (migrate_fn_type)sym_load(libpath, "migrateCredentials", "DES Plugin", 1 /* report errors */ ); if ( fct == NULL ) { + usage(cmd); return(1); } From fedora-directory-commits at redhat.com Fri Mar 16 21:32:41 2007 From: fedora-directory-commits at redhat.com (Richard Allen Megginson (rmeggins)) Date: Fri, 16 Mar 2007 17:32:41 -0400 Subject: [Fedora-directory-commits] ldapserver Makefile.am, 1.32, 1.33 aclocal.m4, 1.25, 1.26 configure, 1.34, 1.35 missing, 1.19, 1.20 install-sh, 1.19, 1.20 compile, 1.19, 1.20 depcomp, 1.19, 1.20 config.sub, 1.18, 1.19 config.guess, 1.18, 1.19 Makefile.in, 1.37, 1.38 Message-ID: <200703162133.l2GLXBEV032571@cvs-int.fedora.redhat.com> Author: rmeggins Update of /cvs/dirsec/ldapserver In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv32489/ldapserver Modified Files: Makefile.am aclocal.m4 configure missing install-sh compile depcomp config.sub config.guess Makefile.in Log Message: Resolves: bug 231905 Bug Description: migration: Migrate from 1.0.x to 1.1 Reviewed by: nhosoi (Thanks!) Fix Description: The basic strategy is 1) shutdown the old servers - databases should be quiescent 2) run the migration script - this will copy all of the files (under /opt/fedora-ds/slapd-* by default) to their new FHS style locations, and fix up any entries and attributes that are obsolete or have changed (e.g. values that refer to paths) 3) service fedora-ds start The migration script does not need to do anything to the database files - the new database code added by Noriko will handle the database upgrade automagically, but I'm leaving the database upgrade code in the script, commented out, in case we need it in the future. This also fixes an annoying problem with automake - it would build ds_newinst.pl from ds_newinst.pl.in in the source ldap/admin/src directory, and use that version. This is really a problem with multi platform builds, where you want to share the ldapserver source code among multiple platforms. With the fix, built/ldap/admin/src/ds_newinst.pl is generated from srcdir/ldap/admin/src/ds_newinst.pl.in, and srcdir/ldap/admin/src/ds_newinst.pl is not written. Platforms tested: FC6 Flag Day: no Doc impact: Yes - we need to document migration Index: Makefile.am =================================================================== RCS file: /cvs/dirsec/ldapserver/Makefile.am,v retrieving revision 1.32 retrieving revision 1.33 diff -u -r1.32 -r1.33 --- Makefile.am 3 Mar 2007 00:32:16 -0000 1.32 +++ Makefile.am 16 Mar 2007 21:32:38 -0000 1.33 @@ -21,7 +21,7 @@ PATH_DEFINES = -DLOCALSTATEDIR="\"$(localstatedir)\"" -DSYSCONFDIR="\"$(sysconfdir)\"" \ -DLIBDIR="\"$(libdir)\"" -DBINDIR="\"$(bindir)\"" \ -DDATADIR="\"$(datadir)\"" -DDOCDIR="\"$(docdir)\"" \ - -DSBINDIR="\"$(sbindir)\"" + -DSBINDIR="\"$(sbindir)\"" -DPLUGINDIR="\"$(serverplugindir)\"" AM_CPPFLAGS = $(DEBUG_DEFINES) $(DS_DEFINES) $(DS_INCLUDES) $(PATH_DEFINES) PLUGIN_CPPFLAGS = $(AM_CPPFLAGS) @ldapsdk_inc@ @nss_inc@ @nspr_inc@ @@ -148,13 +148,14 @@ bin_SCRIPTS = $(srcdir)/ldap/servers/slapd/tools/rsearch/scripts/dbgen.pl \ wrappers/dbscan \ wrappers/ds_newinst \ - $(srcdir)/ldap/admin/src/ds_newinst.pl \ + ldap/admin/src/ds_newinst.pl \ wrappers/dsktune \ wrappers/infadd \ wrappers/ldap-agent \ wrappers/ldclt \ wrappers/ldif \ $(srcdir)/ldap/admin/src/logconv.pl \ + ldap/admin/src/migrateTo11 \ wrappers/migratecred \ wrappers/mmldif \ wrappers/pwdhash \ Index: Makefile.in =================================================================== RCS file: /cvs/dirsec/ldapserver/Makefile.in,v retrieving revision 1.37 retrieving revision 1.38 diff -u -r1.37 -r1.38 --- Makefile.in 3 Mar 2007 00:32:16 -0000 1.37 +++ Makefile.in 16 Mar 2007 21:32:39 -0000 1.38 @@ -981,7 +981,7 @@ PATH_DEFINES = -DLOCALSTATEDIR="\"$(localstatedir)\"" -DSYSCONFDIR="\"$(sysconfdir)\"" \ -DLIBDIR="\"$(libdir)\"" -DBINDIR="\"$(bindir)\"" \ -DDATADIR="\"$(datadir)\"" -DDOCDIR="\"$(docdir)\"" \ - -DSBINDIR="\"$(sbindir)\"" + -DSBINDIR="\"$(sbindir)\"" -DPLUGINDIR="\"$(serverplugindir)\"" AM_CPPFLAGS = $(DEBUG_DEFINES) $(DS_DEFINES) $(DS_INCLUDES) $(PATH_DEFINES) PLUGIN_CPPFLAGS = $(AM_CPPFLAGS) @ldapsdk_inc@ @nss_inc@ @nspr_inc@ @@ -1064,13 +1064,14 @@ bin_SCRIPTS = $(srcdir)/ldap/servers/slapd/tools/rsearch/scripts/dbgen.pl \ wrappers/dbscan \ wrappers/ds_newinst \ - $(srcdir)/ldap/admin/src/ds_newinst.pl \ + ldap/admin/src/ds_newinst.pl \ wrappers/dsktune \ wrappers/infadd \ wrappers/ldap-agent \ wrappers/ldclt \ wrappers/ldif \ $(srcdir)/ldap/admin/src/logconv.pl \ + ldap/admin/src/migrateTo11 \ wrappers/migratecred \ wrappers/mmldif \ wrappers/pwdhash \ From fedora-directory-commits at redhat.com Fri Mar 16 23:07:00 2007 From: fedora-directory-commits at redhat.com (Richard Allen Megginson (rmeggins)) Date: Fri, 16 Mar 2007 19:07:00 -0400 Subject: [Fedora-directory-commits] ldapserver Makefile.am, 1.33, 1.34 aclocal.m4, 1.26, 1.27 configure, 1.35, 1.36 missing, 1.20, 1.21 install-sh, 1.20, 1.21 compile, 1.20, 1.21 depcomp, 1.20, 1.21 config.sub, 1.19, 1.20 config.guess, 1.19, 1.20 Makefile.in, 1.38, 1.39 Message-ID: <200703162307.l2GN704x009112@cvs-int.fedora.redhat.com> Author: rmeggins Update of /cvs/dirsec/ldapserver In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv9059/ldapserver Modified Files: Makefile.am aclocal.m4 configure missing install-sh compile depcomp config.sub config.guess Makefile.in Log Message: Resolves: bug 232684 Description: need initscripts for Solaris Fix Description: I messed up the linux init script - turns out linux echo doesn't like \c, so I created a echo_n() function which is stolen from configure. I had to add @ECHO_N@ and @ECHO_C@ to Makefile.am and have them replaced in initscript.in. Index: Makefile.am =================================================================== RCS file: /cvs/dirsec/ldapserver/Makefile.am,v retrieving revision 1.33 retrieving revision 1.34 diff -u -r1.33 -r1.34 --- Makefile.am 16 Mar 2007 21:32:38 -0000 1.33 +++ Makefile.am 16 Mar 2007 23:06:57 -0000 1.34 @@ -981,7 +981,9 @@ -e 's, at sysconfdir\@,$(sysconfdir),g' \ -e 's, at localstatedir\@,$(localstatedir),g' \ -e 's, at package_name\@,$(PACKAGE_NAME),g' \ - -e 's, at instconfigdir\@,$(instconfigdir),g' + -e 's, at instconfigdir\@,$(instconfigdir),g' \ + -e 's, at ECHO_N\@,$(ECHO_N),g' \ + -e 's, at ECHO_C\@,$(ECHO_C),g' else fixupcmd = sed \ -e 's, at bindir\@,$(bindir),g' \ @@ -1005,7 +1007,9 @@ -e 's, at sysconfdir\@,$(sysconfdir),g' \ -e 's, at localstatedir\@,$(localstatedir),g' \ -e 's, at package_name\@,$(PACKAGE_NAME),g' \ - -e 's, at instconfigdir\@,$(instconfigdir),g' + -e 's, at instconfigdir\@,$(instconfigdir),g' \ + -e 's, at ECHO_N\@,$(ECHO_N),g' \ + -e 's, at ECHO_C\@,$(ECHO_C),g' endif %: %.in Index: Makefile.in =================================================================== RCS file: /cvs/dirsec/ldapserver/Makefile.in,v retrieving revision 1.38 retrieving revision 1.39 diff -u -r1.38 -r1.39 --- Makefile.in 16 Mar 2007 21:32:39 -0000 1.38 +++ Makefile.in 16 Mar 2007 23:06:58 -0000 1.39 @@ -1859,7 +1859,9 @@ @BUNDLE_FALSE@ -e 's, at sysconfdir\@,$(sysconfdir),g' \ @BUNDLE_FALSE@ -e 's, at localstatedir\@,$(localstatedir),g' \ @BUNDLE_FALSE@ -e 's, at package_name\@,$(PACKAGE_NAME),g' \ - at BUNDLE_FALSE@ -e 's, at instconfigdir\@,$(instconfigdir),g' + at BUNDLE_FALSE@ -e 's, at instconfigdir\@,$(instconfigdir),g' \ + at BUNDLE_FALSE@ -e 's, at ECHO_N\@,$(ECHO_N),g' \ + at BUNDLE_FALSE@ -e 's, at ECHO_C\@,$(ECHO_C),g' # these are for the config files and scripts that we need to generate and replace @@ -1890,7 +1892,9 @@ @BUNDLE_TRUE@ -e 's, at sysconfdir\@,$(sysconfdir),g' \ @BUNDLE_TRUE@ -e 's, at localstatedir\@,$(localstatedir),g' \ @BUNDLE_TRUE@ -e 's, at package_name\@,$(PACKAGE_NAME),g' \ - at BUNDLE_TRUE@ -e 's, at instconfigdir\@,$(instconfigdir),g' + at BUNDLE_TRUE@ -e 's, at instconfigdir\@,$(instconfigdir),g' \ + at BUNDLE_TRUE@ -e 's, at ECHO_N\@,$(ECHO_N),g' \ + at BUNDLE_TRUE@ -e 's, at ECHO_C\@,$(ECHO_C),g' all: $(BUILT_SOURCES) config.h $(MAKE) $(AM_MAKEFLAGS) all-am From fedora-directory-commits at redhat.com Fri Mar 16 23:07:00 2007 From: fedora-directory-commits at redhat.com (Richard Allen Megginson (rmeggins)) Date: Fri, 16 Mar 2007 19:07:00 -0400 Subject: [Fedora-directory-commits] ldapserver/wrappers initscript.in, 1.4, 1.5 Message-ID: <200703162307.l2GN708H009116@cvs-int.fedora.redhat.com> Author: rmeggins Update of /cvs/dirsec/ldapserver/wrappers In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv9059/ldapserver/wrappers Modified Files: initscript.in Log Message: Resolves: bug 232684 Description: need initscripts for Solaris Fix Description: I messed up the linux init script - turns out linux echo doesn't like \c, so I created a echo_n() function which is stolen from configure. I had to add @ECHO_N@ and @ECHO_C@ to Makefile.am and have them replaced in initscript.in. Index: initscript.in =================================================================== RCS file: /cvs/dirsec/ldapserver/wrappers/initscript.in,v retrieving revision 1.4 retrieving revision 1.5 diff -u -r1.4 -r1.5 --- initscript.in 16 Mar 2007 20:29:57 -0000 1.4 +++ initscript.in 16 Mar 2007 23:06:58 -0000 1.5 @@ -26,18 +26,24 @@ exit 0 fi +# Solaris echo cannot use -n - linux echo by default cannot use \c +echo_n() +{ + echo @ECHO_N@ "$*@ECHO_C@" +} + # failure and success are not defined on some platforms type failure > /dev/null 2>&1 || { failure() { - echo " FAILED\c" + echo_n " FAILED" } } type success > /dev/null 2>&1 || { success() { - echo " SUCCESS\c" + echo_n " SUCCESS" } } @@ -96,7 +102,7 @@ fi done if [ "$2" != "$INSTANCES" ]; then - echo "$2 is an invalid @package_name@ instance\c" + echo_n "$2 is an invalid @package_name@ instance" failure; echo exit 1 fi @@ -111,7 +117,7 @@ errors=0 successes=0 for instance in $INSTANCES; do - echo " $instance...\c" + echo_n " $instance..." # the server creates pidfile and writes the pid to it when it is fully # started and available to serve clients pidfile=$piddir/slapd-$instance.pid @@ -123,12 +129,12 @@ if [ -f $pidfile ]; then pid=`cat $pidfile` if kill -0 $pid > /dev/null 2>&1 ; then - echo " already running\c" + echo_n " already running" success; echo successes=`expr $successes + 1` server_running=1 else - echo " not running, but pid file exists - attempt to start anyway...\c" + echo_n " not running, but pid file exists - attempt to start anyway..." rm -f $pidfile fi fi @@ -136,7 +142,7 @@ if [ $server_running -eq 0 ] ; then rm -f $pidfile rm -f $startpidfile - fix_pid_dir_ownership $instbase/slapd-$instance + fix_pid_dir_ownership $instbase/slapd-$instance $exec -D $instbase/slapd-$instance -i $pidfile -w $startpidfile if [ $? -eq 0 ]; then server_started=1 # well, perhaps not running, but started ok @@ -212,7 +218,7 @@ pidfile=$piddir/slapd-$instance.pid if [ -f $pidfile ]; then pid=`cat $pidfile` - echo " $instance...\c" + echo_n " $instance..." server_stopped=0 if kill -0 $pid > /dev/null 2>&1 ; then kill $pid @@ -249,7 +255,7 @@ fi done if [ $errors -ge 1 ]; then - echo "*** Error: $errors instance(s) unsuccessfully stopped\c" + echo_n "*** Error: $errors instance(s) unsuccessfully stopped" failure; echo else rm -f $lockfile @@ -286,7 +292,7 @@ [ ! -f $lockfile ] || restart ;; *) - echo Unknown command $1 + echo Unknown command $1 echo "Usage: $0 {start|stop|status|restart|condrestart} [instance-name]" exit 2 esac From fedora-directory-commits at redhat.com Sat Mar 17 00:07:11 2007 From: fedora-directory-commits at redhat.com (Noriko Hosoi (nhosoi)) Date: Fri, 16 Mar 2007 20:07:11 -0400 Subject: [Fedora-directory-commits] ldapserver/ldap/admin/src create_instance.c, 1.50, 1.51 Message-ID: <200703170007.l2H07BnM013914@cvs-int.fedora.redhat.com> Author: nhosoi Update of /cvs/dirsec/ldapserver/ldap/admin/src In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv13898 Modified Files: create_instance.c Log Message: The line to create db2bak.pl was missing... Index: create_instance.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/admin/src/create_instance.c,v retrieving revision 1.50 retrieving revision 1.51 diff -u -r1.50 -r1.51 --- create_instance.c 2 Mar 2007 22:37:25 -0000 1.50 +++ create_instance.c 17 Mar 2007 00:07:09 -0000 1.51 @@ -1918,6 +1918,9 @@ t = CREATE_DB2LDIF(); if(t) return t; + t = CREATE_DB2BAK(); + if(t) return t; + t = CREATE_BAK2DB(); if(t) return t; From fedora-directory-commits at redhat.com Mon Mar 19 17:49:55 2007 From: fedora-directory-commits at redhat.com (Noriko Hosoi (nhosoi)) Date: Mon, 19 Mar 2007 13:49:55 -0400 Subject: [Fedora-directory-commits] ldapserver/ldap/admin/src/scripts template-db2bak.pl.in, 1.4, 1.5 Message-ID: <200703191749.l2JHntd1020190@cvs-int.fedora.redhat.com> Author: nhosoi Update of /cvs/dirsec/ldapserver/ldap/admin/src/scripts In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv20172 Modified Files: template-db2bak.pl.in Log Message: Resolves: 232746 Summary: template file for db2bak.pl fails due to variable/path mismatches Index: template-db2bak.pl.in =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/admin/src/scripts/template-db2bak.pl.in,v retrieving revision 1.4 retrieving revision 1.5 diff -u -r1.4 -r1.5 --- template-db2bak.pl.in 12 Feb 2007 19:55:10 -0000 1.4 +++ template-db2bak.pl.in 19 Mar 2007 17:49:53 -0000 1.5 @@ -105,7 +105,7 @@ $mn++; $yr += 1900; $taskname = "backup_${yr}_${mn}_${dy}_${h}_${m}_${s}"; if ($archivedir eq "") { - $archivedir = "${bakdir}{{SEP}}bak{{SEP}}${yr}_${mn}_${dy}_${h}_${m}_${s}"; + $archivedir = "${mybakdir}{{SEP}}${yr}_${mn}_${dy}_${h}_${m}_${s}"; } $dn = "dn: cn=$taskname, cn=backup, cn=tasks, cn=config\n"; $misc = "changetype: add\nobjectclass: top\nobjectclass: extensibleObject\n"; From fedora-directory-commits at redhat.com Mon Mar 19 23:01:41 2007 From: fedora-directory-commits at redhat.com (Noriko Hosoi (nhosoi)) Date: Mon, 19 Mar 2007 19:01:41 -0400 Subject: [Fedora-directory-commits] ldapserver/ldap/admin/src/scripts template-db2bak.pl.in, 1.5, 1.6 template-db2ldif.pl.in, 1.4, 1.5 Message-ID: <200703192301.l2JN1foA023982@cvs-int.fedora.redhat.com> Author: nhosoi Update of /cvs/dirsec/ldapserver/ldap/admin/src/scripts In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv19867 Modified Files: template-db2bak.pl.in template-db2ldif.pl.in Log Message: Resolves: #233027 Summary: make db2bak.pl & db2ldif.pl user more user-friendly Index: template-db2bak.pl.in =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/admin/src/scripts/template-db2bak.pl.in,v retrieving revision 1.5 retrieving revision 1.6 diff -u -r1.5 -r1.6 --- template-db2bak.pl.in 19 Mar 2007 17:49:53 -0000 1.5 +++ template-db2bak.pl.in 19 Mar 2007 23:01:39 -0000 1.6 @@ -118,6 +118,7 @@ $ENV{'PATH'} = "$prefix at ldapsdk_bindir@:$prefix/usr/bin:@ldapsdk_bindir@:/usr/bin"; $ENV{'LD_LIBRARY_PATH'} = "$prefix at nss_libdir@:$prefix/usr/lib:@nss_libdir@:/usr/lib"; $ENV{'SHLIB_PATH'} = "$prefix at nss_libdir@:$prefix/usr/lib:@nss_libdir@:/usr/lib"; +print("Back up directory: $archivedir\n"); open(FOO, "| ldapmodify $vstr -h {{SERVER-NAME}} -p {{SERVER-PORT}} -D \"$rootdn\" -w \"$passwd\" -a" ); print(FOO "$entry"); close(FOO); Index: template-db2ldif.pl.in =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/admin/src/scripts/template-db2ldif.pl.in,v retrieving revision 1.4 retrieving revision 1.5 diff -u -r1.4 -r1.5 --- template-db2ldif.pl.in 12 Feb 2007 19:55:10 -0000 1.4 +++ template-db2ldif.pl.in 19 Mar 2007 23:01:39 -0000 1.5 @@ -195,22 +195,32 @@ ($s, $m, $h, $dy, $mn, $yr, $wdy, $ydy, $r) = localtime(time); $mn++; $yr += 1900; $taskname = "export_${yr}_${mn}_${dy}_${h}_${m}_${s}"; -if ($ldiffile eq "") { - $ldiffile = "${ldifdir}{{SEP}}${servid}-${yr}_${mn}_${dy}_${h}_${m}_${s}.ldif"; -} $dn = "dn: cn=$taskname, cn=export, cn=tasks, cn=config\n"; $misc = "changetype: add\nobjectclass: top\nobjectclass: extensibleObject\n"; $cn = "cn: $taskname\n"; $i = 0; +$be = ""; $nsinstance = ""; while ("" ne "$instances[$i]") { $nsinstance = "${nsinstance}nsInstance: $instances[$i]\n"; + if ( "" eq "$be" ) { + $be = "$instances[$i]"; + } else { + $be = "${be}-$instances[$i]"; + } $i++; } $i = 0; $nsincluded = ""; while ("" ne "$included[$i]") { $nsincluded = "${nsincluded}nsIncludeSuffix: $included[$i]\n"; + my ($rdn, $rest) = split(/,/, $included[$i]); + my ($rest, $tmpbe) = split(/=/, $rdn); + if ( "" eq "$be" ) { + $be = "$tmpbe"; + } else { + $be = "${be}-$tmpbe"; + } $i++; } $i = 0; @@ -219,6 +229,9 @@ $nsexcluded = "${nsexcluded}nsExcludeSuffix: $excluded[$i]\n"; $i++; } +if ($ldiffile eq "") { + $ldiffile = "${ldifdir}{{SEP}}${servid}-${be}-${yr}_${mn}_${dy}_${h}_${m}_${s}.ldif"; +} $nsreplica = ""; if ($doreplica != 0) { $nsreplica = "nsExportReplica: true\n"; } $nsnobase64 = ""; @@ -245,6 +258,7 @@ $ENV{'PATH'} = "$prefix at ldapsdk_bindir@:$prefix/usr/bin:@ldapsdk_bindir@:/usr/bin"; $ENV{'LD_LIBRARY_PATH'} = "$prefix at nss_libdir@:$prefix/usr/lib:@nss_libdir@:/usr/lib"; $ENV{'SHLIB_PATH'} = "$prefix at nss_libdir@:$prefix/usr/lib:@nss_libdir@:/usr/lib"; +print("Exported ldif file: ${ldiffile}\n"); open(FOO, "| ldapmodify $vstr -h {{SERVER-NAME}} -p {{SERVER-PORT}} -D \"$rootdn\" -w \"$passwd\" -a" ); print(FOO "$entry"); close(FOO); From fedora-directory-commits at redhat.com Tue Mar 20 01:15:34 2007 From: fedora-directory-commits at redhat.com (Noriko Hosoi (nhosoi)) Date: Mon, 19 Mar 2007 21:15:34 -0400 Subject: [Fedora-directory-commits] ldapserver/ldap/admin/src/scripts template-db2bak.in, 1.5, 1.6 template-db2bak.pl.in, 1.6, 1.7 template-db2ldif.in, 1.5, 1.6 template-db2ldif.pl.in, 1.5, 1.6 Message-ID: <200703200115.l2K1FYOx008897@cvs-int.fedora.redhat.com> Author: nhosoi Update of /cvs/dirsec/ldapserver/ldap/admin/src/scripts In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv8852 Modified Files: template-db2bak.in template-db2bak.pl.in template-db2ldif.in template-db2ldif.pl.in Log Message: Resolves: #233027 Summary: make db2bak.pl & db2ldif.pl user more user-friendly (Comment #4) Changes: 1) Found db2bak, db2bak.pl, and db2ldif do not backup/export into the dir/file which do not start with the string. It could cause the difficulty to find out which server instance does the backup/exported file belongs to. Also, to make them consistent with db2ldif.pl, added the "server id" string to the back up dir name/exported ldif file name. 2) db2ldif[.pl] takes -M option. With the -M option, the server adds backend name to the ldif file name. To reduce the redundancy, stopped adding the backend name if -M is set. 3) made the ldif file name db2ldif generates consistent with the one db2ldif.pl generates. Index: template-db2bak.in =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/admin/src/scripts/template-db2bak.in,v retrieving revision 1.5 retrieving revision 1.6 diff -u -r1.5 -r1.6 --- template-db2bak.in 12 Feb 2007 19:55:10 -0000 1.5 +++ template-db2bak.in 20 Mar 2007 01:15:32 -0000 1.6 @@ -17,7 +17,8 @@ then bak_dir=$1 else - bak_dir={{BAK-DIR}}/`date +%Y_%m_%d_%H_%M_%S` + bak_dir={{BAK-DIR}}/{{SERV-ID}}-`date +%Y_%m_%d_%H_%M_%S` fi +echo "Back up directory: $bak_dir" ./ns-slapd db2archive -D {{CONFIG-DIR}} -a $bak_dir Index: template-db2bak.pl.in =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/admin/src/scripts/template-db2bak.pl.in,v retrieving revision 1.6 retrieving revision 1.7 diff -u -r1.6 -r1.7 --- template-db2bak.pl.in 19 Mar 2007 23:01:39 -0000 1.6 +++ template-db2bak.pl.in 20 Mar 2007 01:15:32 -0000 1.7 @@ -105,7 +105,7 @@ $mn++; $yr += 1900; $taskname = "backup_${yr}_${mn}_${dy}_${h}_${m}_${s}"; if ($archivedir eq "") { - $archivedir = "${mybakdir}{{SEP}}${yr}_${mn}_${dy}_${h}_${m}_${s}"; + $archivedir = "${mybakdir}{{SEP}}{{SERV-ID}}-${yr}_${mn}_${dy}_${h}_${m}_${s}"; } $dn = "dn: cn=$taskname, cn=backup, cn=tasks, cn=config\n"; $misc = "changetype: add\nobjectclass: top\nobjectclass: extensibleObject\n"; Index: template-db2ldif.in =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/admin/src/scripts/template-db2ldif.in,v retrieving revision 1.5 retrieving revision 1.6 diff -u -r1.5 -r1.6 --- template-db2ldif.in 12 Feb 2007 19:55:10 -0000 1.5 +++ template-db2ldif.in 20 Mar 2007 01:15:32 -0000 1.6 @@ -12,34 +12,62 @@ SHLIB_PATH=$LD_LIBRARY_PATH export SHLIB_PATH +make_ldiffile() +{ + nobe=0 + while [ "$1" != "" ] + do + if [ "$1" = '-a' ]; then + shift + echo $1 + return 1 + elif [ "$1" = '-n' ]; then + shift + if [ "$be" = "" ]; then + be="$1" + else + tmpbe="$be" + be="${tmpbe}-$1" + fi + elif [ "$1" = '-s' ]; then + shift + rdn=`echo $1 | awk -F, '{print $1}'` + rdnval=`echo $rdn | awk -F= '{print $2}'` + if [ "$be" = "" ]; then + be="$rdnval" + else + tmpbe="$be" + be="${tmpbe}-$rdnval" + fi + elif [ "$1" = '-M' ]; then + nobe=1 + fi + shift + done + + if [ $nobe -eq 0 ]; then + echo {{LDIF-DIR}}/{{SERV-ID}}-${be}-`date +%Y_%m_%d_%H%M%S`.ldif + else + echo {{LDIF-DIR}}/{{SERV-ID}}-`date +%Y_%m_%d_%H%M%S`.ldif + fi + return 0 +} + cd {{SERVERBIN-DIR}} if [ "$#" -lt 2 ]; then - echo "Usage: db2ldif {-n backend_instance}* | {-s includesuffix}*" - echo " [{-x excludesuffix}*] [-a outputfile]" - echo " [-N] [-r] [-C] [-u] [-U] [-m] [-M] [-1]" - echo "Note: either \"-n backend_instance\" or \"-s includesuffix\" is required." - exit 1 + echo "Usage: db2ldif {-n backend_instance}* | {-s includesuffix}*" + echo " [{-x excludesuffix}*] [-a outputfile]" + echo " [-N] [-r] [-C] [-u] [-U] [-m] [-M] [-1]" + echo "Note: either \"-n backend_instance\" or \"-s includesuffix\" is required." + exit 1 fi -set_ldif=0 -ldif_file="mydummy" -for arg in "$@" -do - if [ "$arg" = '-a' ]; - then - set_ldif=1 - elif [ $set_ldif -eq 1 ]; - then - ldif_file=$arg - set_ldif=2 - fi -done -if [ $ldif_file = "mydummy" ] -then - ldif_file={{LDIF-DIR}}/`date +%Y_%m_%d_%H%M%S`.ldif -fi -if [ $set_ldif -eq 2 ] +ldif_file=`make_ldiffile $@` +rn=$? + +echo "Exported ldif file: $ldif_file" +if [ $rn -eq 1 ] then ./ns-slapd db2ldif -D {{CONFIG-DIR}} "$@" else Index: template-db2ldif.pl.in =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/admin/src/scripts/template-db2ldif.pl.in,v retrieving revision 1.5 retrieving revision 1.6 diff -u -r1.5 -r1.6 --- template-db2ldif.pl.in 19 Mar 2007 23:01:39 -0000 1.5 +++ template-db2ldif.pl.in 20 Mar 2007 01:15:32 -0000 1.6 @@ -230,7 +230,11 @@ $i++; } if ($ldiffile eq "") { - $ldiffile = "${ldifdir}{{SEP}}${servid}-${be}-${yr}_${mn}_${dy}_${h}_${m}_${s}.ldif"; + if ($onefile == 0) { + $ldiffile = "${ldifdir}{{SEP}}${servid}-${yr}_${mn}_${dy}_${h}_${m}_${s}.ldif"; + } else { + $ldiffile = "${ldifdir}{{SEP}}${servid}-${be}-${yr}_${mn}_${dy}_${h}_${m}_${s}.ldif"; + } } $nsreplica = ""; if ($doreplica != 0) { $nsreplica = "nsExportReplica: true\n"; } From fedora-directory-commits at redhat.com Tue Mar 20 18:46:48 2007 From: fedora-directory-commits at redhat.com (Richard Allen Megginson (rmeggins)) Date: Tue, 20 Mar 2007 14:46:48 -0400 Subject: [Fedora-directory-commits] ldapserver configure.ac, 1.24, 1.25 aclocal.m4, 1.27, 1.28 configure, 1.36, 1.37 missing, 1.21, 1.22 install-sh, 1.21, 1.22 depcomp, 1.21, 1.22 compile, 1.21, 1.22 Makefile.in, 1.39, 1.40 config.sub, 1.20, 1.21 config.guess, 1.20, 1.21 ltmain.sh, 1.12, 1.13 Message-ID: <200703201846.l2KIkmPf025542@cvs-int.fedora.redhat.com> Author: rmeggins Update of /cvs/dirsec/ldapserver In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv25493 Modified Files: configure.ac aclocal.m4 configure missing install-sh depcomp compile Makefile.in config.sub config.guess ltmain.sh Log Message: Bump version to 1.1.0 alpha 3 (1.1.0a3) Index: configure.ac =================================================================== RCS file: /cvs/dirsec/ldapserver/configure.ac,v retrieving revision 1.24 retrieving revision 1.25 diff -u -r1.24 -r1.25 --- configure.ac 27 Feb 2007 02:57:24 -0000 1.24 +++ configure.ac 20 Mar 2007 18:46:45 -0000 1.25 @@ -2,7 +2,7 @@ # Process this file with autoconf to produce a configure script. AC_PREREQ(2.59) # This version is the version returned by ns-slapd -v -AC_INIT([fedora-ds], [1.1.0a2], [http://bugzilla.redhat.com/]) +AC_INIT([fedora-ds], [1.1.0a3], [http://bugzilla.redhat.com/]) # AC_CONFIG_HEADER must be called right after AC_INIT. AC_CONFIG_HEADERS([config.h]) AM_INIT_AUTOMAKE([1.9 foreign subdir-objects]) Index: configure =================================================================== RCS file: /cvs/dirsec/ldapserver/configure,v retrieving revision 1.36 retrieving revision 1.37 diff -u -r1.36 -r1.37 --- configure 16 Mar 2007 23:06:57 -0000 1.36 +++ configure 20 Mar 2007 18:46:45 -0000 1.37 @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.59 for fedora-ds 1.1.0a2. +# Generated by GNU Autoconf 2.59 for fedora-ds 1.1.0a3. # # Report bugs to . # @@ -423,8 +423,8 @@ # Identity of this package. PACKAGE_NAME='fedora-ds' PACKAGE_TARNAME='fedora-ds' -PACKAGE_VERSION='1.1.0a2' -PACKAGE_STRING='fedora-ds 1.1.0a2' +PACKAGE_VERSION='1.1.0a3' +PACKAGE_STRING='fedora-ds 1.1.0a3' PACKAGE_BUGREPORT='http://bugzilla.redhat.com/' # Factoring default headers for most tests. @@ -954,7 +954,7 @@ # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures fedora-ds 1.1.0a2 to adapt to many kinds of systems. +\`configure' configures fedora-ds 1.1.0a3 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1020,7 +1020,7 @@ if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of fedora-ds 1.1.0a2:";; + short | recursive ) echo "Configuration of fedora-ds 1.1.0a3:";; esac cat <<\_ACEOF @@ -1197,7 +1197,7 @@ test -n "$ac_init_help" && exit 0 if $ac_init_version; then cat <<\_ACEOF -fedora-ds configure 1.1.0a2 +fedora-ds configure 1.1.0a3 generated by GNU Autoconf 2.59 Copyright (C) 2003 Free Software Foundation, Inc. @@ -1211,7 +1211,7 @@ This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by fedora-ds $as_me 1.1.0a2, which was +It was created by fedora-ds $as_me 1.1.0a3, which was generated by GNU Autoconf 2.59. Invocation command line was $ $0 $@ @@ -1857,7 +1857,7 @@ # Define the identity of the package. PACKAGE='fedora-ds' - VERSION='1.1.0a2' + VERSION='1.1.0a3' cat >>confdefs.h <<_ACEOF @@ -25527,7 +25527,7 @@ } >&5 cat >&5 <<_CSEOF -This file was extended by fedora-ds $as_me 1.1.0a2, which was +This file was extended by fedora-ds $as_me 1.1.0a3, which was generated by GNU Autoconf 2.59. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -25590,7 +25590,7 @@ cat >>$CONFIG_STATUS <<_ACEOF ac_cs_version="\\ -fedora-ds config.status 1.1.0a2 +fedora-ds config.status 1.1.0a3 configured by $0, generated by GNU Autoconf 2.59, with options \\"`echo "$ac_configure_args" | sed 's/[\\""\`\$]/\\\\&/g'`\\" Index: ltmain.sh =================================================================== RCS file: /cvs/dirsec/ldapserver/ltmain.sh,v retrieving revision 1.12 retrieving revision 1.13 diff -u -r1.12 -r1.13 --- ltmain.sh 27 Feb 2007 02:57:24 -0000 1.12 +++ ltmain.sh 20 Mar 2007 18:46:45 -0000 1.13 @@ -46,10 +46,16 @@ VERSION=1.5.22 TIMESTAMP=" (1.1220.2.365 2005/12/18 22:14:06)" -# See if we are running on zsh, and set the options which allow our -# commands through without removal of \ escapes. -if test -n "${ZSH_VERSION+set}" ; then +# Be Bourne compatible (taken from Autoconf:_AS_BOURNE_COMPATIBLE). +if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then + emulate sh + NULLCMD=: + # Zsh 3.x and 4.x performs word splitting on ${1+"$@"}, which + # is contrary to our usage. Disable this feature. + alias -g '${1+"$@"}'='"$@"' setopt NO_GLOB_SUBST +else + case `(set -o) 2>/dev/null` in *posix*) set -o posix;; esac fi # Check that we have a working $echo. @@ -105,12 +111,14 @@ # These must not be set unconditionally because not all systems understand # e.g. LANG=C (notably SCO). # We save the old values to restore during execute mode. -if test "${LC_ALL+set}" = set; then - save_LC_ALL="$LC_ALL"; LC_ALL=C; export LC_ALL -fi -if test "${LANG+set}" = set; then - save_LANG="$LANG"; LANG=C; export LANG -fi +for lt_var in LANG LC_ALL LC_CTYPE LC_COLLATE LC_MESSAGES +do + eval "if test \"\${$lt_var+set}\" = set; then + save_$lt_var=\$$lt_var + $lt_var=C + export $lt_var + fi" +done # Make sure IFS has a sensible default lt_nl=' @@ -136,6 +144,8 @@ preserve_args= lo2o="s/\\.lo\$/.${objext}/" o2lo="s/\\.${objext}\$/.lo/" +extracted_archives= +extracted_serial=0 ##################################### # Shell function definitions: @@ -327,7 +337,17 @@ *) my_xabs=`pwd`"/$my_xlib" ;; esac my_xlib=`$echo "X$my_xlib" | $Xsed -e 's%^.*/%%'` - my_xdir="$my_gentop/$my_xlib" + my_xlib_u=$my_xlib + while :; do + case " $extracted_archives " in + *" $my_xlib_u "*) + extracted_serial=`expr $extracted_serial + 1` + my_xlib_u=lt$extracted_serial-$my_xlib ;; + *) break ;; + esac + done + extracted_archives="$extracted_archives $my_xlib_u" + my_xdir="$my_gentop/$my_xlib_u" $show "${rm}r $my_xdir" $run ${rm}r "$my_xdir" @@ -758,6 +778,7 @@ *.f90) xform=f90 ;; *.for) xform=for ;; *.java) xform=java ;; + *.obj) xform=obj ;; esac libobj=`$echo "X$libobj" | $Xsed -e "s/\.$xform$/.lo/"` @@ -1138,8 +1159,9 @@ for arg do case $arg in - -all-static | -static) - if test "X$arg" = "X-all-static"; then + -all-static | -static | -static-libtool-libs) + case $arg in + -all-static) if test "$build_libtool_libs" = yes && test -z "$link_static_flag"; then $echo "$modename: warning: complete static linking is impossible in this configuration" 1>&2 fi @@ -1147,12 +1169,20 @@ dlopen_self=$dlopen_self_static fi prefer_static_libs=yes - else + ;; + -static) if test -z "$pic_flag" && test -n "$link_static_flag"; then dlopen_self=$dlopen_self_static fi prefer_static_libs=built - fi + ;; + -static-libtool-libs) + if test -z "$pic_flag" && test -n "$link_static_flag"; then + dlopen_self=$dlopen_self_static + fi + prefer_static_libs=yes + ;; + esac build_libtool_libs=no build_old_libs=yes break @@ -1712,7 +1742,7 @@ continue ;; - -static) + -static | -static-libtool-libs) # The effects of -static are defined in a previous loop. # We used to do the same as -all-static on platforms that # didn't have a PIC flag, but the assumption that the effects @@ -2490,7 +2520,9 @@ if test "$linkmode,$pass" = "prog,link"; then if test -n "$library_names" && - { test "$prefer_static_libs" = no || test -z "$old_library"; }; then + { { test "$prefer_static_libs" = no || + test "$prefer_static_libs,$installed" = "built,yes"; } || + test -z "$old_library"; }; then # We need to hardcode the library path if test -n "$shlibpath_var" && test -z "$avoidtemprpath" ; then # Make sure the rpath contains only unique directories. @@ -3186,7 +3218,7 @@ # which has an extra 1 added just for fun # case $version_type in - darwin|linux|osf|windows) + darwin|linux|osf|windows|none) current=`expr $number_major + $number_minor` age="$number_minor" revision="$number_revision" @@ -3410,11 +3442,11 @@ fi # Eliminate all temporary directories. - for path in $notinst_path; do - lib_search_path=`$echo "$lib_search_path " | ${SED} -e "s% $path % %g"` - deplibs=`$echo "$deplibs " | ${SED} -e "s% -L$path % %g"` - dependency_libs=`$echo "$dependency_libs " | ${SED} -e "s% -L$path % %g"` - done +# for path in $notinst_path; do +# lib_search_path=`$echo "$lib_search_path " | ${SED} -e "s% $path % %g"` +# deplibs=`$echo "$deplibs " | ${SED} -e "s% -L$path % %g"` +# dependency_libs=`$echo "$dependency_libs " | ${SED} -e "s% -L$path % %g"` +# done if test -n "$xrpath"; then # If the user specified any rpath flags, then add them. @@ -3515,13 +3547,12 @@ int main() { return 0; } EOF $rm conftest - $LTCC $LTCFLAGS -o conftest conftest.c $deplibs - if test "$?" -eq 0 ; then + if $LTCC $LTCFLAGS -o conftest conftest.c $deplibs; then ldd_output=`ldd conftest` for i in $deplibs; do name=`expr $i : '-l\(.*\)'` # If $name is empty we are operating on a -L argument. - if test "$name" != "" && test "$name" -ne "0"; then + if test "$name" != "" && test "$name" != "0"; then if test "X$allow_libtool_libs_with_static_runtimes" = "Xyes" ; then case " $predeps $postdeps " in *" $i "*) @@ -3560,9 +3591,7 @@ # If $name is empty we are operating on a -L argument. if test "$name" != "" && test "$name" != "0"; then $rm conftest - $LTCC $LTCFLAGS -o conftest conftest.c $i - # Did it work? - if test "$?" -eq 0 ; then + if $LTCC $LTCFLAGS -o conftest conftest.c $i; then ldd_output=`ldd conftest` if test "X$allow_libtool_libs_with_static_runtimes" = "Xyes" ; then case " $predeps $postdeps " in @@ -3594,7 +3623,7 @@ droppeddeps=yes $echo $echo "*** Warning! Library $i is needed by this library but I was not able to" - $echo "*** make it link in! You will probably need to install it or some" + $echo "*** make it link in! You will probably need to install it or some" $echo "*** library that it depends on before this library will be fully" $echo "*** functional. Installing it before continuing would be even better." fi @@ -4239,12 +4268,14 @@ reload_conv_objs= gentop= # reload_cmds runs $LD directly, so let us get rid of - # -Wl from whole_archive_flag_spec + # -Wl from whole_archive_flag_spec and hope we can get by with + # turning comma into space.. wl= if test -n "$convenience"; then if test -n "$whole_archive_flag_spec"; then - eval reload_conv_objs=\"\$reload_objs $whole_archive_flag_spec\" + eval tmp_whole_archive_flags=\"$whole_archive_flag_spec\" + reload_conv_objs=$reload_objs\ `$echo "X$tmp_whole_archive_flags" | $Xsed -e 's|,| |g'` else gentop="$output_objdir/${obj}x" generated="$generated $gentop" @@ -4692,16 +4723,16 @@ case $host in *cygwin* | *mingw* ) if test -f "$output_objdir/${outputname}.def" ; then - compile_command=`$echo "X$compile_command" | $Xsed -e "s%@SYMFILE@%$output_objdir/${outputname}.def $output_objdir/${outputname}S.${objext}%"` - finalize_command=`$echo "X$finalize_command" | $Xsed -e "s%@SYMFILE@%$output_objdir/${outputname}.def $output_objdir/${outputname}S.${objext}%"` + compile_command=`$echo "X$compile_command" | $SP2NL | $Xsed -e "s%@SYMFILE@%$output_objdir/${outputname}.def $output_objdir/${outputname}S.${objext}%" | $NL2SP` + finalize_command=`$echo "X$finalize_command" | $SP2NL | $Xsed -e "s%@SYMFILE@%$output_objdir/${outputname}.def $output_objdir/${outputname}S.${objext}%" | $NL2SP` else - compile_command=`$echo "X$compile_command" | $Xsed -e "s%@SYMFILE@%$output_objdir/${outputname}S.${objext}%"` - finalize_command=`$echo "X$finalize_command" | $Xsed -e "s%@SYMFILE@%$output_objdir/${outputname}S.${objext}%"` + compile_command=`$echo "X$compile_command" | $SP2NL | $Xsed -e "s%@SYMFILE@%$output_objdir/${outputname}S.${objext}%" | $NL2SP` + finalize_command=`$echo "X$finalize_command" | $SP2NL | $Xsed -e "s%@SYMFILE@%$output_objdir/${outputname}S.${objext}%" | $NL2SP` fi ;; * ) - compile_command=`$echo "X$compile_command" | $Xsed -e "s%@SYMFILE@%$output_objdir/${outputname}S.${objext}%"` - finalize_command=`$echo "X$finalize_command" | $Xsed -e "s%@SYMFILE@%$output_objdir/${outputname}S.${objext}%"` + compile_command=`$echo "X$compile_command" | $SP2NL | $Xsed -e "s%@SYMFILE@%$output_objdir/${outputname}S.${objext}%" | $NL2SP` + finalize_command=`$echo "X$finalize_command" | $SP2NL | $Xsed -e "s%@SYMFILE@%$output_objdir/${outputname}S.${objext}%" | $NL2SP` ;; esac ;; @@ -4716,13 +4747,13 @@ # really was required. # Nullify the symbol file. - compile_command=`$echo "X$compile_command" | $Xsed -e "s% @SYMFILE@%%"` - finalize_command=`$echo "X$finalize_command" | $Xsed -e "s% @SYMFILE@%%"` + compile_command=`$echo "X$compile_command" | $SP2NL | $Xsed -e "s% @SYMFILE@%%" | $NL2SP` + finalize_command=`$echo "X$finalize_command" | $SP2NL | $Xsed -e "s% @SYMFILE@%%" | $NL2SP` fi if test "$need_relink" = no || test "$build_libtool_libs" != yes; then # Replace the output file specification. - compile_command=`$echo "X$compile_command" | $Xsed -e 's%@OUTPUT@%'"$output"'%g'` + compile_command=`$echo "X$compile_command" | $SP2NL | $Xsed -e 's%@OUTPUT@%'"$output"'%g' | $NL2SP` link_command="$compile_command$compile_rpath" # We have no uninstalled library dependencies, so finalize right now. @@ -4809,7 +4840,7 @@ if test "$fast_install" != no; then link_command="$finalize_var$compile_command$finalize_rpath" if test "$fast_install" = yes; then - relink_command=`$echo "X$compile_var$compile_command$compile_rpath" | $Xsed -e 's%@OUTPUT@%\$progdir/\$file%g'` + relink_command=`$echo "X$compile_var$compile_command$compile_rpath" | $SP2NL | $Xsed -e 's%@OUTPUT@%\$progdir/\$file%g' | $NL2SP` else # fast_install is set to needless relink_command= @@ -4846,7 +4877,7 @@ fi done relink_command="(cd `pwd`; $relink_command)" - relink_command=`$echo "X$relink_command" | $Xsed -e "$sed_quote_subst"` + relink_command=`$echo "X$relink_command" | $SP2NL | $Xsed -e "$sed_quote_subst" | $NL2SP` fi # Quote $echo for shipping. @@ -5253,6 +5284,18 @@ Xsed='${SED} -e 1s/^X//' sed_quote_subst='$sed_quote_subst' +# Be Bourne compatible (taken from Autoconf:_AS_BOURNE_COMPATIBLE). +if test -n \"\${ZSH_VERSION+set}\" && (emulate sh) >/dev/null 2>&1; then + emulate sh + NULLCMD=: + # Zsh 3.x and 4.x performs word splitting on \${1+\"\$@\"}, which + # is contrary to our usage. Disable this feature. + alias -g '\${1+\"\$@\"}'='\"\$@\"' + setopt NO_GLOB_SUBST +else + case \`(set -o) 2>/dev/null\` in *posix*) set -o posix;; esac +fi + # The HP-UX ksh and POSIX shell print the target directory to stdout # if CDPATH is set. (unset CDPATH) >/dev/null 2>&1 && unset CDPATH @@ -5395,7 +5438,7 @@ ;; esac $echo >> $output "\ - \$echo \"\$0: cannot exec \$program \${1+\"\$@\"}\" + \$echo \"\$0: cannot exec \$program \$*\" exit $EXIT_FAILURE fi else @@ -5581,7 +5624,7 @@ done # Quote the link command for shipping. relink_command="(cd `pwd`; $SHELL $progpath $preserve_args --mode=relink $libtool_args @inst_prefix_dir@)" - relink_command=`$echo "X$relink_command" | $Xsed -e "$sed_quote_subst"` + relink_command=`$echo "X$relink_command" | $SP2NL | $Xsed -e "$sed_quote_subst" | $NL2SP` if test "$hardcode_automatic" = yes ; then relink_command= fi @@ -5926,9 +5969,9 @@ if test -n "$inst_prefix_dir"; then # Stick the inst_prefix_dir data into the link command. - relink_command=`$echo "$relink_command" | $SED "s%@inst_prefix_dir@%-inst-prefix-dir $inst_prefix_dir%"` + relink_command=`$echo "$relink_command" | $SP2NL | $SED "s%@inst_prefix_dir@%-inst-prefix-dir $inst_prefix_dir%" | $NL2SP` else - relink_command=`$echo "$relink_command" | $SED "s%@inst_prefix_dir@%%"` + relink_command=`$echo "$relink_command" | $SP2NL | $SED "s%@inst_prefix_dir@%%" | $NL2SP` fi $echo "$modename: warning: relinking \`$file'" 1>&2 @@ -6137,7 +6180,7 @@ file=`$echo "X$file$stripped_ext" | $Xsed -e 's%^.*/%%'` outputname="$tmpdir/$file" # Replace the output file specification. - relink_command=`$echo "X$relink_command" | $Xsed -e 's%@OUTPUT@%'"$outputname"'%g'` + relink_command=`$echo "X$relink_command" | $SP2NL | $Xsed -e 's%@OUTPUT@%'"$outputname"'%g' | $NL2SP` $show "$relink_command" if $run eval "$relink_command"; then : @@ -6413,12 +6456,15 @@ fi # Restore saved environment variables - if test "${save_LC_ALL+set}" = set; then - LC_ALL="$save_LC_ALL"; export LC_ALL - fi - if test "${save_LANG+set}" = set; then - LANG="$save_LANG"; export LANG - fi + for lt_var in LANG LC_ALL LC_CTYPE LC_COLLATE LC_MESSAGES + do + eval "if test \"\${save_$lt_var+set}\" = set; then + $lt_var=\$save_$lt_var; export $lt_var + else + $lt_unset $lt_var + fi" + done + # Now prepare to actually exec the command. exec_cmd="\$cmd$args" @@ -6775,9 +6821,9 @@ -dlpreopen FILE link in FILE and add its symbols to lt_preloaded_symbols -export-dynamic allow symbols from OUTPUT-FILE to be resolved with dlsym(3) -export-symbols SYMFILE - try to export only the symbols listed in SYMFILE + try to export only the symbols listed in SYMFILE -export-symbols-regex REGEX - try to export only the symbols matching REGEX + try to export only the symbols matching REGEX -LLIBDIR search LIBDIR for required installed libraries -lNAME OUTPUT-FILE requires the installed library libNAME -module build a library that can dlopened @@ -6791,9 +6837,11 @@ -release RELEASE specify package release information -rpath LIBDIR the created library will eventually be installed in LIBDIR -R[ ]LIBDIR add LIBDIR to the runtime path of programs and libraries - -static do not do any dynamic linking of libtool libraries + -static do not do any dynamic linking of uninstalled libtool libraries + -static-libtool-libs + do not do any dynamic linking of libtool libraries -version-info CURRENT[:REVISION[:AGE]] - specify library version info [each variable defaults to 0] + specify library version info [each variable defaults to 0] All other options (arguments beginning with \`-') are ignored. From fedora-directory-commits at redhat.com Wed Mar 21 17:43:00 2007 From: fedora-directory-commits at redhat.com (Noriko Hosoi (nhosoi)) Date: Wed, 21 Mar 2007 13:43:00 -0400 Subject: [Fedora-directory-commits] ldapserver/ldap/admin/src/scripts template-verify-db.pl.in, 1.6, 1.7 Message-ID: <200703211743.l2LHh0V8019787@cvs-int.fedora.redhat.com> Author: nhosoi Update of /cvs/dirsec/ldapserver/ldap/admin/src/scripts In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv19769 Modified Files: template-verify-db.pl.in Log Message: Resolves: #233215 Summary: verify-db.pl still assumes the db dir is always in the instance dir Changes: 0) eliminated the "current directory" from the utility. Now, it can be run from any location. 1) updated to take a new option [-a ] to allow specifying the db dir/changelog dir; by default the start point is "db_dir" (nsslapd-directory in cn=config,cn=ldbm database,cn=plugins,cn=config) 2) instead of assuming the db dir structure (e.g., db//), now it checks all the db files found under the specified path. This allows to run the utility against the backup files, as well. Index: template-verify-db.pl.in =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/admin/src/scripts/template-verify-db.pl.in,v retrieving revision 1.6 retrieving revision 1.7 diff -u -r1.6 -r1.7 --- template-verify-db.pl.in 12 Feb 2007 19:55:10 -0000 1.6 +++ template-verify-db.pl.in 21 Mar 2007 17:42:58 -0000 1.7 @@ -38,68 +38,121 @@ # END COPYRIGHT BLOCK # +sub usage +{ + print "Usage: $0 [ -a ]\n"; +} + +# getDbDir checks up to 4 levels of db dirs +# e.g., /db// sub getDbDir { - (my $here) = @_; - my @dbdirs = (); + (my $here) = @_; + my @dbdirs = (); - opendir(DIR, $here) or die "can't opendir $here : $!"; - while (defined($dir = readdir(DIR))) + opendir(DIR0, $here) or die "can't opendir $here : $!"; + while (defined(my $file0 = readdir(DIR0))) + { + if ( "$file0" eq "\." || "$file0" eq "\.\." ) + { + ; + } + elsif ( "$file0" eq "DBVERSION" ) + { + $#dbdirs++; + $dbdirs[$#dbdirs] = $here; + } + elsif ( -d $here . "{{SEP}}" . $file0 ) { - my $thisdir; - if ("$here" eq ".") + opendir(DIR1, $here . "{{SEP}}" . $file0) or die "can't opendir $file0 : $!"; + while (defined(my $file1 = readdir(DIR1))) + { + if ( "$file1" eq "\." || "$file1" eq "\.\." ) { - $thisdir = $dir; + ; } - else + elsif ( "$file1" eq "DBVERSION" ) { - $thisdir = $here . "{{SEP}}" . $dir; + $#dbdirs++; + $dbdirs[$#dbdirs] = $here . "{{SEP}}" . $file0; } - if (-d $thisdir) + elsif ( -d $here . "{{SEP}}" . $file0 . "{{SEP}}" . $file1 ) { - if (!($thisdir =~ /\./)) + opendir(DIR2, $here . "{{SEP}}" . $file0 . "{{SEP}}" . $file1) or die "can't opendir $file1 : $!"; + while (defined(my $file2 = readdir(DIR2))) + { + if ( "$file2" eq "\." || "$file2" eq "\.\." ) { - opendir(SUBDIR, "$thisdir") or die "can't opendir $thisdir : $!"; - while (defined($file = readdir(SUBDIR))) + ; + } + elsif ("$file2" eq "DBVERSION") + { + $#dbdirs++; + $dbdirs[$#dbdirs] = $here . "{{SEP}}" . $file0 . "{{SEP}}" . $file1; + } + elsif ( -d $here . "{{SEP}}" . $file0 . "{{SEP}}" . $file1 . "{{SEP}}" . $file2 ) + { + opendir(DIR3, $here . "{{SEP}}" . $file0 . "{{SEP}}" . $file1 . "{{SEP}}" . $file2) or die "can't opendir $file1 : $!"; + while (defined(my $file3 = readdir(DIR3))) + { + if ( "$file3" eq "\." || "$file3" eq "\.\." ) + { + ; + } + elsif ("$file3" eq "DBVERSION") { - if ($file eq "DBVERSION") - { - $#dbdirs++; - $dbdirs[$#dbdirs] = $thisdir; - } + $#dbdirs++; + $dbdirs[$#dbdirs] = $here . "{{SEP}}" . $file0 . "{{SEP}}" . $file1 . "{{SEP}}" . $file2; } - closedir(SUBDIR); + } + closedir(DIR3); } + } + closedir(DIR2); } + } + closedir(DIR1); } - closedir(DIR); + } + closedir(DIR0); - return \@dbdirs; + return \@dbdirs; } sub getLastLogfile { - (my $here) = @_; - my $logfile = ""; + (my $here) = @_; + my $logfile = ""; - opendir(DIR, $here) or die "can't opendir $here : $!"; - while (defined($file = readdir(DIR))) + opendir(DIR, $here) or die "can't opendir $here : $!"; + while (defined($file = readdir(DIR))) + { + if ($file =~ /log./) { - if ($file =~ /log./) - { - $logfile = $file; - } + $logfile = $file; } - closedir(DIR); + } + closedir(DIR); - return \$logfile; + return \$logfile; } $isWin = -d '\\'; if ($isWin) { - $NULL = "nul"; + $NULL = "nul"; } else { - $NULL = "/dev/null"; + $NULL = "/dev/null"; +} + +my $i = 0; +$startpoint = ""; +while ($i <= $#ARGV) { + if ( "$ARGV[$i]" eq "-a" ) { # path to search the db files + $i++; $startpoint = $ARGV[$i]; + } else { + &usage; exit(1); + } + $i++; } print("*****************************************************************\n"); @@ -109,16 +162,24 @@ "false errors.\n"); print("*****************************************************************\n"); +if ( "$startpoint" eq "" ) { + $startpoint = "{{DB-DIR}}"; +} # get dirs having DBVERSION -my $dbdirs = getDbDir("."); +my $dbdirs = getDbDir($startpoint); my $prefix = "{{DS-ROOT}}"; $ENV{'PATH'} = "$prefix at db_bindir@:$prefix/usr/bin:@db_bindir@:/usr/bin"; $ENV{'LD_LIBRARY_PATH'} = "@db_libdir@:@libdir@"; $ENV{'SHLIB_PATH'} = "@db_libdir@:@libdir@"; -for (my $i = 0; $i < @$dbdirs; $i++) +# Check transaction logs by db_printlog +for (my $i = 0; "$$dbdirs[$i]" ne ""; $i++) { + my $logfile = getLastLogfile($$dbdirs[$i]); + + if ( "$$logfile" ne "" ) + { # run db_printlog -h for each print "Verify log files in $$dbdirs[$i] ... "; open(PRINTLOG, "db_printlog -h $$dbdirs[$i] 2>&1 1> $NULL |"); @@ -126,115 +187,65 @@ my $haserr = 0; while ($l = ) { - if ("$l" ne "") - { - if ($haserr == 0) - { - print "\n"; - } - print "LOG ERROR: $l"; - $haserr++; - } + if ("$l" ne "") + { + if ($haserr == 0) + { + print "\n"; + } + print "LOG ERROR: $l"; + $haserr++; + } } close(PRINTLOG); if ($haserr == 0 && $? == 0) { - print "Good\n"; + print "Good\n"; } else { - my $logfile = getLastLogfile($$dbdirs[$i]); - print "Log file(s) in $$dbdirs[$i] could be corrupted.\n"; - print "Please delete a log file $$logfile, and try restarting the server.\n"; + print "Log file(s) in $$dbdirs[$i] could be corrupted.\n"; + print "Please delete a log file $$logfile, and try restarting the server.\n"; } + } } -for (my $i = 0; $i < @$dbdirs; $i++) +# Check db files by db_verify +for (my $i = 0; "$$dbdirs[$i]" ne ""; $i++) { - # changelog - opendir(DB, $$dbdirs[$i]) or die "can't opendir $$dbdirs[$i] : $!"; - while (defined($db = readdir(DB))) - { - if ($db =~ /\.db/) - { - my $thisdb = $$dbdirs[$i] . "{{SEP}}" . $db; - print "Verify $thisdb ... "; - open(DBVERIFY, "db_verify $thisdb 2>&1 1> $NULL |"); - sleep 1; - my $haserr = 0; - while ($l = ) - { - if ($haserr == 0) - { - print "\n"; - } - if ("$l" ne "") - { - $haserr++; - print "DB ERROR: $l"; - } - } - close(DBVERIFY); - if ($haserr == 0 && $? == 0) - { - print "Good\n"; - } - else - { - print "changelog file $db in $$dbdirs[$i] is corrupted.\n"; - print "Please restore your backup and recover the database.\n"; - } + opendir(DB, $$dbdirs[$i]) or die "can't opendir $$dbdirs[$i] : $!"; + while (defined($db = readdir(DB))) + { + if ($db =~ /\.db/) + { + my $thisdb = $$dbdirs[$i] . "/" . $db; + print "Verify $thisdb ... "; + open(DBVERIFY, "db_verify $thisdb 2>&1 1> $NULL |"); + sleep 1; + my $haserr = 0; + while ($l = ) + { + if ($haserr == 0) + { + print "\n"; } - } - closedir(DB); - - # backend: get instance dirs under - my $instdirs = getDbDir($$dbdirs[$i]); - - for (my $j = 0; $j < @$instdirs; $j++) - { - opendir(DIR, $$instdirs[$j]) or die "can't opendir $here : $!"; - while (defined($db = readdir(DIR))) + if ("$l" ne "") { - if ($db =~ /\.db/) - { - my $thisdb = $$instdirs[$j] . "{{SEP}}" . $db; - print "Verify $thisdb ... "; - open(DBVERIFY, "db_verify $thisdb 2>&1 1> $NULL |"); - sleep 1; - my $haserr = 0; - while ($l = ) - { - if ($haserr == 0) - { - print "\n"; - } - if ("$l" ne "") - { - $haserr++; - print "DB ERROR: $l"; - } - } - close(DBVERIFY); - if ($haserr == 0 && $? == 0) - { - print "Good\n"; - } - else - { - if ("$db" =~ /id2entry.db/) - { - print "Primary db file $db in $$instdirs[$j] is corrupted.\n"; - print "Please restore your backup and recover the database.\n"; - } - else - { - print "Secondary index file $db in $$instdirs[$j] is corrupted.\n"; - print "Please run db2index(.pl) for reindexing.\n"; - } - } - } + $haserr++; + print "DB ERROR: $l"; } - closedir(DIR); + } + close(DBVERIFY); + if ($haserr == 0 && $? == 0) + { + print "Good\n"; + } + else + { + print "db file $db in $$dbdirs[$i] is corrupted.\n"; + print "Please restore your backup and recover the database.\n"; + } } + } + closedir(DB); } From fedora-directory-commits at redhat.com Thu Mar 22 15:16:28 2007 From: fedora-directory-commits at redhat.com (Richard Allen Megginson (rmeggins)) Date: Thu, 22 Mar 2007 11:16:28 -0400 Subject: [Fedora-directory-commits] ldapserver Makefile.am, 1.34, 1.35 aclocal.m4, 1.28, 1.29 configure, 1.37, 1.38 missing, 1.22, 1.23 install-sh, 1.22, 1.23 depcomp, 1.22, 1.23 compile, 1.22, 1.23 Makefile.in, 1.40, 1.41 config.sub, 1.21, 1.22 config.guess, 1.21, 1.22 Message-ID: <200703221516.l2MFGSQB029866@cvs-int.fedora.redhat.com> Author: rmeggins Update of /cvs/dirsec/ldapserver In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv29722 Modified Files: Makefile.am aclocal.m4 configure missing install-sh depcomp compile Makefile.in config.sub config.guess Log Message: Resolves: bug 233410 Description: version 1.1.0: bugs in build system (linking) Fix Description: libds_admin needs to link with LDAPSDK_LINK and the server needs to link with SVRCORE Index: Makefile.am =================================================================== RCS file: /cvs/dirsec/ldapserver/Makefile.am,v retrieving revision 1.34 retrieving revision 1.35 diff -u -r1.34 -r1.35 --- Makefile.am 16 Mar 2007 23:06:57 -0000 1.34 +++ Makefile.am 22 Mar 2007 15:16:26 -0000 1.35 @@ -262,7 +262,7 @@ ldap/admin/lib/dsalib_util.c libds_admin_la_CPPFLAGS = $(AM_CPPFLAGS) -I$(srcdir)/ldap/admin/include @ldapsdk_inc@ @nss_inc@ @nspr_inc@ -libds_admin_la_LIBADD = $(NSS_LINK) $(NSPR_LINK) +libds_admin_la_LIBADD = $(LDAPSDK_LINK) $(NSS_LINK) $(NSPR_LINK) #------------------------ # libns-dshttpd @@ -416,7 +416,7 @@ $(libavl_a_SOURCES) libslapd_la_CPPFLAGS = $(PLUGIN_CPPFLAGS) @db_inc@ @svrcore_inc@ -libslapd_la_LIBADD = $(LDAPSDK_LINK) $(NSS_LINK) $(NSPR_LINK) +libslapd_la_LIBADD = $(LDAPSDK_LINK) $(SVRCORE_LINK) $(NSS_LINK) $(NSPR_LINK) #//////////////////////////////////////////////////////////////// Index: Makefile.in =================================================================== RCS file: /cvs/dirsec/ldapserver/Makefile.in,v retrieving revision 1.40 retrieving revision 1.41 diff -u -r1.40 -r1.41 --- Makefile.in 20 Mar 2007 18:46:45 -0000 1.40 +++ Makefile.in 22 Mar 2007 15:16:26 -0000 1.41 @@ -239,7 +239,7 @@ libdna_plugin_la_OBJECTS = $(am_libdna_plugin_la_OBJECTS) @enable_dna_TRUE at am_libdna_plugin_la_rpath = -rpath $(serverplugindir) libds_admin_la_DEPENDENCIES = $(am__DEPENDENCIES_1) \ - $(am__DEPENDENCIES_1) + $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) am_libds_admin_la_OBJECTS = \ ldap/admin/lib/libds_admin_la-dsalib_conf.lo \ ldap/admin/lib/libds_admin_la-dsalib_confs.lo \ @@ -432,7 +432,7 @@ ldap/servers/plugins/roles/libroles_plugin_la-roles_plugin.lo libroles_plugin_la_OBJECTS = $(am_libroles_plugin_la_OBJECTS) libslapd_la_DEPENDENCIES = $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \ - $(am__DEPENDENCIES_1) + $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) am__objects_2 = ldap/libraries/libavl/libslapd_la-avl.lo am_libslapd_la_OBJECTS = ldap/servers/slapd/libslapd_la-add.lo \ ldap/servers/slapd/libslapd_la-agtmmap.lo \ @@ -1169,7 +1169,7 @@ ldap/admin/lib/dsalib_util.c libds_admin_la_CPPFLAGS = $(AM_CPPFLAGS) -I$(srcdir)/ldap/admin/include @ldapsdk_inc@ @nss_inc@ @nspr_inc@ -libds_admin_la_LIBADD = $(NSS_LINK) $(NSPR_LINK) +libds_admin_la_LIBADD = $(LDAPSDK_LINK) $(NSS_LINK) $(NSPR_LINK) #------------------------ # libns-dshttpd @@ -1323,7 +1323,7 @@ $(libavl_a_SOURCES) libslapd_la_CPPFLAGS = $(PLUGIN_CPPFLAGS) @db_inc@ @svrcore_inc@ -libslapd_la_LIBADD = $(LDAPSDK_LINK) $(NSS_LINK) $(NSPR_LINK) +libslapd_la_LIBADD = $(LDAPSDK_LINK) $(SVRCORE_LINK) $(NSS_LINK) $(NSPR_LINK) #//////////////////////////////////////////////////////////////// # From fedora-directory-commits at redhat.com Sat Mar 24 00:51:13 2007 From: fedora-directory-commits at redhat.com (Noriko Hosoi (nhosoi)) Date: Fri, 23 Mar 2007 20:51:13 -0400 Subject: [Fedora-directory-commits] ldapserver/ldap/admin/src/scripts template-db2ldif.in, 1.6, 1.7 Message-ID: <200703240051.l2O0pEN1031091@cvs-int.fedora.redhat.com> Author: nhosoi Update of /cvs/dirsec/ldapserver/ldap/admin/src/scripts In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv31073 Modified Files: template-db2ldif.in Log Message: Resolves: #233027 Summary: make db2bak.pl & db2ldif.pl user more user-friendly (Comment #8) Fixed problem: the command line fails to generate an output file name when an empty suffix is passed like this: db2ldif -s "" Index: template-db2ldif.in =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/admin/src/scripts/template-db2ldif.in,v retrieving revision 1.6 retrieving revision 1.7 diff -u -r1.6 -r1.7 --- template-db2ldif.in 20 Mar 2007 01:15:32 -0000 1.6 +++ template-db2ldif.in 24 Mar 2007 00:51:11 -0000 1.7 @@ -14,14 +14,14 @@ make_ldiffile() { - nobe=0 + be="" while [ "$1" != "" ] do - if [ "$1" = '-a' ]; then + if [ "$1" = "-a" ]; then shift echo $1 return 1 - elif [ "$1" = '-n' ]; then + elif [ "$1" = "-n" ]; then shift if [ "$be" = "" ]; then be="$1" @@ -29,26 +29,28 @@ tmpbe="$be" be="${tmpbe}-$1" fi - elif [ "$1" = '-s' ]; then + elif [ "$1" = "-s" ]; then shift - rdn=`echo $1 | awk -F, '{print $1}'` - rdnval=`echo $rdn | awk -F= '{print $2}'` - if [ "$be" = "" ]; then - be="$rdnval" - else - tmpbe="$be" - be="${tmpbe}-$rdnval" + if [ "$1" != "" ]; then + rdn=`echo $1 | awk -F, '{print $1}'` + rdnval=`echo $rdn | awk -F= '{print $2}'` + if [ "$be" = "" ]; then + be="$rdnval" + else + tmpbe="$be" + be="${tmpbe}-$rdnval" + fi fi - elif [ "$1" = '-M' ]; then - nobe=1 + elif [ "$1" = "-M" ]; then + be="" fi shift done - if [ $nobe -eq 0 ]; then - echo {{LDIF-DIR}}/{{SERV-ID}}-${be}-`date +%Y_%m_%d_%H%M%S`.ldif - else + if [ "$be" = "" ]; then echo {{LDIF-DIR}}/{{SERV-ID}}-`date +%Y_%m_%d_%H%M%S`.ldif + else + echo {{LDIF-DIR}}/{{SERV-ID}}-${be}-`date +%Y_%m_%d_%H%M%S`.ldif fi return 0 } From fedora-directory-commits at redhat.com Mon Mar 26 23:04:19 2007 From: fedora-directory-commits at redhat.com (Noriko Hosoi (nhosoi)) Date: Mon, 26 Mar 2007 19:04:19 -0400 Subject: [Fedora-directory-commits] ldapserver/ldap/servers/slapd/back-ldbm archive.c, 1.11, 1.12 Message-ID: <200703262304.l2QN4JeR010915@cvs-int.fedora.redhat.com> Author: nhosoi Update of /cvs/dirsec/ldapserver/ldap/servers/slapd/back-ldbm In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv10894 Modified Files: archive.c Log Message: Resolves: #232050 Summary: Change format of DBVERSION and guardian files (comment #10) Index: archive.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/back-ldbm/archive.c,v retrieving revision 1.11 retrieving revision 1.12 diff -u -r1.11 -r1.12 --- archive.c 10 Nov 2006 23:45:39 -0000 1.11 +++ archive.c 26 Mar 2007 23:04:17 -0000 1.12 @@ -71,11 +71,11 @@ /* check the current idl format vs backup DB version */ if (idl_get_idl_new()) { - char dbversion[LDBM_VERSION_MAXBUF]; - char dataversion[LDBM_VERSION_MAXBUF]; + char *dbversion = NULL; + char *dataversion = NULL; int value = 0; - if (dbversion_read(li, directory, dbversion, dataversion) != 0) + if (dbversion_read(li, directory, &dbversion, &dataversion) != 0) { LDAPDebug(LDAP_DEBUG_ANY, "Warning: Unable to read dbversion " "file in %s\n", directory, 0, 0); @@ -85,6 +85,8 @@ { is_old_to_new = 1; } + slapi_ch_free_string(&dbversion); + slapi_ch_free_string(&dataversion); } /* No ldbm be's exist until we process the config information. */ From fedora-directory-commits at redhat.com Thu Mar 29 22:24:54 2007 From: fedora-directory-commits at redhat.com (Noriko Hosoi (nhosoi)) Date: Thu, 29 Mar 2007 18:24:54 -0400 Subject: [Fedora-directory-commits] ldapserver/ldap/admin/src/scripts template-db2ldif.in, 1.7, 1.8 Message-ID: <200703292224.l2TMOs74005997@cvs-int.fedora.redhat.com> Author: nhosoi Update of /cvs/dirsec/ldapserver/ldap/admin/src/scripts In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv5977 Modified Files: template-db2ldif.in Log Message: Resolves: 233027 Summary: make db2bak.pl & db2ldif.pl user more user-friendly (Comment #10) Change: fixed 'db2ldif -s ""' fails with shift unavailable Index: template-db2ldif.in =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/admin/src/scripts/template-db2ldif.in,v retrieving revision 1.7 retrieving revision 1.8 diff -u -r1.7 -r1.8 --- template-db2ldif.in 24 Mar 2007 00:51:11 -0000 1.7 +++ template-db2ldif.in 29 Mar 2007 22:24:52 -0000 1.8 @@ -44,7 +44,9 @@ elif [ "$1" = "-M" ]; then be="" fi - shift + if [ "$1" != "" ]; then + shift + fi done if [ "$be" = "" ]; then From fedora-directory-commits at redhat.com Thu Mar 29 23:55:53 2007 From: fedora-directory-commits at redhat.com (Steven W Parkinson (sparkins)) Date: Thu, 29 Mar 2007 19:55:53 -0400 Subject: [Fedora-directory-commits] windowsautoenroll/proxy proxy.cpp, 1.2, 1.3 registry.cpp, 1.1, 1.2 service.cpp, 1.1, 1.2 submit.cpp, 1.2, 1.3 util.cpp, 1.1, 1.2 Message-ID: <200703292355.l2TNtrwT011737@cvs-int.fedora.redhat.com> Author: sparkins Update of /cvs/dirsec/windowsautoenroll/proxy In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv11713 Modified Files: proxy.cpp registry.cpp service.cpp submit.cpp util.cpp Log Message: Add Licence. Improve logging. Detect Bad PKCS10 request earlier. Enable failover. Index: proxy.cpp =================================================================== RCS file: /cvs/dirsec/windowsautoenroll/proxy/proxy.cpp,v retrieving revision 1.2 retrieving revision 1.3 diff -u -r1.2 -r1.3 --- proxy.cpp 13 Mar 2007 01:36:10 -0000 1.2 +++ proxy.cpp 29 Mar 2007 23:55:51 -0000 1.3 @@ -1,4 +1,38 @@ /** BEGIN COPYRIGHT BLOCK + * This Program is free software; you can redistribute it and/or modify it under + * the terms of the GNU General Public License as published by the Free Software + * Foundation; version 2 of the License. + * + * This Program is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS + * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along with + * this Program; if not, write to the Free Software Foundation, Inc., 59 Temple + * Place, Suite 330, Boston, MA 02111-1307 USA. + * + * In addition, as a special exception, Red Hat, Inc. gives You the additional + * right to link the code of this Program with code not covered under the GNU + * General Public License ("Non-GPL Code") and to distribute linked combinations + * including the two, subject to the limitations in this paragraph. Non-GPL Code + * permitted under this exception must only link to the code of this Program + * through those well defined interfaces identified in the file named EXCEPTION + * found in the source code files (the "Approved Interfaces"). The files of + * Non-GPL Code may instantiate templates or use macros or inline functions from + * the Approved Interfaces without causing the resulting work to be covered by + * the GNU General Public License. Only Red Hat, Inc. may make changes or + * additions to the list of Approved Interfaces. You must obey the GNU General + * Public License in all respects for all of the Program code and other code used + * in conjunction with the Program except the Non-GPL Code covered by this + * exception. If you modify this file, you may extend this exception to your + * version of the file, but you are not obligated to do so. If you do not wish to + * provide this exception without modification, you must delete this exception + * statement from your version and license this file solely under the GPL without + * exception. + * + * + * Copyright (C) 2006 Red Hat, Inc. + * All rights reserved. * END COPYRIGHT BLOCK */ @@ -173,17 +207,25 @@ //_asm int 3; + pctbDispositionMessage->cb = 0; debugt(LOG_D_FUNC,"Request2()"); if (pctbRequest->cb >7) { + int q = pctbRequest->cb - 7; debugt(LOG_D_DETAIL,"---- Request2(flags=%hx, authority=%ws, requestid=%hd, attributes=%ws," - " serial=%ws request[0..6]=%02x:%02x:%02x:%02x:%02x:%02x:%02x", + " serial=%ws request[0..6]=%02x:%02x:%02x:%02x:%02x:%02x:%02x " + " request[%d..%d]=%02x:%02x:%02x:%02x:%02x:%02x:%02x" , dwFlags, pwszAuthority, pdwRequestId, pwszAttributes, pwszSerialNumber, pctbRequest->pb[0], pctbRequest->pb[1], pctbRequest->pb[2], pctbRequest->pb[3], pctbRequest->pb[4], pctbRequest->pb[5], - pctbRequest->pb[6] + pctbRequest->pb[6], + q, q+6, + pctbRequest->pb[q+0], pctbRequest->pb[q+1], + pctbRequest->pb[q+2], pctbRequest->pb[q+3], + pctbRequest->pb[q+4], pctbRequest->pb[q+5], + pctbRequest->pb[q+6] ); } IServerSecurity *iss = NULL; @@ -228,19 +270,26 @@ username, caps ); + *pdwDisposition = CR_DISP_ERROR; + configvars *vars = reg->getvars(); + context cx(vars); + requestinfo req; /* Pull apart PKCS#10, putting pieces into request object */ - req.parseRequest(pctbRequest); - + r = req.parseRequest(pctbRequest); + if (!SUCCEEDED(r)) { + debugt(LOG_REQ,"failed to parse PKCS#10 - error: %lx",r); + goto loser; + } + { /* Pull apart attribute strings into request object */ req.parseAttributes(pwszAttributes); /* Figure out which type of cert the requestor wants */ req.determineCertificateTemplate(); - - context cx(vars); + cx.request = &req; /* if a profile map exists, convert the windows cert template @@ -253,7 +302,6 @@ // Copies pieces of the of the request into http name/value pairs req.populateRequestForTemplate(csprofile); - vector candidatecas = cx.makeCandidateCAList(); if (candidatecas.size() == 0) { @@ -267,13 +315,16 @@ } - *pdwDisposition = CR_DISP_ERROR; + string cert, certchain; for (unsigned int j=0; jhost, cx.selectedca->port); + r = cx.submitRequestToCA(cert, certchain); debug("submitRequestToCA returned %lx",r); @@ -281,23 +332,27 @@ GetSystemTimeAsFileTime(&cx.selectedca->last_success); } else { GetSystemTimeAsFileTime(&cx.selectedca->last_failure); - } - - size_t errors_size = cx.errors.size(); - if (errors_size>0) { - string e = cx.errors[0]; - if (errors_size > 1) { - for (unsigned int k=1; k < errors_size; k++) { - e = " >> "+ cx.errors[k]; - } - } - debugt(LOG_GENERAL, "%s error was encountered while " "submitting the certificate request to CA " - "%s:%d. \nFull error details: %s", + "%s:%d. ", cx.fatalerror ? "A fatal" : "A nonfatal", - cx.selectedca->host, cx.selectedca->port, - e.c_str()); + cx.selectedca->host, cx.selectedca->port + ); + + + + size_t errors_size = cx.errors.size(); + if (errors_size>0) { + string e = cx.errors[0]; + if (errors_size > 1) { + for (unsigned int k=1; k < errors_size; k++) { + e = " >> "+ cx.errors[k]; + } + } + + + debugt(LOG_GENERAL, "Full error details: %s", e.c_str()); + } } /* If we got a certificate, break */ @@ -323,6 +378,7 @@ } } + if (r == 0) { // success decodeToBlob(cert.c_str(), pctbEncodedCert); @@ -361,7 +417,8 @@ #endif } - + } +loser: return S_OK; } @@ -938,7 +995,7 @@ * SubjectAltName extension in the request, which means I have to * figure out the DC GUID through other means. sigh. */ -void requestinfo::parseRequest(const CERTTRANSBLOB *p10) +HRESULT requestinfo::parseRequest(const CERTTRANSBLOB *p10) { CERT_REQUEST_INFO *b; DWORD b_size = 0; @@ -947,6 +1004,13 @@ this->PKCS10Request = encode_base64(p10->cb, p10->pb); +//#define DUMPREQUESTTOFILE +#ifdef DUMPREQUESTTOFILE + debugt(LOG_D_FUNC,"parseRequest: writing %d bytes",p10->cb); + FILE *fp = fopen("c:\\dc_p10.der","wb"); + fwrite(p10->pb,1,p10->cb,fp); + fclose(fp); +#endif // Pull apart the PKCS#10 cert request. if (! CryptDecodeObjectEx( X509_ASN_ENCODING, @@ -960,7 +1024,7 @@ ) ) { debugt(LOG_D_DETAIL,"failed to parse PKCS#10 - error: %lx:",GetLastError()); - return; + return GetLastError(); } /* For each attribute: */ @@ -1031,6 +1095,7 @@ } } debugt(LOG_D_FUNC,"parseRequest (returning)"); + return 0; } @@ -1074,6 +1139,7 @@ cas.push_back(config->all_cas[i]); } } + debugt(LOG_D_FUNC,"findRespondingCAs - found %d CA's", cas.size()); debugt(LOG_D_FUNC,"findRespondingCAs (returning)"); return cas; @@ -1084,12 +1150,14 @@ debugt(LOG_D_FUNC,"makeCandidateCAList"); // make a list of all the CAs which can service the request vector cas; + debugt(LOG_D_FUNC,"makeCandidateCAList - looking at %d CA's", config->all_cas.size()); for (unsigned int i=0;i all_cas.size(); i++) { if ( config->all_cas[i]->canService(request->windowsCertTemplateName)) { cas.push_back(config->all_cas[i]); } } + debugt(LOG_D_FUNC,"makeCandidateCAList - found %d CA's", cas.size()); debugt(LOG_D_FUNC,"makeCandidateCAList (returning)"); return cas; } Index: registry.cpp =================================================================== RCS file: /cvs/dirsec/windowsautoenroll/proxy/registry.cpp,v retrieving revision 1.1 retrieving revision 1.2 diff -u -r1.1 -r1.2 --- registry.cpp 13 Mar 2007 01:36:10 -0000 1.1 +++ registry.cpp 29 Mar 2007 23:55:51 -0000 1.2 @@ -1,3 +1,41 @@ +/** BEGIN COPYRIGHT BLOCK + * This Program is free software; you can redistribute it and/or modify it under + * the terms of the GNU General Public License as published by the Free Software + * Foundation; version 2 of the License. + * + * This Program is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS + * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along with + * this Program; if not, write to the Free Software Foundation, Inc., 59 Temple + * Place, Suite 330, Boston, MA 02111-1307 USA. + * + * In addition, as a special exception, Red Hat, Inc. gives You the additional + * right to link the code of this Program with code not covered under the GNU + * General Public License ("Non-GPL Code") and to distribute linked combinations + * including the two, subject to the limitations in this paragraph. Non-GPL Code + * permitted under this exception must only link to the code of this Program + * through those well defined interfaces identified in the file named EXCEPTION + * found in the source code files (the "Approved Interfaces"). The files of + * Non-GPL Code may instantiate templates or use macros or inline functions from + * the Approved Interfaces without causing the resulting work to be covered by + * the GNU General Public License. Only Red Hat, Inc. may make changes or + * additions to the list of Approved Interfaces. You must obey the GNU General + * Public License in all respects for all of the Program code and other code used + * in conjunction with the Program except the Non-GPL Code covered by this + * exception. If you modify this file, you may extend this exception to your + * version of the file, but you are not obligated to do so. If you do not wish to + * provide this exception without modification, you must delete this exception + * statement from your version and license this file solely under the GPL without + * exception. + * + * + * Copyright (C) 2006 Red Hat, Inc. + * All rights reserved. + * END COPYRIGHT BLOCK */ + + #define _WIN32_DCOM #include #include @@ -213,8 +251,6 @@ v->all_cas.push_back(ca); RegCloseKey(cainfokey); - - break; // just take the first one for now } } Index: service.cpp =================================================================== RCS file: /cvs/dirsec/windowsautoenroll/proxy/service.cpp,v retrieving revision 1.1 retrieving revision 1.2 diff -u -r1.1 -r1.2 --- service.cpp 13 Mar 2007 01:36:10 -0000 1.1 +++ service.cpp 29 Mar 2007 23:55:51 -0000 1.2 @@ -1,4 +1,38 @@ /** BEGIN COPYRIGHT BLOCK + * This Program is free software; you can redistribute it and/or modify it under + * the terms of the GNU General Public License as published by the Free Software + * Foundation; version 2 of the License. + * + * This Program is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS + * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along with + * this Program; if not, write to the Free Software Foundation, Inc., 59 Temple + * Place, Suite 330, Boston, MA 02111-1307 USA. + * + * In addition, as a special exception, Red Hat, Inc. gives You the additional + * right to link the code of this Program with code not covered under the GNU + * General Public License ("Non-GPL Code") and to distribute linked combinations + * including the two, subject to the limitations in this paragraph. Non-GPL Code + * permitted under this exception must only link to the code of this Program + * through those well defined interfaces identified in the file named EXCEPTION + * found in the source code files (the "Approved Interfaces"). The files of + * Non-GPL Code may instantiate templates or use macros or inline functions from + * the Approved Interfaces without causing the resulting work to be covered by + * the GNU General Public License. Only Red Hat, Inc. may make changes or + * additions to the list of Approved Interfaces. You must obey the GNU General + * Public License in all respects for all of the Program code and other code used + * in conjunction with the Program except the Non-GPL Code covered by this + * exception. If you modify this file, you may extend this exception to your + * version of the file, but you are not obligated to do so. If you do not wish to + * provide this exception without modification, you must delete this exception + * statement from your version and license this file solely under the GPL without + * exception. + * + * + * Copyright (C) 2006 Red Hat, Inc. + * All rights reserved. * END COPYRIGHT BLOCK */ Index: submit.cpp =================================================================== RCS file: /cvs/dirsec/windowsautoenroll/proxy/submit.cpp,v retrieving revision 1.2 retrieving revision 1.3 diff -u -r1.2 -r1.3 --- submit.cpp 13 Mar 2007 01:36:10 -0000 1.2 +++ submit.cpp 29 Mar 2007 23:55:51 -0000 1.3 @@ -1,4 +1,38 @@ /** BEGIN COPYRIGHT BLOCK + * This Program is free software; you can redistribute it and/or modify it under + * the terms of the GNU General Public License as published by the Free Software + * Foundation; version 2 of the License. + * + * This Program is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS + * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along with + * this Program; if not, write to the Free Software Foundation, Inc., 59 Temple + * Place, Suite 330, Boston, MA 02111-1307 USA. + * + * In addition, as a special exception, Red Hat, Inc. gives You the additional + * right to link the code of this Program with code not covered under the GNU + * General Public License ("Non-GPL Code") and to distribute linked combinations + * including the two, subject to the limitations in this paragraph. Non-GPL Code + * permitted under this exception must only link to the code of this Program + * through those well defined interfaces identified in the file named EXCEPTION + * found in the source code files (the "Approved Interfaces"). The files of + * Non-GPL Code may instantiate templates or use macros or inline functions from + * the Approved Interfaces without causing the resulting work to be covered by + * the GNU General Public License. Only Red Hat, Inc. may make changes or + * additions to the list of Approved Interfaces. You must obey the GNU General + * Public License in all respects for all of the Program code and other code used + * in conjunction with the Program except the Non-GPL Code covered by this + * exception. If you modify this file, you may extend this exception to your + * version of the file, but you are not obligated to do so. If you do not wish to + * provide this exception without modification, you must delete this exception + * statement from your version and license this file solely under the GPL without + * exception. + * + * + * Copyright (C) 2006 Red Hat, Inc. + * All rights reserved. * END COPYRIGHT BLOCK */ #define _WIN32_DCOM @@ -25,6 +59,7 @@ #include #include #include +#include #include #include @@ -511,6 +546,11 @@ if (!bResults) { r = GetLastError(); + + strstream ss; + ss << r << '\0'; + string s = ss.str(); + errors.push_back( string("WinHTTP reported: ") + s ); r = (r &0xffff) | 0x8C060000; goto loser; } Index: util.cpp =================================================================== RCS file: /cvs/dirsec/windowsautoenroll/proxy/util.cpp,v retrieving revision 1.1 retrieving revision 1.2 diff -u -r1.1 -r1.2 --- util.cpp 13 Mar 2007 01:36:10 -0000 1.1 +++ util.cpp 29 Mar 2007 23:55:51 -0000 1.2 @@ -1,3 +1,41 @@ +/** BEGIN COPYRIGHT BLOCK + * This Program is free software; you can redistribute it and/or modify it under + * the terms of the GNU General Public License as published by the Free Software + * Foundation; version 2 of the License. + * + * This Program is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS + * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along with + * this Program; if not, write to the Free Software Foundation, Inc., 59 Temple + * Place, Suite 330, Boston, MA 02111-1307 USA. + * + * In addition, as a special exception, Red Hat, Inc. gives You the additional + * right to link the code of this Program with code not covered under the GNU + * General Public License ("Non-GPL Code") and to distribute linked combinations + * including the two, subject to the limitations in this paragraph. Non-GPL Code + * permitted under this exception must only link to the code of this Program + * through those well defined interfaces identified in the file named EXCEPTION + * found in the source code files (the "Approved Interfaces"). The files of + * Non-GPL Code may instantiate templates or use macros or inline functions from + * the Approved Interfaces without causing the resulting work to be covered by + * the GNU General Public License. Only Red Hat, Inc. may make changes or + * additions to the list of Approved Interfaces. You must obey the GNU General + * Public License in all respects for all of the Program code and other code used + * in conjunction with the Program except the Non-GPL Code covered by this + * exception. If you modify this file, you may extend this exception to your + * version of the file, but you are not obligated to do so. If you do not wish to + * provide this exception without modification, you must delete this exception + * statement from your version and license this file solely under the GPL without + * exception. + * + * + * Copyright (C) 2006 Red Hat, Inc. + * All rights reserved. + * END COPYRIGHT BLOCK */ + + /* printcertnames() will print out, to the console, a list of all certificate names which are available in the MY certificate store, so you can figure out which to use for client-auth. This isn't useful any more, since: From fedora-directory-commits at redhat.com Fri Mar 30 00:05:28 2007 From: fedora-directory-commits at redhat.com (Steven W Parkinson (sparkins)) Date: Thu, 29 Mar 2007 20:05:28 -0400 Subject: [Fedora-directory-commits] windowsautoenroll/panel ProxyPanel.cs, 1.3, 1.4 ProxyPanel.resx, 1.1, 1.2 Message-ID: <200703300005.l2U05Sri016557@cvs-int.fedora.redhat.com> Author: sparkins Update of /cvs/dirsec/windowsautoenroll/panel In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv16316 Modified Files: ProxyPanel.cs ProxyPanel.resx Log Message: Bumped version to 0.9.2. Added Licence text. Caught access denied error (Bugzilla 223020) Index: ProxyPanel.cs =================================================================== RCS file: /cvs/dirsec/windowsautoenroll/panel/ProxyPanel.cs,v retrieving revision 1.3 retrieving revision 1.4 diff -u -r1.3 -r1.4 --- ProxyPanel.cs 13 Mar 2007 01:36:10 -0000 1.3 +++ ProxyPanel.cs 30 Mar 2007 00:05:26 -0000 1.4 @@ -1,3 +1,40 @@ +/** BEGIN COPYRIGHT BLOCK + * This Program is free software; you can redistribute it and/or modify it under + * the terms of the GNU General Public License as published by the Free Software + * Foundation; version 2 of the License. + * + * This Program is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS + * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along with + * this Program; if not, write to the Free Software Foundation, Inc., 59 Temple + * Place, Suite 330, Boston, MA 02111-1307 USA. + * + * In addition, as a special exception, Red Hat, Inc. gives You the additional + * right to link the code of this Program with code not covered under the GNU + * General Public License ("Non-GPL Code") and to distribute linked combinations + * including the two, subject to the limitations in this paragraph. Non-GPL Code + * permitted under this exception must only link to the code of this Program + * through those well defined interfaces identified in the file named EXCEPTION + * found in the source code files (the "Approved Interfaces"). The files of + * Non-GPL Code may instantiate templates or use macros or inline functions from + * the Approved Interfaces without causing the resulting work to be covered by + * the GNU General Public License. Only Red Hat, Inc. may make changes or + * additions to the list of Approved Interfaces. You must obey the GNU General + * Public License in all respects for all of the Program code and other code used + * in conjunction with the Program except the Non-GPL Code covered by this + * exception. If you modify this file, you may extend this exception to your + * version of the file, but you are not obligated to do so. If you do not wish to + * provide this exception without modification, you must delete this exception + * statement from your version and license this file solely under the GPL without + * exception. + * + * + * Copyright (C) 2006 Red Hat, Inc. + * All rights reserved. + * END COPYRIGHT BLOCK */ + using System; using System.Drawing; using System.Collections; @@ -267,12 +304,12 @@ // // label7 // + this.label7.Dock = System.Windows.Forms.DockStyle.Top; this.label7.Location = new System.Drawing.Point(24, 72); this.label7.Name = "label7"; this.label7.Size = new System.Drawing.Size(320, 23); this.label7.TabIndex = 3; - this.label7.Text = "Version 0.9.1, March 8 , 2007"; - this.label7.Click += new System.EventHandler(this.label7_Click); + this.label7.Text = "Version 0.9.2, March 27, 2007"; // // label6 // @@ -790,85 +827,94 @@ return; } } - clearADLog(); - // Find the Configuration Naming Context from the RootDSE - DirectoryEntry rootDSE = new DirectoryEntry("LDAP://RootDSE"); - rootDSE.AuthenticationType = AuthenticationTypes.Secure; - String cnc = rootDSE.Properties["configurationNamingContext"][0].ToString(); - String rootpath = rootDSE.Path; - rootpath.Replace("RootDSE",""); - - adLog("Configuration Naming Context: "+cnc); - // Traverse down the Conviguration Naming Context... - DirectoryEntry configBase = new DirectoryEntry("LDAP://"+cnc); - configBase.AuthenticationType = AuthenticationTypes.Secure; - - DirectorySearcher ds = new DirectorySearcher(); - - // Find CN=Services subtree of CN=Configuration - ds.SearchRoot = configBase; - ds.SearchScope = SearchScope.OneLevel; - ds.Filter = "(CN=Services)"; - SearchResult servicesResult = ds.FindOne(); + try + { + clearADLog(); + // Find the Configuration Naming Context from the RootDSE + DirectoryEntry rootDSE = new DirectoryEntry("LDAP://RootDSE"); + rootDSE.AuthenticationType = AuthenticationTypes.Secure; + String cnc = rootDSE.Properties["configurationNamingContext"][0].ToString(); + String rootpath = rootDSE.Path; + rootpath.Replace("RootDSE",""); + + adLog("Configuration Naming Context: "+cnc); + // Traverse down the Conviguration Naming Context... + DirectoryEntry configBase = new DirectoryEntry("LDAP://"+cnc); + configBase.AuthenticationType = AuthenticationTypes.Secure; + + DirectorySearcher ds = new DirectorySearcher(); + + // Find CN=Services subtree of CN=Configuration + ds.SearchRoot = configBase; + ds.SearchScope = SearchScope.OneLevel; + ds.Filter = "(CN=Services)"; + SearchResult servicesResult = ds.FindOne(); - DirectoryEntry servicesBase = servicesResult.GetDirectoryEntry(); - String sb_n = servicesBase.Path; - adLog("Services base: "+sb_n); + DirectoryEntry servicesBase = servicesResult.GetDirectoryEntry(); + String sb_n = servicesBase.Path; + adLog("Services base: "+sb_n); - if (servicesBase == null) - { - DialogResult dr = MessageBox.Show("Error: Could not locate 'CN=Services' under base"+ - ds.SearchRoot.Name.ToString()); - } + if (servicesBase == null) + { + DialogResult dr = MessageBox.Show("Error: Could not locate 'CN=Services' under base"+ + ds.SearchRoot.Name.ToString()); + } - // Find "CN=Public Key Services" subtree of CN=Services - ds.SearchRoot = servicesBase; - ds.Filter = "(CN=Public Key Services)"; - SearchResult pubkeyResult = ds.FindOne(); - DirectoryEntry pubkeyServicesBase = pubkeyResult.GetDirectoryEntry(); - adLog("Services base: "+pubkeyServicesBase.Path); + // Find "CN=Public Key Services" subtree of CN=Services + ds.SearchRoot = servicesBase; + ds.Filter = "(CN=Public Key Services)"; + SearchResult pubkeyResult = ds.FindOne(); + DirectoryEntry pubkeyServicesBase = pubkeyResult.GetDirectoryEntry(); + adLog("Services base: "+pubkeyServicesBase.Path); - if (pubkeyServicesBase == null) - { - MessageBox.Show("Error: Could not locate 'CN=Public Key Services' under base"+ - ds.SearchRoot.Name.ToString()); - return; - } + if (pubkeyServicesBase == null) + { + MessageBox.Show("Error: Could not locate 'CN=Public Key Services' under base"+ + ds.SearchRoot.Name.ToString()); + return; + } - // Find other subtrees of "CN=Public Key Services" - ds.SearchRoot = pubkeyServicesBase; + // Find other subtrees of "CN=Public Key Services" + ds.SearchRoot = pubkeyServicesBase; - ds.Filter = "(CN=Certificate Templates)"; - SearchResult certificateTemplatesBaseResult = ds.FindOne(); - DirectoryEntry certificateTemplatesBase = certificateTemplatesBaseResult.GetDirectoryEntry(); - certificateTemplatesBase.AuthenticationType = AuthenticationTypes.Secure; + ds.Filter = "(CN=Certificate Templates)"; + SearchResult certificateTemplatesBaseResult = ds.FindOne(); + DirectoryEntry certificateTemplatesBase = certificateTemplatesBaseResult.GetDirectoryEntry(); + certificateTemplatesBase.AuthenticationType = AuthenticationTypes.Secure; - ds.Filter = "(CN=Certification Authorities)"; - SearchResult certificationAuthoritiesBaseResult = ds.FindOne(); - DirectoryEntry certificationAuthoritiesBase = certificationAuthoritiesBaseResult.GetDirectoryEntry(); - certificationAuthoritiesBase.AuthenticationType = AuthenticationTypes.Secure; - - ds.Filter = "(CN=Enrollment Services)"; - SearchResult enrollmentServicesBaseResult = ds.FindOne(); - DirectoryEntry enrollmentServicesBase = enrollmentServicesBaseResult.GetDirectoryEntry(); - enrollmentServicesBase.AuthenticationType = AuthenticationTypes.Secure; - - // I used to have code to add the certificate templates, but while the - // WebServer template works fine, the same cannot be said for the DomainController - // template. A better way to set up the templates is to use the Certificate Templates - // Snap-in in MCC (MCC should ask you to populate the templates when the Snap-in - // is started. + ds.Filter = "(CN=Certification Authorities)"; + SearchResult certificationAuthoritiesBaseResult = ds.FindOne(); + DirectoryEntry certificationAuthoritiesBase = certificationAuthoritiesBaseResult.GetDirectoryEntry(); + certificationAuthoritiesBase.AuthenticationType = AuthenticationTypes.Secure; + + ds.Filter = "(CN=Enrollment Services)"; + SearchResult enrollmentServicesBaseResult = ds.FindOne(); + DirectoryEntry enrollmentServicesBase = enrollmentServicesBaseResult.GetDirectoryEntry(); + enrollmentServicesBase.AuthenticationType = AuthenticationTypes.Secure; + + // I used to have code to add the certificate templates, but while the + // WebServer template works fine, the same cannot be said for the DomainController + // template. A better way to set up the templates is to use the Certificate Templates + // Snap-in in MCC (MCC should ask you to populate the templates when the Snap-in + // is started. - //addCertificateTemplates(certificateTemplatesBase); + //addCertificateTemplates(certificateTemplatesBase); - // xxx hardcoded string here - //String cacertb64 = "MIIB8TCCAZugAwIBAgIBATANBgkqhkiG9w0BAQUFADBJMScwJQYDVQQKEx5TZmJheSBSZWRoYXQgRG9tYWluIDIwMDYwNTEwZTExHjAcBgNVBAMTFUNlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0wNjA1MTAyMTE2NDVaFw0wODA0MjkyMTE2NDVaMEkxJzAlBgNVBAoTHlNmYmF5IFJlZGhhdCBEb21haW4gMjAwNjA1MTBlMTEeMBwGA1UEAxMVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAMHjZuV2cWg0Gg8vuVHMaw8dhnbN+28w2TFMiNyqCodCuXCFiduHMRpFkmd9s3Png8oUnceRlGls04CSUIO8g9kCAwEAAaNuMGwwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAcYwSQYIKwYBBQUHAQEEPTA7MDkGCCsGAQUFBzABhi1odHRwOi8vYWlyLnNmYmF5LnJlZGhhdC5jb206OTA4MC9vY3NwL2VlL29jc3AwDQYJKoZIhvcNAQEFBQADQQACdQDRYLpJywjd5SfVmPLNEFaLvi3q5E37t6eD7tNuNE42LU+GLN8e95QHDzG3tCKnT6HjP9wWvcrFBWaxJBU0"; - String cacertb64 = certtextbox.Text. - Replace(begincertificate_str,""). - Replace(endcertificate_str,""); - byte[] cacert = Convert.FromBase64String(cacertb64); - DirectoryEntry d = addCertificationAuthorities(certificationAuthoritiesBase,cacert); - addEnrollmentServices(enrollmentServicesBase, d, cacert); + // xxx hardcoded string here + //String cacertb64 = "MIIB8TCCAZugAwIBAgIBATANBgkqhkiG9w0BAQUFADBJMScwJQYDVQQKEx5TZmJheSBSZWRoYXQgRG9tYWluIDIwMDYwNTEwZTExHjAcBgNVBAMTFUNlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0wNjA1MTAyMTE2NDVaFw0wODA0MjkyMTE2NDVaMEkxJzAlBgNVBAoTHlNmYmF5IFJlZGhhdCBEb21haW4gMjAwNjA1MTBlMTEeMBwGA1UEAxMVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAMHjZuV2cWg0Gg8vuVHMaw8dhnbN+28w2TFMiNyqCodCuXCFiduHMRpFkmd9s3Png8oUnceRlGls04CSUIO8g9kCAwEAAaNuMGwwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAcYwSQYIKwYBBQUHAQEEPTA7MDkGCCsGAQUFBzABhi1odHRwOi8vYWlyLnNmYmF5LnJlZGhhdC5jb206OTA4MC9vY3NwL2VlL29jc3AwDQYJKoZIhvcNAQEFBQADQQACdQDRYLpJywjd5SfVmPLNEFaLvi3q5E37t6eD7tNuNE42LU+GLN8e95QHDzG3tCKnT6HjP9wWvcrFBWaxJBU0"; + String cacertb64 = certtextbox.Text. + Replace(begincertificate_str,""). + Replace(endcertificate_str,""); + byte[] cacert = Convert.FromBase64String(cacertb64); + DirectoryEntry d = addCertificationAuthorities(certificationAuthoritiesBase,cacert); + addEnrollmentServices(enrollmentServicesBase, d, cacert); + } + catch (System.UnauthorizedAccessException uae) + { + adLog("Error: Unauthorized"); + MessageBox.Show("Error: You do not have appropriate permissions to\n"+ + "modify active directory. Please login as a different user\n"); + } } @@ -1360,10 +1406,5 @@ } - - private void label7_Click(object sender, System.EventArgs e) - { - - } } } Index: ProxyPanel.resx =================================================================== RCS file: /cvs/dirsec/windowsautoenroll/panel/ProxyPanel.resx,v retrieving revision 1.1 retrieving revision 1.2 diff -u -r1.1 -r1.2 --- ProxyPanel.resx 13 Mar 2007 01:36:10 -0000 1.1 +++ ProxyPanel.resx 30 Mar 2007 00:05:26 -0000 1.2 @@ -304,15 +304,15 @@ Private - - Private - False Private + + Private + False @@ -346,15 +346,15 @@ 8, 8 + + True + False True - - True - Private @@ -565,15 +565,15 @@ Private + + Private + False Private - - Private - False @@ -676,6 +676,9 @@ False + + ProxyPanel + (Default) @@ -697,9 +700,6 @@ True - - ProxyPanel - Private From fedora-directory-commits at redhat.com Fri Mar 30 00:08:56 2007 From: fedora-directory-commits at redhat.com (Steven W Parkinson (sparkins)) Date: Thu, 29 Mar 2007 20:08:56 -0400 Subject: [Fedora-directory-commits] windowsautoenroll/submitrequest submitrequest.vcproj, NONE, 1.1 submitrequest.cpp, 1.1.1.1, 1.2 Message-ID: <200703300008.l2U08ucw017030@cvs-int.fedora.redhat.com> Author: sparkins Update of /cvs/dirsec/windowsautoenroll/submitrequest In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv16870 Modified Files: submitrequest.cpp Added Files: submitrequest.vcproj Log Message: Added Licence. Made test case more generic, so other people can use it. Added loop mode, for performance/stress testing. Fixed PKCS#10 submission. Check that a cert was issued. --- NEW FILE submitrequest.vcproj --- Index: submitrequest.cpp =================================================================== RCS file: /cvs/dirsec/windowsautoenroll/submitrequest/submitrequest.cpp,v retrieving revision 1.1.1.1 retrieving revision 1.2 diff -u -r1.1.1.1 -r1.2 --- submitrequest.cpp 29 Jul 2006 00:42:43 -0000 1.1.1.1 +++ submitrequest.cpp 30 Mar 2007 00:08:54 -0000 1.2 @@ -36,10 +36,12 @@ * END COPYRIGHT BLOCK */ /* This is a test program which will submit a certificate request */ +/* to the auto enrollment proxy */ #define _WIN32_DCOM +#include #include #include @@ -48,7 +50,6 @@ #include - #include #include @@ -58,40 +59,61 @@ #include "stdafx.h" -#include "../testserver/RedHatCSProxy_h.h" +#include "../proxy/RedHatCSProxy_h.h" + +#define ONCE(x) (onceflag++ ? 0 : x ) +int auth=0; +int onceflag=0; +int showcert=0; +unsigned int duration=0; +int i2=0; +char*host = NULL; +char*attrs = ""; EXTERN_C const IID IID_ICertRequestD; EXTERN_C const IID IID_ICertConfig; -void use_ICertRequest(); -void use_ICertRequestD(); +void use_ICertRequest(int size, char*buffer); +void use_ICertRequestD(int size, char*buffer); -BSTR get_request_from_file(char *filename) +void get_request_from_file(char *filename, int *size, char **buffer) { - char certreq[10000]; - FILE *fp = fopen(filename,"r"); - if (fp == NULL) { return NULL; } - certreq[0] = '\0'; +#define bufsize 10000 + char certreq[bufsize]; + for(int i=0;i= bufsize) { + printf("Input file %s too big. Must be smaller than %d bytes\n", + filename,bufsize); + exit(1); + } + } while (n); + + if (offset<100) { printf("malformed input file %s\n",filename); exit(1); } + + if (certreq[0] == '-' && certreq[1] == '-') { + printf("cannot process base-64 encoded input PKCS#10 - must be DER encoded\n",filename); exit(1); } - r[dest] = 0; - return SysAllocString(r); + + printf("read a total of %d bytes from input file %s\n",offset,filename); + + *buffer = (char*)malloc(offset); + memcpy(*buffer, certreq, offset); + *size = (int)offset; + fclose(fp); + return; + + } int _tmain(int argc, _TCHAR* argv[]) @@ -103,6 +125,71 @@ CLSID certconfig_clid; wchar_t *certconfig_progid = L"CertificateAuthority.GetConfig"; + // For now, make the default ICertRequestD. + // Need more testing on the ICertRequest case + int certreqd = 1; + + int count=1; + char*inputfile = NULL; + + USES_CONVERSION; + + for (int i=0;i 0) ? (GetTickCount()- start_time) / 1000 GetConfig(CC_UIPICKCONFIG,&cacertname); if (FAILED(r)) { - printf("could not retrieve ca info\n"); + printf("Failed during call to get CA cert name %lx\n",r); exit(0); } - printf("got CA info: %ws\n",cacertname); + wchar_t *b_a = L"Authority"; + BSTR b_b = SysAllocString(b_a); + BSTR val_b = NULL; + r = icc->GetField(b_b,&val_b); + printf("GetField value for %ws is: %ws\n", b_b, val_b); + + LONG name_type[] = + { + CR_PROP_ADVANCEDSERVER, + CR_PROP_CACERTSTATE, + CR_PROP_CACERTVERSION, + CR_PROP_CANAME, + CR_PROP_TEMPLATES, + CR_PROP_CATYPE, + CR_PROP_DNSNAME, + CR_PROP_FILEVERSION, + CR_PROP_SHAREDFOLDER, + CR_PROP_CASIGCERTCOUNT, + 0 + }; + + if (icr2!=NULL) { + for (int i=0; name_type[i] != 0; i++) { + VARIANT v; + LONG flags; + r = icr2->GetCAPropertyFlags(cacertname,name_type[i],&flags); + + BSTR n = NULL; + icr2->GetCAPropertyDisplayName(cacertname,name_type[i],&n); + + r = icr2->GetCAProperty(cacertname, + name_type[i], + 0, // index + flags, + CV_OUT_BASE64, + &v); + + + if (SUCCEEDED(r)) { + switch (flags & PROPTYPE_MASK) { + case PROPTYPE_LONG: + printf("%ws, (%d), value=%d\n",n,name_type[i],v.lVal); + break; + case PROPTYPE_STRING: + printf("%ws, (%d), value=%ws\n",n, name_type[i],v.bstrVal); + break; + } + } else { + printf("%ws (%d), -> error %lx\n",n,name_type[i],r); + } + MessageBox(NULL,"Next",NULL,0); + + } + } + + + + + MessageBox(NULL,"about to retrieve CA cert",NULL,0); + + // Retrieve the CA certificate. r = icr->GetCACertificate(FALSE, @@ -193,18 +405,18 @@ long disp; - BSTR request = get_request_from_file("testrequest.p10"); - if (request==NULL) { - printf("could not load test request from file 'testrequest.p10' in current dir\n"); - exit(0); - } + printf("BROKEN: need to fix this\n"); + exit(0); + +/* r = icr->Submit( CR_IN_BASE64HEADER | CR_IN_PKCS10, request, NULL, cacertname, &disp); + */ if (!FAILED(r)) { switch (disp) { @@ -224,21 +436,33 @@ } -void use_ICertRequestD() + +void use_ICertRequestD(int size, char *buffer) { HRESULT r; ICertRequestD *icrd=NULL; + ICertRequestD2 *icrd2=NULL; + + USES_CONVERSION; + + ONCE(printf("Using ICertReqD\n")); COSERVERINFO si; si.dwReserved1 = 0; si.dwReserved2 = 0; si.pAuthInfo = NULL; - si.pwszName = L"sparkinswindows.sparkins.sfbay.redhat.com"; + si.pwszName = L""; + if (host) { + si.pwszName = A2W(host); + } else { + printf("hostname must be specified when using ICertRequestD interface\n"); + } + ONCE(printf("using hostname: %ws\n",si.pwszName)); if (1) { IClassFactory *cf=NULL; r = CoGetClassObject( CLSID_CCertRequestD, - CLSCTX_LOCAL_SERVER, + CLSCTX_REMOTE_SERVER, &si, IID_IClassFactory, (void**)&cf ); @@ -246,13 +470,25 @@ printf("failed to get class object %lx\n",r); return; } + r = cf->CreateInstance(NULL, IID_ICertRequestD, (void**)&icrd); if (FAILED(r)) { - printf("failed to get instance object %lx\n",r); + printf("failed to get instance of icrd %lx\n",r); + exit(0); + } + + if (i2) { + r = icrd->QueryInterface(IID_ICertRequestD2,(void**)&icrd2); + if (FAILED(r)) { + printf("failed to get instance of icrd2 (ignoring)%lx\n",r); + + } } } else { + + /* MULTI_QI mi; mi.pIID = &IID_ICertRequestD; mi.pItf = NULL; @@ -267,12 +503,15 @@ 1, &mi ); - icrd = (ICertRequestD*) mi.pItf; - } - if (FAILED(r)) { - printf("agh, couldn't create remote object\n"); - } + if (FAILED(r)) { + printf("agh, couldn't create CCertRequestD object %lx\n",r); + } + + icrd = (ICertRequestD*) mi.pItf; + */ + } + /* @@ -285,32 +524,100 @@ ); */ - +#if 0 + if (icrd2 != NULL) { + printf("Calling icrd2->Ping2()\n"); + r = icrd2->Ping2(L""); + } else { + printf("Calling icrd2->Ping2()\n"); + r = icrd->Ping(L""); + } + printf("ping returned: %lx\n",r); +#endif DWORD request_id=0; DWORD dispword=0; CERTTRANSBLOB rq; - rq.cb = 10; - rq.pb = (BYTE*) "abcdefghij"; + rq.cb = size; + rq.pb = (BYTE*) buffer; + CERTTRANSBLOB chainblob; CERTTRANSBLOB certblob; CERTTRANSBLOB dispblob; - char *certchain; - char *cert; - char *dispmsg; - - r = icrd->Request(CR_IN_BASE64HEADER | CR_IN_PKCS10, - L"", - &request_id, - &dispword, - L"", - &rq, - &chainblob, - &certblob, - &dispblob - ); + int make_request = 1; + wchar_t *wattrs = A2W(attrs); + + if (make_request == 1) { + ONCE(printf("icrd2 is: %p\n",(void*)icrd2)); + if (icrd2 != NULL) { + printf("About to call icrd2->Request2\n"); + r = icrd2->Request2( + L"", + CR_IN_BASE64HEADER | CR_IN_PKCS10, + L"0", + &request_id, + &dispword, + L"", + &rq, + &chainblob, + &certblob, + &dispblob + ); + + } else { + ONCE(printf("About to call icr->Request\n")); + r = icrd->Request(CR_IN_PKCS10 | CR_IN_BINARY, + L"", + &request_id, + &dispword, + wattrs, + &rq, + &chainblob, + &certblob, + &dispblob + ); + } + + printf("Request function returned: %lx\n",r); + printf("Request disposition: %lx (%s)\n",dispword, + (dispword == CR_DISP_ISSUED) ? "ISSUED" : "REJECTED"); + } + + + if (showcert) { + if (dispword == CR_DISP_ISSUED) { + for (unsigned int i=0;iGetCACert(GCC_FILE, L"Steves MS CA", &infoblob); + + printf("r = %lx\n",r); + printf("infoblob = %d\n",infoblob.cb); + } } + From fedora-directory-commits at redhat.com Fri Mar 30 00:10:16 2007 From: fedora-directory-commits at redhat.com (Steven W Parkinson (sparkins)) Date: Thu, 29 Mar 2007 20:10:16 -0400 Subject: [Fedora-directory-commits] windowsautoenroll aep.nsi,1.1,1.2 Message-ID: <200703300010.l2U0AGEN017193@cvs-int.fedora.redhat.com> Author: sparkins Update of /cvs/dirsec/windowsautoenroll In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv17078 Modified Files: aep.nsi Log Message: Bump version to 0.9.2. Add Program files folder for all users, not just current user. Removed Program files folder on uninstall. Add submitrequest.exe tool. Index: aep.nsi =================================================================== RCS file: /cvs/dirsec/windowsautoenroll/aep.nsi,v retrieving revision 1.1 retrieving revision 1.2 diff -u -r1.1 -r1.2 --- aep.nsi 13 Mar 2007 01:36:10 -0000 1.1 +++ aep.nsi 30 Mar 2007 00:10:14 -0000 1.2 @@ -4,7 +4,7 @@ ; NOTE: this .NSI script is designed for NSIS v1.8+ Name "AEP" -OutFile "aep-0.9.1-1.win32.i386.exe" +OutFile "aep-0.9.2-1.win32.i386.exe" ; Some default compiler settings (uncomment and change at will): ; SetCompress auto ; (can be off or force) @@ -38,6 +38,7 @@ file /oname=$INSTDIR\rhcsproxy.exe "proxy\${BUILDTYPE}\rhcsproxy.exe" file /oname=$INSTDIR\messages.dll "proxy\${BUILDTYPE}\messages.dll" +file /oname=$INSTDIR\submitrequest.exe "submitrequest\${BUILDTYPE}\submitrequest.exe" file /oname=$INSTDIR\panel.exe "panel\bin\${BUILDTYPE}\panel.exe" createDirectory "$SMPROGRAMS\Red Hat Auto Enrollment Proxy" @@ -48,7 +49,7 @@ WriteRegStr HKEY_LOCAL_MACHINE "Software\Microsoft\Windows\CurrentVersion\Uninstall\RHCSProxy" "UninstallString" '"$INSTDIR\uninst.exe"' WriteRegStr HKEY_LOCAL_MACHINE "Software\Microsoft\Windows\CurrentVersion\Uninstall\RHCSProxy" "Publisher" "Red Hat" WriteRegStr HKEY_LOCAL_MACHINE "Software\Microsoft\Windows\CurrentVersion\Uninstall\RHCSProxy" "URLInfoAbout" "http://directory.fedora.redhat.com/wiki/aep" -WriteRegStr HKEY_LOCAL_MACHINE "Software\Microsoft\Windows\CurrentVersion\Uninstall\RHCSProxy" "DisplayVersion" "0.9.1" +WriteRegStr HKEY_LOCAL_MACHINE "Software\Microsoft\Windows\CurrentVersion\Uninstall\RHCSProxy" "DisplayVersion" "0.9.2" WriteRegDWORD HKEY_LOCAL_MACHINE "Software\Microsoft\Windows\CurrentVersion\Uninstall\RHCSProxy" "VersionMajor" 0 WriteRegDWORD HKEY_LOCAL_MACHINE "Software\Microsoft\Windows\CurrentVersion\Uninstall\RHCSProxy" "VersionMinor" 9 ; write out uninstaller @@ -65,6 +66,11 @@ noexistingconfig: erase: +;; This makes the icons appear in all user's program files, +;; instead of just the current user +SetShellVarContext all +StrCpy $1 $DESKTOP + ;;;;;;;;;;;; COPIED FROM UNINSTALL SECTION BELOW DeleteRegKey HKEY_LOCAL_MACHINE "SOFTWARE\Red Hat\RHCSProxy" DeleteRegKey HKEY_CLASSES_ROOT "CLSID\{D99E6E74-FC88-11D0-B498-00A0C90312F3}" @@ -143,6 +149,9 @@ Section Uninstall +SetShellVarContext all +StrCpy $1 $DESKTOP + ;;;;;;;;;;;;;;;;;;;;;;;;;;; COPY THIS INTO REMOVECONFIG SECTION ABOVE DeleteRegKey HKEY_LOCAL_MACHINE "SOFTWARE\Red Hat\RHCSProxy" DeleteRegKey HKEY_CLASSES_ROOT "CLSID\{D99E6E74-FC88-11D0-B498-00A0C90312F3}" @@ -155,7 +164,9 @@ Delete "$INSTDIR\uninst.exe" Delete "$INSTDIR\rhcsproxy.exe" +Delete "$INSTDIR\submitrequest.exe" Delete "$SMPROGRAMS\Red Hat Auto Enrollment Proxy\Auto Enrollment Proxy Options.lnk" +RMDir "$SMPROGRAMS\Red Hat Auto Enrollment Proxy" Delete /REBOOTOK "$INSTDIR\messages.dll" Delete "$INSTDIR\ProxyPanel.exe" RMDir /REBOOTOK "$INSTDIR" @@ -164,4 +175,4 @@ RMDir "$INSTDIR" SectionEnd ; end of uninstall section -; eof \ No newline at end of file +; eof From fedora-directory-commits at redhat.com Fri Mar 30 00:10:39 2007 From: fedora-directory-commits at redhat.com (Steven W Parkinson (sparkins)) Date: Thu, 29 Mar 2007 20:10:39 -0400 Subject: [Fedora-directory-commits] windowsautoenroll windowsautoenroll.sln, 1.1, 1.2 Message-ID: <200703300010.l2U0AdN7017252@cvs-int.fedora.redhat.com> Author: sparkins Update of /cvs/dirsec/windowsautoenroll In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv17211 Modified Files: windowsautoenroll.sln Log Message: New solution file includes submitrequest, a test tool. Index: windowsautoenroll.sln =================================================================== RCS file: /cvs/dirsec/windowsautoenroll/windowsautoenroll.sln,v retrieving revision 1.1 retrieving revision 1.2 diff -u -r1.1 -r1.2 --- windowsautoenroll.sln 13 Mar 2007 01:36:10 -0000 1.1 +++ windowsautoenroll.sln 30 Mar 2007 00:10:37 -0000 1.2 @@ -7,6 +7,10 @@ ProjectSection(ProjectDependencies) = postProject EndProjectSection EndProject +Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "submitrequest", "submitrequest\submitrequest.vcproj", "{B8D349AA-C242-4D81-A6E1-6CB6DBAE1AF2}" + ProjectSection(ProjectDependencies) = postProject + EndProjectSection +EndProject Global GlobalSection(SolutionConfiguration) = preSolution Debug = Debug @@ -21,6 +25,10 @@ {BCE7AE2E-C0C2-4B5A-B05C-02DF16CC9F70}.Debug.Build.0 = Debug|Win32 {BCE7AE2E-C0C2-4B5A-B05C-02DF16CC9F70}.Release.ActiveCfg = Release|Win32 {BCE7AE2E-C0C2-4B5A-B05C-02DF16CC9F70}.Release.Build.0 = Release|Win32 + {B8D349AA-C242-4D81-A6E1-6CB6DBAE1AF2}.Debug.ActiveCfg = Debug|Win32 + {B8D349AA-C242-4D81-A6E1-6CB6DBAE1AF2}.Debug.Build.0 = Debug|Win32 + {B8D349AA-C242-4D81-A6E1-6CB6DBAE1AF2}.Release.ActiveCfg = Release|Win32 + {B8D349AA-C242-4D81-A6E1-6CB6DBAE1AF2}.Release.Build.0 = Release|Win32 EndGlobalSection GlobalSection(ExtensibilityGlobals) = postSolution EndGlobalSection From fedora-directory-commits at redhat.com Fri Mar 30 00:25:43 2007 From: fedora-directory-commits at redhat.com (Steven W Parkinson (sparkins)) Date: Thu, 29 Mar 2007 20:25:43 -0400 Subject: [Fedora-directory-commits] windowsautoenroll/proxy csproxy.h, 1.1, 1.2 Message-ID: <200703300025.l2U0PhPp018993@cvs-int.fedora.redhat.com> Author: sparkins Update of /cvs/dirsec/windowsautoenroll/proxy In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv18942/proxy Modified Files: csproxy.h Log Message: Add Licence, fix build. Index: csproxy.h =================================================================== RCS file: /cvs/dirsec/windowsautoenroll/proxy/csproxy.h,v retrieving revision 1.1 retrieving revision 1.2 diff -u -r1.1 -r1.2 --- csproxy.h 13 Mar 2007 01:36:10 -0000 1.1 +++ csproxy.h 30 Mar 2007 00:25:41 -0000 1.2 @@ -1,3 +1,40 @@ +/** BEGIN COPYRIGHT BLOCK + * This Program is free software; you can redistribute it and/or modify it under + * the terms of the GNU General Public License as published by the Free Software + * Foundation; version 2 of the License. + * + * This Program is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS + * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along with + * this Program; if not, write to the Free Software Foundation, Inc., 59 Temple + * Place, Suite 330, Boston, MA 02111-1307 USA. + * + * In addition, as a special exception, Red Hat, Inc. gives You the additional + * right to link the code of this Program with code not covered under the GNU + * General Public License ("Non-GPL Code") and to distribute linked combinations + * including the two, subject to the limitations in this paragraph. Non-GPL Code + * permitted under this exception must only link to the code of this Program + * through those well defined interfaces identified in the file named EXCEPTION + * found in the source code files (the "Approved Interfaces"). The files of + * Non-GPL Code may instantiate templates or use macros or inline functions from + * the Approved Interfaces without causing the resulting work to be covered by + * the GNU General Public License. Only Red Hat, Inc. may make changes or + * additions to the list of Approved Interfaces. You must obey the GNU General + * Public License in all respects for all of the Program code and other code used + * in conjunction with the Program except the Non-GPL Code covered by this + * exception. If you modify this file, you may extend this exception to your + * version of the file, but you are not obligated to do so. If you do not wish to + * provide this exception without modification, you must delete this exception + * statement from your version and license this file solely under the GPL without + * exception. + * + * + * Copyright (C) 2006 Red Hat, Inc. + * All rights reserved. + * END COPYRIGHT BLOCK */ + #ifndef CSPROXY_H #define CSPROXY_H @@ -31,7 +68,7 @@ if (windowsCertTemplateName != NULL) { delete windowsCertTemplateName; } } - void parseRequest(const CERTTRANSBLOB *); + HRESULT parseRequest(const CERTTRANSBLOB *); void parseAttributes(const wchar_t *pwszAttributes); void determineCertificateTemplate(); void populateRequestForTemplate(string &); From fedora-directory-commits at redhat.com Fri Mar 30 00:25:43 2007 From: fedora-directory-commits at redhat.com (Steven W Parkinson (sparkins)) Date: Thu, 29 Mar 2007 20:25:43 -0400 Subject: [Fedora-directory-commits] windowsautoenroll/submitrequest submitrequest.cpp, 1.2, 1.3 Message-ID: <200703300025.l2U0Pht5018999@cvs-int.fedora.redhat.com> Author: sparkins Update of /cvs/dirsec/windowsautoenroll/submitrequest In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv18942/submitrequest Modified Files: submitrequest.cpp Log Message: Add Licence, fix build. Index: submitrequest.cpp =================================================================== RCS file: /cvs/dirsec/windowsautoenroll/submitrequest/submitrequest.cpp,v retrieving revision 1.2 retrieving revision 1.3 diff -u -r1.2 -r1.3 --- submitrequest.cpp 30 Mar 2007 00:08:54 -0000 1.2 +++ submitrequest.cpp 30 Mar 2007 00:25:41 -0000 1.3 @@ -57,8 +57,6 @@ #include -#include "stdafx.h" - #include "../proxy/RedHatCSProxy_h.h" #define ONCE(x) (onceflag++ ? 0 : x ) From fedora-directory-commits at redhat.com Fri Mar 30 18:12:32 2007 From: fedora-directory-commits at redhat.com (Noriko Hosoi (nhosoi)) Date: Fri, 30 Mar 2007 14:12:32 -0400 Subject: [Fedora-directory-commits] ldapserver/ldap/admin/src create_instance.c, 1.51, 1.52 Message-ID: <200703301812.l2UICW7p001844@cvs-int.fedora.redhat.com> Author: nhosoi Update of /cvs/dirsec/ldapserver/ldap/admin/src In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv1819 Modified Files: create_instance.c Log Message: Resolves: #233215 Summary: verify-db.pl still assumes the db dir is always in the instance dir (Comment #8) Description: Introduced "DB-DIR" macro Index: create_instance.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/admin/src/create_instance.c,v retrieving revision 1.51 retrieving revision 1.52 diff -u -r1.51 -r1.52 --- create_instance.c 17 Mar 2007 00:07:09 -0000 1.51 +++ create_instance.c 30 Mar 2007 18:12:30 -0000 1.52 @@ -702,7 +702,7 @@ { char myperl[PATH_SIZE]; char fn[PATH_SIZE], ofn[PATH_SIZE]; - const char *table[17][2]; + const char *table[18][2]; if (PR_FAILURE == PR_Access(cs_path, PR_ACCESS_EXISTS)) { printf("Notice: %s does not exist, skipping %s . . .\n", cs_path, name); @@ -760,7 +760,9 @@ table[14][1] = PRODUCT_NAME; table[15][0] = "SERVERBIN-DIR"; table[15][1] = cf->sbindir; - table[16][0] = table[16][1] = NULL; + table[16][0] = "DB-DIR"; + table[16][1] = cf->db_dir; + table[17][0] = table[17][1] = NULL; if (generate_script(ofn, fn, NEWSCRIPT_MODE, table) != 0) { return make_error("Could not write %s to %s (%s).", ofn, fn, From fedora-directory-commits at redhat.com Fri Mar 30 18:20:09 2007 From: fedora-directory-commits at redhat.com (Noriko Hosoi (nhosoi)) Date: Fri, 30 Mar 2007 14:20:09 -0400 Subject: [Fedora-directory-commits] ldapserver/m4 db.m4, 1.7, 1.8 icu.m4, 1.1, 1.2 Message-ID: <200703301820.l2UIK9QB002001@cvs-int.fedora.redhat.com> Author: nhosoi Update of /cvs/dirsec/ldapserver/m4 In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv1973 Modified Files: db.m4 icu.m4 Log Message: Resolves: #233215 Summary: verify-db.pl still assumes the db dir is always in the instance dir (Comment #10) Description: To set db_bindir, if db.pc exists, check if bindir variable is defined in the file or not. If it's defined, set it to db_bindir. If not, set the default path /usr/bin to db_bindir. Index: db.m4 =================================================================== RCS file: /cvs/dirsec/ldapserver/m4/db.m4,v retrieving revision 1.7 retrieving revision 1.8 diff -u -r1.7 -r1.8 --- db.m4 7 Feb 2007 23:57:34 -0000 1.7 +++ db.m4 30 Mar 2007 18:20:06 -0000 1.8 @@ -51,7 +51,6 @@ ], AC_MSG_RESULT(no)) dnl default path for the db tools (see [210947] for more details) -db_bindir=/usr/bin dnl - check in system locations if test -z "$db_inc"; then @@ -80,3 +79,13 @@ [$LIBNSL]) LDFLAGS="$save_ldflags" +# if DB is not found yet, try pkg-config + +# last resort +# Although the other db_* variables are correctly assigned at this point, +# db_bindir needs to be set by pkg-config if possible (e.g., on 64-bit Solaris) +if $PKG_CONFIG --exists db; then + db_bindir=`$PKG_CONFIG --variable=bindir db` +else + db_bindir=/usr/bin +fi Index: icu.m4 =================================================================== RCS file: /cvs/dirsec/ldapserver/m4/icu.m4,v retrieving revision 1.1 retrieving revision 1.2 diff -u -r1.1 -r1.2 --- icu.m4 17 Oct 2006 17:07:14 -0000 1.1 +++ icu.m4 30 Mar 2007 18:20:06 -0000 1.2 @@ -82,7 +82,7 @@ fi ], AC_MSG_RESULT(no)) -# if not found yet, try pkg-config +# if ICU is not found yet, try pkg-config # last resort if test -z "$icu_lib"; then