From nhosoi at fedoraproject.org Mon Dec 1 18:05:38 2008 From: nhosoi at fedoraproject.org (Noriko Hosoi) Date: Mon, 1 Dec 2008 18:05:38 +0000 (UTC) Subject: [Fedora-directory-commits] ldapserver/ldap/servers/slapd log.c, 1.23, 1.24 Message-ID: <20081201180538.8D1DA70134@cvs1.fedora.phx.redhat.com> Author: nhosoi Update of /cvs/dirsec/ldapserver/ldap/servers/slapd In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv7974 Modified Files: log.c Log Message: Resolves: #430993 Summary: log expiration policy broken in some cases Description: 1. set default values to loginfo.log_*_rotationtime, log_*_rotationunit, log_*_rotationtime_secs, log_*_exptime, log_*_exptimeunit, log_*_exptime_secs, where * matches access, error, or audit. 2. log_set_expirationtime: if the given exptime is 0 or less than 0, -1 (no expire) is set to the internal expiration time. If log_set_expirationtimeunit is not called at this moment, the default value is used. 3. log_set_expirationtimeunit: set the given expunit value to loginfo.log_*_exptimeunit, which was missing. If exptime is -1 at this moment (i.e., log_set_expirationtime is not called yet or set "no expire"), the internal expiration time is set to -1 (no expire). Index: log.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/log.c,v retrieving revision 1.23 retrieving revision 1.24 diff -u -r1.23 -r1.24 --- log.c 8 Oct 2008 17:29:03 -0000 1.23 +++ log.c 1 Dec 2008 18:05:35 -0000 1.24 @@ -277,14 +277,14 @@ loginfo.log_access_rotationsynchour = -1; loginfo.log_access_rotationsyncmin = -1; loginfo.log_access_rotationsyncclock = -1; - loginfo.log_access_rotationtime = -1; - loginfo.log_access_rotationunit = -1; - loginfo.log_access_rotationtime_secs = -1; + loginfo.log_access_rotationtime = 1; /* default: 1 */ + loginfo.log_access_rotationunit = LOG_UNIT_DAYS; /* default: day */ + loginfo.log_access_rotationtime_secs = 86400; /* default: 1 day */ loginfo.log_access_maxdiskspace = -1; loginfo.log_access_minfreespace = -1; - loginfo.log_access_exptime = -1; - loginfo.log_access_exptimeunit = -1; - loginfo.log_access_exptime_secs = -1; + loginfo.log_access_exptime = -1; /* default: -1 */ + loginfo.log_access_exptimeunit = LOG_UNIT_MONTHS; /* default: month */ + loginfo.log_access_exptime_secs = -1; /* default: -1 */ loginfo.log_access_level = LDAP_DEBUG_STATS; loginfo.log_access_ctime = 0L; loginfo.log_access_fdes = NULL; @@ -307,14 +307,14 @@ loginfo.log_error_rotationsynchour = -1; loginfo.log_error_rotationsyncmin = -1; loginfo.log_error_rotationsyncclock = -1; - loginfo.log_error_rotationtime = -1; - loginfo.log_error_rotationunit = -1; - loginfo.log_error_rotationtime_secs = -1; + loginfo.log_error_rotationtime = 1; /* default: 1 */ + loginfo.log_error_rotationunit = LOG_UNIT_WEEKS; /* default: week */ + loginfo.log_error_rotationtime_secs = 604800; /* default: 1 week */ loginfo.log_error_maxdiskspace = -1; loginfo.log_error_minfreespace = -1; - loginfo.log_error_exptime = -1; - loginfo.log_error_exptimeunit = -1; - loginfo.log_error_exptime_secs = -1; + loginfo.log_error_exptime = -1; /* default: -1 */ + loginfo.log_error_exptimeunit = LOG_UNIT_MONTHS; /* default: month */ + loginfo.log_error_exptime_secs = -1; /* default: -1 */ loginfo.log_error_ctime = 0L; loginfo.log_error_file = NULL; loginfo.log_error_fdes = NULL; @@ -333,14 +333,14 @@ loginfo.log_audit_rotationsynchour = -1; loginfo.log_audit_rotationsyncmin = -1; loginfo.log_audit_rotationsyncclock = -1; - loginfo.log_audit_rotationtime = -1; - loginfo.log_audit_rotationunit = -1; - loginfo.log_audit_rotationtime_secs = -1; + loginfo.log_audit_rotationtime = 1; /* default: 1 */ + loginfo.log_audit_rotationunit = LOG_UNIT_WEEKS; /* default: week */ + loginfo.log_audit_rotationtime_secs = 604800; /* default: 1 week */ loginfo.log_audit_maxdiskspace = -1; loginfo.log_audit_minfreespace = -1; - loginfo.log_audit_exptime = -1; - loginfo.log_audit_exptimeunit = -1; - loginfo.log_audit_exptime_secs = -1; + loginfo.log_audit_exptime = -1; /* default: -1 */ + loginfo.log_audit_exptimeunit = LOG_UNIT_WEEKS; /* default: week */ + loginfo.log_audit_exptime_secs = -1; /* default: -1 */ loginfo.log_audit_ctime = 0L; loginfo.log_audit_file = NULL; loginfo.log_numof_audit_logs = 1; @@ -1416,19 +1416,19 @@ switch (logtype) { case SLAPD_ACCESS_LOG: LOG_ACCESS_LOCK_WRITE( ); - loginfo.log_access_exptime = exptime; + loginfo.log_access_exptime = exptime; eunit = loginfo.log_access_exptimeunit; rsec = loginfo.log_access_rotationtime_secs; break; case SLAPD_ERROR_LOG: LOG_ERROR_LOCK_WRITE( ); - loginfo.log_error_exptime = exptime; + loginfo.log_error_exptime = exptime; eunit = loginfo.log_error_exptimeunit; rsec = loginfo.log_error_rotationtime_secs; break; case SLAPD_AUDIT_LOG: LOG_AUDIT_LOCK_WRITE( ); - loginfo.log_audit_exptime = exptime; + loginfo.log_audit_exptime = exptime; eunit = loginfo.log_audit_exptimeunit; rsec = loginfo.log_audit_rotationtime_secs; break; @@ -1437,22 +1437,22 @@ eunit = -1; } - if (eunit == LOG_UNIT_MONTHS) { - value = 31 * 24 * 60 * 60 * exptime; - } else if (eunit == LOG_UNIT_WEEKS) { - value = 7 * 24 * 60 * 60 * exptime; - } else if (eunit == LOG_UNIT_DAYS) { - value = 24 * 60 * 60 * exptime; - } else { - /* In this case we don't expire */ - value = -1; + value = -1; /* never expires, by default */ + if (exptime > 0) { + if (eunit == LOG_UNIT_MONTHS) { + value = 31 * 24 * 60 * 60 * exptime; + } else if (eunit == LOG_UNIT_WEEKS) { + value = 7 * 24 * 60 * 60 * exptime; + } else if (eunit == LOG_UNIT_DAYS) { + value = 24 * 60 * 60 * exptime; + } } if (value > 0 && value < rsec) { value = rsec; - } - if (exptime > 0 && value < 0) { - value = PR_INT32_MAX; /* overflown */ + } else if (exptime > 0 && value < -1) { + /* value is overflown */ + value = PR_INT32_MAX; } switch (logtype) { @@ -1488,7 +1488,8 @@ { int value = 0; int rv = 0; - int etimeunit, rsecs; + int exptime, rsecs; + int *exptimeunitp = NULL; slapdFrontendConfig_t *fe_cfg = getFrontendConfig(); if ( logtype != SLAPD_ACCESS_LOG && @@ -1523,33 +1524,50 @@ switch (logtype) { case SLAPD_ACCESS_LOG: LOG_ACCESS_LOCK_WRITE( ); - etimeunit = loginfo.log_access_exptime; + exptime = loginfo.log_access_exptime; rsecs = loginfo.log_access_rotationtime_secs; + exptimeunitp = &(loginfo.log_access_exptimeunit); break; case SLAPD_ERROR_LOG: LOG_ERROR_LOCK_WRITE( ); - etimeunit = loginfo.log_error_exptime; + exptime = loginfo.log_error_exptime; rsecs = loginfo.log_error_rotationtime_secs; + exptimeunitp = &(loginfo.log_error_exptimeunit); break; case SLAPD_AUDIT_LOG: LOG_AUDIT_LOCK_WRITE( ); - etimeunit = loginfo.log_audit_exptime; + exptime = loginfo.log_audit_exptime; rsecs = loginfo.log_audit_rotationtime_secs; + exptimeunitp = &(loginfo.log_audit_exptimeunit); break; default: rv = 1; - etimeunit = -1; + exptime = -1; rsecs = -1; } + value = -1; if (strcasecmp(expunit, "month") == 0) { - value = 31 * 24 * 60 * 60 * etimeunit; + if (exptime > 0) { + value = 31 * 24 * 60 * 60 * exptime; + } + if (exptimeunitp) { + *exptimeunitp = LOG_UNIT_MONTHS; + } } else if (strcasecmp(expunit, "week") == 0) { - value = 7 * 24 * 60 * 60 * etimeunit; + if (exptime > 0) { + value = 7 * 24 * 60 * 60 * exptime; + } + if (exptimeunitp) { + *exptimeunitp = LOG_UNIT_WEEKS; + } } else if (strcasecmp(expunit, "day") == 0) { - value = 24 * 60 * 60 * etimeunit; - } else { - value = -1; + if (exptime > 0) { + value = 24 * 60 * 60 * exptime; + } + if (exptimeunitp) { + *exptimeunitp = LOG_UNIT_DAYS; + } } if ((value > 0) && value < rsecs) { From rmeggins at fedoraproject.org Tue Dec 2 15:27:39 2008 From: rmeggins at fedoraproject.org (Richard Allen Megginson) Date: Tue, 2 Dec 2008 15:27:39 +0000 (UTC) Subject: [Fedora-directory-commits] directoryconsole/src/com/netscape/admin/dirserv dirserv.properties, 1.8, 1.9 Message-ID: <20081202152739.E066670143@cvs1.fedora.phx.redhat.com> Author: rmeggins Update of /cvs/dirsec/directoryconsole/src/com/netscape/admin/dirserv In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv764/directoryconsole/src/com/netscape/admin/dirserv Modified Files: dirserv.properties Log Message: Resolves: bug 469261 Bug Description: Support server-to-server SASL - console chaining, server cleanup Reviewed by: nkinder (Thanks!) Fix Description: There are two sets of diffs here. The first set adds tls, gssapi, and digest to the chaining database (aka database link) panels in the console. I had to add support for revert to some of the code to make the Reset button work without having to retrieve the values from the server each time. We already store the original values locally in the _origModel - I added code to allow the use of that in the Reset button. The second set of diffs is for the server. 1) I had to add support for "SIMPLE" for bindMechanism - this translates to LDAP_SASL_SIMPLE for the actual mechanism. This value is NULL, so I had to add handling for NULL values in the cb config code (slapi_ch_* work fine with NULL values). 2) Added some more debugging/tracing code 3) The server to server SSL code would only work if the server were configured to be an SSL server. But for the server to be an SSL client, it only needs NSS initialized and to have the CA cert. It also needs to configured some of the SSL settings and install the correct policy. I changed the server code to do this. Platforms tested: RHEL5 Flag Day: no Doc impact: Yes Index: dirserv.properties =================================================================== RCS file: /cvs/dirsec/directoryconsole/src/com/netscape/admin/dirserv/dirserv.properties,v retrieving revision 1.8 retrieving revision 1.9 diff -u -r1.8 -r1.9 --- dirserv.properties 17 Oct 2007 18:04:33 -0000 1.8 +++ dirserv.properties 2 Dec 2008 15:27:37 -0000 1.9 @@ -1164,8 +1164,26 @@ newchaining-new-mapping-title=Associate database with a suffix newchaining-instance-name-label=Database link name: newchaining-instance-name-ttip=Unique name of your new database link +newchaining-authmech-label=Authentication mechanism: +newchaining-authmech-ttip=How the server will authenticate to the remote server +newchaining-authmech-simple-label=Simple (Bind DN/Password) +newchaining-authmech-simple-ttip=Authenticate using a DN and a password (Simple auth) +newchaining-authmech-sslcert-label=Server TLS/SSL Certificate (requires TLS/SSL server set up) +newchaining-authmech-sslcert-ttip=Use the server's certificate to do TLS/SSL client cert auth (requires that the server has been set up to be an SSL server) +newchaining-authmech-gssapi-label=SASL/GSSAPI (requires server Kerberos keytab) +newchaining-authmech-gssapi-ttip=Authenticate using SASL/GSSAPI and the server's Kerberos keytab (supplier and consumer must both support SASL/GSSAPI/Kerberos) +newchaining-authmech-digest-label=SASL/DIGEST-MD5 (SASL user id and password) +newchaining-authmech-digest-ttip=Authenticate using SASL/DIGEST-MD5 - requires consumer support for digest password and identity mapping +newchaining-conntype-label=Connection Type: +newchaining-conntype-ttip=Type of connection to use to remote server (LDAP, LDAPS, LDAP with StartTLS) newchaining-url-title=LDAP URL +newchaining-url-ldap-label=Use LDAP (no encryption) +newchaining-url-ldap-ttip=Use plain LDAP with no encryption +newchaining-url-ldaps-label=Use TLS/SSL (TLS/SSL encryption with LDAPS) +newchaining-url-ldaps-ttip=Use TLSv1/SSLv3 encryption using the LDAPS port +newchaining-url-starttls-label=Use StartTLS (TLS/SSL encryption with LDAP) +newchaining-url-starttls-ttip=Start a TLSv1/SSLv3 encryption session on the LDAP connection newchaining-ldap-url-secu-label=Use a secure LDAP connection between servers newchaining-ldap-url-secu-ttip=Use SSL connection between remote and local servers newchaining-ldap-url-host-label=Remote server @@ -3090,6 +3108,10 @@ chaining-instance-auth-update-passwd-error-msg=Error updating :%0 \n %1 chaining-instance-auth-update-url-error-title=Failed to Update URL chaining-instance-auth-update-url-error-msg==Error updating :%0 \n %1 +chaining-instance-auth-update-starttls-error-title=Failed to Update StartTLS setting +chaining-instance-auth-update-starttls-error-msg=Error updating :%0 \n %1 +chaining-instance-auth-update-bindmech-error-title=Failed to Update Authentication Mechanism +chaining-instance-auth-update-bindmech-error-msg=Error updating :%0 \n %1 # # Account Inactivation From rmeggins at fedoraproject.org Tue Dec 2 15:27:40 2008 From: rmeggins at fedoraproject.org (Richard Allen Megginson) Date: Tue, 2 Dec 2008 15:27:40 +0000 (UTC) Subject: [Fedora-directory-commits] directoryconsole/src/com/netscape/admin/dirserv/panel/replication replication.properties, 1.2, 1.3 Message-ID: <20081202152740.54A7A7011D@cvs1.fedora.phx.redhat.com> Author: rmeggins Update of /cvs/dirsec/directoryconsole/src/com/netscape/admin/dirserv/panel/replication In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv764/directoryconsole/src/com/netscape/admin/dirserv/panel/replication Modified Files: replication.properties Log Message: Resolves: bug 469261 Bug Description: Support server-to-server SASL - console chaining, server cleanup Reviewed by: nkinder (Thanks!) Fix Description: There are two sets of diffs here. The first set adds tls, gssapi, and digest to the chaining database (aka database link) panels in the console. I had to add support for revert to some of the code to make the Reset button work without having to retrieve the values from the server each time. We already store the original values locally in the _origModel - I added code to allow the use of that in the Reset button. The second set of diffs is for the server. 1) I had to add support for "SIMPLE" for bindMechanism - this translates to LDAP_SASL_SIMPLE for the actual mechanism. This value is NULL, so I had to add handling for NULL values in the cb config code (slapi_ch_* work fine with NULL values). 2) Added some more debugging/tracing code 3) The server to server SSL code would only work if the server were configured to be an SSL server. But for the server to be an SSL client, it only needs NSS initialized and to have the CA cert. It also needs to configured some of the SSL settings and install the correct policy. I changed the server code to do this. Platforms tested: RHEL5 Flag Day: no Doc impact: Yes Index: replication.properties =================================================================== RCS file: /cvs/dirsec/directoryconsole/src/com/netscape/admin/dirserv/panel/replication/replication.properties,v retrieving revision 1.2 retrieving revision 1.3 diff -u -r1.2 -r1.3 --- replication.properties 24 Nov 2008 16:09:23 -0000 1.2 +++ replication.properties 2 Dec 2008 15:27:38 -0000 1.3 @@ -165,14 +165,14 @@ replication-destination-noEncrypt-label=Use LDAP (no encryption) replication-destination-noEncrypt-ttip=Use plain LDAP with no encryption replication-destination-sslEncrypt-label=Use TLS/SSL (TLS/SSL encryption with LDAPS) -replication-destination-sslEncrypt-ttip=Use TLSv1/SSLv3 encryption using the LDAPS port (636) +replication-destination-sslEncrypt-ttip=Use TLSv1/SSLv3 encryption using the LDAPS port replication-destination-startTLS-label=Use StartTLS (TLS/SSL encryption with LDAP) replication-destination-startTLS-ttip=Start a TLSv1/SSLv3 encryption session on the LDAP connection replication-destination-authUsing-label=Authentication mechanism: replication-destination-simpleAuth-label=Simple (Bind DN/Password) replication-destination-simpleAuth-ttip=Authenticate using a DN and a password (Simple auth) replication-destination-sslClientAuth-label=Server TLS/SSL Certificate (requires TLS/SSL server set up) -replication-destination-sslClientAuth-ttip=Use the server's certificate to do TLS/SSL client cert auth (requires that the server has been set up to be an SSL server) +replication-destination-sslClientAuth-ttip=Use the server's certificate to do TLS/SSL client cert auth (requires that the server has been set up to be a TLS/SSL server) replication-destination-gssapiAuth-label=SASL/GSSAPI (requires server Kerberos keytab) replication-destination-gssapiAuth-ttip=Authenticate using SASL/GSSAPI and the server's Kerberos keytab (supplier and consumer must both support SASL/GSSAPI/Kerberos) replication-destination-digestAuth-label=SASL/DIGEST-MD5 (SASL user id and password) From rmeggins at fedoraproject.org Tue Dec 2 15:27:40 2008 From: rmeggins at fedoraproject.org (Richard Allen Megginson) Date: Tue, 2 Dec 2008 15:27:40 +0000 (UTC) Subject: [Fedora-directory-commits] directoryconsole/src/com/netscape/admin/dirserv/panel BlankPanel.java, 1.2, 1.3 ChainingInstanceAuthPanel.java, 1.1.1.1, 1.2 DSEntry.java, 1.1.1.1, 1.2 NewChainingInstancePanel.java, 1.1.1.1, 1.2 NewChainingPanel.java, 1.1.1.1, 1.2 Message-ID: <20081202152740.4C83470143@cvs1.fedora.phx.redhat.com> Author: rmeggins Update of /cvs/dirsec/directoryconsole/src/com/netscape/admin/dirserv/panel In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv764/directoryconsole/src/com/netscape/admin/dirserv/panel Modified Files: BlankPanel.java ChainingInstanceAuthPanel.java DSEntry.java NewChainingInstancePanel.java NewChainingPanel.java Log Message: Resolves: bug 469261 Bug Description: Support server-to-server SASL - console chaining, server cleanup Reviewed by: nkinder (Thanks!) Fix Description: There are two sets of diffs here. The first set adds tls, gssapi, and digest to the chaining database (aka database link) panels in the console. I had to add support for revert to some of the code to make the Reset button work without having to retrieve the values from the server each time. We already store the original values locally in the _origModel - I added code to allow the use of that in the Reset button. The second set of diffs is for the server. 1) I had to add support for "SIMPLE" for bindMechanism - this translates to LDAP_SASL_SIMPLE for the actual mechanism. This value is NULL, so I had to add handling for NULL values in the cb config code (slapi_ch_* work fine with NULL values). 2) Added some more debugging/tracing code 3) The server to server SSL code would only work if the server were configured to be an SSL server. But for the server to be an SSL client, it only needs NSS initialized and to have the CA cert. It also needs to configured some of the SSL settings and install the correct policy. I changed the server code to do this. Platforms tested: RHEL5 Flag Day: no Doc impact: Yes Index: BlankPanel.java =================================================================== RCS file: /cvs/dirsec/directoryconsole/src/com/netscape/admin/dirserv/panel/BlankPanel.java,v retrieving revision 1.2 retrieving revision 1.3 diff -u -r1.2 -r1.3 --- BlankPanel.java 2 Jul 2007 19:44:09 -0000 1.2 +++ BlankPanel.java 2 Dec 2008 15:27:37 -0000 1.3 @@ -339,6 +339,31 @@ } } + /** + * Reverts all DSEntries registered with the panel + * Mainly used by the panels that us DSEntry for + * display management rather than data transfer + * Usually, the remoteToLocal is used to refresh + * the model from the server, but this takes the + * short cut of using revert to just replace the + * model with the original model stored in the DSEntry + * then to use show to "flush" the model to the view + */ + protected void revertAll () { + Enumeration values = _componentMapDSEntryTable.elements(); + while ( values.hasMoreElements() ) { + Vector v = (Vector)values.nextElement(); + Enumeration entries = v.elements(); + while( entries.hasMoreElements() ) { + DSEntry entry = (DSEntry)entries.nextElement(); + if (entry != null) { + entry.revert(); + entry.show(); + } + } + } + } + /* Validates all elements of the panel */ private void validateAll () { int result; Index: ChainingInstanceAuthPanel.java =================================================================== RCS file: /cvs/dirsec/directoryconsole/src/com/netscape/admin/dirserv/panel/ChainingInstanceAuthPanel.java,v retrieving revision 1.1.1.1 retrieving revision 1.2 diff -u -r1.1.1.1 -r1.2 --- ChainingInstanceAuthPanel.java 18 Jul 2005 00:55:53 -0000 1.1.1.1 +++ ChainingInstanceAuthPanel.java 2 Dec 2008 15:27:37 -0000 1.2 @@ -28,8 +28,6 @@ import javax.swing.event.*; import com.netscape.admin.dirserv.*; import com.netscape.management.client.*; -import com.netscape.management.client.util.AbstractDialog; -import com.netscape.management.client.util.Debug; import com.netscape.management.client.util.*; import netscape.ldap.*; import netscape.ldap.util.DN; @@ -71,6 +69,7 @@ createComment( _myPanel ); checkComment(); addBottomGlue(); + showAll(); _isInitialized = true; } @@ -153,8 +152,6 @@ _lcommentAciLabel = makeJLabel( _section, "proxy-help-aci" ); - _lcommentAci = new JLabel(); - _tfaCommentAci = new JTextArea( 3, 10); _lcommentAciLabel.setLabelFor(_tfaCommentAci); _tfaCommentAci.setWrapStyleWord( true ); @@ -220,6 +217,29 @@ pgbc.weightx = 1; panel.add( _lSuffixText, pgbc); + pgbc.gridy++; + pgbc.gridx = 0; + pgbc.fill = pgbc.NONE; + pgbc.weightx = 0; + pgbc.anchor = pgbc.EAST; + panel.add( _lConnType, pgbc); + + pgbc.gridx = 1; + pgbc.anchor = pgbc.WEST; + pgbc.weightx = 1; + panel.add( _noEncrypt, pgbc); + + pgbc.gridy++; + pgbc.gridx = 1; + pgbc.anchor = pgbc.WEST; + pgbc.weightx = 1; + panel.add( _sslEncrypt, pgbc); + + pgbc.gridy++; + pgbc.gridx = 1; + pgbc.anchor = pgbc.WEST; + pgbc.weightx = 1; + panel.add( _tlsEncrypt, pgbc); pgbc.gridy++; pgbc.gridx = 0; @@ -228,7 +248,37 @@ _lnsfarmserverurl, _tfnsfarmserverurl); - pgbc.gridy++; + pgbc.gridy++; + pgbc.gridx = 0; + pgbc.fill = pgbc.NONE; + pgbc.weightx = 0; + pgbc.anchor = pgbc.EAST; + panel.add( _authMechLabel, pgbc); + + pgbc.gridx = 1; + pgbc.anchor = pgbc.WEST; + pgbc.weightx = 1; + panel.add( _sslAuth, pgbc); + + pgbc.gridy++; + pgbc.gridx = 1; + pgbc.anchor = pgbc.WEST; + pgbc.weightx = 1; + panel.add( _gssapiAuth, pgbc); + + pgbc.gridy++; + pgbc.gridx = 1; + pgbc.anchor = pgbc.WEST; + pgbc.weightx = 1; + panel.add( _digestAuth, pgbc); + + pgbc.gridy++; + pgbc.gridx = 1; + pgbc.anchor = pgbc.WEST; + pgbc.weightx = 1; + panel.add( _simpleAuth, pgbc); + + pgbc.gridy++; pgbc.gridx = 0; addEntryField( panel, pgbc, @@ -266,10 +316,12 @@ STRETCH_FIELDS ? ((label2 != null) ? label2 : field) : endGlue; gbc.fill = gbc.NONE; gbc.weightx = 0.0; + int gridwidth = gbc.gridwidth; gbc.gridwidth = 1; // gbc.gridx = 0; gbc.anchor = gbc.EAST; int space = UIFactory.getComponentSpace(); + Insets insets = gbc.insets; gbc.insets = new Insets( space, space, 0, space/2 ); panel.add( label, gbc ); @@ -300,6 +352,9 @@ gbc.gridwidth = gbc.REMAINDER; panel.add( endGlue, gbc ); } + // restore previous values + gbc.insets = insets; + gbc.gridwidth = gridwidth; } /** @@ -328,24 +383,112 @@ entries = new DSEntrySet( false ); setDSEntrySet( entries ); + + _lConnType = makeJLabel( _comsection, "conntype" ); - /* nsmultiplexorbinddn */ + ButtonGroup connGroup = new ButtonGroup(); + _noEncrypt = makeJRadioButton( _comsection, "url-ldap" ); + _noEncrypt.setSelected(true); // default is on + connGroup.add(_noEncrypt); + + _sslEncrypt = makeJRadioButton( _comsection, "url-ldaps" ); + connGroup.add(_sslEncrypt); + + _tlsEncrypt = makeJRadioButton( _comsection, "url-starttls" ); + connGroup.add(_tlsEncrypt); + + /* add DSEntry to correctly update field + coloring and buttons enabling/disabling */ + _ldapDSEntry = new DSEntryBoolean ("on", _noEncrypt); + setComponentTable(_noEncrypt, _ldapDSEntry); + _sslDSEntry = new DSEntryBoolean ("off", _sslEncrypt); + setComponentTable(_sslEncrypt, _sslDSEntry); + _tlsDSEntry = new DSEntryBoolean ("off", _tlsEncrypt); + setComponentTable(_tlsEncrypt, _tlsDSEntry); + + entryurl = getAttrVal( NSFARMSERVERURL_ATTR ); + boolean ssl = (entryurl != null) && + entryurl.toLowerCase().startsWith("ldaps"); + _sslEncrypt.setSelected(ssl); + _sslDSEntry.fakeInitModel(ssl ? "on" : "off"); + // set starttls initial value + useStartTLS = getAttrVal( NSUSESTARTTLS_ATTR ); + // cannot use starttls with ldaps + boolean tls = !ssl && (useStartTLS != null) && + useStartTLS.equalsIgnoreCase("on"); + _tlsEncrypt.setSelected(tls); + _tlsDSEntry.fakeInitModel(tls ? "on" : "off"); + _noEncrypt.setSelected(!ssl && !tls); + _ldapDSEntry.fakeInitModel((!ssl && !tls) ? "on" : "off"); + + _authMechLabel = makeJLabel( _comsection, "authmech" ); + + //ssl auth radio button + ButtonGroup authGroup = new ButtonGroup(); + _sslAuth = makeJRadioButton( _comsection, "authmech-sslcert" ); + _sslAuth.setEnabled(false); // because default is plain ldap + authGroup.add(_sslAuth); + + _gssapiAuth = makeJRadioButton( _comsection, "authmech-gssapi" ); + authGroup.add(_gssapiAuth); + + _digestAuth = makeJRadioButton( _comsection, "authmech-digest" ); + authGroup.add(_digestAuth); + + _simpleAuth = makeJRadioButton( _comsection, "authmech-simple" ); + _simpleAuth.setSelected(true); // default auth mech + authGroup.add(_simpleAuth); + + /* add DSEntry to correctly update field + coloring and buttons enabling/disabling */ + _sslAuthDSEntry = new DSEntryBoolean ("off", _sslAuth); + setComponentTable(_sslAuth, _sslAuthDSEntry); + _gssapiAuthDSEntry = new DSEntryBoolean ("off", _gssapiAuth); + setComponentTable(_gssapiAuth, _gssapiAuthDSEntry); + _digestAuthDSEntry = new DSEntryBoolean ("off", _digestAuth); + setComponentTable(_digestAuth, _digestAuthDSEntry); + _simpAuthDSEntry = new DSEntryBoolean ("on", _simpleAuth); + setComponentTable(_simpleAuth, _simpAuthDSEntry); + + bindMech = getAttrVal( NSBINDMECHANISM_ATTR ); + boolean simpauth = (bindMech == null) || bindMech.equalsIgnoreCase("SIMPLE"); + boolean sslauth = (bindMech != null) && bindMech.equalsIgnoreCase("EXTERNAL"); + boolean gssapi = (bindMech != null) && bindMech.equalsIgnoreCase("GSSAPI"); + boolean digest = (bindMech != null) && bindMech.equalsIgnoreCase("DIGEST-MD5"); + if (!ssl && !tls) { + sslauth = false; + _sslAuth.setEnabled(false); + } + if (ssl || tls) { + gssapi = false; + _gssapiAuth.setEnabled(false); + } + _sslAuth.setSelected(sslauth); + _sslAuthDSEntry.fakeInitModel(sslauth ? "on" : "off"); + _gssapiAuth.setSelected(gssapi); + _gssapiAuthDSEntry.fakeInitModel(gssapi ? "on" : "off"); + _digestAuth.setSelected(digest); + _digestAuthDSEntry.fakeInitModel(digest ? "on" : "off"); + // if one of the other auth was selected, but it would be + // invalid to use them, just default to simple auth + simpauth = simpauth || (!sslauth && !gssapi && !digest); + _simpleAuth.setSelected(simpauth); + _simpAuthDSEntry.fakeInitModel(simpauth ? "on" : "off"); + + /* nsmultiplexorbinddn */ _tfnsmultiplexorbinddn = makeJTextField( _section, "nsmultiplexorbinddn" ); _lnsmultiplexorbinddn = makeJLabel( _section, "nsmultiplexorbinddn" ); _lnsmultiplexorbinddn.setLabelFor(_tfnsmultiplexorbinddn); - LDAPAttribute binddn = - _chEntry.getAttribute( NSMULTIPLEXORBINDDN_ATTR ); - _isBindDNExist = ( binddn != null ); - - DSEntryDN _nsmultiplexorbinddn = - new DSEntryDN("", + AbstractButton ary[] = {_sslAuth, _gssapiAuth}; + bindDSEntry _nsmultiplexorbinddn = + new bindDSEntry("", _tfnsmultiplexorbinddn, _lnsmultiplexorbinddn, NSMULTIPLEXORBINDDN_ATTR, - _model ); + _model, ary ); entries.add( _dnEntry, NSMULTIPLEXORBINDDN_ATTR, _nsmultiplexorbinddn ); @@ -364,23 +507,20 @@ makeJLabel( _section, "confirmcredentials" ); _lConfirmPassword.setLabelFor(_pfConfirmPassword); - LDAPAttribute passwd = - _chEntry.getAttribute( NSMULTIPLEXORCREDENTIALS_ATTR ); - _isPasswdExist = ( passwd != null ); - DSEntryConfirmPassword dsEntryConfirm = - new DSEntryConfirmPassword("", + confirmPwdDSEntry dsEntryConfirm = + new confirmPwdDSEntry("", _pfConfirmPassword, _lConfirmPassword, _pfnsmultiplexorcredentials, - 1); + 1, ary); setComponentTable(_pfConfirmPassword, dsEntryConfirm); - DSEntryPassword dsEntryPwd = - new DSEntryPassword("", + pwdDSEntry dsEntryPwd = + new pwdDSEntry("", _pfnsmultiplexorcredentials, _lnsmultiplexorcredentials, dsEntryConfirm, - 1); + 1, ary); setComponentTable(_pfConfirmPassword, dsEntryPwd); entries.add(_dnEntry, NSMULTIPLEXORCREDENTIALS_ATTR, @@ -392,8 +532,8 @@ _lnsfarmserverurl = makeJLabel( _section, "nsfarmserverurl" ); _lnsfarmserverurl.setLabelFor(_tfnsfarmserverurl); - DSEntryText _nsfarmserverurl = - new DSEntryText("", + urlDSEntry _nsfarmserverurl = + new urlDSEntry("", _tfnsfarmserverurl, _lnsfarmserverurl ); entries.add( _dnEntry, @@ -404,11 +544,88 @@ entrybind = getAttrVal( NSMULTIPLEXORBINDDN_ATTR ); entrypwd = getAttrVal( NSMULTIPLEXORCREDENTIALS_ATTR ); - entryurl = getAttrVal( NSFARMSERVERURL_ATTR ); } - private void checkComment() { + private void enableSimpleAuth (boolean enable){ + _lnsmultiplexorbinddn.setEnabled(enable); + _tfnsmultiplexorbinddn.setEnabled(enable); + _lnsmultiplexorcredentials.setEnabled(enable); + _pfnsmultiplexorcredentials.setEnabled(enable); + _pfnsmultiplexorcredentials.setBackground(_tfnsmultiplexorbinddn.getBackground()); + _lConfirmPassword.setEnabled(enable); + _pfConfirmPassword.setEnabled(enable); + _pfConfirmPassword.setBackground(_tfnsmultiplexorbinddn.getBackground()); + } + + /* We need to intercept the conn type and auth type buttons in order + * to enable/disable various combinations of them + * @see com.netscape.admin.dirserv.panel.BlankPanel#actionPerformed(java.awt.event.ActionEvent) + */ + public void actionPerformed(ActionEvent e) { + if (e.getSource().equals(_sslAuth) && _sslAuth.isSelected()) { + //disable + enableSimpleAuth (false); + } + if (e.getSource().equals(_gssapiAuth) && _gssapiAuth.isSelected()) { + // enable + enableSimpleAuth (true); + } + if (e.getSource().equals(_simpleAuth) && _simpleAuth.isSelected()) { + //enable + enableSimpleAuth (true); + } + if (e.getSource().equals(_digestAuth) && _digestAuth.isSelected()) { + //enable + enableSimpleAuth (true); + } + if (e.getSource().equals(_noEncrypt) && _noEncrypt.isSelected()) { + //disable + _sslAuth.setEnabled(false); + if (_sslAuth.isSelected()) { + // have to select something else + _simpleAuth.setSelected(true); + } + enableSimpleAuth(true); + _gssapiAuth.setEnabled(true); + _digestAuth.setEnabled(true); + String url = _tfnsfarmserverurl.getText(); + if (url.startsWith("ldaps://")) { + url = url.replaceFirst("ldaps://", "ldap://"); + _tfnsfarmserverurl.setText(url); + } + } + boolean ssl_selected = false; + if (e.getSource().equals(_sslEncrypt) && _sslEncrypt.isSelected()) { + ssl_selected = true; + String url = _tfnsfarmserverurl.getText(); + if (url.startsWith("ldap://")) { + url = url.replaceFirst("ldap://", "ldaps://"); + _tfnsfarmserverurl.setText(url); + } + } + if (e.getSource().equals(_tlsEncrypt) && _tlsEncrypt.isSelected()) { + ssl_selected = true; + String url = _tfnsfarmserverurl.getText(); + if (url.startsWith("ldaps://")) { + url = url.replaceFirst("ldaps://", "ldap://"); + _tfnsfarmserverurl.setText(url); + } + } + if (ssl_selected) { + _sslAuth.setEnabled(true); + _gssapiAuth.setEnabled(false); + if (_gssapiAuth.isSelected()) { + // have to select something else + _simpleAuth.setSelected(true); + enableSimpleAuth(true); + } + } + + super.actionPerformed(e); + } + + private void checkComment() { String usr = _tfnsmultiplexorbinddn.getText(); String suf = _chEntry.getAttribute( SUFFIX_ATTR_NAM ).getStringValueArray()[0]; String aci = "(targetattr = \"*\")" + @@ -422,121 +639,57 @@ _tfaCommentAci.setText( aci ); } + + private void checkURL(DocumentEvent e) { + if (!e.getDocument().equals(_tfnsfarmserverurl.getDocument())) { + return; + } + String url = _tfnsfarmserverurl.getText(); + if (url != null) { + // user typed in ldap url + if (url.startsWith("ldap://") && _sslEncrypt.isSelected()) { + if (_sslAuth.isSelected()) { + _tlsEncrypt.setSelected(true); // preserve security setting + } else { + _noEncrypt.setSelected(true); + _sslAuth.setEnabled(false); + _gssapiAuth.setEnabled(true); + enableSimpleAuth(true); + } + } + // user typed in ldaps url + if (url.startsWith("ldaps://") && !_sslEncrypt.isSelected()) { + _sslEncrypt.setSelected(true); + if (!_sslAuth.isSelected()) { + _sslAuth.setEnabled(true); + _gssapiAuth.setEnabled(false); + enableSimpleAuth(true); + } + } + } + } public void changedUpdate(DocumentEvent e) { + checkURL(e); super.changedUpdate( e ); - if((e.getDocument() == - _pfnsmultiplexorcredentials.getDocument()) || - (e.getDocument() == - _pfConfirmPassword.getDocument())) { - _isPasswdExist = true; - } modelUpdate(); } public void insertUpdate(DocumentEvent e) { - super.changedUpdate( e ); + checkURL(e); + super.insertUpdate( e ); modelUpdate(); } public void removeUpdate(DocumentEvent e) { + checkURL(e); super.removeUpdate( e ); modelUpdate(); } private void modelUpdate(){ - checkValues(); - checkOkay(); checkComment(); } - private void checkValues() { - - _isBindDNValid = DN.isDN( _tfnsmultiplexorbinddn.getText()); - - if( entrybind == null ) { - _isBindDNDirty = ( _tfnsmultiplexorbinddn.getText().trim().length() != 0); - } else { - _isBindDNDirty = (entrybind.compareTo( _tfnsmultiplexorbinddn.getText()) != 0 ); - } - - if(_isBindDNValid){ - if(_isBindDNDirty){ - setChangeState( _lnsmultiplexorbinddn, CHANGE_STATE_MODIFIED ); - } else { - setChangeState( _lnsmultiplexorbinddn, CHANGE_STATE_UNMODIFIED ); - } - } else { - setChangeState( _lnsmultiplexorbinddn, - CHANGE_STATE_ERROR); - } - - String pwd = new String( _pfnsmultiplexorcredentials.getPassword()); - String confpwd = new String( _pfConfirmPassword.getPassword()); - _isPasswdValid = ( pwd.compareTo( confpwd ) == 0); - if ( entrypwd == null ) { - _isPasswdDirty = (pwd.trim().compareTo("") != 0); - } else { - _isPasswdDirty = (entrypwd.compareTo( pwd ) != 0); - } - - if(_isPasswdValid) { - if ( _isPasswdDirty ){ - setChangeState( _lnsmultiplexorcredentials, - CHANGE_STATE_MODIFIED); - setChangeState( _lConfirmPassword, - CHANGE_STATE_MODIFIED); - } else { - setChangeState( _lnsmultiplexorcredentials, - CHANGE_STATE_UNMODIFIED ); - setChangeState( _lConfirmPassword, - CHANGE_STATE_UNMODIFIED ); - } - } else { - setChangeState( _lnsmultiplexorcredentials, - CHANGE_STATE_ERROR); - setChangeState( _lConfirmPassword, - CHANGE_STATE_ERROR); - } - - _isURLDirty = (entryurl.compareTo( _tfnsfarmserverurl.getText()) != 0); - _isURLValid = valideChainingURL( _tfnsfarmserverurl.getText() ); - if(_isURLValid){ - if(_isURLDirty) { - setChangeState( _lnsfarmserverurl, - CHANGE_STATE_MODIFIED); - } else { - setChangeState( _lnsfarmserverurl, - CHANGE_STATE_UNMODIFIED ); - } - } else { - setChangeState( _lnsfarmserverurl, - CHANGE_STATE_ERROR); - } - } - - public boolean valideChainingURL( String url ){ - boolean ok; - if(( url == null) || (url.length() == 0)){ - return false; - } - ok = ( url.startsWith("ldap://") || url.startsWith("ldaps://") ); - ok = ok && ( url.endsWith("/")); - return( ok ); - } - - /** - * Enable/disable OK button - * - * @param ok true to enable the OK button - */ - private void setOkay( boolean ok ) { - if( ok ) { - setValidFlag(); - } else { - clearValidFlag(); - } - } - private String getAttrVal( String attrName ) { if ( _chEntry != null ) { LDAPAttribute attr = _chEntry.getAttribute( attrName ); @@ -548,166 +701,226 @@ } return null; } - - private void checkDirtyFlag(){ - boolean dirty = _isBindDNDirty || _isPasswdDirty || _isURLDirty; - if ( dirty ) { - setDirtyFlag(); - } else { - clearDirtyFlag(); - } - } - - private void checkOkay() { - boolean ok = (_isBindDNValid && _isPasswdValid && _isURLValid ); - checkDirtyFlag(); - setOkay( ok); + + public void resetCallback() { + revertAll(); + if (_noEncrypt.isSelected()) { + //disable + _sslAuth.setEnabled(false); + if (_sslAuth.isSelected()) { + // have to select something else + _simpleAuth.setSelected(true); + } + enableSimpleAuth(true); + _gssapiAuth.setEnabled(true); + _digestAuth.setEnabled(true); + String url = _tfnsfarmserverurl.getText(); + if (url.startsWith("ldaps://")) { + url = url.replaceFirst("ldaps://", "ldap://"); + _tfnsfarmserverurl.setText(url); + } + } + boolean ssl_selected = false; + if (_sslEncrypt.isSelected()) { + ssl_selected = true; + String url = _tfnsfarmserverurl.getText(); + if (url.startsWith("ldap://")) { + url = url.replaceFirst("ldap://", "ldaps://"); + _tfnsfarmserverurl.setText(url); + } + } + if (_tlsEncrypt.isSelected()) { + ssl_selected = true; + String url = _tfnsfarmserverurl.getText(); + if (url.startsWith("ldaps://")) { + url = url.replaceFirst("ldaps://", "ldap://"); + _tfnsfarmserverurl.setText(url); + } + } + if (ssl_selected) { + _sslAuth.setEnabled(true); + _gssapiAuth.setEnabled(false); + if (_gssapiAuth.isSelected()) { + // have to select something else + _simpleAuth.setSelected(true); + enableSimpleAuth(true); + } + } + super.resetCallback(); } - public void okCallback() { LDAPConnection ldc = _model.getServerInfo().getLDAPConnection(); - if( _isBindDNDirty){ - String bindn = _tfnsmultiplexorbinddn.getText(); - String bindnL[] = { bindn }; - boolean deleted = false; - LDAPModificationSet attrs = new LDAPModificationSet(); - - if(( bindn == null) || - ( bindn.length() == 0)) { - deleted = true; - attrs.add(LDAPModification.DELETE, - new LDAPAttribute(NSMULTIPLEXORBINDDN_ATTR)); - - } else if( ! _isBindDNExist) { - attrs.add(LDAPModification.ADD, - new LDAPAttribute( NSMULTIPLEXORBINDDN_ATTR, - bindnL)); - } else { - attrs.add(LDAPModification.REPLACE, - new LDAPAttribute( NSMULTIPLEXORBINDDN_ATTR, - bindnL)); - } - try { - ldc.modify( _chEntry.getDN(), attrs ); - clearDirtyFlag(); - _isBindDNDirty = false; - _isBindDNExist = !deleted; - entrybind = bindn; - /* - DSEntryDN _nsmultiplexorbinddn = - new DSEntryDN("", - _tfnsmultiplexorbinddn, - _lnsmultiplexorbinddn, - NSMULTIPLEXORBINDDN_ATTR, - _model ); - entries.add( _dnEntry, - NSMULTIPLEXORBINDDN_ATTR, - _nsmultiplexorbinddn ); - setComponentTable( _tfnsmultiplexorbinddn, - _nsmultiplexorbinddn ); - */ - } catch (LDAPException e) { - String[] args_m = { _chEntry.getDN(), e.toString() }; - DSUtil.showErrorDialog( getModel().getFrame(), - "update-binddn-error", - args_m, - _section ); - } - } + int errors = 0; - if( _isPasswdDirty ){ - String pwd = new String( _pfnsmultiplexorcredentials.getPassword()); - String pwdL[] = { pwd }; - boolean deleted = false; - LDAPModificationSet attrs = new LDAPModificationSet(); - if (( pwd == null) || ( pwd.length() == 0)){ - deleted = true; - attrs.add(LDAPModification.DELETE, - new LDAPAttribute( NSMULTIPLEXORCREDENTIALS_ATTR)); - } else if( !_isPasswdExist ) { - attrs.add(LDAPModification.ADD, - new LDAPAttribute( NSMULTIPLEXORCREDENTIALS_ATTR, - pwdL )); - } else { - attrs.add(LDAPModification.REPLACE, - new LDAPAttribute( NSMULTIPLEXORCREDENTIALS_ATTR, - pwdL )); - } - try { - ldc.modify( _chEntry.getDN(), attrs ); - clearDirtyFlag(); - _isPasswdDirty = false; - _isPasswdExist = ! deleted; - entrypwd = pwd; - /* - DSEntryConfirmPassword dsEntryConfirm = - new DSEntryConfirmPassword("", - _pfConfirmPassword, - _lConfirmPassword, - _pfnsmultiplexorcredentials, - 1); - setComponentTable(_pfConfirmPassword, dsEntryConfirm); - - DSEntryPassword dsEntryPwd = - new DSEntryPassword("", - _pfnsmultiplexorcredentials, - _lnsmultiplexorcredentials, - dsEntryConfirm, - 1); - setComponentTable(_pfConfirmPassword, dsEntryPwd); - entries.add(_dnEntry, - NSMULTIPLEXORCREDENTIALS_ATTR, - dsEntryPwd); - */ - } catch (LDAPException e) { - String[] args_m = { _chEntry.getDN(), e.toString() }; - DSUtil.showErrorDialog( getModel().getFrame(), - "update-passwd-error", - args_m, - _section ); - - } - } + // need to update nsUseStartTLS? + if (_tlsDSEntry.getDirty()) { + useStartTLS = _tlsEncrypt.isSelected() ? "on" : "off"; + LDAPModificationSet attrs = new LDAPModificationSet(); + attrs.add(LDAPModification.REPLACE, + new LDAPAttribute( NSUSESTARTTLS_ATTR, + useStartTLS )); + try { + ldc.modify( _chEntry.getDN(), attrs ); + _ldapDSEntry.reset(); + _sslDSEntry.reset(); + _tlsDSEntry.reset(); + } catch (LDAPException e) { + errors++; + String[] args_m = { _chEntry.getDN(), e.toString() }; + DSUtil.showErrorDialog( getModel().getFrame(), + "update-starttls-error", + args_m, + _section ); + } + } + + if (_simpAuthDSEntry.getDirty() || _sslAuthDSEntry.getDirty() || + _gssapiAuthDSEntry.getDirty() || _digestAuthDSEntry.getDirty()) { + if (_sslAuth.isSelected()) { + bindMech = "EXTERNAL"; + } + if (_gssapiAuth.isSelected()) { + bindMech = "GSSAPI"; + } + if (_digestAuth.isSelected()) { + bindMech = "DIGEST-MD5"; + } + if (_simpleAuth.isSelected()) { + bindMech = "SIMPLE"; + } + LDAPModificationSet attrs = new LDAPModificationSet(); + attrs.add( LDAPModification.REPLACE, + new LDAPAttribute ( NSBINDMECHANISM_ATTR, + bindMech )); + try { + ldc.modify( _chEntry.getDN(), attrs ); + _simpAuthDSEntry.reset(); + _sslAuthDSEntry.reset(); + _gssapiAuthDSEntry.reset(); + _digestAuthDSEntry.reset(); + } catch (LDAPException e) { + errors++; + String[] args_m = { _chEntry.getDN(), e.toString() }; + DSUtil.showErrorDialog( getModel().getFrame(), + "update-bindmech-error", + args_m, + _section ); + } + } + super.okCallback(); + // clear dirty flag if all changes saved successfully + if (errors == 0) { + clearDirtyFlag(); + } + } + + class urlDSEntry extends DSEntryTextStrict + { + urlDSEntry(String model, JComponent view1, JComponent view2) { + super (model, view1, view2); + } + + public int validate (){ + JTextField tf = (JTextField) getView (0); + String url = tf.getText (); + + boolean ok = (url != null) && (url.length() > 0); + ok = ok && ( url.startsWith("ldap://") || url.startsWith("ldaps://") ); + ok = ok && ( url.endsWith("/")); + return ok ? 0 : 1; + } + } - String url = _tfnsfarmserverurl.getText(); - String urlL[] = { url }; - if ( _isURLDirty ) { - LDAPModificationSet attrs = new LDAPModificationSet(); - attrs.add(LDAPModification.REPLACE, - new LDAPAttribute( NSFARMSERVERURL_ATTR, - urlL )); - try { - ldc.modify( _chEntry.getDN(), attrs ); - clearDirtyFlag(); - _isURLDirty = false; - _isURLValid = true; - entryurl = url; - } catch (LDAPException e) { - String[] args_m = { _chEntry.getDN(), e.toString() }; - DSUtil.showErrorDialog( getModel().getFrame(), - "update-passwd-error", - args_m, - _section ); - } - - } - // super.okCallback(); - } - - public void resetCallback() { - _isPasswdDirty = false; - if( ! _isBindDNExist ){ - _tfnsmultiplexorbinddn.setText(""); - } - if( ! _isPasswdExist ){ - _pfnsmultiplexorcredentials.setText(""); - _pfConfirmPassword.setText(""); - } - super.resetCallback(); - } - - private IDSModel _model = null; + class bindDSEntry extends DSEntryDN + { + private AbstractButton ary[]; + + bindDSEntry( String model, JComponent view1, JComponent view2, + String attrName, IDSModel dsModel, AbstractButton ary[] ) { + super (model, view1, view2, attrName, dsModel); + this.ary = ary; + } + + public int validate (){ + JTextField tf = (JTextField) getView (0); + + /* disabled field is always valid */ + if (!tf.isEnabled ()) + return 0; + + // skip check if any of these buttons are + // selected + for (int ii = 0; ii < ary.length; ++ii) { + if (ary[ii].isSelected()) { + return 0; + } + } + + return super.validate(); + } + } + + class pwdDSEntry extends DSEntryPassword + { + private AbstractButton ary[]; + + pwdDSEntry(String model, JPasswordField pfPwd, + JLabel lPwd, + DSEntryConfirmPassword dsEntryConfirm, + int minLength, AbstractButton ary[]) { + super (model, pfPwd, lPwd, dsEntryConfirm, minLength); + this.ary = ary; + } + + public int validate (){ + JTextField tf = (JTextField) getView (0); + + /* disabled field is always valid */ + if (!tf.isEnabled ()) + return 0; + + // skip check if any of these buttons are + // selected + for (int ii = 0; ii < ary.length; ++ii) { + if (ary[ii].isSelected()) { + return 0; + } + } + + return super.validate(); + } + } + + class confirmPwdDSEntry extends DSEntryConfirmPassword { + private AbstractButton ary[]; + + confirmPwdDSEntry(String model, JPasswordField pfConfirm, + JLabel confirm, JPasswordField pfPwd, int minLength, AbstractButton ary[]) { + super(model, pfConfirm, confirm, pfPwd, minLength); + this.ary = ary; + } + + public int validate (){ + JTextField tf = (JTextField) getView (0); + + /* disabled field is always valid */ + if (!tf.isEnabled ()) + return 0; + + // skip check if any of these buttons are + // selected + for (int ii = 0; ii < ary.length; ++ii) { + if (ary[ii].isSelected()) { + return 0; + } + } + + return super.validate(); + } + } + + private IDSModel _model = null; private LDAPEntry _chEntry = null; private String _dnEntry; @@ -727,32 +940,40 @@ private JLabel _lcommentUsrLabel; private JLabel _lcommentUsr; private JLabel _lcommentAciLabel; - private JLabel _lcommentAci; private JTextArea _tfaCommentAci; - - private boolean _isPasswdExist; - private boolean _isBindDNExist; - private boolean _isPasswdValid = true; - private boolean _isBindDNValid = true; - private boolean _isPasswdDirty = false; - private boolean _isBindDNDirty = false; - private boolean _isURLValid = true; - private boolean _isURLDirty = false; + private JLabel _lConnType; + private JRadioButton _noEncrypt, _sslEncrypt, _tlsEncrypt; + private JLabel _authMechLabel; + private JRadioButton _simpleAuth, _sslAuth, _gssapiAuth, _digestAuth; private DSEntrySet entries; + private DSEntryBoolean _ldapDSEntry; + private DSEntryBoolean _sslDSEntry; + private DSEntryBoolean _tlsDSEntry; + private DSEntryBoolean _sslAuthDSEntry = null; + private DSEntryBoolean _simpAuthDSEntry = null; + private DSEntryBoolean _gssapiAuthDSEntry = null; + private DSEntryBoolean _digestAuthDSEntry = null; private String entrybind; private String entrypwd; private String entryurl; + private String bindMech; + private String useStartTLS; private static final String _section = "chaining-instance-auth"; + private static final String _comsection = "newchaining"; private static final String NSMULTIPLEXORBINDDN_ATTR = "nsmultiplexorbinddn"; private static final String NSMULTIPLEXORCREDENTIALS_ATTR = "nsmultiplexorcredentials" ; private static final String NSFARMSERVERURL_ATTR = "nsfarmserverurl"; + private static final String NSUSESTARTTLS_ATTR = + "nsusestarttls"; + private static final String NSBINDMECHANISM_ATTR = + "nsbindmechanism"; private static final String SUFFIX_ATTR_NAM= "nsslapd-suffix"; private static final String SUFFIX_ATTR_NULL=""; Index: DSEntry.java =================================================================== RCS file: /cvs/dirsec/directoryconsole/src/com/netscape/admin/dirserv/panel/DSEntry.java,v retrieving revision 1.1.1.1 retrieving revision 1.2 diff -u -r1.1.1.1 -r1.2 --- DSEntry.java 18 Jul 2005 00:55:54 -0000 1.1.1.1 +++ DSEntry.java 2 Dec 2008 15:27:37 -0000 1.2 @@ -408,6 +408,19 @@ } /** + * This function can be called from a panel Reset button, to revert + * the model back to the original model. After calling this, the + * panel should show() to change the UI components back to their + * original states + */ + + public void revert () { + dirty = false; + _model=null; + _model = (Vector)_origModel.clone(); + } + + /** * This method updates the view to reflect the contents of the * local model. This must be defined for the particular model/view combo * Index: NewChainingInstancePanel.java =================================================================== RCS file: /cvs/dirsec/directoryconsole/src/com/netscape/admin/dirserv/panel/NewChainingInstancePanel.java,v retrieving revision 1.1.1.1 retrieving revision 1.2 diff -u -r1.1.1.1 -r1.2 --- NewChainingInstancePanel.java 18 Jul 2005 00:56:01 -0000 1.1.1.1 +++ NewChainingInstancePanel.java 2 Dec 2008 15:27:37 -0000 1.2 @@ -121,6 +121,15 @@ _instanceNameText.setText( "New Chaining" ); HostPanel.add( _instanceNameText, HLgbc ); + _authMechLabel = makeJLabel( _section, "authmech" ); + HLgbc.gridy++; + HLgbc.gridx = 0; + HLgbc.gridwidth = 1; + HLgbc.fill = HLgbc.NONE; + HLgbc.weightx = 0; + HLgbc.anchor = HLgbc.EAST; + HostPanel.add( _authMechLabel, HLgbc ); + _bindDNLabel = makeJLabel( _section, "bind-DN" ); HLgbc.gridy++; HLgbc.gridx = 0; @@ -1074,7 +1083,7 @@ } private JTextField _instanceNameText; - private JLabel _instanceNameLabel; + private JLabel _instanceNameLabel, _authMechLabel; private JTextField _mappingNameText; private JLabel _mappingNameLabel; private JTextField _NewNodeText; Index: NewChainingPanel.java =================================================================== RCS file: /cvs/dirsec/directoryconsole/src/com/netscape/admin/dirserv/panel/NewChainingPanel.java,v retrieving revision 1.1.1.1 retrieving revision 1.2 diff -u -r1.1.1.1 -r1.2 --- NewChainingPanel.java 18 Jul 2005 00:56:01 -0000 1.1.1.1 +++ NewChainingPanel.java 2 Dec 2008 15:27:37 -0000 1.2 @@ -26,13 +26,14 @@ import javax.swing.border.*; import javax.swing.event.*; import javax.swing.text.*; -import netscape.ldap.LDAPUrl; import netscape.ldap.*; import netscape.ldap.util.*; import com.netscape.management.client.util.*; import com.netscape.admin.dirserv.*; import com.netscape.admin.dirserv.task.ListDB; import com.netscape.admin.dirserv.panel.MappingUtils; +import com.netscape.admin.dirserv.panel.replication.ReplicationTool; + import netscape.ldap.*; import netscape.ldap.util.*; import com.netscape.management.nmclf.SuiConstants; @@ -141,7 +142,62 @@ _instanceNameText.setColumns( 10 ); HostPanel.add( _instanceNameText, HLgbc ); - _bindDNLabel = makeJLabel( _section, "bind-DN" ); + _authMechLabel = makeJLabel( _section, "authmech" ); + HLgbc.gridy++; + HLgbc.gridx = 0; + HLgbc.gridwidth = 1; + HLgbc.fill = HLgbc.NONE; + HLgbc.weightx = 0; + HLgbc.anchor = HLgbc.EAST; + HostPanel.add( _authMechLabel, HLgbc ); + + //ssl auth radio button + ButtonGroup authGroup = new ButtonGroup(); + _sslAuth = makeJRadioButton( _section, "authmech-sslcert" ); + _sslAuth.addActionListener(this); + _sslAuth.setEnabled(false); // because default is plain ldap + authGroup.add(_sslAuth); + HLgbc.gridx = 1; + HLgbc.fill = HLgbc.HORIZONTAL; + HLgbc.gridwidth = HLgbc.REMAINDER; + HLgbc.weightx = 1; + HostPanel.add( _sslAuth, HLgbc ); + + //gssapi auth radio button + _gssapiAuth = makeJRadioButton( _section, "authmech-gssapi" ); + _gssapiAuth.addActionListener(this); + authGroup.add(_gssapiAuth); + HLgbc.gridy++; + HLgbc.gridx = 1; + HLgbc.fill = HLgbc.HORIZONTAL; + HLgbc.gridwidth = HLgbc.REMAINDER; + HLgbc.weightx = 1; + HostPanel.add( _gssapiAuth, HLgbc ); + + //digest auth radio button + _digestAuth = makeJRadioButton( _section, "authmech-digest" ); + _digestAuth.addActionListener(this); + authGroup.add(_digestAuth); + HLgbc.gridy++; + HLgbc.gridx = 1; + HLgbc.fill = HLgbc.HORIZONTAL; + HLgbc.gridwidth = HLgbc.REMAINDER; + HLgbc.weightx = 1; + HostPanel.add( _digestAuth, HLgbc ); + + //simple auth radio button + _simpleAuth = makeJRadioButton( _section, "authmech-simple" ); + _simpleAuth.setSelected(true); // default auth mech + _simpleAuth.addActionListener(this); + authGroup.add(_simpleAuth); + HLgbc.gridy++; + HLgbc.gridx = 1; + HLgbc.fill = HLgbc.HORIZONTAL; + HLgbc.gridwidth = HLgbc.REMAINDER; + HLgbc.weightx = 1; + HostPanel.add( _simpleAuth, HLgbc ); + + _bindDNLabel = makeJLabel( _section, "bind-DN" ); HLgbc.gridy++; HLgbc.gridx = 0; HLgbc.gridwidth = 1; @@ -157,8 +213,7 @@ HLgbc.gridwidth = HLgbc.REMAINDER; HLgbc.weightx = 1; HostPanel.add( _bindDNText, HLgbc ); - - + _bindPasswdLabel = makeJLabel( _section, "bind-Passwd" ); HLgbc.gridy++; HLgbc.gridx = 0; @@ -175,51 +230,7 @@ HLgbc.gridwidth = 1; HLgbc.weightx = 1; HostPanel.add( _bindPasswdText, HLgbc ); - /* - _cbUrlLdapSecureMode = makeJCheckBox( _section, "ldap-url-secu" ); - HLgbc.gridy++; - HLgbc.gridx = 0; - HLgbc.anchor = HLgbc.WEST; - HLgbc.fill = HLgbc.NONE; - HLgbc.gridwidth = HLgbc.REMAINDER; - HLgbc.weightx = 0; - _cbUrlLdapSecureMode.setSelected( false ); - HostPanel.add( _cbUrlLdapSecureMode, HLgbc ); - - _urlLdapHostLabel = makeJLabel( _section, "ldap-url-host" ); - HLgbc.gridy++; - HLgbc.gridx = 0; - HLgbc.gridwidth = 1; - HLgbc.fill = HLgbc.NONE; - HLgbc.anchor = HLgbc.EAST; - HLgbc.weightx = 0; - HostPanel.add( _urlLdapHostLabel, HLgbc ); - - _urlLdapHostText = makeJTextField( _section, "ldap-url-host" ); - HLgbc.fill = HLgbc.HORIZONTAL; - HLgbc.gridx = 1; - HLgbc.gridwidth = 1; - HLgbc.weightx = 1; - _urlLdapHostText.setColumns( 12 ); - HostPanel.add( _urlLdapHostText, HLgbc ); - - _urlLdapPortLabel = makeJLabel( _section, "ldap-url-port" ); - HLgbc.gridx = 2; - HLgbc.gridwidth = 1; - HLgbc.fill = HLgbc.NONE; - HLgbc.anchor = HLgbc.EAST; - HLgbc.weightx = 0; - HostPanel.add( _urlLdapPortLabel, HLgbc ); - - _urlLdapPortText = makeJTextField( _section, "ldap-url-port" ); - HLgbc.fill = HLgbc.HORIZONTAL; - HLgbc.gridx = 3; - HLgbc.gridwidth = 1; - HLgbc.weightx = 0; // doesn't need to extend when screen is resized - _urlLdapPortText.setColumns( 5 ); - _urlLdapPortText.setText( _sDefaultPort ); - HostPanel.add( _urlLdapPortText, HLgbc ); - */ + createRemoteServers( HostPanel, HLgbc ); createURLArea( HostPanel, HLgbc ); @@ -329,16 +340,40 @@ AlternatePanel.setLayout(HLbag); - // - _cbUrlLdapSecureMode = makeJCheckBox( _section, "ldap-url-secu" ); + ButtonGroup connGroup = new ButtonGroup(); + _noEncrypt = makeJRadioButton( _section, "url-ldap" ); + _noEncrypt.setSelected(true); // default is on + _noEncrypt.addActionListener(this); + connGroup.add(_noEncrypt); HLgbc.gridy++; HLgbc.gridx = 0; HLgbc.anchor = HLgbc.WEST; HLgbc.fill = HLgbc.NONE; HLgbc.gridwidth = HLgbc.REMAINDER; HLgbc.weightx = 0; - _cbUrlLdapSecureMode.setSelected( false ); - AlternatePanel.add( _cbUrlLdapSecureMode, HLgbc ); + AlternatePanel.add( _noEncrypt, HLgbc ); + + _sslEncrypt = makeJRadioButton( _section, "url-ldaps" ); + _sslEncrypt.addActionListener(this); + connGroup.add(_sslEncrypt); + HLgbc.gridy++; + HLgbc.gridx = 0; + HLgbc.anchor = HLgbc.WEST; + HLgbc.fill = HLgbc.NONE; + HLgbc.gridwidth = HLgbc.REMAINDER; + HLgbc.weightx = 0; + AlternatePanel.add( _sslEncrypt, HLgbc ); + + _tlsEncrypt = makeJRadioButton( _section, "url-starttls" ); + _tlsEncrypt.addActionListener(this); + connGroup.add(_tlsEncrypt); + HLgbc.gridy++; + HLgbc.gridx = 0; + HLgbc.anchor = HLgbc.WEST; + HLgbc.fill = HLgbc.NONE; + HLgbc.gridwidth = HLgbc.REMAINDER; + HLgbc.weightx = 0; + AlternatePanel.add( _tlsEncrypt, HLgbc ); _urlLdapHostLabel = makeJLabel( _section, "ldap-url-host" ); HLgbc.gridy++; @@ -509,7 +544,20 @@ return; } // getChainingLoc - + private boolean checkConnAndAuth() { + boolean ret = true; + if (_simpleAuth.isSelected() || _digestAuth.isSelected()) { + // dn & pwd required + ret = ( _bindDNText.getText() != null ) && + ( _bindDNText.getText().trim().length() > 0 ) && + DN.isDN(_bindDNText.getText()) && + ( _bindPasswdText.getText() != null ) && + ( _bindPasswdText.getText().trim().length() > 0 ); + + } + + return ret; + } /** * Enable/disable OK button @@ -531,36 +579,81 @@ boolean ok = ( (chname != null) && (chname.length() > 0) && (DSUtil.isValidBckName (chname)) && - _isBindDNValid && + checkConnAndAuth() && (chserver != null) && (chserver.length() > 0)); setOkay( ok ); } + private void enableSimpleAuth (boolean enable){ + _bindDNLabel.setEnabled(enable); + _bindDNText.setEnabled(enable); + _bindPasswdLabel.setEnabled(enable); + _bindPasswdText.setEnabled(enable); + _bindPasswdText.setBackground(_bindDNText.getBackground()); + } + /** * handle incoming event * * @param e event */ public void actionPerformed(ActionEvent e) { - if (e.getSource().equals( _cbUrlLdapSecureMode )) { - if ( _cbUrlLdapSecureMode.isSelected() ) { - _sDefaultPort = DEFAULT_LDAPS_PORT; - } else { - _sDefaultPort = DEFAULT_LDAP_PORT; - } - if ( ! _bHostModified ) { - _urlLdapPortText.setText( _sDefaultPort ); + if (e.getSource().equals(_sslAuth) && _sslAuth.isSelected()) { + //disable + enableSimpleAuth (false); + } + if (e.getSource().equals(_gssapiAuth) && _gssapiAuth.isSelected()) { + // enable + enableSimpleAuth (true); + } + if (e.getSource().equals(_simpleAuth) && _simpleAuth.isSelected()) { + //enable + enableSimpleAuth (true); + } + if (e.getSource().equals(_digestAuth) && _digestAuth.isSelected()) { + //enable + enableSimpleAuth (true); + } + if (e.getSource().equals(_noEncrypt) && _noEncrypt.isSelected()) { + /* set to use non-SSL port LDAP */ + _sDefaultPort = DEFAULT_LDAP_PORT; + //disable + _sslAuth.setEnabled(false); + if (_sslAuth.isSelected()) { + // have to select something else + _simpleAuth.setSelected(true); } - if ( ! _bAlterModified ) { - _urlAltPortText.setText( _sDefaultPort ); + enableSimpleAuth(true); + _gssapiAuth.setEnabled(true); + _digestAuth.setEnabled(true); + } + boolean ssl_selected = false; + if (e.getSource().equals(_sslEncrypt) && _sslEncrypt.isSelected()) { + /* set to use SSL port */ + _sDefaultPort = DEFAULT_LDAPS_PORT; + ssl_selected = true; + } + if (e.getSource().equals(_tlsEncrypt) && _tlsEncrypt.isSelected()) { + /* set to use non-SSL port for startTLS */ + _sDefaultPort = DEFAULT_LDAP_PORT; + ssl_selected = true; + } + if (ssl_selected) { + _sslAuth.setEnabled(true); + _gssapiAuth.setEnabled(false); + if (_gssapiAuth.isSelected()) { + // have to select something else + _simpleAuth.setSelected(true); + enableSimpleAuth(true); } - } else if (e.getSource().equals( _bAddAlternateServer )) { + } + if (e.getSource().equals( _bAddAlternateServer )) { StringBuffer nalt = new StringBuffer(); nalt.append( _urlAltHostText.getText() ); if (( _urlAltPortText.getText() != null ) && - ( _urlAltPortText.getText().trim().length() > 0)) { + ( _urlAltPortText.getText().trim().length() > 0)) { nalt.append( ":" ); nalt.append( _urlAltPortText.getText().trim() ); } @@ -585,7 +678,7 @@ private String getUrlVal() { StringBuffer nurl = new StringBuffer(); - if ( _cbUrlLdapSecureMode.isSelected() ) { + if ( _sslEncrypt.isSelected() ) { nurl.append( "ldaps://"); } else { nurl.append( "ldap://"); @@ -672,6 +765,25 @@ } + String mech = null; + if (_sslAuth.isSelected()) { + mech = "EXTERNAL"; + } + if (_gssapiAuth.isSelected()) { + mech = "GSSAPI"; + } + if (_digestAuth.isSelected()) { + mech = "DIGEST-MD5"; + } + if (mech != null) { + attrs.add( new LDAPAttribute ( "nsBindMechanism", + mech )); + } + if (_tlsEncrypt.isSelected()) { + attrs.add( new LDAPAttribute ( "nsUseStartTLS", + "on" )); + } + String ldapurl = getUrlVal(); if(( ldapurl != null ) && ( ldapurl.trim().length() > 0)) { @@ -859,7 +971,9 @@ if( e.getDocument() == _bindDNText.getDocument() ) { if(( _bindDNText.getText() != null) && ( _bindDNText.getText().trim().length() > 0 )){ - if ( DN.isDN ( _bindDNText.getText() )) { + // depends on auth type + boolean required = _simpleAuth.isSelected() || _digestAuth.isSelected(); + if ( !required || DN.isDN ( _bindDNText.getText() )) { setChangeState( _bindDNLabel, CHANGE_STATE_UNMODIFIED ); _isBindDNValid = true; } else { @@ -966,7 +1080,6 @@ private String _PluginLoc = ""; - private JCheckBox _cbUrlLdapSecureMode; private JTextField _urlLdapHostText; private JLabel _urlLdapHostLabel; private JTextField _urlLdapPortText; @@ -977,10 +1090,13 @@ private JTextField _urlAltPortText; private JLabel _urlAltPortLabel; + private JLabel _authMechLabel; + private JRadioButton _sslAuth, _gssapiAuth, _digestAuth, _simpleAuth; private JLabel _bindDNLabel; private JTextField _bindDNText; private JLabel _bindPasswdLabel; private JTextField _bindPasswdText; + private JRadioButton _noEncrypt, _sslEncrypt, _tlsEncrypt; private JComboBox _comboNewNodeMapping; private JLabel _comboNewNodeLabel; From rmeggins at fedoraproject.org Tue Dec 2 15:29:32 2008 From: rmeggins at fedoraproject.org (Richard Allen Megginson) Date: Tue, 2 Dec 2008 15:29:32 +0000 (UTC) Subject: [Fedora-directory-commits] ldapserver/ldap/servers/plugins/chainingdb cb.h, 1.6, 1.7 cb_conn_stateless.c, 1.9, 1.10 cb_instance.c, 1.12, 1.13 Message-ID: <20081202152932.A480A70141@cvs1.fedora.phx.redhat.com> Author: rmeggins Update of /cvs/dirsec/ldapserver/ldap/servers/plugins/chainingdb In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv1168/ldapserver/ldap/servers/plugins/chainingdb Modified Files: cb.h cb_conn_stateless.c cb_instance.c Log Message: Resolves: bug 469261 Bug Description: Support server-to-server SASL - console chaining, server cleanup Reviewed by: nkinder (Thanks!) Fix Description: There are two sets of diffs here. The first set adds tls, gssapi, and digest to the chaining database (aka database link) panels in the console. I had to add support for revert to some of the code to make the Reset button work without having to retrieve the values from the server each time. We already store the original values locally in the _origModel - I added code to allow the use of that in the Reset button. The second set of diffs is for the server. 1) I had to add support for "SIMPLE" for bindMechanism - this translates to LDAP_SASL_SIMPLE for the actual mechanism. This value is NULL, so I had to add handling for NULL values in the cb config code (slapi_ch_* work fine with NULL values). 2) Added some more debugging/tracing code 3) The server to server SSL code would only work if the server were configured to be an SSL server. But for the server to be an SSL client, it only needs NSS initialized and to have the CA cert. It also needs to configured some of the SSL settings and install the correct policy. I changed the server code to do this. Platforms tested: RHEL5 Flag Day: no Doc impact: Yes Index: cb.h =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/plugins/chainingdb/cb.h,v retrieving revision 1.6 retrieving revision 1.7 diff -u -r1.6 -r1.7 --- cb.h 5 Nov 2008 18:21:05 -0000 1.6 +++ cb.h 2 Dec 2008 15:29:30 -0000 1.7 @@ -168,6 +168,8 @@ #define CB_DEF_STARTTLS "off" /* CB_CONFIG_STARTTLS */ #define CB_DEF_BINDMECH LDAP_SASL_SIMPLE /* CB_CONFIG_BINDMECH */ +#define CB_SIMPLE_BINDMECH "SIMPLE" /* will be translated to LDAP_SASL_SIMPLE */ + typedef void *cb_config_get_fn_t(void *arg); typedef int cb_config_set_fn_t(void *arg, void *value, char *errorbuf, int phase, int apply); typedef struct _cb_instance_config_info { Index: cb_conn_stateless.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/plugins/chainingdb/cb_conn_stateless.c,v retrieving revision 1.9 retrieving revision 1.10 diff -u -r1.9 -r1.10 --- cb_conn_stateless.c 5 Nov 2008 18:21:05 -0000 1.9 +++ cb_conn_stateless.c 2 Dec 2008 15:29:30 -0000 1.10 @@ -318,15 +318,6 @@ int version=LDAP_VERSION3; - /* check wether the security libraries are correctly initialized */ - if (secure && slapd_security_library_is_initialized() != 1) { - slapi_log_error( - SLAPI_LOG_FATAL, CB_PLUGIN_SUBSYSTEM, - "SSL Not Initialized, Chaining Backend over SSL FAILED\n"); - rc = LDAP_CONNECT_ERROR; - goto unlock_and_return; - } - /* * we have not exceeded the maximum number of connections allowed, * so we initialize a new one and add it to the end of our list. Index: cb_instance.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/plugins/chainingdb/cb_instance.c,v retrieving revision 1.12 retrieving revision 1.13 diff -u -r1.12 -r1.13 --- cb_instance.c 13 Nov 2008 23:08:17 -0000 1.12 +++ cb_instance.c 2 Dec 2008 15:29:30 -0000 1.13 @@ -1380,11 +1380,17 @@ ( phase != CB_CONFIG_PHASE_STARTUP )) { /* Dynamic modif */ - charray_add(&inst->pool->waste_basket,inst->pool->mech); + if (inst->pool->mech) { + charray_add(&inst->pool->waste_basket,inst->pool->mech); + } rc=CB_REOPEN_CONN; } - inst->pool->mech=slapi_ch_strdup((char *) value); + if (value && !PL_strcasecmp((char *) value, CB_SIMPLE_BINDMECH)) { + inst->pool->mech=slapi_ch_strdup(LDAP_SASL_SIMPLE); + } else { + inst->pool->mech=slapi_ch_strdup((char *) value); + } PR_RWLock_Unlock(inst->rwl_config_lock); } return rc; @@ -1513,8 +1519,12 @@ /* Remember the get function for strings returns memory * that must be freed. */ tmp_string = (char *) config->config_get_fn(arg); - PR_snprintf(buf, CB_BUFSIZE, "%s", (char *) tmp_string); - slapi_ch_free((void **)&tmp_string); + if (tmp_string) { + PR_snprintf(buf, CB_BUFSIZE, "%s", (char *) tmp_string); + slapi_ch_free_string(&tmp_string); + } else { + buf[0] = '\0'; + } break; case CB_CONFIG_TYPE_ONOFF: if ((int) ((uintptr_t)config->config_get_fn(arg))) { @@ -1606,8 +1616,11 @@ val.bv_val = buf; val.bv_len = strlen(buf); - if (val.bv_len) - slapi_entry_attr_replace(e, config->config_name, vals); + if (val.bv_len) { + slapi_entry_attr_replace(e, config->config_name, vals); + } else { + slapi_entry_attr_delete(e, config->config_name); + } } *returncode = LDAP_SUCCESS; From rmeggins at fedoraproject.org Tue Dec 2 15:29:32 2008 From: rmeggins at fedoraproject.org (Richard Allen Megginson) Date: Tue, 2 Dec 2008 15:29:32 +0000 (UTC) Subject: [Fedora-directory-commits] ldapserver/ldap/servers/plugins/replication repl5_connection.c, 1.12, 1.13 windows_connection.c, 1.21, 1.22 Message-ID: <20081202152932.C0B4F70143@cvs1.fedora.phx.redhat.com> Author: rmeggins Update of /cvs/dirsec/ldapserver/ldap/servers/plugins/replication In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv1168/ldapserver/ldap/servers/plugins/replication Modified Files: repl5_connection.c windows_connection.c Log Message: Resolves: bug 469261 Bug Description: Support server-to-server SASL - console chaining, server cleanup Reviewed by: nkinder (Thanks!) Fix Description: There are two sets of diffs here. The first set adds tls, gssapi, and digest to the chaining database (aka database link) panels in the console. I had to add support for revert to some of the code to make the Reset button work without having to retrieve the values from the server each time. We already store the original values locally in the _origModel - I added code to allow the use of that in the Reset button. The second set of diffs is for the server. 1) I had to add support for "SIMPLE" for bindMechanism - this translates to LDAP_SASL_SIMPLE for the actual mechanism. This value is NULL, so I had to add handling for NULL values in the cb config code (slapi_ch_* work fine with NULL values). 2) Added some more debugging/tracing code 3) The server to server SSL code would only work if the server were configured to be an SSL server. But for the server to be an SSL client, it only needs NSS initialized and to have the CA cert. It also needs to configured some of the SSL settings and install the correct policy. I changed the server code to do this. Platforms tested: RHEL5 Flag Day: no Doc impact: Yes Index: repl5_connection.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/plugins/replication/repl5_connection.c,v retrieving revision 1.12 retrieving revision 1.13 diff -u -r1.12 -r1.13 --- repl5_connection.c 10 Nov 2008 23:57:47 -0000 1.12 +++ repl5_connection.c 2 Dec 2008 15:29:30 -0000 1.13 @@ -949,30 +949,25 @@ /* ugaston: if SSL has been selected in the replication agreement, SSL client * initialisation should be done before ever trying to open any connection at all. */ - if ((conn->transport_flags == TRANSPORT_FLAG_TLS) || - (conn->transport_flags == TRANSPORT_FLAG_SSL)) - { + if (conn->transport_flags == TRANSPORT_FLAG_TLS) { + secure = 2; + } else if (conn->transport_flags == TRANSPORT_FLAG_SSL) { + secure = 1; + } - /** Make sure the SSL Library has been initialized before anything else **/ - if(slapd_security_library_is_initialized() != 1) - { + if (secure > 0) { + if (!NSS_IsInitialized()) { slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name, - "%s: SSL Not Initialized, Replication over SSL FAILED\n", - agmt_get_long_name(conn->agmt)); + "%s: SSL Not Initialized, Replication over SSL FAILED\n", + agmt_get_long_name(conn->agmt)); conn->last_ldap_error = LDAP_INAPPROPRIATE_AUTH; conn->last_operation = CONN_INIT; ber_bvfree(creds); creds = NULL; return CONN_SSL_NOT_ENABLED; - } else if (conn->transport_flags == TRANSPORT_FLAG_SSL) - { - secure = 1; - } else - { - secure = 2; /* 2 means starttls security */ } } - + if (return_value == CONN_OPERATION_SUCCESS) { int io_timeout_ms; /* Now we initialize the LDAP Structure and set options */ Index: windows_connection.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/plugins/replication/windows_connection.c,v retrieving revision 1.21 retrieving revision 1.22 diff -u -r1.21 -r1.22 --- windows_connection.c 10 Nov 2008 23:57:47 -0000 1.21 +++ windows_connection.c 2 Dec 2008 15:29:30 -0000 1.22 @@ -1193,30 +1193,25 @@ /* ugaston: if SSL has been selected in the replication agreement, SSL client * initialisation should be done before ever trying to open any connection at all. */ - if ((conn->transport_flags == TRANSPORT_FLAG_TLS) || - (conn->transport_flags == TRANSPORT_FLAG_SSL)) - { - - /** Make sure the SSL Library has been initialized before anything else **/ - if(slapd_security_library_is_initialized() != 1) - { + if (conn->transport_flags == TRANSPORT_FLAG_TLS) { + secure = 2; + } else if (conn->transport_flags == TRANSPORT_FLAG_SSL) { + secure = 1; + } + + if (secure > 0) { + if (!NSS_IsInitialized()) { slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name, - "%s: SSL Not Initialized, Replication over SSL FAILED\n", - agmt_get_long_name(conn->agmt)); + "%s: SSL Not Initialized, Replication over SSL FAILED\n", + agmt_get_long_name(conn->agmt)); conn->last_ldap_error = LDAP_INAPPROPRIATE_AUTH; conn->last_operation = CONN_INIT; ber_bvfree(creds); creds = NULL; return CONN_SSL_NOT_ENABLED; - } else if (conn->transport_flags == TRANSPORT_FLAG_SSL) - { - secure = 1; - } else - { - secure = 2; /* 2 means starttls security */ } } - + if (return_value == CONN_OPERATION_SUCCESS) { int io_timeout_ms; /* Now we initialize the LDAP Structure and set options */ From rmeggins at fedoraproject.org Tue Dec 2 15:29:33 2008 From: rmeggins at fedoraproject.org (Richard Allen Megginson) Date: Tue, 2 Dec 2008 15:29:33 +0000 (UTC) Subject: [Fedora-directory-commits] ldapserver/ldap/servers/slapd globals.c, 1.9, 1.10 libglobs.c, 1.32, 1.33 proto-slap.h, 1.43, 1.44 sasl_map.c, 1.11, 1.12 slap.h, 1.41, 1.42 slapi-private.h, 1.30, 1.31 ssl.c, 1.19, 1.20 util.c, 1.19, 1.20 Message-ID: <20081202152933.5B09670141@cvs1.fedora.phx.redhat.com> Author: rmeggins Update of /cvs/dirsec/ldapserver/ldap/servers/slapd In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv1168/ldapserver/ldap/servers/slapd Modified Files: globals.c libglobs.c proto-slap.h sasl_map.c slap.h slapi-private.h ssl.c util.c Log Message: Resolves: bug 469261 Bug Description: Support server-to-server SASL - console chaining, server cleanup Reviewed by: nkinder (Thanks!) Fix Description: There are two sets of diffs here. The first set adds tls, gssapi, and digest to the chaining database (aka database link) panels in the console. I had to add support for revert to some of the code to make the Reset button work without having to retrieve the values from the server each time. We already store the original values locally in the _origModel - I added code to allow the use of that in the Reset button. The second set of diffs is for the server. 1) I had to add support for "SIMPLE" for bindMechanism - this translates to LDAP_SASL_SIMPLE for the actual mechanism. This value is NULL, so I had to add handling for NULL values in the cb config code (slapi_ch_* work fine with NULL values). 2) Added some more debugging/tracing code 3) The server to server SSL code would only work if the server were configured to be an SSL server. But for the server to be an SSL client, it only needs NSS initialized and to have the CA cert. It also needs to configured some of the SSL settings and install the correct policy. I changed the server code to do this. Platforms tested: RHEL5 Flag Day: no Doc impact: Yes Index: globals.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/globals.c,v retrieving revision 1.9 retrieving revision 1.10 diff -u -r1.9 -r1.10 --- globals.c 24 Oct 2008 22:36:58 -0000 1.9 +++ globals.c 2 Dec 2008 15:29:30 -0000 1.10 @@ -165,7 +165,6 @@ sep->sep_ps_wakeup_all = (caddr_t)ps_wakeup_all; sep->sep_ps_service = (caddr_t)ps_service_persistent_searches; sep->sep_disconnect_server = (caddr_t)disconnect_server; - sep->sep_slapd_SSL_client_init = (caddr_t)slapd_SSL_client_init; sep->sep_slapd_ssl_init = (caddr_t)slapd_ssl_init; sep->sep_slapd_ssl_init2 = (caddr_t)slapd_ssl_init2; set_dll_entry_points( sep ); Index: libglobs.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/libglobs.c,v retrieving revision 1.32 retrieving revision 1.33 diff -u -r1.32 -r1.33 --- libglobs.c 26 Nov 2008 17:32:21 -0000 1.32 +++ libglobs.c 2 Dec 2008 15:29:30 -0000 1.33 @@ -1036,9 +1036,6 @@ case ENTRY_POINT_DISCONNECT_SERVER: *ep_addr = sep->sep_disconnect_server; break; - case ENTRY_POINT_SLAPD_SSL_CLIENT_INIT: - *ep_addr = sep->sep_slapd_SSL_client_init; - break; case ENTRY_POINT_SLAPD_SSL_INIT: *ep_addr = sep->sep_slapd_ssl_init; break; Index: proto-slap.h =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/proto-slap.h,v retrieving revision 1.43 retrieving revision 1.44 diff -u -r1.43 -r1.44 --- proto-slap.h 25 Nov 2008 19:20:27 -0000 1.43 +++ proto-slap.h 2 Dec 2008 15:29:30 -0000 1.44 @@ -899,9 +899,6 @@ /* * ssl.c */ -int slapd_SSL_client_init(); -int slapd_SSL_client_bind_s( LDAP* ld, char* DN, char* pw, int use_SSL, int LDAPv); -int slapd_sasl_ext_client_bind( LDAP* ld, int **msgid); int slapd_nss_init(int init_ssl, int config_available); int slapd_ssl_init(); int slapd_ssl_init2(PRFileDesc **fd, int startTLS); Index: sasl_map.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/sasl_map.c,v retrieving revision 1.11 retrieving revision 1.12 diff -u -r1.11 -r1.12 --- sasl_map.c 6 Nov 2008 00:34:19 -0000 1.11 +++ sasl_map.c 2 Dec 2008 15:29:30 -0000 1.12 @@ -320,6 +320,7 @@ sasl_map_data *dp = NULL; for (map_entry = map_entry_list; *map_entry && !ret; map_entry++) { + LDAPDebug( LDAP_DEBUG_CONFIG, "sasl_map_read_config_startup - proceesing [%s]\n", *map_entry, 0, 0 ); getConfigEntry( *map_entry, &entry ); if ( entry == NULL ) { continue; @@ -331,6 +332,8 @@ ret = sasl_map_insert_list_entry(priv,dp); if (ret) { LDAPDebug( LDAP_DEBUG_ANY, "sasl_map_read_config_startup failed to insert entry\n", 0, 0, 0 ); + } else { + LDAPDebug( LDAP_DEBUG_CONFIG, "sasl_map_read_config_startup - processed [%s]\n", *map_entry, 0, 0 ); } } freeConfigEntry( &entry ); @@ -513,6 +516,7 @@ while (this_map) { int matched = 0; /* If one matches, then make the search params */ + LDAPDebug( LDAP_DEBUG_TRACE, "sasl_map_domap - trying map [%s]\n", this_map->name, 0, 0 ); matched = sasl_map_check(this_map, sasl_user_and_realm, ldap_search_base, ldap_search_filter); if (1 == matched) { ret = 1; Index: slap.h =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/slap.h,v retrieving revision 1.41 retrieving revision 1.42 diff -u -r1.41 -r1.42 --- slap.h 26 Nov 2008 17:32:21 -0000 1.41 +++ slap.h 2 Dec 2008 15:29:30 -0000 1.42 @@ -1601,7 +1601,6 @@ typedef void (*ps_service_fn_ptr)(Slapi_Entry *, Slapi_Entry *, int, int ); typedef char *(*get_config_dn_fn_ptr)(); typedef void (*get_disconnect_server_fn_ptr)(Connection *conn, PRUint64 opconnid, int opid, PRErrorCode reason, PRInt32 error ); -typedef int (*slapd_SSL_client_init_fn_ptr)( void ); typedef int (*modify_config_dse_fn_ptr)( Slapi_PBlock *pb ); typedef int (*slapd_ssl_init_fn_ptr)( void ); typedef int (*slapd_ssl_init_fn_ptr2)( PRFileDesc **s, int StartTLS); @@ -1614,7 +1613,6 @@ caddr_t sep_ps_wakeup_all; caddr_t sep_ps_service; caddr_t sep_disconnect_server; - caddr_t sep_slapd_SSL_client_init; caddr_t sep_slapd_ssl_init; caddr_t sep_slapd_ssl_init2; } slapdEntryPoints; Index: slapi-private.h =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/slapi-private.h,v retrieving revision 1.30 retrieving revision 1.31 diff -u -r1.30 -r1.31 --- slapi-private.h 26 Nov 2008 22:42:12 -0000 1.30 +++ slapi-private.h 2 Dec 2008 15:29:30 -0000 1.31 @@ -1108,11 +1108,7 @@ time_t parse_genTime(char* from); /* Client SSL code */ -int slapd_SSL_client_init( void ); int slapd_security_library_is_initialized( void ); -int slapd_SSL_client_bind_s(LDAP* ld, char* DN, char* pw, int use_SSL, int LDAPv); -int slapd_sasl_ext_client_bind(LDAP* ld, int **msgid); -int slapd_Client_auth(LDAP* ld); char* slapd_get_tmp_dir( void ); /* Misc crrrrrrap */ Index: ssl.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/ssl.c,v retrieving revision 1.19 retrieving revision 1.20 diff -u -r1.19 -r1.20 --- ssl.c 4 Nov 2008 18:23:08 -0000 1.19 +++ ssl.c 2 Dec 2008 15:29:30 -0000 1.20 @@ -459,6 +459,14 @@ rv = -1; } + if(SSLPLCY_Install() != PR_SUCCESS) { + errorCode = PR_GetError(); + slapd_SSL_warn("Security Initialization: Unable to set SSL export policy (" + SLAPI_COMPONENT_NAME_NSPR " error %d - %s)", + errorCode, slapd_pr_strerror(errorCode)); + return -1; + } + /****** end of NSS Initialization ******/ slapi_ch_free_string(&certdir); @@ -622,15 +630,6 @@ } freeConfigEntry( &entry ); - if(SSLPLCY_Install() != PR_SUCCESS) { - errorCode = PR_GetError(); - slapd_SSL_warn("Security Initialization: Unable to set SSL export policy (" - SLAPI_COMPONENT_NAME_NSPR " error %d - %s)", - errorCode, slapd_pr_strerror(errorCode)); - return -1; - } - - /* ugaston- Cipher preferences must be set before any sslSocket is created * for such sockets to take preferences into account. */ @@ -1041,12 +1040,6 @@ */ int -slapd_SSL_client_init() -{ - return 0; -} - -int slapd_SSL_client_auth (LDAP* ld) { int rc = 0; @@ -1205,111 +1198,6 @@ return rc; } -int -slapd_simple_client_bind_s(LDAP* ld, char* DN, char* pw, int LDAPv) -{ - int rc; - PRErrorCode errorCode; - - ldap_set_option(ld, LDAP_OPT_PROTOCOL_VERSION, (void *) &LDAPv); - rc = ldap_simple_bind_s (ld, DN, pw); - if (rc != 0) { - errorCode = PR_GetError(); - slapd_SSL_warn("ldap_simple_bind_s(%s, %s) %i (" SLAPI_COMPONENT_NAME_NSPR " error %d - %s)", - DN, pw, rc, errorCode, slapd_pr_strerror(errorCode)); - } - LDAPDebug (LDAP_DEBUG_TRACE, "slapd_simple_client_bind_s(%s, %i) %i\n", DN, LDAPv, rc); - return rc; -} - -int -slapd_SSL_client_bind_s (LDAP* ld, char* DN, char* pw, int use_SSL, int LDAPv) -{ - int rc; - struct berval noCred = {0, 0}; - - if (!use_SSL || LDAPv == LDAP_VERSION2) { - rc = slapd_simple_client_bind_s(ld, DN, pw, LDAPv); - } else { - - LDAPDebug ( - LDAP_DEBUG_TRACE, - "slapd_SSL_client_bind_s: Trying SSL Client Authentication\n", - 0, 0, 0); - - rc = slapd_SSL_client_auth(ld); - - if(rc != 0) - { - LDAPDebug ( - LDAP_DEBUG_TRACE, - "slapd_SSL_client_bind_s: SSL Client Auth Failed during replication Bind\n", - 0, 0, 0); - return rc; - } - - rc = ldap_sasl_bind_s (ld, "", LDAP_SASL_EXTERNAL, &noCred, - NULL /* LDAPControl **serverctrls */, - NULL /* LDAPControl **clientctrls */, - NULL /* struct berval **servercredp */); - - } - LDAPDebug ( - LDAP_DEBUG_TRACE, - "slapd_SSL_client_bind_s(%i,%i) %i\n", use_SSL, LDAPv, rc); - return rc; -} - -int -slapd_sasl_ext_client_bind (LDAP* ld, int **msgid) -{ - int rc; - PRErrorCode errorCode; - struct berval noCred = {0, 0}; - - LDAPDebug ( - LDAP_DEBUG_TRACE, - "slapd_sasl_ext_client_bind: Trying SSL Client Authentication\n", - 0, 0, 0); - - rc = slapd_SSL_client_auth(ld); - if(rc != 0) - { - LDAPDebug ( - LDAP_DEBUG_TRACE, - "slapd_sasl_ext_client_bind: SSL Client Auth Failed during replication Bind\n", - 0, 0, 0); - return rc; - } - - rc = ldap_sasl_bind (ld, "", LDAP_SASL_EXTERNAL, &noCred, - NULL, - NULL, - *msgid); - if (rc != 0) { - errorCode = PR_GetError(); - slapd_SSL_warn("ldap_sasl_bind(\"\",LDAP_SASL_EXTERNAL) %i (" SLAPI_COMPONENT_NAME_NSPR " error %d - %s)", - rc, errorCode, slapd_pr_strerror(errorCode)); - } - - LDAPDebug ( - LDAP_DEBUG_TRACE, - "slapd_sasl_ext_client_bind %i\n", rc, 0, 0); - - return rc; -} - - -int slapd_Client_auth(LDAP* ld) -{ - int rc=0; - - rc = slapd_SSL_client_auth (ld); - - return rc; -} - - /* Function for keeping track of the SSL initialization status: * - returns 1: when slapd_ssl_init has been executed */ Index: util.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/util.c,v retrieving revision 1.19 retrieving revision 1.20 diff -u -r1.19 -r1.20 --- util.c 12 Nov 2008 17:42:37 -0000 1.19 +++ util.c 2 Dec 2008 15:29:31 -0000 1.20 @@ -961,6 +961,7 @@ */ if (secure > 0) { int ssl_strength = 0; + LDAP *myld = NULL; if (config_get_ssl_check_hostname()) { /* check hostname against name in certificate */ @@ -970,24 +971,23 @@ ssl_strength = LDAPSSL_AUTH_CERT; } - /* Can only use ldapssl_set_strength on and LDAP* already - initialized for SSL - this is not the case when using - startTLS, so we use NULL to set the default for all - new connections */ + /* we can only use the set functions below with a real + LDAP* if it has already gone through ldapssl_init - + so, use NULL if using starttls */ if (secure == 1) { - rc = ldapssl_set_strength(ld, ssl_strength); - } else { - rc = ldapssl_set_strength(NULL, ssl_strength); + myld = ld; } - if (rc != 0) { + if ((rc = ldapssl_set_strength(myld, ssl_strength)) || + (rc = ldapssl_set_option(myld, SSL_ENABLE_SSL2, PR_FALSE)) || + (rc = ldapssl_set_option(myld, SSL_ENABLE_SSL3, PR_TRUE)) || + (rc = ldapssl_set_option(myld, SSL_ENABLE_TLS, PR_TRUE))) { int prerr = PR_GetError(); slapi_log_error(SLAPI_LOG_FATAL, "slapi_ldap_init_ext", - "failed: unable to set SSL strength to %d (" + "failed: unable to set SSL options (" SLAPI_COMPONENT_NAME_NSPR " error %d - %s)", - ssl_strength, prerr, - slapd_pr_strerror(prerr)); + prerr, slapd_pr_strerror(prerr)); } if (secure == 1) { @@ -1023,6 +1023,11 @@ ldap_controls_free(clientctrls); /* free the copy */ } + slapi_log_error(SLAPI_LOG_SHELL, "slapi_ldap_init_ext", + "Success: set up conn to [%s:%d]%s\n", + hostname, port, + (secure == 2) ? " using startTLS" : + ((secure == 1) ? " using SSL" : "")); done: ldap_free_urldesc(ludp); @@ -1092,7 +1097,10 @@ "auth - error %d - make sure the server is " "correctly configured for SSL/TLS\n", rc); goto done; - } + } else { + slapi_log_error(SLAPI_LOG_SHELL, "slapi_ldap_bind", + "Set up conn to use client auth\n"); + } bvcreds.bv_val = NULL; /* ignore username and passed in creds */ bvcreds.bv_len = 0; /* for external auth */ bindid = NULL; @@ -1110,6 +1118,8 @@ rc, ldap_err2string(rc)); goto done; } + slapi_log_error(SLAPI_LOG_SHELL, "slapi_ldap_bind", + "startTLS started on connection\n"); } /* The connection has been set up - now do the actual bind, depending on @@ -1118,14 +1128,20 @@ !strcmp(mech, LDAP_SASL_EXTERNAL)) { int mymsgid = 0; + slapi_log_error(SLAPI_LOG_SHELL, "slapi_ldap_bind", + "attempting %s bind with id [%s] creds [%s]\n", + mech ? mech : "SIMPLE", + bindid, creds); if ((rc = ldap_sasl_bind(ld, bindid, mech, &bvcreds, serverctrls, NULL /* clientctrls */, &mymsgid))) { slapi_log_error(SLAPI_LOG_FATAL, "slapi_ldap_bind", "Error: could not send bind request for id " - "[%s] mech [%s]: error %d (%s)\n", + "[%s] mech [%s]: error %d (%s) %d (%s) %d (%s)\n", bindid ? bindid : "(anon)", mech ? mech : "SIMPLE", - rc, ldap_err2string(rc)); + rc, ldap_err2string(rc), + PR_GetError(), slapd_pr_strerror(PR_GetError()), + errno, slapd_system_strerror(errno)); goto done; } From nkinder at fedoraproject.org Wed Dec 3 00:03:28 2008 From: nkinder at fedoraproject.org (Nathan Kinder) Date: Wed, 3 Dec 2008 00:03:28 +0000 (UTC) Subject: [Fedora-directory-commits] ldapserver/ldap/schema 01common.ldif, 1.2, 1.3 60autofs.ldif, 1.1, 1.2 60eduperson.ldif, 1.1, 1.2 60mozilla.ldif, 1.1, 1.2 60pureftpd.ldif, 1.1, 1.2 60rfc2739.ldif, 1.1, 1.2 60rfc3712.ldif, 1.1, 1.2 60sabayon.ldif, 1.1, 1.2 60trust.ldif, 1.1, 1.2 Message-ID: <20081203000328.8052E7011F@cvs1.fedora.phx.redhat.com> Author: nkinder Update of /cvs/dirsec/ldapserver/ldap/schema In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv26645/ldap/schema Modified Files: 01common.ldif 60autofs.ldif 60eduperson.ldif 60mozilla.ldif 60pureftpd.ldif 60rfc2739.ldif 60rfc3712.ldif 60sabayon.ldif 60trust.ldif Log Message: Resolves: 474254 Summary: A number of the default attribute and objectclass definitions end up in 99user.ldif if you add any custom schema over LDAP. Index: 01common.ldif =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/schema/01common.ldif,v retrieving revision 1.2 retrieving revision 1.3 diff -u -r1.2 -r1.3 --- 01common.ldif 16 May 2007 20:07:48 -0000 1.2 +++ 01common.ldif 3 Dec 2008 00:03:25 -0000 1.3 @@ -125,7 +125,7 @@ attributeTypes: ( 1.3.6.1.4.1.1466.101.120.14 NAME 'supportedSASLMechanisms' DESC 'Standard LDAP attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 USAGE dSAOperation X-ORIGIN 'RFC 2252' ) attributeTypes: ( 1.3.6.1.4.1.1466.101.120.15 NAME 'supportedLDAPVersion' DESC 'Standard LDAP attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 USAGE dSAOperation X-ORIGIN 'RFC 2252' ) attributeTypes: ( 1.3.6.1.4.1.1466.101.120.16 NAME 'ldapSyntaxes' DESC 'Standard LDAP attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 USAGE directoryOperation X-ORIGIN 'RFC 2252' ) -attributeTypes: ( 1.3.6.1.4.1.4203.1.3.5 NAME 'supportedFeatures' DESC 'features supported by the server' EQUALITY objectIdentifierMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 USAGE dSAOperation ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.3.5 NAME 'supportedFeatures' DESC 'features supported by the server' EQUALITY objectIdentifierMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 USAGE dSAOperation X-ORIGIN 'RFC 3674') attributeTypes: ( 2.16.840.1.113730.3.1.36 NAME 'nsLicensedFor' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Administration Services' ) attributeTypes: ( 2.16.840.1.113730.3.1.37 NAME 'nsLicenseStartTime' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Administration Services' ) attributeTypes: ( 2.16.840.1.113730.3.1.38 NAME 'nsLicenseEndTime' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Administration Services' ) @@ -266,11 +266,9 @@ objectClasses: ( 2.16.840.1.113730.3.2.32 NAME 'netscapeMachineData' DESC 'Netscape defined objectclass' SUP top X-ORIGIN 'Netscape Directory Server' ) objectClasses: ( 2.16.840.1.113730.3.2.38 NAME 'vlvSearch' DESC 'Netscape defined objectclass' SUP top MUST ( cn $ vlvBase $ vlvScope $ vlvFilter ) MAY ( multiLineDescription ) X-ORIGIN 'Netscape Directory Server' ) objectClasses: ( 2.16.840.1.113730.3.2.39 NAME 'nsslapdConfig' DESC 'Netscape defined objectclass' SUP top MAY ( cn ) X-ORIGIN 'Netscape Directory Server' ) -objectClasses: ( 2.16.840.1.113730.3.2.39 NAME 'nsslapdConfig' DESC 'Netscape defined objectclass' SUP top MAY ( cn ) X-ORIGIN 'Netscape Directory Server' ) objectClasses: ( 2.16.840.1.113730.3.2.42 NAME 'vlvIndex' DESC 'Netscape defined objectclass' SUP top MUST ( cn $ vlvSort ) MAY ( vlvEnabled $ vlvUses ) X-ORIGIN 'Netscape Directory Server' ) objectClasses: ( 2.16.840.1.113730.3.2.43 NAME 'nsSNMP' DESC 'Netscape defined objectclass' SUP top MUST ( cn $ nsSNMPEnabled ) MAY ( nsSNMPOrganization $ nsSNMPLocation $ nsSNMPContact $ nsSNMPDescription $ nsSNMPName $ nsSNMPMasterHost $ nsSNMPMasterPort ) X-ORIGIN 'Netscape Directory Server' ) objectClasses: ( 2.16.840.1.113730.3.2.84 NAME 'cosDefinition' DESC 'Netscape defined objectclass' SUP top MAY ( costargettree $ costemplatedn $ cosspecifier $ cosattribute $ aci $ cn $ uid ) X-ORIGIN 'Netscape Directory Server' ) -objectClasses: ( 2.16.840.1.113719.2.142.6.1.1 NAME 'ldapSubEntry' DESC 'LDAP Subentry class, version 1' SUP top STRUCTURAL MAY ( cn ) X-ORIGIN 'LDAP Subentry Internet Draft' ) objectClasses: ( 2.16.840.1.113730.3.2.93 NAME 'nsRoleDefinition' DESC 'Netscape defined objectclass' SUP ldapSubEntry MAY ( description ) X-ORIGIN 'Netscape Directory Server' ) objectClasses: ( 2.16.840.1.113730.3.2.94 NAME 'nsSimpleRoleDefinition' DESC 'Netscape defined objectclass' SUP nsRoleDefinition X-ORIGIN 'Netscape Directory Server' ) objectClasses: ( 2.16.840.1.113730.3.2.95 NAME 'nsComplexRoleDefinition' DESC 'Netscape defined objectclass' SUP nsRoleDefinition X-ORIGIN 'Netscape Directory Server' ) Index: 60autofs.ldif =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/schema/60autofs.ldif,v retrieving revision 1.1 retrieving revision 1.2 diff -u -r1.1 -r1.2 --- 60autofs.ldif 16 Oct 2008 16:43:36 -0000 1.1 +++ 60autofs.ldif 3 Dec 2008 00:03:25 -0000 1.2 @@ -12,6 +12,7 @@ EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE + X-ORIGIN 'draft-howard-rfc2307bis' ) # ################################################################################ @@ -24,6 +25,7 @@ STRUCTURAL MUST ( cn $ automountInformation ) MAY ( description ) + X-ORIGIN 'draft-howard-rfc2307bis' ) # ################################################################################ @@ -35,6 +37,7 @@ SUP top STRUCTURAL MUST ( ou ) + X-ORIGIN 'draft-howard-rfc2307bis' ) # ################################################################################ Index: 60eduperson.ldif =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/schema/60eduperson.ldif,v retrieving revision 1.1 retrieving revision 1.2 diff -u -r1.1 -r1.2 --- 60eduperson.ldif 16 Oct 2008 16:43:36 -0000 1.1 +++ 60eduperson.ldif 3 Dec 2008 00:03:25 -0000 1.2 @@ -1,4 +1,4 @@ -# 60eduperson.ldif - See http://www.educause.edu/eduperso +# 60eduperson.ldif - See http://middleware.internet2.edu/eduperson/ ################################################################################ # dn: cn=schema @@ -10,6 +10,7 @@ NAME 'eduPersonAffiliation' DESC 'Affiliation' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'http://middleware.internet2.edu/eduperson/' ) # ################################################################################ @@ -19,6 +20,7 @@ NAME 'eduPersonNickName' DESC 'NickName' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'http://middleware.internet2.edu/eduperson/' ) # ################################################################################ @@ -29,6 +31,7 @@ DESC 'Organization DN' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE + X-ORIGIN 'http://middleware.internet2.edu/eduperson/' ) # ################################################################################ @@ -38,6 +41,7 @@ NAME 'eduPersonOrgUnitDN' DESC 'Organizational Unit DN' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 + X-ORIGIN 'http://middleware.internet2.edu/eduperson/' ) # ################################################################################ @@ -48,6 +52,7 @@ DESC 'Primary Affiliation' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE + X-ORIGIN 'http://middleware.internet2.edu/eduperson/' ) # ################################################################################ @@ -58,6 +63,7 @@ DESC 'Principal Name' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE + X-ORIGIN 'http://middleware.internet2.edu/eduperson/' ) # ################################################################################ @@ -67,6 +73,7 @@ NAME 'eduPersonEntitlement' DESC 'Entitlement' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'http://middleware.internet2.edu/eduperson/' ) # ################################################################################ @@ -76,6 +83,7 @@ NAME 'eduPersonPrimaryOrgUnitDN' DESC 'Primary Organizational Unit' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 + X-ORIGIN 'http://middleware.internet2.edu/eduperson/' ) # ################################################################################ @@ -85,6 +93,7 @@ NAME 'eduPersonScopedAffiliation' DESC 'Scoped Affiliation' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'http://middleware.internet2.edu/eduperson/' ) # ################################################################################ @@ -94,6 +103,7 @@ NAME 'eduPerson' AUXILIARY MAY ( eduPersonAffiliation $ eduPersonNickName $ eduPersonOrgDN $ eduPersonOrgUnitDN $ eduPersonPrimaryAffiliation $ eduPersonPrincipalName $ eduPersonEntitlement $eduPersonPrimaryOrgUnitDN $ eduPersonScopedAffiliation ) + X-ORIGIN 'http://middleware.internet2.edu/eduperson/' ) # ################################################################################ Index: 60mozilla.ldif =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/schema/60mozilla.ldif,v retrieving revision 1.1 retrieving revision 1.2 diff -u -r1.1 -r1.2 --- 60mozilla.ldif 16 Oct 2008 16:43:36 -0000 1.1 +++ 60mozilla.ldif 3 Dec 2008 00:03:25 -0000 1.2 @@ -29,6 +29,7 @@ SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} SINGLE-VALUE + X-ORIGIN 'Mozilla Address Book' ) # ################################################################################ @@ -40,6 +41,7 @@ SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} SINGLE-VALUE + X-ORIGIN 'Mozilla Address Book' ) # ################################################################################ @@ -51,6 +53,7 @@ SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} SINGLE-VALUE + X-ORIGIN 'Mozilla Address Book' ) # ################################################################################ @@ -62,6 +65,7 @@ SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} SINGLE-VALUE + X-ORIGIN 'Mozilla Address Book' ) # ################################################################################ @@ -73,6 +77,7 @@ SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} SINGLE-VALUE + X-ORIGIN 'Mozilla Address Book' ) # ################################################################################ @@ -84,6 +89,7 @@ SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} SINGLE-VALUE + X-ORIGIN 'Mozilla Address Book' ) # ################################################################################ @@ -93,6 +99,7 @@ NAME 'mozillaHomeLocalityName' SUP name SINGLE-VALUE + X-ORIGIN 'Mozilla Address Book' ) # ################################################################################ @@ -102,6 +109,7 @@ NAME 'mozillaHomeState' SUP name SINGLE-VALUE + X-ORIGIN 'Mozilla Address Book' ) # ################################################################################ @@ -113,6 +121,7 @@ SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{40} SINGLE-VALUE + X-ORIGIN 'Mozilla Address Book' ) # ################################################################################ @@ -122,6 +131,7 @@ NAME 'mozillaHomeCountryName' SUP name SINGLE-VALUE + X-ORIGIN 'Mozilla Address Book' ) # ################################################################################ @@ -132,6 +142,7 @@ EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} SINGLE-VALUE + X-ORIGIN 'Mozilla Address Book' ) # ################################################################################ @@ -143,6 +154,7 @@ SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} SINGLE-VALUE + X-ORIGIN 'Mozilla Address Book' ) # ################################################################################ @@ -153,6 +165,7 @@ EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} SINGLE-VALUE + X-ORIGIN 'Mozilla Address Book' ) # ################################################################################ @@ -161,6 +174,7 @@ 1.3.6.1.4.1.13769.2.1 NAME ( 'mozillaNickname' 'xmozillanickname' ) SUP name + X-ORIGIN 'Mozilla Address Book' ) # ################################################################################ @@ -172,6 +186,7 @@ SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} SINGLE-VALUE + X-ORIGIN 'Mozilla Address Book' ) # ################################################################################ @@ -181,6 +196,7 @@ NAME ( 'mozillaUseHtmlMail' 'xmozillausehtmlmail' ) SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE + X-ORIGIN 'Mozilla Address Book' ) # ################################################################################ @@ -191,6 +207,7 @@ EQUALITY telephoneNumberMatch SUBSTR telephoneNumberSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.50 + X-ORIGIN 'Mozilla Address Book' ) # ################################################################################ @@ -207,6 +224,7 @@ AUXILIARY MUST ( cn ) MAY ( c $ description $ displayName $ fax $ givenName $ homePhone $ l $ mail $ mobile $ mozillaCustom1 $ mozillaCustom2 $ mozillaCustom3 $ mozillaCustom4 $ mozillaHomeCountryName $ mozillaHomeLocalityName $ mozillaHomePostalCode $ mozillaHomeState $ mozillaHomeStreet $ mozillaHomeStreet2 $ mozillaHomeUrl $ mozillaNickname $ mozillaSecondEmail $ mozillaUseHtmlMail $ mozillaWorkStreet2 $ mozillaWorkUrl $ nsAIMid $ o $ ou $ pager $ postalCode $ postOfficeBox $ sn $ st $ street $ telephoneNumber $ title ) + X-ORIGIN 'Mozilla Address Book' ) # ################################################################################ Index: 60pureftpd.ldif =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/schema/60pureftpd.ldif,v retrieving revision 1.1 retrieving revision 1.2 diff -u -r1.1 -r1.2 --- 60pureftpd.ldif 16 Oct 2008 16:43:36 -0000 1.1 +++ 60pureftpd.ldif 3 Dec 2008 00:03:25 -0000 1.2 @@ -16,6 +16,7 @@ EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE + X-ORIGIN 'Pure-FTPd' ) # ################################################################################ @@ -27,6 +28,7 @@ EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE + X-ORIGIN 'Pure-FTPd' ) # ################################################################################ @@ -38,6 +40,7 @@ EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE + X-ORIGIN 'Pure-FTPd' ) # ################################################################################ @@ -49,6 +52,7 @@ EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE + X-ORIGIN 'Pure-FTPd' ) # ################################################################################ @@ -60,6 +64,7 @@ EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE + X-ORIGIN 'Pure-FTPd' ) # ################################################################################ @@ -71,6 +76,7 @@ EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE + X-ORIGIN 'Pure-FTPd' ) # ################################################################################ @@ -82,6 +88,7 @@ EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE + X-ORIGIN 'Pure-FTPd' ) # ################################################################################ @@ -93,6 +100,7 @@ EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE + X-ORIGIN 'Pure-FTPd' ) # ################################################################################ @@ -104,6 +112,7 @@ EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE + X-ORIGIN 'Pure-FTPd' ) # ################################################################################ @@ -113,6 +122,7 @@ NAME 'PureFTPdUser' DESC 'PureFTPd user with optional quota, throttling and ratio' MAY ( FTPStatus $ FTPQuotaFiles $ FTPQuotaMBytes $ FTPUploadRatio $ FTPDownloadRatio $ FTPUploadBandwidth $ FTPDownloadBandwidth $ FTPuid $ FTPgid ) + X-ORIGIN 'Pure-FTPd' ) # ################################################################################ Index: 60rfc2739.ldif =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/schema/60rfc2739.ldif,v retrieving revision 1.1 retrieving revision 1.2 diff -u -r1.1 -r1.2 --- 60rfc2739.ldif 16 Oct 2008 16:43:36 -0000 1.1 +++ 60rfc2739.ldif 3 Dec 2008 00:03:25 -0000 1.2 @@ -13,6 +13,7 @@ SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 USAGE userApplications + X-ORIGIN 'rfc2739' ) # ################################################################################ @@ -25,6 +26,7 @@ SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 USAGE userApplications + X-ORIGIN 'rfc2739' ) # ################################################################################ @@ -37,6 +39,7 @@ SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 USAGE userApplications + X-ORIGIN 'rfc2739' ) # ################################################################################ @@ -49,6 +52,7 @@ SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 USAGE userApplications + X-ORIGIN 'rfc2739' ) # ################################################################################ @@ -61,6 +65,7 @@ SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 USAGE userApplications + X-ORIGIN 'rfc2739' ) # ################################################################################ @@ -73,6 +78,7 @@ SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 USAGE userApplications + X-ORIGIN 'rfc2739' ) # ################################################################################ @@ -85,6 +91,7 @@ SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 USAGE userApplications + X-ORIGIN 'rfc2739' ) # ################################################################################ @@ -97,6 +104,7 @@ SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 USAGE userApplications + X-ORIGIN 'rfc2739' ) # ################################################################################ @@ -108,6 +116,7 @@ SUP top AUXILIARY MAY ( calCalURI $ calFBURL $ calOtherCalURIs $ calOtherFBURLs $ calCAPURI $ calOtherCAPURIs ) + X-ORIGIN 'rfc2739' ) # ################################################################################ Index: 60rfc3712.ldif =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/schema/60rfc3712.ldif,v retrieving revision 1.1 retrieving revision 1.2 diff -u -r1.1 -r1.2 --- 60rfc3712.ldif 16 Oct 2008 16:43:36 -0000 1.1 +++ 60rfc3712.ldif 3 Dec 2008 00:03:25 -0000 1.2 @@ -13,6 +13,7 @@ SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE + X-ORIGIN 'rfc3712' ) # ################################################################################ @@ -24,6 +25,7 @@ EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'rfc3712' ) # ################################################################################ @@ -36,6 +38,7 @@ SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{127} SINGLE-VALUE + X-ORIGIN 'rfc3712' ) # ################################################################################ @@ -48,6 +51,7 @@ SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{127} SINGLE-VALUE + X-ORIGIN 'rfc3712' ) # ################################################################################ @@ -60,6 +64,7 @@ SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{127} SINGLE-VALUE + X-ORIGIN 'rfc3712' ) # ################################################################################ @@ -72,6 +77,7 @@ SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{127} SINGLE-VALUE + X-ORIGIN 'rfc3712' ) # ################################################################################ @@ -84,6 +90,7 @@ SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE + X-ORIGIN 'rfc3712' ) # ################################################################################ @@ -96,6 +103,7 @@ SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{127} SINGLE-VALUE + X-ORIGIN 'rfc3712' ) # ################################################################################ @@ -107,6 +115,7 @@ EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{127} + X-ORIGIN 'rfc3712' ) # ################################################################################ @@ -118,6 +127,7 @@ EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE + X-ORIGIN 'rfc3712' ) # ################################################################################ @@ -129,6 +139,7 @@ EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{63} SINGLE-VALUE + X-ORIGIN 'rfc3712' ) # ################################################################################ @@ -139,6 +150,7 @@ DESC 'Set of charsets supported for the attribute values of syntax DirectoryString for this directory entry.' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{63} + X-ORIGIN 'rfc3712' ) # ################################################################################ @@ -150,6 +162,7 @@ EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{63} + X-ORIGIN 'rfc3712' ) # ################################################################################ @@ -161,6 +174,7 @@ EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{127} + X-ORIGIN 'rfc3712' ) # ################################################################################ @@ -172,6 +186,7 @@ EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE + X-ORIGIN 'rfc3712' ) # ################################################################################ @@ -183,6 +198,7 @@ EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{255} + X-ORIGIN 'rfc3712' ) # ################################################################################ @@ -195,6 +211,7 @@ ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE + X-ORIGIN 'rfc3712' ) # ################################################################################ @@ -207,6 +224,7 @@ ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE + X-ORIGIN 'rfc3712' ) # ################################################################################ @@ -218,6 +236,7 @@ EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{255} + X-ORIGIN 'rfc3712' ) # ################################################################################ @@ -229,6 +248,7 @@ EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 + X-ORIGIN 'rfc3712' ) # ################################################################################ @@ -239,6 +259,7 @@ DESC 'The number of impression sides (one or two) and the two-sided impression rotations supported by this printer.' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{127} + X-ORIGIN 'rfc3712' ) # ################################################################################ @@ -250,6 +271,7 @@ EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{255} + X-ORIGIN 'rfc3712' ) # ################################################################################ @@ -261,6 +283,7 @@ EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{255} + X-ORIGIN 'rfc3712' ) # ################################################################################ @@ -272,6 +295,7 @@ EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{255} + X-ORIGIN 'rfc3712' ) # ################################################################################ @@ -282,6 +306,7 @@ DESC 'List of print qualities supported for printing documents on this printer.' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{127} + X-ORIGIN 'rfc3712' ) # ################################################################################ @@ -294,6 +319,7 @@ ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE + X-ORIGIN 'rfc3712' ) # ################################################################################ @@ -306,6 +332,7 @@ ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE + X-ORIGIN 'rfc3712' ) # ################################################################################ @@ -318,6 +345,7 @@ ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE + X-ORIGIN 'rfc3712' ) # ################################################################################ @@ -330,6 +358,7 @@ SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{127} SINGLE-VALUE + X-ORIGIN 'rfc3712' ) # ################################################################################ @@ -342,6 +371,7 @@ SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{127} SINGLE-VALUE + X-ORIGIN 'rfc3712' ) # ################################################################################ @@ -352,6 +382,7 @@ DESC 'The possible delivery orientations of pages as they are printed and ejected from this printer.' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{127} + X-ORIGIN 'rfc3712' ) # ################################################################################ @@ -362,6 +393,7 @@ DESC 'The possible stacking order of pages as they are printed and ejected from this printer.' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{127} + X-ORIGIN 'rfc3712' ) # ################################################################################ @@ -372,6 +404,7 @@ DESC 'The possible output features supported by this printer.' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{127} + X-ORIGIN 'rfc3712' ) # ################################################################################ @@ -383,6 +416,7 @@ EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{127} + X-ORIGIN 'rfc3712' ) # ################################################################################ @@ -391,6 +425,7 @@ NAME 'printer-uri' DESC 'A URI supported by this printer.' + X-ORIGIN 'rfc3712' ) # ################################################################################ @@ -402,6 +437,7 @@ SUP top ABSTRACT MAY ( printer-name $ printer-natural-language-configured $ printer-location $ printer-info $ printer-more-info $ printer-make-and-model $ printer-multiple-document-jobs-supported $ printer-charset-configured $ printer-charset-supported $ printer-generated-natural-language-supported $ printer-document-format-supported $ printer-color-supported $ printer-compression-supported $ printer-pages-per-minute $ printer-pages-per-minute-color $ printer-finishings-supported $ printer-number-up-supported $ printer-sides-supported $ printer-media-supported $ printer-media-local-supported $ printer-resolution-supported $ printer-print-quality-supported $ printer-job-priority-supported $ printer-copies-supported $ printer-job-k-octets-supported $ printer-current-operator $ printer-service-person $ printer-delivery-orientation-supported $ printer-stacking-order-supported $ printer-output-features-supported ) + X-ORIGIN 'rfc3712' ) # ################################################################################ @@ -413,6 +449,7 @@ SUP printerAbstract STRUCTURAL MAY ( printer-uri $ printer-xri-supported ) + X-ORIGIN 'rfc3712' ) # ################################################################################ @@ -424,6 +461,7 @@ SUP printerAbstract AUXILIARY MAY ( printer-uri $ printer-xri-supported ) + X-ORIGIN 'rfc3712' ) # ################################################################################ @@ -435,6 +473,7 @@ SUP top AUXILIARY MAY ( printer-ipp-versions-supported $ printer-multiple-document-jobs-supported ) + X-ORIGIN 'rfc3712' ) # ################################################################################ @@ -447,6 +486,7 @@ AUXILIARY MUST ( printer-name ) MAY ( printer-aliases ) + X-ORIGIN 'rfc3712' ) # ################################################################################ Index: 60sabayon.ldif =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/schema/60sabayon.ldif,v retrieving revision 1.1 retrieving revision 1.2 diff -u -r1.1 -r1.2 --- 60sabayon.ldif 16 Oct 2008 16:43:36 -0000 1.1 +++ 60sabayon.ldif 3 Dec 2008 00:03:25 -0000 1.2 @@ -14,6 +14,7 @@ NAME 'sabayonProfileURL' DESC 'The URL of a sabayon profile' SUP labeledURI + X-ORIGIN 'Sabayon' ) # This attribute is used to store the name of a sabayon profile. # It can refer to either a local zipfile (which will be looked up @@ -27,6 +28,7 @@ SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE + X-ORIGIN 'Sabayon' ) # Simple example object to store profile information # If you use this or something similar instead of a direct URL @@ -39,6 +41,7 @@ STRUCTURAL MUST cn MAY ( sabayonProfileURL $ description ) + X-ORIGIN 'Sabayon' ) # Use these to put sabayonProfileName or sabayonProfileURL # attributes in an objetc @@ -49,6 +52,7 @@ SUP top AUXILIARY MUST sabayonProfileName + X-ORIGIN 'Sabayon' ) objectClasses: ( 1.3.6.1.4.1.2312.4.3.4.3 @@ -58,4 +62,5 @@ AUXILIARY MUST cn MAY sabayonProfileURL + X-ORIGIN 'Sabayon' ) Index: 60trust.ldif =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/schema/60trust.ldif,v retrieving revision 1.1 retrieving revision 1.2 diff -u -r1.1 -r1.2 --- 60trust.ldif 16 Oct 2008 16:43:36 -0000 1.1 +++ 60trust.ldif 3 Dec 2008 00:03:25 -0000 1.2 @@ -15,6 +15,7 @@ SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE + X-ORIGIN 'nss_ldap/pam_ldap' ) # ################################################################################ @@ -26,6 +27,7 @@ EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + X-ORIGIN 'nss_ldap/pam_ldap' ) # ################################################################################ @@ -38,6 +40,7 @@ AUXILIARY MUST ( trustModel ) MAY ( accessTo ) + X-ORIGIN 'nss_ldap/pam_ldap' ) # ################################################################################ From rmeggins at fedoraproject.org Wed Dec 3 17:31:28 2008 From: rmeggins at fedoraproject.org (Richard Allen Megginson) Date: Wed, 3 Dec 2008 17:31:28 +0000 (UTC) Subject: [Fedora-directory-commits] adminutil/include/libadminutil admutil.h, 1.9, 1.10 Message-ID: <20081203173129.04B5070142@cvs1.fedora.phx.redhat.com> Author: rmeggins Update of /cvs/dirsec/adminutil/include/libadminutil In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv3272/adminutil/include/libadminutil Modified Files: admutil.h Log Message: Resolves: bug 462411 Bug Description: certificate request wizard returns an error Reviewed by: nkinder (Thanks!) Fix Description: This was broken as part of the fix for the XSS issues. To fix that, in order to make sure we never displayed any string that contained unescaped HTML entities, we just go ahead and escape everything when we read the values from the CGI GET or POST arguments. For this particular bug, this meant the cert CGI was getting a DN like this: CN="ldap.example.com" instead of CN="ldap.example.com". The solution is to add some functions to adminutil (stolen from dsgw) that can be used to escape/unescape HTML entities. We have to be careful never to display unescaped strings - in this particular case, the DN is never printed. Platforms tested: RHEL5 Flag Day: yes - will require new adminutil, adminserver Doc impact: no Index: admutil.h =================================================================== RCS file: /cvs/dirsec/adminutil/include/libadminutil/admutil.h,v retrieving revision 1.9 retrieving revision 1.10 diff -u -r1.9 -r1.10 --- admutil.h 27 Aug 2008 20:05:58 -0000 1.9 +++ admutil.h 3 Dec 2008 17:31:26 -0000 1.10 @@ -424,6 +424,30 @@ #define WORD_WRAP_WIDTH 80 PR_IMPLEMENT(char) *alert_wrd_wrap(char *str, int width, char *linefeed); +/* + * If the UTF8 string "s" contains any HTML special characters, make a + * duplicate where the appropriate HTML "entities" have been substituted + * for the special chars. For example, "" will be translated + * to "<mcs at ace.com>". + * + * If "s" does not contain any special characters, it is returned and + * *madecopyp is set to 0. + * Otherwise a malloc'd string is returned and *madecopyp is set to 1. + */ +PR_IMPLEMENT(char *) strdup_escape_entities(char *s, int *madecopyp); + +/* this will convert a string with escaped entities ("&") + back to the original unescaped string ("&") + This is necessary for converting URLs and other values which would normally + have entities in them (e.g. search?context=foo&dn=bar) + for use in javascript (e.g. window.href = 'search?context=foo&dn=bar') + since javascript must use the unescaped version + This converts the string in place since the entities "&" + take up much more room than the single character represented + If you need to work on a copy then make a copy with strdup first. +*/ +PR_IMPLEMENT(void) unescape_entities(char *s); + /* Get internal variable info data structure */ /* This is hack, should be removed later - YJH */ /* form_post.c */ From rmeggins at fedoraproject.org Wed Dec 3 17:31:28 2008 From: rmeggins at fedoraproject.org (Richard Allen Megginson) Date: Wed, 3 Dec 2008 17:31:28 +0000 (UTC) Subject: [Fedora-directory-commits] adminutil/lib/libadminutil form_post.c, 1.10, 1.11 Message-ID: <20081203173129.0FA1670141@cvs1.fedora.phx.redhat.com> Author: rmeggins Update of /cvs/dirsec/adminutil/lib/libadminutil In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv3272/adminutil/lib/libadminutil Modified Files: form_post.c Log Message: Resolves: bug 462411 Bug Description: certificate request wizard returns an error Reviewed by: nkinder (Thanks!) Fix Description: This was broken as part of the fix for the XSS issues. To fix that, in order to make sure we never displayed any string that contained unescaped HTML entities, we just go ahead and escape everything when we read the values from the CGI GET or POST arguments. For this particular bug, this meant the cert CGI was getting a DN like this: CN="ldap.example.com" instead of CN="ldap.example.com". The solution is to add some functions to adminutil (stolen from dsgw) that can be used to escape/unescape HTML entities. We have to be careful never to display unescaped strings - in this particular case, the DN is never printed. Platforms tested: RHEL5 Flag Day: yes - will require new adminutil, adminserver Doc impact: no Index: form_post.c =================================================================== RCS file: /cvs/dirsec/adminutil/lib/libadminutil/form_post.c,v retrieving revision 1.10 retrieving revision 1.11 diff -u -r1.10 -r1.11 --- form_post.c 27 Aug 2008 20:02:23 -0000 1.10 +++ form_post.c 3 Dec 2008 17:31:26 -0000 1.11 @@ -82,6 +82,100 @@ return input; } +#define ADMINUTIL_MAX_ENTITY_LEN 6 /* " */ +static char *specials = "&\"<>\'"; +static char *entities[] = { "&", """, "<", ">", "'" }; +static int entitylen[] = { 5, 6, 4, 4, 5 }; +static int entitynum = sizeof(entities)/sizeof(entities[0]); + +PR_IMPLEMENT(char *) +strdup_escape_entities( char *s, int *madecopyp ) +{ +/* + * If the UTF8 string "s" contains any HTML special characters, make a + * duplicate where the appropriate HTML "entities" have been substituted + * for the special chars. For example, "" will be translated + * to "<mcs at ace.com>". + * + * If "s" does not contain any special characters, it is returned and + * *madecopyp is set to 0. + * Otherwise a malloc'd string is returned and *madecopyp is set to 1. + */ + int spcount, idx; + char *p, *q, *r, *d; + + spcount = 0; + for ( p = s; *p != '\0'; LDAP_UTF8INC( p )) { + if ( ((*p) & 0x80) == 0 && strchr( specials, *p ) != NULL ) { + ++spcount; + } + } + + if ( spcount == 0 ) { + *madecopyp = 0; + return( s ); + } + + d = r = PR_Malloc( strlen( s ) + 1 + spcount * ADMINUTIL_MAX_ENTITY_LEN ); + for ( p = s; *p != '\0'; LDAP_UTF8INC( p )) { + if ( ((*p) & 0x80) == 0 && ( q = strchr( specials, *p )) != NULL ) { + idx = ( q - specials ); + memcpy( r, entities[ idx ], entitylen[ idx ] ); + r += entitylen[ idx ]; + } else { + r += LDAP_UTF8COPY( r, p ); + } + } + *r = '\0'; + + *madecopyp = 1; + return( d ); +} + +/* this will convert a string with escaped entities ("&") + back to the original unescaped string ("&") + This is necessary for converting URLs which would normally + have entities in them (e.g. search?context=foo&dn=bar) + for use in javascript (e.g. window.href = 'search?context=foo&dn=bar') + since javascript must use the unescaped version + This converts the string in place since the entities "&" + take up much more room than the single character represented + If you need to work on a copy then make a copy with strdup first. +*/ +PR_IMPLEMENT(void) +unescape_entities(char *s) +{ + int idx; + char *p, *r, *d; + + if (!s || !*s) { + return; + } + + d = r = s; + for ( p = s; *p != '\0'; LDAP_UTF8INC( p )) { + if ( ((*p) & 0x80) == 0 && ( (*p) == '&') ) { + for( idx = 0; idx < entitynum; ++idx ) { + if (!strncmp(p, entities[ idx ], entitylen[ idx ])) { + break; + } + } + if (idx < entitynum) { + *r = specials[idx]; + ++r; + p += entitylen[ idx ]-1; /* the 1 will be added in the for loop */ + } else { + r += LDAP_UTF8COPY( r, p ); + } + } else { + r += LDAP_UTF8COPY( r, p ); + } + } + *r = '\0'; + + return; +} + PR_IMPLEMENT(void) form_unescape(char *str) { From rmeggins at fedoraproject.org Wed Dec 3 17:32:19 2008 From: rmeggins at fedoraproject.org (Richard Allen Megginson) Date: Wed, 3 Dec 2008 17:32:19 +0000 (UTC) Subject: [Fedora-directory-commits] adminserver/admserv/cgi-src40 security.c, 1.15, 1.16 Message-ID: <20081203173219.5D3B270141@cvs1.fedora.phx.redhat.com> Author: rmeggins Update of /cvs/dirsec/adminserver/admserv/cgi-src40 In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv3348/adminserver/admserv/cgi-src40 Modified Files: security.c Log Message: Resolves: bug 462411 Bug Description: certificate request wizard returns an error Reviewed by: nkinder (Thanks!) Fix Description: This was broken as part of the fix for the XSS issues. To fix that, in order to make sure we never displayed any string that contained unescaped HTML entities, we just go ahead and escape everything when we read the values from the CGI GET or POST arguments. For this particular bug, this meant the cert CGI was getting a DN like this: CN="ldap.example.com" instead of CN="ldap.example.com". The solution is to add some functions to adminutil (stolen from dsgw) that can be used to escape/unescape HTML entities. We have to be careful never to display unescaped strings - in this particular case, the DN is never printed. Platforms tested: RHEL5 Flag Day: yes - will require new adminutil, adminserver Doc impact: no Index: security.c =================================================================== RCS file: /cvs/dirsec/adminserver/admserv/cgi-src40/security.c,v retrieving revision 1.15 retrieving revision 1.16 diff -u -r1.15 -r1.16 --- security.c 14 Jul 2008 20:00:02 -0000 1.15 +++ security.c 3 Dec 2008 17:32:17 -0000 1.16 @@ -1165,6 +1165,9 @@ /* to do token here */ privateKey = generateKey(&publicKey, tokenName); + /* can be done in place */ + unescape_entities(DN); /* e.g. convert " to " */ + /* since DN now contains unescaped entities, it must never be displayed */ fprintf(stdout, HEADERREQUEST, _new?CERTREQ_NEW:CERTREQ_OLD); fprintf(stdout, "%s", BTOA_ConvertItemToAscii(generateCertificateRequest(privateKey, publicKey, DN))); fprintf(stdout, FOOTERREQUEST, _new?CERTREQ_NEW:CERTREQ_OLD); From rmeggins at fedoraproject.org Wed Dec 3 18:36:52 2008 From: rmeggins at fedoraproject.org (Richard Allen Megginson) Date: Wed, 3 Dec 2008 18:36:52 +0000 (UTC) Subject: [Fedora-directory-commits] adminutil/lib/libadmsslutil admsslutil.c, 1.9, 1.10 srvutilssl.c, 1.6, 1.7 Message-ID: <20081203183652.9AB5C70134@cvs1.fedora.phx.redhat.com> Author: rmeggins Update of /cvs/dirsec/adminutil/lib/libadmsslutil In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv10019/adminutil/lib/libadmsslutil Modified Files: admsslutil.c srvutilssl.c Log Message: compiler warning clean up Index: admsslutil.c =================================================================== RCS file: /cvs/dirsec/adminutil/lib/libadmsslutil/admsslutil.c,v retrieving revision 1.9 retrieving revision 1.10 diff -u -r1.9 -r1.10 --- admsslutil.c 22 Jun 2007 21:06:45 -0000 1.9 +++ admsslutil.c 3 Dec 2008 18:36:50 -0000 1.10 @@ -69,22 +69,6 @@ char custom_file[BIG_LINE] = ""; char retried_token[BIG_LINE] = ""; -/* returns true if the given path is a valid directory, false otherwise */ -static int -is_dir_ok(const char *path) -{ - PRFileInfo prinfo; - int ret = 0; - - if (path && *path && - (PR_SUCCESS == PR_GetFileInfo(path, &prinfo)) && - prinfo.type == PR_FILE_DIRECTORY) { - ret = 1; - } - - return ret; -} - PR_IMPLEMENT(int) admldapBuildInfoSSL(AdmldapInfo info, int *errorcode) { Index: srvutilssl.c =================================================================== RCS file: /cvs/dirsec/adminutil/lib/libadmsslutil/srvutilssl.c,v retrieving revision 1.6 retrieving revision 1.7 diff -u -r1.6 -r1.7 --- srvutilssl.c 28 Jun 2007 20:47:56 -0000 1.6 +++ srvutilssl.c 3 Dec 2008 18:36:50 -0000 1.7 @@ -19,6 +19,7 @@ * END COPYRIGHT BLOCK **/ #include #include "libadminutil/admutil.h" +#include "libadminutil/distadm.h" #include "libadmsslutil/psetcssl.h" #include "libadmsslutil/srvutilssl.h" @@ -176,7 +177,7 @@ if (nl) { size_t len = strlen(serverID); AttrNameList nlptr = nl; - while (retval = *nlptr++) { + while ((retval = *nlptr++)) { /* nl is a list of DNs like this: cn=slapd-foo, ... cn=slapd-bar,... From rmeggins at fedoraproject.org Wed Dec 3 18:36:52 2008 From: rmeggins at fedoraproject.org (Richard Allen Megginson) Date: Wed, 3 Dec 2008 18:36:52 +0000 (UTC) Subject: [Fedora-directory-commits] adminutil/lib/libadminutil srvutil.c, 1.5, 1.6 Message-ID: <20081203183652.4B64E70134@cvs1.fedora.phx.redhat.com> Author: rmeggins Update of /cvs/dirsec/adminutil/lib/libadminutil In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv10019/adminutil/lib/libadminutil Modified Files: srvutil.c Log Message: compiler warning clean up Index: srvutil.c =================================================================== RCS file: /cvs/dirsec/adminutil/lib/libadminutil/srvutil.c,v retrieving revision 1.5 retrieving revision 1.6 diff -u -r1.5 -r1.6 --- srvutil.c 22 Jun 2007 21:06:44 -0000 1.5 +++ srvutil.c 3 Dec 2008 18:36:49 -0000 1.6 @@ -249,7 +249,7 @@ if (nl) { size_t len = strlen(serverID); AttrNameList nlptr = nl; - while (retval = *nlptr++) { + while ((retval = *nlptr++)) { /* nl is a list of DNs like this: cn=slapd-foo, ... cn=slapd-bar,... From nhosoi at fedoraproject.org Wed Dec 3 19:14:20 2008 From: nhosoi at fedoraproject.org (Noriko Hosoi) Date: Wed, 3 Dec 2008 19:14:20 +0000 (UTC) Subject: [Fedora-directory-commits] ldapserver/ldap/servers/slapd/back-ldbm ancestorid.c, 1.6, 1.7 Message-ID: <20081203191420.9F02C70141@cvs1.fedora.phx.redhat.com> Author: nhosoi Update of /cvs/dirsec/ldapserver/ldap/servers/slapd/back-ldbm In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv13558 Modified Files: ancestorid.c Log Message: Resolves: #469800 Summary: Slow import post-processing with large number of non-leaf entries Description: Building the ancestorid index does not need to be so expensive, since the information is available from the parentid index. The cost is associated with general overhead in maintaining the IDLists in memory, and in particular to the constant unions done on them to add children. When these lists may contain millions of entries, the time spent copying the existing data when inserting children is prohibitively expensive. This does not affect all layouts equally, but does cause problems when large numbers of children are dispersed throughout the tree. BDB can usually handle inserts efficiently on its own, so it is not necessary to maintain complete IDLists in memory for all the entries and write them out in total. Updates can be performed directly to the DB instead. Note: checking in the patch on behalf of Thomas Lackey Index: ancestorid.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/back-ldbm/ancestorid.c,v retrieving revision 1.6 retrieving revision 1.7 diff -u -r1.6 -r1.7 --- ancestorid.c 15 Oct 2008 06:30:06 -0000 1.6 +++ ancestorid.c 3 Dec 2008 19:14:18 -0000 1.7 @@ -70,6 +70,8 @@ static int ldbm_parentid(backend *be, DB_TXN *txn, ID id, ID *ppid); static int check_cache(id2idl_hash *ht); static IDList *idl_union_allids(backend *be, struct attrinfo *ai, IDList *a, IDList *b); +static int ldbm_ancestorid_default_create_index(backend *be); +static int ldbm_ancestorid_new_idl_create_index(backend *be); static int ldbm_get_nonleaf_ids(backend *be, DB_TXN *txn, IDList **idl) { @@ -158,6 +160,19 @@ */ int ldbm_ancestorid_create_index(backend *be) { + return (idl_get_idl_new()) ? + ldbm_ancestorid_new_idl_create_index(be) : + ldbm_ancestorid_default_create_index(be); +} + +/* + * Create the ancestorid index. This version is safe to + * use whichever IDL mode is active. However, it may be + * quite a bit slower than ldbm_ancestorid_new_idl_create_index() + * when the new mode is used, particularly with large databases. + */ +static int ldbm_ancestorid_default_create_index(backend *be) +{ int ret = 0; DB *db_pid = NULL; DB *db_aid = NULL; @@ -330,6 +345,181 @@ } /* + * Create the ancestorid index. This version expects to use + * idl_new_store_block() and should be used when idl_new != 0. + * It has lower overhead and can be faster than + * ldbm_ancestorid_default_create_index(), particularly on + * large databases. Cf. bug 469800. + */ +static int ldbm_ancestorid_new_idl_create_index(backend *be) +{ + int ret = 0; + DB *db_pid = NULL; + DB *db_aid = NULL; + DBT key = {0}; + DB_TXN *txn = NULL; + struct attrinfo *ai_pid = NULL; + struct attrinfo *ai_aid = NULL; + char keybuf[24]; + IDList *nodes = NULL; + IDList *children = NULL; + NIDS nids; + ID id, parentid; + + /* + * We need to iterate depth-first through the non-leaf nodes + * in the tree amassing an idlist of descendant ids for each node. + * We would prefer to go through the parentid keys just once from + * highest id to lowest id but the btree ordering is by string + * rather than number. So we go through the parentid keys in btree + * order first of all to create an idlist of all the non-leaf nodes. + * Then we can use the idlist to iterate through parentid in the + * correct order. + */ + + LDAPDebug(LDAP_DEBUG_TRACE, "Creating ancestorid index\n", 0,0,0); + + /* Bail now if we did not get here honestly. */ + if (!idl_get_idl_new()) { + LDAPDebug(LDAP_DEBUG_ANY, "Cannot create ancestorid index. " + "New IDL version called but idl_new is false!\n", 0,0,0); + return 1; + } + + /* Get the non-leaf node IDs */ + ret = ldbm_get_nonleaf_ids(be, txn, &nodes); + if (ret != 0) return ret; + + /* Get the ancestorid index */ + ainfo_get(be, "ancestorid", &ai_aid); + + /* Prevent any other use of the index */ + ai_aid->ai_indexmask |= INDEX_OFFLINE; + + /* Open the ancestorid index file */ + ret = dblayer_get_index_file(be, ai_aid, &db_aid, DBOPEN_CREATE); + if (ret != 0) { + ldbm_nasty(sourcefile,13050,ret); + goto out; + } + + /* Maybe nothing to do */ + if (nodes == NULL || nodes->b_nids == 0) { + LDAPDebug(LDAP_DEBUG_ANY, "Nothing to do to build ancestorid index\n", + 0, 0, 0); + goto out; + } + + /* Get the parentid index */ + ainfo_get( be, "parentid", &ai_pid ); + + /* Open the parentid index file */ + ret = dblayer_get_index_file(be, ai_pid, &db_pid, DBOPEN_CREATE); + if (ret != 0) { + ldbm_nasty(sourcefile,13060,ret); + goto out; + } + + /* Initialize key DBT */ + key.data = keybuf; + key.ulen = sizeof(keybuf); + key.flags = DB_DBT_USERMEM; + + /* Iterate from highest to lowest ID */ + nids = nodes->b_nids; + do { + + nids--; + id = nodes->b_ids[nids]; + + /* Get immediate children from parentid index */ + key.size = PR_snprintf(key.data, key.ulen, "%c%lu", + EQ_PREFIX, (u_long)id); + key.size++; /* include the null terminator */ + ret = NEW_IDL_NO_ALLID; + children = idl_fetch(be, db_pid, &key, txn, ai_pid, &ret); + if (ret != 0) { + ldbm_nasty(sourcefile,13070,ret); + break; + } + + /* Instead of maintaining a full accounting of IDs in a hashtable + * as is done with ldbm_ancestorid_default_create_index(), perform + * incremental updates straight to the DB with idl_new_store_block() + * (used by idl_store_block() when idl_get_idl_new() is true). This + * can be a significant performance improvement with large databases, + * where the overhead of maintaining and copying the lists is very + * expensive, particularly when the allids threshold is not being + * used to provide any cut off. Cf. bug 469800. + * TEL 20081029 */ + + /* Insert into ancestorid for this node */ + ret = idl_store_block(be, db_aid, &key, children, txn, ai_aid); + if (ret != 0) { + idl_free(children); + break; + } + + /* Get parentid for this entry */ + ret = ldbm_parentid(be, txn, id, &parentid); + if (ret != 0) { + idl_free(children); + break; + } + + /* A suffix entry does not have a parent */ + if (parentid == NOID) { + idl_free(children); + continue; + } + + /* Reset the key to the parent id */ + key.size = PR_snprintf(key.data, key.ulen, "%c%lu", + EQ_PREFIX, (u_long)parentid); + key.size++; + + /* Insert into ancestorid for this node's parent */ + ret = idl_store_block(be, db_aid, &key, children, txn, ai_aid); + idl_free(children); + if (ret != 0) { + break; + } + } while (nids > 0); + + if (ret != 0) { + goto out; + } + + out: + if (ret == 0) { + LDAPDebug(LDAP_DEBUG_TRACE, "Created ancestorid index\n", 0,0,0); + } else { + LDAPDebug(LDAP_DEBUG_ANY, "Failed to create ancestorid index\n", 0,0,0); + } + + /* Free any leftover idlists */ + idl_free(nodes); + + /* Release the parentid file */ + if (db_pid != NULL) { + dblayer_release_index_file( be, ai_pid, db_pid ); + } + + /* Release the ancestorid file */ + if (db_aid != NULL) { + dblayer_release_index_file( be, ai_aid, db_aid ); + } + + /* Enable the index */ + if (ret == 0) { + ai_aid->ai_indexmask &= ~INDEX_OFFLINE; + } + + return ret; +} + + +/* * Get parentid of an id by reading the operational attr from id2entry. */ static int ldbm_parentid(backend *be, DB_TXN *txn, ID id, ID *ppid) From nhosoi at fedoraproject.org Thu Dec 4 00:42:20 2008 From: nhosoi at fedoraproject.org (Noriko Hosoi) Date: Thu, 4 Dec 2008 00:42:20 +0000 (UTC) Subject: [Fedora-directory-commits] ldapserver/ldap/servers/plugins/replication repl_extop.c, 1.14, 1.15 replutil.c, 1.13, 1.14 Message-ID: <20081204004220.6892D70142@cvs1.fedora.phx.redhat.com> Author: nhosoi Update of /cvs/dirsec/ldapserver/ldap/servers/plugins/replication In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv16573/plugins/replication Modified Files: repl_extop.c replutil.c Log Message: Resolves: #474248 Summary: Replica crashes in the consumer initialization if the backend to be replicated does not exist Description: . mapping_tree.c: if NULL mapping tree state is passed, return an error. . repl_extop.c: if mapping tree node state is NULL, don't reset the mapping tree state. . replutil.c: if NULL mapping tree state is passed, log it and return. Index: repl_extop.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/plugins/replication/repl_extop.c,v retrieving revision 1.14 retrieving revision 1.15 diff -u -r1.14 -r1.15 --- repl_extop.c 17 Oct 2008 22:12:47 -0000 1.14 +++ repl_extop.c 4 Dec 2008 00:42:18 -0000 1.15 @@ -837,10 +837,12 @@ { response = NSDS50_REPL_INTERNAL_ERROR; /* reset the mapping tree state to what it was before - we tried to do the bulk import */ - repl_set_mtn_state_and_referrals(repl_root_sdn, mtnstate, + we tried to do the bulk import if mtnstate exists */ + if (mtnstate) { + repl_set_mtn_state_and_referrals(repl_root_sdn, mtnstate, NULL, NULL, mtnreferral); - slapi_ch_free_string(&mtnstate); + slapi_ch_free_string(&mtnstate); + } charray_free(mtnreferral); mtnreferral = NULL; Index: replutil.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/plugins/replication/replutil.c,v retrieving revision 1.13 retrieving revision 1.14 diff -u -r1.13 -r1.14 --- replutil.c 17 Oct 2008 22:12:47 -0000 1.13 +++ replutil.c 4 Dec 2008 00:42:18 -0000 1.14 @@ -709,6 +709,11 @@ int ii = 0; char **referrals_to_set = NULL; PRBool chain_on_update = is_chain_on_update_setup(repl_root_sdn); + if (NULL == mtn_state) { + slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name, + "repl_set_mtn_referrals: cannot set NULL state.\n"); + return; + } /* Fix for blackflag bug 601440: We want the new behaviour of DS, ** going forward, to now be that if the nsds5replicareferral attrib From nhosoi at fedoraproject.org Thu Dec 4 00:42:20 2008 From: nhosoi at fedoraproject.org (Noriko Hosoi) Date: Thu, 4 Dec 2008 00:42:20 +0000 (UTC) Subject: [Fedora-directory-commits] ldapserver/ldap/servers/slapd mapping_tree.c, 1.16, 1.17 Message-ID: <20081204004220.6F3B87011F@cvs1.fedora.phx.redhat.com> Author: nhosoi Update of /cvs/dirsec/ldapserver/ldap/servers/slapd In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv16573/slapd Modified Files: mapping_tree.c Log Message: Resolves: #474248 Summary: Replica crashes in the consumer initialization if the backend to be replicated does not exist Description: . mapping_tree.c: if NULL mapping tree state is passed, return an error. . repl_extop.c: if mapping tree node state is NULL, don't reset the mapping tree state. . replutil.c: if NULL mapping tree state is passed, log it and return. Index: mapping_tree.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/mapping_tree.c,v retrieving revision 1.16 retrieving revision 1.17 diff -u -r1.16 -r1.17 --- mapping_tree.c 13 Nov 2008 23:08:18 -0000 1.16 +++ mapping_tree.c 4 Dec 2008 00:42:18 -0000 1.17 @@ -3043,6 +3043,10 @@ return LDAP_OPERATIONS_ERROR; } + if (NULL == state) { + return LDAP_OPERATIONS_ERROR; + } + if ( (value = slapi_mtn_get_state(sdn)) != NULL ) { if ( strcasecmp(value, state) == 0 ) From nhosoi at fedoraproject.org Thu Dec 4 00:50:20 2008 From: nhosoi at fedoraproject.org (Noriko Hosoi) Date: Thu, 4 Dec 2008 00:50:20 +0000 (UTC) Subject: [Fedora-directory-commits] ldapserver/ldap/servers/slapd main.c, 1.27, 1.28 Message-ID: <20081204005020.EB5F170134@cvs1.fedora.phx.redhat.com> Author: nhosoi Update of /cvs/dirsec/ldapserver/ldap/servers/slapd In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv18184 Modified Files: main.c Log Message: Resolves: #474237 Summary: db2ldif -s "suffix" issues confusing warnings when sub suffix exists [main.c] * if -s is passed to db2ldif, the is used to look up the instance name the belongs to with the base dn "cn=mapping tree,cn=config" and the filter "(&(objectclass=nsmappingtree)(|(cn=*\")(cn=*)))". If the is not the suffix, but the sub node, it fails to find out the instance which contains the . To solve the problem, going upward the DIT until the instance is found. * If multiple backends are specified to export, all the names are printed. [ldif2ldbm.c] * ldbm_fetch_subtrees: when -s is passsed to db2ldif, added a logic to avoid the further process if the does not belong to the backend. * When multiple backends are exported, dse was loaded each time. Changed not to do so. * Export counter was not decremented when the entry was not to be exported. Index: main.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/main.c,v retrieving revision 1.27 retrieving revision 1.28 diff -u -r1.27 -r1.28 --- main.c 24 Oct 2008 22:36:58 -0000 1.27 +++ main.c 4 Dec 2008 00:50:18 -0000 1.28 @@ -1839,56 +1839,81 @@ static int lookup_instance_name_by_suffix(char *suffix, - char ***suffixes, char ***instances, int isexact) + char ***suffixes, char ***instances, int isexact) { Slapi_PBlock *pb = slapi_pblock_new(); Slapi_Entry **entries = NULL, **ep; char *query; - char *backend; - char *fullsuffix; - int rval = -1; + char *backend; + char *fullsuffix; + int rval = -1; if (pb == NULL) goto done; - if (isexact) - query = slapi_ch_smprintf("(&(objectclass=nsmappingtree)(|(cn=\"%s\")(cn=%s)))", suffix, suffix); - else - query = slapi_ch_smprintf("(&(objectclass=nsmappingtree)(|(cn=*%s\")(cn=*%s)))", suffix, suffix); - - if (query == NULL) - goto done; - - slapi_search_internal_set_pb(pb, "cn=mapping tree,cn=config", - LDAP_SCOPE_SUBTREE, query, NULL, 0, NULL, NULL, - (void *)plugin_get_default_component_id(), 0); - slapi_search_internal_pb(pb); - slapi_ch_free((void **)&query); - - slapi_pblock_get(pb, SLAPI_PLUGIN_INTOP_RESULT, &rval); - if (rval != LDAP_SUCCESS) - goto done; + if (isexact) { + query = slapi_ch_smprintf("(&(objectclass=nsmappingtree)(|(cn=\"%s\")(cn=%s)))", suffix, suffix); + if (query == NULL) + goto done; + + slapi_search_internal_set_pb(pb, "cn=mapping tree,cn=config", + LDAP_SCOPE_SUBTREE, query, NULL, 0, NULL, NULL, + (void *)plugin_get_default_component_id(), 0); + slapi_search_internal_pb(pb); + slapi_ch_free((void **)&query); + + slapi_pblock_get(pb, SLAPI_PLUGIN_INTOP_RESULT, &rval); + if (rval != LDAP_SUCCESS) + goto done; + + slapi_pblock_get(pb, SLAPI_PLUGIN_INTOP_SEARCH_ENTRIES, &entries); + if ((entries == NULL) || (entries[0] == NULL)) + goto done; - slapi_pblock_get(pb, SLAPI_PLUGIN_INTOP_SEARCH_ENTRIES, &entries); - if ((entries == NULL) || (entries[0] == NULL)) - goto done; + } else { + char *suffixp = suffix; + while (NULL != suffixp && strlen(suffixp) > 0) { + query = slapi_ch_smprintf("(&(objectclass=nsmappingtree)(|(cn=*%s\")(cn=*%s)))", suffixp, suffixp); + if (query == NULL) + goto done; + slapi_search_internal_set_pb(pb, "cn=mapping tree,cn=config", + LDAP_SCOPE_SUBTREE, query, NULL, 0, NULL, NULL, + (void *)plugin_get_default_component_id(), 0); + slapi_search_internal_pb(pb); + slapi_ch_free((void **)&query); + + slapi_pblock_get(pb, SLAPI_PLUGIN_INTOP_RESULT, &rval); + if (rval != LDAP_SUCCESS) + goto done; + + slapi_pblock_get(pb, SLAPI_PLUGIN_INTOP_SEARCH_ENTRIES, &entries); + if ((entries == NULL) || (entries[0] == NULL)) { + suffixp = strchr(suffixp, ','); /* get a parent dn */ + if (NULL != suffixp) { + suffixp++; + } + } else { + break; /* found backend entries */ + } + } + } - rval = 0; - for (ep = entries; *ep; ep++) { - backend = slapi_entry_attr_get_charptr(*ep, "nsslapd-backend"); - if (backend) { - charray_add(instances, backend); - if (suffixes) { - fullsuffix = slapi_entry_attr_get_charptr(*ep, "cn"); - charray_add(suffixes, fullsuffix); /* NULL is ok */ - } - } - } + rval = 0; + for (ep = entries; *ep; ep++) { + backend = slapi_entry_attr_get_charptr(*ep, "nsslapd-backend"); + if (backend) { + charray_add(instances, backend); + if (suffixes) { + fullsuffix = slapi_entry_attr_get_charptr(*ep, "cn"); + charray_add(suffixes, fullsuffix); /* NULL is ok */ + } + } + } done: - slapi_free_search_results_internal(pb); - slapi_pblock_destroy(pb); - return rval; + slapi_free_search_results_internal(pb); + slapi_pblock_destroy(pb); + return rval; } int @@ -2167,8 +2192,10 @@ 0, 0, 0); exit(1); } else { - LDAPDebug(LDAP_DEBUG_ANY, "Backend Instance: %s\n", - *instances, 0, 0); + LDAPDebug(LDAP_DEBUG_ANY, "Backend Instance(s): \n", 0, 0, 0); + for (ip = instances, counter = 0; ip && *ip; ip++, counter++) { + LDAPDebug(LDAP_DEBUG_ANY, "\t%s\n", *ip, 0, 0); + } cmd_line_instance_names = instances; } } else { From nhosoi at fedoraproject.org Thu Dec 4 00:50:21 2008 From: nhosoi at fedoraproject.org (Noriko Hosoi) Date: Thu, 4 Dec 2008 00:50:21 +0000 (UTC) Subject: [Fedora-directory-commits] ldapserver/ldap/servers/slapd/back-ldbm ldif2ldbm.c, 1.21, 1.22 Message-ID: <20081204005021.386DD70134@cvs1.fedora.phx.redhat.com> Author: nhosoi Update of /cvs/dirsec/ldapserver/ldap/servers/slapd/back-ldbm In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv18184/back-ldbm Modified Files: ldif2ldbm.c Log Message: Resolves: #474237 Summary: db2ldif -s "suffix" issues confusing warnings when sub suffix exists [main.c] * if -s is passed to db2ldif, the is used to look up the instance name the belongs to with the base dn "cn=mapping tree,cn=config" and the filter "(&(objectclass=nsmappingtree)(|(cn=*\")(cn=*)))". If the is not the suffix, but the sub node, it fails to find out the instance which contains the . To solve the problem, going upward the DIT until the instance is found. * If multiple backends are specified to export, all the names are printed. [ldif2ldbm.c] * ldbm_fetch_subtrees: when -s is passsed to db2ldif, added a logic to avoid the further process if the does not belong to the backend. * When multiple backends are exported, dse was loaded each time. Changed not to do so. * Export counter was not decremented when the entry was not to be exported. Index: ldif2ldbm.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/back-ldbm/ldif2ldbm.c,v retrieving revision 1.21 retrieving revision 1.22 diff -u -r1.21 -r1.22 --- ldif2ldbm.c 5 Nov 2008 23:49:58 -0000 1.21 +++ ldif2ldbm.c 4 Dec 2008 00:50:18 -0000 1.22 @@ -675,9 +675,61 @@ back_txn *txn = NULL; struct berval bv; + *err = 0; /* for each subtree spec... */ for (i = 0; include[i]; i++) { IDList *idl = NULL; + char *suffix = slapi_sdn_get_ndn(*be->be_suffix); + char *parentdn = slapi_ch_strdup(suffix); + char *nextdn = NULL; + int matched = 0; + int issubsuffix = 0; + /* + * avoid a case that an include suffix is applied to the backend of + * its sub suffix + * e.g., suffix: dc=example,dc=com (backend userRoot) + * sub suffix: ou=sub,dc=example,dc=com (backend subUserRoot) + * When this CLI db2ldif -s "dc=example,dc=com" is executed, + * skip checking "dc=example,dc=com" in entrydn of subUserRoot. + */ + while (NULL != parentdn && + NULL != (nextdn = slapi_dn_parent( parentdn ))) { + slapi_ch_free_string( &parentdn ); + if (0 == slapi_utf8casecmp(nextdn, include[i])) { + issubsuffix = 1; /* suffix of be is a subsuffix of include[i] */ + break; + } + parentdn = nextdn; + } + slapi_ch_free_string( &parentdn ); + slapi_ch_free_string( &nextdn ); + if (issubsuffix) { + continue; + } + + /* + * avoid a case that an include suffix is applied to the unrelated + * backend. + * e.g., suffix: dc=example,dc=com (backend userRoot) + * suffix: dc=test,dc=com (backend testRoot)) + * When this CLI db2ldif -s "dc=example,dc=com" is executed, + * skip checking "dc=example,dc=com" in entrydn of testRoot. + */ + parentdn = slapi_ch_strdup(include[i]); + while (NULL != parentdn && + NULL != (nextdn = slapi_dn_parent( parentdn ))) { + slapi_ch_free_string( &parentdn ); + if (0 == slapi_utf8casecmp(nextdn, suffix)) { + matched = 1; + break; + } + parentdn = nextdn; + } + slapi_ch_free_string( &parentdn ); + slapi_ch_free_string( &nextdn ); + if (!matched) { + continue; + } /* * First map the suffix to its entry ID. @@ -689,7 +741,7 @@ if (idl == NULL) { if (DB_NOTFOUND == *err) { LDAPDebug(LDAP_DEBUG_ANY, - "warning: entrydn not indexed on '%s'; " + "info: entrydn not indexed on '%s'; " "entry %s may not be added to the database yet.\n", include[i], include[i], 0); *err = 0; /* not a problem */ @@ -787,6 +839,7 @@ int str2entry_options= 0; int retry; int we_start_the_backends = 0; + static int load_dse = 1; /* We'd like to load dse just once. */ int server_running; LDAPDebug( LDAP_DEBUG_TRACE, "=> ldbm_back_ldbm2ldif\n", 0, 0, 0 ); @@ -805,7 +858,7 @@ } } - if (we_start_the_backends) { + if (we_start_the_backends && load_dse) { /* No ldbm be's exist until we process the config information. */ /* @@ -815,6 +868,7 @@ * WARNING: ldbm instance userRoot already exists */ ldbm_config_load_dse_info(li); + load_dse = 0; } if (run_from_cmdline && li->li_dblayer_private->dblayer_private_mem @@ -1004,17 +1058,19 @@ int err; idl = ldbm_fetch_subtrees(be, include_suffix, &err); - if (! idl) { - /* most likely, indexes are bad. */ - LDAPDebug(LDAP_DEBUG_ANY, - "Failed to fetch subtree lists (error %d) %s\n", - err, dblayer_strerror(err), 0); - LDAPDebug(LDAP_DEBUG_ANY, - "Possibly the entrydn or ancestorid index is corrupted or " - "does not exist.\n", 0, 0, 0); - LDAPDebug(LDAP_DEBUG_ANY, - "Attempting direct unindexed export instead.\n", - 0, 0, 0); + if (NULL == idl) { + if (err) { + /* most likely, indexes are bad. */ + LDAPDebug(LDAP_DEBUG_ANY, + "Failed to fetch subtree lists (error %d) %s\n", + err, dblayer_strerror(err), 0); + LDAPDebug(LDAP_DEBUG_ANY, + "Possibly the entrydn or ancestorid index is corrupted " + "or does not exist.\n", 0, 0, 0); + LDAPDebug(LDAP_DEBUG_ANY, + "Attempting direct unindexed export instead.\n", + 0, 0, 0); + } ok_index = 0; idl = NULL; } else if (ALLIDS(idl)) { @@ -1122,6 +1178,7 @@ if (!ldbm_back_ok_to_dump(backentry_get_ndn(ep), include_suffix, exclude_suffix)) { backentry_free( &ep ); + cnt--; continue; } if(!dump_replica && slapi_entry_flag_is_set(ep->ep_entry, SLAPI_ENTRY_FLAG_TOMBSTONE)) From nhosoi at fedoraproject.org Thu Dec 4 00:55:50 2008 From: nhosoi at fedoraproject.org (Noriko Hosoi) Date: Thu, 4 Dec 2008 00:55:50 +0000 (UTC) Subject: [Fedora-directory-commits] ldapserver/ldap/servers/plugins/replication repl5_connection.c, 1.13, 1.14 Message-ID: <20081204005550.1967070134@cvs1.fedora.phx.redhat.com> Author: nhosoi Update of /cvs/dirsec/ldapserver/ldap/servers/plugins/replication In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv19289 Modified Files: repl5_connection.c Log Message: Resolves: #240512 Summary: schema replication op error logs wrong error Description: As suggested by Ulf in his original comment, put break in the case CONN_OPERATION_FAILED and set the macro to return_value for the readability. Index: repl5_connection.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/plugins/replication/repl5_connection.c,v retrieving revision 1.13 retrieving revision 1.14 diff -u -r1.13 -r1.14 --- repl5_connection.c 2 Dec 2008 15:29:30 -0000 1.13 +++ repl5_connection.c 4 Dec 2008 00:55:47 -0000 1.14 @@ -1458,6 +1458,8 @@ "%s: Schema replication update failed: %s\n", agmt_get_long_name(conn->agmt), ldaperr == -1 ? "Unknown Error" : ldap_err2string(ldaperr)); + return_value = CONN_OPERATION_FAILED; + break; } case CONN_NOT_CONNECTED: return_value = CONN_NOT_CONNECTED; From rmeggins at fedoraproject.org Thu Dec 4 15:55:41 2008 From: rmeggins at fedoraproject.org (Richard Allen Megginson) Date: Thu, 4 Dec 2008 15:55:41 +0000 (UTC) Subject: [Fedora-directory-commits] adminserver/admserv/cgi-src40 sec-activate.c, 1.11, 1.12 Message-ID: <20081204155542.0D7F670124@cvs1.fedora.phx.redhat.com> Author: rmeggins Update of /cvs/dirsec/adminserver/admserv/cgi-src40 In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv4922/adminserver/admserv/cgi-src40 Modified Files: sec-activate.c Log Message: Resolves: bug 470946 Bug Description: admin console does not place quotes around the certificate name in console.conf Reviewed by: nkinder (Thanks!) Fix Description: Just put double quotes around the values we write out, including NSSNickname Platforms tested: RHEL5 Flag Day: no Doc impact: no Index: sec-activate.c =================================================================== RCS file: /cvs/dirsec/adminserver/admserv/cgi-src40/sec-activate.c,v retrieving revision 1.11 retrieving revision 1.12 diff -u -r1.11 -r1.12 --- sec-activate.c 14 Jul 2008 20:00:02 -0000 1.11 +++ sec-activate.c 4 Dec 2008 15:55:39 -0000 1.12 @@ -703,7 +703,7 @@ while(fgets(inbuf, sizeof(inbuf), f) != NULL) { if (strncasecmp(inbuf,name,strlen(name)) == 0) { /* Line starts with the attribute name */ if(val && *val != '\0') { - PR_snprintf(buf, sizeof(buf), "%s %s\n", name, val); + PR_snprintf(buf, sizeof(buf), "%s \"%s\"\n", name, val); lines[linecnt++] = strdup(buf); modified=1; } @@ -718,7 +718,7 @@ fclose(f); if (!modified && (val && *val != '\0')) { /* Add the attribute name/val pair*/ - PR_snprintf(buf, sizeof(buf), "%s %s\n", name, val); + PR_snprintf(buf, sizeof(buf), "%s \"%s\"\n", name, val); lines[linecnt++] = strdup(buf); } From rmeggins at fedoraproject.org Thu Dec 4 15:57:38 2008 From: rmeggins at fedoraproject.org (Richard Allen Megginson) Date: Thu, 4 Dec 2008 15:57:38 +0000 (UTC) Subject: [Fedora-directory-commits] adminutil/lib/libadminutil resource.c, 1.3, 1.4 Message-ID: <20081204155738.5D26270124@cvs1.fedora.phx.redhat.com> Author: rmeggins Update of /cvs/dirsec/adminutil/lib/libadminutil In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv5277/adminutil/lib/libadminutil Modified Files: resource.c Log Message: Resolves: bug 466137 Bug Description: htmladmin gives 500 error Reviewed by: nkinder (Thanks!) Fix Description: If the locale string passed in to res_getstring is bogus, the CGI will just exit (no crash, no security problems) which causes the 500 error. ures_open returns U_ILLEGAL_ARGUMENT_ERROR if the locale string is bogus. In this case, just use NULL for the locale which will cause it to use the default one. Platforms tested: RHEL5 Flag Day: no Doc impact: no Index: resource.c =================================================================== RCS file: /cvs/dirsec/adminutil/lib/libadminutil/resource.c,v retrieving revision 1.3 retrieving revision 1.4 diff -u -r1.3 -r1.4 --- resource.c 8 May 2007 19:13:25 -0000 1.3 +++ resource.c 4 Dec 2008 15:57:36 -0000 1.4 @@ -180,6 +180,12 @@ } bundle = ures_open(resource->path, (const char*)locale, &status); + if (status == U_ILLEGAL_ARGUMENT_ERROR) { + /* the locale string is bogus - just use the default */ + locale = NULL; + status = U_ZERO_ERROR; + bundle = ures_open(resource->path, (const char*)locale, &status); + } if(U_SUCCESS(status) && bundle) { int32_t umsglen=0; From rmeggins at fedoraproject.org Thu Dec 4 20:01:31 2008 From: rmeggins at fedoraproject.org (Richard Allen Megginson) Date: Thu, 4 Dec 2008 20:01:31 +0000 (UTC) Subject: [Fedora-directory-commits] adminserver/include/base systems.h, 1.5, 1.6 Message-ID: <20081204200131.9E8DD70145@cvs1.fedora.phx.redhat.com> Author: rmeggins Update of /cvs/dirsec/adminserver/include/base In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv1119/adminserver/include/base Modified Files: systems.h Log Message: Fix various compiler warnings about define redefinitions, unused functions/variables, wrong types being cast, etc. Index: systems.h =================================================================== RCS file: /cvs/dirsec/adminserver/include/base/systems.h,v retrieving revision 1.5 retrieving revision 1.6 diff -u -r1.5 -r1.6 --- systems.h 1 Aug 2007 18:14:54 -0000 1.5 +++ systems.h 4 Dec 2008 20:01:28 -0000 1.6 @@ -25,6 +25,8 @@ #include "config.h" #endif +#include + #ifndef NOINTNSAPI #define INTNSAPI #endif /* !NOINTNSAPI */ From rmeggins at fedoraproject.org Thu Dec 4 20:01:31 2008 From: rmeggins at fedoraproject.org (Richard Allen Megginson) Date: Thu, 4 Dec 2008 20:01:31 +0000 (UTC) Subject: [Fedora-directory-commits] adminserver/include/public nsapi.h, 1.6, 1.7 Message-ID: <20081204200131.E88E570144@cvs1.fedora.phx.redhat.com> Author: rmeggins Update of /cvs/dirsec/adminserver/include/public In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv1119/adminserver/include/public Modified Files: nsapi.h Log Message: Fix various compiler warnings about define redefinitions, unused functions/variables, wrong types being cast, etc. Index: nsapi.h =================================================================== RCS file: /cvs/dirsec/adminserver/include/public/nsapi.h,v retrieving revision 1.6 retrieving revision 1.7 diff -u -r1.6 -r1.7 --- nsapi.h 9 May 2007 00:26:35 -0000 1.6 +++ nsapi.h 4 Dec 2008 20:01:29 -0000 1.7 @@ -201,7 +201,7 @@ } filebuffer; /* Return next character or IO_EOF */ -#define filebuf_getc(b) ((b)->pos == (b)->len ? IO_EOF : (int)(long)(unsigned char *)((b)->fp)[(b)->pos++]) +#define filebuf_getc(b) ((b)->pos == (b)->len ? IO_EOF : (int)((b)->fp)[(b)->pos++]) #define filebuf_iseof(b) ((b)->pos == (b)->len) From rmeggins at fedoraproject.org Thu Dec 4 20:01:31 2008 From: rmeggins at fedoraproject.org (Richard Allen Megginson) Date: Thu, 4 Dec 2008 20:01:31 +0000 (UTC) Subject: [Fedora-directory-commits] adminserver/lib/base nscputil.cpp, 1.4, 1.5 Message-ID: <20081204200132.14FFF70141@cvs1.fedora.phx.redhat.com> Author: rmeggins Update of /cvs/dirsec/adminserver/lib/base In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv1119/adminserver/lib/base Modified Files: nscputil.cpp Log Message: Fix various compiler warnings about define redefinitions, unused functions/variables, wrong types being cast, etc. Index: nscputil.cpp =================================================================== RCS file: /cvs/dirsec/adminserver/lib/base/nscputil.cpp,v retrieving revision 1.4 retrieving revision 1.5 diff -u -r1.4 -r1.5 --- nscputil.cpp 14 Jul 2008 20:34:43 -0000 1.4 +++ nscputil.cpp 4 Dec 2008 20:01:29 -0000 1.5 @@ -35,6 +35,8 @@ #include #include +#include + #ifdef XP_UNIX #include #include From rmeggins at fedoraproject.org Thu Dec 4 20:01:32 2008 From: rmeggins at fedoraproject.org (Richard Allen Megginson) Date: Thu, 4 Dec 2008 20:01:32 +0000 (UTC) Subject: [Fedora-directory-commits] adminserver/lib/libadmin cluster.c, 1.4, 1.5 referer.c, 1.7, 1.8 Message-ID: <20081204200132.21D5770146@cvs1.fedora.phx.redhat.com> Author: rmeggins Update of /cvs/dirsec/adminserver/lib/libadmin In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv1119/adminserver/lib/libadmin Modified Files: cluster.c referer.c Log Message: Fix various compiler warnings about define redefinitions, unused functions/variables, wrong types being cast, etc. Index: cluster.c =================================================================== RCS file: /cvs/dirsec/adminserver/lib/libadmin/cluster.c,v retrieving revision 1.4 retrieving revision 1.5 diff -u -r1.4 -r1.5 --- cluster.c 18 Aug 2005 19:20:01 -0000 1.4 +++ cluster.c 4 Dec 2008 20:01:29 -0000 1.5 @@ -24,6 +24,11 @@ * Revision History By Whom Note * 09/12/96 Adrian Chan Initial Version */ +#ifdef HAVE_CONFIG_H +#include "config.h" +#endif + +#include #include "libadminutil/admutil.h" #include "libadminutil/distadm.h" Index: referer.c =================================================================== RCS file: /cvs/dirsec/adminserver/lib/libadmin/referer.c,v retrieving revision 1.7 retrieving revision 1.8 diff -u -r1.7 -r1.8 --- referer.c 9 May 2007 00:26:37 -0000 1.7 +++ referer.c 4 Dec 2008 20:01:29 -0000 1.8 @@ -33,8 +33,6 @@ #define REFER_VAR "adminReferer" -static char *current_referer=NULL; - NSAPI_PUBLIC char * get_referer( char **qqqq ) { @@ -98,7 +96,7 @@ char *ptr; PR_snprintf(urlbuf, sizeof(urlbuf), "%s%s", getenv("SERVER_URL"), getenv("SCRIPT_NAME")); - if (ptr = strrchr(urlbuf, '/')) { + if ((ptr = strrchr(urlbuf, '/'))) { int maxsize = sizeof(urlbuf)-((ptr-urlbuf)+2); /* one for the '/' and one for the '0' */ PL_strncpyz(ptr + 1, script, maxsize); } else { From rmeggins at fedoraproject.org Thu Dec 4 20:01:31 2008 From: rmeggins at fedoraproject.org (Richard Allen Megginson) Date: Thu, 4 Dec 2008 20:01:31 +0000 (UTC) Subject: [Fedora-directory-commits] adminserver/include/public/base systems.h, 1.4, 1.5 Message-ID: <20081204200131.CEAA37011F@cvs1.fedora.phx.redhat.com> Author: rmeggins Update of /cvs/dirsec/adminserver/include/public/base In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv1119/adminserver/include/public/base Modified Files: systems.h Log Message: Fix various compiler warnings about define redefinitions, unused functions/variables, wrong types being cast, etc. Index: systems.h =================================================================== RCS file: /cvs/dirsec/adminserver/include/public/base/systems.h,v retrieving revision 1.4 retrieving revision 1.5 diff -u -r1.4 -r1.5 --- systems.h 9 May 2007 00:26:37 -0000 1.4 +++ systems.h 4 Dec 2008 20:01:29 -0000 1.5 @@ -21,6 +21,8 @@ #ifndef PUBLIC_BASE_SYSTEMS_H #define PUBLIC_BASE_SYSTEMS_H +#include + /* * File: systems.h * From rmeggins at fedoraproject.org Thu Dec 4 20:01:31 2008 From: rmeggins at fedoraproject.org (Richard Allen Megginson) Date: Thu, 4 Dec 2008 20:01:31 +0000 (UTC) Subject: [Fedora-directory-commits] adminserver/admserv/cgi-src40 admpw.c, 1.9, 1.10 config.c, 1.15, 1.16 download.c, 1.8, 1.9 dsconfig.c, 1.9, 1.10 help.c, 1.11, 1.12 monreplication.c, 1.6, 1.7 restartsrv.c, 1.9, 1.10 sec-activate.c, 1.12, 1.13 security.c, 1.16, 1.17 stopsrv.c, 1.7, 1.8 ugdsconfig.c, 1.11, 1.12 viewdata.c, 1.9, 1.10 viewlog.c, 1.11, 1.12 Message-ID: <20081204200132.0753070142@cvs1.fedora.phx.redhat.com> Author: rmeggins Update of /cvs/dirsec/adminserver/admserv/cgi-src40 In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv1119/adminserver/admserv/cgi-src40 Modified Files: admpw.c config.c download.c dsconfig.c help.c monreplication.c restartsrv.c sec-activate.c security.c stopsrv.c ugdsconfig.c viewdata.c viewlog.c Log Message: Fix various compiler warnings about define redefinitions, unused functions/variables, wrong types being cast, etc. Index: admpw.c =================================================================== RCS file: /cvs/dirsec/adminserver/admserv/cgi-src40/admpw.c,v retrieving revision 1.9 retrieving revision 1.10 diff -u -r1.9 -r1.10 --- admpw.c 11 May 2007 19:44:05 -0000 1.9 +++ admpw.c 4 Dec 2008 20:01:27 -0000 1.10 @@ -33,6 +33,11 @@ * 1) "userPassword" attribute in the SIE on the DS * 2) config/admpw file. The password is stored in encrypted form */ +#ifdef HAVE_CONFIG_H +#include "config.h" +#endif + +#include #include #include /* for vsprintf */ @@ -58,8 +63,6 @@ #include "libadmin/libadmin.h" -#include "config.h" - static void output_admuid(AdmldapInfo admInfo); static void update_uidpwd(); static void update_admpwd(char *newuid, char *newpw, const char *filename); @@ -152,11 +155,6 @@ acceptLanguage = getenv("HTTP_ACCEPT_LANGUAGE"); } } -static void i18nCleanup() { - if (i18nResource != NULL) { - res_destroy_resource(i18nResource); - } -} static const char *i18nMsg(char *msgid, char *defaultMsg) { const char *msg=NULL; static char buf[BUFSIZ]; /* ok - not threaded code */ Index: config.c =================================================================== RCS file: /cvs/dirsec/adminserver/admserv/cgi-src40/config.c,v retrieving revision 1.15 retrieving revision 1.16 diff -u -r1.15 -r1.16 --- config.c 14 Jul 2008 20:00:02 -0000 1.15 +++ config.c 4 Dec 2008 20:01:28 -0000 1.16 @@ -26,6 +26,12 @@ * programs to set/get the attribute(s) of Admin server * */ +#ifdef HAVE_CONFIG_H +#include "config.h" +#endif + +#include + #include #ifdef XP_UNIX #include @@ -47,8 +53,6 @@ #include "libadmin/install.h" #include "libadmin/libadmin.h" -#include "config.h" - #ifdef XP_WIN32 #define EADDRINUSE WSAEADDRINUSE #endif Index: download.c =================================================================== RCS file: /cvs/dirsec/adminserver/admserv/cgi-src40/download.c,v retrieving revision 1.8 retrieving revision 1.9 diff -u -r1.8 -r1.9 --- download.c 15 Nov 2007 17:02:02 -0000 1.8 +++ download.c 4 Dec 2008 20:01:28 -0000 1.9 @@ -96,7 +96,6 @@ { char line[PATH_LENGTH]; FILE *html; - int i; char *acceptLanguage = NULL; char *loc; @@ -168,4 +167,6 @@ fflush(stdout); fclose(html); + + return 0; } Index: dsconfig.c =================================================================== RCS file: /cvs/dirsec/adminserver/admserv/cgi-src40/dsconfig.c,v retrieving revision 1.9 retrieving revision 1.10 diff -u -r1.9 -r1.10 --- dsconfig.c 18 Jul 2007 22:10:22 -0000 1.9 +++ dsconfig.c 4 Dec 2008 20:01:28 -0000 1.10 @@ -129,11 +129,6 @@ acceptLanguage = getenv("HTTP_ACCEPT_LANGUAGE"); } } -static void i18nCleanup() { - if (i18nResource != NULL) { - res_destroy_resource(i18nResource); - } -} static const char *i18nMsg(char *msgid, char *defaultMsg) { const char *msg=NULL; static char msgbuf[BUFSIZ]; /* ok - not threaded code */ Index: help.c =================================================================== RCS file: /cvs/dirsec/adminserver/admserv/cgi-src40/help.c,v retrieving revision 1.11 retrieving revision 1.12 diff -u -r1.11 -r1.12 --- help.c 8 Aug 2007 23:36:04 -0000 1.11 +++ help.c 4 Dec 2008 20:01:28 -0000 1.12 @@ -496,7 +496,6 @@ char *mapfile = NULL; char path[PATH_LENGTH]; - FILE *frameset = NULL; FILE *tokenfile = NULL; int newstyle = 1; @@ -630,7 +629,7 @@ { if (debugPrintout) { - printf( "Failed to translate the token: %\n
\n", token?token:"" ); + printf( "Failed to translate the token: %s\n
\n", token?token:"" ); fflush( stdout ); } return error_exit("unable to translate the token"); @@ -796,7 +795,6 @@ { char **name; char **val; - char *product; int cnt; if (!(localeList = getenv("HTTP_ACCEPT_LANGUAGE"))) Index: monreplication.c =================================================================== RCS file: /cvs/dirsec/adminserver/admserv/cgi-src40/monreplication.c,v retrieving revision 1.6 retrieving revision 1.7 diff -u -r1.6 -r1.7 --- monreplication.c 9 May 2007 00:26:30 -0000 1.6 +++ monreplication.c 4 Dec 2008 20:01:28 -0000 1.7 @@ -22,6 +22,12 @@ * monreplication.c: Generate form for replication monitoring */ +#ifdef HAVE_CONFIG_H +#include "config.h" +#endif + +#include + #include "libadminutil/resource.h" #include "libadminutil/distadm.h" #include @@ -32,8 +38,6 @@ #include #include "libadmin/libadmin.h" -#include "config.h" - #define MY_PAGE "monreplication.html" #define DEF_SIZE "25" Index: restartsrv.c =================================================================== RCS file: /cvs/dirsec/adminserver/admserv/cgi-src40/restartsrv.c,v retrieving revision 1.9 retrieving revision 1.10 diff -u -r1.9 -r1.10 --- restartsrv.c 14 Jul 2008 20:00:02 -0000 1.9 +++ restartsrv.c 4 Dec 2008 20:01:28 -0000 1.10 @@ -36,6 +36,12 @@ * out: pid= */ +#ifdef HAVE_CONFIG_H +#include "config.h" +#endif + +#include + #include "libadminutil/admutil.h" #include "libadminutil/distadm.h" #include @@ -52,8 +58,6 @@ #include "libadmin/libadmin.h" -#include "config.h" - #define RESOURCE_FILE "restartsrv" #define resource_key(a,b) a b Index: sec-activate.c =================================================================== RCS file: /cvs/dirsec/adminserver/admserv/cgi-src40/sec-activate.c,v retrieving revision 1.12 retrieving revision 1.13 diff -u -r1.12 -r1.13 --- sec-activate.c 4 Dec 2008 15:55:39 -0000 1.12 +++ sec-activate.c 4 Dec 2008 20:01:28 -0000 1.13 @@ -26,6 +26,12 @@ * */ +#ifdef HAVE_CONFIG_H +#include "config.h" +#endif + +#include + #include #ifdef __cplusplus @@ -45,8 +51,6 @@ #include "libadmin/libadmin.h" -#include "config.h" - #ifdef __cplusplus } #endif Index: security.c =================================================================== RCS file: /cvs/dirsec/adminserver/admserv/cgi-src40/security.c,v retrieving revision 1.16 retrieving revision 1.17 diff -u -r1.16 -r1.17 --- security.c 3 Dec 2008 17:32:17 -0000 1.16 +++ security.c 4 Dec 2008 20:01:28 -0000 1.17 @@ -18,6 +18,12 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. * * END COPYRIGHT BLOCK **/ +#ifdef HAVE_CONFIG_H +#include "config.h" +#endif + +#include + #include #include #include @@ -58,8 +64,6 @@ #include "libadmsslutil/certmgt.h" #include "libadmsslutil/psetcssl.h" -#include "config.h" - #include "cgicommon.h" #include "libadmin/libadmin.h" @@ -778,21 +782,6 @@ } } -/* - * Find a certificate by its nickname. - * The parameter "certname" can be specified in two ways, as just - * "certNickname" or "tokenName:certNickname", where the later is - * a preferred format. - */ -static CERTCertificate * findCertByNickname(char *certname) { - - /* First check PK11 module, then the local database.*/ - CERTCertificate *cert = PK11_FindCertFromNickname(certname, NULL); - if (!cert) { - cert = CERT_FindCertByNickname(certdb, certname); - } - return cert; -} /* * Find cert by its MD5 Fingerprint. @@ -1804,28 +1793,6 @@ fprintf(stdout, "\n"); } -/* extend an existing env var with additional value */ -static void extend_env(char *var, char *addval) { - char *oldval = getenv(var); - char newval[BIG_LINE]; - - PR_snprintf(newval, sizeof(newval), "%s=%s", var, addval); - if (oldval) { - char format[128]; - int max_oldval_len; - /* - Because newval is a fixed size buffer, restrict the size of - oldval that will be copied into the buffer. - */ - max_oldval_len = sizeof(newval) - strlen (newval) - -1 /* for additional ':'*/ -1 /*NULL at eos*/; - PR_snprintf(format, sizeof(format), "%%s=%%s:%%.%ds", max_oldval_len); - - PR_snprintf(newval, sizeof(newval), format, var, addval, oldval); - } - putenv(strdup(newval)); -} - /* * Add/remove pkcs 11 module from the secmod db */ Index: stopsrv.c =================================================================== RCS file: /cvs/dirsec/adminserver/admserv/cgi-src40/stopsrv.c,v retrieving revision 1.7 retrieving revision 1.8 diff -u -r1.7 -r1.8 --- stopsrv.c 15 May 2007 16:45:45 -0000 1.7 +++ stopsrv.c 4 Dec 2008 20:01:28 -0000 1.8 @@ -24,6 +24,11 @@ * Mike McCool */ +#ifdef HAVE_CONFIG_H +#include "config.h" +#endif + +#include #include "libadminutil/distadm.h" #include "libadminutil/admutil.h" @@ -40,8 +45,6 @@ #include "libadmin/libadmin.h" -#include "config.h" - #define RESOURCE_FILE "stopsrv" #define resource_key(a,b) a b Index: ugdsconfig.c =================================================================== RCS file: /cvs/dirsec/adminserver/admserv/cgi-src40/ugdsconfig.c,v retrieving revision 1.11 retrieving revision 1.12 diff -u -r1.11 -r1.12 --- ugdsconfig.c 14 Jul 2008 20:00:02 -0000 1.11 +++ ugdsconfig.c 4 Dec 2008 20:01:28 -0000 1.12 @@ -142,11 +142,6 @@ acceptLanguage = getenv("HTTP_ACCEPT_LANGUAGE"); } } -static void i18nCleanup() { - if (i18nResource != NULL) { - res_destroy_resource(i18nResource); - } -} static const char *i18nMsg(char *msgid, char *defaultMsg) { const char *msg=NULL; static char buf[BUFSIZ]; /* ok - not threaded code */ Index: viewdata.c =================================================================== RCS file: /cvs/dirsec/adminserver/admserv/cgi-src40/viewdata.c,v retrieving revision 1.9 retrieving revision 1.10 diff -u -r1.9 -r1.10 --- viewdata.c 14 Jul 2008 20:00:02 -0000 1.9 +++ viewdata.c 4 Dec 2008 20:01:28 -0000 1.10 @@ -23,6 +23,11 @@ * * Initial version: 3/11/99 by Adam Prishtina */ +#ifdef HAVE_CONFIG_H +#include "config.h" +#endif + +#include #include #include @@ -38,8 +43,6 @@ #include "libadmin/cluster.h" #include -#include "config.h" - #define MY_PAGE "viewdata.html" #define NBUF_SIZE 1024 Index: viewlog.c =================================================================== RCS file: /cvs/dirsec/adminserver/admserv/cgi-src40/viewlog.c,v retrieving revision 1.11 retrieving revision 1.12 diff -u -r1.11 -r1.12 --- viewlog.c 14 Jul 2008 20:00:02 -0000 1.11 +++ viewlog.c 4 Dec 2008 20:01:28 -0000 1.12 @@ -24,6 +24,12 @@ * Initial version: 3/11/99 by Adam Prishtina */ +#ifdef HAVE_CONFIG_H +#include "config.h" +#endif + +#include + #include "libadminutil/resource.h" #include "libadminutil/distadm.h" #include @@ -38,8 +44,6 @@ #include "libadmsslutil/psetcssl.h" #include "libadmsslutil/admsslutil.h" -#include "config.h" - #include "cgicommon.h" From rmeggins at fedoraproject.org Thu Dec 4 20:01:32 2008 From: rmeggins at fedoraproject.org (Richard Allen Megginson) Date: Thu, 4 Dec 2008 20:01:32 +0000 (UTC) Subject: [Fedora-directory-commits] adminserver/lib/libdsa dsalib_location.c, 1.5, 1.6 dsalib_util.c, 1.4, 1.5 Message-ID: <20081204200132.673B970147@cvs1.fedora.phx.redhat.com> Author: rmeggins Update of /cvs/dirsec/adminserver/lib/libdsa In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv1119/adminserver/lib/libdsa Modified Files: dsalib_location.c dsalib_util.c Log Message: Fix various compiler warnings about define redefinitions, unused functions/variables, wrong types being cast, etc. Index: dsalib_location.c =================================================================== RCS file: /cvs/dirsec/adminserver/lib/libdsa/dsalib_location.c,v retrieving revision 1.5 retrieving revision 1.6 diff -u -r1.5 -r1.6 --- dsalib_location.c 31 Aug 2007 17:01:38 -0000 1.5 +++ dsalib_location.c 4 Dec 2008 20:01:29 -0000 1.6 @@ -39,7 +39,6 @@ ds_get_instance_dir() { char *ds_name; - static char instance_dir[PATH_MAX]; if ( (ds_name = ds_get_server_name()) == NULL ) { return(NULL); @@ -60,7 +59,7 @@ char *configdir_env; static char configdir[PATH_MAX]; - if (configdir_env = getenv("DS_CONFIG_DIR")) { + if ((configdir_env = getenv("DS_CONFIG_DIR"))) { return configdir_env; } else { if ( (ds_name = ds_get_server_name()) == NULL ) @@ -98,7 +97,7 @@ char line[BIG_LINE]; FILE *fp = NULL; - if (rundir_env = getenv("DS_RUN_DIR")) { + if ((rundir_env = getenv("DS_RUN_DIR"))) { return (rundir_env); } else { /* Find the run dir from the start script */ @@ -110,7 +109,7 @@ /* Find line starting with PIDFILE */ if (strncmp(line, "PIDFILE", 7) == 0) { /* Chop off the pidfile name to get the run dir */ - if (p = strrchr(line, '/')) { + if ((p = strrchr(line, '/'))) { *p = '\0'; PR_snprintf(rundir, sizeof(rundir), "%s", line + 8); } @@ -152,7 +151,7 @@ { char *bakdir; - if (bakdir = getenv("DS_BAK_DIR")) { + if ((bakdir = getenv("DS_BAK_DIR"))) { return bakdir; } else { return ds_get_config_value(DS_BAKDIR); @@ -181,7 +180,7 @@ { char *tmpdir; - if (tmpdir = getenv("DS_TMP_DIR")) { + if ((tmpdir = getenv("DS_TMP_DIR"))) { return tmpdir; } else { return ds_get_config_value(DS_TMPDIR); Index: dsalib_util.c =================================================================== RCS file: /cvs/dirsec/adminserver/lib/libdsa/dsalib_util.c,v retrieving revision 1.4 retrieving revision 1.5 diff -u -r1.4 -r1.5 --- dsalib_util.c 14 Nov 2007 17:51:56 -0000 1.4 +++ dsalib_util.c 4 Dec 2008 20:01:29 -0000 1.5 @@ -20,6 +20,8 @@ # include #endif +#include + #if defined( XP_WIN32 ) #include #include @@ -492,82 +494,6 @@ DB_HOME_DIRECTORY }; -static int -is_fullpath(char *path) -{ - int len; - if (NULL == path || '\0' == *path) - return 0; - - if (FILE_PATHSEP == *path) /* UNIX */ - return 1; - - len = strlen(path); - if (len > 2) - { - if (':' == path[1] && ('/' == path[2] || '\\' == path[2])) /* Windows */ - return 1; - } - return 0; -} - -static char * -get_dir_from_startslapd(char *loc, char *keyword) -{ - char *returnstr = NULL; - char *ptr = NULL; - char *confdir = NULL; -if (ds_search_file(loc, keyword, &returnstr) > 0 && returnstr) { - ptr = strchr(returnstr, '='); - if (NULL != ptr) { - confdir = strdup(++ptr); - } - free(returnstr); - } - return confdir; -} - -static char * -get_dir_from_config(char *config_dir, char *config_attr) -{ - char *configfile = NULL; - char *returnstr = NULL; - char *ptr = NULL; - char *dir = NULL; - configfile = PR_smprintf("%s%c%s", config_dir, FILE_PATHSEP, DS_CONFIG_FILE); - if (configfile && ds_search_file(configfile, config_attr, &returnstr) > 0 - && returnstr) { - ptr = strchr(returnstr, ':'); - if (NULL != ptr) { - while (' ' == *ptr || '\t' == *ptr) ptr++; - dir = strdup(ptr); - } - free(returnstr); - PR_smprintf_free(configfile); - } - return dir; -} - -static int -default_err_func(const char *path, const char *op, void *arg) -{ - PRInt32 errcode = PR_GetError(); - char *msg; - const char *errtext; - - if (!errcode || (errcode == PR_UNKNOWN_ERROR)) { - errcode = PR_GetOSError(); - errtext = ds_system_errmsg(); - } else { - errtext = PR_ErrorToString(errcode, PR_LANGUAGE_I_DEFAULT); - } - - msg = PR_smprintf("%s %s: error code %d (%s)", op, path, errcode, errtext); - ds_send_error(msg, 0); - PR_smprintf_free(msg); - return 1; /* just continue */ -} - DS_EXPORT_SYMBOL int ds_remove_reg_key(void *base, const char *format, ...) { From rmeggins at fedoraproject.org Thu Dec 4 20:01:32 2008 From: rmeggins at fedoraproject.org (Richard Allen Megginson) Date: Thu, 4 Dec 2008 20:01:32 +0000 (UTC) Subject: [Fedora-directory-commits] adminserver/lib/libsi18n getstrmem.h, 1.4, 1.5 Message-ID: <20081204200132.C63C970145@cvs1.fedora.phx.redhat.com> Author: rmeggins Update of /cvs/dirsec/adminserver/lib/libsi18n In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv1119/adminserver/lib/libsi18n Modified Files: getstrmem.h Log Message: Fix various compiler warnings about define redefinitions, unused functions/variables, wrong types being cast, etc. Index: getstrmem.h =================================================================== RCS file: /cvs/dirsec/adminserver/lib/libsi18n/getstrmem.h,v retrieving revision 1.4 retrieving revision 1.5 diff -u -r1.4 -r1.5 --- getstrmem.h 18 Aug 2005 19:20:24 -0000 1.4 +++ getstrmem.h 4 Dec 2008 20:01:30 -0000 1.5 @@ -31,7 +31,6 @@ #define NUM_BUCKETS 32 /* must be a power of 2 */ /* strings in library libadmin */ -static char* libadminid[] = {"$DBT: libadmin in memory v1 $"}; static char* libadmin[] = { "", " Help ", @@ -67,7 +66,6 @@ {emptyString,NULL,0} }; /* strings in library userforms */ -static char* userformsid[] = {"$DBT: userforms in memory v1 $"}; static char* userforms[] = { "", "Error: could not open servers list file.

\n", @@ -91,7 +89,6 @@ {emptyString,NULL,0} }; /* strings in library libaccess */ -static char* libaccessid[] = {"$DBT: libaccess in memory v1 $"}; static char* libaccess[] = { "", "basic-ncsa", @@ -252,7 +249,6 @@ {emptyString,NULL,0} }; /* strings in library frame */ -static char* frameid[] = {"$DBT: frame in memory v1 $"}; static char* frame[] = { "", "Not Found

Not Found

The requested object does not exist on this server. The link you followed is either outdated, inaccurate, or the server has been instructed not to let you have it. ", @@ -443,7 +439,6 @@ {emptyString,NULL,0} }; /* strings in library admserv */ -static char* admservid[] = {"$DBT: admserv in memory v1 $"}; static char* admserv[] = { "", "Unauthorized host", @@ -455,7 +450,6 @@ emptyString }; /* strings in library libir */ -static char* libirid[] = {"$DBT: libadmin in memory v1 $"}; static char* libir[] = { "", "An I/O error occurred before all form data could be read.", @@ -472,7 +466,6 @@ {emptyString,NULL,0} }; /* strings in library httpdaemon */ -static char* httpdaemonid[] = {"$DBT: httpdaemon in memory v1 $"}; static char* httpdaemon[] = { "", "Error in ConvertThreadToFiber", @@ -518,7 +511,6 @@ {emptyString,NULL,0} }; /* strings in library dsgw */ -static char* dsgwid[] = {"$DBT: dsgw in memory v1 $"}; static char* dsgw[] = { "", "Unknown HTTP request method", @@ -834,7 +826,6 @@ {emptyString,NULL,0} }; /* strings in library base */ -static char* baseid[] = {"$DBT: base in memory v1 $"}; static char* base[] = { "", "insufficient memory to create hash table", @@ -1050,7 +1041,6 @@ {emptyString,NULL,0} }; /* strings in library cgiadmin */ -static char* cgiadminid[] = {"$DBT: cgiadmin in memory v1 $"}; static char* cgiadmin[] = { "", "Missing REQUEST_METHOD", From rmeggins at fedoraproject.org Thu Dec 4 20:01:48 2008 From: rmeggins at fedoraproject.org (Richard Allen Megginson) Date: Thu, 4 Dec 2008 20:01:48 +0000 (UTC) Subject: [Fedora-directory-commits] mod_admserv mod_admserv.c,1.34,1.35 Message-ID: <20081204200148.477D270141@cvs1.fedora.phx.redhat.com> Author: rmeggins Update of /cvs/dirsec/mod_admserv In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv1338 Modified Files: mod_admserv.c Log Message: Fix various compiler warnings about define redefinitions, unused functions/variables, wrong types being cast, etc. Index: mod_admserv.c =================================================================== RCS file: /cvs/dirsec/mod_admserv/mod_admserv.c,v retrieving revision 1.34 retrieving revision 1.35 diff -u -r1.34 -r1.35 --- mod_admserv.c 3 Sep 2008 17:32:51 -0000 1.34 +++ mod_admserv.c 4 Dec 2008 20:01:45 -0000 1.35 @@ -25,7 +25,25 @@ */ #include +/* httpd.h defines + all of these unconditionally - so we undefine + them here to make the compiler warnings shut up + hopefully we don't need the real versions + of these, but then with no warnings the compiler + will just silently redefine them to the wrong + ones anyway + Then undefine them after the include so that + our own local defines will take effect +*/ +#undef PACKAGE_BUGREPORT +#undef PACKAGE_NAME +#undef PACKAGE_STRING +#undef PACKAGE_TARNAME +#undef PACKAGE_VERSION #include "httpd.h" +#define CORE_PRIVATE 1 /* to pick up ap_die */ +#include "http_request.h" +#undef CORE_PRIVATE #include "apr_strings.h" #include "apr_lib.h" #include "apr_optional.h" @@ -43,8 +61,12 @@ #include "http_config.h" #include "http_connection.h" #include "http_protocol.h" -#include "http_request.h" #include "http_log.h" +#undef PACKAGE_BUGREPORT +#undef PACKAGE_NAME +#undef PACKAGE_STRING +#undef PACKAGE_TARNAME +#undef PACKAGE_VERSION /* need uid and gid of apache process after setuid */ #if !defined(OS2) && !defined(WIN32) && !defined(BEOS) && !defined(NETWARE) @@ -543,7 +565,7 @@ static apr_status_t close_pipe(void *thefd) { - int fd = (int)thefd; + int fd = (int)((intptr_t)thefd); return close(fd); } @@ -597,7 +619,7 @@ /* Register a cleanup callback so this gets closed at the end of the request. */ - apr_pool_cleanup_register(r->pool, (void *)fd, close_pipe, + apr_pool_cleanup_register(r->pool, (void *)((intptr_t)fd), close_pipe, apr_pool_cleanup_null); /* Send this to the client so they know what fd to read from */ @@ -786,7 +808,6 @@ AdmldapInfo info = NULL; server_rec *s = r->server; int error = 0; - char path[PATH_MAX]; char *userGroupLdapURL = NULL; char *userGroupBindDN = NULL; char *userGroupBindPW = NULL; @@ -1192,7 +1213,6 @@ } static int update_admpwd(char *admroot, char *newuid, char *newpw); -static int update_adm_conf(char *admroot, char *newpw); /* * Miodrag (06-15-98) @@ -1213,7 +1233,6 @@ char *adminDN = NULL; LDAPMod mod, *mods[2]; char *vals[2]; - char *attrs[2]; int rval = 0; int error; @@ -1318,7 +1337,7 @@ change_sie_password(const char *name, char *query, void* arg, request_rec *r) { FILE *f; - char *uid=NULL ,*pw=NULL, *col=NULL, *origpw_hash=NULL; + char *uid=NULL , *col=NULL, *origpw_hash=NULL; char *newpw=query; char filename[BIG_LINE]; char inbuf[BIG_LINE]; @@ -2215,10 +2234,8 @@ server_rec *base_server) { AdmldapInfo info; - char path[PATH_MAX]; int error; LDAP *server; - char *errorInfo = NULL; int tries = 0; admserv_serv_config *srv_cfg = NULL; @@ -2447,7 +2464,7 @@ cf->nescompat = 0; cf->adminsdk = 0; cf->cgibindir = 0; - ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, NULL, "[%d] create_config [0x%x] for %s", + ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, NULL, "[%d] create_config [0x%p] for %s", getpid(), cf, path ? path : "(null)"); return (void *) cf; @@ -2459,7 +2476,7 @@ static void * create_server_config(apr_pool_t *p, server_rec *s) { admserv_serv_config * cf = (admserv_serv_config *) apr_pcalloc(p, sizeof(admserv_serv_config)); - ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, NULL, "[%d] create_server_config [0x%x] for %s", + ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, NULL, "[%d] create_server_config [0x%p] for %s", getpid(), cf, s->server_hostname ? s->server_hostname : "(null)"); cf->gconfig = admserv_config_global_create(s); @@ -2519,7 +2536,7 @@ cf->cacheLifeTime = atol(value); ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, NULL, - "[%d] Set [0x%x] [%s] to %ld", + "[%d] Set [0x%p] [%s] to %ld", getpid(), cf, cmd->directive->directive, cf->cacheLifeTime); } @@ -2537,7 +2554,7 @@ cf->versionString = apr_pstrdup(cmd->pool, value); ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, NULL, - "[%d] Set [0x%x] [%s] to %s", + "[%d] Set [0x%p] [%s] to %s", getpid(), cf, cmd->directive->directive, cf->versionString); } From nkinder at fedoraproject.org Thu Dec 4 22:33:31 2008 From: nkinder at fedoraproject.org (Nathan Kinder) Date: Thu, 4 Dec 2008 22:33:31 +0000 (UTC) Subject: [Fedora-directory-commits] ldapserver/ldap/servers/slapd schema.c, 1.17, 1.18 Message-ID: <20081204223332.0E10D70124@cvs1.fedora.phx.redhat.com> Author: nkinder Update of /cvs/dirsec/ldapserver/ldap/servers/slapd In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv30611/ldap/servers/slapd Modified Files: schema.c Log Message: Resolves: 445775 Summary: Avoid replicating default schema when DESC element is an empty string. Index: schema.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/schema.c,v retrieving revision 1.17 retrieving revision 1.18 diff -u -r1.17 -r1.18 --- schema.c 13 Nov 2008 23:08:18 -0000 1.17 +++ schema.c 4 Dec 2008 22:33:29 -0000 1.18 @@ -1497,9 +1497,13 @@ (oc->oc_oid) ? oc->oc_oid : "", oc->oc_name); /* The DESC (description) is OPTIONAL */ - if (oc_description && *oc_description) { + if (oc_description) { strcat(psbObjectClasses->buffer, " DESC '"); - strcat(psbObjectClasses->buffer, oc_description); + /* We want to list an empty description + * element if it was defined that way. */ + if (*oc_description) { + strcat(psbObjectClasses->buffer, oc_description); + } strcat(psbObjectClasses->buffer, "'"); need_extra_space = 1; } From nhosoi at fedoraproject.org Fri Dec 5 21:03:56 2008 From: nhosoi at fedoraproject.org (Noriko Hosoi) Date: Fri, 5 Dec 2008 21:03:56 +0000 (UTC) Subject: [Fedora-directory-commits] ldapserver/ldap/servers/slapd/back-ldbm filterindex.c, 1.6, 1.7 Message-ID: <20081205210356.4D44870122@cvs1.fedora.phx.redhat.com> Author: nhosoi Update of /cvs/dirsec/ldapserver/ldap/servers/slapd/back-ldbm In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv29185 Modified Files: filterindex.c Log Message: Resolves: #474729 Summary: Unindexed search does not get logged with "notes=U" Fix Description: In each candidates function, check if the attribute is indexed by calling index_read_ext instead of index_read. The function index_read_ext takes a variable to return whether the attribute is indexed or not. Once it's determined, set SLAPI_OP_NOTE_UNINDEXED to the pblock, which is used when logging the result. Index: filterindex.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/back-ldbm/filterindex.c,v retrieving revision 1.6 retrieving revision 1.7 diff -u -r1.6 -r1.7 --- filterindex.c 10 Nov 2006 23:45:39 -0000 1.6 +++ filterindex.c 5 Dec 2008 21:03:52 -0000 1.7 @@ -52,7 +52,7 @@ static IDList *ava_candidates(Slapi_PBlock *pb, backend *be, Slapi_Filter *f, int ftype, Slapi_Filter *nextf, int range, int *err); static IDList *presence_candidates(Slapi_PBlock *pb, backend *be, Slapi_Filter *f, int *err); -static IDList *extensible_candidates(backend *be, Slapi_Filter *f, int *err); +static IDList *extensible_candidates(Slapi_PBlock *pb, backend *be, Slapi_Filter *f, int *err); static IDList *list_candidates(Slapi_PBlock *pb, backend *be, const char *base, Slapi_Filter *flist, int ftype, int *err); static IDList *substring_candidates(Slapi_PBlock *pb, backend *be, Slapi_Filter *f, int *err); static IDList * range_candidates( @@ -69,7 +69,8 @@ char *type, const char *indextype, Slapi_Value **ivals, - int *err + int *err, + int *unindexed ); IDList * @@ -147,7 +148,7 @@ case LDAP_FILTER_EXTENDED: LDAPDebug( LDAP_DEBUG_FILTER, "\tEXTENSIBLE\n", 0, 0, 0 ); - result = extensible_candidates( be, f, err ); + result = extensible_candidates( pb, be, f, err ); break; case LDAP_FILTER_AND: @@ -194,6 +195,7 @@ Slapi_Value **ivals; IDList *idl; void *pi; + int unindexed = 0; LDAPDebug( LDAP_DEBUG_TRACE, "=> ava_candidates\n", 0, 0, 0 ); @@ -281,7 +283,11 @@ ivals=ptr; slapi_call_syntax_assertion2keys_ava_sv( pi, &tmp, (Slapi_Value ***)&ivals, LDAP_FILTER_EQUALITY_FAST); - idl = keys2idl( be, type, indextype, ivals, err ); + idl = keys2idl( be, type, indextype, ivals, err, &unindexed ); + if ( unindexed ) { + unsigned int opnote = SLAPI_OP_NOTE_UNINDEXED; + slapi_pblock_set( pb, SLAPI_OPERATION_NOTES, &opnote ); + } /* We don't use valuearray_free here since the valueset, berval * and value was all allocated at once in one big chunk for @@ -306,8 +312,12 @@ LDAPDebug( LDAP_DEBUG_TRACE, "<= ava_candidates ALLIDS (no keys)\n", 0, 0, 0 ); return( idl_allids( be ) ); - } - idl = keys2idl( be, type, indextype, ivals, err ); + } + idl = keys2idl( be, type, indextype, ivals, err, &unindexed ); + if ( unindexed ) { + unsigned int opnote = SLAPI_OP_NOTE_UNINDEXED; + slapi_pblock_set( pb, SLAPI_OPERATION_NOTES, &opnote ); + } valuearray_free( &ivals ); LDAPDebug( LDAP_DEBUG_TRACE, "<= ava_candidates %lu\n", (u_long)IDL_NIDS(idl), 0, 0 ); @@ -324,7 +334,8 @@ ) { char *type; - IDList *idl; + IDList *idl; + int unindexed = 0; LDAPDebug( LDAP_DEBUG_TRACE, "=> presence_candidates\n", 0, 0, 0 ); @@ -333,18 +344,24 @@ 0, 0, 0 ); return( NULL ); } - idl = index_read( be, type, indextype_PRESENCE, NULL, NULL, err ); + idl = index_read_ext( be, type, indextype_PRESENCE, + NULL, NULL, err, &unindexed ); - if (idl != NULL && ALLIDS(idl) && strcasecmp(type, "nscpentrydn") == 0) { - /* try the equality index instead */ - LDAPDebug(LDAP_DEBUG_TRACE, + if ( unindexed ) { + unsigned int opnote = SLAPI_OP_NOTE_UNINDEXED; + slapi_pblock_set( pb, SLAPI_OPERATION_NOTES, &opnote ); + } + + if (idl != NULL && ALLIDS(idl) && strcasecmp(type, "nscpentrydn") == 0) { + /* try the equality index instead */ + LDAPDebug(LDAP_DEBUG_TRACE, "fallback to eq index as pres index gave allids\n", 0, 0, 0); - idl_free(idl); - idl = index_range_read(pb, be, type, indextype_EQUALITY, + idl_free(idl); + idl = index_range_read(pb, be, type, indextype_EQUALITY, SLAPI_OP_GREATER_OR_EQUAL, NULL, NULL, 0, NULL, err); - } + } LDAPDebug( LDAP_DEBUG_TRACE, "<= presence_candidates %lu\n", (u_long)IDL_NIDS(idl), 0, 0 ); @@ -353,9 +370,10 @@ static IDList * extensible_candidates( - backend *be, - Slapi_Filter *f, - int *err + Slapi_PBlock *glob_pb, + backend *be, + Slapi_Filter *f, + int *err ) { IDList* idl = NULL; @@ -421,9 +439,17 @@ struct berval** key; for (key = keys; *key != NULL; ++key) { + int unindexed = 0; IDList* idl3 = (mrOP == SLAPI_OP_EQUAL) ? - index_read (be, mrTYPE, mrOID, *key, NULL, err) : - index_range_read (pb, be, mrTYPE, mrOID, mrOP, *key, NULL, 0, NULL, err); + index_read_ext(be, mrTYPE, mrOID, *key, NULL, + err, &unindexed) : + index_range_read (pb, be, mrTYPE, mrOID, mrOP, + *key, NULL, 0, NULL, err); + if ( unindexed ) { + unsigned int opnote = SLAPI_OP_NOTE_UNINDEXED; + slapi_pblock_set( glob_pb, + SLAPI_OPERATION_NOTES, &opnote ); + } if (idl2 == NULL) { /* first iteration */ @@ -718,8 +744,9 @@ if ( idl == NULL ) { idl = tmp; if ( (ftype == LDAP_FILTER_AND) && ((idl == NULL) || - (idl_length(idl) <= FILTER_TEST_THRESHOLD))) + (idl_length(idl) <= FILTER_TEST_THRESHOLD))) { break; /* We can exit the loop now, since the candidate list is small already */ + } } else if ( ftype == LDAP_FILTER_AND ) { if (isnot) { IDList *new_idl = NULL; @@ -771,11 +798,13 @@ int *err ) { - char *type, *initial, *final; - char **any; - IDList *idl; - void *pi; - Slapi_Value **ivals; + char *type, *initial, *final; + char **any; + IDList *idl; + void *pi; + Slapi_Value **ivals; + int unindexed = 0; + unsigned int opnote = SLAPI_OP_NOTE_UNINDEXED; LDAPDebug( LDAP_DEBUG_TRACE, "=> sub_candidates\n", 0, 0, 0 ); @@ -796,6 +825,7 @@ } slapi_call_syntax_assertion2keys_sub_sv( pi, initial, any, final, &ivals ); if ( ivals == NULL || *ivals == NULL ) { + slapi_pblock_set( pb, SLAPI_OPERATION_NOTES, &opnote ); LDAPDebug( LDAP_DEBUG_TRACE, "<= sub_candidates ALLIDS (no keys)\n", 0, 0, 0 ); return( idl_allids( be ) ); @@ -805,7 +835,10 @@ * look up each key in the index, ANDing the resulting * IDLists together. */ - idl = keys2idl( be, type, indextype_SUB, ivals, err ); + idl = keys2idl( be, type, indextype_SUB, ivals, err, &unindexed ); + if ( unindexed ) { + slapi_pblock_set( pb, SLAPI_OPERATION_NOTES, &opnote ); + } valuearray_free( &ivals ); LDAPDebug( LDAP_DEBUG_TRACE, "<= sub_candidates %lu\n", @@ -819,7 +852,8 @@ char *type, const char *indextype, Slapi_Value **ivals, - int *err + int *err, + int *unindexed ) { IDList *idl; @@ -831,7 +865,7 @@ for ( i = 0; ivals[i] != NULL; i++ ) { IDList *idl2; - idl2 = index_read( be, type, indextype, slapi_value_get_berval(ivals[i]), NULL, err ); + idl2 = index_read_ext( be, type, indextype, slapi_value_get_berval(ivals[i]), NULL, err, unindexed ); #ifdef LDAP_DEBUG /* XXX if ( slapd_ldap_debug & LDAP_DEBUG_TRACE ) { XXX */ From rmeggins at fedoraproject.org Fri Dec 5 22:41:53 2008 From: rmeggins at fedoraproject.org (Richard Allen Megginson) Date: Fri, 5 Dec 2008 22:41:53 +0000 (UTC) Subject: [Fedora-directory-commits] ldapserver/ldap/servers/plugins/memberof memberof.c, 1.13, 1.14 Message-ID: <20081205224153.89F0A70142@cvs1.fedora.phx.redhat.com> Author: rmeggins Update of /cvs/dirsec/ldapserver/ldap/servers/plugins/memberof In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv13701/ldapserver/ldap/servers/plugins/memberof Modified Files: memberof.c Log Message: Resolves: bug 454030 Bug Description: Need to address 64-bit compiler warnings - again Reviewed by: nhosoi (Thanks!) Fix Description: This patch cleans up most of the other remaining compiler warnings. I compiled the directory server code with these flags on RHEL5 x86_64: -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic I also enabled argument/format match checking for most of the commonly used varadic functions. Most of the problems I found fell into these categories: 1) Too many or not enough arguments e.g. most everything that uses or did use LDAPDebug had extra 0,0 arguments. If they had been switched to use slapi_log_error, I removed the extra arguments - for those places still using LDAPDebug, I introduced more macros to handle the number of arguments, since C macros cannot be varadic. 2) When using NSPR formatting functions, we have to use %llu or %lld for 64-bit values, even on 64-bit systems. However, for regular system formatting functions, we have to use %ld or %lu. I introduced two new macros NSPRIu64 and NSPRI64 to handle cases where we are passing explicit 64-bit values to NSPR formatting functions, so that we can use the regular PRIu64 and PRI64 macros for regular system formatting functions. I also made sure we used NSPRI* only with NSPR functions, and used PRI* only with system functions. 3) use %lu for size_t and %ld for time_t I did find a few "real" errors, places that the code was doing something definitely not right: https://bugzilla.redhat.com/attachment.cgi?id=325774&action=diff#ldapserver/ldap/servers/plugins/acl/aclinit.c_sec4 https://bugzilla.redhat.com/attachment.cgi?id=325774&action=diff#ldapserver/ldap/servers/plugins/acl/acllas.c_sec17 https://bugzilla.redhat.com/attachment.cgi?id=325774&action=diff#ldapserver/ldap/servers/plugins/http/http_impl.c_sec1 https://bugzilla.redhat.com/attachment.cgi?id=325774&action=diff#ldapserver/ldap/servers/plugins/memberof/memberof.c_sec1 https://bugzilla.redhat.com/attachment.cgi?id=325774&action=diff#ldapserver/ldap/servers/plugins/pam_passthru/pam_ptimpl.c_sec1 https://bugzilla.redhat.com/attachment.cgi?id=325774&action=diff#ldapserver/ldap/servers/plugins/replication/cl5_api.c_sec5 https://bugzilla.redhat.com/attachment.cgi?id=325774&action=diff#ldapserver/ldap/servers/plugins/replication/cl5_clcache.c_sec2 https://bugzilla.redhat.com/attachment.cgi?id=325774&action=diff#ldapserver/ldap/servers/plugins/replication/replutil.c_sec1 https://bugzilla.redhat.com/attachment.cgi?id=325774&action=diff#ldapserver/ldap/servers/slapd/libglobs.c_sec1 https://bugzilla.redhat.com/attachment.cgi?id=325774&action=diff#ldapserver/ldap/servers/slapd/back-ldbm/dbverify.c_sec2 https://bugzilla.redhat.com/attachment.cgi?id=325774&action=diff#ldapserver/ldap/servers/slapd/back-ldbm/ldif2ldbm.c_sec3 This is why it's important to use this compiler checking, and why it's important to fix compiler warnings, if for no other reason than the sheer noise from so many warnings can mask real errors. Platforms tested: RHEL5 Flag Day: no Doc impact: no Index: memberof.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/plugins/memberof/memberof.c,v retrieving revision 1.13 retrieving revision 1.14 diff -u -r1.13 -r1.14 --- memberof.c 18 Jul 2008 18:11:30 -0000 1.13 +++ memberof.c 5 Dec 2008 22:41:51 -0000 1.14 @@ -1071,10 +1071,14 @@ */ if (0 == memberof_compare(config, &this_dn_val, &to_dn_val)) { + const char *strval = "NULL"; + if (this_dn_val) { + strval = slapi_value_get_string(this_dn_val); + } slapi_log_error( SLAPI_LOG_PLUGIN, MEMBEROF_PLUGIN_SUBSYSTEM, "memberof_modop_one_replace_r: not processing memberOf " - "operations on self entry: %s\n", this_dn_val); + "operations on self entry: %s\n", strval); goto bail; } From rmeggins at fedoraproject.org Fri Dec 5 22:41:53 2008 From: rmeggins at fedoraproject.org (Richard Allen Megginson) Date: Fri, 5 Dec 2008 22:41:53 +0000 (UTC) Subject: [Fedora-directory-commits] ldapserver/ldap/servers/plugins/pam_passthru pam_ptimpl.c, 1.13, 1.14 Message-ID: <20081205224153.A304070143@cvs1.fedora.phx.redhat.com> Author: rmeggins Update of /cvs/dirsec/ldapserver/ldap/servers/plugins/pam_passthru In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv13701/ldapserver/ldap/servers/plugins/pam_passthru Modified Files: pam_ptimpl.c Log Message: Resolves: bug 454030 Bug Description: Need to address 64-bit compiler warnings - again Reviewed by: nhosoi (Thanks!) Fix Description: This patch cleans up most of the other remaining compiler warnings. I compiled the directory server code with these flags on RHEL5 x86_64: -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic I also enabled argument/format match checking for most of the commonly used varadic functions. Most of the problems I found fell into these categories: 1) Too many or not enough arguments e.g. most everything that uses or did use LDAPDebug had extra 0,0 arguments. If they had been switched to use slapi_log_error, I removed the extra arguments - for those places still using LDAPDebug, I introduced more macros to handle the number of arguments, since C macros cannot be varadic. 2) When using NSPR formatting functions, we have to use %llu or %lld for 64-bit values, even on 64-bit systems. However, for regular system formatting functions, we have to use %ld or %lu. I introduced two new macros NSPRIu64 and NSPRI64 to handle cases where we are passing explicit 64-bit values to NSPR formatting functions, so that we can use the regular PRIu64 and PRI64 macros for regular system formatting functions. I also made sure we used NSPRI* only with NSPR functions, and used PRI* only with system functions. 3) use %lu for size_t and %ld for time_t I did find a few "real" errors, places that the code was doing something definitely not right: https://bugzilla.redhat.com/attachment.cgi?id=325774&action=diff#ldapserver/ldap/servers/plugins/acl/aclinit.c_sec4 https://bugzilla.redhat.com/attachment.cgi?id=325774&action=diff#ldapserver/ldap/servers/plugins/acl/acllas.c_sec17 https://bugzilla.redhat.com/attachment.cgi?id=325774&action=diff#ldapserver/ldap/servers/plugins/http/http_impl.c_sec1 https://bugzilla.redhat.com/attachment.cgi?id=325774&action=diff#ldapserver/ldap/servers/plugins/memberof/memberof.c_sec1 https://bugzilla.redhat.com/attachment.cgi?id=325774&action=diff#ldapserver/ldap/servers/plugins/pam_passthru/pam_ptimpl.c_sec1 https://bugzilla.redhat.com/attachment.cgi?id=325774&action=diff#ldapserver/ldap/servers/plugins/replication/cl5_api.c_sec5 https://bugzilla.redhat.com/attachment.cgi?id=325774&action=diff#ldapserver/ldap/servers/plugins/replication/cl5_clcache.c_sec2 https://bugzilla.redhat.com/attachment.cgi?id=325774&action=diff#ldapserver/ldap/servers/plugins/replication/replutil.c_sec1 https://bugzilla.redhat.com/attachment.cgi?id=325774&action=diff#ldapserver/ldap/servers/slapd/libglobs.c_sec1 https://bugzilla.redhat.com/attachment.cgi?id=325774&action=diff#ldapserver/ldap/servers/slapd/back-ldbm/dbverify.c_sec2 https://bugzilla.redhat.com/attachment.cgi?id=325774&action=diff#ldapserver/ldap/servers/slapd/back-ldbm/ldif2ldbm.c_sec3 This is why it's important to use this compiler checking, and why it's important to fix compiler warnings, if for no other reason than the sheer noise from so many warnings can mask real errors. Platforms tested: RHEL5 Flag Day: no Doc impact: no Index: pam_ptimpl.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/plugins/pam_passthru/pam_ptimpl.c,v retrieving revision 1.13 retrieving revision 1.14 diff -u -r1.13 -r1.14 --- pam_ptimpl.c 15 Oct 2008 06:29:56 -0000 1.13 +++ pam_ptimpl.c 5 Dec 2008 22:41:51 -0000 1.14 @@ -377,7 +377,7 @@ delete_my_str_buf(&pam_id); if ((retcode == LDAP_SUCCESS) && (rc != PAM_SUCCESS)) { - errmsg = PR_smprintf("Unknown PAM error [%d] for user id [%d], bind DN [%s]", + errmsg = PR_smprintf("Unknown PAM error [%d] for user id [%s], bind DN [%s]", rc, pam_id.str, escape_string(binddn, buf)); retcode = LDAP_OPERATIONS_ERROR; } From rmeggins at fedoraproject.org Fri Dec 5 22:41:53 2008 From: rmeggins at fedoraproject.org (Richard Allen Megginson) Date: Fri, 5 Dec 2008 22:41:53 +0000 (UTC) Subject: [Fedora-directory-commits] ldapserver/ldap/servers/plugins/passthru ptconn.c, 1.5, 1.6 Message-ID: <20081205224153.C984670142@cvs1.fedora.phx.redhat.com> Author: rmeggins Update of /cvs/dirsec/ldapserver/ldap/servers/plugins/passthru In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv13701/ldapserver/ldap/servers/plugins/passthru Modified Files: ptconn.c Log Message: Resolves: bug 454030 Bug Description: Need to address 64-bit compiler warnings - again Reviewed by: nhosoi (Thanks!) Fix Description: This patch cleans up most of the other remaining compiler warnings. I compiled the directory server code with these flags on RHEL5 x86_64: -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic I also enabled argument/format match checking for most of the commonly used varadic functions. Most of the problems I found fell into these categories: 1) Too many or not enough arguments e.g. most everything that uses or did use LDAPDebug had extra 0,0 arguments. If they had been switched to use slapi_log_error, I removed the extra arguments - for those places still using LDAPDebug, I introduced more macros to handle the number of arguments, since C macros cannot be varadic. 2) When using NSPR formatting functions, we have to use %llu or %lld for 64-bit values, even on 64-bit systems. However, for regular system formatting functions, we have to use %ld or %lu. I introduced two new macros NSPRIu64 and NSPRI64 to handle cases where we are passing explicit 64-bit values to NSPR formatting functions, so that we can use the regular PRIu64 and PRI64 macros for regular system formatting functions. I also made sure we used NSPRI* only with NSPR functions, and used PRI* only with system functions. 3) use %lu for size_t and %ld for time_t I did find a few "real" errors, places that the code was doing something definitely not right: https://bugzilla.redhat.com/attachment.cgi?id=325774&action=diff#ldapserver/ldap/servers/plugins/acl/aclinit.c_sec4 https://bugzilla.redhat.com/attachment.cgi?id=325774&action=diff#ldapserver/ldap/servers/plugins/acl/acllas.c_sec17 https://bugzilla.redhat.com/attachment.cgi?id=325774&action=diff#ldapserver/ldap/servers/plugins/http/http_impl.c_sec1 https://bugzilla.redhat.com/attachment.cgi?id=325774&action=diff#ldapserver/ldap/servers/plugins/memberof/memberof.c_sec1 https://bugzilla.redhat.com/attachment.cgi?id=325774&action=diff#ldapserver/ldap/servers/plugins/pam_passthru/pam_ptimpl.c_sec1 https://bugzilla.redhat.com/attachment.cgi?id=325774&action=diff#ldapserver/ldap/servers/plugins/replication/cl5_api.c_sec5 https://bugzilla.redhat.com/attachment.cgi?id=325774&action=diff#ldapserver/ldap/servers/plugins/replication/cl5_clcache.c_sec2 https://bugzilla.redhat.com/attachment.cgi?id=325774&action=diff#ldapserver/ldap/servers/plugins/replication/replutil.c_sec1 https://bugzilla.redhat.com/attachment.cgi?id=325774&action=diff#ldapserver/ldap/servers/slapd/libglobs.c_sec1 https://bugzilla.redhat.com/attachment.cgi?id=325774&action=diff#ldapserver/ldap/servers/slapd/back-ldbm/dbverify.c_sec2 https://bugzilla.redhat.com/attachment.cgi?id=325774&action=diff#ldapserver/ldap/servers/slapd/back-ldbm/ldif2ldbm.c_sec3 This is why it's important to use this compiler checking, and why it's important to fix compiler warnings, if for no other reason than the sheer noise from so many warnings can mask real errors. Platforms tested: RHEL5 Flag Day: no Doc impact: no Index: ptconn.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/plugins/passthru/ptconn.c,v retrieving revision 1.5 retrieving revision 1.6 diff -u -r1.5 -r1.6 --- ptconn.c 10 Nov 2006 23:45:04 -0000 1.5 +++ ptconn.c 5 Dec 2008 22:41:51 -0000 1.6 @@ -248,7 +248,7 @@ ++conn->ptconn_usecount; *ldp = conn->ptconn_ld; slapi_log_error( SLAPI_LOG_PLUGIN, PASSTHRU_PLUGIN_SUBSYSTEM, - "<= passthru_get_connection ld=0x%x (concurrency now %d)\n", + "<= passthru_get_connection ld=0x%p (concurrency now %d)\n", *ldp, conn->ptconn_usecount ); } else { slapi_log_error( SLAPI_LOG_PLUGIN, PASSTHRU_PLUGIN_SUBSYSTEM, @@ -295,7 +295,7 @@ if ( conn == NULL ) { /* ld not found -- unexpected */ slapi_log_error( SLAPI_LOG_PLUGIN, PASSTHRU_PLUGIN_SUBSYSTEM, - "=> passthru_release_connection ld=0x%x not found\n", ld ); + "=> passthru_release_connection ld=0x%p not found\n", ld ); } else { PASSTHRU_ASSERT( conn->ptconn_usecount > 0 ); --conn->ptconn_usecount; From rmeggins at fedoraproject.org Fri Dec 5 22:41:53 2008 From: rmeggins at fedoraproject.org (Richard Allen Megginson) Date: Fri, 5 Dec 2008 22:41:53 +0000 (UTC) Subject: [Fedora-directory-commits] ldapserver/ldap/servers/plugins/presence presence.c, 1.7, 1.8 Message-ID: <20081205224153.E37DA70143@cvs1.fedora.phx.redhat.com> Author: rmeggins Update of /cvs/dirsec/ldapserver/ldap/servers/plugins/presence In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv13701/ldapserver/ldap/servers/plugins/presence Modified Files: presence.c Log Message: Resolves: bug 454030 Bug Description: Need to address 64-bit compiler warnings - again Reviewed by: nhosoi (Thanks!) Fix Description: This patch cleans up most of the other remaining compiler warnings. I compiled the directory server code with these flags on RHEL5 x86_64: -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic I also enabled argument/format match checking for most of the commonly used varadic functions. Most of the problems I found fell into these categories: 1) Too many or not enough arguments e.g. most everything that uses or did use LDAPDebug had extra 0,0 arguments. If they had been switched to use slapi_log_error, I removed the extra arguments - for those places still using LDAPDebug, I introduced more macros to handle the number of arguments, since C macros cannot be varadic. 2) When using NSPR formatting functions, we have to use %llu or %lld for 64-bit values, even on 64-bit systems. However, for regular system formatting functions, we have to use %ld or %lu. I introduced two new macros NSPRIu64 and NSPRI64 to handle cases where we are passing explicit 64-bit values to NSPR formatting functions, so that we can use the regular PRIu64 and PRI64 macros for regular system formatting functions. I also made sure we used NSPRI* only with NSPR functions, and used PRI* only with system functions. 3) use %lu for size_t and %ld for time_t I did find a few "real" errors, places that the code was doing something definitely not right: https://bugzilla.redhat.com/attachment.cgi?id=325774&action=diff#ldapserver/ldap/servers/plugins/acl/aclinit.c_sec4 https://bugzilla.redhat.com/attachment.cgi?id=325774&action=diff#ldapserver/ldap/servers/plugins/acl/acllas.c_sec17 https://bugzilla.redhat.com/attachment.cgi?id=325774&action=diff#ldapserver/ldap/servers/plugins/http/http_impl.c_sec1 https://bugzilla.redhat.com/attachment.cgi?id=325774&action=diff#ldapserver/ldap/servers/plugins/memberof/memberof.c_sec1 https://bugzilla.redhat.com/attachment.cgi?id=325774&action=diff#ldapserver/ldap/servers/plugins/pam_passthru/pam_ptimpl.c_sec1 https://bugzilla.redhat.com/attachment.cgi?id=325774&action=diff#ldapserver/ldap/servers/plugins/replication/cl5_api.c_sec5 https://bugzilla.redhat.com/attachment.cgi?id=325774&action=diff#ldapserver/ldap/servers/plugins/replication/cl5_clcache.c_sec2 https://bugzilla.redhat.com/attachment.cgi?id=325774&action=diff#ldapserver/ldap/servers/plugins/replication/replutil.c_sec1 https://bugzilla.redhat.com/attachment.cgi?id=325774&action=diff#ldapserver/ldap/servers/slapd/libglobs.c_sec1 https://bugzilla.redhat.com/attachment.cgi?id=325774&action=diff#ldapserver/ldap/servers/slapd/back-ldbm/dbverify.c_sec2 https://bugzilla.redhat.com/attachment.cgi?id=325774&action=diff#ldapserver/ldap/servers/slapd/back-ldbm/ldif2ldbm.c_sec3 This is why it's important to use this compiler checking, and why it's important to fix compiler warnings, if for no other reason than the sheer noise from so many warnings can mask real errors. Platforms tested: RHEL5 Flag Day: no Doc impact: no Index: presence.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/plugins/presence/presence.c,v retrieving revision 1.7 retrieving revision 1.8 diff -u -r1.7 -r1.8 --- presence.c 8 Oct 2008 17:29:02 -0000 1.7 +++ presence.c 5 Dec 2008 22:41:51 -0000 1.8 @@ -198,7 +198,7 @@ static vattr_sp_handle *_VattrHandle = NULL; static void *_PluginID = NULL; -static void *_PluginDN = NULL; +static char *_PluginDN = NULL; static PLHashTable *_IdVattrMapTable = NULL; static PLHashTable *_IdConfigMapTable = NULL; static void **_HttpAPI = NULL; @@ -281,12 +281,12 @@ return _PluginID; } -void setPluginDN(void *pluginDN) +void setPluginDN(char *pluginDN) { _PluginDN = pluginDN; } -void * getPluginDN() +char * getPluginDN() { return _PluginDN; } From rmeggins at fedoraproject.org Fri Dec 5 22:41:54 2008 From: rmeggins at fedoraproject.org (Richard Allen Megginson) Date: Fri, 5 Dec 2008 22:41:54 +0000 (UTC) Subject: [Fedora-directory-commits] ldapserver/ldap/servers/plugins/roles roles_cache.c, 1.8, 1.9 Message-ID: <20081205224154.9936B70143@cvs1.fedora.phx.redhat.com> Author: rmeggins Update of /cvs/dirsec/ldapserver/ldap/servers/plugins/roles In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv13701/ldapserver/ldap/servers/plugins/roles Modified Files: roles_cache.c Log Message: Resolves: bug 454030 Bug Description: Need to address 64-bit compiler warnings - again Reviewed by: nhosoi (Thanks!) Fix Description: This patch cleans up most of the other remaining compiler warnings. I compiled the directory server code with these flags on RHEL5 x86_64: -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic I also enabled argument/format match checking for most of the commonly used varadic functions. Most of the problems I found fell into these categories: 1) Too many or not enough arguments e.g. most everything that uses or did use LDAPDebug had extra 0,0 arguments. If they had been switched to use slapi_log_error, I removed the extra arguments - for those places still using LDAPDebug, I introduced more macros to handle the number of arguments, since C macros cannot be varadic. 2) When using NSPR formatting functions, we have to use %llu or %lld for 64-bit values, even on 64-bit systems. However, for regular system formatting functions, we have to use %ld or %lu. I introduced two new macros NSPRIu64 and NSPRI64 to handle cases where we are passing explicit 64-bit values to NSPR formatting functions, so that we can use the regular PRIu64 and PRI64 macros for regular system formatting functions. I also made sure we used NSPRI* only with NSPR functions, and used PRI* only with system functions. 3) use %lu for size_t and %ld for time_t I did find a few "real" errors, places that the code was doing something definitely not right: https://bugzilla.redhat.com/attachment.cgi?id=325774&action=diff#ldapserver/ldap/servers/plugins/acl/aclinit.c_sec4 https://bugzilla.redhat.com/attachment.cgi?id=325774&action=diff#ldapserver/ldap/servers/plugins/acl/acllas.c_sec17 https://bugzilla.redhat.com/attachment.cgi?id=325774&action=diff#ldapserver/ldap/servers/plugins/http/http_impl.c_sec1 https://bugzilla.redhat.com/attachment.cgi?id=325774&action=diff#ldapserver/ldap/servers/plugins/memberof/memberof.c_sec1 https://bugzilla.redhat.com/attachment.cgi?id=325774&action=diff#ldapserver/ldap/servers/plugins/pam_passthru/pam_ptimpl.c_sec1 https://bugzilla.redhat.com/attachment.cgi?id=325774&action=diff#ldapserver/ldap/servers/plugins/replication/cl5_api.c_sec5 https://bugzilla.redhat.com/attachment.cgi?id=325774&action=diff#ldapserver/ldap/servers/plugins/replication/cl5_clcache.c_sec2 https://bugzilla.redhat.com/attachment.cgi?id=325774&action=diff#ldapserver/ldap/servers/plugins/replication/replutil.c_sec1 https://bugzilla.redhat.com/attachment.cgi?id=325774&action=diff#ldapserver/ldap/servers/slapd/libglobs.c_sec1 https://bugzilla.redhat.com/attachment.cgi?id=325774&action=diff#ldapserver/ldap/servers/slapd/back-ldbm/dbverify.c_sec2 https://bugzilla.redhat.com/attachment.cgi?id=325774&action=diff#ldapserver/ldap/servers/slapd/back-ldbm/ldif2ldbm.c_sec3 This is why it's important to use this compiler checking, and why it's important to fix compiler warnings, if for no other reason than the sheer noise from so many warnings can mask real errors. Platforms tested: RHEL5 Flag Day: no Doc impact: no Index: roles_cache.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/plugins/roles/roles_cache.c,v retrieving revision 1.8 retrieving revision 1.9 diff -u -r1.8 -r1.9 --- roles_cache.c 15 Oct 2008 06:30:00 -0000 1.8 +++ roles_cache.c 5 Dec 2008 22:41:52 -0000 1.9 @@ -559,7 +559,7 @@ current_role = roles_list; slapi_log_error( SLAPI_LOG_PLUGIN, - ROLES_PLUGIN_SUBSYSTEM, "--> roles_cache_trigger_update_role: %x \n", roles_list); + ROLES_PLUGIN_SUBSYSTEM, "--> roles_cache_trigger_update_role: %p \n", roles_list); /* Go through all the roles list and trigger the associated structure */ @@ -593,7 +593,7 @@ PR_RWLock_Unlock(global_lock); - slapi_log_error( SLAPI_LOG_PLUGIN, ROLES_PLUGIN_SUBSYSTEM, "<-- roles_cache_trigger_update_role: %x \n", roles_list); + slapi_log_error( SLAPI_LOG_PLUGIN, ROLES_PLUGIN_SUBSYSTEM, "<-- roles_cache_trigger_update_role: %p \n", roles_list); } /* roles_cache_update @@ -1066,14 +1066,14 @@ role_object *new_role = NULL; slapi_log_error(SLAPI_LOG_PLUGIN, - ROLES_PLUGIN_SUBSYSTEM, "--> roles_cache_create_role_under: %s - %x\n", + ROLES_PLUGIN_SUBSYSTEM, "--> roles_cache_create_role_under: %s - %p\n", slapi_sdn_get_dn((*roles_cache_suffix)->suffix_dn), (*roles_cache_suffix)->avl_tree); rc = roles_cache_create_object_from_entry(entry,&new_role,0); slapi_log_error(SLAPI_LOG_PLUGIN, ROLES_PLUGIN_SUBSYSTEM, - "roles_cache_create_role_under: create node for entry %s - rc: %d SUFFIX: %x\n", + "roles_cache_create_role_under: create node for entry %s - rc: %d SUFFIX: %p\n", slapi_entry_get_dn_const(entry), rc, (*roles_cache_suffix)->avl_tree); if ( (rc == 0) && new_role) @@ -1081,7 +1081,7 @@ /* Add to the tree where avl_data is a role_object struct */ rc = roles_cache_insert_object(&((*roles_cache_suffix)->avl_tree),new_role); slapi_log_error(SLAPI_LOG_PLUGIN, - ROLES_PLUGIN_SUBSYSTEM, "roles_cache_create_role_under:%s in tree %x rc: %d\n", + ROLES_PLUGIN_SUBSYSTEM, "roles_cache_create_role_under:%s in tree %p rc: %d\n", (char*)slapi_sdn_get_ndn(new_role->dn), (*roles_cache_suffix)->avl_tree, rc); } @@ -1351,7 +1351,7 @@ { slapi_log_error(SLAPI_LOG_PLUGIN, - ROLES_PLUGIN_SUBSYSTEM, "roles_cache_insert_object: %s in tree %x\n", + ROLES_PLUGIN_SUBSYSTEM, "roles_cache_insert_object: %s in tree %p\n", (char*)slapi_sdn_get_ndn(object->dn), *tree); return (avl_insert(tree, (caddr_t)object, roles_cache_node_cmp, avl_dup_error)); @@ -1381,7 +1381,7 @@ static int roles_cache_insert_object_nested(Avlnode **tree, role_object_nested *object) { slapi_log_error(SLAPI_LOG_PLUGIN, - ROLES_PLUGIN_SUBSYSTEM, "roles_cache_insert_object_nested: %s in tree %x: \n", + ROLES_PLUGIN_SUBSYSTEM, "roles_cache_insert_object_nested: %s in tree %p: \n", (char*)slapi_sdn_get_ndn(object->dn), *tree); return (avl_insert(tree, (caddr_t)object, roles_cache_node_nested_cmp, avl_dup_error)); @@ -2106,7 +2106,7 @@ role_object *this_role = (role_object*)data; slapi_log_error(SLAPI_LOG_PLUGIN, - ROLES_PLUGIN_SUBSYSTEM, "roles_cache_dump: %x - %s - %x\n", + ROLES_PLUGIN_SUBSYSTEM, "roles_cache_dump: %p - %s - %p\n", this_role, (char*)slapi_sdn_get_ndn(this_role->dn), this_role->avl_tree); return 0; From rmeggins at fedoraproject.org Fri Dec 5 22:41:54 2008 From: rmeggins at fedoraproject.org (Richard Allen Megginson) Date: Fri, 5 Dec 2008 22:41:54 +0000 (UTC) Subject: [Fedora-directory-commits] ldapserver/ldap/servers/plugins/retrocl retrocl.c, 1.6, 1.7 retrocl_cn.c, 1.5, 1.6 retrocl_po.c, 1.7, 1.8 retrocl_trim.c, 1.8, 1.9 Message-ID: <20081205224154.7E05270143@cvs1.fedora.phx.redhat.com> Author: rmeggins Update of /cvs/dirsec/ldapserver/ldap/servers/plugins/retrocl In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv13701/ldapserver/ldap/servers/plugins/retrocl Modified Files: retrocl.c retrocl_cn.c retrocl_po.c retrocl_trim.c Log Message: Resolves: bug 454030 Bug Description: Need to address 64-bit compiler warnings - again Reviewed by: nhosoi (Thanks!) Fix Description: This patch cleans up most of the other remaining compiler warnings. I compiled the directory server code with these flags on RHEL5 x86_64: -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic I also enabled argument/format match checking for most of the commonly used varadic functions. Most of the problems I found fell into these categories: 1) Too many or not enough arguments e.g. most everything that uses or did use LDAPDebug had extra 0,0 arguments. If they had been switched to use slapi_log_error, I removed the extra arguments - for those places still using LDAPDebug, I introduced more macros to handle the number of arguments, since C macros cannot be varadic. 2) When using NSPR formatting functions, we have to use %llu or %lld for 64-bit values, even on 64-bit systems. However, for regular system formatting functions, we have to use %ld or %lu. I introduced two new macros NSPRIu64 and NSPRI64 to handle cases where we are passing explicit 64-bit values to NSPR formatting functions, so that we can use the regular PRIu64 and PRI64 macros for regular system formatting functions. I also made sure we used NSPRI* only with NSPR functions, and used PRI* only with system functions. 3) use %lu for size_t and %ld for time_t I did find a few "real" errors, places that the code was doing something definitely not right: https://bugzilla.redhat.com/attachment.cgi?id=325774&action=diff#ldapserver/ldap/servers/plugins/acl/aclinit.c_sec4 https://bugzilla.redhat.com/attachment.cgi?id=325774&action=diff#ldapserver/ldap/servers/plugins/acl/acllas.c_sec17 https://bugzilla.redhat.com/attachment.cgi?id=325774&action=diff#ldapserver/ldap/servers/plugins/http/http_impl.c_sec1 https://bugzilla.redhat.com/attachment.cgi?id=325774&action=diff#ldapserver/ldap/servers/plugins/memberof/memberof.c_sec1 https://bugzilla.redhat.com/attachment.cgi?id=325774&action=diff#ldapserver/ldap/servers/plugins/pam_passthru/pam_ptimpl.c_sec1 https://bugzilla.redhat.com/attachment.cgi?id=325774&action=diff#ldapserver/ldap/servers/plugins/replication/cl5_api.c_sec5 https://bugzilla.redhat.com/attachment.cgi?id=325774&action=diff#ldapserver/ldap/servers/plugins/replication/cl5_clcache.c_sec2 https://bugzilla.redhat.com/attachment.cgi?id=325774&action=diff#ldapserver/ldap/servers/plugins/replication/replutil.c_sec1 https://bugzilla.redhat.com/attachment.cgi?id=325774&action=diff#ldapserver/ldap/servers/slapd/libglobs.c_sec1 https://bugzilla.redhat.com/attachment.cgi?id=325774&action=diff#ldapserver/ldap/servers/slapd/back-ldbm/dbverify.c_sec2 https://bugzilla.redhat.com/attachment.cgi?id=325774&action=diff#ldapserver/ldap/servers/slapd/back-ldbm/ldif2ldbm.c_sec3 This is why it's important to use this compiler checking, and why it's important to fix compiler warnings, if for no other reason than the sheer noise from so many warnings can mask real errors. Platforms tested: RHEL5 Flag Day: no Doc impact: no Index: retrocl.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/plugins/retrocl/retrocl.c,v retrieving revision 1.6 retrieving revision 1.7 diff -u -r1.6 -r1.7 --- retrocl.c 10 Nov 2006 23:45:18 -0000 1.6 +++ retrocl.c 5 Dec 2008 22:41:52 -0000 1.7 @@ -221,8 +221,8 @@ operation_free(&op,NULL); if (err != LDAP_SUCCESS || be == NULL || be == defbackend_get_backend()) { - LDAPDebug(LDAP_DEBUG_TRACE,"Mapping tree select failed (%d) %s.\n", - err,errbuf,0); + LDAPDebug2Args(LDAP_DEBUG_TRACE,"Mapping tree select failed (%d) %s.\n", + err,errbuf); /* could not find the backend for cn=changelog, either because * it doesn't exist @@ -307,7 +307,7 @@ if (rc == 0) { retrocl_init_trimming(); } else { - LDAPDebug(LDAP_DEBUG_TRACE,"Couldnt find backend, not trimming retro changelog (%d).\n",rc,0,0); + LDAPDebug1Arg(LDAP_DEBUG_TRACE,"Couldnt find backend, not trimming retro changelog (%d).\n",rc); } } Index: retrocl_cn.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/plugins/retrocl/retrocl_cn.c,v retrieving revision 1.5 retrieving revision 1.6 diff -u -r1.5 -r1.6 --- retrocl_cn.c 10 Nov 2006 23:45:18 -0000 1.5 +++ retrocl_cn.c 5 Dec 2008 22:41:52 -0000 1.6 @@ -181,7 +181,7 @@ retrocl_internal_cn = cr.cr_cnum; - slapi_log_error(SLAPI_LOG_PLUGIN,"retrocl","Got changenumbers %d and %d\n", + slapi_log_error(SLAPI_LOG_PLUGIN,"retrocl","Got changenumbers %lu and %lu\n", retrocl_first_cn, retrocl_internal_cn); @@ -379,7 +379,7 @@ retrocl_internal_cn = cr.cr_cnum; - slapi_log_error(SLAPI_LOG_PLUGIN,"retrocl","Refetched last changenumber = %d \n", + slapi_log_error(SLAPI_LOG_PLUGIN,"retrocl","Refetched last changenumber = %lu \n", retrocl_internal_cn); slapi_ch_free(( void **) &cr.cr_time ); Index: retrocl_po.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/plugins/retrocl/retrocl_po.c,v retrieving revision 1.7 retrieving revision 1.8 diff -u -r1.7 -r1.8 --- retrocl_po.c 15 Oct 2008 06:29:59 -0000 1.7 +++ retrocl_po.c 5 Dec 2008 22:41:52 -0000 1.8 @@ -179,7 +179,7 @@ PR_ASSERT( changenum > 0UL ); slapi_log_error( SLAPI_LOG_PLUGIN, RETROCL_PLUGIN_NAME, - "write_replog_db: write change record %d for dn: \"%s\"\n", + "write_replog_db: write change record %lu for dn: \"%s\"\n", changenum, ( dn == NULL ) ? "NULL" : dn ); /* Construct the dn of this change record */ @@ -271,7 +271,7 @@ if ( 0 != rc ) { slapi_log_error( SLAPI_LOG_FATAL, RETROCL_PLUGIN_NAME, "replog: an error occured while adding change " - "number %d, dn = %s: %s. \n", + "number %lu, dn = %s: %s. \n", changenum, edn, ldap_err2string( rc )); retrocl_release_changenumber(); } else { @@ -484,27 +484,24 @@ (void)slapi_pblock_get( pb, SLAPI_BACKEND, &be ); if (slapi_be_logchanges(be) == 0) { - LDAPDebug(LDAP_DEBUG_TRACE,"not applying change if not logging\n", - 0,0,0); + LDAPDebug0Args(LDAP_DEBUG_TRACE,"not applying change if not logging\n"); return 0; } if (retrocl_be_changelog == NULL || be == retrocl_be_changelog) { - LDAPDebug(LDAP_DEBUG_TRACE,"not applying change if no/cl be\n",0,0,0); + LDAPDebug0Args(LDAP_DEBUG_TRACE,"not applying change if no/cl be\n"); return 0; } slapi_pblock_get(pb, SLAPI_RESULT_CODE, &rc); if (rc != LDAP_SUCCESS) { - LDAPDebug(LDAP_DEBUG_TRACE,"not applying change if op failed %d\n",rc, - 0,0); + LDAPDebug1Arg(LDAP_DEBUG_TRACE,"not applying change if op failed %d\n",rc); return 0; } if (slapi_op_abandoned(pb)) { - LDAPDebug(LDAP_DEBUG_PLUGIN,"not applying change if op abandoned\n", - 0,0,0); + LDAPDebug0Args(LDAP_DEBUG_PLUGIN,"not applying change if op abandoned\n"); return 0; } @@ -519,12 +516,12 @@ slapi_pblock_get( pb, SLAPI_OPERATION, &op ); if (op == NULL) { - LDAPDebug(LDAP_DEBUG_TRACE,"not applying change if no op\n",0,0,0); + LDAPDebug0Args(LDAP_DEBUG_TRACE,"not applying change if no op\n"); return 0; } if (operation_is_flag_set(op, OP_FLAG_TOMBSTONE_ENTRY)){ - LDAPDebug(LDAP_DEBUG_TRACE,"not applying change for nsTombstone entries\n",0,0,0); + LDAPDebug0Args(LDAP_DEBUG_TRACE,"not applying change for nsTombstone entries\n"); return 0; } Index: retrocl_trim.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/plugins/retrocl/retrocl_trim.c,v retrieving revision 1.8 retrieving revision 1.9 diff -u -r1.8 -r1.9 --- retrocl_trim.c 18 Oct 2007 00:08:32 -0000 1.8 +++ retrocl_trim.c 5 Dec 2008 22:41:52 -0000 1.9 @@ -119,7 +119,7 @@ if ( delrc != LDAP_SUCCESS ) { slapi_log_error( SLAPI_LOG_FATAL, RETROCL_PLUGIN_NAME, "delete_changerecord: could not delete " - "change record %d\n", cnum ); + "change record %lu\n", cnum ); } else { slapi_log_error( SLAPI_LOG_PLUGIN, RETROCL_PLUGIN_NAME, "delete_changerecord: deleted changelog entry \"%s\"\n", dnbuf); @@ -312,7 +312,7 @@ } } } else { - LDAPDebug(LDAP_DEBUG_PLUGIN, "not yet time to trim: %d < (%d+%d)\n", + LDAPDebug(LDAP_DEBUG_PLUGIN, "not yet time to trim: %ld < (%d+%d)\n", now,lt,(CHANGELOGDB_TRIM_INTERVAL/1000)); } PR_Lock( ts.ts_s_trim_mutex ); @@ -366,7 +366,7 @@ int ldrc; if (retrocl_be_changelog == NULL) { - LDAPDebug(LDAP_DEBUG_TRACE,"not housekeeping if no cl be\n",0,0,0); + LDAPDebug0Args(LDAP_DEBUG_TRACE,"not housekeeping if no cl be\n"); return; } @@ -391,7 +391,7 @@ */ first_time = retrocl_getchangetime( SLAPI_SEQ_FIRST, &ldrc ); LDAPDebug(LDAP_DEBUG_PLUGIN, - "cltrim: ldrc=%d, first_time=%d, cur_time=%d\n", + "cltrim: ldrc=%d, first_time=%ld, cur_time=%ld\n", ldrc,first_time,cur_time); if ( LDAP_SUCCESS == ldrc && first_time > (time_t) 0L && first_time + ts.ts_c_max_age < cur_time ) { @@ -399,7 +399,7 @@ } } if ( must_trim ) { - LDAPDebug(LDAP_DEBUG_TRACE,"changelog about to create thread\n",0,0,0); + LDAPDebug0Args(LDAP_DEBUG_TRACE,"changelog about to create thread\n"); /* Start a thread to trim the changelog */ ts.ts_s_trimming = 1; if ( PR_CreateThread( PR_USER_THREAD, @@ -409,8 +409,8 @@ slapi_log_error( SLAPI_LOG_FATAL, RETROCL_PLUGIN_NAME, "unable to create changelog trimming thread\n" ); } } else { - LDAPDebug(LDAP_DEBUG_PLUGIN, - "changelog does not need to be trimmed\n",0,0,0); + LDAPDebug0Args(LDAP_DEBUG_PLUGIN, + "changelog does not need to be trimmed\n"); } } PR_Unlock( ts.ts_s_trim_mutex ); @@ -491,7 +491,7 @@ cl_maxage = retrocl_get_config_str(CONFIG_CHANGELOG_MAXAGE_ATTRIBUTE); if (cl_maxage == NULL) { - LDAPDebug(LDAP_DEBUG_TRACE,"No maxage, not trimming retro changelog.\n",0,0,0); + LDAPDebug0Args(LDAP_DEBUG_TRACE,"No maxage, not trimming retro changelog.\n"); return; } ageval = age_str2time (cl_maxage); From rmeggins at fedoraproject.org Fri Dec 5 22:41:54 2008 From: rmeggins at fedoraproject.org (Richard Allen Megginson) Date: Fri, 5 Dec 2008 22:41:54 +0000 (UTC) Subject: [Fedora-directory-commits] ldapserver/ldap/servers/plugins/replication cl5_api.c, 1.25, 1.26 cl5_clcache.c, 1.8, 1.9 cl5_config.c, 1.8, 1.9 repl5_agmt.c, 1.15, 1.16 repl5_connection.c, 1.14, 1.15 repl5_inc_protocol.c, 1.13, 1.14 repl5_init.c, 1.8, 1.9 repl5_plugins.c, 1.10, 1.11 repl5_replica.c, 1.20, 1.21 repl5_tot_protocol.c, 1.9, 1.10 repl5_total.c, 1.12, 1.13 repl_connext.c, 1.7, 1.8 repl_extop.c, 1.15, 1.16 replutil.c, 1.14, 1.15 windows_connection.c, 1.22, 1.23 windows_inc_protocol.c, 1.17, 1.18 windows_private.c, 1.21, 1.22 windows_protocol_util.c, 1.42, 1.43 windows_tot_protocol.c, 1.14, 1.15 Message-ID: <20081205224154.C70D370142@cvs1.fedora.phx.redhat.com> Author: rmeggins Update of /cvs/dirsec/ldapserver/ldap/servers/plugins/replication In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv13701/ldapserver/ldap/servers/plugins/replication Modified Files: cl5_api.c cl5_clcache.c cl5_config.c repl5_agmt.c repl5_connection.c repl5_inc_protocol.c repl5_init.c repl5_plugins.c repl5_replica.c repl5_tot_protocol.c repl5_total.c repl_connext.c repl_extop.c replutil.c windows_connection.c windows_inc_protocol.c windows_private.c windows_protocol_util.c windows_tot_protocol.c Log Message: Resolves: bug 454030 Bug Description: Need to address 64-bit compiler warnings - again Reviewed by: nhosoi (Thanks!) Fix Description: This patch cleans up most of the other remaining compiler warnings. I compiled the directory server code with these flags on RHEL5 x86_64: -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic I also enabled argument/format match checking for most of the commonly used varadic functions. Most of the problems I found fell into these categories: 1) Too many or not enough arguments e.g. most everything that uses or did use LDAPDebug had extra 0,0 arguments. If they had been switched to use slapi_log_error, I removed the extra arguments - for those places still using LDAPDebug, I introduced more macros to handle the number of arguments, since C macros cannot be varadic. 2) When using NSPR formatting functions, we have to use %llu or %lld for 64-bit values, even on 64-bit systems. However, for regular system formatting functions, we have to use %ld or %lu. I introduced two new macros NSPRIu64 and NSPRI64 to handle cases where we are passing explicit 64-bit values to NSPR formatting functions, so that we can use the regular PRIu64 and PRI64 macros for regular system formatting functions. I also made sure we used NSPRI* only with NSPR functions, and used PRI* only with system functions. 3) use %lu for size_t and %ld for time_t I did find a few "real" errors, places that the code was doing something definitely not right: https://bugzilla.redhat.com/attachment.cgi?id=325774&action=diff#ldapserver/ldap/servers/plugins/acl/aclinit.c_sec4 https://bugzilla.redhat.com/attachment.cgi?id=325774&action=diff#ldapserver/ldap/servers/plugins/acl/acllas.c_sec17 https://bugzilla.redhat.com/attachment.cgi?id=325774&action=diff#ldapserver/ldap/servers/plugins/http/http_impl.c_sec1 https://bugzilla.redhat.com/attachment.cgi?id=325774&action=diff#ldapserver/ldap/servers/plugins/memberof/memberof.c_sec1 https://bugzilla.redhat.com/attachment.cgi?id=325774&action=diff#ldapserver/ldap/servers/plugins/pam_passthru/pam_ptimpl.c_sec1 https://bugzilla.redhat.com/attachment.cgi?id=325774&action=diff#ldapserver/ldap/servers/plugins/replication/cl5_api.c_sec5 https://bugzilla.redhat.com/attachment.cgi?id=325774&action=diff#ldapserver/ldap/servers/plugins/replication/cl5_clcache.c_sec2 https://bugzilla.redhat.com/attachment.cgi?id=325774&action=diff#ldapserver/ldap/servers/plugins/replication/replutil.c_sec1 https://bugzilla.redhat.com/attachment.cgi?id=325774&action=diff#ldapserver/ldap/servers/slapd/libglobs.c_sec1 https://bugzilla.redhat.com/attachment.cgi?id=325774&action=diff#ldapserver/ldap/servers/slapd/back-ldbm/dbverify.c_sec2 https://bugzilla.redhat.com/attachment.cgi?id=325774&action=diff#ldapserver/ldap/servers/slapd/back-ldbm/ldif2ldbm.c_sec3 This is why it's important to use this compiler checking, and why it's important to fix compiler warnings, if for no other reason than the sheer noise from so many warnings can mask real errors. Platforms tested: RHEL5 Flag Day: no Doc impact: no Index: cl5_api.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/plugins/replication/cl5_api.c,v retrieving revision 1.25 retrieving revision 1.26 diff -u -r1.25 -r1.26 --- cl5_api.c 26 Nov 2008 00:13:42 -0000 1.25 +++ cl5_api.c 5 Dec 2008 22:41:51 -0000 1.26 @@ -3626,6 +3626,7 @@ { PR_snprintf (plVersion, VERSION_SIZE, "%s/%d.%d/%s\n", BDB_IMPL, DB_VERSION_MAJOR, DB_VERSION_MINOR, BDB_REPLPLUGIN); + dbVersion[0] = '\0'; rc = _cl5ReadGuardian (dbVersion); if (rc != CL5_SUCCESS || strcasecmp (plVersion, dbVersion) != 0) @@ -4954,7 +4955,7 @@ break; default: slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name_cl, - "_cl5Operation2LDIF: invalid operation type - %d\n", op->operation_type); + "_cl5Operation2LDIF: invalid operation type - %lu\n", op->operation_type); return CL5_BAD_FORMAT; } @@ -5131,7 +5132,7 @@ break; default: slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name_cl, - "_cl5LDIF2Operation: invalid operation type - %d\n", + "_cl5LDIF2Operation: invalid operation type - %lu\n", op->operation_type); return CL5_BAD_FORMAT; } @@ -5375,7 +5376,7 @@ if (rc != 0) { slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name_cl, - "_cl5GetFirstOperation: failed to format entry\n", rc); + "_cl5GetFirstOperation: failed to format entry: %d\n", rc); goto done; } @@ -5466,7 +5467,7 @@ if (rc != 0) { slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name_cl, - "_cl5GetNextEntry: failed to format entry\n", rc); + "_cl5GetNextEntry: failed to format entry: %d\n", rc); } return rc; @@ -6659,7 +6660,7 @@ object_release (obj); slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name_cl, "_cl5CopyDBFiles: failed to copy %s from %s to %s\n", - file, srcDir, destDir); + file->name, srcDir, destDir); return CL5_SYSTEM_ERROR; } @@ -6892,7 +6893,7 @@ if (fsiz < NO_DISK_SPACE) { slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name_cl, - "cl5_diskspace_is_available: No enough diskspace for changelog: (%u bytes free)\n", fsiz); + "cl5_diskspace_is_available: No enough diskspace for changelog: (%lu bytes free)\n", fsiz); rval = 0; } else if (fsiz > MIN_DISK_SPACE) Index: cl5_clcache.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/plugins/replication/cl5_clcache.c,v retrieving revision 1.8 retrieving revision 1.9 diff -u -r1.8 -r1.9 --- cl5_clcache.c 23 Jun 2008 18:32:11 -0000 1.8 +++ cl5_clcache.c 5 Dec 2008 22:41:51 -0000 1.9 @@ -645,7 +645,7 @@ /* Skip helper entry (ENTRY_COUNT, PURGE_RUV and so on) */ if ( cl5HelperEntry ( NULL, buf->buf_current_csn ) == PR_TRUE ) { slapi_log_error ( SLAPI_LOG_REPL, buf->buf_agmt_name, - "Skip helper entry type=%d\n", csn_get_time( buf->buf_current_csn )); + "Skip helper entry type=%ld\n", csn_get_time( buf->buf_current_csn )); break; } @@ -922,7 +922,7 @@ &( buf->buf_data ), buf->buf_load_flag | flag ); slapi_log_error ( SLAPI_LOG_REPL, buf->buf_agmt_name, - "clcache: (%d | %d) %s reallocated and retry returns %d\n", buf->buf_load_flag, flag, buf->buf_key.data, rc ); + "clcache: (%d | %d) buf key len %d reallocated and retry returns %d\n", buf->buf_load_flag, flag, buf->buf_key.size, rc ); } } Index: cl5_config.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/plugins/replication/cl5_config.c,v retrieving revision 1.8 retrieving revision 1.9 diff -u -r1.8 -r1.9 --- cl5_config.c 18 Oct 2007 00:08:31 -0000 1.8 +++ cl5_config.c 5 Dec 2008 22:41:51 -0000 1.9 @@ -890,7 +890,7 @@ if (theSize < CL5_MIN_NB_LOCK) { slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name_cl, - "Warning: Changelog %s value is too low (%d). Set to minimal value instead (%d)\n", + "Warning: Changelog %s value is too low (%ld). Set to minimal value instead (%d)\n", CONFIG_CHANGELOG_NB_LOCK, theSize, CL5_MIN_NB_LOCK); config->dbconfig.nb_lock_config = CL5_MIN_NB_LOCK; } Index: repl5_agmt.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/plugins/replication/repl5_agmt.c,v retrieving revision 1.15 retrieving revision 1.16 diff -u -r1.15 -r1.16 --- repl5_agmt.c 4 Nov 2008 18:23:08 -0000 1.15 +++ repl5_agmt.c 5 Dec 2008 22:41:51 -0000 1.16 @@ -192,19 +192,19 @@ if (ra->timeout < 0) { slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name, "Replication agreement \"%s\" " - "is malformed: invalid timeout %d.\n", slapi_sdn_get_dn(ra->dn), ra->timeout); + "is malformed: invalid timeout %ld.\n", slapi_sdn_get_dn(ra->dn), ra->timeout); return_value = 0; } if (ra->busywaittime < 0) { slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name, "Replication agreement \"%s\" " - "is malformed: invalid busy wait time %d.\n", slapi_sdn_get_dn(ra->dn), ra->busywaittime); + "is malformed: invalid busy wait time %ld.\n", slapi_sdn_get_dn(ra->dn), ra->busywaittime); return_value = 0; } if (ra->pausetime < 0) { slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name, "Replication agreement \"%s\" " - "is malformed: invalid pausetime %d.\n", slapi_sdn_get_dn(ra->dn), ra->pausetime); + "is malformed: invalid pausetime %ld.\n", slapi_sdn_get_dn(ra->dn), ra->pausetime); return_value = 0; } return return_value; Index: repl5_connection.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/plugins/replication/repl5_connection.c,v retrieving revision 1.14 retrieving revision 1.15 diff -u -r1.14 -r1.15 --- repl5_connection.c 4 Dec 2008 00:55:47 -0000 1.14 +++ repl5_connection.c 5 Dec 2008 22:41:51 -0000 1.15 @@ -54,6 +54,7 @@ #include "repl5.h" #include "ldappr.h" #include "ldap-extension.h" +#include "nss.h" typedef struct repl_connection { @@ -1701,6 +1702,6 @@ config_set_errorlog_level("nsslapd-errorlog-level", buf, msg, 1); slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name, - "repl5_debug_timeout_callback: set debug level to %d at %d\n", + "repl5_debug_timeout_callback: set debug level to %d at %ld\n", s_debug_level, when); } Index: repl5_inc_protocol.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/plugins/replication/repl5_inc_protocol.c,v retrieving revision 1.13 retrieving revision 1.14 diff -u -r1.13 -r1.14 --- repl5_inc_protocol.c 24 Jun 2008 22:22:09 -0000 1.13 +++ repl5_inc_protocol.c 5 Dec 2008 22:41:51 -0000 1.14 @@ -464,7 +464,7 @@ /* Are we caught up ? */ slapi_log_error(SLAPI_LOG_REPL, NULL, "repl5_inc_waitfor_async_results: %d %d\n", - rd->last_message_id_received, rd->last_message_id_sent, 0); + rd->last_message_id_received, rd->last_message_id_sent); if (rd->last_message_id_received >= rd->last_message_id_sent) { /* If so then we're done */ @@ -481,7 +481,7 @@ /* Log a warning */ slapi_log_error(SLAPI_LOG_FATAL, NULL, "repl5_inc_waitfor_async_results timed out waiting for responses: %d %d\n", - rd->last_message_id_received, rd->last_message_id_sent, 0); + rd->last_message_id_received, rd->last_message_id_sent); done = 1; } } @@ -966,7 +966,7 @@ next_fire_time = backoff_step(prp_priv->backoff); /* And go back to sleep */ slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name, - "%s: Replication session backing off for %d seconds\n", + "%s: Replication session backing off for %ld seconds\n", agmt_get_long_name(prp->agmt), next_fire_time - now); @@ -1448,7 +1448,7 @@ break; default: slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name, "%s: replay_update: Unknown " - "operation type %d found in changelog - skipping change.\n", + "operation type %lu found in changelog - skipping change.\n", agmt_get_long_name(prp->agmt), op->operation_type); } Index: repl5_init.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/plugins/replication/repl5_init.c,v retrieving revision 1.8 retrieving revision 1.9 diff -u -r1.8 -r1.9 --- repl5_init.c 17 Oct 2008 22:12:47 -0000 1.8 +++ repl5_init.c 5 Dec 2008 22:41:52 -0000 1.9 @@ -193,7 +193,7 @@ /* Avoid "Connection is NULL and hence cannot access SLAPI_CONN_ID" */ if (opid) { slapi_pblock_get (pb, SLAPI_CONN_ID, &connid); - PR_snprintf (idstr, REPL_SESSION_ID_SIZE, "conn=%" PRIu64 " op=%d", connid, opid); + PR_snprintf (idstr, REPL_SESSION_ID_SIZE, "conn=%" NSPRIu64 " op=%d", connid, opid); } slapi_pblock_get ( pb, SLAPI_OPERATION, &op ); Index: repl5_plugins.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/plugins/replication/repl5_plugins.c,v retrieving revision 1.10 retrieving revision 1.11 diff -u -r1.10 -r1.11 --- repl5_plugins.c 18 Oct 2007 22:40:17 -0000 1.10 +++ repl5_plugins.c 5 Dec 2008 22:41:52 -0000 1.11 @@ -1015,7 +1015,7 @@ /* ONREPL - log error */ slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name, "write_changelog_and_ruv: can't add a change for " - "%s (uniqid: %s, optype: %u) to changelog csn %s\n", + "%s (uniqid: %s, optype: %lu) to changelog csn %s\n", op_params->target_address.dn, op_params->target_address.uniqueid, op_params->operation_type, Index: repl5_replica.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/plugins/replication/repl5_replica.c,v retrieving revision 1.20 retrieving revision 1.21 diff -u -r1.20 -r1.21 --- repl5_replica.c 13 Nov 2008 23:08:18 -0000 1.20 +++ repl5_replica.c 5 Dec 2008 22:41:52 -0000 1.21 @@ -421,7 +421,7 @@ *isInc = (r->repl_state_flags & REPLICA_INCREMENTAL_IN_PROGRESS); slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name, - "conn=%" PRIu64 " op=%d repl=\"%s\": " + "conn=%" NSPRIu64 " op=%d repl=\"%s\": " "Replica in use locking_purl=%s\n", connid, opid, escape_string(slapi_sdn_get_dn(r->repl_root),ebuf), @@ -435,7 +435,7 @@ else { slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name, - "conn=%" PRIu64 " op=%d repl=\"%s\": Acquired replica\n", + "conn=%" NSPRIu64 " op=%d repl=\"%s\": Acquired replica\n", connid, opid, escape_string(slapi_sdn_get_dn(r->repl_root),ebuf)); r->repl_state_flags |= REPLICA_IN_USE; @@ -476,13 +476,13 @@ if (!(r->repl_state_flags & REPLICA_IN_USE)) { slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name, - "conn=%" PRIu64 " op=%d repl=\"%s\": " + "conn=%" NSPRIu64 " op=%d repl=\"%s\": " "Replica not in use\n", connid, opid, escape_string(slapi_sdn_get_dn(r->repl_root),ebuf)); } else { slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name, - "conn=%" PRIu64 " op=%d repl=\"%s\": " + "conn=%" NSPRIu64 " op=%d repl=\"%s\": " "Released replica\n", connid, opid, escape_string(slapi_sdn_get_dn(r->repl_root),ebuf)); @@ -1111,7 +1111,7 @@ _replica_type_as_string (r)); slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name, "\treplica id: %d\n", r->repl_rid); slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name, "\tflags: %d\n", r->repl_flags); - slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name, "\tstate flags: %d\n", r->repl_state_flags); + slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name, "\tstate flags: %lu\n", r->repl_state_flags); if (r->updatedn_list) updatedn_list = replica_updatedn_list_to_string(r->updatedn_list, "\n\t\t"); slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name, "\tupdate dn: %s\n", @@ -2522,15 +2522,15 @@ { slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name, "_replica_reap_tombstones: failed when searching for " - "tombstones in replica %s: %s. Will try again in %d " + "tombstones in replica %s: %s. Will try again in %ld " "seconds.\n", escape_string(slapi_sdn_get_dn(replica->repl_root),ebuf), ldap_err2string(oprc), replica->tombstone_reap_interval); } else { slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name, - "_replica_reap_tombstones: purged %d of %d tombstones " - "in replica %s. Will try again in %d " + "_replica_reap_tombstones: purged %ld of %ld tombstones " + "in replica %s. Will try again in %ld " "seconds.\n", cb_data.num_purged_entries, cb_data.num_entries, escape_string(slapi_sdn_get_dn(replica->repl_root),ebuf), replica->tombstone_reap_interval); @@ -3020,7 +3020,7 @@ slapi_ch_free ((void**)&repl_name); found = slapi_eq_cancel (r->repl_eqcxt_tr); slapi_log_error (SLAPI_LOG_REPL, NULL, - "tombstone_reap event (interval=%d) was %s\n", + "tombstone_reap event (interval=%ld) was %s\n", r->tombstone_reap_interval, (found ? "cancelled" : "not found")); r->repl_eqcxt_tr = NULL; } @@ -3032,7 +3032,7 @@ current_time() + r->tombstone_reap_interval, 1000 * r->tombstone_reap_interval); slapi_log_error (SLAPI_LOG_REPL, NULL, - "tombstone_reap event (interval=%d) was %s\n", + "tombstone_reap event (interval=%ld) was %s\n", r->tombstone_reap_interval, (r->repl_eqcxt_tr ? "scheduled" : "not scheduled successfully")); } PR_Unlock(r->repl_lock); Index: repl5_tot_protocol.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/plugins/replication/repl5_tot_protocol.c,v retrieving revision 1.9 retrieving revision 1.10 diff -u -r1.9 -r1.10 --- repl5_tot_protocol.c 10 Nov 2006 23:45:17 -0000 1.9 +++ repl5_tot_protocol.c 5 Dec 2008 22:41:52 -0000 1.10 @@ -122,8 +122,7 @@ slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name, "%s: Received error %d: %s for total update operation\n", agreement_name, - ldap_error, ldap_error_string ? ldap_error_string : "NULL", - 0); + ldap_error, ldap_error_string ? ldap_error_string : "NULL"); } /* Thread that collects results from async operations sent to the consumer */ @@ -285,7 +284,7 @@ /* Are we caught up ? */ slapi_log_error(SLAPI_LOG_REPL, NULL, "repl5_tot_waitfor_async_results: %d %d\n", - cb_data->last_message_id_received, cb_data->last_message_id_sent, 0); + cb_data->last_message_id_received, cb_data->last_message_id_sent); if (cb_data->last_message_id_received >= cb_data->last_message_id_sent) { /* If so then we're done */ @@ -302,7 +301,7 @@ /* Log a warning */ slapi_log_error(SLAPI_LOG_FATAL, NULL, "repl5_tot_waitfor_async_results timed out waiting for responses: %d %d\n", - cb_data->last_message_id_received, cb_data->last_message_id_sent, 0); + cb_data->last_message_id_received, cb_data->last_message_id_sent); done = 1; } } @@ -474,7 +473,7 @@ agmt_set_last_init_status(prp->agmt, rc, 0, "Total update aborted"); } else { slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name, "Finished total update of replica " - "\"%s\". Sent %d entries.\n", agmt_get_long_name(prp->agmt), cb_data.num_entries); + "\"%s\". Sent %lu entries.\n", agmt_get_long_name(prp->agmt), cb_data.num_entries); agmt_set_last_init_status(prp->agmt, 0, 0, "Total update succeeded"); } @@ -692,7 +691,7 @@ *last_busyp = now; slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name, - "Replica \"%s\" is busy. Waiting %ds while" + "Replica \"%s\" is busy. Waiting %lds while" " it finishes processing its current import queue\n", agmt_get_long_name(prp->agmt), *sleep_on_busyp); DS_Sleep(PR_SecondsToInterval(*sleep_on_busyp)); Index: repl5_total.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/plugins/replication/repl5_total.c,v retrieving revision 1.12 retrieving revision 1.13 diff -u -r1.12 -r1.13 --- repl5_total.c 17 Oct 2008 22:12:47 -0000 1.12 +++ repl5_total.c 5 Dec 2008 22:41:52 -0000 1.13 @@ -881,7 +881,7 @@ const char *dn = slapi_entry_get_dn_const(e); slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name, "Error %d: could not import entry dn %s " - "for total update operation conn=%" PRIu64 " op=%d\n", + "for total update operation conn=%" NSPRIu64 " op=%d\n", rc, dn, connid, opid); rc = -1; } @@ -891,7 +891,7 @@ { slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name, "Error %d: could not decode the total update extop " - "for total update operation conn=%" PRIu64 " op=%d\n", + "for total update operation conn=%" NSPRIu64 " op=%d\n", rc, connid, opid); } Index: repl_connext.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/plugins/replication/repl_connext.c,v retrieving revision 1.7 retrieving revision 1.8 diff -u -r1.7 -r1.8 --- repl_connext.c 17 Oct 2008 22:12:47 -0000 1.7 +++ repl_connext.c 5 Dec 2008 22:41:52 -0000 1.8 @@ -101,7 +101,7 @@ slapi_pblock_get(pb, SLAPI_CONN_ID, &connid); slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name, "Aborting total update in progress for replicated " - "area %s connid=%" PRIu64 "\n", slapi_sdn_get_dn(repl_root_sdn), + "area %s connid=%" NSPRIu64 "\n", slapi_sdn_get_dn(repl_root_sdn), connid); slapi_stop_bulk_import(pb); } Index: repl_extop.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/plugins/replication/repl_extop.c,v retrieving revision 1.15 retrieving revision 1.16 diff -u -r1.15 -r1.16 --- repl_extop.c 4 Dec 2008 00:42:18 -0000 1.15 +++ repl_extop.c 5 Dec 2008 22:41:52 -0000 1.16 @@ -605,7 +605,7 @@ /* Stash info that this is an incremental update session */ connext->repl_protocol_version = REPL_PROTOCOL_50_INCREMENTAL; slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name, - "conn=%" PRIu64 " op=%d repl=\"%s\": Begin incremental protocol\n", + "conn=%" NSPRIu64 " op=%d repl=\"%s\": Begin incremental protocol\n", connid, opid, repl_root); isInc = PR_TRUE; } @@ -617,7 +617,7 @@ connext->repl_protocol_version = REPL_PROTOCOL_50_TOTALUPDATE; } slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name, - "conn=%" PRIu64 " op=%d repl=\"%s\": Begin total protocol\n", + "conn=%" NSPRIu64 " op=%d repl=\"%s\": Begin total protocol\n", connid, opid, repl_root); isInc = PR_FALSE; } @@ -626,7 +626,7 @@ /* Stash info that this is an incremental update session */ connext->repl_protocol_version = REPL_PROTOCOL_50_INCREMENTAL; slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name, - "conn=%" PRIu64 " op=%d repl=\"%s\": Begin 7.1 incremental protocol\n", + "conn=%" NSPRIu64 " op=%d repl=\"%s\": Begin 7.1 incremental protocol\n", connid, opid, repl_root); isInc = PR_TRUE; } @@ -638,7 +638,7 @@ connext->repl_protocol_version = REPL_PROTOCOL_71_TOTALUPDATE; } slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name, - "conn=%" PRIu64 " op=%d repl=\"%s\": Begin 7.1 total protocol\n", + "conn=%" NSPRIu64 " op=%d repl=\"%s\": Begin 7.1 total protocol\n", connid, opid, repl_root); isInc = PR_FALSE; } @@ -660,7 +660,7 @@ if (replica_is_being_configured(repl_root)) { slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name, - "conn=%" PRIu64 " op=%d replica=\"%s\": " + "conn=%" NSPRIu64 " op=%d replica=\"%s\": " "Replica is being configured: try again later\n", connid, opid, repl_root); response = NSDS50_REPL_REPLICA_BUSY; @@ -713,7 +713,7 @@ { response = NSDS50_REPL_EXCESSIVE_CLOCK_SKEW; slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name, - "conn=%" PRIu64 " op=%d repl=\"%s\": " + "conn=%" NSPRIu64 " op=%d repl=\"%s\": " "Excessive clock skew from supplier RUV\n", connid, opid, repl_root); goto send_response; @@ -749,7 +749,7 @@ if (check_replica_id_uniqueness(replica, supplier_ruv) != 0){ slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name, - "conn=%" PRIu64 " op=%d repl=\"%s\": " + "conn=%" NSPRIu64 " op=%d repl=\"%s\": " "Replica has same replicaID %d as supplier\n", connid, opid, repl_root, replica_get_rid(replica)); response = NSDS50_REPL_REPLICAID_ERROR; @@ -762,7 +762,7 @@ * the session's conn id and op id to identify the the supplier. */ /* junkrc = ruv_get_first_id_and_purl(supplier_ruv, &junkrid, &locking_purl); */ - PR_snprintf(locking_session, sizeof(locking_session), "conn=%" PRIu64 " id=%d", connid, opid); + PR_snprintf(locking_session, sizeof(locking_session), "conn=%" NSPRIu64 " id=%d", connid, opid); locking_purl = &locking_session[0]; if (replica_get_exclusive_access(replica, &isInc, connid, opid, locking_purl, @@ -878,7 +878,7 @@ } slapi_log_error (resp_log_level, repl_plugin_name, - "conn=%" PRIu64 " op=%d replica=\"%s\": " + "conn=%" NSPRIu64 " op=%d replica=\"%s\": " "Unable to acquire replica: error: %s%s\n", connid, opid, (replica ? slapi_sdn_get_dn(replica_get_root(replica)) : "unknown"), @@ -902,7 +902,7 @@ slapi_pblock_set(pb, SLAPI_EXT_OP_RET_OID, REPL_NSDS50_REPLICATION_RESPONSE_OID); slapi_pblock_set(pb, SLAPI_EXT_OP_RET_VALUE, resp_bval); slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name, - "conn=%" PRIu64 " op=%d repl=\"%s\": " + "conn=%" NSPRIu64 " op=%d repl=\"%s\": " "StartNSDS50ReplicationRequest: response=%d rc=%d\n", connid, opid, repl_root, response, rc); Index: replutil.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/plugins/replication/replutil.c,v retrieving revision 1.14 retrieving revision 1.15 diff -u -r1.14 -r1.15 --- replutil.c 4 Dec 2008 00:42:18 -0000 1.14 +++ replutil.c 5 Dec 2008 22:41:52 -0000 1.15 @@ -236,7 +236,7 @@ { /* means error */ slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name, - "copyfile: failed to write to destination file %s\n"); + "copyfile: failed to write to destination file %s\n", destination); return_value = -1; break; } @@ -822,7 +822,9 @@ int repl_op = 0; int local_backend = -1; /* index of local backend */ int chaining_backend = -1; /* index of chain backend */ +#ifdef DEBUG_CHAIN_ON_UPDATE int is_internal = 0; +#endif PRBool local_online = PR_FALSE; /* true if the local db is online */ int ii; int opid; Index: windows_connection.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/plugins/replication/windows_connection.c,v retrieving revision 1.22 retrieving revision 1.23 diff -u -r1.22 -r1.23 --- windows_connection.c 2 Dec 2008 15:29:30 -0000 1.22 +++ windows_connection.c 5 Dec 2008 22:41:52 -0000 1.23 @@ -55,6 +55,7 @@ #include "windowsrepl.h" #include "ldappr.h" #include "slap.h" +#include "nss.h" typedef struct repl_connection { @@ -880,7 +881,7 @@ ldap_controls_free(returned_controls); } if (windows_private_dirsync_has_more(conn->agmt)) { - slapi_log_error(SLAPI_LOG_REPL, windows_repl_plugin_name,"received hasmore from dirsync\n", 0); + slapi_log_error(SLAPI_LOG_REPL, windows_repl_plugin_name,"received hasmore from dirsync\n"); } } break; @@ -1900,7 +1901,7 @@ config_set_errorlog_level("nsslapd-errorlog-level", buf, msg, 1); slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name, - "repl5_debug_timeout_callback: set debug level to %d at %d\n", + "repl5_debug_timeout_callback: set debug level to %d at %ld\n", s_debug_level, when); LDAPDebug( LDAP_DEBUG_TRACE, "<= repl5_debug_timeout_callback\n", 0, 0, 0 ); Index: windows_inc_protocol.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/plugins/replication/windows_inc_protocol.c,v retrieving revision 1.17 retrieving revision 1.18 diff -u -r1.17 -r1.18 --- windows_inc_protocol.c 27 Aug 2008 21:46:56 -0000 1.17 +++ windows_inc_protocol.c 5 Dec 2008 22:41:52 -0000 1.18 @@ -162,18 +162,18 @@ static void windows_inc_delete(Private_Repl_Protocol **prpp) { - LDAPDebug( LDAP_DEBUG_TRACE, "=> windows_inc_delete\n", 0, 0, 0 ); + LDAPDebug0Args( LDAP_DEBUG_TRACE, "=> windows_inc_delete\n" ); /* First, stop the protocol if it isn't already stopped */ /* Then, delete all resources used by the protocol */ slapi_eq_cancel(dirsync); - LDAPDebug( LDAP_DEBUG_TRACE, "<= windows_inc_delete\n", 0, 0, 0 ); + LDAPDebug0Args( LDAP_DEBUG_TRACE, "<= windows_inc_delete\n" ); } /* helper function */ void w_set_pause_and_busy_time(long *pausetime, long *busywaittime) { - LDAPDebug( LDAP_DEBUG_TRACE, "=> w_set_pause_and_busy_time\n", 0, 0, 0 ); + LDAPDebug0Args( LDAP_DEBUG_TRACE, "=> w_set_pause_and_busy_time\n" ); /* If neither are set, set busy time to its default */ if (!*pausetime && !*busywaittime) { @@ -210,7 +210,7 @@ */ *pausetime = *busywaittime + 1; } - LDAPDebug( LDAP_DEBUG_TRACE, "<= w_set_pause_and_busy_time\n", 0, 0, 0 ); + LDAPDebug0Args( LDAP_DEBUG_TRACE, "<= w_set_pause_and_busy_time\n" ); } /* @@ -286,7 +286,7 @@ PRBool run_dirsync = PR_FALSE; - LDAPDebug( LDAP_DEBUG_TRACE, "=> windows_inc_run\n", 0, 0, 0 ); + LDAPDebug0Args( LDAP_DEBUG_TRACE, "=> windows_inc_run\n" ); prp->stopped = 0; prp->terminate = 0; @@ -685,7 +685,7 @@ next_fire_time = backoff_step(prp_priv->backoff); /* And go back to sleep */ slapi_log_error(SLAPI_LOG_REPL, windows_repl_plugin_name, - "%s: Replication session backing off for %d seconds\n", + "%s: Replication session backing off for %ld seconds\n", agmt_get_long_name(prp->agmt), next_fire_time - now); @@ -991,7 +991,7 @@ conn_cancel_linger(prp->conn); /* ... and disconnect, if currently connected */ conn_disconnect(prp->conn); - LDAPDebug( LDAP_DEBUG_TRACE, "<= windows_inc_run\n", 0, 0, 0 ); + LDAPDebug0Args( LDAP_DEBUG_TRACE, "<= windows_inc_run\n" ); } @@ -1002,7 +1002,7 @@ static void protocol_sleep(Private_Repl_Protocol *prp, PRIntervalTime duration) { - LDAPDebug( LDAP_DEBUG_TRACE, "=> protocol_sleep\n", 0, 0, 0 ); + LDAPDebug0Args( LDAP_DEBUG_TRACE, "=> protocol_sleep\n" ); PR_ASSERT(NULL != prp); PR_Lock(prp->lock); /* we should not go to sleep if there are events available to be processed. @@ -1016,7 +1016,7 @@ agmt_get_long_name(prp->agmt), prp->eventbits); } PR_Unlock(prp->lock); - LDAPDebug( LDAP_DEBUG_TRACE, "<= protocol_sleep\n", 0, 0, 0 ); + LDAPDebug0Args( LDAP_DEBUG_TRACE, "<= protocol_sleep\n" ); } @@ -1029,13 +1029,13 @@ static void event_notify(Private_Repl_Protocol *prp, PRUint32 event) { - LDAPDebug( LDAP_DEBUG_TRACE, "=> event_notify\n", 0, 0, 0 ); + LDAPDebug0Args( LDAP_DEBUG_TRACE, "=> event_notify\n" ); PR_ASSERT(NULL != prp); PR_Lock(prp->lock); prp->eventbits |= event; PR_NotifyCondVar(prp->cvar); PR_Unlock(prp->lock); - LDAPDebug( LDAP_DEBUG_TRACE, "<= event_notify\n", 0, 0, 0 ); + LDAPDebug0Args( LDAP_DEBUG_TRACE, "<= event_notify\n" ); } @@ -1048,26 +1048,26 @@ { PRUint32 return_value; - LDAPDebug( LDAP_DEBUG_TRACE, "=> event_occurred\n", 0, 0, 0 ); + LDAPDebug0Args( LDAP_DEBUG_TRACE, "=> event_occurred\n" ); PR_ASSERT(NULL != prp); PR_Lock(prp->lock); return_value = (prp->eventbits & event); prp->eventbits &= ~event; /* Clear event */ PR_Unlock(prp->lock); - LDAPDebug( LDAP_DEBUG_TRACE, "<= event_occurred\n", 0, 0, 0 ); + LDAPDebug0Args( LDAP_DEBUG_TRACE, "<= event_occurred\n" ); return return_value; } static void reset_events (Private_Repl_Protocol *prp) { - LDAPDebug( LDAP_DEBUG_TRACE, "=> reset_events\n", 0, 0, 0 ); + LDAPDebug0Args( LDAP_DEBUG_TRACE, "=> reset_events\n" ); PR_ASSERT(NULL != prp); PR_Lock(prp->lock); prp->eventbits = 0; PR_Unlock(prp->lock); - LDAPDebug( LDAP_DEBUG_TRACE, "<= reset_events\n", 0, 0, 0 ); + LDAPDebug0Args( LDAP_DEBUG_TRACE, "<= reset_events\n" ); } @@ -1075,8 +1075,8 @@ static PRBool is_dummy_operation (const slapi_operation_parameters *op) { - LDAPDebug( LDAP_DEBUG_TRACE, "=> is_dummy_operation\n", 0, 0, 0 ); - LDAPDebug( LDAP_DEBUG_TRACE, "<= is_dummy_operation\n", 0, 0, 0 ); + LDAPDebug0Args( LDAP_DEBUG_TRACE, "=> is_dummy_operation\n" ); + LDAPDebug0Args( LDAP_DEBUG_TRACE, "<= is_dummy_operation\n" ); return (strcmp (op->target_address.uniqueid, START_ITERATION_ENTRY_UNIQUEID) == 0); } @@ -1085,7 +1085,7 @@ void w_cl5_operation_parameters_done (struct slapi_operation_parameters *sop) { - LDAPDebug( LDAP_DEBUG_TRACE, "=> w_cl5_operation_parameters_done\n", 0, 0, 0 ); + LDAPDebug0Args( LDAP_DEBUG_TRACE, "=> w_cl5_operation_parameters_done\n" ); if(sop!=NULL) { switch(sop->operation_type) { @@ -1120,7 +1120,7 @@ } } operation_parameters_done(sop); - LDAPDebug( LDAP_DEBUG_TRACE, "<= w_cl5_operation_parameters_done\n", 0, 0, 0 ); + LDAPDebug0Args( LDAP_DEBUG_TRACE, "<= w_cl5_operation_parameters_done\n" ); } @@ -1147,7 +1147,7 @@ RUV *current_ruv = ruv_dup(remote_update_vector); CSN *mincsn = NULL; - LDAPDebug( LDAP_DEBUG_TRACE, "=> send_updates\n", 0, 0, 0 ); + LDAPDebug0Args( LDAP_DEBUG_TRACE, "=> send_updates\n" ); *num_changes_sent = 0; @@ -1445,7 +1445,7 @@ agmt_set_consumer_ruv(prp->agmt,current_ruv); ruv_destroy(¤t_ruv); } - LDAPDebug( LDAP_DEBUG_TRACE, "<= send_updates\n", 0, 0, 0 ); + LDAPDebug0Args( LDAP_DEBUG_TRACE, "<= send_updates\n" ); return return_value; } @@ -1462,7 +1462,7 @@ PRIntervalTime start, maxwait, now; int seconds = 1200; - LDAPDebug( LDAP_DEBUG_TRACE, "=> windows_inc_stop\n", 0, 0, 0 ); + LDAPDebug0Args( LDAP_DEBUG_TRACE, "=> windows_inc_stop\n" ); maxwait = PR_SecondsToInterval(seconds); prp->terminate = 1; @@ -1490,7 +1490,7 @@ agmt_get_long_name(prp->agmt), PR_IntervalToSeconds(now-start)); } - LDAPDebug( LDAP_DEBUG_TRACE, "<= windows_inc_stop\n", 0, 0, 0 ); + LDAPDebug0Args( LDAP_DEBUG_TRACE, "<= windows_inc_stop\n" ); return return_value; } @@ -1501,9 +1501,9 @@ { int return_value = 0; - LDAPDebug( LDAP_DEBUG_TRACE, "=> windows_inc_status\n", 0, 0, 0 ); + LDAPDebug0Args( LDAP_DEBUG_TRACE, "=> windows_inc_status\n" ); - LDAPDebug( LDAP_DEBUG_TRACE, "<= windows_inc_status\n", 0, 0, 0 ); + LDAPDebug0Args( LDAP_DEBUG_TRACE, "<= windows_inc_status\n" ); return return_value; } @@ -1513,43 +1513,43 @@ static void windows_inc_notify_update(Private_Repl_Protocol *prp) { - LDAPDebug( LDAP_DEBUG_TRACE, "=> windows_inc_notify_update\n", 0, 0, 0 ); + LDAPDebug0Args( LDAP_DEBUG_TRACE, "=> windows_inc_notify_update\n" ); event_notify(prp, EVENT_TRIGGERING_CRITERIA_MET); - LDAPDebug( LDAP_DEBUG_TRACE, "<= windows_inc_notify_update\n", 0, 0, 0 ); + LDAPDebug0Args( LDAP_DEBUG_TRACE, "<= windows_inc_notify_update\n" ); } static void windows_inc_update_now(Private_Repl_Protocol *prp) { - LDAPDebug( LDAP_DEBUG_TRACE, "=> windows_inc_update_now\n", 0, 0, 0 ); + LDAPDebug0Args( LDAP_DEBUG_TRACE, "=> windows_inc_update_now\n" ); event_notify(prp, EVENT_REPLICATE_NOW); - LDAPDebug( LDAP_DEBUG_TRACE, "<= windows_inc_update_now\n", 0, 0, 0 ); + LDAPDebug0Args( LDAP_DEBUG_TRACE, "<= windows_inc_update_now\n" ); } static void windows_inc_notify_agmt_changed(Private_Repl_Protocol *prp) { - LDAPDebug( LDAP_DEBUG_TRACE, "=> windows_inc_notify_agmt_changed\n", 0, 0, 0 ); + LDAPDebug0Args( LDAP_DEBUG_TRACE, "=> windows_inc_notify_agmt_changed\n" ); event_notify(prp, EVENT_AGMT_CHANGED); - LDAPDebug( LDAP_DEBUG_TRACE, "<= windows_inc_notify_agmt_changed\n", 0, 0, 0 ); + LDAPDebug0Args( LDAP_DEBUG_TRACE, "<= windows_inc_notify_agmt_changed\n" ); } static void windows_inc_notify_window_opened (Private_Repl_Protocol *prp) { - LDAPDebug( LDAP_DEBUG_TRACE, "=> windows_inc_notify_window_opened\n", 0, 0, 0 ); + LDAPDebug0Args( LDAP_DEBUG_TRACE, "=> windows_inc_notify_window_opened\n" ); event_notify(prp, EVENT_WINDOW_OPENED); - LDAPDebug( LDAP_DEBUG_TRACE, "<= windows_inc_notify_window_opened\n", 0, 0, 0 ); + LDAPDebug0Args( LDAP_DEBUG_TRACE, "<= windows_inc_notify_window_opened\n" ); } static void windows_inc_notify_window_closed (Private_Repl_Protocol *prp) { - LDAPDebug( LDAP_DEBUG_TRACE, "=> windows_inc_notify_window_closed\n", 0, 0, 0 ); + LDAPDebug0Args( LDAP_DEBUG_TRACE, "=> windows_inc_notify_window_closed\n" ); event_notify(prp, EVENT_WINDOW_CLOSED); - LDAPDebug( LDAP_DEBUG_TRACE, "<= windows_inc_notify_window_closed\n", 0, 0, 0 ); + LDAPDebug0Args( LDAP_DEBUG_TRACE, "<= windows_inc_notify_window_closed\n" ); } @@ -1559,7 +1559,7 @@ windows_inc_private *rip = NULL; Private_Repl_Protocol *prp = (Private_Repl_Protocol *)slapi_ch_malloc(sizeof(Private_Repl_Protocol)); - LDAPDebug( LDAP_DEBUG_TRACE, "=> Windows_Inc_Protocol_new\n", 0, 0, 0 ); + LDAPDebug0Args( LDAP_DEBUG_TRACE, "=> Windows_Inc_Protocol_new\n" ); prp->delete = windows_inc_delete; prp->run = windows_inc_run; @@ -1592,13 +1592,13 @@ prp->private = (void *)rip; prp->replica_acquired = PR_FALSE; - LDAPDebug( LDAP_DEBUG_TRACE, "<= Windows_Inc_Protocol_new\n", 0, 0, 0 ); + LDAPDebug0Args( LDAP_DEBUG_TRACE, "<= Windows_Inc_Protocol_new\n" ); return prp; loser: windows_inc_delete(&prp); - LDAPDebug( LDAP_DEBUG_TRACE, "<= Windows_Inc_Protocol_new (loser)\n", 0, 0, 0 ); + LDAPDebug0Args( LDAP_DEBUG_TRACE, "<= Windows_Inc_Protocol_new (loser)\n" ); return NULL; } @@ -1610,12 +1610,12 @@ { Private_Repl_Protocol *prp = (Private_Repl_Protocol *)arg; - LDAPDebug( LDAP_DEBUG_TRACE, "=> windows_inc_backoff_expired\n", 0, 0, 0 ); + LDAPDebug0Args( LDAP_DEBUG_TRACE, "=> windows_inc_backoff_expired\n" ); PR_ASSERT(NULL != prp); event_notify(prp, EVENT_BACKOFF_EXPIRED); - LDAPDebug( LDAP_DEBUG_TRACE, "<= windows_inc_backoff_expired\n", 0, 0, 0 ); + LDAPDebug0Args( LDAP_DEBUG_TRACE, "<= windows_inc_backoff_expired\n" ); } @@ -1641,7 +1641,7 @@ { int return_value; - LDAPDebug( LDAP_DEBUG_TRACE, "=> windows_examine_update_vector\n", 0, 0, 0 ); + LDAPDebug0Args( LDAP_DEBUG_TRACE, "=> windows_examine_update_vector\n" ); PR_ASSERT(NULL != prp); if (NULL == prp) @@ -1682,7 +1682,7 @@ slapi_ch_free((void**)&remote_gen); slapi_ch_free((void**)&local_gen); } - LDAPDebug( LDAP_DEBUG_TRACE, "<= windows_examine_update_vector\n", 0, 0, 0 ); + LDAPDebug0Args( LDAP_DEBUG_TRACE, "<= windows_examine_update_vector\n" ); return return_value; } @@ -1707,8 +1707,8 @@ static const char* state2name (int state) { - LDAPDebug( LDAP_DEBUG_TRACE, "=> state2name\n", 0, 0, 0 ); - LDAPDebug( LDAP_DEBUG_TRACE, "<= state2name\n", 0, 0, 0 ); + LDAPDebug0Args( LDAP_DEBUG_TRACE, "=> state2name\n" ); + LDAPDebug0Args( LDAP_DEBUG_TRACE, "<= state2name\n" ); switch (state) { case STATE_START: return "start"; @@ -1729,8 +1729,8 @@ static const char* event2name (int event) { - LDAPDebug( LDAP_DEBUG_TRACE, "=> event2name\n", 0, 0, 0 ); - LDAPDebug( LDAP_DEBUG_TRACE, "<= event2name\n", 0, 0, 0 ); + LDAPDebug0Args( LDAP_DEBUG_TRACE, "=> event2name\n" ); + LDAPDebug0Args( LDAP_DEBUG_TRACE, "<= event2name\n" ); switch (event) { case EVENT_WINDOW_OPENED: return "update_window_opened"; @@ -1749,11 +1749,11 @@ static void periodic_dirsync(time_t when, void *arg) { - LDAPDebug( LDAP_DEBUG_TRACE, "=> periodic_dirsync\n", 0, 0, 0 ); + LDAPDebug0Args( LDAP_DEBUG_TRACE, "=> periodic_dirsync\n" ); slapi_log_error(SLAPI_LOG_REPL, windows_repl_plugin_name, "Running Dirsync \n"); event_notify( (Private_Repl_Protocol*) arg, EVENT_RUN_DIRSYNC); - LDAPDebug( LDAP_DEBUG_TRACE, "<= periodic_dirsync\n", 0, 0, 0 ); + LDAPDebug0Args( LDAP_DEBUG_TRACE, "<= periodic_dirsync\n" ); } Index: windows_private.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/plugins/replication/windows_private.c,v retrieving revision 1.21 retrieving revision 1.22 diff -u -r1.21 -r1.22 --- windows_private.c 23 Sep 2008 21:13:22 -0000 1.21 +++ windows_private.c 5 Dec 2008 22:41:52 -0000 1.22 @@ -196,7 +196,7 @@ { Dirsync_Private *dp; - LDAPDebug( LDAP_DEBUG_TRACE, "=> windows_private_new\n", 0, 0, 0 ); + LDAPDebug0Args( LDAP_DEBUG_TRACE, "=> windows_private_new\n" ); dp = (Dirsync_Private *)slapi_ch_calloc(sizeof(Dirsync_Private),1); @@ -204,7 +204,7 @@ dp->directory_filter = NULL; dp->deleted_filter = NULL; - LDAPDebug( LDAP_DEBUG_TRACE, "<= windows_private_new\n", 0, 0, 0 ); + LDAPDebug0Args( LDAP_DEBUG_TRACE, "<= windows_private_new\n" ); return dp; } @@ -213,7 +213,7 @@ { Dirsync_Private *dp = (Dirsync_Private *) agmt_get_priv(ra); - LDAPDebug( LDAP_DEBUG_TRACE, "=> windows_private_delete\n", 0, 0, 0 ); + LDAPDebug0Args( LDAP_DEBUG_TRACE, "=> windows_private_delete\n" ); PR_ASSERT(dp != NULL); @@ -229,7 +229,7 @@ dp->api_cookie = NULL; slapi_ch_free((void **)dp); - LDAPDebug( LDAP_DEBUG_TRACE, "<= windows_private_delete\n", 0, 0, 0 ); + LDAPDebug0Args( LDAP_DEBUG_TRACE, "<= windows_private_delete\n" ); } @@ -237,14 +237,14 @@ { Dirsync_Private *dp; - LDAPDebug( LDAP_DEBUG_TRACE, "=> windows_private_get_isnt4\n", 0, 0, 0 ); + LDAPDebug0Args( LDAP_DEBUG_TRACE, "=> windows_private_get_isnt4\n" ); PR_ASSERT(ra); dp = (Dirsync_Private *) agmt_get_priv(ra); PR_ASSERT (dp); - LDAPDebug( LDAP_DEBUG_TRACE, "<= windows_private_get_isnt4\n", 0, 0, 0 ); + LDAPDebug0Args( LDAP_DEBUG_TRACE, "<= windows_private_get_isnt4\n" ); return dp->isnt4; } @@ -253,7 +253,7 @@ { Dirsync_Private *dp; - LDAPDebug( LDAP_DEBUG_TRACE, "=> windows_private_set_isnt4\n", 0, 0, 0 ); + LDAPDebug0Args( LDAP_DEBUG_TRACE, "=> windows_private_set_isnt4\n" ); PR_ASSERT(ra); @@ -262,21 +262,21 @@ dp->isnt4 = isit; - LDAPDebug( LDAP_DEBUG_TRACE, "<= windows_private_set_isnt4\n", 0, 0, 0 ); + LDAPDebug0Args( LDAP_DEBUG_TRACE, "<= windows_private_set_isnt4\n" ); } int windows_private_get_iswin2k3(const Repl_Agmt *ra) { Dirsync_Private *dp; - LDAPDebug( LDAP_DEBUG_TRACE, "=> windows_private_get_iswin2k3\n", 0, 0, 0 ); + LDAPDebug0Args( LDAP_DEBUG_TRACE, "=> windows_private_get_iswin2k3\n" ); PR_ASSERT(ra); dp = (Dirsync_Private *) agmt_get_priv(ra); PR_ASSERT (dp); - LDAPDebug( LDAP_DEBUG_TRACE, "<= windows_private_get_iswin2k3\n", 0, 0, 0 ); + LDAPDebug0Args( LDAP_DEBUG_TRACE, "<= windows_private_get_iswin2k3\n" ); return dp->iswin2k3; } @@ -285,7 +285,7 @@ { Dirsync_Private *dp; - LDAPDebug( LDAP_DEBUG_TRACE, "=> windows_private_set_iswin2k3\n", 0, 0, 0 ); + LDAPDebug0Args( LDAP_DEBUG_TRACE, "=> windows_private_set_iswin2k3\n" ); PR_ASSERT(ra); @@ -294,7 +294,7 @@ dp->iswin2k3 = isit; - LDAPDebug( LDAP_DEBUG_TRACE, "<= windows_private_set_iswin2k3\n", 0, 0, 0 ); + LDAPDebug0Args( LDAP_DEBUG_TRACE, "<= windows_private_set_iswin2k3\n" ); } /* Returns a copy of the Slapi_Filter pointer. The caller should not free it */ @@ -302,7 +302,7 @@ { Dirsync_Private *dp; - LDAPDebug( LDAP_DEBUG_TRACE, "=> windows_private_get_directory_filter\n", 0, 0, 0 ); + LDAPDebug0Args( LDAP_DEBUG_TRACE, "=> windows_private_get_directory_filter\n" ); PR_ASSERT(ra); @@ -316,7 +316,7 @@ slapi_ch_free_string(&string_filter); } - LDAPDebug( LDAP_DEBUG_TRACE, "<= windows_private_get_directory_filter\n", 0, 0, 0 ); + LDAPDebug0Args( LDAP_DEBUG_TRACE, "<= windows_private_get_directory_filter\n" ); return dp->directory_filter; } @@ -326,7 +326,7 @@ { Dirsync_Private *dp; - LDAPDebug( LDAP_DEBUG_TRACE, "=> windows_private_get_deleted_filter\n", 0, 0, 0 ); + LDAPDebug0Args( LDAP_DEBUG_TRACE, "=> windows_private_get_deleted_filter\n" ); PR_ASSERT(ra); @@ -340,7 +340,7 @@ slapi_ch_free_string(&string_filter); } - LDAPDebug( LDAP_DEBUG_TRACE, "<= windows_private_get_deleted_filter\n", 0, 0, 0 ); + LDAPDebug0Args( LDAP_DEBUG_TRACE, "<= windows_private_get_deleted_filter\n" ); return dp->deleted_filter; } @@ -350,14 +350,14 @@ { Dirsync_Private *dp; - LDAPDebug( LDAP_DEBUG_TRACE, "=> windows_private_get_windows_subtree\n", 0, 0, 0 ); + LDAPDebug0Args( LDAP_DEBUG_TRACE, "=> windows_private_get_windows_subtree\n" ); PR_ASSERT(ra); dp = (Dirsync_Private *) agmt_get_priv(ra); PR_ASSERT (dp); - LDAPDebug( LDAP_DEBUG_TRACE, "<= windows_private_get_windows_subtree\n", 0, 0, 0 ); + LDAPDebug0Args( LDAP_DEBUG_TRACE, "<= windows_private_get_windows_subtree\n" ); return dp->windows_subtree; } @@ -367,14 +367,14 @@ { Dirsync_Private *dp; - LDAPDebug( LDAP_DEBUG_TRACE, "=> windows_private_get_windows_domain\n", 0, 0, 0 ); + LDAPDebug0Args( LDAP_DEBUG_TRACE, "=> windows_private_get_windows_domain\n" ); PR_ASSERT(ra); dp = (Dirsync_Private *) agmt_get_priv(ra); PR_ASSERT (dp); - LDAPDebug( LDAP_DEBUG_TRACE, "<= windows_private_get_windows_domain\n", 0, 0, 0 ); + LDAPDebug0Args( LDAP_DEBUG_TRACE, "<= windows_private_get_windows_domain\n" ); return dp->windows_domain; } @@ -384,7 +384,7 @@ { Dirsync_Private *dp; - LDAPDebug( LDAP_DEBUG_TRACE, "=> windows_private_set_windows_domain\n", 0, 0, 0 ); + LDAPDebug0Args( LDAP_DEBUG_TRACE, "=> windows_private_set_windows_domain\n" ); PR_ASSERT(ra); @@ -393,7 +393,7 @@ dp->windows_domain = domain; - LDAPDebug( LDAP_DEBUG_TRACE, "<= windows_private_set_windows_domain\n", 0, 0, 0 ); + LDAPDebug0Args( LDAP_DEBUG_TRACE, "<= windows_private_set_windows_domain\n" ); } /* Returns a copy of the Slapi_DN pointer, no need to free it */ @@ -401,14 +401,14 @@ { Dirsync_Private *dp; - LDAPDebug( LDAP_DEBUG_TRACE, "=> windows_private_get_directory_replarea\n", 0, 0, 0 ); + LDAPDebug0Args( LDAP_DEBUG_TRACE, "=> windows_private_get_directory_replarea\n" ); PR_ASSERT(ra); dp = (Dirsync_Private *) agmt_get_priv(ra); PR_ASSERT (dp); - LDAPDebug( LDAP_DEBUG_TRACE, "<= windows_private_get_directory_replarea\n", 0, 0, 0 ); + LDAPDebug0Args( LDAP_DEBUG_TRACE, "<= windows_private_get_directory_replarea\n" ); return dp->directory_subtree; } @@ -419,7 +419,7 @@ Dirsync_Private *dp; - LDAPDebug( LDAP_DEBUG_TRACE, "=> windows_private_set_windows_replarea\n", 0, 0, 0 ); + LDAPDebug0Args( LDAP_DEBUG_TRACE, "=> windows_private_set_windows_replarea\n" ); PR_ASSERT(ra); PR_ASSERT(sdn); @@ -430,7 +430,7 @@ slapi_sdn_free(&dp->windows_subtree); dp->windows_subtree = sdn; - LDAPDebug( LDAP_DEBUG_TRACE, "<= windows_private_set_windows_replarea\n", 0, 0, 0 ); + LDAPDebug0Args( LDAP_DEBUG_TRACE, "<= windows_private_set_windows_replarea\n" ); } /* Takes a copy of the sdn passed in */ @@ -439,7 +439,7 @@ Dirsync_Private *dp; - LDAPDebug( LDAP_DEBUG_TRACE, "=> windows_private_set_directory_replarea\n", 0, 0, 0 ); + LDAPDebug0Args( LDAP_DEBUG_TRACE, "=> windows_private_set_directory_replarea\n" ); PR_ASSERT(ra); PR_ASSERT(sdn); @@ -450,20 +450,20 @@ slapi_sdn_free(&dp->directory_subtree); dp->directory_subtree = sdn; - LDAPDebug( LDAP_DEBUG_TRACE, "<= windows_private_set_directory_replarea\n", 0, 0, 0 ); + LDAPDebug0Args( LDAP_DEBUG_TRACE, "<= windows_private_set_directory_replarea\n" ); } PRBool windows_private_create_users(const Repl_Agmt *ra) { Dirsync_Private *dp; - LDAPDebug( LDAP_DEBUG_TRACE, "=> windows_private_create_users\n", 0, 0, 0 ); + LDAPDebug0Args( LDAP_DEBUG_TRACE, "=> windows_private_create_users\n" ); PR_ASSERT(ra); dp = (Dirsync_Private *) agmt_get_priv(ra); PR_ASSERT (dp); - LDAPDebug( LDAP_DEBUG_TRACE, "<= windows_private_create_users\n", 0, 0, 0 ); + LDAPDebug0Args( LDAP_DEBUG_TRACE, "<= windows_private_create_users\n" ); return dp->create_users_from_dirsync; @@ -474,7 +474,7 @@ { Dirsync_Private *dp; - LDAPDebug( LDAP_DEBUG_TRACE, "=> windows_private_set_create_users\n", 0, 0, 0 ); + LDAPDebug0Args( LDAP_DEBUG_TRACE, "=> windows_private_set_create_users\n" ); PR_ASSERT(ra); dp = (Dirsync_Private *) agmt_get_priv(ra); @@ -482,7 +482,7 @@ dp->create_users_from_dirsync = value; - LDAPDebug( LDAP_DEBUG_TRACE, "<= windows_private_set_create_users\n", 0, 0, 0 ); + LDAPDebug0Args( LDAP_DEBUG_TRACE, "<= windows_private_set_create_users\n" ); } @@ -490,13 +490,13 @@ { Dirsync_Private *dp; - LDAPDebug( LDAP_DEBUG_TRACE, "=> windows_private_create_groups\n", 0, 0, 0 ); + LDAPDebug0Args( LDAP_DEBUG_TRACE, "=> windows_private_create_groups\n" ); PR_ASSERT(ra); dp = (Dirsync_Private *) agmt_get_priv(ra); PR_ASSERT (dp); - LDAPDebug( LDAP_DEBUG_TRACE, "<= windows_private_create_groups\n", 0, 0, 0 ); + LDAPDebug0Args( LDAP_DEBUG_TRACE, "<= windows_private_create_groups\n" ); return dp->create_groups_from_dirsync; @@ -507,7 +507,7 @@ { Dirsync_Private *dp; - LDAPDebug( LDAP_DEBUG_TRACE, "=> windows_private_set_create_groups\n", 0, 0, 0 ); + LDAPDebug0Args( LDAP_DEBUG_TRACE, "=> windows_private_set_create_groups\n" ); PR_ASSERT(ra); dp = (Dirsync_Private *) agmt_get_priv(ra); @@ -515,7 +515,7 @@ dp->create_groups_from_dirsync = value; - LDAPDebug( LDAP_DEBUG_TRACE, "<= windows_private_set_create_groups\n", 0, 0, 0 ); + LDAPDebug0Args( LDAP_DEBUG_TRACE, "<= windows_private_set_create_groups\n" ); } @@ -533,7 +533,7 @@ Dirsync_Private *dp; char iscritical = PR_TRUE; - LDAPDebug( LDAP_DEBUG_TRACE, "=> windows_private_dirsync_control\n", 0, 0, 0 ); + LDAPDebug0Args( LDAP_DEBUG_TRACE, "=> windows_private_dirsync_control\n" ); PR_ASSERT(ra); @@ -551,7 +551,7 @@ ber_free(ber,1); - LDAPDebug( LDAP_DEBUG_TRACE, "<= windows_private_dirsync_control\n", 0, 0, 0 ); + LDAPDebug0Args( LDAP_DEBUG_TRACE, "<= windows_private_dirsync_control\n" ); return control; @@ -578,7 +578,7 @@ int return_value = LDAP_SUCCESS; #endif - LDAPDebug( LDAP_DEBUG_TRACE, "=> windows_private_update_dirsync_control\n", 0, 0, 0 ); + LDAPDebug0Args( LDAP_DEBUG_TRACE, "=> windows_private_update_dirsync_control\n" ); PR_ASSERT(ra); @@ -636,9 +636,9 @@ } #ifdef FOR_DEBUGGING - LDAPDebug( LDAP_DEBUG_TRACE, "<= windows_private_update_dirsync_control: rc=%d\n", return_value, 0, 0 ); + LDAPDebug1Arg( LDAP_DEBUG_TRACE, "<= windows_private_update_dirsync_control: rc=%d\n", return_value); #else - LDAPDebug( LDAP_DEBUG_TRACE, "<= windows_private_update_dirsync_control\n", 0, 0, 0 ); + LDAPDebug0Args( LDAP_DEBUG_TRACE, "<= windows_private_update_dirsync_control\n" ); #endif } @@ -646,14 +646,14 @@ { Dirsync_Private *dp; - LDAPDebug( LDAP_DEBUG_TRACE, "=> windows_private_dirsync_has_more\n", 0, 0, 0 ); + LDAPDebug0Args( LDAP_DEBUG_TRACE, "=> windows_private_dirsync_has_more\n" ); PR_ASSERT(ra); dp = (Dirsync_Private *) agmt_get_priv(ra); PR_ASSERT (dp); - LDAPDebug( LDAP_DEBUG_TRACE, "<= windows_private_dirsync_has_more\n", 0, 0, 0 ); + LDAPDebug0Args( LDAP_DEBUG_TRACE, "<= windows_private_dirsync_has_more\n" ); return dp->dirsync_cookie_has_more; @@ -663,7 +663,7 @@ { Dirsync_Private *dp; - LDAPDebug( LDAP_DEBUG_TRACE, "=> windows_private_null_dirsync_control\n", 0, 0, 0 ); + LDAPDebug0Args( LDAP_DEBUG_TRACE, "=> windows_private_null_dirsync_control\n" ); dp = (Dirsync_Private *) agmt_get_priv(ra); PR_ASSERT (dp); @@ -672,7 +672,7 @@ slapi_ch_free_string(&dp->dirsync_cookie); dp->dirsync_cookie = NULL; - LDAPDebug( LDAP_DEBUG_TRACE, "<= windows_private_null_dirsync_control\n", 0, 0, 0 ); + LDAPDebug0Args( LDAP_DEBUG_TRACE, "<= windows_private_null_dirsync_control\n" ); } static @@ -703,7 +703,7 @@ - LDAPDebug( LDAP_DEBUG_TRACE, "=> windows_private_save_dirsync_cookie\n", 0, 0, 0 ); + LDAPDebug0Args( LDAP_DEBUG_TRACE, "=> windows_private_save_dirsync_cookie\n" ); PR_ASSERT(ra); dp = (Dirsync_Private *) agmt_get_priv(ra); @@ -736,7 +736,7 @@ slapi_mods_free(&mods); slapi_sdn_free(&sdn); - LDAPDebug( LDAP_DEBUG_TRACE, "<= windows_private_save_dirsync_cookie\n", 0, 0, 0 ); + LDAPDebug0Args( LDAP_DEBUG_TRACE, "<= windows_private_save_dirsync_cookie\n" ); return rc; } @@ -753,7 +753,7 @@ Slapi_Entry *entry = NULL; Slapi_Attr *attr = NULL; - LDAPDebug( LDAP_DEBUG_TRACE, "=> windows_private_load_dirsync_cookie\n", 0, 0, 0 ); + LDAPDebug0Args( LDAP_DEBUG_TRACE, "=> windows_private_load_dirsync_cookie\n" ); PR_ASSERT(ra); dp = (Dirsync_Private *) agmt_get_priv(ra); @@ -803,7 +803,7 @@ slapi_sdn_free( &sdn); slapi_pblock_destroy (pb); - LDAPDebug( LDAP_DEBUG_TRACE, "<= windows_private_load_dirsync_cookie\n", 0, 0, 0 ); + LDAPDebug0Args( LDAP_DEBUG_TRACE, "<= windows_private_load_dirsync_cookie\n" ); return rc; } @@ -813,12 +813,12 @@ { Dirsync_Private *dp; - LDAPDebug( LDAP_DEBUG_TRACE, "=> windows_private_get_raw_entry\n", 0, 0, 0 ); + LDAPDebug0Args( LDAP_DEBUG_TRACE, "=> windows_private_get_raw_entry\n" ); dp = (Dirsync_Private *) agmt_get_priv(ra); PR_ASSERT (dp); - LDAPDebug( LDAP_DEBUG_TRACE, "<= windows_private_get_raw_entry\n", 0, 0, 0 ); + LDAPDebug0Args( LDAP_DEBUG_TRACE, "<= windows_private_get_raw_entry\n" ); return dp->raw_entry; } @@ -828,7 +828,7 @@ { Dirsync_Private *dp; - LDAPDebug( LDAP_DEBUG_TRACE, "=> windows_private_set_raw_entry\n", 0, 0, 0 ); + LDAPDebug0Args( LDAP_DEBUG_TRACE, "=> windows_private_set_raw_entry\n" ); dp = (Dirsync_Private *) agmt_get_priv(ra); PR_ASSERT (dp); @@ -836,19 +836,19 @@ slapi_entry_free(dp->raw_entry); dp->raw_entry = e; - LDAPDebug( LDAP_DEBUG_TRACE, "<= windows_private_set_raw_entry\n", 0, 0, 0 ); + LDAPDebug0Args( LDAP_DEBUG_TRACE, "<= windows_private_set_raw_entry\n" ); } void *windows_private_get_api_cookie(const Repl_Agmt *ra) { Dirsync_Private *dp; - LDAPDebug( LDAP_DEBUG_TRACE, "=> windows_private_get_api_cookie\n", 0, 0, 0 ); + LDAPDebug0Args( LDAP_DEBUG_TRACE, "=> windows_private_get_api_cookie\n" ); dp = (Dirsync_Private *) agmt_get_priv(ra); PR_ASSERT (dp); - LDAPDebug( LDAP_DEBUG_TRACE, "<= windows_private_get_api_cookie\n", 0, 0, 0 ); + LDAPDebug0Args( LDAP_DEBUG_TRACE, "<= windows_private_get_api_cookie\n" ); return dp->api_cookie; } @@ -857,13 +857,13 @@ { Dirsync_Private *dp; - LDAPDebug( LDAP_DEBUG_TRACE, "=> windows_private_set_api_cookie\n", 0, 0, 0 ); + LDAPDebug0Args( LDAP_DEBUG_TRACE, "=> windows_private_set_api_cookie\n" ); dp = (Dirsync_Private *) agmt_get_priv(ra); PR_ASSERT (dp); dp->api_cookie = api_cookie; - LDAPDebug( LDAP_DEBUG_TRACE, "<= windows_private_set_api_cookie\n", 0, 0, 0 ); + LDAPDebug0Args( LDAP_DEBUG_TRACE, "<= windows_private_set_api_cookie\n" ); } /* an array of function pointers */ @@ -875,7 +875,7 @@ void *cookie = NULL; winsync_plugin_init_cb initfunc = NULL; - LDAPDebug( LDAP_DEBUG_PLUGIN, "--> windows_plugin_init_start -- begin\n",0,0,0); + LDAPDebug0Args( LDAP_DEBUG_PLUGIN, "--> windows_plugin_init_start -- begin\n"); /* if the function pointer array is null, get the functions - we will call init once per replication agreement, but will only grab the @@ -884,9 +884,9 @@ (slapi_apib_get_interface(WINSYNC_v1_0_GUID, &_WinSyncAPI) || (NULL == _WinSyncAPI))) { - LDAPDebug( LDAP_DEBUG_PLUGIN, + LDAPDebug1Arg( LDAP_DEBUG_PLUGIN, "<-- windows_plugin_init_start -- no windows plugin API registered for GUID [%s] -- end\n", - WINSYNC_v1_0_GUID,0,0); + WINSYNC_v1_0_GUID); return; } @@ -897,7 +897,7 @@ } windows_private_set_api_cookie(ra, cookie); - LDAPDebug( LDAP_DEBUG_PLUGIN, "<-- windows_plugin_init_start -- end\n",0,0,0); + LDAPDebug0Args( LDAP_DEBUG_PLUGIN, "<-- windows_plugin_init_start -- end\n"); return; } Index: windows_protocol_util.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/plugins/replication/windows_protocol_util.c,v retrieving revision 1.42 retrieving revision 1.43 diff -u -r1.42 -r1.43 --- windows_protocol_util.c 24 Sep 2008 22:18:35 -0000 1.42 +++ windows_protocol_util.c 5 Dec 2008 22:41:52 -0000 1.43 @@ -1287,7 +1287,7 @@ break; default: slapi_log_error(SLAPI_LOG_FATAL, windows_repl_plugin_name, "%s: replay_update: Unknown " - "operation type %d found in changelog - skipping change.\n", + "operation type %lu found in changelog - skipping change.\n", agmt_get_long_name(prp->agmt), op->operation_type); } if (password) @@ -3878,7 +3878,7 @@ /* We should have been able to map the DN, so this is an error */ slapi_log_error(SLAPI_LOG_REPL, windows_repl_plugin_name, "%s: windows_process_dirsync_entry: failed to map " - "inbound entry %s - rc is %d dn is [%d].\n", + "inbound entry %s - rc is %d dn is [%s].\n", agmt_get_long_name(prp->agmt), slapi_sdn_get_dn(slapi_entry_get_sdn_const(e)), rc, Index: windows_tot_protocol.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/plugins/replication/windows_tot_protocol.c,v retrieving revision 1.14 retrieving revision 1.15 diff -u -r1.14 -r1.15 --- windows_tot_protocol.c 27 Aug 2008 21:46:56 -0000 1.14 +++ windows_tot_protocol.c 5 Dec 2008 22:41:52 -0000 1.15 @@ -109,7 +109,7 @@ char **attrs = NULL; LDAPControl **server_controls = NULL; - LDAPDebug( LDAP_DEBUG_TRACE, "=> windows_tot_run\n", 0, 0, 0 ); + LDAPDebug0Args( LDAP_DEBUG_TRACE, "=> windows_tot_run\n" ); PR_ASSERT(NULL != prp); @@ -218,7 +218,7 @@ agmt_set_last_init_status(prp->agmt, rc, 0, "Total update aborted"); } else { slapi_log_error(SLAPI_LOG_FATAL, windows_repl_plugin_name, "Finished total update of replica " - "\"%s\". Sent %d entries.\n", agmt_get_long_name(prp->agmt), cb_data.num_entries); + "\"%s\". Sent %lu entries.\n", agmt_get_long_name(prp->agmt), cb_data.num_entries); agmt_set_last_init_status(prp->agmt, 0, 0, "Total update succeeded"); /* Now update our consumer RUV for this agreement. * This ensures that future incrememental updates work. @@ -244,7 +244,7 @@ } prp->stopped = 1; - LDAPDebug( LDAP_DEBUG_TRACE, "<= windows_tot_run\n", 0, 0, 0 ); + LDAPDebug0Args( LDAP_DEBUG_TRACE, "<= windows_tot_run\n" ); } static int @@ -254,7 +254,7 @@ int seconds = 600; PRIntervalTime start, maxwait, now; - LDAPDebug( LDAP_DEBUG_TRACE, "=> windows_tot_stop\n", 0, 0, 0 ); + LDAPDebug0Args( LDAP_DEBUG_TRACE, "=> windows_tot_stop\n" ); prp->terminate = 1; maxwait = PR_SecondsToInterval(seconds); @@ -280,7 +280,7 @@ return_value = 0; } - LDAPDebug( LDAP_DEBUG_TRACE, "<= windows_tot_stop\n", 0, 0, 0 ); + LDAPDebug0Args( LDAP_DEBUG_TRACE, "<= windows_tot_stop\n" ); return return_value; } @@ -291,8 +291,8 @@ windows_tot_status(Private_Repl_Protocol *prp) { int return_value = 0; - LDAPDebug( LDAP_DEBUG_TRACE, "=> windows_tot_status\n", 0, 0, 0 ); - LDAPDebug( LDAP_DEBUG_TRACE, "<= windows_tot_status\n", 0, 0, 0 ); + LDAPDebug0Args( LDAP_DEBUG_TRACE, "=> windows_tot_status\n" ); + LDAPDebug0Args( LDAP_DEBUG_TRACE, "<= windows_tot_status\n" ); return return_value; } @@ -301,8 +301,8 @@ static void windows_tot_noop(Private_Repl_Protocol *prp) { - LDAPDebug( LDAP_DEBUG_TRACE, "=> windows_tot_noop\n", 0, 0, 0 ); - LDAPDebug( LDAP_DEBUG_TRACE, "<= windows_tot_noop\n", 0, 0, 0 ); + LDAPDebug0Args( LDAP_DEBUG_TRACE, "=> windows_tot_noop\n" ); + LDAPDebug0Args( LDAP_DEBUG_TRACE, "<= windows_tot_noop\n" ); /* noop */ } @@ -313,7 +313,7 @@ windows_tot_private *rip = NULL; Private_Repl_Protocol *prp = (Private_Repl_Protocol *)slapi_ch_malloc(sizeof(Private_Repl_Protocol)); - LDAPDebug( LDAP_DEBUG_TRACE, "=> Windows_Tot_Protocol_new\n", 0, 0, 0 ); + LDAPDebug0Args( LDAP_DEBUG_TRACE, "=> Windows_Tot_Protocol_new\n" ); prp->delete = windows_tot_delete; prp->run = windows_tot_run; @@ -342,28 +342,28 @@ rip->rp = rp; prp->private = (void *)rip; prp->replica_acquired = PR_FALSE; - LDAPDebug( LDAP_DEBUG_TRACE, "<= Windows_Tot_Protocol_new\n", 0, 0, 0 ); + LDAPDebug0Args( LDAP_DEBUG_TRACE, "<= Windows_Tot_Protocol_new\n" ); return prp; loser: windows_tot_delete(&prp); - LDAPDebug( LDAP_DEBUG_TRACE, "<= Windows_Tot_Protocol_new - loser\n", 0, 0, 0 ); + LDAPDebug0Args( LDAP_DEBUG_TRACE, "<= Windows_Tot_Protocol_new - loser\n" ); return NULL; } static void windows_tot_delete(Private_Repl_Protocol **prp) { - LDAPDebug( LDAP_DEBUG_TRACE, "=> windows_tot_delete\n", 0, 0, 0 ); - LDAPDebug( LDAP_DEBUG_TRACE, "<= windows_tot_delete\n", 0, 0, 0 ); + LDAPDebug0Args( LDAP_DEBUG_TRACE, "=> windows_tot_delete\n" ); + LDAPDebug0Args( LDAP_DEBUG_TRACE, "<= windows_tot_delete\n" ); } static void get_result (int rc, void *cb_data) { - LDAPDebug( LDAP_DEBUG_TRACE, "=> get_result\n", 0, 0, 0 ); + LDAPDebug0Args( LDAP_DEBUG_TRACE, "=> get_result\n" ); PR_ASSERT (cb_data); ((callback_data*)cb_data)->rc = rc; - LDAPDebug( LDAP_DEBUG_TRACE, "<= get_result\n", 0, 0, 0 ); + LDAPDebug0Args( LDAP_DEBUG_TRACE, "<= get_result\n" ); } static @@ -373,7 +373,7 @@ Private_Repl_Protocol *prp; unsigned long *num_entriesp; - LDAPDebug( LDAP_DEBUG_TRACE, "=> send_entry\n", 0, 0, 0 ); + LDAPDebug0Args( LDAP_DEBUG_TRACE, "=> send_entry\n" ); PR_ASSERT (cb_data); @@ -386,13 +386,13 @@ conn_disconnect(prp->conn); prp->stopped = 1; ((callback_data*)cb_data)->rc = -1; - LDAPDebug( LDAP_DEBUG_TRACE, "<= send_entry\n", 0, 0, 0 ); + LDAPDebug0Args( LDAP_DEBUG_TRACE, "<= send_entry\n" ); return -1; } /* skip ruv tombstone - not relvant to Active Directory */ if (is_ruv_tombstone_entry (e)) { - LDAPDebug( LDAP_DEBUG_TRACE, "<= send_entry\n", 0, 0, 0 ); + LDAPDebug0Args( LDAP_DEBUG_TRACE, "<= send_entry\n" ); return 0; } @@ -401,7 +401,7 @@ (*num_entriesp)++; - LDAPDebug( LDAP_DEBUG_TRACE, "<= send_entry\n", 0, 0, 0 ); + LDAPDebug0Args( LDAP_DEBUG_TRACE, "<= send_entry\n" ); if (CONN_OPERATION_SUCCESS == rc) { return 0; From rmeggins at fedoraproject.org Fri Dec 5 22:41:55 2008 From: rmeggins at fedoraproject.org (Richard Allen Megginson) Date: Fri, 5 Dec 2008 22:41:55 +0000 (UTC) Subject: [Fedora-directory-commits] ldapserver/ldap/servers/slapd/back-ldbm dbverify.c, 1.4, 1.5 ldbm_delete.c, 1.9, 1.10 ldbm_modrdn.c, 1.10, 1.11 ldif2ldbm.c, 1.22, 1.23 misc.c, 1.7, 1.8 Message-ID: <20081205224155.7CB4B70143@cvs1.fedora.phx.redhat.com> Author: rmeggins Update of /cvs/dirsec/ldapserver/ldap/servers/slapd/back-ldbm In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv13701/ldapserver/ldap/servers/slapd/back-ldbm Modified Files: dbverify.c ldbm_delete.c ldbm_modrdn.c ldif2ldbm.c misc.c Log Message: Resolves: bug 454030 Bug Description: Need to address 64-bit compiler warnings - again Reviewed by: nhosoi (Thanks!) Fix Description: This patch cleans up most of the other remaining compiler warnings. I compiled the directory server code with these flags on RHEL5 x86_64: -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic I also enabled argument/format match checking for most of the commonly used varadic functions. Most of the problems I found fell into these categories: 1) Too many or not enough arguments e.g. most everything that uses or did use LDAPDebug had extra 0,0 arguments. If they had been switched to use slapi_log_error, I removed the extra arguments - for those places still using LDAPDebug, I introduced more macros to handle the number of arguments, since C macros cannot be varadic. 2) When using NSPR formatting functions, we have to use %llu or %lld for 64-bit values, even on 64-bit systems. However, for regular system formatting functions, we have to use %ld or %lu. I introduced two new macros NSPRIu64 and NSPRI64 to handle cases where we are passing explicit 64-bit values to NSPR formatting functions, so that we can use the regular PRIu64 and PRI64 macros for regular system formatting functions. I also made sure we used NSPRI* only with NSPR functions, and used PRI* only with system functions. 3) use %lu for size_t and %ld for time_t I did find a few "real" errors, places that the code was doing something definitely not right: https://bugzilla.redhat.com/attachment.cgi?id=325774&action=diff#ldapserver/ldap/servers/plugins/acl/aclinit.c_sec4 https://bugzilla.redhat.com/attachment.cgi?id=325774&action=diff#ldapserver/ldap/servers/plugins/acl/acllas.c_sec17 https://bugzilla.redhat.com/attachment.cgi?id=325774&action=diff#ldapserver/ldap/servers/plugins/http/http_impl.c_sec1 https://bugzilla.redhat.com/attachment.cgi?id=325774&action=diff#ldapserver/ldap/servers/plugins/memberof/memberof.c_sec1 https://bugzilla.redhat.com/attachment.cgi?id=325774&action=diff#ldapserver/ldap/servers/plugins/pam_passthru/pam_ptimpl.c_sec1 https://bugzilla.redhat.com/attachment.cgi?id=325774&action=diff#ldapserver/ldap/servers/plugins/replication/cl5_api.c_sec5 https://bugzilla.redhat.com/attachment.cgi?id=325774&action=diff#ldapserver/ldap/servers/plugins/replication/cl5_clcache.c_sec2 https://bugzilla.redhat.com/attachment.cgi?id=325774&action=diff#ldapserver/ldap/servers/plugins/replication/replutil.c_sec1 https://bugzilla.redhat.com/attachment.cgi?id=325774&action=diff#ldapserver/ldap/servers/slapd/libglobs.c_sec1 https://bugzilla.redhat.com/attachment.cgi?id=325774&action=diff#ldapserver/ldap/servers/slapd/back-ldbm/dbverify.c_sec2 https://bugzilla.redhat.com/attachment.cgi?id=325774&action=diff#ldapserver/ldap/servers/slapd/back-ldbm/ldif2ldbm.c_sec3 This is why it's important to use this compiler checking, and why it's important to fix compiler warnings, if for no other reason than the sheer noise from so many warnings can mask real errors. Platforms tested: RHEL5 Flag Day: no Doc impact: no Index: dbverify.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/back-ldbm/dbverify.c,v retrieving revision 1.4 retrieving revision 1.5 diff -u -r1.4 -r1.5 --- dbverify.c 19 Nov 2008 02:52:42 -0000 1.4 +++ dbverify.c 5 Dec 2008 22:41:53 -0000 1.5 @@ -66,7 +66,7 @@ { slapi_log_error(SLAPI_LOG_FATAL, "DB verify", "db path too long: %s/%s\n", - inst->inst_parent_dir_name, inst->inst_dir_name, 0); + inst->inst_parent_dir_name, inst->inst_dir_name); return 1; } tmplen = strlen(dbdir); @@ -99,8 +99,8 @@ if (sizeof(direntry->name) + 2 > filelen) { slapi_log_error(SLAPI_LOG_FATAL, "DB verify", - "db path too long: %s/%s%s\n", - dbdir, direntry->name, 0); + "db path too long: %s/%s\n", + dbdir, direntry->name); continue; } PR_snprintf(filep, filelen, "/%s", direntry->name); Index: ldbm_delete.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/back-ldbm/ldbm_delete.c,v retrieving revision 1.9 retrieving revision 1.10 diff -u -r1.9 -r1.10 --- ldbm_delete.c 17 Oct 2008 22:12:48 -0000 1.9 +++ ldbm_delete.c 5 Dec 2008 22:41:53 -0000 1.10 @@ -93,7 +93,7 @@ if (pb->pb_conn) { - slapi_log_error (SLAPI_LOG_TRACE, "ldbm_back_delete", "enter conn=%" PRIu64 " op=%d\n", pb->pb_conn->c_connid, operation->o_opid); + slapi_log_error (SLAPI_LOG_TRACE, "ldbm_back_delete", "enter conn=%" NSPRIu64 " op=%d\n", pb->pb_conn->c_connid, operation->o_opid); } is_fixup_operation = operation_is_flag_set(operation, OP_FLAG_REPL_FIXUP); @@ -666,7 +666,7 @@ slapi_ch_free_string(&e_uniqueid); if (pb->pb_conn) { - slapi_log_error (SLAPI_LOG_TRACE, "ldbm_back_delete", "leave conn=%" PRIu64 " op=%d\n", pb->pb_conn->c_connid, operation->o_opid); + slapi_log_error (SLAPI_LOG_TRACE, "ldbm_back_delete", "leave conn=%" NSPRIu64 " op=%d\n", pb->pb_conn->c_connid, operation->o_opid); } return rc; } Index: ldbm_modrdn.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/back-ldbm/ldbm_modrdn.c,v retrieving revision 1.10 retrieving revision 1.11 diff -u -r1.10 -r1.11 --- ldbm_modrdn.c 13 Nov 2008 23:08:19 -0000 1.10 +++ ldbm_modrdn.c 5 Dec 2008 22:41:53 -0000 1.11 @@ -117,7 +117,7 @@ if (pb->pb_conn) { - slapi_log_error (SLAPI_LOG_TRACE, "ldbm_back_modrdn", "enter conn=%" PRIu64 " op=%d\n", pb->pb_conn->c_connid, operation->o_opid); + slapi_log_error (SLAPI_LOG_TRACE, "ldbm_back_modrdn", "enter conn=%" NSPRIu64 " op=%d\n", pb->pb_conn->c_connid, operation->o_opid); } inst = (ldbm_instance *) be->be_instance_info; @@ -862,7 +862,7 @@ slapi_pblock_set( pb, SLAPI_ENTRY_POST_OP, postentry ); if (pb->pb_conn) { - slapi_log_error (SLAPI_LOG_TRACE, "ldbm_back_modrdn", "leave conn=%" PRIu64 " op=%d\n", pb->pb_conn->c_connid, operation->o_opid); + slapi_log_error (SLAPI_LOG_TRACE, "ldbm_back_modrdn", "leave conn=%" NSPRIu64 " op=%d\n", pb->pb_conn->c_connid, operation->o_opid); } return retval; } Index: ldif2ldbm.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/back-ldbm/ldif2ldbm.c,v retrieving revision 1.22 retrieving revision 1.23 diff -u -r1.22 -r1.23 --- ldif2ldbm.c 4 Dec 2008 00:50:18 -0000 1.22 +++ ldif2ldbm.c 5 Dec 2008 22:41:53 -0000 1.23 @@ -679,7 +679,7 @@ /* for each subtree spec... */ for (i = 0; include[i]; i++) { IDList *idl = NULL; - char *suffix = slapi_sdn_get_ndn(*be->be_suffix); + const char *suffix = slapi_sdn_get_ndn(*be->be_suffix); char *parentdn = slapi_ch_strdup(suffix); char *nextdn = NULL; int matched = 0; @@ -695,7 +695,7 @@ while (NULL != parentdn && NULL != (nextdn = slapi_dn_parent( parentdn ))) { slapi_ch_free_string( &parentdn ); - if (0 == slapi_utf8casecmp(nextdn, include[i])) { + if (0 == slapi_UTF8CASECMP(nextdn, include[i])) { issubsuffix = 1; /* suffix of be is a subsuffix of include[i] */ break; } @@ -719,7 +719,7 @@ while (NULL != parentdn && NULL != (nextdn = slapi_dn_parent( parentdn ))) { slapi_ch_free_string( &parentdn ); - if (0 == slapi_utf8casecmp(nextdn, suffix)) { + if (0 == slapi_UTF8CASECMP(nextdn, (char *)suffix)) { matched = 1; break; } @@ -2458,7 +2458,7 @@ inst_dir, MAXPATHLEN); slapi_log_error(SLAPI_LOG_TRACE, "upgrade DB", - "upgradedb_delete_indices_4cmd: %s\n"); + "upgradedb_delete_indices_4cmd: %s\n", inst_dir); dirhandle = PR_OpenDir(inst_dirp); if (!dirhandle) { Index: misc.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/back-ldbm/misc.c,v retrieving revision 1.7 retrieving revision 1.8 diff -u -r1.7 -r1.8 --- misc.c 17 Oct 2008 22:12:48 -0000 1.7 +++ misc.c 5 Dec 2008 22:41:53 -0000 1.8 @@ -81,7 +81,7 @@ return; } operation_id = operation->o_opid; - slapi_log_access( LDAP_DEBUG_STATS, "conn=%" PRIu64 " op=%d %s\n",connection_id, operation_id,string); + slapi_log_access( LDAP_DEBUG_STATS, "conn=%" NSPRIu64 " op=%d %s\n",connection_id, operation_id,string); } int return_on_disk_full(struct ldbminfo *li) From rmeggins at fedoraproject.org Fri Dec 5 22:41:55 2008 From: rmeggins at fedoraproject.org (Richard Allen Megginson) Date: Fri, 5 Dec 2008 22:41:55 +0000 (UTC) Subject: [Fedora-directory-commits] ldapserver/ldap/servers/slapd abandon.c, 1.8, 1.9 add.c, 1.15, 1.16 auth.c, 1.12, 1.13 bind.c, 1.18, 1.19 compare.c, 1.9, 1.10 config.c, 1.12, 1.13 connection.c, 1.22, 1.23 conntable.c, 1.11, 1.12 daemon.c, 1.22, 1.23 delete.c, 1.10, 1.11 entry.c, 1.19, 1.20 extendop.c, 1.9, 1.10 libglobs.c, 1.33, 1.34 modify.c, 1.19, 1.20 modrdn.c, 1.11, 1.12 monitor.c, 1.8, 1.9 opshared.c, 1.13, 1.14 psearch.c, 1.10, 1.11 result.c, 1.17, 1.18 sasl_io.c, 1.17, 1.18 search.c, 1.11, 1.12 slap.h, 1.42, 1.43 slapi-plugin.h, 1.35, 1.36 snmp_collator.c, 1.17, 1.18 ssl.c, 1.20, 1.21 unbind.c, 1.6, 1.7 util.c, 1.20, 1.21 Message-ID: <20081205224155.E495870142@cvs1.fedora.phx.redhat.com> Author: rmeggins Update of /cvs/dirsec/ldapserver/ldap/servers/slapd In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv13701/ldapserver/ldap/servers/slapd Modified Files: abandon.c add.c auth.c bind.c compare.c config.c connection.c conntable.c daemon.c delete.c entry.c extendop.c libglobs.c modify.c modrdn.c monitor.c opshared.c psearch.c result.c sasl_io.c search.c slap.h slapi-plugin.h snmp_collator.c ssl.c unbind.c util.c Log Message: Resolves: bug 454030 Bug Description: Need to address 64-bit compiler warnings - again Reviewed by: nhosoi (Thanks!) Fix Description: This patch cleans up most of the other remaining compiler warnings. I compiled the directory server code with these flags on RHEL5 x86_64: -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic I also enabled argument/format match checking for most of the commonly used varadic functions. Most of the problems I found fell into these categories: 1) Too many or not enough arguments e.g. most everything that uses or did use LDAPDebug had extra 0,0 arguments. If they had been switched to use slapi_log_error, I removed the extra arguments - for those places still using LDAPDebug, I introduced more macros to handle the number of arguments, since C macros cannot be varadic. 2) When using NSPR formatting functions, we have to use %llu or %lld for 64-bit values, even on 64-bit systems. However, for regular system formatting functions, we have to use %ld or %lu. I introduced two new macros NSPRIu64 and NSPRI64 to handle cases where we are passing explicit 64-bit values to NSPR formatting functions, so that we can use the regular PRIu64 and PRI64 macros for regular system formatting functions. I also made sure we used NSPRI* only with NSPR functions, and used PRI* only with system functions. 3) use %lu for size_t and %ld for time_t I did find a few "real" errors, places that the code was doing something definitely not right: https://bugzilla.redhat.com/attachment.cgi?id=325774&action=diff#ldapserver/ldap/servers/plugins/acl/aclinit.c_sec4 https://bugzilla.redhat.com/attachment.cgi?id=325774&action=diff#ldapserver/ldap/servers/plugins/acl/acllas.c_sec17 https://bugzilla.redhat.com/attachment.cgi?id=325774&action=diff#ldapserver/ldap/servers/plugins/http/http_impl.c_sec1 https://bugzilla.redhat.com/attachment.cgi?id=325774&action=diff#ldapserver/ldap/servers/plugins/memberof/memberof.c_sec1 https://bugzilla.redhat.com/attachment.cgi?id=325774&action=diff#ldapserver/ldap/servers/plugins/pam_passthru/pam_ptimpl.c_sec1 https://bugzilla.redhat.com/attachment.cgi?id=325774&action=diff#ldapserver/ldap/servers/plugins/replication/cl5_api.c_sec5 https://bugzilla.redhat.com/attachment.cgi?id=325774&action=diff#ldapserver/ldap/servers/plugins/replication/cl5_clcache.c_sec2 https://bugzilla.redhat.com/attachment.cgi?id=325774&action=diff#ldapserver/ldap/servers/plugins/replication/replutil.c_sec1 https://bugzilla.redhat.com/attachment.cgi?id=325774&action=diff#ldapserver/ldap/servers/slapd/libglobs.c_sec1 https://bugzilla.redhat.com/attachment.cgi?id=325774&action=diff#ldapserver/ldap/servers/slapd/back-ldbm/dbverify.c_sec2 https://bugzilla.redhat.com/attachment.cgi?id=325774&action=diff#ldapserver/ldap/servers/slapd/back-ldbm/ldif2ldbm.c_sec3 This is why it's important to use this compiler checking, and why it's important to fix compiler warnings, if for no other reason than the sheer noise from so many warnings can mask real errors. Platforms tested: RHEL5 Flag Day: no Doc impact: no Index: abandon.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/abandon.c,v retrieving revision 1.8 retrieving revision 1.9 diff -u -r1.8 -r1.9 --- abandon.c 17 Oct 2008 22:12:47 -0000 1.8 +++ abandon.c 5 Dec 2008 22:41:52 -0000 1.9 @@ -153,15 +153,15 @@ } if ( NULL == o ) { - slapi_log_access( LDAP_DEBUG_STATS, "conn=%" PRIu64 " op=%d ABANDON" + slapi_log_access( LDAP_DEBUG_STATS, "conn=%" NSPRIu64 " op=%d ABANDON" " targetop=NOTFOUND msgid=%d\n", pb->pb_conn->c_connid, pb->pb_op->o_opid, id ); } else if ( suppressed_by_plugin ) { - slapi_log_access( LDAP_DEBUG_STATS, "conn=%" PRIu64" op=%d ABANDON" + slapi_log_access( LDAP_DEBUG_STATS, "conn=%" NSPRIu64 " op=%d ABANDON" " targetop=SUPPRESSED-BY-PLUGIN msgid=%d\n", pb->pb_conn->c_connid, pb->pb_op->o_opid, id ); } else { - slapi_log_access( LDAP_DEBUG_STATS, "conn=%" PRIu64 " op=%d ABANDON" + slapi_log_access( LDAP_DEBUG_STATS, "conn=%" NSPRIu64 " op=%d ABANDON" " targetop=%d msgid=%d nentries=%d etime=%ld\n", pb->pb_conn->c_connid, pb->pb_op->o_opid, o->o_opid, id, o->o_results.r.r_search.nentries, current_time() - o->o_time ); Index: add.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/add.c,v retrieving revision 1.15 retrieving revision 1.16 diff -u -r1.15 -r1.16 --- add.c 24 Oct 2008 22:36:58 -0000 1.15 +++ add.c 5 Dec 2008 22:41:52 -0000 1.16 @@ -166,7 +166,7 @@ if (( rc = slapi_entry_add_values( e, normtype, vals )) != LDAP_SUCCESS ) { slapi_log_access( LDAP_DEBUG_STATS, - "conn=%" PRIu64 " op=%d ADD dn=\"%s\", add values for type %s failed\n", + "conn=%" NSPRIu64 " op=%d ADD dn=\"%s\", add values for type %s failed\n", pb->pb_conn->c_connid, operation->o_opid, escape_string( slapi_entry_get_dn_const(e), ebuf ), normtype ); send_ldap_result( pb, rc, NULL, NULL, 0, NULL ); @@ -432,7 +432,7 @@ { if ( !internal_op ) { - slapi_log_access(LDAP_DEBUG_STATS, "conn=%" PRIu64 " op=%d ADD dn=\"%s\"\n", + slapi_log_access(LDAP_DEBUG_STATS, "conn=%" NSPRIu64 " op=%d ADD dn=\"%s\"\n", pb->pb_conn->c_connid, operation->o_opid, escape_string(slapi_entry_get_dn_const(e), ebuf)); Index: auth.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/auth.c,v retrieving revision 1.12 retrieving revision 1.13 diff -u -r1.12 -r1.13 --- auth.c 17 Oct 2008 22:12:47 -0000 1.12 +++ auth.c 5 Dec 2008 22:41:52 -0000 1.13 @@ -391,7 +391,7 @@ char* subject = subject_of (clientCert); char* issuer = issuer_of (clientCert); slapi_log_access( LDAP_DEBUG_STATS, - "conn=%" PRIu64 " " SLAPI_COMPONENT_NAME_NSPR " error %i (%s); unauthenticated client %s; issuer %s\n", + "conn=%" NSPRIu64 " " SLAPI_COMPONENT_NAME_NSPR " error %i (%s); unauthenticated client %s; issuer %s\n", conn->c_connid, errorCode, slapd_pr_strerror(errorCode), subject ? escape_string( subject, sbuf ) : "NULL", issuer ? escape_string( issuer, ibuf ) : "NULL" ); @@ -425,7 +425,7 @@ if ( (slapd_ssl_getChannelInfo (prfd, &channelInfo, sizeof(channelInfo))) != SECSuccess ) { PRErrorCode errorCode = PR_GetError(); slapi_log_access (LDAP_DEBUG_STATS, - "conn=%" PRIu64 " SSL failed to obtain channel info; " + "conn=%" NSPRIu64 " SSL failed to obtain channel info; " SLAPI_COMPONENT_NAME_NSPR " error %i (%s)\n", conn->c_connid, errorCode, slapd_pr_strerror(errorCode)); return; @@ -434,7 +434,7 @@ != SECSuccess) { PRErrorCode errorCode = PR_GetError(); slapi_log_access (LDAP_DEBUG_STATS, - "conn=%" PRIu64 " SSL failed to obtain cipher info; " + "conn=%" NSPRIu64 " SSL failed to obtain cipher info; " SLAPI_COMPONENT_NAME_NSPR " error %i (%s)\n", conn->c_connid, errorCode, slapd_pr_strerror(errorCode)); return; @@ -455,13 +455,13 @@ } if (config_get_SSLclientAuth() == SLAPD_SSLCLIENTAUTH_OFF ) { - slapi_log_access (LDAP_DEBUG_STATS, "conn=%" PRIu64 " SSL %i-bit %s\n", + slapi_log_access (LDAP_DEBUG_STATS, "conn=%" NSPRIu64 " SSL %i-bit %s\n", conn->c_connid, keySize, cipher ? cipher : "NULL" ); slapi_ch_free_string(&cipher); return; } if (clientCert == NULL) { - slapi_log_access (LDAP_DEBUG_STATS, "conn=%" PRIu64 " SSL %i-bit %s\n", + slapi_log_access (LDAP_DEBUG_STATS, "conn=%" NSPRIu64 " SSL %i-bit %s\n", conn->c_connid, keySize, cipher ? cipher : "NULL" ); } else { char* subject = subject_of (clientCert); @@ -469,7 +469,7 @@ char* issuer = issuer_of (clientCert); char sbuf[ BUFSIZ ], ibuf[ BUFSIZ ]; slapi_log_access( LDAP_DEBUG_STATS, - "conn=%" PRIu64 " SSL %i-bit %s; client %s; issuer %s\n", + "conn=%" NSPRIu64 " SSL %i-bit %s; client %s; issuer %s\n", conn->c_connid, keySize, cipher ? cipher : "NULL", subject ? escape_string( subject, sbuf ) : "NULL", issuer ? escape_string( issuer, ibuf ) : "NULL"); @@ -507,11 +507,11 @@ if (clientDN != NULL) { char ebuf[ BUFSIZ ]; - slapi_log_access (LDAP_DEBUG_STATS, "conn=%" PRIu64 " SSL client bound as %s\n", + slapi_log_access (LDAP_DEBUG_STATS, "conn=%" NSPRIu64 " SSL client bound as %s\n", conn->c_connid, escape_string( clientDN, ebuf )); } else if (clientCert != NULL) { slapi_log_access (LDAP_DEBUG_STATS, - "conn=%" PRIu64 " SSL failed to map client certificate to LDAP DN (%s)\n", + "conn=%" NSPRIu64 " SSL failed to map client certificate to LDAP DN (%s)\n", conn->c_connid, extraErrorMsg ); } Index: bind.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/bind.c,v retrieving revision 1.18 retrieving revision 1.19 diff -u -r1.18 -r1.19 --- bind.c 7 Nov 2008 22:32:57 -0000 1.18 +++ bind.c 5 Dec 2008 22:41:52 -0000 1.19 @@ -694,25 +694,25 @@ if (method == LDAP_AUTH_SASL && saslmech && msg) { slapi_log_access( LDAP_DEBUG_STATS, - "conn=%" PRIu64 " op=%d BIND dn=\"%s\" " + "conn=%" NSPRIu64 " op=%d BIND dn=\"%s\" " "method=sasl version=%d mech=%s, %s\n", pb->pb_conn->c_connid, pb->pb_op->o_opid, edn, version, saslmech, msg ); } else if (method == LDAP_AUTH_SASL && saslmech) { slapi_log_access( LDAP_DEBUG_STATS, - "conn=%" PRIu64 " op=%d BIND dn=\"%s\" " + "conn=%" NSPRIu64 " op=%d BIND dn=\"%s\" " "method=sasl version=%d mech=%s\n", pb->pb_conn->c_connid, pb->pb_op->o_opid, edn, version, saslmech ); } else if (msg) { slapi_log_access( LDAP_DEBUG_STATS, - "conn=%" PRIu64 " op=%d BIND dn=\"%s\" " + "conn=%" NSPRIu64 " op=%d BIND dn=\"%s\" " "method=%d version=%d, %s\n", pb->pb_conn->c_connid, pb->pb_op->o_opid, edn, method, version, msg ); } else { slapi_log_access( LDAP_DEBUG_STATS, - "conn=%" PRIu64 " op=%d BIND dn=\"%s\" " + "conn=%" NSPRIu64 " op=%d BIND dn=\"%s\" " "method=%d version=%d\n", pb->pb_conn->c_connid, pb->pb_op->o_opid, edn, method, version ); Index: compare.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/compare.c,v retrieving revision 1.9 retrieving revision 1.10 diff -u -r1.9 -r1.10 --- compare.c 24 Oct 2008 22:36:58 -0000 1.9 +++ compare.c 5 Dec 2008 22:41:52 -0000 1.10 @@ -122,7 +122,7 @@ dn, ava.ava_type, 0 ); slapi_log_access( LDAP_DEBUG_STATS, - "conn=%" PRIu64 " op=%d CMP dn=\"%s\" attr=\"%s\"\n", + "conn=%" NSPRIu64 " op=%d CMP dn=\"%s\" attr=\"%s\"\n", pb->pb_conn->c_connid, pb->pb_op->o_opid, escape_string( dn, ebuf ), ava.ava_type ); Index: config.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/config.c,v retrieving revision 1.12 retrieving revision 1.13 diff -u -r1.12 -r1.13 --- config.c 8 Oct 2008 17:29:03 -0000 1.12 +++ config.c 5 Dec 2008 22:41:52 -0000 1.13 @@ -126,7 +126,7 @@ slapi_log_error( SLAPI_LOG_FATAL, "bootstrap config", "Ignoring extremely large value for" " configuration attribute %s" - " (length=%d, value=%40.40s...)\n", + " (length=%ld, value=%40.40s...)\n", attrname, len, s ); retval = 0; /* value is too large: ignore it */ } Index: connection.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/connection.c,v retrieving revision 1.22 retrieving revision 1.23 diff -u -r1.22 -r1.23 --- connection.c 24 Oct 2008 22:36:58 -0000 1.22 +++ connection.c 5 Dec 2008 22:41:52 -0000 1.23 @@ -352,7 +352,7 @@ /* log useful stuff to our access log */ slapi_log_access( LDAP_DEBUG_STATS, - "conn=%" PRIu64 " fd=%d slot=%d %sconnection from %s to %s\n", + "conn=%" NSPRIu64 " fd=%d slot=%d %sconnection from %s to %s\n", conn->c_connid, conn->c_sd, ns, pTmp, str_ip, str_destip ); /* initialize the remaining connection fields */ @@ -452,7 +452,7 @@ op->o_tag != LDAP_REQ_ABANDON ) { slapi_add_pwd_control ( pb, LDAP_CONTROL_PWEXPIRED, 0); - slapi_log_access( LDAP_DEBUG_STATS, "conn=%" PRIu64 " op=%d %s\n", + slapi_log_access( LDAP_DEBUG_STATS, "conn=%" NSPRIu64 " op=%d %s\n", pb->pb_conn->c_connid, pb->pb_op->o_opid, "need new password" ); send_ldap_result( pb, LDAP_UNWILLING_TO_PERFORM, @@ -522,7 +522,7 @@ { ret = setsockopt(conn->c_sd,IPPROTO_TCP,TCP_CORK,&i,sizeof(i)); if (ret < 0) { - LDAPDebug(LDAP_DEBUG_ANY, "Failed to set TCP_CORK on connection %" PRIu64 "\n",conn->c_connid, 0, 0); + LDAPDebug(LDAP_DEBUG_ANY, "Failed to set TCP_CORK on connection %" NSPRIu64 "\n",conn->c_connid, 0, 0); } } #endif @@ -536,7 +536,7 @@ { ret = setsockopt(conn->c_sd,IPPROTO_TCP,TCP_CORK,&i,sizeof(i)); if (ret < 0) { - LDAPDebug(LDAP_DEBUG_ANY, "Failed to clear TCP_CORK on connection %" PRIu64 "\n",conn->c_connid, 0, 0); + LDAPDebug(LDAP_DEBUG_ANY, "Failed to clear TCP_CORK on connection %" NSPRIu64 "\n",conn->c_connid, 0, 0); } } } @@ -562,7 +562,7 @@ default: LDAPDebug( LDAP_DEBUG_ANY, - "ignoring unknown LDAP request (conn=%" PRIu64 ", tag=0x%lx)\n", + "ignoring unknown LDAP request (conn=%" NSPRIu64 ", tag=0x%lx)\n", conn->c_connid, op->o_tag, 0 ); break; } @@ -574,7 +574,7 @@ if (conn->c_refcnt <= 0) { slapi_log_error(SLAPI_LOG_FATAL, "connection", - "conn=%" PRIu64 " fd=%d Attempt to release connection that is not aquired\n", + "conn=%" NSPRIu64 " fd=%d Attempt to release connection that is not aquired\n", conn->c_connid, conn->c_sd); PR_ASSERT (PR_FALSE); return -1; @@ -595,7 +595,7 @@ { /* This may happen while other threads are still working on this connection */ slapi_log_error(SLAPI_LOG_FATAL, "connection", - "conn=%" PRIu64 " fd=%d Attempt to acquire connection in the closing state\n", + "conn=%" NSPRIu64 " fd=%d Attempt to acquire connection in the closing state\n", conn->c_connid, conn->c_sd); return -1; } @@ -773,7 +773,7 @@ /* if connection is closing */ if (return_value != 0) { LDAPDebug(LDAP_DEBUG_CONNS, - "handle_read_data returns as conn %" PRIu64 " closing, fd=%d\n", + "handle_read_data returns as conn %" NSPRIu64 " closing, fd=%d\n", conn->c_connid,conn->c_sd,0); return return_value; } @@ -836,7 +836,7 @@ != LDAP_TAG_MSGID ) { /* log, close and send error */ LDAPDebug( LDAP_DEBUG_ANY, - "conn=%" PRIu64 " unable to read tag for incoming request\n", conn->c_connid, 0, 0 ); + "conn=%" NSPRIu64 " unable to read tag for incoming request\n", conn->c_connid, 0, 0 ); return_value = -1; goto done; } @@ -848,7 +848,7 @@ case LDAP_TAG_LDAPDN: /* optional username, for CLDAP */ /* log, close and send error */ LDAPDebug( LDAP_DEBUG_ANY, - "conn=%" PRIu64 " ber_peek_tag returns 0x%lx\n", conn->c_connid, tag, 0 ); + "conn=%" NSPRIu64 " ber_peek_tag returns 0x%lx\n", conn->c_connid, tag, 0 ); return_value = -1; goto done; default: @@ -979,7 +979,7 @@ PR_Lock( conn->c_mutex ); if (connection_is_active_nolock(conn) == 0) { LDAPDebug(LDAP_DEBUG_CONNS, - "not creating a new operation when conn %" PRIu64 " closing\n", + "not creating a new operation when conn %" NSPRIu64 " closing\n", conn->c_connid,0,0); PR_Unlock( conn->c_mutex ); return -1; @@ -1071,7 +1071,7 @@ So, we toss it away ! */ if (LBER_OVERFLOW == tag) { slapi_log_error( SLAPI_LOG_FATAL, "connection", - "conn=%" PRIu64 " fd=%d The length of BER Element was too long.\n", + "conn=%" NSPRIu64 " fd=%d The length of BER Element was too long.\n", conn->c_connid, conn->c_sd ); } PR_Lock( conn->c_mutex ); @@ -1108,7 +1108,7 @@ * We received a non-LDAP message. Log and close connection. */ LDAPDebug( LDAP_DEBUG_ANY, - "conn=%" PRIu64 " received a non-LDAP message" + "conn=%" NSPRIu64 " received a non-LDAP message" " (tag 0x%lx, expected 0x%lx)\n", conn->c_connid, tag, LDAP_TAG_MESSAGE ); PR_Lock( conn->c_mutex ); @@ -1126,7 +1126,7 @@ if (Bytes_Scanned != Bytes_Read) { if (connection_increment_reference(conn) == -1) { LDAPDebug(LDAP_DEBUG_CONNS, - "could not acquire lock in issue_new_read as conn %" PRIu64 " closing fd=%d\n", + "could not acquire lock in issue_new_read as conn %" NSPRIu64 " closing fd=%d\n", conn->c_connid,conn->c_sd,0); /* XXX how to handle this error? */ /* MAB: 25 Jan 01: let's try like this and pray this won't leak... */ @@ -1148,7 +1148,7 @@ */ connection_decrement_reference(conn); LDAPDebug(LDAP_DEBUG_CONNS, - "push_back_data failed: closing conn %" PRIu64 " fd=%d\n", + "push_back_data failed: closing conn %" NSPRIu64 " fd=%d\n", conn->c_connid,conn->c_sd,0); } } else { @@ -1246,7 +1246,7 @@ if (connection_increment_reference(conn) == -1) { LDAPDebug(LDAP_DEBUG_CONNS, - "could not acquire lock in issue_new_read as conn %" PRIu64 " closing fd=%d\n", + "could not acquire lock in issue_new_read as conn %" NSPRIu64 " closing fd=%d\n", conn->c_connid,conn->c_sd,0); /* This means that the connection is closing */ return -1; @@ -1408,7 +1408,7 @@ be decremented in wait_for_new_work(). */ if (connection_acquire_nolock (conn) == -1) { LDAPDebug(LDAP_DEBUG_CONNS, - "could not acquire lock in connection_activity as conn %" PRIu64 " closing fd=%d\n", + "could not acquire lock in connection_activity as conn %" NSPRIu64 " closing fd=%d\n", conn->c_connid,conn->c_sd,0); /* XXX how to handle this error? */ /* MAB: 25 Jan 01: let's return on error and pray this won't leak */ @@ -1644,7 +1644,7 @@ syserr = errno; /* Bad stuff happened, like the client sent us some junk */ LDAPDebug( LDAP_DEBUG_CONNS, - "ber_get_next failed for connection %" PRIu64 "\n", conn->c_connid, 0, 0 ); + "ber_get_next failed for connection %" NSPRIu64 "\n", conn->c_connid, 0, 0 ); /* reset private buffer */ conn->c_private->c_buffer_bytes = conn->c_private->c_buffer_offset = 0; @@ -1713,7 +1713,7 @@ ret = sasl_io_setup(conn); if (ret) { LDAPDebug( LDAP_DEBUG_ANY, - "conn=%" PRIu64 " unable to enable SASL I/O\n", conn->c_connid, 0, 0 ); + "conn=%" NSPRIu64 " unable to enable SASL I/O\n", conn->c_connid, 0, 0 ); disconnect_server( conn, conn->c_connid, -1, SLAPD_DISCONNECT_BAD_BER_TAG, EPROTO ); return CONN_DONE; } @@ -1774,7 +1774,7 @@ } else { /* Otherwise we loop, unless we exceeded the ioblock timeout */ if (waits_done > ioblocktimeout_waits) { - LDAPDebug( LDAP_DEBUG_CONNS,"ioblock timeout expired on connection %" PRIu64 "\n", conn->c_connid, 0, 0 ); + LDAPDebug( LDAP_DEBUG_CONNS,"ioblock timeout expired on connection %" NSPRIu64 "\n", conn->c_connid, 0, 0 ); disconnect_server( conn, conn->c_connid, -1, SLAPD_DISCONNECT_IO_TIMEOUT, 0 ); return CONN_DONE; @@ -1794,7 +1794,7 @@ err = PR_GetError(); syserr = PR_GetOSError(); LDAPDebug( LDAP_DEBUG_ANY, - "PR_Poll for connection %" PRIu64 " returns %d (%s)\n", conn->c_connid, err, slapd_pr_strerror( err ) ); + "PR_Poll for connection %" NSPRIu64 " returns %d (%s)\n", conn->c_connid, err, slapd_pr_strerror( err ) ); /* If this happens we should close the connection */ disconnect_server( conn, conn->c_connid, -1, err, syserr ); return CONN_DONE; @@ -1803,7 +1803,7 @@ /* Some other error, typically meaning bad stuff */ syserr = PR_GetOSError(); LDAPDebug( LDAP_DEBUG_CONNS, - "PR_Recv for connection %" PRIu64 " returns %d (%s)\n", conn->c_connid, err, slapd_pr_strerror( err ) ); + "PR_Recv for connection %" NSPRIu64 " returns %d (%s)\n", conn->c_connid, err, slapd_pr_strerror( err ) ); /* If this happens we should close the connection */ disconnect_server( conn, conn->c_connid, -1, err, syserr ); return CONN_DONE; @@ -1835,7 +1835,7 @@ * We received a non-LDAP message. Log and close connection. */ LDAPDebug( LDAP_DEBUG_ANY, - "conn=%" PRIu64 " received a non-LDAP message (tag 0x%lx, expected 0x%lx)\n", + "conn=%" NSPRIu64 " received a non-LDAP message (tag 0x%lx, expected 0x%lx)\n", conn->c_connid, *tag, LDAP_TAG_MESSAGE ); disconnect_server( conn, conn->c_connid, -1, SLAPD_DISCONNECT_BAD_BER_TAG, EPROTO ); @@ -1846,7 +1846,7 @@ != LDAP_TAG_MSGID ) { /* log, close and send error */ LDAPDebug( LDAP_DEBUG_ANY, - "conn=%" PRIu64 " unable to read tag for incoming request\n", conn->c_connid, 0, 0 ); + "conn=%" NSPRIu64 " unable to read tag for incoming request\n", conn->c_connid, 0, 0 ); disconnect_server( conn, conn->c_connid, -1, SLAPD_DISCONNECT_BAD_BER_TAG, EPROTO ); return CONN_DONE; } @@ -1863,7 +1863,7 @@ case LDAP_TAG_LDAPDN: /* optional username, for CLDAP */ /* log, close and send error */ LDAPDebug( LDAP_DEBUG_ANY, - "conn=%" PRIu64 " ber_peek_tag returns 0x%lx\n", conn->c_connid, *tag, 0 ); + "conn=%" NSPRIu64 " ber_peek_tag returns 0x%lx\n", conn->c_connid, *tag, 0 ); disconnect_server( conn, conn->c_connid, -1, SLAPD_DISCONNECT_BER_PEEK, EPROTO ); return CONN_DONE; default: @@ -1900,7 +1900,7 @@ /* update the last checked time */ conn->c_private->previous_count_check_time = current_time(); PR_Unlock( conn->c_mutex ); - LDAPDebug(LDAP_DEBUG_CONNS,"conn %" PRIu64 " activity level = %d\n",conn->c_connid,delta_count,0); + LDAPDebug(LDAP_DEBUG_CONNS,"conn %" NSPRIu64 " activity level = %d\n",conn->c_connid,delta_count,0); } typedef struct table_iterate_info_struct { @@ -1955,7 +1955,7 @@ } else { double activet = 0.0; connection_find_our_rank(conn,&connection_count, &our_rank); - LDAPDebug(LDAP_DEBUG_CONNS,"conn %" PRIu64 " turbo rank = %d out of %d conns\n",conn->c_connid,our_rank,connection_count); + LDAPDebug(LDAP_DEBUG_CONNS,"conn %" NSPRIu64 " turbo rank = %d out of %d conns\n",conn->c_connid,our_rank,connection_count); activet = (double)g_get_active_threadcnt(); threshold_rank = (int)(activet * ((double)CONN_TURBO_PERCENTILE / 100.0)); @@ -1997,9 +1997,9 @@ PR_Unlock(conn->c_mutex); if (current_mode != new_mode) { if (current_mode) { - LDAPDebug(LDAP_DEBUG_CONNS,"conn %" PRIu64 " leaving turbo mode\n",conn->c_connid,0,0); + LDAPDebug(LDAP_DEBUG_CONNS,"conn %" NSPRIu64 " leaving turbo mode\n",conn->c_connid,0,0); } else { - LDAPDebug(LDAP_DEBUG_CONNS,"conn %" PRIu64 " entering turbo mode\n",conn->c_connid,0,0); + LDAPDebug(LDAP_DEBUG_CONNS,"conn %" NSPRIu64 " entering turbo mode\n",conn->c_connid,0,0); } } *new_turbo_flag = new_mode; @@ -2090,7 +2090,7 @@ /* turn off turbo mode immediately if any pb waiting in global queue */ if (thread_turbo_flag && (counter > 0)) { thread_turbo_flag = 0; - LDAPDebug(LDAP_DEBUG_CONNS,"conn %" PRIu64 " leaving turbo mode\n",conn->c_connid,0,0); + LDAPDebug(LDAP_DEBUG_CONNS,"conn %" NSPRIu64 " leaving turbo mode\n",conn->c_connid,0,0); } #endif @@ -2233,7 +2233,7 @@ if (connection_acquire_nolock (conn) == -1) { LDAPDebug(LDAP_DEBUG_CONNS, - "could not acquire lock in connection_activity as conn %" PRIu64 " closing fd=%d\n", + "could not acquire lock in connection_activity as conn %" NSPRIu64 " closing fd=%d\n", conn->c_connid,conn->c_sd,0); /* XXX how to handle this error? */ /* MAB: 25 Jan 01: let's return on error and pray this won't leak */ @@ -2385,7 +2385,7 @@ if ( *tmp == NULL ) { - LDAPDebug( LDAP_DEBUG_ANY, "connection_remove_operation: can't find op %d for conn %" PRIu64 "\n", + LDAPDebug( LDAP_DEBUG_ANY, "connection_remove_operation: can't find op %d for conn %" NSPRIu64 "\n", (int)op->o_msgid, conn->c_connid, 0 ); } else @@ -2496,13 +2496,13 @@ } if (0 == ber_len) { slapi_log_error( SLAPI_LOG_FATAL, "connection", - "conn=%" PRIu64 " fd=%d Incoming BER Element was too long, max allowable" + "conn=%" NSPRIu64 " fd=%d Incoming BER Element was too long, max allowable" " is %u bytes. Change the nsslapd-maxbersize attribute in" " cn=config to increase.\n", conn->c_connid, conn->c_sd, maxbersize ); } else { slapi_log_error( SLAPI_LOG_FATAL, "connection", - "conn=%" PRIu64 " fd=%d Incoming BER Element was %u bytes, max allowable" + "conn=%" NSPRIu64 " fd=%d Incoming BER Element was %u bytes, max allowable" " is %u bytes. Change the nsslapd-maxbersize attribute in" " cn=config to increase.\n", conn->c_connid, conn->c_sd, ber_len, maxbersize ); @@ -2555,13 +2555,13 @@ */ if (error && (EPIPE != error) ) { slapi_log_access( LDAP_DEBUG_STATS, - "conn=%" PRIu64 " op=%d fd=%d closed error %d (%s) - %s\n", + "conn=%" NSPRIu64 " op=%d fd=%d closed error %d (%s) - %s\n", conn->c_connid, opid, conn->c_sd, error, slapd_system_strerror(error), slapd_pr_strerror(reason)); } else { slapi_log_access( LDAP_DEBUG_STATS, - "conn=%" PRIu64 " op=%d fd=%d closed - %s\n", + "conn=%" NSPRIu64 " op=%d fd=%d closed - %s\n", conn->c_connid, opid, conn->c_sd, slapd_pr_strerror(reason)); } Index: conntable.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/conntable.c,v retrieving revision 1.11 retrieving revision 1.12 diff -u -r1.11 -r1.12 --- conntable.c 17 Oct 2008 22:12:47 -0000 1.11 +++ conntable.c 5 Dec 2008 22:41:52 -0000 1.12 @@ -444,22 +444,22 @@ PR_Unlock( ct->c[i].c_mutex ); } - sprintf( buf, "%d", nconns ); + PR_snprintf( buf, sizeof(buf), "%d", nconns ); val.bv_val = buf; val.bv_len = strlen( buf ); attrlist_replace( &e->e_attrs, "currentconnections", vals ); - sprintf( buf, "%" PRIu64, slapi_counter_get_value(num_conns)); + PR_snprintf( buf, sizeof(buf), "%" NSPRIu64, slapi_counter_get_value(num_conns)); val.bv_val = buf; val.bv_len = strlen( buf ); attrlist_replace( &e->e_attrs, "totalconnections", vals ); - sprintf( buf, "%d", (ct!=NULL?ct->size:0) ); + PR_snprintf( buf, sizeof(buf), "%d", (ct!=NULL?ct->size:0) ); val.bv_val = buf; val.bv_len = strlen( buf ); attrlist_replace( &e->e_attrs, "dtablesize", vals ); - sprintf( buf, "%d", nreadwaiters ); + PR_snprintf( buf, sizeof(buf), "%d", nreadwaiters ); val.bv_val = buf; val.bv_len = strlen( buf ); attrlist_replace( &e->e_attrs, "readwaiters", vals ); Index: daemon.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/daemon.c,v retrieving revision 1.22 retrieving revision 1.23 diff -u -r1.22 -r1.23 --- daemon.c 23 Oct 2008 22:42:54 -0000 1.22 +++ daemon.c 5 Dec 2008 22:41:52 -0000 1.23 @@ -1496,7 +1496,7 @@ * trying to acquire a closing connection */ LDAPDebug (LDAP_DEBUG_ANY, - "connection_activity: abandoning conn %" PRIu64 " as fd=%d is already closing\n", + "connection_activity: abandoning conn %" NSPRIu64 " as fd=%d is already closing\n", c->c_connid,c->c_sd,0); /* The call disconnect_server should do nothing, * as the connection c should be already set to CLOSING */ Index: delete.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/delete.c,v retrieving revision 1.10 retrieving revision 1.11 diff -u -r1.10 -r1.11 --- delete.c 24 Oct 2008 22:36:58 -0000 1.10 +++ delete.c 5 Dec 2008 22:41:52 -0000 1.11 @@ -257,7 +257,7 @@ { if (!internal_op ) { - slapi_log_access(LDAP_DEBUG_STATS, "conn=%" PRIu64 " op=%d DEL dn=\"%s\"\n", + slapi_log_access(LDAP_DEBUG_STATS, "conn=%" NSPRIu64 " op=%d DEL dn=\"%s\"\n", pb->pb_conn->c_connid, pb->pb_op->o_opid, escape_string(dn, ebuf)); Index: entry.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/entry.c,v retrieving revision 1.19 retrieving revision 1.20 diff -u -r1.19 -r1.20 --- entry.c 15 Oct 2008 06:30:03 -0000 1.19 +++ entry.c 5 Dec 2008 22:41:52 -0000 1.20 @@ -1360,7 +1360,7 @@ if ( (size_t)(ecur - ebuf + 1) > elen ) { slapi_log_error (SLAPI_LOG_FATAL, NULL, - "entry2str_internal: array boundary wrote: bufsize=%d wrote=%d\n", + "entry2str_internal: array boundary wrote: bufsize=%ld wrote=%ld\n", elen, (ecur - ebuf + 1)); } Index: extendop.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/extendop.c,v retrieving revision 1.9 retrieving revision 1.10 diff -u -r1.9 -r1.10 --- extendop.c 17 Oct 2008 22:12:47 -0000 1.9 +++ extendop.c 5 Dec 2008 22:41:52 -0000 1.10 @@ -267,14 +267,14 @@ if ( NULL == ( name = extended_op_oid2string( extoid ))) { LDAPDebug( LDAP_DEBUG_ARGS, "do_extended: oid (%s)\n", extoid, 0, 0 ); - slapi_log_access( LDAP_DEBUG_STATS, "conn=%" PRIu64 " op=%d EXT oid=\"%s\"\n", + slapi_log_access( LDAP_DEBUG_STATS, "conn=%" NSPRIu64 " op=%d EXT oid=\"%s\"\n", pb->pb_conn->c_connid, pb->pb_op->o_opid, extoid ); } else { LDAPDebug( LDAP_DEBUG_ARGS, "do_extended: oid (%s-%s)\n", extoid, name, 0 ); slapi_log_access( LDAP_DEBUG_STATS, - "conn=%" PRIu64 " op=%d EXT oid=\"%s\" name=\"%s\"\n", + "conn=%" NSPRIu64 " op=%d EXT oid=\"%s\" name=\"%s\"\n", pb->pb_conn->c_connid, pb->pb_op->o_opid, extoid, name ); } Index: libglobs.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/libglobs.c,v retrieving revision 1.33 retrieving revision 1.34 diff -u -r1.33 -r1.34 --- libglobs.c 2 Dec 2008 15:29:30 -0000 1.33 +++ libglobs.c 5 Dec 2008 22:41:52 -0000 1.34 @@ -2793,7 +2793,7 @@ if ( *endp != '\0' || errno == ERANGE || nValue < 1 || nValue > maxVal ) { PR_snprintf ( errorbuf, SLAPI_DSE_RETURNTEXT_SIZE, "%s: invalid value \"%s\", connection table " "size must range from 1 to %d (the current process maxdescriptors limit). " - "Server will use a setting of %d.", attrname, value, maxVal ); + "Server will use a setting of %d.", attrname, value, maxVal, maxVal ); if ( nValue > maxVal) { nValue = maxVal; retVal = LDAP_UNWILLING_TO_PERFORM; Index: modify.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/modify.c,v retrieving revision 1.19 retrieving revision 1.20 diff -u -r1.19 -r1.20 --- modify.c 13 Nov 2008 23:08:18 -0000 1.19 +++ modify.c 5 Dec 2008 22:41:52 -0000 1.20 @@ -575,7 +575,7 @@ { if ( !internal_op ) { - slapi_log_access(LDAP_DEBUG_STATS, "conn=%" PRIu64 " op=%d MOD dn=\"%s\"\n", + slapi_log_access(LDAP_DEBUG_STATS, "conn=%" NSPRIu64 " op=%d MOD dn=\"%s\"\n", pb->pb_conn->c_connid, pb->pb_op->o_opid, escape_string(slapi_sdn_get_dn(&sdn), ebuf)); @@ -956,7 +956,7 @@ if (operation_is_flag_set(operation,OP_FLAG_ACTION_LOG_ACCESS)) { - slapi_log_access(LDAP_DEBUG_STATS, "conn=%" PRIu64 " op=%d MOD dn=\"%s\", %s\n", + slapi_log_access(LDAP_DEBUG_STATS, "conn=%" NSPRIu64 " op=%d MOD dn=\"%s\", %s\n", pb->pb_conn->c_connid, pb->pb_op->o_opid, escape_string(slapi_sdn_get_dn(&sdn), ebuf), "user is not allowed to change password"); @@ -976,7 +976,7 @@ { if ( !internal_op ) { - slapi_log_access(LDAP_DEBUG_STATS, "conn=%" PRIu64 " op=%d MOD dn=\"%s\", %s\n", + slapi_log_access(LDAP_DEBUG_STATS, "conn=%" NSPRIu64 " op=%d MOD dn=\"%s\", %s\n", pb->pb_conn->c_connid, pb->pb_op->o_opid, escape_string(slapi_sdn_get_dn(&sdn), ebuf), @@ -1011,7 +1011,7 @@ { if ( !internal_op ) { - slapi_log_access(LDAP_DEBUG_STATS, "conn=%" PRIu64 " op=%d MOD dn=\"%s\", %s\n", + slapi_log_access(LDAP_DEBUG_STATS, "conn=%" NSPRIu64 " op=%d MOD dn=\"%s\", %s\n", pb->pb_conn->c_connid, pb->pb_op->o_opid, escape_string(slapi_sdn_get_dn(&sdn), ebuf), "invalid password syntax"); Index: modrdn.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/modrdn.c,v retrieving revision 1.11 retrieving revision 1.12 diff -u -r1.11 -r1.12 --- modrdn.c 24 Oct 2008 22:36:58 -0000 1.11 +++ modrdn.c 5 Dec 2008 22:41:52 -0000 1.12 @@ -351,7 +351,7 @@ if ( !internal_op ) { slapi_log_access(LDAP_DEBUG_STATS, - "conn=%" PRIu64 " op=%d MODRDN dn=\"%s\" newrdn=\"%s\" newsuperior=\"%s\"\n", + "conn=%" NSPRIu64 " op=%d MODRDN dn=\"%s\" newrdn=\"%s\" newsuperior=\"%s\"\n", pb->pb_conn->c_connid, pb->pb_op->o_opid, escape_string(dn, dnbuf), @@ -374,7 +374,7 @@ if ((rdns = ldap_explode_rdn(newrdn, 0)) == NULL) { slapi_log_error(SLAPI_LOG_FATAL, NULL, - "conn=%" PRIu64 " op=%d MODRDN invalid new RDN (\"%s\")\n", + "conn=%" NSPRIu64 " op=%d MODRDN invalid new RDN (\"%s\")\n", pb->pb_conn->c_connid, pb->pb_op->o_opid, (NULL == newrdn) ? "(null)" : newrdn); @@ -391,7 +391,7 @@ { LDAPDebug(LDAP_DEBUG_ARGS, "ldap_explode_dn of newSuperior failed\n", 0, 0, 0); slapi_log_error(SLAPI_LOG_FATAL, NULL, - "conn=%" PRIu64 " op=%d MODRDN invalid new superior (\"%s\")", + "conn=%" NSPRIu64 " op=%d MODRDN invalid new superior (\"%s\")", pb->pb_conn->c_connid, pb->pb_op->o_opid, (NULL == newsuperior) ? "(null)" : newsuperiorbuf); Index: monitor.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/monitor.c,v retrieving revision 1.8 retrieving revision 1.9 diff -u -r1.8 -r1.9 --- monitor.c 24 Oct 2008 22:36:58 -0000 1.8 +++ monitor.c 5 Dec 2008 22:41:52 -0000 1.9 @@ -75,7 +75,6 @@ struct tm utm; Slapi_Backend *be; char *cookie; - PRUint32 len; vals[0] = &val; vals[1] = NULL; @@ -86,31 +85,26 @@ attrlist_replace( &e->e_attrs, "version", vals ); slapi_ch_free( (void **) &val.bv_val ); - sprintf( buf, "%d", g_get_active_threadcnt() ); + val.bv_len = PR_snprintf( buf, sizeof(buf), "%d", g_get_active_threadcnt() ); val.bv_val = buf; - val.bv_len = strlen( buf ); attrlist_replace( &e->e_attrs, "threads", vals ); connection_table_as_entry(the_connection_table, e); - sprintf( buf, "%" PRIu64, slapi_counter_get_value(ops_initiated) ); + val.bv_len = PR_snprintf( buf, sizeof(buf), "%" NSPRIu64, slapi_counter_get_value(ops_initiated) ); val.bv_val = buf; - val.bv_len = strlen( buf ); attrlist_replace( &e->e_attrs, "opsinitiated", vals ); - sprintf( buf, "%" PRIu64, slapi_counter_get_value(ops_completed) ); + val.bv_len = PR_snprintf( buf, sizeof(buf), "%" NSPRIu64, slapi_counter_get_value(ops_completed) ); val.bv_val = buf; - val.bv_len = strlen( buf ); attrlist_replace( &e->e_attrs, "opscompleted", vals ); - len = PR_snprintf ( buf, BUFSIZ, "%" PRIu64, g_get_num_entries_sent() ); + val.bv_len = PR_snprintf ( buf, sizeof(buf), "%" NSPRIu64, g_get_num_entries_sent() ); val.bv_val = buf; - val.bv_len = ( unsigned long ) len; attrlist_replace( &e->e_attrs, "entriessent", vals ); - len = PR_snprintf ( buf, BUFSIZ, "%" PRIu64, g_get_num_bytes_sent() ); + val.bv_len = PR_snprintf ( buf, sizeof(buf), "%" NSPRIu64, g_get_num_bytes_sent() ); val.bv_val = buf; - val.bv_len = ( unsigned long ) len; attrlist_replace( &e->e_attrs, "bytessent", vals ); #ifdef _WIN32 @@ -141,15 +135,13 @@ val.bv_len = strlen( buf ); attrlist_replace( &e->e_attrs, "starttime", vals ); - sprintf( buf, "%d", be_nbackends_public() ); + val.bv_len = PR_snprintf( buf, sizeof(buf), "%d", be_nbackends_public() ); val.bv_val = buf; - val.bv_len = strlen( buf ); attrlist_replace( &e->e_attrs, "nbackends", vals ); #ifdef THREAD_SUNOS5_LWP - sprintf( buf, "%d", thr_getconcurrency() ); + val.bv_len = PR_snprintf( buf, sizeof(buf), "%d", thr_getconcurrency() ); val.bv_val = buf; - val.bv_len = strlen( buf ); attrlist_replace( &e->e_attrs, "concurrency", vals ); #endif Index: opshared.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/opshared.c,v retrieving revision 1.13 retrieving revision 1.14 diff -u -r1.13 -r1.14 --- opshared.c 17 Oct 2008 22:12:47 -0000 1.13 +++ opshared.c 5 Dec 2008 22:41:52 -0000 1.14 @@ -230,7 +230,7 @@ { char *fmtstr; -#define SLAPD_SEARCH_FMTSTR_BASE "conn=%" PRIu64 " op=%d SRCH base=\"%s\" scope=%d " +#define SLAPD_SEARCH_FMTSTR_BASE "conn=%" NSPRIu64 " op=%d SRCH base=\"%s\" scope=%d " #define SLAPD_SEARCH_FMTSTR_BASE_INT "conn=%s op=%d SRCH base=\"%s\" scope=%d " #define SLAPD_SEARCH_FMTSTR_REMAINDER " attrs=%s%s\n" @@ -1329,7 +1329,7 @@ void op_shared_log_error_access (Slapi_PBlock *pb, const char *type, const char *dn, const char *msg) { char ebuf[BUFSIZ]; - slapi_log_access( LDAP_DEBUG_STATS, "conn=%" PRIu64 " op=%d %s dn=\"%s\", %s\n", + slapi_log_access( LDAP_DEBUG_STATS, "conn=%" NSPRIu64 " op=%d %s dn=\"%s\", %s\n", ( pb->pb_conn ? pb->pb_conn->c_connid : 0), ( pb->pb_op ? pb->pb_op->o_opid : 0), type, Index: psearch.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/psearch.c,v retrieving revision 1.10 retrieving revision 1.11 diff -u -r1.10 -r1.11 --- psearch.c 17 Oct 2008 22:12:47 -0000 1.10 +++ psearch.c 5 Dec 2008 22:41:52 -0000 1.11 @@ -305,7 +305,7 @@ if (conn_acq_flag) { slapi_log_error(SLAPI_LOG_CONNS, "Persistent Search", - "conn=%" PRIu64 " op=%d Could not acquire the connection - psearch aborted\n", + "conn=%" NSPRIu64 " op=%d Could not acquire the connection - psearch aborted\n", ps->ps_pblock->pb_conn->c_connid, ps->ps_pblock->pb_op->o_opid); } @@ -315,7 +315,7 @@ /* Check for an abandoned operation */ if ( ps->ps_pblock->pb_op == NULL || slapi_op_abandoned( ps->ps_pblock ) ) { slapi_log_error(SLAPI_LOG_CONNS, "Persistent Search", - "conn=%" PRIu64 " op=%d The operation has been abandoned\n", + "conn=%" NSPRIu64 " op=%d The operation has been abandoned\n", ps->ps_pblock->pb_conn->c_connid, ps->ps_pblock->pb_op->o_opid); break; } @@ -373,7 +373,7 @@ ectrls, attrs, attrsonly ); if (rc) { slapi_log_error(SLAPI_LOG_CONNS, "Persistent Search", - "conn=%" PRIu64 " op=%d Error %d sending entry %s with op status %d\n", + "conn=%" NSPRIu64 " op=%d Error %d sending entry %s with op status %d\n", ps->ps_pblock->pb_conn->c_connid, ps->ps_pblock->pb_op->o_opid, rc, slapi_entry_get_dn_const(ec), ps->ps_pblock->pb_op->o_status); } @@ -421,7 +421,7 @@ PR_Lock( ps->ps_pblock->pb_conn->c_mutex ); slapi_log_error(SLAPI_LOG_CONNS, "Persistent Search", - "conn=%" PRIu64 " op=%d Releasing the connection and operation\n", + "conn=%" NSPRIu64 " op=%d Releasing the connection and operation\n", ps->ps_pblock->pb_conn->c_connid, ps->ps_pblock->pb_op->o_opid); /* Delete this op from the connection's list */ connection_remove_operation( ps->ps_pblock->pb_conn, ps->ps_pblock->pb_op ); @@ -557,7 +557,7 @@ } slapi_log_error(SLAPI_LOG_CONNS, "Persistent Search", - "conn=%" PRIu64 " op=%d entry %s with chgtype %d " + "conn=%" NSPRIu64 " op=%d entry %s with chgtype %d " "matches the ps changetype %d\n", ps->ps_pblock->pb_conn->c_connid, ps->ps_pblock->pb_op->o_opid, edn, chgtype, ps->ps_changetypes); Index: result.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/result.c,v retrieving revision 1.17 retrieving revision 1.18 diff -u -r1.17 -r1.18 --- result.c 24 Nov 2008 17:16:55 -0000 1.17 +++ result.c 5 Dec 2008 22:41:52 -0000 1.18 @@ -1641,7 +1641,7 @@ PR_snprintf(etime, ETIME_BUFSIZ, "%f", (PRFloat64)delta/PR_TicksPerSecond()); } else { - PR_snprintf(etime, ETIME_BUFSIZ, "%d", current_time() - op->o_time); + PR_snprintf(etime, ETIME_BUFSIZ, "%ld", current_time() - op->o_time); } if ( 0 == pb->pb_operation_notes ) { @@ -1672,7 +1672,7 @@ if ( !internal_op ) { slapi_log_access( LDAP_DEBUG_STATS, - "conn=%" PRIu64 " op=%d RESULT err=%d" + "conn=%" NSPRIu64 " op=%d RESULT err=%d" " tag=%u nentries=%d etime=%s%s%s" ", SASL bind in progress\n", op->o_connid, @@ -1704,7 +1704,7 @@ if ( !internal_op ) { slapi_log_access( LDAP_DEBUG_STATS, - "conn=%" PRIu64 " op=%d RESULT err=%d" + "conn=%" NSPRIu64 " op=%d RESULT err=%d" " tag=%u nentries=%d etime=%s%s%s" " dn=\"%s\"\n", op->o_connid, @@ -1730,7 +1730,7 @@ if ( !internal_op ) { slapi_log_access( LDAP_DEBUG_STATS, - "conn=%" PRIu64 " op=%d RESULT err=%d" + "conn=%" NSPRIu64 " op=%d RESULT err=%d" " tag=%u nentries=%d etime=%s%s%s\n", op->o_connid, op->o_opid, @@ -1763,7 +1763,7 @@ if ( !internal_op ) { - slapi_log_access( LDAP_DEBUG_STATS2, "conn=%" PRIu64 " op=%d ENTRY dn=\"%s\"\n", + slapi_log_access( LDAP_DEBUG_STATS2, "conn=%" NSPRIu64 " op=%d ENTRY dn=\"%s\"\n", op->o_connid, op->o_opid, escape_string( slapi_entry_get_dn_const(e), ebuf )); } @@ -1788,7 +1788,7 @@ if ( !internal_op ) { - slapi_log_access( LDAP_DEBUG_STATS2, "conn=%" PRIu64 " op=%d REFERRAL\n", + slapi_log_access( LDAP_DEBUG_STATS2, "conn=%" NSPRIu64 " op=%d REFERRAL\n", op->o_connid, op->o_opid ); } else Index: sasl_io.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/sasl_io.c,v retrieving revision 1.17 retrieving revision 1.18 diff -u -r1.17 -r1.18 --- sasl_io.c 26 Nov 2008 17:32:21 -0000 1.17 +++ sasl_io.c 5 Dec 2008 22:41:52 -0000 1.18 @@ -82,7 +82,7 @@ int ret = 0; LDAPDebug( LDAP_DEBUG_CONNS, - "sasl_io_enable for connection %" PRIu64 "\n", c->c_connid, 0, 0 ); + "sasl_io_enable for connection %" NSPRIu64 "\n", c->c_connid, 0, 0 ); /* Flag that we should enable SASL I/O for the next read operation on this connection */ c->c_enable_sasl_io = 1; @@ -108,7 +108,7 @@ sasl_io_private *sp = (sasl_io_private*) slapi_ch_calloc(1, sizeof(sasl_io_private)); LDAPDebug( LDAP_DEBUG_CONNS, - "sasl_io_setup for connection %" PRIu64 "\n", c->c_connid, 0, 0 ); + "sasl_io_setup for connection %" NSPRIu64 "\n", c->c_connid, 0, 0 ); /* Get the current functions and store them for later */ real_iofns->lbextiofn_size = LBER_X_EXTIO_FNS_SIZE; ber_sockbuf_get_option( c->c_sb, LBER_SOCKBUF_OPT_EXT_IO_FNS, real_iofns ); @@ -142,7 +142,7 @@ sasl_io_private *sp = c->c_sasl_io_private; if (sp) { LDAPDebug( LDAP_DEBUG_CONNS, - "sasl_io_cleanup for connection %" PRIu64 "\n", c->c_connid, 0, 0 ); + "sasl_io_cleanup for connection %" NSPRIu64 "\n", c->c_connid, 0, 0 ); /* Free the buffers */ slapi_ch_free((void**)&(sp->encrypted_buffer)); slapi_ch_free((void**)&(sp->decrypted_buffer)); @@ -204,7 +204,7 @@ } if (ret != 0 && ret < sizeof(buffer)) { LDAPDebug( LDAP_DEBUG_ANY, - "failed to read sasl packet length on connection %" PRIu64 "\n", c->c_connid, 0, 0 ); + "failed to read sasl packet length on connection %" NSPRIu64 "\n", c->c_connid, 0, 0 ); return -1; } @@ -215,7 +215,7 @@ packet_length += 4; LDAPDebug( LDAP_DEBUG_CONNS, - "read sasl packet length %ld on connection %" PRIu64 "\n", packet_length, c->c_connid, 0 ); + "read sasl packet length %ld on connection %" NSPRIu64 "\n", packet_length, c->c_connid, 0 ); /* Check if the packet length is larger than our max allowed. A * setting of -1 means that we allow any size SASL IO packet. */ @@ -270,7 +270,7 @@ *err = 0; LDAPDebug( LDAP_DEBUG_CONNS, - "sasl_recv_connection for connection %" PRIu64 "\n", c->c_connid, 0, 0 ); + "sasl_recv_connection for connection %" NSPRIu64 "\n", c->c_connid, 0, 0 ); /* Do we have decrypted data buffered from 'before' ? */ bytes_in_buffer = sp->decrypted_buffer_count - sp->decrypted_buffer_offset; if (0 == bytes_in_buffer) { @@ -297,12 +297,12 @@ const char *output_buffer = NULL; unsigned int output_length = 0; LDAPDebug( LDAP_DEBUG_CONNS, - "sasl_recv_connection finished reading packet for connection %" PRIu64 "\n", c->c_connid, 0, 0 ); + "sasl_recv_connection finished reading packet for connection %" NSPRIu64 "\n", c->c_connid, 0, 0 ); /* Now decode it */ ret = sasl_decode(c->c_sasl_conn,sp->encrypted_buffer,sp->encrypted_buffer_count,&output_buffer,&output_length); if (SASL_OK == ret) { LDAPDebug( LDAP_DEBUG_CONNS, - "sasl_recv_connection decoded packet length %d for connection %" PRIu64 "\n", output_length, c->c_connid, 0 ); + "sasl_recv_connection decoded packet length %d for connection %" NSPRIu64 "\n", output_length, c->c_connid, 0 ); if (output_length) { sasl_io_resize_decrypted_buffer(sp,output_length); memcpy(sp->decrypted_buffer,output_buffer,output_length); @@ -313,7 +313,7 @@ } } else { LDAPDebug( LDAP_DEBUG_ANY, - "sasl_recv_connection failed to decode packet for connection %" PRIu64 "\n", c->c_connid, 0, 0 ); + "sasl_recv_connection failed to decode packet for connection %" NSPRIu64 "\n", c->c_connid, 0, 0 ); } } } Index: search.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/search.c,v retrieving revision 1.11 retrieving revision 1.12 diff -u -r1.11 -r1.12 --- search.c 24 Oct 2008 22:36:58 -0000 1.11 +++ search.c 5 Dec 2008 22:41:52 -0000 1.12 @@ -384,7 +384,7 @@ { char ebuf[BUFSIZ]; slapi_log_access(LDAP_DEBUG_STATS, - "conn=%" PRIu64 " op=%d SRCH base=\"%s\" scope=%d filter=\"%s\", %s\n", + "conn=%" NSPRIu64 " op=%d SRCH base=\"%s\" scope=%d filter=\"%s\", %s\n", pb->pb_conn->c_connid, pb->pb_op->o_opid, escape_string(base, ebuf), scope, fstr, msg ? msg : ""); Index: slap.h =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/slap.h,v retrieving revision 1.42 retrieving revision 1.43 diff -u -r1.42 -r1.43 --- slap.h 2 Dec 2008 15:29:30 -0000 1.42 +++ slap.h 5 Dec 2008 22:41:52 -0000 1.43 @@ -121,14 +121,6 @@ #ifdef HAVE_INTTYPES_H #include -/* NSPR uses the print macros a bit differently than ANSI C. We - * need to use ll for a 64-bit integer, even when a long is 64-bit. - */ -#undef PRIu64 -#define PRIu64 "llu" -#undef PRI64 -#define PRI64 "ll" - #else #error Need to define portable format macros such as PRIu64 #endif /* HAVE_INTTYPES_H */ Index: slapi-plugin.h =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/slapi-plugin.h,v retrieving revision 1.35 retrieving revision 1.36 diff -u -r1.35 -r1.36 --- slapi-plugin.h 13 Nov 2008 23:08:18 -0000 1.35 +++ slapi-plugin.h 5 Dec 2008 22:41:52 -0000 1.36 @@ -52,6 +52,37 @@ #include "prtypes.h" #include "ldap.h" +#include "prprf.h" +NSPR_API(PRUint32) PR_snprintf(char *out, PRUint32 outlen, const char *fmt, ...) +#ifdef __GNUC__ + __attribute__ ((format (printf, 3, 4))); +#else + ; +#endif +NSPR_API(char*) PR_smprintf(const char *fmt, ...) +#ifdef __GNUC__ + __attribute__ ((format (printf, 1, 2))); +#else + ; +#endif +NSPR_API(char*) PR_sprintf_append(char *last, const char *fmt, ...) +#ifdef __GNUC__ + __attribute__ ((format (printf, 2, 3))); +#else + ; +#endif +NSPR_API(PRUint32) PR_fprintf(struct PRFileDesc* fd, const char *fmt, ...) +#ifdef __GNUC__ + __attribute__ ((format (printf, 2, 3))); +#else + ; +#endif + +/* NSPR uses the print macros a bit differently than ANSI C. We + * need to use ll for a 64-bit integer, even when a long is 64-bit. + */ +#define NSPRIu64 "llu" +#define NSPRI64 "ll" /* * The slapi_attr_get_flags() routine returns a bitmap that contains one or @@ -1041,7 +1072,13 @@ /* * logging */ -int slapi_log_error( int severity, char *subsystem, char *fmt, ... ); +int slapi_log_error( int severity, char *subsystem, char *fmt, ... ) +#ifdef __GNUC__ + __attribute__ ((format (printf, 3, 4))); +#else + ; +#endif + /* allowed values for the "severity" parameter */ #define SLAPI_LOG_FATAL 0 #define SLAPI_LOG_TRACE 1 Index: snmp_collator.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/snmp_collator.c,v retrieving revision 1.17 retrieving revision 1.18 diff -u -r1.17 -r1.18 --- snmp_collator.c 28 Oct 2008 00:18:27 -0000 1.17 +++ snmp_collator.c 5 Dec 2008 22:41:52 -0000 1.18 @@ -765,7 +765,7 @@ add_counter_to_value(Slapi_Entry *e, const char *type, PRUint64 countervalue) { char value[40]; - sprintf(value,"%" PRIu64, countervalue); + PR_snprintf(value,sizeof(value),"%" NSPRIu64, countervalue); slapi_entry_attr_set_charptr( e, type, value); } Index: ssl.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/ssl.c,v retrieving revision 1.20 retrieving revision 1.21 diff -u -r1.20 -r1.21 --- ssl.c 2 Dec 2008 15:29:30 -0000 1.20 +++ ssl.c 5 Dec 2008 22:41:52 -0000 1.21 @@ -166,7 +166,7 @@ cipher_names = (char **) slapi_ch_calloc ((number_of_ciphers +1 ) , sizeof(char *)); for (i = 0 ; _conf_ciphers[i].name != NULL; i++ ) { SSL_GetCipherSuiteInfo((PRUint16)_conf_ciphers[i].num,&info,sizeof(info)); - cipher_names[i] = PR_smprintf("%s%s%s%s%s%s%s%s%d\0",_conf_ciphers[i].version,sep,_conf_ciphers[i].name,sep,info.symCipherName,sep,info.macAlgorithmName,sep,info.symKeyBits); + cipher_names[i] = PR_smprintf("%s%s%s%s%s%s%s%s%d",_conf_ciphers[i].version,sep,_conf_ciphers[i].name,sep,info.symCipherName,sep,info.macAlgorithmName,sep,info.symKeyBits); } cipher_names[i] = NULL; } Index: unbind.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/unbind.c,v retrieving revision 1.6 retrieving revision 1.7 diff -u -r1.6 -r1.7 --- unbind.c 17 Oct 2008 22:12:47 -0000 1.6 +++ unbind.c 5 Dec 2008 22:41:53 -0000 1.7 @@ -79,7 +79,7 @@ * UnBindRequest ::= NULL */ if ( ber_get_null( ber ) == LBER_ERROR ) { - slapi_log_access( LDAP_DEBUG_STATS, "conn=%" PRIu64 " op=%d UNBIND," + slapi_log_access( LDAP_DEBUG_STATS, "conn=%" NSPRIu64 " op=%d UNBIND," " decoding error: UnBindRequest not null\n", pb->pb_conn->c_connid, operation->o_opid ); /* LDAPv3 does not allow a response to an unbind... so just return. */ @@ -92,7 +92,7 @@ * pass them to the backend. */ if ( (err = get_ldapmessage_controls( pb, ber, NULL )) != 0 ) { - slapi_log_access( LDAP_DEBUG_STATS, "conn=%" PRIu64 " op=%d UNBIND," + slapi_log_access( LDAP_DEBUG_STATS, "conn=%" NSPRIu64 " op=%d UNBIND," " error processing controls - error %d (%s)\n", pb->pb_conn->c_connid, operation->o_opid, err, ldap_err2string( err )); @@ -107,7 +107,7 @@ /* ONREPL - plugins should be called and passed bind dn and, possibly, other data */ - slapi_log_access( LDAP_DEBUG_STATS, "conn=%" PRIu64 " op=%d UNBIND\n", + slapi_log_access( LDAP_DEBUG_STATS, "conn=%" NSPRIu64 " op=%d UNBIND\n", pb->pb_conn->c_connid, operation->o_opid ); /* pass the unbind to all backends */ Index: util.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/util.c,v retrieving revision 1.20 retrieving revision 1.21 diff -u -r1.20 -r1.21 --- util.c 2 Dec 2008 15:29:31 -0000 1.20 +++ util.c 5 Dec 2008 22:41:53 -0000 1.21 @@ -1161,7 +1161,7 @@ } else if (rc == 0) { /* timeout */ rc = LDAP_TIMEOUT; slapi_log_error(SLAPI_LOG_FATAL, "slapi_ldap_bind", - "Error: timeout after [%d.%d] seconds reading " + "Error: timeout after [%ld.%ld] seconds reading " "bind response for [%s] mech [%s]\n", timeout ? timeout->tv_sec : 0, timeout ? timeout->tv_usec : 0, From rmeggins at fedoraproject.org Fri Dec 5 22:41:52 2008 From: rmeggins at fedoraproject.org (Richard Allen Megginson) Date: Fri, 5 Dec 2008 22:41:52 +0000 (UTC) Subject: [Fedora-directory-commits] ldapserver/ldap/include ldaplog.h, 1.6, 1.7 Message-ID: <20081205224222.7F73170121@cvs1.fedora.phx.redhat.com> Author: rmeggins Update of /cvs/dirsec/ldapserver/ldap/include In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv13701/ldapserver/ldap/include Modified Files: ldaplog.h Log Message: Resolves: bug 454030 Bug Description: Need to address 64-bit compiler warnings - again Reviewed by: nhosoi (Thanks!) Fix Description: This patch cleans up most of the other remaining compiler warnings. I compiled the directory server code with these flags on RHEL5 x86_64: -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic I also enabled argument/format match checking for most of the commonly used varadic functions. Most of the problems I found fell into these categories: 1) Too many or not enough arguments e.g. most everything that uses or did use LDAPDebug had extra 0,0 arguments. If they had been switched to use slapi_log_error, I removed the extra arguments - for those places still using LDAPDebug, I introduced more macros to handle the number of arguments, since C macros cannot be varadic. 2) When using NSPR formatting functions, we have to use %llu or %lld for 64-bit values, even on 64-bit systems. However, for regular system formatting functions, we have to use %ld or %lu. I introduced two new macros NSPRIu64 and NSPRI64 to handle cases where we are passing explicit 64-bit values to NSPR formatting functions, so that we can use the regular PRIu64 and PRI64 macros for regular system formatting functions. I also made sure we used NSPRI* only with NSPR functions, and used PRI* only with system functions. 3) use %lu for size_t and %ld for time_t I did find a few "real" errors, places that the code was doing something definitely not right: https://bugzilla.redhat.com/attachment.cgi?id=325774&action=diff#ldapserver/ldap/servers/plugins/acl/aclinit.c_sec4 https://bugzilla.redhat.com/attachment.cgi?id=325774&action=diff#ldapserver/ldap/servers/plugins/acl/acllas.c_sec17 https://bugzilla.redhat.com/attachment.cgi?id=325774&action=diff#ldapserver/ldap/servers/plugins/http/http_impl.c_sec1 https://bugzilla.redhat.com/attachment.cgi?id=325774&action=diff#ldapserver/ldap/servers/plugins/memberof/memberof.c_sec1 https://bugzilla.redhat.com/attachment.cgi?id=325774&action=diff#ldapserver/ldap/servers/plugins/pam_passthru/pam_ptimpl.c_sec1 https://bugzilla.redhat.com/attachment.cgi?id=325774&action=diff#ldapserver/ldap/servers/plugins/replication/cl5_api.c_sec5 https://bugzilla.redhat.com/attachment.cgi?id=325774&action=diff#ldapserver/ldap/servers/plugins/replication/cl5_clcache.c_sec2 https://bugzilla.redhat.com/attachment.cgi?id=325774&action=diff#ldapserver/ldap/servers/plugins/replication/replutil.c_sec1 https://bugzilla.redhat.com/attachment.cgi?id=325774&action=diff#ldapserver/ldap/servers/slapd/libglobs.c_sec1 https://bugzilla.redhat.com/attachment.cgi?id=325774&action=diff#ldapserver/ldap/servers/slapd/back-ldbm/dbverify.c_sec2 https://bugzilla.redhat.com/attachment.cgi?id=325774&action=diff#ldapserver/ldap/servers/slapd/back-ldbm/ldif2ldbm.c_sec3 This is why it's important to use this compiler checking, and why it's important to fix compiler warnings, if for no other reason than the sheer noise from so many warnings can mask real errors. Platforms tested: RHEL5 Flag Day: no Doc impact: no Index: ldaplog.h =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/include/ldaplog.h,v retrieving revision 1.6 retrieving revision 1.7 diff -u -r1.6 -r1.7 --- ldaplog.h 10 Nov 2006 23:44:41 -0000 1.6 +++ ldaplog.h 5 Dec 2008 22:41:50 -0000 1.7 @@ -73,9 +73,15 @@ /* Disable by default */ #define LDAPDebug( level, fmt, arg1, arg2, arg3 ) #define LDAPDebugLevelIsSet( level ) (0) +#define LDAPDebug0Args( level, fmt ) +#define LDAPDebug1Arg( level, fmt, arg ) +#define LDAPDebug2Args( level, fmt, arg1, arg2 ) #ifdef LDAP_DEBUG # undef LDAPDebug +# undef LDAPDebug0Args +# undef LDAPDebug1Arg +# undef LDAPDebug2Args # undef LDAPDebugLevelIsSet /* SLAPD_LOGGING should not be on for WINSOCK (16-bit Windows) */ @@ -90,6 +96,24 @@ slapd_log_error_proc( NULL, fmt, arg1, arg2, arg3 ); \ } \ } +# define LDAPDebug0Args( level, fmt ) \ + { \ + if ( *module_ldap_debug & level ) { \ + slapd_log_error_proc( NULL, fmt ); \ + } \ + } +# define LDAPDebug1Arg( level, fmt, arg ) \ + { \ + if ( *module_ldap_debug & level ) { \ + slapd_log_error_proc( NULL, fmt, arg ); \ + } \ + } +# define LDAPDebug2Args( level, fmt, arg1, arg2 ) \ + { \ + if ( *module_ldap_debug & level ) { \ + slapd_log_error_proc( NULL, fmt, arg1, arg2 ); \ + } \ + } # define LDAPDebugLevelIsSet( level ) (0 != (*module_ldap_debug & level)) # else /* Not _WIN32 */ extern int slapd_ldap_debug; @@ -99,6 +123,24 @@ slapd_log_error_proc( NULL, fmt, arg1, arg2, arg3 ); \ } \ } +# define LDAPDebug0Args( level, fmt ) \ + { \ + if ( slapd_ldap_debug & level ) { \ + slapd_log_error_proc( NULL, fmt ); \ + } \ + } +# define LDAPDebug1Arg( level, fmt, arg ) \ + { \ + if ( slapd_ldap_debug & level ) { \ + slapd_log_error_proc( NULL, fmt, arg ); \ + } \ + } +# define LDAPDebug2Args( level, fmt, arg1, arg2 ) \ + { \ + if ( slapd_ldap_debug & level ) { \ + slapd_log_error_proc( NULL, fmt, arg1, arg2 ); \ + } \ + } # define LDAPDebugLevelIsSet( level ) (0 != (slapd_ldap_debug & level)) # endif /* Win32 */ # else /* no SLAPD_LOGGING */ @@ -110,6 +152,24 @@ PR_snprintf( msg, sizeof(msg), fmt, arg1, arg2, arg3 ); \ ber_err_print( msg ); \ } +# define LDAPDebug0Args( level, fmt ) \ + if ( slapd_ldap_debug & level ) { \ + char msg[256]; \ + PR_snprintf( msg, sizeof(msg), fmt ); \ + ber_err_print( msg ); \ + } +# define LDAPDebug1Arg( level, fmt, arg ) \ + if ( slapd_ldap_debug & level ) { \ + char msg[256]; \ + PR_snprintf( msg, sizeof(msg), fmt, arg ); \ + ber_err_print( msg ); \ + } +# define LDAPDebug2Args( level, fmt, arg1, arg2 ) \ + if ( slapd_ldap_debug & level ) { \ + char msg[256]; \ + PR_snprintf( msg, sizeof(msg), fmt, arg1, arg2 ); \ + ber_err_print( msg ); \ + } # define LDAPDebugLevelIsSet( level ) (0 != (slapd_ldap_debug & level)) # endif /* SLAPD_LOGGING */ #endif /* LDAP_DEBUG */ From rmeggins at fedoraproject.org Fri Dec 5 22:41:52 2008 From: rmeggins at fedoraproject.org (Richard Allen Megginson) Date: Fri, 5 Dec 2008 22:41:52 +0000 (UTC) Subject: [Fedora-directory-commits] ldapserver/ldap/servers/plugins/chainingdb cb_conn_stateless.c, 1.10, 1.11 Message-ID: <20081205224222.EF69C70100@cvs1.fedora.phx.redhat.com> Author: rmeggins Update of /cvs/dirsec/ldapserver/ldap/servers/plugins/chainingdb In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv13701/ldapserver/ldap/servers/plugins/chainingdb Modified Files: cb_conn_stateless.c Log Message: Resolves: bug 454030 Bug Description: Need to address 64-bit compiler warnings - again Reviewed by: nhosoi (Thanks!) Fix Description: This patch cleans up most of the other remaining compiler warnings. I compiled the directory server code with these flags on RHEL5 x86_64: -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic I also enabled argument/format match checking for most of the commonly used varadic functions. Most of the problems I found fell into these categories: 1) Too many or not enough arguments e.g. most everything that uses or did use LDAPDebug had extra 0,0 arguments. If they had been switched to use slapi_log_error, I removed the extra arguments - for those places still using LDAPDebug, I introduced more macros to handle the number of arguments, since C macros cannot be varadic. 2) When using NSPR formatting functions, we have to use %llu or %lld for 64-bit values, even on 64-bit systems. However, for regular system formatting functions, we have to use %ld or %lu. I introduced two new macros NSPRIu64 and NSPRI64 to handle cases where we are passing explicit 64-bit values to NSPR formatting functions, so that we can use the regular PRIu64 and PRI64 macros for regular system formatting functions. I also made sure we used NSPRI* only with NSPR functions, and used PRI* only with system functions. 3) use %lu for size_t and %ld for time_t I did find a few "real" errors, places that the code was doing something definitely not right: https://bugzilla.redhat.com/attachment.cgi?id=325774&action=diff#ldapserver/ldap/servers/plugins/acl/aclinit.c_sec4 https://bugzilla.redhat.com/attachment.cgi?id=325774&action=diff#ldapserver/ldap/servers/plugins/acl/acllas.c_sec17 https://bugzilla.redhat.com/attachment.cgi?id=325774&action=diff#ldapserver/ldap/servers/plugins/http/http_impl.c_sec1 https://bugzilla.redhat.com/attachment.cgi?id=325774&action=diff#ldapserver/ldap/servers/plugins/memberof/memberof.c_sec1 https://bugzilla.redhat.com/attachment.cgi?id=325774&action=diff#ldapserver/ldap/servers/plugins/pam_passthru/pam_ptimpl.c_sec1 https://bugzilla.redhat.com/attachment.cgi?id=325774&action=diff#ldapserver/ldap/servers/plugins/replication/cl5_api.c_sec5 https://bugzilla.redhat.com/attachment.cgi?id=325774&action=diff#ldapserver/ldap/servers/plugins/replication/cl5_clcache.c_sec2 https://bugzilla.redhat.com/attachment.cgi?id=325774&action=diff#ldapserver/ldap/servers/plugins/replication/replutil.c_sec1 https://bugzilla.redhat.com/attachment.cgi?id=325774&action=diff#ldapserver/ldap/servers/slapd/libglobs.c_sec1 https://bugzilla.redhat.com/attachment.cgi?id=325774&action=diff#ldapserver/ldap/servers/slapd/back-ldbm/dbverify.c_sec2 https://bugzilla.redhat.com/attachment.cgi?id=325774&action=diff#ldapserver/ldap/servers/slapd/back-ldbm/ldif2ldbm.c_sec3 This is why it's important to use this compiler checking, and why it's important to fix compiler warnings, if for no other reason than the sheer noise from so many warnings can mask real errors. Platforms tested: RHEL5 Flag Day: no Doc impact: no Index: cb_conn_stateless.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/plugins/chainingdb/cb_conn_stateless.c,v retrieving revision 1.10 retrieving revision 1.11 diff -u -r1.10 -r1.11 --- cb_conn_stateless.c 2 Dec 2008 15:29:30 -0000 1.10 +++ cb_conn_stateless.c 5 Dec 2008 22:41:50 -0000 1.11 @@ -287,7 +287,7 @@ conn->refcount < maxconcurrency)){ if (cb_debug_on()) { slapi_log_error( SLAPI_LOG_PLUGIN, CB_PLUGIN_SUBSYSTEM, - "<= cb_get_connection server found conn 0x%x to use)\n", conn ); + "<= cb_get_connection server found conn 0x%p to use)\n", conn ); } goto unlock_and_return; /* found one */ } @@ -298,7 +298,7 @@ for ( conn = pool->conn.conn_list; conn != NULL; conn = conn->next ) { if (cb_debug_on()) { slapi_log_error( SLAPI_LOG_PLUGIN, CB_PLUGIN_SUBSYSTEM, - "list: conn 0x%x status %d refcount %d\n", conn, + "list: conn 0x%p status %d refcount %lu\n", conn, conn->status, conn->refcount ); } @@ -306,7 +306,7 @@ && conn->refcount < maxconcurrency ) { if (cb_debug_on()) { slapi_log_error( SLAPI_LOG_PLUGIN, CB_PLUGIN_SUBSYSTEM, - "<= cb_get_connection server found conn 0x%x to use)\n", conn ); + "<= cb_get_connection server found conn 0x%p to use)\n", conn ); } goto unlock_and_return; /* found one */ } @@ -365,8 +365,7 @@ { if (cb_debug_on()) { slapi_log_error( SLAPI_LOG_PLUGIN, CB_PLUGIN_SUBSYSTEM, - "Internal credentials decoding error\n.", - 0, 0, 0); + "Internal credentials decoding error\n."); } rc = LDAP_LOCAL_ERROR; goto unlock_and_return; @@ -463,7 +462,7 @@ if (cb_debug_on()) { slapi_log_error( SLAPI_LOG_PLUGIN, CB_PLUGIN_SUBSYSTEM, - "<= cb_get_connection added new conn 0x%x, " + "<= cb_get_connection added new conn 0x%p, " "conn count now %d\n", conn->ld, pool->conn.conn_list_count ); } goto unlock_and_return; /* got a new one */ @@ -489,7 +488,7 @@ *cc=conn; if (cb_debug_on()) { slapi_log_error( SLAPI_LOG_PLUGIN, CB_PLUGIN_SUBSYSTEM, - "<== cb_get_connection ld=0x%x (concurrency now %d)\n",*lld, conn->refcount ); + "<== cb_get_connection ld=0x%p (concurrency now %lu)\n",*lld, conn->refcount ); } } else { @@ -542,14 +541,14 @@ if ( conn == NULL ) { /* ld not found -- unexpected */ slapi_log_error( SLAPI_LOG_PLUGIN, CB_PLUGIN_SUBSYSTEM, - "==> cb_release_op_connection ld=0x%x not found\n", lld ); + "==> cb_release_op_connection ld=0x%p not found\n", lld ); } else { --conn->refcount; if (cb_debug_on()) { slapi_log_error( SLAPI_LOG_PLUGIN, CB_PLUGIN_SUBSYSTEM, - "release conn 0x%x status %d refcount after release %d\n", conn, + "release conn 0x%p status %d refcount after release %lu\n", conn, conn->status, conn->refcount ); } @@ -632,7 +631,7 @@ if ( conn->refcount == 0 ) { if (cb_debug_on()) { slapi_log_error( SLAPI_LOG_PLUGIN, CB_PLUGIN_SUBSYSTEM, - "cb_check_for_stale_connections: conn 0x%x idle and stale\n",conn); + "cb_check_for_stale_connections: conn 0x%p idle and stale\n",conn); } --pool->conn.conn_list_count; if (connprev == NULL) { @@ -653,7 +652,7 @@ } if (cb_debug_on()) { slapi_log_error( SLAPI_LOG_PLUGIN, CB_PLUGIN_SUBSYSTEM, - "cb_check_for_stale_connections: conn 0x%x stale\n",conn); + "cb_check_for_stale_connections: conn 0x%p stale\n",conn); } } connprev = conn ; @@ -677,7 +676,7 @@ if (cb_debug_on()) { slapi_log_error( SLAPI_LOG_PLUGIN, CB_PLUGIN_SUBSYSTEM, - "cb_check_for_stale_connections: conn 0x%x idle and stale\n",conn); + "cb_check_for_stale_connections: conn 0x%p idle and stale\n",conn); } --pool->conn.conn_list_count; conn_next=conn->next; @@ -693,7 +692,7 @@ } if (cb_debug_on()) { slapi_log_error( SLAPI_LOG_PLUGIN, CB_PLUGIN_SUBSYSTEM, - "cb_check_for_stale_connections: conn 0x%x stale\n",conn); + "cb_check_for_stale_connections: conn 0x%p stale\n",conn); } } connprev = conn; From rmeggins at fedoraproject.org Fri Dec 5 22:41:53 2008 From: rmeggins at fedoraproject.org (Richard Allen Megginson) Date: Fri, 5 Dec 2008 22:41:53 +0000 (UTC) Subject: [Fedora-directory-commits] ldapserver/ldap/servers/plugins/http http_impl.c, 1.11, 1.12 Message-ID: <20081205224223.4F28B70122@cvs1.fedora.phx.redhat.com> Author: rmeggins Update of /cvs/dirsec/ldapserver/ldap/servers/plugins/http In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv13701/ldapserver/ldap/servers/plugins/http Modified Files: http_impl.c Log Message: Resolves: bug 454030 Bug Description: Need to address 64-bit compiler warnings - again Reviewed by: nhosoi (Thanks!) Fix Description: This patch cleans up most of the other remaining compiler warnings. I compiled the directory server code with these flags on RHEL5 x86_64: -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic I also enabled argument/format match checking for most of the commonly used varadic functions. Most of the problems I found fell into these categories: 1) Too many or not enough arguments e.g. most everything that uses or did use LDAPDebug had extra 0,0 arguments. If they had been switched to use slapi_log_error, I removed the extra arguments - for those places still using LDAPDebug, I introduced more macros to handle the number of arguments, since C macros cannot be varadic. 2) When using NSPR formatting functions, we have to use %llu or %lld for 64-bit values, even on 64-bit systems. However, for regular system formatting functions, we have to use %ld or %lu. I introduced two new macros NSPRIu64 and NSPRI64 to handle cases where we are passing explicit 64-bit values to NSPR formatting functions, so that we can use the regular PRIu64 and PRI64 macros for regular system formatting functions. I also made sure we used NSPRI* only with NSPR functions, and used PRI* only with system functions. 3) use %lu for size_t and %ld for time_t I did find a few "real" errors, places that the code was doing something definitely not right: https://bugzilla.redhat.com/attachment.cgi?id=325774&action=diff#ldapserver/ldap/servers/plugins/acl/aclinit.c_sec4 https://bugzilla.redhat.com/attachment.cgi?id=325774&action=diff#ldapserver/ldap/servers/plugins/acl/acllas.c_sec17 https://bugzilla.redhat.com/attachment.cgi?id=325774&action=diff#ldapserver/ldap/servers/plugins/http/http_impl.c_sec1 https://bugzilla.redhat.com/attachment.cgi?id=325774&action=diff#ldapserver/ldap/servers/plugins/memberof/memberof.c_sec1 https://bugzilla.redhat.com/attachment.cgi?id=325774&action=diff#ldapserver/ldap/servers/plugins/pam_passthru/pam_ptimpl.c_sec1 https://bugzilla.redhat.com/attachment.cgi?id=325774&action=diff#ldapserver/ldap/servers/plugins/replication/cl5_api.c_sec5 https://bugzilla.redhat.com/attachment.cgi?id=325774&action=diff#ldapserver/ldap/servers/plugins/replication/cl5_clcache.c_sec2 https://bugzilla.redhat.com/attachment.cgi?id=325774&action=diff#ldapserver/ldap/servers/plugins/replication/replutil.c_sec1 https://bugzilla.redhat.com/attachment.cgi?id=325774&action=diff#ldapserver/ldap/servers/slapd/libglobs.c_sec1 https://bugzilla.redhat.com/attachment.cgi?id=325774&action=diff#ldapserver/ldap/servers/slapd/back-ldbm/dbverify.c_sec2 https://bugzilla.redhat.com/attachment.cgi?id=325774&action=diff#ldapserver/ldap/servers/slapd/back-ldbm/ldif2ldbm.c_sec3 This is why it's important to use this compiler checking, and why it's important to fix compiler warnings, if for no other reason than the sheer noise from so many warnings can mask real errors. Platforms tested: RHEL5 Flag Day: no Doc impact: no Index: http_impl.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/plugins/http/http_impl.c,v retrieving revision 1.11 retrieving revision 1.12 diff -u -r1.11 -r1.12 --- http_impl.c 18 Oct 2007 00:08:30 -0000 1.11 +++ http_impl.c 5 Dec 2008 22:41:51 -0000 1.12 @@ -666,7 +666,7 @@ slapi_log_error( SLAPI_LOG_PLUGIN, HTTP_PLUGIN_SUBSYSTEM, "nssReinitializationRequired: vendor is not Fedora \n"); slapi_log_error( SLAPI_LOG_PLUGIN, HTTP_PLUGIN_SUBSYSTEM, - "or version is earlier than 6.0\n", value); + "or version [%s] is earlier than 6.0\n", value?value:"NULL"); nssReinitializationRequired = 1; slapi_free_search_results_internal(resultpb); slapi_pblock_destroy(resultpb); From rmeggins at fedoraproject.org Fri Dec 5 22:41:52 2008 From: rmeggins at fedoraproject.org (Richard Allen Megginson) Date: Fri, 5 Dec 2008 22:41:52 +0000 (UTC) Subject: [Fedora-directory-commits] ldapserver/ldap/servers/plugins/acl acl.c, 1.13, 1.14 acl_ext.c, 1.9, 1.10 aclanom.c, 1.8, 1.9 aclgroup.c, 1.5, 1.6 aclinit.c, 1.7, 1.8 acllas.c, 1.14, 1.15 aclparse.c, 1.12, 1.13 aclplugin.c, 1.5, 1.6 aclutil.c, 1.9, 1.10 Message-ID: <20081205224223.104C870121@cvs1.fedora.phx.redhat.com> Author: rmeggins Update of /cvs/dirsec/ldapserver/ldap/servers/plugins/acl In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv13701/ldapserver/ldap/servers/plugins/acl Modified Files: acl.c acl_ext.c aclanom.c aclgroup.c aclinit.c acllas.c aclparse.c aclplugin.c aclutil.c Log Message: Resolves: bug 454030 Bug Description: Need to address 64-bit compiler warnings - again Reviewed by: nhosoi (Thanks!) Fix Description: This patch cleans up most of the other remaining compiler warnings. I compiled the directory server code with these flags on RHEL5 x86_64: -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic I also enabled argument/format match checking for most of the commonly used varadic functions. Most of the problems I found fell into these categories: 1) Too many or not enough arguments e.g. most everything that uses or did use LDAPDebug had extra 0,0 arguments. If they had been switched to use slapi_log_error, I removed the extra arguments - for those places still using LDAPDebug, I introduced more macros to handle the number of arguments, since C macros cannot be varadic. 2) When using NSPR formatting functions, we have to use %llu or %lld for 64-bit values, even on 64-bit systems. However, for regular system formatting functions, we have to use %ld or %lu. I introduced two new macros NSPRIu64 and NSPRI64 to handle cases where we are passing explicit 64-bit values to NSPR formatting functions, so that we can use the regular PRIu64 and PRI64 macros for regular system formatting functions. I also made sure we used NSPRI* only with NSPR functions, and used PRI* only with system functions. 3) use %lu for size_t and %ld for time_t I did find a few "real" errors, places that the code was doing something definitely not right: https://bugzilla.redhat.com/attachment.cgi?id=325774&action=diff#ldapserver/ldap/servers/plugins/acl/aclinit.c_sec4 https://bugzilla.redhat.com/attachment.cgi?id=325774&action=diff#ldapserver/ldap/servers/plugins/acl/acllas.c_sec17 https://bugzilla.redhat.com/attachment.cgi?id=325774&action=diff#ldapserver/ldap/servers/plugins/http/http_impl.c_sec1 https://bugzilla.redhat.com/attachment.cgi?id=325774&action=diff#ldapserver/ldap/servers/plugins/memberof/memberof.c_sec1 https://bugzilla.redhat.com/attachment.cgi?id=325774&action=diff#ldapserver/ldap/servers/plugins/pam_passthru/pam_ptimpl.c_sec1 https://bugzilla.redhat.com/attachment.cgi?id=325774&action=diff#ldapserver/ldap/servers/plugins/replication/cl5_api.c_sec5 https://bugzilla.redhat.com/attachment.cgi?id=325774&action=diff#ldapserver/ldap/servers/plugins/replication/cl5_clcache.c_sec2 https://bugzilla.redhat.com/attachment.cgi?id=325774&action=diff#ldapserver/ldap/servers/plugins/replication/replutil.c_sec1 https://bugzilla.redhat.com/attachment.cgi?id=325774&action=diff#ldapserver/ldap/servers/slapd/libglobs.c_sec1 https://bugzilla.redhat.com/attachment.cgi?id=325774&action=diff#ldapserver/ldap/servers/slapd/back-ldbm/dbverify.c_sec2 https://bugzilla.redhat.com/attachment.cgi?id=325774&action=diff#ldapserver/ldap/servers/slapd/back-ldbm/ldif2ldbm.c_sec3 This is why it's important to use this compiler checking, and why it's important to fix compiler warnings, if for no other reason than the sheer noise from so many warnings can mask real errors. Platforms tested: RHEL5 Flag Day: no Doc impact: no Index: acl.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/plugins/acl/acl.c,v retrieving revision 1.13 retrieving revision 1.14 diff -u -r1.13 -r1.14 --- acl.c 13 Nov 2008 23:08:17 -0000 1.13 +++ acl.c 5 Dec 2008 22:41:50 -0000 1.14 @@ -297,7 +297,7 @@ if ( !privateBackend && (be_readonly || slapi_config_get_readonly () )){ slapi_log_error (loglevel, plugin_name, - "conn=%" PRIu64 " op=%d (main): Deny %s on entry(%s)" + "conn=%" NSPRIu64 " op=%d (main): Deny %s on entry(%s)" ": readonly backend\n", op->o_connid, op->o_opid, acl_access2str(access), @@ -310,7 +310,7 @@ TNF_PROBE_0_DEBUG(acl_skipaccess_start,"ACL",""); if ( acl_skip_access_check ( pb, e )) { slapi_log_error (loglevel, plugin_name, - "conn=%" PRIu64 " op=%d (main): Allow %s on entry(%s)" + "conn=%" NSPRIu64 " op=%d (main): Allow %s on entry(%s)" ": root user\n", op->o_connid, op->o_opid, acl_access2str(access), @@ -438,7 +438,7 @@ TNF_PROBE_0_DEBUG(acl_entry_first_touch_start,"ACL",""); slapi_log_error(loglevel, plugin_name, - "#### conn=%" PRIu64 " op=%d binddn=\"%s\"\n", + "#### conn=%" NSPRIu64 " op=%d binddn=\"%s\"\n", op->o_connid, op->o_opid, clientDn); aclpb->aclpb_stat_total_entries++; @@ -504,7 +504,7 @@ if (rv < 0) { slapi_log_error(SLAPI_LOG_ACL, plugin_name, - "Unable to set the Slapi_Entry in the Plist\n",0,0,0); + "Unable to set the Slapi_Entry in the Plist\n"); ret_val = LDAP_OPERATIONS_ERROR; goto cleanup_and_ret; } @@ -570,7 +570,7 @@ slapi_log_error( SLAPI_LOG_ACL, plugin_name, "Processed attr:%s for entry:%s\n", attr ? attr : "NULL", - ACL_ESCAPE_STRING_WITH_PUNCTUATION ( n_edn, ebuf), 0); + ACL_ESCAPE_STRING_WITH_PUNCTUATION ( n_edn, ebuf)); /* ** Now evaluate the rights. @@ -755,7 +755,7 @@ null_user); slapi_log_error(loglevel, plugin_name, - "conn=%" PRIu64 " op=%d (%s): %s %s on entry(%s).attr(%s) to proxy (%s)" + "conn=%" NSPRIu64 " op=%d (%s): %s %s on entry(%s).attr(%s) to proxy (%s)" ": %s\n", op->o_connid, op->o_opid, source, @@ -768,7 +768,7 @@ } else { proxy_user = null_user; slapi_log_error(loglevel, plugin_name, - "conn=%" PRIu64 " op=%d (%s): %s %s on entry(%s).attr(%s) to proxy (%s)" + "conn=%" NSPRIu64 " op=%d (%s): %s %s on entry(%s).attr(%s) to proxy (%s)" ": %s\n", op->o_connid, op->o_opid, source, @@ -781,7 +781,7 @@ } } else{ slapi_log_error(loglevel, plugin_name, - "conn=%" PRIu64 " op=%d (%s): %s %s on entry(%s).attr(%s) to %s" + "conn=%" NSPRIu64 " op=%d (%s): %s %s on entry(%s).attr(%s) to %s" ": %s\n", op->o_connid, op->o_opid, source, @@ -1150,7 +1150,7 @@ slapi_log_error (SLAPI_LOG_ACL, plugin_name, "Root access (%s) allowed on entry(%s)\n", acl_access2str(access), - ACL_ESCAPE_STRING_WITH_PUNCTUATION (n_edn, ebuf), 0); + ACL_ESCAPE_STRING_WITH_PUNCTUATION (n_edn, ebuf)); TNF_PROBE_1_DEBUG(acl_read_access_allowed_on_attr_end ,"ACL","", tnf_string,skip_aclcheck,""); @@ -1219,7 +1219,7 @@ if (aclpb->aclpb_state & ACLPB_ATTR_STAR_MATCHED) { slapi_log_error(SLAPI_LOG_ACL, plugin_name, "STAR Access allowed on attr:%s; entry:%s \n", - attr, ACL_ESCAPE_STRING_WITH_PUNCTUATION (n_edn, ebuf), 0); + attr, ACL_ESCAPE_STRING_WITH_PUNCTUATION (n_edn, ebuf)); decision_reason.reason = ACL_REASON_EVALCONTEXT_CACHED_ATTR_STAR_ALLOW; ret_val = LDAP_SUCCESS; @@ -1575,7 +1575,7 @@ */ if ( group_change ) { slapi_log_error(SLAPI_LOG_ACL, plugin_name, - "Group Change: Invalidating entire UserGroup Cache\n", + "Group Change: Invalidating entire UserGroup Cache %s\n", ACL_ESCAPE_STRING_WITH_PUNCTUATION(n_dn, ebuf)); aclg_regen_group_signature(); if ( (optype == SLAPI_OPERATION_MODIFY) || (optype == SLAPI_OPERATION_DELETE ) ) { @@ -1753,7 +1753,7 @@ new_RDN = (char*) change; slapi_log_error (SLAPI_LOG_ACL, plugin_name, "acl_modified (MODRDN %s => \"%s\"\n", - ACL_ESCAPE_STRING_WITH_PUNCTUATION (n_dn, ebuf), new_RDN, 0); + ACL_ESCAPE_STRING_WITH_PUNCTUATION (n_dn, ebuf), new_RDN); /* compute new_DN: */ parent_DN = slapi_dn_parent (n_dn); @@ -1921,7 +1921,7 @@ aclpb->aclpb_num_allow_handles = allow_handle; slapi_log_error(SLAPI_LOG_ACL, plugin_name, "Num of ALLOW Handles:%d, DENY handles:%d\n", - aclpb->aclpb_num_allow_handles, aclpb->aclpb_num_deny_handles, 0); + aclpb->aclpb_num_allow_handles, aclpb->aclpb_num_deny_handles); TNF_PROBE_0_DEBUG(acl__scan_for_acis_end,"ACL",""); @@ -2057,8 +2057,7 @@ dn_matched = ACL_FALSE; if(rv == ACL_ERR) { slapi_log_error(SLAPI_LOG_ACL, plugin_name, - "acl__resource_match_aci:pattern err\n", - 0,0,0); + "acl__resource_match_aci:pattern err\n"); matches = ACL_FALSE; goto acl__resource_match_aci_EXIT; } @@ -2770,7 +2769,7 @@ if (access & SLAPI_ACL_SEARCH) { if ( result & ACLPB_CACHE_SEARCH_RES_DENY){ slapi_log_error(SLAPI_LOG_ACL, plugin_name, - "DENY:Found SEARCH DENY in cache\n",0,0,0); + "DENY:Found SEARCH DENY in cache\n"); __acl_set_aclIndex_inResult ( aclpb, access, index ); result_reason->deciding_aci = aci; result_reason->reason = ACL_REASON_RESULT_CACHED_DENY; @@ -2780,7 +2779,7 @@ } else if ((result & ACLPB_CACHE_SEARCH_RES_SKIP) || (result & ACLPB_CACHE_SEARCH_RES_ALLOW)) { slapi_log_error(SLAPI_LOG_ACL, plugin_name, - "DENY:Found SEARCH SKIP in cache\n",0,0,0); + "DENY:Found SEARCH SKIP in cache\n"); skip_eval = 1; break; } else { @@ -2789,7 +2788,7 @@ } else { /* must be READ */ if (result & ACLPB_CACHE_READ_RES_DENY) { slapi_log_error(SLAPI_LOG_ACL, plugin_name, - "DENY:Found READ DENY in cache\n",0,0,0); + "DENY:Found READ DENY in cache\n"); __acl_set_aclIndex_inResult ( aclpb, access, index ); result_reason->deciding_aci = aci; result_reason->reason = ACL_REASON_RESULT_CACHED_DENY; @@ -2798,7 +2797,7 @@ return ACL_RES_DENY; } else if ( result & ACLPB_CACHE_READ_RES_SKIP) { slapi_log_error(SLAPI_LOG_ACL, plugin_name, - "DENY:Found READ SKIP in cache\n",0,0,0); + "DENY:Found READ SKIP in cache\n"); skip_eval = 1; break; } else { @@ -2816,8 +2815,7 @@ rv = ACL_EvalSetACL(NULL, acleval, aci->aci_handle); if ( rv < 0) { slapi_log_error(SLAPI_LOG_ACL, plugin_name, - "acl__TestRights:Unable to set the DENY acllist\n", - 0,0,0); + "acl__TestRights:Unable to set the DENY acllist\n"); continue; } /* @@ -2831,7 +2829,7 @@ &deny_generic, &acl_tag, &expr_num); - slapi_log_error( SLAPI_LOG_ACL, plugin_name, "Processed:%d DENY handles Result:%d\n",index, rights_rv,0); + slapi_log_error( SLAPI_LOG_ACL, plugin_name, "Processed:%d DENY handles Result:%d\n",index, rights_rv); if (rights_rv == ACL_RES_FAIL) { result_reason->deciding_aci = aci; @@ -2989,7 +2987,7 @@ return ACL_RES_ALLOW; } else if ( result & ACLPB_CACHE_SEARCH_RES_SKIP) { slapi_log_error(SLAPI_LOG_ACL, plugin_name, - "Found SEARCH SKIP in cache\n",0,0,0); + "Found SEARCH SKIP in cache\n"); skip_eval = 1; break; } else { @@ -2999,7 +2997,7 @@ } else { if ( result & ACLPB_CACHE_READ_RES_ALLOW) { slapi_log_error(SLAPI_LOG_ACL, plugin_name, - "Found READ ALLOW in cache\n",0,0,0); + "Found READ ALLOW in cache\n"); __acl_set_aclIndex_inResult ( aclpb, access, index ); result_reason->deciding_aci = aci; result_reason->reason = ACL_REASON_RESULT_CACHED_ALLOW; @@ -3008,7 +3006,7 @@ return ACL_RES_ALLOW; } else if ( result & ACLPB_CACHE_READ_RES_SKIP) { slapi_log_error(SLAPI_LOG_ACL, plugin_name, - "Found READ SKIP in cache\n",0,0,0); + "Found READ SKIP in cache\n"); skip_eval = 1; break; } else { @@ -3027,8 +3025,7 @@ rv = ACL_EvalSetACL(NULL, acleval, aci->aci_handle); if ( rv < 0) { slapi_log_error(SLAPI_LOG_FATAL, plugin_name, - "acl__TestRights:Unable to set the acllist\n", - 0,0,0); + "acl__TestRights:Unable to set the acllist\n"); continue; } /* @@ -3172,7 +3169,7 @@ /* 2 * in case every char is special */ if (p + 2 * strlen ( initial ) > end) { slapi_log_error (SLAPI_LOG_ACL, plugin_name, - "not enough pattern space\n", 0, 0, 0); + "not enough pattern space\n"); return (ACL_ERR); } @@ -3190,7 +3187,7 @@ /* ".*" + value */ if (p + 2 * strlen ( any[i]) + 2 > end) { slapi_log_error (SLAPI_LOG_ACL, plugin_name, - "not enough pattern space\n", 0, 0, 0); + "not enough pattern space\n"); return (ACL_ERR); } @@ -3206,7 +3203,7 @@ /* ".*" + value */ if (p + 2 * strlen ( final ) + 2 > end) { slapi_log_error (SLAPI_LOG_ACL, plugin_name, - "not enough pattern space\n", 0, 0, 0); + "not enough pattern space\n"); return (ACL_ERR); } @@ -3240,7 +3237,7 @@ slapd_re_lock(); if ((p = slapd_re_comp (pat)) != 0) { slapi_log_error (SLAPI_LOG_ACL, plugin_name, - "acl_match_substring:re_comp failed (%s)\n", p, 0, 0); + "acl_match_substring:re_comp failed (%s)\n", p); slapd_re_unlock(); return (ACL_ERR); } @@ -3368,11 +3365,11 @@ if (aclpb->aclpb_state & ACLPB_HAS_ACLCB_EVALCONTEXT ) { c_evalContext = &aclpb->aclpb_prev_opEval_context; slapi_log_error ( SLAPI_LOG_ACL, plugin_name, - "acl__attr_cached_result:Using Context: ACLPB_ACLCB\n", 0,0,0 ); + "acl__attr_cached_result:Using Context: ACLPB_ACLCB\n" ); } else { c_evalContext = &aclpb->aclpb_prev_entryEval_context; slapi_log_error ( SLAPI_LOG_ACL, plugin_name, - "acl__attr_cached_result:Using Context: ACLPB_PREV\n", 0,0,0 ); + "acl__attr_cached_result:Using Context: ACLPB_PREV\n" ); } if ( attr == NULL ) { Index: acl_ext.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/plugins/acl/acl_ext.c,v retrieving revision 1.9 retrieving revision 1.10 diff -u -r1.9 -r1.10 --- acl_ext.c 17 Oct 2008 22:12:47 -0000 1.9 +++ acl_ext.c 5 Dec 2008 22:41:50 -0000 1.10 @@ -800,14 +800,14 @@ if ( aclpb->aclpb_res_type & ~ACLPB_RESTYPE_ALL ) { slapi_log_error( SLAPI_LOG_FATAL, plugin_name, "The aclpb res_type value (%d) has exceeded. Limit is (%d)\n", - aclpb->aclpb_res_type, ACLPB_RESTYPE_ALL, 0 ); + aclpb->aclpb_res_type, ACLPB_RESTYPE_ALL ); dump_aclpb_info = 1; } if ( dump_aclpb_info ) { const char *ndn; slapi_log_error ( SLAPI_LOG_FATAL, plugin_name, - "ACLPB value is:%p\n", aclpb, 0,0 ); + "ACLPB value is:%p\n", aclpb ); ndn = slapi_sdn_get_ndn ( aclpb->aclpb_curr_entry_sdn ); slapi_log_error ( SLAPI_LOG_FATAL, plugin_name, "curr_entry:%p num_entries:%d curr_dn:%p\n", Index: aclanom.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/plugins/acl/aclanom.c,v retrieving revision 1.8 retrieving revision 1.9 diff -u -r1.8 -r1.9 --- aclanom.c 17 Oct 2008 22:12:47 -0000 1.8 +++ aclanom.c 5 Dec 2008 22:41:50 -0000 1.9 @@ -147,7 +147,7 @@ /* We have a new signature now */ a_profile->anom_signature = acl_get_aclsignature(); - slapi_log_error(SLAPI_LOG_ACL, plugin_name, "GENERATING ANOM USER PROFILE\n", 0,0,0); + slapi_log_error(SLAPI_LOG_ACL, plugin_name, "GENERATING ANOM USER PROFILE\n"); /* ** Go thru the ACL list and find all the ACLs which apply to the ** anonymous user i.e anyone. we can generate a profile for that. @@ -173,7 +173,7 @@ (aci->aci_type & ACI_CONTAIN_NOT_GROUPDN) || (aci->aci_type & ACI_CONTAIN_NOT_ROLEDN)) ){ slapi_log_error(SLAPI_LOG_ACL, plugin_name, - "CANCELLING ANOM USER PROFILE BECAUSE OF DENY RULE\n", 0,0,0); + "CANCELLING ANOM USER PROFILE BECAUSE OF DENY RULE\n"); goto cleanup; } @@ -191,7 +191,7 @@ */ if ( aci->aci_ruleType & ~ACI_USERDN_RULE ){ slapi_log_error(SLAPI_LOG_ACL, plugin_name, - "CANCELLING ANOM USER PROFILE BECAUSE OF COMPLEX RULE\n", 0,0,0); + "CANCELLING ANOM USER PROFILE BECAUSE OF COMPLEX RULE\n"); goto cleanup; } @@ -211,7 +211,7 @@ } else { /* clean up before leaving */ slapi_log_error(SLAPI_LOG_ACL, plugin_name, - "CANCELLING ANOM USER PROFILE 1\n", 0,0,0); + "CANCELLING ANOM USER PROFILE 1\n"); goto cleanup; } @@ -221,7 +221,7 @@ a_numacl = a_profile->anom_numacls++; if ( a_profile->anom_numacls == ACL_ANOM_MAX_ACL ) { - slapi_log_error(SLAPI_LOG_ACL, plugin_name, "CANCELLING ANOM USER PROFILE 2\n", 0,0,0); + slapi_log_error(SLAPI_LOG_ACL, plugin_name, "CANCELLING ANOM USER PROFILE 2\n"); goto cleanup; } @@ -269,7 +269,7 @@ /* clean up before leaving */ __aclanom__del_profile (); slapi_log_error(SLAPI_LOG_ACL, plugin_name, - "CANCELLING ANOM USER PROFILE 3\n", 0,0,0); + "CANCELLING ANOM USER PROFILE 3\n"); goto cleanup; } @@ -543,14 +543,14 @@ aci_ndn = slapi_sdn_get_ndn (acl_anom_profile->anom_targetinfo[i].anom_target); slapi_log_error(loglevel, plugin_name, - "conn=%" PRIu64 " op=%d: Allow access on entry(%s).attr(%s) to anonymous: acidn=\"%s\"\n", + "conn=%" NSPRIu64 " op=%d: Allow access on entry(%s).attr(%s) to anonymous: acidn=\"%s\"\n", op->o_connid, op->o_opid, escape_string_with_punctuation(ndn, ebuf), attr ? attr:"NULL", escape_string_with_punctuation(aci_ndn, ebuf)); } else { slapi_log_error(loglevel, plugin_name, - "conn=%" PRIu64 " op=%d: Deny access on entry(%s).attr(%s) to anonymous\n", + "conn=%" NSPRIu64 " op=%d: Deny access on entry(%s).attr(%s) to anonymous\n", op->o_connid, op->o_opid, escape_string_with_punctuation(ndn, ebuf), attr ? attr:"NULL" ); } Index: aclgroup.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/plugins/acl/aclgroup.c,v retrieving revision 1.5 retrieving revision 1.6 diff -u -r1.5 -r1.6 --- aclgroup.c 10 Nov 2006 23:44:49 -0000 1.5 +++ aclgroup.c 5 Dec 2008 22:41:50 -0000 1.6 @@ -124,7 +124,7 @@ if ( !u_group->aclug_refcnt ) { slapi_log_error( SLAPI_LOG_ACL, plugin_name, - "In traversal group deallocation\n", 0,0,0 ); + "In traversal group deallocation\n" ); __aclg__delete_userGroup (u_group); } } else { @@ -164,7 +164,7 @@ if ( u_group == aclUserGroups->aclg_last ) aclUserGroups->aclg_last = p_group; } - slapi_log_error(SLAPI_LOG_ACL, plugin_name, "acl_init_userGroup: found in cache for dn:%s\n", n_dn,0,0); + slapi_log_error(SLAPI_LOG_ACL, plugin_name, "acl_init_userGroup: found in cache for dn:%s\n", n_dn); } if (!got_lock ) ACLG_ULOCK_GROUPCACHE_WRITE (); } @@ -291,7 +291,7 @@ * That's fine as the invalid one will be deallocated when done. */ - slapi_log_error( SLAPI_LOG_ACL, plugin_name, "ALLOCATING GROUP FOR:%s\n", n_dn,0,0 ); + slapi_log_error( SLAPI_LOG_ACL, plugin_name, "ALLOCATING GROUP FOR:%s\n", n_dn ); u_group = ( aclUserGroup * ) slapi_ch_calloc ( 1, sizeof ( aclUserGroup ) ); u_group->aclug_refcnt = 1; @@ -385,7 +385,7 @@ * be in a condemned state and later deleted. */ - slapi_log_error( SLAPI_LOG_ACL, plugin_name, "DEALLOCATING GROUP FOR:%s\n", u_group->aclug_ndn,0,0 ); + slapi_log_error( SLAPI_LOG_ACL, plugin_name, "DEALLOCATING GROUP FOR:%s\n", u_group->aclug_ndn ); slapi_ch_free ( (void **) &u_group->aclug_ndn ); Index: aclinit.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/plugins/acl/aclinit.c,v retrieving revision 1.7 retrieving revision 1.8 diff -u -r1.7 -r1.8 --- aclinit.c 18 Oct 2007 00:08:27 -0000 1.7 +++ aclinit.c 5 Dec 2008 22:41:50 -0000 1.8 @@ -86,7 +86,7 @@ /* Initialize the LIBACCESS ACL library */ if (ACL_Init() != 0) { slapi_log_error(SLAPI_LOG_FATAL, plugin_name, - "ACL Library Initialization failed\n",0,0,0); + "ACL Library Initialization failed\n"); return 1; } @@ -240,7 +240,7 @@ if ( thisbeonly && be_name == NULL) { slapi_log_error ( SLAPI_LOG_FATAL, plugin_name, - "Error: This be_name must be specified.\n", 0, 0, 0); + "Error: This be_name must be specified.\n"); return -1; } @@ -387,7 +387,7 @@ slapi_log_error ( SLAPI_LOG_FATAL, plugin_name, "Error: This (%s) ACL will not be considered for evaluation" " because of syntax errors.\n", - attrValue->bv_val ? attrValue->bv_val: "NULL", 0, 0); + attrValue->bv_val ? attrValue->bv_val: "NULL"); call_back_data->retCode = rv; } i= slapi_attr_next_value( attr, i, &sval ); @@ -409,7 +409,7 @@ /* We got an error; Log it and then march along */ slapi_log_error ( SLAPI_LOG_FATAL, plugin_name, "Error: ACls not deleted from %s\n", - e_sdn, 0, 0); + slapi_sdn_get_dn(e_sdn)); call_back_data->retCode = rv; } if ( call_back_data->lock_flag == DO_TAKE_ACLCACHE_WRITELOCK) { @@ -458,14 +458,14 @@ if (rv < 0) { acl_print_acllib_err(&errp, NULL); slapi_log_error(SLAPI_LOG_FATAL, plugin_name, - "Unable to Register the methods\n", 0,0,0); + "Unable to Register the methods\n"); return ACL_ERR; } rv = ACL_MethodSetDefault (&errp, methodinfo); if (rv < 0) { acl_print_acllib_err(&errp, NULL); slapi_log_error(SLAPI_LOG_FATAL, plugin_name, - "Unable to Set the default method\n", 0,0,0); + "Unable to Set the default method\n"); return ACL_ERR; } rv = ACL_AttrGetterRegister(&errp, ACL_ATTR_IP, DS_LASIpGetter, @@ -473,7 +473,7 @@ if (rv < 0) { acl_print_acllib_err(&errp, NULL); slapi_log_error(SLAPI_LOG_FATAL, plugin_name, - "Unable to Register Attr ip\n", 0,0,0); + "Unable to Register Attr ip\n"); return ACL_ERR; } rv = ACL_AttrGetterRegister(&errp, ACL_ATTR_DNS, DS_LASDnsGetter, @@ -481,7 +481,7 @@ if (rv < 0) { acl_print_acllib_err(&errp, NULL); slapi_log_error(SLAPI_LOG_FATAL, plugin_name, - "Unable to Register Attr dns\n", 0,0,0); + "Unable to Register Attr dns\n"); return ACL_ERR; } return ACL_OK; @@ -512,59 +512,59 @@ if (ACL_LasRegister(NULL, DS_LAS_USER, (LASEvalFunc_t) DS_LASUserEval, (LASFlushFunc_t) NULL) < 0) { slapi_log_error (SLAPI_LOG_FATAL, plugin_name, - "Unable to register USER Las\n",0,0,0); + "Unable to register USER Las\n"); return ACL_ERR; } if (ACL_LasRegister(NULL, DS_LAS_GROUP, (LASEvalFunc_t) DS_LASGroupEval, (LASFlushFunc_t) NULL) < 0) { slapi_log_error (SLAPI_LOG_FATAL, plugin_name, - "Unable to register GROUP Las\n",0,0,0); + "Unable to register GROUP Las\n"); return ACL_ERR; } if (ACL_LasRegister(NULL, DS_LAS_GROUPDN, (LASEvalFunc_t)DS_LASGroupDnEval, (LASFlushFunc_t)NULL) < 0) { slapi_log_error (SLAPI_LOG_FATAL, plugin_name, - "Unable to register GROUPDN Las\n",0,0,0); + "Unable to register GROUPDN Las\n"); return ACL_ERR; } if (ACL_LasRegister(NULL, DS_LAS_ROLEDN, (LASEvalFunc_t)DS_LASRoleDnEval, (LASFlushFunc_t)NULL) < 0) { slapi_log_error (SLAPI_LOG_FATAL, plugin_name, - "Unable to register ROLEDN Las\n",0,0,0); + "Unable to register ROLEDN Las\n"); return ACL_ERR; } if (ACL_LasRegister(NULL, DS_LAS_USERDN, (LASEvalFunc_t)DS_LASUserDnEval, (LASFlushFunc_t)NULL) < 0) { slapi_log_error (SLAPI_LOG_FATAL, plugin_name, - "Unable to register USERDN Las\n",0,0,0); + "Unable to register USERDN Las\n"); return ACL_ERR; } if (ACL_LasRegister(NULL, DS_LAS_USERDNATTR, (LASEvalFunc_t)DS_LASUserDnAttrEval, (LASFlushFunc_t)NULL) < 0) { slapi_log_error (SLAPI_LOG_FATAL, plugin_name, - "Unable to register USERDNATTR Las\n",0,0,0); + "Unable to register USERDNATTR Las\n"); return ACL_ERR; } if (ACL_LasRegister(NULL, DS_LAS_AUTHMETHOD, (LASEvalFunc_t)DS_LASAuthMethodEval, (LASFlushFunc_t)NULL) < 0) { slapi_log_error (SLAPI_LOG_FATAL, plugin_name, - "Unable to register CLIENTAUTHTYPE Las\n",0,0,0); + "Unable to register CLIENTAUTHTYPE Las\n"); return ACL_ERR; } if (ACL_LasRegister(NULL, DS_LAS_GROUPDNATTR, (LASEvalFunc_t)DS_LASGroupDnAttrEval, (LASFlushFunc_t)NULL) < 0) { slapi_log_error (SLAPI_LOG_FATAL, plugin_name, - "Unable to register GROUPDNATTR Las\n",0,0,0); + "Unable to register GROUPDNATTR Las\n"); return ACL_ERR; } if (ACL_LasRegister(NULL, DS_LAS_USERATTR, (LASEvalFunc_t)DS_LASUserAttrEval, (LASFlushFunc_t)NULL) < 0) { slapi_log_error (SLAPI_LOG_FATAL, plugin_name, - "Unable to register USERATTR Las\n",0,0,0); + "Unable to register USERATTR Las\n"); return ACL_ERR; } return ACL_OK; Index: acllas.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/plugins/acl/acllas.c,v retrieving revision 1.14 retrieving revision 1.15 diff -u -r1.14 -r1.15 --- acllas.c 5 Nov 2008 18:14:37 -0000 1.14 +++ acllas.c 5 Dec 2008 22:41:50 -0000 1.15 @@ -293,7 +293,7 @@ if ( rv != LAS_EVAL_TRUE || ( NULL == aclpb )) { acl_print_acllib_err(errp, NULL); slapi_log_error( SLAPI_LOG_ACL, plugin_name, - "DS_LASIpGetter:Unable to get the ACLPB(%d)\n", rv,0,0); + "DS_LASIpGetter:Unable to get the ACLPB(%d)\n", rv); return LAS_EVAL_FAIL; } @@ -346,7 +346,7 @@ if ( rv != LAS_EVAL_TRUE || ( NULL == aclpb )) { acl_print_acllib_err(errp, NULL); slapi_log_error( SLAPI_LOG_ACL, plugin_name, - "DS_LASDnsGetter:Unable to get the ACLPB(%d)\n", rv,0,0); + "DS_LASDnsGetter:Unable to get the ACLPB(%d)\n", rv); return LAS_EVAL_FAIL; } @@ -424,7 +424,7 @@ PList_t global_auth) { slapi_log_error(SLAPI_LOG_FATAL, plugin_name, - "User LAS is not supported in the ACL\n",0,0,0); + "User LAS is not supported in the ACL\n"); return LAS_EVAL_INVALID; } @@ -436,7 +436,7 @@ PList_t global_auth) { slapi_log_error(SLAPI_LOG_FATAL, plugin_name, - "Group LAS is not supported in the ACL\n",0,0,0); + "Group LAS is not supported in the ACL\n"); return LAS_EVAL_INVALID; } @@ -542,7 +542,7 @@ char ebuf[ BUFSIZ ]; slapi_log_error(SLAPI_LOG_FATAL, plugin_name, "DS_LASUserDnEval:Syntax error(%s)\n", - escape_string_with_punctuation( user, ebuf ), 0,0); + escape_string_with_punctuation( user, ebuf )); return LAS_EVAL_FAIL; } @@ -671,7 +671,7 @@ if (rc == ACL_ERR) { slapi_log_error( SLAPI_LOG_ACL, plugin_name, "DS_LASUserDnEval:Error in matching patteren(%s)\n", - user,0,0); + user); } slapi_filter_free(f,1); } else { @@ -793,7 +793,7 @@ char ebuf[ BUFSIZ ]; slapi_log_error(SLAPI_LOG_FATAL, plugin_name, "DS_LASGroupDnEval:Syntax error(%s)\n", - escape_string_with_punctuation( groupName, ebuf ),0,0); + escape_string_with_punctuation( groupName, ebuf )); } /* Now we have the starting point of the "groupdn" */ @@ -1013,7 +1013,7 @@ char ebuf[ BUFSIZ ]; slapi_log_error(SLAPI_LOG_FATAL, plugin_name, "DS_LASRoleDnEval:Syntax error(%s)\n", - escape_string_with_punctuation( role, ebuf ),0,0); + escape_string_with_punctuation( role, ebuf )); } /* Now we have the starting point of the "roledn" */ @@ -1244,7 +1244,7 @@ return LAS_EVAL_FAIL; } - slapi_log_error( SLAPI_LOG_ACL, plugin_name,"Attr:%s\n" , attrName, 0,0); + slapi_log_error( SLAPI_LOG_ACL, plugin_name,"Attr:%s\n" , attrName); matched = ACL_FALSE; for (i=0; i < numOflevels; i++) { if ( levels[i] == 0 ) { @@ -1602,7 +1602,7 @@ */ if ( (u_group = aclg_get_usersGroup ( aclpb , clientDN )) == NULL) { slapi_log_error( SLAPI_LOG_ACL, plugin_name, - "Failed to find/allocate a usergroup--aborting evaluation\n", 0, 0); + "Failed to find/allocate a usergroup--aborting evaluation\n"); return(ACL_DONT_KNOW); } @@ -1748,7 +1748,7 @@ if ((nesting_level > max_nestlevel)) { slapi_log_error( SLAPI_LOG_ACL, plugin_name, "GroupEval:Member not found within the allowed nesting level (Allowed:%d Looked at:%d)\n", - max_nestlevel, nesting_level, 0); + max_nestlevel, nesting_level); result = ACL_DONT_KNOW; /* don't try to cache info based on this result */ goto free_and_return; @@ -1759,7 +1759,7 @@ max_memberlimit != -1 ) { slapi_log_error( SLAPI_LOG_ACL, plugin_name, "GroupEval:Looked at too many entries:(%d, %d)\n", - info.c_idx, info.lu_idx,0); + info.c_idx, info.lu_idx); result = ACL_DONT_KNOW; /* don't try to cache info based on this result */ goto free_and_return; } @@ -2203,7 +2203,7 @@ LDAP_UTF8DEC(ptr); } - slapi_log_error( SLAPI_LOG_ACL, plugin_name,"Attr:%s\n" , attrName, 0,0); + slapi_log_error( SLAPI_LOG_ACL, plugin_name,"Attr:%s\n" , attrName); /* See if we have a parent[2].attr" rule */ if ( (ptr = strstr(attrName, "parent[")) != NULL) { @@ -2229,7 +2229,7 @@ */ slapi_log_error( SLAPI_LOG_FATAL, plugin_name, "DS_LASGroupDnattr: Exceeded the ATTR LIMIT:%d: Ignoring extra levels\n", - ACLLAS_MAX_LEVELS,0,0); + ACLLAS_MAX_LEVELS); } } else { /* Must be the attr name. We can goof of by @@ -2445,7 +2445,7 @@ if ( (u_group = aclg_get_usersGroup ( aclpb , n_clientdn )) == NULL) { slapi_log_error( SLAPI_LOG_ACL, plugin_name, - "Failed to find/allocate a usergroup--aborting evaluation\n", 0, 0); + "Failed to find/allocate a usergroup--aborting evaluation\n"); slapi_ch_free ( (void **)&s_str ); return(ACL_DONT_KNOW); } @@ -2544,7 +2544,7 @@ if (tt == info.lu_idx) { slapi_log_error( SLAPI_LOG_ACL, plugin_name, "currDn:(%s) \n\tNO MEMBER ADDED\n", - ACL_ESCAPE_STRING_WITH_PUNCTUATION (curMemberDn, ebuf) , 0,0); + ACL_ESCAPE_STRING_WITH_PUNCTUATION (curMemberDn, ebuf)); } else { for (i=tt; i < info.lu_idx; i++) slapi_log_error( SLAPI_LOG_ACL, plugin_name, @@ -2597,7 +2597,7 @@ for (j=0; j < u_group->aclug_numof_member_group; j++) slapi_log_error( SLAPI_LOG_ACL, plugin_name, "acllas__eval_memberGroupDnAttr:GROUP[%d] IN CACHE:%s\n", - j, ACL_ESCAPE_STRING_WITH_PUNCTUATION (u_group->aclug_member_groups[j], ebuf),0); + j, ACL_ESCAPE_STRING_WITH_PUNCTUATION (u_group->aclug_member_groups[j], ebuf)); matched = ACL_FALSE; slapi_entry_attr_find( e, groupattr, &attr); @@ -3060,7 +3060,7 @@ if ( NULL == aclpb->aclpb_client_entry ) { slapi_log_error ( SLAPI_LOG_ACL, plugin_name, - "DS_LASUserAttrEval: Unable to get client's entry\n",0,0,0); + "DS_LASUserAttrEval: Unable to get client's entry\n"); return ACL_FALSE; } @@ -3224,7 +3224,7 @@ (void **)&linfo->authType, NULL)) < 0) { acl_print_acllib_err(errp, NULL); slapi_log_error( SLAPI_LOG_ACL, plugin_name, - "%s:Unable to get the auth type(%d)\n", rc); + "%s:Unable to get the auth type(%d)\n", lasName, rc); return LAS_EVAL_FAIL; } return 0; @@ -3273,7 +3273,7 @@ if ( NULL == aclpb->aclpb_client_entry ) { slapi_log_error ( SLAPI_LOG_ACL, plugin_name, - "acllas__user_has_role: Unable to get client's entry\n",0,0,0); + "acllas__user_has_role: Unable to get client's entry\n"); return ACL_FALSE; } Index: aclparse.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/plugins/acl/aclparse.c,v retrieving revision 1.12 retrieving revision 1.13 diff -u -r1.12 -r1.13 --- aclparse.c 8 Oct 2008 17:29:01 -0000 1.12 +++ aclparse.c 5 Dec 2008 22:41:50 -0000 1.13 @@ -394,8 +394,7 @@ if (aci_item->target) { /* There is something already. ERROR */ slapi_log_error(SLAPI_LOG_ACL, plugin_name, - "Multiple targets in the ACL syntax\n", - 0,0,0); + "Multiple targets in the ACL syntax\n"); slapi_filter_free(f, 1); return(ACL_SYNTAX_ERR); } else { @@ -404,8 +403,7 @@ } else if ( type & ACI_TARGET_FILTER) { if (aci_item->targetFilter) { slapi_log_error(SLAPI_LOG_ACL, plugin_name, - "Multiple target Filters in the ACL Syntax\n", - 0,0,0); + "Multiple target Filters in the ACL Syntax\n"); slapi_filter_free(f, 1); return(ACL_SYNTAX_ERR); } else { @@ -418,7 +416,7 @@ slapi_log_error(SLAPI_LOG_ACL, plugin_name, "Unknown keyword at \"%s\"\n Expecting" " \"target\", \"targetattr\", \"targetfilter\", \"targattrfilters\"" - " or \"version\"\n", str, 0, 0); + " or \"version\"\n", str); return(ACL_SYNTAX_ERR); }/* switch() */ @@ -491,7 +489,7 @@ if ((newstr = __aclp__normalize_acltxt (aci_item, str )) == NULL) { return ACL_SYNTAX_ERR; } - slapi_log_error(SLAPI_LOG_ACL, plugin_name, "Normalized String:%s\n", newstr, 0,0); + slapi_log_error(SLAPI_LOG_ACL, plugin_name, "Normalized String:%s\n", newstr); /* check for acl syntax error */ if ((handle = (ACLListHandle_t *) ACL_ParseString(&errp, @@ -1313,7 +1311,7 @@ if (f == NULL) { slapi_log_error(SLAPI_LOG_FATAL, plugin_name, - "__aclp__init_targetattr:Unable to generate filter (%s)\n", lineptr,0,0); + "__aclp__init_targetattr:Unable to generate filter (%s)\n", lineptr); } else { attr->u.attr_filter = f; } @@ -1882,7 +1880,7 @@ /* No :, syntax error */ slapi_log_error(SLAPI_LOG_ACL, plugin_name, "Bad targetattrfilter %s:%s\n", - str,"Expecting \":\"",0); + str,"Expecting \":\""); return(ACL_SYNTAX_ERR); } @@ -1895,8 +1893,7 @@ if ( *s == '\0' ) { slapi_log_error(SLAPI_LOG_ACL, plugin_name, - "No attribute name in targattrfilters\n", - 0,0); + "No attribute name in targattrfilters\n"); return(ACL_SYNTAX_ERR); } @@ -1914,7 +1911,7 @@ if ((f = slapi_str2filter(tmp_ptr)) == NULL) { slapi_log_error(SLAPI_LOG_ACL, plugin_name, "Bad targetattr filter for attribute %s:%s\n", - attrfilter->attr_str,tmp_ptr,0); + attrfilter->attr_str,tmp_ptr); slapi_ch_free( (void **) &attrfilter->attr_str); slapi_ch_free( (void **) &tmp_ptr); return(ACL_SYNTAX_ERR); @@ -1929,7 +1926,7 @@ SLAPI_FILTER_SCAN_NOMORE) { slapi_log_error(SLAPI_LOG_ACL, plugin_name, "Exactly one attribute type per filter allowed in targattrfilters (%s)\n", - attrfilter->attr_str, 0); + attrfilter->attr_str); slapi_ch_free( (void **) &attrfilter->attr_str); slapi_ch_free( (void **) &tmp_ptr); slapi_filter_free( f, 1 ); Index: aclplugin.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/plugins/acl/aclplugin.c,v retrieving revision 1.5 retrieving revision 1.6 diff -u -r1.5 -r1.6 --- aclplugin.c 10 Nov 2006 23:44:49 -0000 1.5 +++ aclplugin.c 5 Dec 2008 22:41:50 -0000 1.6 @@ -125,7 +125,7 @@ #endif - slapi_log_error( SLAPI_LOG_PLUGIN, plugin_name, "<= acl_preop_Init %d\n", rc, 0, 0 ); + slapi_log_error( SLAPI_LOG_PLUGIN, plugin_name, "<= acl_preop_Init %d\n", rc ); return( rc ); } @@ -299,7 +299,7 @@ { int rc =0; - slapi_log_error( SLAPI_LOG_PLUGIN, plugin_name, "=> acl_init\n", 0, 0, 0 ); + slapi_log_error( SLAPI_LOG_PLUGIN, plugin_name, "=> acl_init\n" ); if ( 0 != acl_init_ext() ) { slapi_log_error ( SLAPI_LOG_FATAL, plugin_name, @@ -326,7 +326,7 @@ rc |= slapi_pblock_set( pb, SLAPI_PLUGIN_ACL_MODS_UPDATE, (void *) acl_modified ); - slapi_log_error( SLAPI_LOG_PLUGIN, plugin_name, "<= acl_init %d\n", rc, 0, 0 ); + slapi_log_error( SLAPI_LOG_PLUGIN, plugin_name, "<= acl_init %d\n", rc); return( rc ); } Index: aclutil.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/plugins/acl/aclutil.c,v retrieving revision 1.9 retrieving revision 1.10 diff -u -r1.9 -r1.10 --- aclutil.c 8 Oct 2008 17:29:01 -0000 1.9 +++ aclutil.c 5 Dec 2008 22:41:50 -0000 1.10 @@ -106,7 +106,7 @@ if (msgbuf) slapi_log_error(SLAPI_LOG_ACL, plugin_name,"ACL LIB ERR:(%s)(%s)\n", - msgbuf, str ? str: "NULL",0); + msgbuf, str ? str: "NULL"); } void aclutil_print_aci (aci_t *aci_item, char *type) @@ -120,7 +120,7 @@ if (!aci_item) { slapi_log_error (SLAPI_LOG_ACL, plugin_name, - "acl__print_aci: Null item\n",0,0,0); + "acl__print_aci: Null item\n"); return; } @@ -463,21 +463,21 @@ if ( ! slapi_is_loglevel_set ( SLAPI_LOG_ACL ) ) return; - slapi_log_error (SLAPI_LOG_ACL, plugin_name, " ************ RESOURCE INFO STARTS *********\n",0,0,0); + slapi_log_error (SLAPI_LOG_ACL, plugin_name, " ************ RESOURCE INFO STARTS *********\n"); slapi_log_error (SLAPI_LOG_ACL, plugin_name, " Client DN: %s\n", - clientdn ? escape_string_with_punctuation (clientdn, str) : "NULL", 0,0); + clientdn ? escape_string_with_punctuation (clientdn, str) : "NULL"); aclutil__access_str (aclpb->aclpb_access, str); aclutil__typestr (aclpb->aclpb_res_type, &str[strlen(str)]); slapi_log_error (SLAPI_LOG_ACL, plugin_name, " resource type:%d(%s)\n", - aclpb->aclpb_res_type, str, 0); + aclpb->aclpb_res_type, str); dn = slapi_sdn_get_dn ( aclpb->aclpb_curr_entry_sdn ); slapi_log_error (SLAPI_LOG_ACL, plugin_name, " Slapi_Entry DN: %s\n", - dn ? escape_string_with_punctuation ( dn , str) : "NULL",0,0); + dn ? escape_string_with_punctuation ( dn , str) : "NULL"); - slapi_log_error (SLAPI_LOG_ACL, plugin_name, " ATTR: %s\n", attr ? attr : "NULL",0,0); - slapi_log_error (SLAPI_LOG_ACL, plugin_name, " rights:%s\n", right ? right: "NULL",0,0); - slapi_log_error (SLAPI_LOG_ACL, plugin_name, " ************ RESOURCE INFO ENDS *********\n",0,0,0); + slapi_log_error (SLAPI_LOG_ACL, plugin_name, " ATTR: %s\n", attr ? attr : "NULL"); + slapi_log_error (SLAPI_LOG_ACL, plugin_name, " rights:%s\n", right ? right: "NULL"); + slapi_log_error (SLAPI_LOG_ACL, plugin_name, " ************ RESOURCE INFO ENDS *********\n"); } /* * The input string contains a rule like From rmeggins at fedoraproject.org Fri Dec 5 22:41:53 2008 From: rmeggins at fedoraproject.org (Richard Allen Megginson) Date: Fri, 5 Dec 2008 22:41:53 +0000 (UTC) Subject: [Fedora-directory-commits] ldapserver/ldap/servers/plugins/dna dna.c, 1.15, 1.16 Message-ID: <20081205224223.3147070100@cvs1.fedora.phx.redhat.com> Author: rmeggins Update of /cvs/dirsec/ldapserver/ldap/servers/plugins/dna In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv13701/ldapserver/ldap/servers/plugins/dna Modified Files: dna.c Log Message: Resolves: bug 454030 Bug Description: Need to address 64-bit compiler warnings - again Reviewed by: nhosoi (Thanks!) Fix Description: This patch cleans up most of the other remaining compiler warnings. I compiled the directory server code with these flags on RHEL5 x86_64: -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic I also enabled argument/format match checking for most of the commonly used varadic functions. Most of the problems I found fell into these categories: 1) Too many or not enough arguments e.g. most everything that uses or did use LDAPDebug had extra 0,0 arguments. If they had been switched to use slapi_log_error, I removed the extra arguments - for those places still using LDAPDebug, I introduced more macros to handle the number of arguments, since C macros cannot be varadic. 2) When using NSPR formatting functions, we have to use %llu or %lld for 64-bit values, even on 64-bit systems. However, for regular system formatting functions, we have to use %ld or %lu. I introduced two new macros NSPRIu64 and NSPRI64 to handle cases where we are passing explicit 64-bit values to NSPR formatting functions, so that we can use the regular PRIu64 and PRI64 macros for regular system formatting functions. I also made sure we used NSPRI* only with NSPR functions, and used PRI* only with system functions. 3) use %lu for size_t and %ld for time_t I did find a few "real" errors, places that the code was doing something definitely not right: https://bugzilla.redhat.com/attachment.cgi?id=325774&action=diff#ldapserver/ldap/servers/plugins/acl/aclinit.c_sec4 https://bugzilla.redhat.com/attachment.cgi?id=325774&action=diff#ldapserver/ldap/servers/plugins/acl/acllas.c_sec17 https://bugzilla.redhat.com/attachment.cgi?id=325774&action=diff#ldapserver/ldap/servers/plugins/http/http_impl.c_sec1 https://bugzilla.redhat.com/attachment.cgi?id=325774&action=diff#ldapserver/ldap/servers/plugins/memberof/memberof.c_sec1 https://bugzilla.redhat.com/attachment.cgi?id=325774&action=diff#ldapserver/ldap/servers/plugins/pam_passthru/pam_ptimpl.c_sec1 https://bugzilla.redhat.com/attachment.cgi?id=325774&action=diff#ldapserver/ldap/servers/plugins/replication/cl5_api.c_sec5 https://bugzilla.redhat.com/attachment.cgi?id=325774&action=diff#ldapserver/ldap/servers/plugins/replication/cl5_clcache.c_sec2 https://bugzilla.redhat.com/attachment.cgi?id=325774&action=diff#ldapserver/ldap/servers/plugins/replication/replutil.c_sec1 https://bugzilla.redhat.com/attachment.cgi?id=325774&action=diff#ldapserver/ldap/servers/slapd/libglobs.c_sec1 https://bugzilla.redhat.com/attachment.cgi?id=325774&action=diff#ldapserver/ldap/servers/slapd/back-ldbm/dbverify.c_sec2 https://bugzilla.redhat.com/attachment.cgi?id=325774&action=diff#ldapserver/ldap/servers/slapd/back-ldbm/ldif2ldbm.c_sec3 This is why it's important to use this compiler checking, and why it's important to fix compiler warnings, if for no other reason than the sheer noise from so many warnings can mask real errors. Platforms tested: RHEL5 Flag Day: no Doc impact: no Index: dna.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/plugins/dna/dna.c,v retrieving revision 1.15 retrieving revision 1.16 diff -u -r1.15 -r1.16 --- dna.c 10 Nov 2008 16:01:05 -0000 1.15 +++ dna.c 5 Dec 2008 22:41:50 -0000 1.16 @@ -59,14 +59,6 @@ #ifdef HAVE_INTTYPES_H #include -/* NSPR uses the print macros a bit differently than ANSI C. We - * need to use ll for a 64-bit integer, even when a long is 64-bit. - */ -#undef PRIu64 -#define PRIu64 "llu" -#undef PRI64 -#define PRI64 "ll" - #else #error Need to define portable format macros such as PRIu64 #endif /* HAVE_INTTYPES_H */ @@ -703,7 +695,7 @@ } slapi_log_error(SLAPI_LOG_CONFIG, DNA_PLUGIN_SUBSYSTEM, - "----------> dn [%s]\n", entry->dn, 0, 0); + "----------> dn [%s]\n", entry->dn); value = slapi_entry_attr_get_charptr(e, DNA_TYPE); if (value) { @@ -718,7 +710,7 @@ } slapi_log_error(SLAPI_LOG_CONFIG, DNA_PLUGIN_SUBSYSTEM, - "----------> %s [%s]\n", DNA_TYPE, entry->type, 0, 0); + "----------> %s [%s]\n", DNA_TYPE, entry->type); value = slapi_entry_attr_get_charptr(e, DNA_NEXTVAL); if (value) { @@ -734,8 +726,7 @@ } slapi_log_error(SLAPI_LOG_CONFIG, DNA_PLUGIN_SUBSYSTEM, - "----------> %s [%" PRIu64 "]\n", DNA_NEXTVAL, entry->nextval, 0, - 0); + "----------> %s [%" NSPRIu64 "]\n", DNA_NEXTVAL, entry->nextval); value = slapi_entry_attr_get_charptr(e, DNA_PREFIX); if (value && value[0]) { @@ -749,7 +740,7 @@ } slapi_log_error(SLAPI_LOG_CONFIG, DNA_PLUGIN_SUBSYSTEM, - "----------> %s [%s]\n", DNA_PREFIX, entry->prefix, 0, 0); + "----------> %s [%s]\n", DNA_PREFIX, entry->prefix); /* Set the default interval to 1 */ entry->interval = 1; @@ -762,7 +753,7 @@ } slapi_log_error(SLAPI_LOG_CONFIG, DNA_PLUGIN_SUBSYSTEM, - "----------> %s [%" PRIu64 "]\n", DNA_INTERVAL, entry->interval, 0, 0); + "----------> %s [%" NSPRIu64 "]\n", DNA_INTERVAL, entry->interval); #endif value = slapi_entry_attr_get_charptr(e, DNA_GENERATE); @@ -771,8 +762,7 @@ } slapi_log_error(SLAPI_LOG_CONFIG, DNA_PLUGIN_SUBSYSTEM, - "----------> %s [%s]\n", DNA_GENERATE, entry->generate, - 0, 0); + "----------> %s [%s]\n", DNA_GENERATE, entry->generate); value = slapi_entry_attr_get_charptr(e, DNA_FILTER); if (value) { @@ -794,7 +784,7 @@ } slapi_log_error(SLAPI_LOG_CONFIG, DNA_PLUGIN_SUBSYSTEM, - "----------> %s [%s]\n", DNA_FILTER, value, 0, 0); + "----------> %s [%s]\n", DNA_FILTER, value); value = slapi_entry_attr_get_charptr(e, DNA_SCOPE); if (value) { @@ -811,7 +801,7 @@ } slapi_log_error(SLAPI_LOG_CONFIG, DNA_PLUGIN_SUBSYSTEM, - "----------> %s [%s]\n", DNA_SCOPE, entry->scope, 0, 0); + "----------> %s [%s]\n", DNA_SCOPE, entry->scope); /* optional, if not specified set -1 which is converted to the max unisgnee * value */ @@ -824,7 +814,7 @@ } slapi_log_error(SLAPI_LOG_CONFIG, DNA_PLUGIN_SUBSYSTEM, - "----------> %s [%llu]\n", DNA_MAXVAL, entry->maxval, 0, 0); + "----------> %s [%" NSPRIu64 "]\n", DNA_MAXVAL, entry->maxval); value = slapi_entry_attr_get_charptr(e, DNA_SHARED_CFG_DN); if (value) { @@ -862,7 +852,7 @@ slapi_log_error(SLAPI_LOG_CONFIG, DNA_PLUGIN_SUBSYSTEM, "----------> %s [%s]\n", DNA_SHARED_CFG_DN, - entry->shared_cfg_base, 0, 0); + entry->shared_cfg_base); } value = slapi_entry_attr_get_charptr(e, DNA_THRESHOLD); @@ -870,7 +860,7 @@ entry->threshold = strtoull(value, 0, 0); slapi_log_error(SLAPI_LOG_CONFIG, DNA_PLUGIN_SUBSYSTEM, - "----------> %s [%" PRIu64 "]\n", DNA_THRESHOLD, value, 0, 0); + "----------> %s [%" NSPRIu64 "]\n", DNA_THRESHOLD, value); slapi_ch_free_string(&value); } else { @@ -878,7 +868,7 @@ } slapi_log_error(SLAPI_LOG_CONFIG, DNA_PLUGIN_SUBSYSTEM, - "----------> %s [%llu]\n", DNA_THRESHOLD, entry->threshold, 0, 0); + "----------> %s [%" NSPRIu64 "]\n", DNA_THRESHOLD, entry->threshold); value = slapi_entry_attr_get_charptr(e, DNA_RANGE_REQUEST_TIMEOUT); if (value) { @@ -889,8 +879,8 @@ } slapi_log_error(SLAPI_LOG_CONFIG, DNA_PLUGIN_SUBSYSTEM, - "----------> %s [%llu]\n", DNA_RANGE_REQUEST_TIMEOUT, - entry->timeout, 0, 0); + "----------> %s [%" NSPRIu64 "]\n", DNA_RANGE_REQUEST_TIMEOUT, + entry->timeout); value = slapi_entry_attr_get_charptr(e, DNA_NEXT_RANGE); if (value) { @@ -995,7 +985,7 @@ slapi_log_error(SLAPI_LOG_CONFIG, DNA_PLUGIN_SUBSYSTEM, "store [%s] before [%s] \n", entry->scope, - config_entry->scope, 0); + config_entry->scope); entry_added = 1; break; } @@ -1007,8 +997,7 @@ /* add to tail */ PR_INSERT_BEFORE(&(entry->list), list); slapi_log_error(SLAPI_LOG_CONFIG, DNA_PLUGIN_SUBSYSTEM, - "store [%s] at tail\n", entry->scope, 0, - 0); + "store [%s] at tail\n", entry->scope); entry_added = 1; break; } @@ -1017,7 +1006,7 @@ /* first entry */ PR_INSERT_LINK(&(entry->list), dna_global_config); slapi_log_error(SLAPI_LOG_CONFIG, DNA_PLUGIN_SUBSYSTEM, - "store [%s] at head \n", entry->scope, 0, 0); + "store [%s] at head \n", entry->scope); entry_added = 1; } @@ -1027,7 +1016,7 @@ if ((apply != 0) && (entry != NULL)) { slapi_log_error(SLAPI_LOG_FATAL, DNA_PLUGIN_SUBSYSTEM, "dna_parse_config_entry: Invalid config entry " - "[%s] skipped\n", entry->dn, 0, 0); + "[%s] skipped\n", entry->dn); } dna_free_config_entry(&entry); } else { @@ -1050,7 +1039,7 @@ if (e->dn) { slapi_log_error(SLAPI_LOG_CONFIG, DNA_PLUGIN_SUBSYSTEM, - "freeing config entry [%s]\n", e->dn, 0, 0); + "freeing config entry [%s]\n", e->dn); slapi_ch_free_string(&e->dn); } @@ -1355,8 +1344,8 @@ * don't need to do this if we already have a next range on deck. */ if ((config_entry->next_range_lower == 0) && (config_entry->remaining <= config_entry->threshold)) { slapi_log_error(SLAPI_LOG_FATAL, DNA_PLUGIN_SUBSYSTEM, - "dna_notice_allocation: Passed threshold of %" PRIu64 " remaining values " - "for range %s. (%" PRIu64 " values remain)\n", + "dna_notice_allocation: Passed threshold of %" NSPRIu64 " remaining values " + "for range %s. (%" NSPRIu64 " values remain)\n", config_entry->threshold, config_entry->dn, config_entry->remaining); /* Only attempt to fix maxval if the fix flag is set. */ if (fix != 0) { @@ -1784,7 +1773,7 @@ if (prefix) { /* The 7 below is for all of the filter characters "(&(=))" * plus the trailing \0. The 20 is for the maximum string - * representation of a " PRIu64 ". */ + * representation of a " NSPRIu64 ". */ filterlen = strlen(config_entry->filter) + strlen(prefix) + strlen(type) + 7 + 20; @@ -1802,7 +1791,7 @@ return LDAP_OPERATIONS_ERROR; } - filter = slapi_ch_smprintf("(&%s(&(%s>=%" PRIu64 ")(%s<=%" PRIu64 ")))", + filter = slapi_ch_smprintf("(&%s(&(%s>=%" NSPRIu64 ")(%s<=%" NSPRIu64 ")))", config_entry->filter, type, tmpval, type, config_entry->maxval); @@ -1985,7 +1974,7 @@ * of our current range */ if (nextval <= (config_entry->maxval + config_entry->interval)) { /* try to set the new next value in the config entry */ - snprintf(next_value, sizeof(next_value),"%" PRIu64, nextval); + PR_snprintf(next_value, sizeof(next_value),"%" NSPRIu64, nextval); /* set up our replace modify operation */ replace_val[0] = next_value; @@ -2015,7 +2004,7 @@ if (LDAP_SUCCESS == ret) { slapi_ch_free_string(next_value_ret); - *next_value_ret = slapi_ch_smprintf("%" PRIu64, setval); + *next_value_ret = slapi_ch_smprintf("%" NSPRIu64, setval); if (NULL == *next_value_ret) { ret = LDAP_OPERATIONS_ERROR; goto done; @@ -2062,7 +2051,7 @@ /* We store the number of remaining assigned values * in the shared config entry. */ - snprintf(remaining_vals, sizeof(remaining_vals),"%" PRIu64, config_entry->remaining); + PR_snprintf(remaining_vals, sizeof(remaining_vals),"%" NSPRIu64, config_entry->remaining); /* set up our replace modify operation */ replace_val[0] = remaining_vals; @@ -2147,7 +2136,7 @@ int ret = 0; /* Try to set the new next range in the config entry. */ - snprintf(nextrange_value, sizeof(nextrange_value), "%" PRIu64 "-%" PRIu64, + PR_snprintf(nextrange_value, sizeof(nextrange_value), "%" NSPRIu64 "-%" NSPRIu64, lower, upper); /* set up our replace modify operation */ @@ -2216,8 +2205,8 @@ int ret = 0; /* Setup the modify operation for the config entry */ - snprintf(maxval_val, sizeof(maxval_val),"%" PRIu64, config_entry->next_range_upper); - snprintf(nextval_val, sizeof(nextval_val),"%" PRIu64, config_entry->next_range_lower); + PR_snprintf(maxval_val, sizeof(maxval_val),"%" NSPRIu64, config_entry->next_range_upper); + PR_snprintf(nextval_val, sizeof(nextval_val),"%" NSPRIu64, config_entry->next_range_lower); maxval_vals[0] = maxval_val; maxval_vals[1] = 0; @@ -2855,8 +2844,8 @@ char highstr[16]; /* Create the exop response */ - snprintf(lowstr, sizeof(lowstr), "%" PRIu64, lower); - snprintf(highstr, sizeof(highstr), "%" PRIu64, upper); + PR_snprintf(lowstr, sizeof(lowstr), "%" NSPRIu64, lower); + PR_snprintf(highstr, sizeof(highstr), "%" NSPRIu64, upper); range_low.bv_val = lowstr; range_low.bv_len = strlen(range_low.bv_val); range_high.bv_val = highstr; @@ -2889,7 +2878,7 @@ ber_bvfree(respdata); slapi_log_error(SLAPI_LOG_PLUGIN, DNA_PLUGIN_SUBSYSTEM, - "dna_extend_exop: Released range %" PRIu64 "-%" PRIu64 ".\n", + "dna_extend_exop: Released range %" NSPRIu64 "-%" NSPRIu64 ".\n", lower, upper); } @@ -3031,7 +3020,7 @@ *lower = *upper - release + 1; /* try to set the new maxval in the config entry */ - snprintf(max_value, sizeof(max_value),"%" PRIu64, (*lower - 1)); + PR_snprintf(max_value, sizeof(max_value),"%" NSPRIu64, (*lower - 1)); /* set up our replace modify operation */ replace_val[0] = max_value; From rmeggins at fedoraproject.org Fri Dec 5 23:46:27 2008 From: rmeggins at fedoraproject.org (Richard Allen Megginson) Date: Fri, 5 Dec 2008 23:46:27 +0000 (UTC) Subject: [Fedora-directory-commits] directoryconsole/src/com/netscape/admin/dirserv/panel SchemaObjectClassesPanel.java, 1.2, 1.3 Message-ID: <20081205234627.9D08170124@cvs1.fedora.phx.redhat.com> Author: rmeggins Update of /cvs/dirsec/directoryconsole/src/com/netscape/admin/dirserv/panel In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv25087/directoryconsole/src/com/netscape/admin/dirserv/panel Modified Files: SchemaObjectClassesPanel.java Log Message: Resolves: bug 234948 Bug Description: Console hangs when adding a custom entry and schema items are in certain order Reviewed by: nkinder (Thanks!) Fix Description: The problem is primarily due to https://bugzilla.redhat.com/show_bug.cgi?id=170791 "Schema file parsing overly picky?" - the console schema editor expects an objectclass to always have at least 1 superior. The bug causes SUP not to be present in the schema entry in the directory server. The fix is to use a schema helper function to make sure the list of superior objectclasses always contains at least "top". I also added a check for a null value to avoid the NullPointerException console error. Platforms tested: RHEL5 Flag Day: no Doc impact: no Index: SchemaObjectClassesPanel.java =================================================================== RCS file: /cvs/dirsec/directoryconsole/src/com/netscape/admin/dirserv/panel/SchemaObjectClassesPanel.java,v retrieving revision 1.2 retrieving revision 1.3 diff -u -r1.2 -r1.3 --- SchemaObjectClassesPanel.java 13 Jan 2006 22:53:13 -0000 1.2 +++ SchemaObjectClassesPanel.java 5 Dec 2008 23:46:25 -0000 1.3 @@ -317,7 +317,7 @@ _currOCEntry = schema.getObjectClass(ocName); enableButtons( !DSUtil.isStandardSchema(_currOCEntry) ); String oid = _currOCEntry.getID(); - String[] superiors = _currOCEntry.getSuperiors(); + String[] superiors = DSSchemaHelper.getSuperiors(_currOCEntry); if (oid.length() == 0) oid = OID_UNKNOWN_STR; From rmeggins at fedoraproject.org Fri Dec 5 23:46:27 2008 From: rmeggins at fedoraproject.org (Richard Allen Megginson) Date: Fri, 5 Dec 2008 23:46:27 +0000 (UTC) Subject: [Fedora-directory-commits] directoryconsole/src/com/netscape/admin/dirserv/attredit ObjectClassAttributeEditor.java, 1.1.1.1, 1.2 Message-ID: <20081205234627.8708E700DA@cvs1.fedora.phx.redhat.com> Author: rmeggins Update of /cvs/dirsec/directoryconsole/src/com/netscape/admin/dirserv/attredit In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv25087/directoryconsole/src/com/netscape/admin/dirserv/attredit Modified Files: ObjectClassAttributeEditor.java Log Message: Resolves: bug 234948 Bug Description: Console hangs when adding a custom entry and schema items are in certain order Reviewed by: nkinder (Thanks!) Fix Description: The problem is primarily due to https://bugzilla.redhat.com/show_bug.cgi?id=170791 "Schema file parsing overly picky?" - the console schema editor expects an objectclass to always have at least 1 superior. The bug causes SUP not to be present in the schema entry in the directory server. The fix is to use a schema helper function to make sure the list of superior objectclasses always contains at least "top". I also added a check for a null value to avoid the NullPointerException console error. Platforms tested: RHEL5 Flag Day: no Doc impact: no Index: ObjectClassAttributeEditor.java =================================================================== RCS file: /cvs/dirsec/directoryconsole/src/com/netscape/admin/dirserv/attredit/ObjectClassAttributeEditor.java,v retrieving revision 1.1.1.1 retrieving revision 1.2 diff -u -r1.1.1.1 -r1.2 --- ObjectClassAttributeEditor.java 18 Jul 2005 00:55:46 -0000 1.1.1.1 +++ ObjectClassAttributeEditor.java 5 Dec 2008 23:46:25 -0000 1.2 @@ -167,7 +167,7 @@ LDAPObjectClassSchema oschema = _schema.getObjectClass( val ); if ( oschema != null ) { - String[] superiors = oschema.getSuperiors(); + String[] superiors = DSSchemaHelper.getSuperiors(oschema); if (superiors != null) { for (int i=0 ; i< superiors.length ; i++) { String superior = superiors[i]; From rmeggins at fedoraproject.org Fri Dec 5 23:46:27 2008 From: rmeggins at fedoraproject.org (Richard Allen Megginson) Date: Fri, 5 Dec 2008 23:46:27 +0000 (UTC) Subject: [Fedora-directory-commits] directoryconsole/src/com/netscape/admin/dirserv DSSchemaHelper.java, 1.1.1.1, 1.2 Message-ID: <20081205234627.7C3C870106@cvs1.fedora.phx.redhat.com> Author: rmeggins Update of /cvs/dirsec/directoryconsole/src/com/netscape/admin/dirserv In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv25087/directoryconsole/src/com/netscape/admin/dirserv Modified Files: DSSchemaHelper.java Log Message: Resolves: bug 234948 Bug Description: Console hangs when adding a custom entry and schema items are in certain order Reviewed by: nkinder (Thanks!) Fix Description: The problem is primarily due to https://bugzilla.redhat.com/show_bug.cgi?id=170791 "Schema file parsing overly picky?" - the console schema editor expects an objectclass to always have at least 1 superior. The bug causes SUP not to be present in the schema entry in the directory server. The fix is to use a schema helper function to make sure the list of superior objectclasses always contains at least "top". I also added a check for a null value to avoid the NullPointerException console error. Platforms tested: RHEL5 Flag Day: no Doc impact: no Index: DSSchemaHelper.java =================================================================== RCS file: /cvs/dirsec/directoryconsole/src/com/netscape/admin/dirserv/DSSchemaHelper.java,v retrieving revision 1.1.1.1 retrieving revision 1.2 diff -u -r1.1.1.1 -r1.2 --- DSSchemaHelper.java 18 Jul 2005 00:55:40 -0000 1.1.1.1 +++ DSSchemaHelper.java 5 Dec 2008 23:46:25 -0000 1.2 @@ -110,7 +110,7 @@ String[] superiors; Integer integer; - superiors = oc.getSuperiors(); + superiors = getSuperiors(oc); if (superiors != null) { int i; for (i=0; i Author: rmeggins Update of /cvs/dirsec/directoryconsole/src/com/netscape/admin/dirserv/propedit In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv25087/directoryconsole/src/com/netscape/admin/dirserv/propedit Modified Files: DSEntryPanel.java Log Message: Resolves: bug 234948 Bug Description: Console hangs when adding a custom entry and schema items are in certain order Reviewed by: nkinder (Thanks!) Fix Description: The problem is primarily due to https://bugzilla.redhat.com/show_bug.cgi?id=170791 "Schema file parsing overly picky?" - the console schema editor expects an objectclass to always have at least 1 superior. The bug causes SUP not to be present in the schema entry in the directory server. The fix is to use a schema helper function to make sure the list of superior objectclasses always contains at least "top". I also added a check for a null value to avoid the NullPointerException console error. Platforms tested: RHEL5 Flag Day: no Doc impact: no Index: DSEntryPanel.java =================================================================== RCS file: /cvs/dirsec/directoryconsole/src/com/netscape/admin/dirserv/propedit/DSEntryPanel.java,v retrieving revision 1.1.1.1 retrieving revision 1.2 diff -u -r1.1.1.1 -r1.2 --- DSEntryPanel.java 18 Jul 2005 00:56:14 -0000 1.1.1.1 +++ DSEntryPanel.java 5 Dec 2008 23:46:25 -0000 1.2 @@ -1647,14 +1647,16 @@ /* Enable/Disable the checkbox for showing attributes with values: if the entry is an extensible object we don't allow to show all the values */ IAttributeEditor ed = (IAttributeEditor)_visible.get(OBJECTCLASS); - Vector v = ed.getValues(); - if (v != null) { - for (int i=0; i< v.size(); i++) { - if (((String)v.elementAt(i)).equalsIgnoreCase(EXTENSIBLEOBJECT)) { - _cbAllowedAttributes.setEnabled(false); - break; - } - } + if (ed != null) { + Vector v = ed.getValues(); + if (v != null) { + for (int i=0; i< v.size(); i++) { + if (((String)v.elementAt(i)).equalsIgnoreCase(EXTENSIBLEOBJECT)) { + _cbAllowedAttributes.setEnabled(false); + break; + } + } + } } _cbShowDN = UIFactory.makeJCheckBox(this, _section, "cbshowdn", _dnLabel.isVisible(), _resource); From nhosoi at fedoraproject.org Fri Dec 5 23:57:51 2008 From: nhosoi at fedoraproject.org (Noriko Hosoi) Date: Fri, 5 Dec 2008 23:57:51 +0000 (UTC) Subject: [Fedora-directory-commits] ldapserver/ldap/servers/plugins/syntaxes bin.c, 1.5, 1.6 Message-ID: <20081205235751.B1D1A700DB@cvs1.fedora.phx.redhat.com> Author: nhosoi Update of /cvs/dirsec/ldapserver/ldap/servers/plugins/syntaxes In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv28241 Modified Files: bin.c Log Message: Resolves: 459433 Summray: MMR: intensive conflict test crashes the server Description: values2keys functions in the syntax plugin did not check the existence of the input and output variable. Index: bin.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/plugins/syntaxes/bin.c,v retrieving revision 1.5 retrieving revision 1.6 diff -u -r1.5 -r1.6 --- bin.c 10 Nov 2006 23:45:31 -0000 1.5 +++ bin.c 5 Dec 2008 23:57:49 -0000 1.6 @@ -186,6 +186,14 @@ { int i; + if (NULL == ivals) { + return 1; + } + *ivals = NULL; + if (NULL == bvals) { + return 1; + } + if ( ftype != LDAP_FILTER_EQUALITY ) { return( LDAP_PROTOCOL_ERROR ); } From nhosoi at fedoraproject.org Fri Dec 5 23:57:16 2008 From: nhosoi at fedoraproject.org (Noriko Hosoi) Date: Fri, 5 Dec 2008 23:57:16 +0000 (UTC) Subject: [Fedora-directory-commits] ldapserver/ldap/servers/plugins/syntaxes string.c, 1.16, 1.17 Message-ID: <20081205235716.C5E91700DB@cvs1.fedora.phx.redhat.com> Author: nhosoi Update of /cvs/dirsec/ldapserver/ldap/servers/plugins/syntaxes In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv27877 Modified Files: string.c Log Message: Resolves: 459433 Summray: MMR: intensive conflict test crashes the server Description: values2keys functions in the syntax plugin did not check the existence of the input and output variable. Index: string.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/plugins/syntaxes/string.c,v retrieving revision 1.16 retrieving revision 1.17 diff -u -r1.16 -r1.17 --- string.c 15 Oct 2008 06:30:02 -0000 1.16 +++ string.c 5 Dec 2008 23:57:14 -0000 1.17 @@ -357,9 +357,12 @@ Slapi_Value **bvlp; char *w, *c, *p; + if (NULL == ivals) { + return 1; + } + *ivals = NULL; if (NULL == bvals) { - *ivals = NULL; - return 0; + return 1; } switch ( ftype ) { @@ -435,7 +438,7 @@ * nsSubStrEnd: 2 * [...] * - * By default, begin == 2, middle == 3, end == 2 (defined in syntax.h) + * By default, begin == 3, middle == 3, end == 3 (defined in syntax.h) */ /* If nsSubStrLen is specified in each index entry, From nhosoi at fedoraproject.org Sat Dec 6 00:04:01 2008 From: nhosoi at fedoraproject.org (Noriko Hosoi) Date: Sat, 6 Dec 2008 00:04:01 +0000 (UTC) Subject: [Fedora-directory-commits] ldapserver/ldap/servers/slapd/back-ldbm back-ldbm.h, 1.19, 1.20 Message-ID: <20081206000401.BE73F7011A@cvs1.fedora.phx.redhat.com> Author: nhosoi Update of /cvs/dirsec/ldapserver/ldap/servers/slapd/back-ldbm In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv28711 Modified Files: back-ldbm.h Log Message: Resolves: #447353 Summary: RFE: search optimization and single character substring searches (comment #20) Description: update the comments to adjust to the program. Index: back-ldbm.h =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/back-ldbm/back-ldbm.h,v retrieving revision 1.19 retrieving revision 1.20 diff -u -r1.19 -r1.20 --- back-ldbm.h 24 Oct 2008 22:36:59 -0000 1.19 +++ back-ldbm.h 6 Dec 2008 00:03:59 -0000 1.20 @@ -362,24 +362,36 @@ typedef struct attrcrypt_private attrcrypt_private; /* - * Special attribute for an index entry - * Usage: turn an index object to extensibleobject and - * set an integer value for each - * dn: cn=sn, cn=index, cn=userRoot, cn=ldbm database, cn=plugins, cn=config - * objectClass: extensibleObject - * nsSubStrBegin: 2 - * nsSubStrMiddle: 3 - * nsSubStrEnd: 2 - * [...] + * Special attributes for an index entry to change the substring index width. + * By default, substring index width is 3, i.e., search with the filter + * "(cn=abc*)" is an indexed search, but "(cn=ab*)" or "(cn=a*)" isn't. + * There is a big performance gap between the indexed search and the unindexed + * search especially when the database is large. To convert such unindexed + * search to the indexed search to speed up the query, these nsSubStr + * attributes are introduced. + * + * How to use the nsSubStr attributes: + * 1) turn the target index to extensibleobject by adding + * "objectClass: extensibleObject" to the index entry + * 2) set the length to each nsSubStr attribute of the index + * dn: cn=sn, cn=index, cn=userRoot, cn=ldbm database, cn=plugins, cn=config + * objectClass: extensibleObject + * nsSubStrBegin: 2 + * nsSubStrMiddle: 3 + * nsSubStrEnd: 2 + * [...] * - * By default, the minimum key length triplets of substring index is 2, 3, 2. - * The length is changed by setting this nsSubStrLen value. + * By default, the minimum key length triplets of substring index is 3, 3, 3. + * The length is changed by setting the triplets nsSubStrBegin, nsSubStrMiddle, + * nsSubStrEnd, respectively. * * Note: If any of the key length value is modified, the index file needs * to be regenerated. Otherwise, the index file is going to have mixed * key length. * To change the key length, - * 1) stop the server, 2) run db2index -t , 3) start the server. + * 1) stop the server, + * 2) run db2index -t , + * 3) start the server. */ #define INDEX_ATTR_SUBSTRBEGIN "nsSubStrBegin" #define INDEX_ATTR_SUBSTRMIDDLE "nsSubStrMiddle" From rmeggins at fedoraproject.org Tue Dec 9 15:23:49 2008 From: rmeggins at fedoraproject.org (Richard Allen Megginson) Date: Tue, 9 Dec 2008 15:23:49 +0000 (UTC) Subject: [Fedora-directory-commits] mod_admserv mod_admserv.c,1.35,1.36 Message-ID: <20081209152349.30B8570106@cvs1.fedora.phx.redhat.com> Author: rmeggins Update of /cvs/dirsec/mod_admserv In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv15820 Modified Files: mod_admserv.c Log Message: Resolves: bug 474936 Bug Description: configuring config ds to use ldaps forces user/group ds to use ldaps - console hangs Reviewed by: nkinder (Thanks!) Fix Description: The admin server was not putting the port number in the LDAP URL, so the console was attempting to use the secure port from the config ds with ldap://ughost. The console is already able to parse the :port part of the url. Platforms tested: RHEL5 Flag Day: no Doc impact: no Index: mod_admserv.c =================================================================== RCS file: /cvs/dirsec/mod_admserv/mod_admserv.c,v retrieving revision 1.35 retrieving revision 1.36 diff -u -r1.35 -r1.36 --- mod_admserv.c 4 Dec 2008 20:01:45 -0000 1.35 +++ mod_admserv.c 9 Dec 2008 15:23:46 -0000 1.36 @@ -2583,9 +2583,10 @@ ap_set_content_type(r, "text/html"); ap_rprintf(r, "UserDN: %s\n", apr_table_get(r->notes, RQ_NOTES_USERDN)); - ap_rprintf(r, "UserDirectory: ldap%s://%s/%s\n", + ap_rprintf(r, "UserDirectory: ldap%s://%s:%d/%s\n", userGroupServer.secure ? "s" : "", - userGroupServer.host, userGroupServer.baseDN); + userGroupServer.host, userGroupServer.port, + userGroupServer.baseDN); ap_rprintf(r, "ldapHost: %s\n", registryServer.host); ap_rprintf(r, "ldapPort: %d\n", registryServer.port); ap_rprintf(r, "ldapSecurity: %s\n", (registryServer.secure == 1) ? "on" : "off"); From rmeggins at fedoraproject.org Wed Dec 10 02:53:22 2008 From: rmeggins at fedoraproject.org (Richard Allen Megginson) Date: Wed, 10 Dec 2008 02:53:22 +0000 (UTC) Subject: [Fedora-directory-commits] console/src/com/netscape/management/client/ug PickerEditorResource.properties, 1.2, 1.3 ResEditorPosixUser.java, 1.1.1.1, 1.2 Message-ID: <20081210025323.0B5F470122@cvs1.fedora.phx.redhat.com> Author: rmeggins Update of /cvs/dirsec/console/src/com/netscape/management/client/ug In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv9267/console/src/com/netscape/management/client/ug Modified Files: PickerEditorResource.properties ResEditorPosixUser.java Log Message: Resolves: bug 458488 Bug Description: Console doesn't type-check input for schema-defined INTEGER attributes Reviewed by: nhosoi (Thanks!) Fix Description: Fixed for posix uidNumber and gidNumber. Non numeric or negative values will be rejected. If the user specifies an explicit value of 0, a warning dialog will ask if the user really wants to do this. Platforms tested: RHEL5 Flag Day: no Doc impact: yes Index: PickerEditorResource.properties =================================================================== RCS file: /cvs/dirsec/console/src/com/netscape/management/client/ug/PickerEditorResource.properties,v retrieving revision 1.2 retrieving revision 1.3 diff -u -r1.2 -r1.3 --- PickerEditorResource.properties 13 Jun 2007 20:33:11 -0000 1.2 +++ PickerEditorResource.properties 10 Dec 2008 02:53:19 -0000 1.3 @@ -373,7 +373,20 @@ resourceEditor-IncompleteTitle=Incomplete Information resourceEditor-UnableToSaveRDNEntryText=Changes cannot be saved for entries with multi-valued RDNs resourceEditor-navigator_tt=List of views for navigation of this dialog - +resourceEditor-UidNotANumberTitle=uidNumber Must Be A Number +resourceEditor-UidNotANumberText=The uidNumber field must have a numeric value. +resourceEditor-GidNotANumberTitle=gidNumber Must Be A Number +resourceEditor-GidNotANumberText=The gidNumber field must have a numeric value. +resourceEditor-UidNotValidTitle=uidNumber Value Not Valid +resourceEditor-UidNotValidText=The uidNumber field does not have a valid value. +resourceEditor-GidNotValidTitle=gidNumber Value Not Valid +resourceEditor-GidNotValidText=The gidNumber field does not have a valid value. +resourceEditor-yesButton=Yes +resourceEditor-noButton=No +resourceEditor-errorText1=The value 0 is for privileged users only. +resourceEditor-errorText2=Assigning this value to a user will give this user privileged access. +resourceEditor-errorText3=Do you really want to use this value? +resourceEditor-errorTitle=Value Warning CALPage-displayName=Licenses CALPage-ID=Licenses CALPage-Title=To facilitate tracking of all Client Access Licenses (CAL), please indicate whether Index: ResEditorPosixUser.java =================================================================== RCS file: /cvs/dirsec/console/src/com/netscape/management/client/ug/ResEditorPosixUser.java,v retrieving revision 1.1.1.1 retrieving revision 1.2 diff -u -r1.1.1.1 -r1.2 --- ResEditorPosixUser.java 18 Jul 2005 00:34:23 -0000 1.1.1.1 +++ ResEditorPosixUser.java 10 Dec 2008 02:53:19 -0000 1.2 @@ -490,14 +490,84 @@ * @return true if all required information has been provided; false otherwise */ public boolean isComplete() { - if (_cbEnable.isSelected() && - ((_tfUIDNumber.getText().trim().length() == 0)||(_tfGIDNumber.getText().trim().length()==0))) { - SuiOptionPane.showMessageDialog(null, - _resource.getString("resourceEditor", "IncompleteText"), - _resource.getString("resourceEditor", - "IncompleteTitle"), SuiOptionPane.ERROR_MESSAGE); - ModalDialogUtil.sleep(); - return false; + if (_cbEnable.isSelected()) { + if ((_tfUIDNumber.getText().trim().length() == 0)||(_tfGIDNumber.getText().trim().length()==0)) { + SuiOptionPane.showMessageDialog(null, + _resource.getString("resourceEditor", "IncompleteText"), + _resource.getString("resourceEditor", + "IncompleteTitle"), SuiOptionPane.ERROR_MESSAGE); + ModalDialogUtil.sleep(); + return false; + } + int testval; + try { + testval = Integer.parseInt(_tfUIDNumber.getText().trim()); + } catch (NumberFormatException nfe) { + SuiOptionPane.showMessageDialog(null, + _resource.getString("resourceEditor", "UidNotANumberText"), + _resource.getString("resourceEditor", + "UidNotANumberTitle"), SuiOptionPane.ERROR_MESSAGE); + ModalDialogUtil.sleep(); + return false; + } + if (testval < 0) { + SuiOptionPane.showMessageDialog(null, + _resource.getString("resourceEditor", "UidNotValidText"), + _resource.getString("resourceEditor", + "UidNotValidTitle"), SuiOptionPane.ERROR_MESSAGE); + ModalDialogUtil.sleep(); + return false; + } + if (testval == 0) { + Object[] val1 = {_resource.getString("resourceEditor", "yesButton"), + _resource.getString("resourceEditor", "noButton")}; + Object[] msg1 = {_resource.getString("resourceEditor", "errorText1"), + _resource.getString("resourceEditor", "errorText2"), + _resource.getString("resourceEditor", "errorText3")}; + int selection = SuiOptionPane.showOptionDialog(null, msg1, + _resource.getString("resourceEditor", "errorTitle"), + SuiOptionPane.DEFAULT_OPTION, + SuiOptionPane.WARNING_MESSAGE, null, val1, val1[0]); + + if (selection == 1) { + ModalDialogUtil.sleep(); + return false; + } + } + try { + testval = Integer.parseInt(_tfGIDNumber.getText().trim()); + } catch (NumberFormatException nfe) { + SuiOptionPane.showMessageDialog(null, + _resource.getString("resourceEditor", "GidNotANumberText"), + _resource.getString("resourceEditor", + "GidNotANumberTitle"), SuiOptionPane.ERROR_MESSAGE); + ModalDialogUtil.sleep(); + return false; + } + if (testval < 0) { + SuiOptionPane.showMessageDialog(null, + _resource.getString("resourceEditor", "GidNotValidText"), + _resource.getString("resourceEditor", + "GidNotValidTitle"), SuiOptionPane.ERROR_MESSAGE); + ModalDialogUtil.sleep(); + return false; + } + if (testval == 0) { + Object[] val1 = {_resource.getString("resourceEditor", "yesButton"), + _resource.getString("resourceEditor", "noButton")}; + Object[] msg1 = {_resource.getString("resourceEditor", "errorText1"), + _resource.getString("resourceEditor", "errorText2"), + _resource.getString("resourceEditor", "errorText3")}; + int selection = SuiOptionPane.showOptionDialog(null, msg1, + _resource.getString("resourceEditor", "errorTitle"), + SuiOptionPane.DEFAULT_OPTION, + SuiOptionPane.WARNING_MESSAGE, null, val1, val1[0]); + + if (selection == 1) { + ModalDialogUtil.sleep(); + return false; + } + } } return true; } From rmeggins at fedoraproject.org Wed Dec 10 02:56:04 2008 From: rmeggins at fedoraproject.org (Richard Allen Megginson) Date: Wed, 10 Dec 2008 02:56:04 +0000 (UTC) Subject: [Fedora-directory-commits] directoryconsole/help/en/help statustab_general.html, 1.1, 1.2 Message-ID: <20081210025604.ED83E70122@cvs1.fedora.phx.redhat.com> Author: rmeggins Update of /cvs/dirsec/directoryconsole/help/en/help In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv9400/directoryconsole/help/en/help Modified Files: statustab_general.html Log Message: Resolves: bug 452596 Bug Description: Help file for Status tab references server root Reviewed by: nhosoi (Thanks!) Fix Description: Remove/cleanup references to the old server root Platforms tested: RHEL5 Flag Day: no Doc impact: no Index: statustab_general.html =================================================================== RCS file: /cvs/dirsec/directoryconsole/help/en/help/statustab_general.html,v retrieving revision 1.1 retrieving revision 1.2 diff -u -r1.1 -r1.2 --- statustab_general.html 13 Aug 2007 22:28:09 -0000 1.1 +++ statustab_general.html 10 Dec 2008 02:56:02 -0000 1.2 @@ -19,10 +19,6 @@

-Server root. Indicates the directory where the server binaries are installed. -

- -

Product name. Indicates the server's official product name.

From rmeggins at fedoraproject.org Wed Dec 10 02:56:32 2008 From: rmeggins at fedoraproject.org (Richard Allen Megginson) Date: Wed, 10 Dec 2008 02:56:32 +0000 (UTC) Subject: [Fedora-directory-commits] console/examples/supermail/configuration ConfigurationNodeRHP.java, 1.1.1.1, 1.2 Message-ID: <20081210025632.9B66970122@cvs1.fedora.phx.redhat.com> Author: rmeggins Update of /cvs/dirsec/console/examples/supermail/configuration In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv9446/console/examples/supermail/configuration Modified Files: ConfigurationNodeRHP.java Log Message: Resolves: bug 452596 Bug Description: Help file for Status tab references server root Reviewed by: nhosoi (Thanks!) Fix Description: Remove/cleanup references to the old server root Platforms tested: RHEL5 Flag Day: no Doc impact: no Index: ConfigurationNodeRHP.java =================================================================== RCS file: /cvs/dirsec/console/examples/supermail/configuration/ConfigurationNodeRHP.java,v retrieving revision 1.1.1.1 retrieving revision 1.2 diff -u -r1.1.1.1 -r1.2 --- ConfigurationNodeRHP.java 18 Jul 2005 00:34:06 -0000 1.1.1.1 +++ ConfigurationNodeRHP.java 10 Dec 2008 02:56:30 -0000 1.2 @@ -413,7 +413,7 @@ /** * Show help for Netscape Server Product. - * Help pages are expected to be installed in a netscape server root. The help page is + * Help pages are expected to be installed with other console help pages. The help page is * retrieved using the Admin Server help CGI */ protected void showHelp() { From rmeggins at fedoraproject.org Wed Dec 10 02:56:32 2008 From: rmeggins at fedoraproject.org (Richard Allen Megginson) Date: Wed, 10 Dec 2008 02:56:32 +0000 (UTC) Subject: [Fedora-directory-commits] console/src/com/netscape/management/client/util About.java, 1.1.1.1, 1.2 Message-ID: <20081210025632.AFD3670106@cvs1.fedora.phx.redhat.com> Author: rmeggins Update of /cvs/dirsec/console/src/com/netscape/management/client/util In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv9446/console/src/com/netscape/management/client/util Modified Files: About.java Log Message: Resolves: bug 452596 Bug Description: Help file for Status tab references server root Reviewed by: nhosoi (Thanks!) Fix Description: Remove/cleanup references to the old server root Platforms tested: RHEL5 Flag Day: no Doc impact: no Index: About.java =================================================================== RCS file: /cvs/dirsec/console/src/com/netscape/management/client/util/About.java,v retrieving revision 1.1.1.1 retrieving revision 1.2 diff -u -r1.1.1.1 -r1.2 --- About.java 18 Jul 2005 00:34:25 -0000 1.1.1.1 +++ About.java 10 Dec 2008 02:56:30 -0000 1.2 @@ -131,8 +131,8 @@ othersPane.setLayout(new BoxLayout(othersPane, BoxLayout.X_AXIS)); // get resource string, figure out which logo file and copyright file to grab - // path is relative to - // copyright and logo info will stay under /manual/ + // path is relative to datadir + // copyright and logo info will stay under datadir/manual/ StringTokenizer st = new StringTokenizer(_resource.getString("", index), ",\n\r"); String htmlFile = ""; From rmeggins at fedoraproject.org Wed Dec 10 02:56:54 2008 From: rmeggins at fedoraproject.org (Richard Allen Megginson) Date: Wed, 10 Dec 2008 02:56:54 +0000 (UTC) Subject: [Fedora-directory-commits] admservconsole/src/com/netscape/management/admserv AdminServerProduct.java, 1.1.1.1, 1.2 Message-ID: <20081210025654.9BD7670106@cvs1.fedora.phx.redhat.com> Author: rmeggins Update of /cvs/dirsec/admservconsole/src/com/netscape/management/admserv In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv9496/admservconsole/src/com/netscape/management/admserv Modified Files: AdminServerProduct.java Log Message: Resolves: bug 452596 Bug Description: Help file for Status tab references server root Reviewed by: nhosoi (Thanks!) Fix Description: Remove/cleanup references to the old server root Platforms tested: RHEL5 Flag Day: no Doc impact: no Index: AdminServerProduct.java =================================================================== RCS file: /cvs/dirsec/admservconsole/src/com/netscape/management/admserv/AdminServerProduct.java,v retrieving revision 1.1.1.1 retrieving revision 1.2 diff -u -r1.1.1.1 -r1.2 --- AdminServerProduct.java 22 May 2006 18:14:33 -0000 1.1.1.1 +++ AdminServerProduct.java 10 Dec 2008 02:56:52 -0000 1.2 @@ -100,7 +100,7 @@ * existing SIE. Also, since the admin server that is being invoked * to do the migration via URL belongs to the target config root, * the targetDN is also unused. Moreover, the server parameter is not - * needed since there can only be one admin server per server root. + * needed since there can only be one admin server per machine. * * @param serverRoot - directory path for the migration origin. * @param server - the server to migrate from the serverRoot. From rmeggins at fedoraproject.org Wed Dec 10 02:56:54 2008 From: rmeggins at fedoraproject.org (Richard Allen Megginson) Date: Wed, 10 Dec 2008 02:56:54 +0000 (UTC) Subject: [Fedora-directory-commits] admservconsole/help/en/help administration_express_server_information.html, 1.1, 1.2 Message-ID: <20081210025654.96C9370124@cvs1.fedora.phx.redhat.com> Author: rmeggins Update of /cvs/dirsec/admservconsole/help/en/help In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv9496/admservconsole/help/en/help Modified Files: administration_express_server_information.html Log Message: Resolves: bug 452596 Bug Description: Help file for Status tab references server root Reviewed by: nhosoi (Thanks!) Fix Description: Remove/cleanup references to the old server root Platforms tested: RHEL5 Flag Day: no Doc impact: no Index: administration_express_server_information.html =================================================================== RCS file: /cvs/dirsec/admservconsole/help/en/help/administration_express_server_information.html,v retrieving revision 1.1 retrieving revision 1.2 diff -u -r1.1 -r1.2 --- administration_express_server_information.html 9 Aug 2007 16:04:04 -0000 1.1 +++ administration_express_server_information.html 10 Dec 2008 02:56:52 -0000 1.2 @@ -12,9 +12,6 @@ Installation Date. The date and time when the server was installed.

-Server Root. The directory where the server binary files are installed. -

-

Port. The port number the server is running on.

From nhosoi at fedoraproject.org Wed Dec 10 06:23:26 2008 From: nhosoi at fedoraproject.org (Noriko Hosoi) Date: Wed, 10 Dec 2008 06:23:26 +0000 (UTC) Subject: [Fedora-directory-commits] ldapserver/ldap/servers/slapd log.h, 1.8, 1.9 log.c, 1.24, 1.25 Message-ID: <20081210062326.B314770123@cvs1.fedora.phx.redhat.com> Author: nhosoi Update of /cvs/dirsec/ldapserver/ldap/servers/slapd In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv12831 Modified Files: log.h log.c Log Message: Resolves: #475338 Summary: LOG: the intenal type of maxlogsize, maxdiskspace and minfreespace should be 64-bit integer Description: support nsslapd-*log-maxlogsize, nsslapd-*log-logmaxdiskspace and nsslapd-*log-logminfreediskspace larger than 2GB. Index: log.h =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/log.h,v retrieving revision 1.8 retrieving revision 1.9 diff -u -r1.8 -r1.9 --- log.h 8 Oct 2008 17:29:03 -0000 1.8 +++ log.h 10 Dec 2008 06:23:24 -0000 1.9 @@ -116,9 +116,9 @@ struct logfileinfo { - int l_size; /* size is in KB */ - time_t l_ctime; /* log creation time*/ - struct logfileinfo *l_next; /* next log */ + PRInt64 l_size; /* size is in bytes */ + time_t l_ctime; /* log creation time*/ + struct logfileinfo *l_next; /* next log */ }; typedef struct logfileinfo LogFileInfo; @@ -127,7 +127,7 @@ char *current; /* current pointer into buffer */ size_t maxsize; /* size of buffer */ PRLock *lock; /* lock for access logging */ - PRInt32 refcount; /* Reference count for buffer copies */ + PRInt32 refcount; /* Reference count for buffer copies */ }; typedef struct logbufinfo LogBufferInfo; @@ -136,7 +136,7 @@ int log_access_state; int log_access_mode; /* access mode */ int log_access_maxnumlogs; /* Number of logs */ - int log_access_maxlogsize; /* max log size in bytes*/ + PRInt64 log_access_maxlogsize; /* max log size in bytes*/ int log_access_rotationtime; /* time in units. */ int log_access_rotationunit; /* time in units. */ int log_access_rotationtime_secs; /* time in seconds */ @@ -144,8 +144,8 @@ int log_access_rotationsynchour; /* 0-23 */ int log_access_rotationsyncmin; /* 0-59 */ time_t log_access_rotationsyncclock; /* clock in seconds */ - int log_access_maxdiskspace; /* space in bytes */ - int log_access_minfreespace; /* free space in bytes */ + PRInt64 log_access_maxdiskspace; /* space in bytes */ + PRInt64 log_access_minfreespace; /* free space in bytes */ int log_access_exptime; /* time */ int log_access_exptimeunit; /* unit time */ int log_access_exptime_secs; /* time in secs */ @@ -163,7 +163,7 @@ int log_error_state; int log_error_mode; /* access mode */ int log_error_maxnumlogs; /* Number of logs */ - int log_error_maxlogsize; /* max log size in bytes*/ + PRInt64 log_error_maxlogsize; /* max log size in bytes*/ int log_error_rotationtime; /* time in units. */ int log_error_rotationunit; /* time in units. */ int log_error_rotationtime_secs; /* time in seconds */ @@ -171,8 +171,8 @@ int log_error_rotationsynchour; /* 0-23 */ int log_error_rotationsyncmin; /* 0-59 */ time_t log_error_rotationsyncclock; /* clock in seconds */ - int log_error_maxdiskspace; /* space in bytes */ - int log_error_minfreespace; /* free space in bytes */ + PRInt64 log_error_maxdiskspace; /* space in bytes */ + PRInt64 log_error_minfreespace; /* free space in bytes */ int log_error_exptime; /* time */ int log_error_exptimeunit; /* unit time */ int log_error_exptime_secs; /* time in secs */ @@ -189,7 +189,7 @@ int log_audit_state; int log_audit_mode; /* access mode */ int log_audit_maxnumlogs; /* Number of logs */ - int log_audit_maxlogsize; /* max log size in bytes*/ + PRInt64 log_audit_maxlogsize; /* max log size in bytes*/ int log_audit_rotationtime; /* time in units. */ int log_audit_rotationunit; /* time in units. */ int log_audit_rotationtime_secs; /* time in seconds */ @@ -197,8 +197,8 @@ int log_audit_rotationsynchour; /* 0-23 */ int log_audit_rotationsyncmin; /* 0-59 */ time_t log_audit_rotationsyncclock; /* clock in seconds */ - int log_audit_maxdiskspace; /* space in bytes */ - int log_audit_minfreespace; /* free space in bytes */ + PRInt64 log_audit_maxdiskspace; /* space in bytes */ + PRInt64 log_audit_minfreespace; /* free space in bytes */ int log_audit_exptime; /* time */ int log_audit_exptimeunit; /* unit time */ int log_audit_exptime_secs; /* time in secs */ Index: log.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/log.c,v retrieving revision 1.24 retrieving revision 1.25 diff -u -r1.24 -r1.25 --- log.c 1 Dec 2008 18:05:35 -0000 1.24 +++ log.c 10 Dec 2008 06:23:24 -0000 1.25 @@ -121,9 +121,9 @@ static int log__access_rotationinfof(char *pathname); static int log__error_rotationinfof(char *pathname); static int log__audit_rotationinfof(char *pathname); -static int log__extract_logheader (FILE *fp, long *f_ctime, int *f_size); +static int log__extract_logheader (FILE *fp, long *f_ctime, PRInt64 *f_size); static int log__check_prevlogs (FILE *fp, char *filename); -static int log__getfilesize(LOGFD fp); +static PRInt64 log__getfilesize(LOGFD fp); static int log__enough_freespace(char *path); static int vslapd_log_error(LOGFD fp, char *subsystem, char *fmt, va_list ap, int locked ); @@ -767,9 +767,9 @@ log_set_logsize(const char *attrname, char *logsize_str, int logtype, char *returntext, int apply) { int rv = LDAP_SUCCESS; - int mdiskspace= 0; - int max_logsize; - int logsize; + PRInt64 mdiskspace= 0; /* in bytes */ + PRInt64 max_logsize; /* in bytes */ + int logsize; /* in megabytes */ slapdFrontendConfig_t *fe_cfg = getFrontendConfig(); if (!apply || !logsize_str || !*logsize_str) @@ -778,7 +778,7 @@ logsize = atoi(logsize_str); /* convert it to bytes */ - max_logsize = logsize * LOG_MB_IN_BYTES; + max_logsize = (PRInt64)logsize * LOG_MB_IN_BYTES; if (max_logsize <= 0) { max_logsize = -1; @@ -831,11 +831,11 @@ default: rv = 1; } - /* logsize will be in n MB. Convert it to bytes */ + /* logsize is in MB */ if (rv == 2) { LDAPDebug (LDAP_DEBUG_ANY, "Invalid value for Maximum log size:" - "Maxlogsize:%d MB Maxdisksize:%d MB\n", + "Maxlogsize:%d (MB) exceeds Maxdisksize:%d (MB)\n", logsize, mdiskspace/LOG_MB_IN_BYTES,0); rv = LDAP_OPERATIONS_ERROR; @@ -1244,9 +1244,9 @@ log_set_maxdiskspace(const char *attrname, char *maxdiskspace_str, int logtype, char *errorbuf, int apply) { int rv = 0; - int mlogsize; - int maxdiskspace; - int s_maxdiskspace; + PRInt64 mlogsize; /* in bytes */ + PRInt64 maxdiskspace; /* in bytes */ + int s_maxdiskspace; /* in megabytes */ slapdFrontendConfig_t *fe_cfg = getFrontendConfig(); @@ -1261,8 +1261,7 @@ if (!apply || !maxdiskspace_str || !*maxdiskspace_str) return rv; - maxdiskspace = atoi(maxdiskspace_str); - s_maxdiskspace = maxdiskspace; + s_maxdiskspace = atoi(maxdiskspace_str); /* Disk space are in MB but store in bytes */ switch (logtype) { @@ -1282,44 +1281,42 @@ rv = 1; mlogsize = -1; } - maxdiskspace *= LOG_MB_IN_BYTES; + maxdiskspace = (PRInt64)s_maxdiskspace * LOG_MB_IN_BYTES; if (maxdiskspace < 0) { maxdiskspace = -1; - } - else if (maxdiskspace < mlogsize) { + } else if (maxdiskspace < mlogsize) { rv = LDAP_OPERATIONS_ERROR; PR_snprintf( errorbuf, SLAPI_DSE_RETURNTEXT_SIZE, - "%s: maxdiskspace \"%d\" is less than max log size \"%d\"", - attrname, maxdiskspace, mlogsize ); + "%s: \"%d (MB)\" is less than max log size \"%d (MB)\"", + attrname, s_maxdiskspace, (int)(mlogsize/LOG_MB_IN_BYTES) ); } switch (logtype) { case SLAPD_ACCESS_LOG: if (rv== 0 && apply) { - loginfo.log_access_maxdiskspace = maxdiskspace; - fe_cfg->accesslog_maxdiskspace = s_maxdiskspace ; + loginfo.log_access_maxdiskspace = maxdiskspace; /* in bytes */ + fe_cfg->accesslog_maxdiskspace = s_maxdiskspace; /* in megabytes */ } LOG_ACCESS_UNLOCK_WRITE(); break; case SLAPD_ERROR_LOG: if (rv== 0 && apply) { - loginfo.log_error_maxdiskspace = maxdiskspace; - fe_cfg->errorlog_maxdiskspace = s_maxdiskspace; + loginfo.log_error_maxdiskspace = maxdiskspace; /* in bytes */ + fe_cfg->errorlog_maxdiskspace = s_maxdiskspace; /* in megabytes */ } LOG_ERROR_UNLOCK_WRITE(); break; case SLAPD_AUDIT_LOG: if (rv== 0 && apply) { - loginfo.log_audit_maxdiskspace = maxdiskspace; - fe_cfg->auditlog_maxdiskspace = s_maxdiskspace; + loginfo.log_audit_maxdiskspace = maxdiskspace; /* in bytes */ + fe_cfg->auditlog_maxdiskspace = s_maxdiskspace; /* in megabytes */ } LOG_AUDIT_UNLOCK_WRITE(); break; default: PR_snprintf( errorbuf, SLAPI_DSE_RETURNTEXT_SIZE, - "%s: invalid maximum log disk size:" - "Maxdiskspace:%d MB Maxlogsize:%d MB \n", - attrname, maxdiskspace, mlogsize); + "%s: invalid log type (%d) for setting maximum disk space: %d MB\n", + attrname, logtype, s_maxdiskspace); rv = LDAP_OPERATIONS_ERROR; } return rv; @@ -1335,8 +1332,8 @@ log_set_mindiskspace(const char *attrname, char *minfreespace_str, int logtype, char *errorbuf, int apply) { int rv=LDAP_SUCCESS; - int minfreespaceB; - int minfreespace; + int minfreespace; /* in megabytes */ + PRInt64 minfreespaceB; /* in bytes */ slapdFrontendConfig_t *fe_cfg = getFrontendConfig(); @@ -1357,7 +1354,7 @@ /* Disk space are in MB but store in bytes */ if (minfreespace >= 1 ) { - minfreespaceB = minfreespace * LOG_MB_IN_BYTES; + minfreespaceB = (PRInt64)minfreespace * LOG_MB_IN_BYTES; switch (logtype) { case SLAPD_ACCESS_LOG: LOG_ACCESS_LOCK_WRITE( ); @@ -2115,13 +2112,13 @@ ** in the array stack. */ if (loginfo.log_access_fdes != NULL) { - struct logfileinfo *log; - char newfile[BUFSIZ]; - int f_size; + struct logfileinfo *log; + char newfile[BUFSIZ]; + PRInt64 f_size; /* get rid of the old one */ if ((f_size = log__getfilesize(loginfo.log_access_fdes)) == -1) { - /* Then assume that we have the max size */ + /* Then assume that we have the max size (in bytes) */ f_size = loginfo.log_access_maxlogsize; } @@ -2158,15 +2155,13 @@ } } - /* open a new log file */ if (! LOG_OPEN_APPEND(fp, loginfo.log_access_file, loginfo.log_access_mode)) { int oserr = errno; loginfo.log_access_fdes = NULL; if (!locked) LOG_ACCESS_UNLOCK_WRITE(); - LDAPDebug( LDAP_DEBUG_ANY, "access file open %s failed errno %d (%s)\n", - loginfo.log_access_file, - oserr, slapd_system_strerror(oserr)); + LDAPDebug(LDAP_DEBUG_ANY, "access file open %s failed errno %d (%s)\n", + loginfo.log_access_file, oserr, slapd_system_strerror(oserr)); return LOG_UNABLE_TO_OPENFILE; } @@ -2198,8 +2193,9 @@ logp = loginfo.log_access_logchain; while ( logp) { log_convert_time (logp->l_ctime, tbuf, 1 /*short*/); - PR_snprintf(buffer, sizeof(buffer), "LOGINFO:%s%s.%s (%lu) (%u)\n", - PREVLOGFILE, loginfo.log_access_file, tbuf, logp->l_ctime, logp->l_size); + PR_snprintf(buffer, sizeof(buffer), "LOGINFO:%s%s.%s (%lu) (%" + NSPRI64 "d)\n", PREVLOGFILE, loginfo.log_access_file, tbuf, + logp->l_ctime, logp->l_size); LOG_WRITE(fpinfo, buffer, strlen(buffer), 0); logp = logp->l_next; } @@ -2236,8 +2232,9 @@ time_t log_createtime= 0; time_t syncclock = 0; int type = LOG_CONTINUE; - int f_size = 0; - int maxlogsize, nlogs; + PRInt64 f_size = 0; + PRInt64 maxlogsize; + int nlogs; int rotationtime_secs = -1; int sync_enabled = 0, timeunit = 0; @@ -2316,22 +2313,24 @@ } log_rotate: - /* - ** Don't send messages to the error log whilst we're rotating it. - ** This'll lead to a recursive call to the logging function, and - ** an assertion trying to relock the write lock. - */ + /* + ** Don't send messages to the error log whilst we're rotating it. + ** This'll lead to a recursive call to the logging function, and + ** an assertion trying to relock the write lock. + */ if (logtype!=SLAPD_ERROR_LOG) - { - if (type == LOG_SIZE_EXCEEDED) { - LDAPDebug (LDAP_DEBUG_TRACE, - "LOGINFO:End of Log because size exceeded(Max:%d bytes) (Is:%d bytes)\n", maxlogsize, f_size, 0); - } else if ( type == LOG_EXPIRED) { - LDAPDebug(LDAP_DEBUG_TRACE, - "LOGINFO:End of Log because time exceeded(Max:%d secs) (Is:%ld secs)\n", - rotationtime_secs, curr_time - log_createtime,0); - } - } + { + if (type == LOG_SIZE_EXCEEDED) { + LDAPDebug (LDAP_DEBUG_TRACE, + "LOGINFO:End of Log because size exceeded(Max:%" + NSPRI64 "d bytes) (Is:%" NSPRI64 "d bytes)\n", + maxlogsize, f_size, 0); + } else if ( type == LOG_EXPIRED) { + LDAPDebug(LDAP_DEBUG_TRACE, + "LOGINFO:End of Log because time exceeded(Max:%d secs) (Is:%ld secs)\n", + rotationtime_secs, curr_time - log_createtime,0); + } + } return (type == LOG_CONTINUE) ? LOG_CONTINUE : LOG_ROTATE; } @@ -2349,18 +2348,18 @@ log__delete_access_logfile() { - struct logfileinfo *logp = NULL; - struct logfileinfo *delete_logp = NULL; - struct logfileinfo *p_delete_logp = NULL; - struct logfileinfo *prev_logp = NULL; - int total_size=0; - time_t cur_time; - int f_size; - int numoflogs=loginfo.log_numof_access_logs; - int rv = 0; - char *logstr; - char buffer[BUFSIZ]; - char tbuf[TBUFSIZE]; + struct logfileinfo *logp = NULL; + struct logfileinfo *delete_logp = NULL; + struct logfileinfo *p_delete_logp = NULL; + struct logfileinfo *prev_logp = NULL; + PRInt64 total_size=0; + time_t cur_time; + PRInt64 f_size; + int numoflogs=loginfo.log_numof_access_logs; + int rv = 0; + char *logstr; + char buffer[BUFSIZ]; + char tbuf[TBUFSIZE]; /* If we have only one log, then will delete this one */ if (loginfo.log_access_maxnumlogs == 1) { @@ -2629,7 +2628,7 @@ log__access_rotationinfof(char *pathname) { long f_ctime; - int f_size; + PRInt64 f_size; int main_log = 1; time_t now; FILE *fp; @@ -2782,14 +2781,17 @@ * size info of all the old log files. ******************************************************************************/ static int -log__extract_logheader (FILE *fp, long *f_ctime, int *f_size) +log__extract_logheader (FILE *fp, long *f_ctime, PRInt64 *f_size) { char buf[BUFSIZ]; char *p, *s, *next; + if (NULL == f_ctime || NULL == f_size) { + return LOG_ERROR; + } *f_ctime = 0L; - *f_size = 0; + *f_size = 0L; if ( fp == NULL) return LOG_ERROR; @@ -2817,11 +2819,11 @@ *s = '\0'; /* Now p must hold the ctime value */ - *f_ctime = atoi(p); + *f_ctime = strtol(p, (char **)NULL, 0); if ((p = strchr(next, '(')) == NULL) { /* that's fine -- it means we have no size info */ - *f_size = 0; + *f_size = 0L; return LOG_CONTINUE; } @@ -2833,7 +2835,7 @@ *next = '\0'; /* Now p must hold the size value */ - *f_size = atoi(p); + *f_size = strtoll(p, (char **)NULL, 0); /* check if the Previous Log file really exists */ if ((p = strstr(buf, PREVLOGFILE)) != NULL) { @@ -2867,7 +2869,7 @@ * probably a safe assumption for now. */ #ifdef XP_WIN32 -static int +static PRInt64 log__getfilesize(LOGFD fp) { struct stat info; @@ -2876,10 +2878,10 @@ if ((rv = fstat(fileno(fp), &info)) != 0) { return -1; } - return info.st_size; + return (PRInt64)info.st_size; } #else -static int +static PRInt64 log__getfilesize(LOGFD fp) { PRFileInfo info; @@ -2887,7 +2889,7 @@ if (PR_GetOpenFileInfo (fp, &info) == PR_FAILURE) { return -1; } - return info.size; + return (PRInt64)info.size; /* type of size is off_t */ } #endif @@ -3049,18 +3051,18 @@ log__delete_error_logfile(int locked) { - struct logfileinfo *logp = NULL; - struct logfileinfo *delete_logp = NULL; - struct logfileinfo *p_delete_logp = NULL; - struct logfileinfo *prev_logp = NULL; - int total_size=0; - time_t cur_time; - int f_size; - int numoflogs=loginfo.log_numof_error_logs; - int rv = 0; - char *logstr; - char buffer[BUFSIZ]; - char tbuf[TBUFSIZE]; + struct logfileinfo *logp = NULL; + struct logfileinfo *delete_logp = NULL; + struct logfileinfo *p_delete_logp = NULL; + struct logfileinfo *prev_logp = NULL; + PRInt64 total_size=0; + time_t cur_time; + PRInt64 f_size; + int numoflogs=loginfo.log_numof_error_logs; + int rv = 0; + char *logstr; + char buffer[BUFSIZ]; + char tbuf[TBUFSIZE]; /* If we have only one log, then will delete this one */ @@ -3222,18 +3224,18 @@ static int log__delete_audit_logfile() { - struct logfileinfo *logp = NULL; - struct logfileinfo *delete_logp = NULL; - struct logfileinfo *p_delete_logp = NULL; - struct logfileinfo *prev_logp = NULL; - int total_size=0; - time_t cur_time; - int f_size; - int numoflogs=loginfo.log_numof_audit_logs; - int rv = 0; - char *logstr; - char buffer[BUFSIZ]; - char tbuf[TBUFSIZE]; + struct logfileinfo *logp = NULL; + struct logfileinfo *delete_logp = NULL; + struct logfileinfo *p_delete_logp = NULL; + struct logfileinfo *prev_logp = NULL; + PRInt64 total_size=0; + time_t cur_time; + PRInt64 f_size; + int numoflogs=loginfo.log_numof_audit_logs; + int rv = 0; + char *logstr; + char buffer[BUFSIZ]; + char tbuf[TBUFSIZE]; /* If we have only one log, then will delete this one */ if (loginfo.log_audit_maxnumlogs == 1) { @@ -3378,7 +3380,7 @@ log__error_rotationinfof( char *pathname) { long f_ctime; - int f_size; + PRInt64 f_size; int main_log = 1; time_t now; FILE *fp; @@ -3465,7 +3467,7 @@ log__audit_rotationinfof( char *pathname) { long f_ctime; - int f_size; + PRInt64 f_size; int main_log = 1; time_t now; FILE *fp; @@ -3607,9 +3609,9 @@ ** in the array stack. */ if (loginfo.log_error_fdes != NULL) { - struct logfileinfo *log; - char newfile[BUFSIZ]; - int f_size; + struct logfileinfo *log; + char newfile[BUFSIZ]; + PRInt64 f_size; /* get rid of the old one */ if ((f_size = log__getfilesize(loginfo.log_error_fdes)) == -1) { @@ -3704,8 +3706,9 @@ logp = loginfo.log_error_logchain; while (logp) { log_convert_time (logp->l_ctime, tbuf, 1 /*short */); - PR_snprintf(buffer, sizeof(buffer), "LOGINFO:%s%s.%s (%lu) (%u)\n", - PREVLOGFILE, loginfo.log_error_file, tbuf, logp->l_ctime, logp->l_size); + PR_snprintf(buffer, sizeof(buffer), "LOGINFO:%s%s.%s (%lu) (%" + NSPRI64 "d)\n", PREVLOGFILE, loginfo.log_error_file, tbuf, + logp->l_ctime, logp->l_size); LOG_WRITE(fpinfo, buffer, strlen(buffer), 0); logp = logp->l_next; } @@ -3747,9 +3750,9 @@ ** in the array stack. */ if (loginfo.log_audit_fdes != NULL) { - struct logfileinfo *log; - char newfile[BUFSIZ]; - int f_size; + struct logfileinfo *log; + char newfile[BUFSIZ]; + PRInt64 f_size; /* get rid of the old one */ @@ -3758,7 +3761,6 @@ f_size = loginfo.log_audit_maxlogsize; } - /* Check if I have to delete any old file, delete it if it is required. */ while (log__delete_audit_logfile()); @@ -3785,7 +3787,6 @@ } } - /* open a new log file */ if (! LOG_OPEN_APPEND(fp, loginfo.log_audit_file, loginfo.log_audit_mode)) { LDAPDebug(LDAP_DEBUG_ANY, "WARNING: can't open file %s. " @@ -3825,8 +3826,9 @@ logp = loginfo.log_audit_logchain; while ( logp) { log_convert_time (logp->l_ctime, tbuf, 1 /*short */); - PR_snprintf(buffer, sizeof(buffer), "LOGINFO:%s%s.%s (%d) (%d)\n", - PREVLOGFILE, loginfo.log_audit_file, tbuf, (int)logp->l_ctime, logp->l_size); + PR_snprintf(buffer, sizeof(buffer), "LOGINFO:%s%s.%s (%lu) (%" + NSPRI64 "d)\n", PREVLOGFILE, loginfo.log_audit_file, tbuf, + logp->l_ctime, logp->l_size); LOG_WRITE(fpinfo, buffer, strlen(buffer), 0); logp = logp->l_next; } @@ -4041,15 +4043,17 @@ int check_log_max_size( char *maxdiskspace_str, char *mlogsize_str, - int maxdiskspace, - int mlogsize, + int maxdiskspace, /* in megabytes */ + int mlogsize, /* in megabytes */ char * returntext, int logtype) { slapdFrontendConfig_t *slapdFrontendConfig = getFrontendConfig(); int rc = LDAP_SUCCESS; - int current_mlogsize = -1; - int current_maxdiskspace = -1; + int current_mlogsize = -1; /* in megabytes */ + int current_maxdiskspace = -1; /* in megabytes */ + PRInt64 mlogsizeB; /* in bytes */ + PRInt64 maxdiskspaceB; /* in bytes */ switch (logtype) { @@ -4070,35 +4074,40 @@ current_maxdiskspace = -1; } - if ( maxdiskspace == -1 ) + if ( maxdiskspace == -1 ) { maxdiskspace = current_maxdiskspace; - if ( mlogsize == -1 ) + } + maxdiskspaceB = (PRInt64)maxdiskspace * LOG_MB_IN_BYTES; + + if ( mlogsize == -1 ) { mlogsize = current_mlogsize; + } + mlogsizeB = (PRInt64)mlogsize * LOG_MB_IN_BYTES; if ( maxdiskspace < mlogsize ) { /* fail */ PR_snprintf ( returntext, SLAPI_DSE_RETURNTEXT_SIZE, - "%s: maxdiskspace \"%d\" is less than max log size \"%d\"", - maxdiskspace_str, maxdiskspace*LOG_MB_IN_BYTES, mlogsize*LOG_MB_IN_BYTES ); + "%s: maxdiskspace \"%d (MB)\" is less than max log size \"%d (MB)\"", + maxdiskspace_str, maxdiskspace, mlogsize ); rc = LDAP_OPERATIONS_ERROR; } switch (logtype) { case SLAPD_ACCESS_LOG: - loginfo.log_access_maxlogsize = mlogsize * LOG_MB_IN_BYTES; - loginfo.log_access_maxdiskspace = maxdiskspace * LOG_MB_IN_BYTES; + loginfo.log_access_maxlogsize = mlogsizeB; + loginfo.log_access_maxdiskspace = maxdiskspaceB; break; case SLAPD_ERROR_LOG: - loginfo.log_error_maxlogsize = mlogsize * LOG_MB_IN_BYTES; - loginfo.log_error_maxdiskspace = maxdiskspace * LOG_MB_IN_BYTES; + loginfo.log_error_maxlogsize = mlogsizeB; + loginfo.log_error_maxdiskspace = maxdiskspaceB; break; case SLAPD_AUDIT_LOG: - loginfo.log_audit_maxlogsize = mlogsize * LOG_MB_IN_BYTES; - loginfo.log_audit_maxdiskspace = maxdiskspace * LOG_MB_IN_BYTES; + loginfo.log_audit_maxlogsize = mlogsizeB; + loginfo.log_audit_maxdiskspace = maxdiskspaceB; break; default: - break; + break; } return rc; From rmeggins at fedoraproject.org Wed Dec 10 14:57:15 2008 From: rmeggins at fedoraproject.org (Richard Allen Megginson) Date: Wed, 10 Dec 2008 14:57:15 +0000 (UTC) Subject: [Fedora-directory-commits] admservconsole/src/com/netscape/management/admserv admserv.properties, 1.2, 1.3 Message-ID: <20081210145715.A91F37011A@cvs1.fedora.phx.redhat.com> Author: rmeggins Update of /cvs/dirsec/admservconsole/src/com/netscape/management/admserv In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv2743/admservconsole/src/com/netscape/management/admserv Modified Files: admserv.properties Log Message: Resolves: bug 429514 Bug Description: Administration Server Console : incorrect apache server error log parsing Reviewed by: nkinder (Thanks!) Fix Description: The error log date/time are together in one field. Just combine them into one column in the log viewer. New screenshot - https://bugzilla.redhat.com/attachment.cgi?id=326443 Platforms tested: RHEL5 Flag Day: no Doc impact: yes - will have to document the new log format Index: admserv.properties =================================================================== RCS file: /cvs/dirsec/admservconsole/src/com/netscape/management/admserv/admserv.properties,v retrieving revision 1.2 retrieving revision 1.3 diff -u -r1.2 -r1.3 --- admserv.properties 29 Sep 2006 17:17:27 -0000 1.2 +++ admserv.properties 10 Dec 2008 14:57:12 -0000 1.3 @@ -136,6 +136,7 @@ log-username=Username log-date=Date log-time=Time +log-datetime=Date&Time log-header=Header log-errorcode=HTTP Code log-length=Length From rmeggins at fedoraproject.org Wed Dec 10 14:57:15 2008 From: rmeggins at fedoraproject.org (Richard Allen Megginson) Date: Wed, 10 Dec 2008 14:57:15 +0000 (UTC) Subject: [Fedora-directory-commits] admservconsole/src/com/netscape/management/admserv/logging ErrorLogViewerModel.java, 1.2, 1.3 Message-ID: <20081210145715.921437012D@cvs1.fedora.phx.redhat.com> Author: rmeggins Update of /cvs/dirsec/admservconsole/src/com/netscape/management/admserv/logging In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv2743/admservconsole/src/com/netscape/management/admserv/logging Modified Files: ErrorLogViewerModel.java Log Message: Resolves: bug 429514 Bug Description: Administration Server Console : incorrect apache server error log parsing Reviewed by: nkinder (Thanks!) Fix Description: The error log date/time are together in one field. Just combine them into one column in the log viewer. New screenshot - https://bugzilla.redhat.com/attachment.cgi?id=326443 Platforms tested: RHEL5 Flag Day: no Doc impact: yes - will have to document the new log format Index: ErrorLogViewerModel.java =================================================================== RCS file: /cvs/dirsec/admservconsole/src/com/netscape/management/admserv/logging/ErrorLogViewerModel.java,v retrieving revision 1.2 retrieving revision 1.3 diff -u -r1.2 -r1.3 --- ErrorLogViewerModel.java 9 Jul 2007 20:10:10 -0000 1.2 +++ ErrorLogViewerModel.java 10 Dec 2008 14:57:13 -0000 1.3 @@ -50,8 +50,7 @@ _password = _consoleInfo.getAuthenticationPassword(); addColumn(_resource.getString("log", "lineno")); - addColumn(_resource.getString("log", "date")); - addColumn(_resource.getString("log", "time")); + addColumn(_resource.getString("log", "datetime")); addColumn(_resource.getString("log", "severity")); addColumn(_resource.getString("log", "details")); @@ -126,10 +125,9 @@ class ErrorLogDataClient extends AbstractCommClient { final int STATE_START = 0; - final int STATE_DATE = 1; - final int STATE_TIME = 2; - final int STATE_SEVERITY = 3; - final int STATE_DETAIL = 4; + final int STATE_DATETIME = 1; + final int STATE_SEVERITY = 2; + final int STATE_DETAIL = 3; protected LogViewerModel _model; public ErrorLogDataClient(String username, String password) { @@ -137,8 +135,7 @@ } class ErrorLogData { - StringBuffer date = new StringBuffer(); - StringBuffer time = new StringBuffer(); + StringBuffer datetime = new StringBuffer(); StringBuffer severity = new StringBuffer(); StringBuffer detail = new StringBuffer(); } @@ -156,27 +153,20 @@ switch (state) { case STATE_START: if (character == '[') - state = STATE_DATE; + state = STATE_DATETIME; break; - case STATE_DATE: - if (character == ':') - state = STATE_TIME; - else - data.date.append(character); - break; - - case STATE_TIME: + case STATE_DATETIME: if (character == ']') state = STATE_SEVERITY; else - data.time.append(character); + data.datetime.append(character); break; case STATE_SEVERITY: - if (character == ':') + if (character == ']') state = STATE_DETAIL; - else if (character != ' ') + else if (character != '[') data.severity.append(character); break; @@ -207,10 +197,9 @@ model.setValueAt( Integer.toString(rowOffset + rowIndex), rowIndex, 0); - model.setValueAt(d.date, rowIndex, 1); - model.setValueAt(d.time, rowIndex, 2); - model.setValueAt(d.severity, rowIndex, 3); - model.setValueAt(d.detail, rowIndex, 4); + model.setValueAt(d.datetime, rowIndex, 1); + model.setValueAt(d.severity, rowIndex, 2); + model.setValueAt(d.detail, rowIndex, 3); } else { break; } From nhosoi at fedoraproject.org Thu Dec 11 00:08:21 2008 From: nhosoi at fedoraproject.org (Noriko Hosoi) Date: Thu, 11 Dec 2008 00:08:21 +0000 (UTC) Subject: [Fedora-directory-commits] ldapserver/ldap/servers/slapd operation.c, 1.7, 1.8 Message-ID: <20081211000821.9E51770123@cvs1.fedora.phx.redhat.com> Author: nhosoi Update of /cvs/dirsec/ldapserver/ldap/servers/slapd In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv11178 Modified Files: operation.c Log Message: Resolves: #475899 Summary: extensible filter having range operation crashes the server Description: we should prevent accessing the inside of NULL pointer. Index: operation.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/operation.c,v retrieving revision 1.7 retrieving revision 1.8 diff -u -r1.7 -r1.8 --- operation.c 15 Oct 2008 06:30:05 -0000 1.7 +++ operation.c 11 Dec 2008 00:08:18 -0000 1.8 @@ -55,9 +55,11 @@ { int op_status; - op_status = pb->pb_op->o_status; - - return( op_status == SLAPI_OP_STATUS_ABANDONED ); + if (pb && pb->pb_op) { + op_status = pb->pb_op->o_status; + return( op_status == SLAPI_OP_STATUS_ABANDONED ); + } + return 0; } void From rmeggins at fedoraproject.org Thu Dec 11 17:34:23 2008 From: rmeggins at fedoraproject.org (Richard Allen Megginson) Date: Thu, 11 Dec 2008 17:34:23 +0000 (UTC) Subject: [Fedora-directory-commits] directoryconsole/src/com/netscape/admin/dirserv/panel/replication replication.properties, 1.3, 1.4 Message-ID: <20081211173423.3A14B70124@cvs1.fedora.phx.redhat.com> Author: rmeggins Update of /cvs/dirsec/directoryconsole/src/com/netscape/admin/dirserv/panel/replication In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv18133 Modified Files: replication.properties Log Message: Resolves: bug 178947 Description: Replica UI "Replica ID" setting tool tip is incorrect (max val is really 65534) Fix Description: change the value to 65534 Index: replication.properties =================================================================== RCS file: /cvs/dirsec/directoryconsole/src/com/netscape/admin/dirserv/panel/replication/replication.properties,v retrieving revision 1.3 retrieving revision 1.4 diff -u -r1.3 -r1.4 --- replication.properties 2 Dec 2008 15:27:38 -0000 1.3 +++ replication.properties 11 Dec 2008 17:34:20 -0000 1.4 @@ -302,7 +302,7 @@ replication-replica-common-panel-label=Common Settings replication-replica-consumer-panel-label=Update Settings replication-replica-replicaid-label=Replica ID: -replication-replica-replicaid-ttip=A number between 1 and 255 inclusive that uniquely identifies this replica. +replication-replica-replicaid-ttip=A number between 1 and 65534 inclusive that uniquely identifies this replica. replication-replica-replicaid-columns=6 replication-replica-replicaid-warning-label=(Must be unique among the IDs of the master replicas) replication-replica-4xcompatible-label=Updatable by a 4.X Replica From rmeggins at fedoraproject.org Thu Dec 11 18:06:45 2008 From: rmeggins at fedoraproject.org (Richard Allen Megginson) Date: Thu, 11 Dec 2008 18:06:45 +0000 (UTC) Subject: [Fedora-directory-commits] adminserver/admserv/cgi-src40 security.c, 1.17, 1.18 Message-ID: <20081211180646.3FEB770123@cvs1.fedora.phx.redhat.com> Author: rmeggins Update of /cvs/dirsec/adminserver/admserv/cgi-src40 In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv24850 Modified Files: security.c Log Message: Resolves: bug 209242 Description: Minor cosmetic error in "Certificate Information" dialog box Fix Description: the order of org and orgunit were reversed Index: security.c =================================================================== RCS file: /cvs/dirsec/adminserver/admserv/cgi-src40/security.c,v retrieving revision 1.17 retrieving revision 1.18 diff -u -r1.17 -r1.18 --- security.c 4 Dec 2008 20:01:28 -0000 1.17 +++ security.c 11 Dec 2008 18:06:42 -0000 1.18 @@ -534,8 +534,8 @@ if (showDetail || ((flags & CERTDB_USER) == CERTDB_USER)){ fprintf(stdout, "\t\n\t\t%s\n\t\t%s\n\t\t%s\n\t\t%s\n\t\t%s\n\t\t%s\n\t\t%s\n\t\n", processNullString(CERT_GetCommonName(&cert->subject)), - processNullString(CERT_GetOrgName(&cert->subject)), processNullString(CERT_GetOrgUnitName(&cert->subject)), + processNullString(CERT_GetOrgName(&cert->subject)), processNullString(CERT_GetLocalityName(&cert->subject)), processNullString(CERT_GetStateName(&cert->subject)), processNullString(CERT_GetCountryName(&cert->subject)), From rmeggins at fedoraproject.org Thu Dec 11 20:42:24 2008 From: rmeggins at fedoraproject.org (Richard Allen Megginson) Date: Thu, 11 Dec 2008 20:42:24 +0000 (UTC) Subject: [Fedora-directory-commits] admservconsole/src/com/netscape/management/admserv/logging AccessLogViewerModel.java, 1.2, 1.3 Message-ID: <20081211204224.B6BD270126@cvs1.fedora.phx.redhat.com> Author: rmeggins Update of /cvs/dirsec/admservconsole/src/com/netscape/management/admserv/logging In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv23938/admservconsole/src/com/netscape/management/admserv/logging Modified Files: AccessLogViewerModel.java Log Message: Resolves: bug 166230 Bug Description: Admin Server management window misparses access log Reviewed by: nkinder (Thanks!) Fix Description: Look for ' - ' instead of just a '-' Platforms tested: RHEL5 Flag Day: no Doc impact: no Index: AccessLogViewerModel.java =================================================================== RCS file: /cvs/dirsec/admservconsole/src/com/netscape/management/admserv/logging/AccessLogViewerModel.java,v retrieving revision 1.2 retrieving revision 1.3 diff -u -r1.2 -r1.3 --- AccessLogViewerModel.java 9 Jul 2007 20:10:10 -0000 1.2 +++ AccessLogViewerModel.java 11 Dec 2008 20:42:21 -0000 1.3 @@ -172,14 +172,24 @@ int bufferLength = buffer.length(); int state = STATE_HOST; char character; + char charNMinus1 = 0; + char charNMinus2 = 0; for (int index = 0; index < bufferLength; index++) { character = buffer.charAt(index); + if (index > 0) { + charNMinus1 = buffer.charAt(index-1); + } + if (index > 1) { + charNMinus2 = buffer.charAt(index-2); + } switch (state) { case STATE_HOST: - if (character == '-') + if ((character == ' ') && (charNMinus1 == '-') && + (charNMinus2 == ' ')) { state = STATE_USERNAME; - else if (character != ' ') + } + else if ((character != ' ') && (charNMinus1 != ' ')) data.host.append(character); break; From rmeggins at fedoraproject.org Thu Dec 11 20:46:28 2008 From: rmeggins at fedoraproject.org (Richard Allen Megginson) Date: Thu, 11 Dec 2008 20:46:28 +0000 (UTC) Subject: [Fedora-directory-commits] directoryconsole/src/com/netscape/admin/dirserv/panel DSEntrySet.java, 1.2, 1.3 Message-ID: <20081211204628.9F4DB7012D@cvs1.fedora.phx.redhat.com> Author: rmeggins Update of /cvs/dirsec/directoryconsole/src/com/netscape/admin/dirserv/panel In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv25004/directoryconsole/src/com/netscape/admin/dirserv/panel Modified Files: DSEntrySet.java Log Message: Resolves: bug 177334 Bug Description: LDBM Plug-in Settings console UI value checking issues Reviewed by: nkinder (Thanks!) Fix Description: The code was unconditionally resetting the field before checking the result of the modify operation. The correct way to do it is to reset the field only after the modify operation succeeded. I create a Vector of fields that are being modified, and only reset them if the modify succeeded. Platforms tested: RHEL5 Flag Day: no Doc impact: no Index: DSEntrySet.java =================================================================== RCS file: /cvs/dirsec/directoryconsole/src/com/netscape/admin/dirserv/panel/DSEntrySet.java,v retrieving revision 1.2 retrieving revision 1.3 diff -u -r1.2 -r1.3 --- DSEntrySet.java 15 Feb 2006 23:00:55 -0000 1.2 +++ DSEntrySet.java 11 Dec 2008 20:46:26 -0000 1.3 @@ -320,6 +320,7 @@ // loop through our list of unique DNs boolean retval = false; boolean requiresRestart = false; + Vector needReset = new Vector(); for (Enumeration e = _dnToAttributeNameArrayMap.keys(); e.hasMoreElements(); ) { String dn = (String)e.nextElement(); @@ -361,8 +362,8 @@ requiresRestart = DSUtil.requiresRestart( dn, attrName ); } dirty = true; - // reset it now - ((DSEntry)dse).reset(); + // possibly reset if save successful + needReset.add(dse); } for (int kk = 0; sa != null && kk < sa.length; ++kk) { values.addElement(sa[kk]); @@ -408,6 +409,17 @@ } else { ldc.modify(dn, ldapmodset); ldapmodset = null; + // reset the fields that were dirty and were successfully + // stored to the server - this means that if ldc.modify + // threw an exception, we do not get to this code, and + // therefore all of the fields will be left marked as + // dirty and un-reset + Enumeration nmr = needReset.elements(); + while (nmr.hasMoreElements()) { + DSEntry dse = (DSEntry)nmr.nextElement(); + dse.reset(); // save was successful - reset + } + needReset = null; } done = true; retval = true; From rmeggins at fedoraproject.org Thu Dec 11 22:58:50 2008 From: rmeggins at fedoraproject.org (Richard Allen Megginson) Date: Thu, 11 Dec 2008 22:58:50 +0000 (UTC) Subject: [Fedora-directory-commits] directoryconsole/src/com/netscape/admin/dirserv DSContentPage.java, 1.4, 1.5 Message-ID: <20081211225850.3B0E470124@cvs1.fedora.phx.redhat.com> Author: rmeggins Update of /cvs/dirsec/directoryconsole/src/com/netscape/admin/dirserv In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv21095/directoryconsole/src/com/netscape/admin/dirserv Modified Files: DSContentPage.java Log Message: Resolves: bug 249120 Bug Description: fds104 jre15sun empty subtree pw policy window Reviewed by: nkinder (Thanks!) Fix Description: The culprit was flexible but evil GridBagLayout. Changing the layout in the dialog window to BorderLayout solved the problem. Now, the window comes up with the panels flush with the edges of the dialog window. Resizing the box too small results in h and v scroll bars. pwp dialog at startup - https://bugzilla.redhat.com/attachment.cgi?id=326684 pwp dialog made too small - https://bugzilla.redhat.com/attachment.cgi?id=326685 Platforms tested: RHEL5 Flag Day: no Doc impact: no Index: DSContentPage.java =================================================================== RCS file: /cvs/dirsec/directoryconsole/src/com/netscape/admin/dirserv/DSContentPage.java,v retrieving revision 1.4 retrieving revision 1.5 diff -u -r1.4 -r1.5 --- DSContentPage.java 2 Aug 2007 16:35:32 -0000 1.4 +++ DSContentPage.java 11 Dec 2008 22:58:46 -0000 1.5 @@ -2044,7 +2044,7 @@ String dn = Helper.getNodeInfoDN(node); if ( dn != null) { BlankPanel child = new BlankPanel(_resourceModel); - child.setLayout(new GridBagLayout()); + child.setLayout(new BorderLayout()); PasswordPolicyTabbedDialog tabchild = new PasswordPolicyTabbedDialog(_resourceModel, dn, type); From nkinder at fedoraproject.org Thu Dec 11 23:05:25 2008 From: nkinder at fedoraproject.org (Nathan Kinder) Date: Thu, 11 Dec 2008 23:05:25 +0000 (UTC) Subject: [Fedora-directory-commits] ldapserver/ldap/servers/slapd connection.c, 1.23, 1.24 extendop.c, 1.10, 1.11 passwd_extop.c, 1.17, 1.18 slap.h, 1.43, 1.44 Message-ID: <20081211230526.006507012D@cvs1.fedora.phx.redhat.com> Author: nkinder Update of /cvs/dirsec/ldapserver/ldap/servers/slapd In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv22785/ldap/servers/slapd Modified Files: connection.c extendop.c passwd_extop.c slap.h Log Message: Resolves: 201332 Summary: Allow password modify extop when password reset is needed. Index: connection.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/connection.c,v retrieving revision 1.23 retrieving revision 1.24 diff -u -r1.23 -r1.24 --- connection.c 5 Dec 2008 22:41:52 -0000 1.23 +++ connection.c 11 Dec 2008 23:05:23 -0000 1.24 @@ -449,7 +449,7 @@ if ( conn->c_needpw && op->o_tag != LDAP_REQ_MODIFY && op->o_tag != LDAP_REQ_BIND && op->o_tag != LDAP_REQ_UNBIND && - op->o_tag != LDAP_REQ_ABANDON ) + op->o_tag != LDAP_REQ_ABANDON && op->o_tag != LDAP_REQ_EXTENDED) { slapi_add_pwd_control ( pb, LDAP_CONTROL_PWEXPIRED, 0); slapi_log_access( LDAP_DEBUG_STATS, "conn=%" NSPRIu64 " op=%d %s\n", Index: extendop.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/extendop.c,v retrieving revision 1.10 retrieving revision 1.11 diff -u -r1.10 -r1.11 --- extendop.c 5 Dec 2008 22:41:52 -0000 1.10 +++ extendop.c 11 Dec 2008 23:05:23 -0000 1.11 @@ -295,6 +295,22 @@ goto free_and_return; } + /* If a password change is required, only allow the password + * modify extended operation */ + if (!pb->pb_conn->c_isreplication_session && + pb->pb_conn->c_needpw && (strcmp(extoid, EXTOP_PASSWD_OID) != 0)) + { + char *dn = NULL; + slapi_pblock_get(pb, SLAPI_CONN_DN, &dn); + + (void)slapi_add_pwd_control ( pb, LDAP_CONTROL_PWEXPIRED, 0); + op_shared_log_error_access (pb, "EXT", dn ? dn : "", "need new password"); + send_ldap_result( pb, LDAP_UNWILLING_TO_PERFORM, NULL, NULL, 0, NULL ); + + slapi_ch_free_string(&dn); + goto free_and_return; + } + slapi_pblock_set( pb, SLAPI_EXT_OP_REQ_OID, extoid ); slapi_pblock_set( pb, SLAPI_EXT_OP_REQ_VALUE, &extval ); rc = plugin_call_exop_plugins( pb, extoid ); Index: passwd_extop.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/passwd_extop.c,v retrieving revision 1.17 retrieving revision 1.18 diff -u -r1.17 -r1.18 --- passwd_extop.c 27 Aug 2008 21:05:30 -0000 1.17 +++ passwd_extop.c 11 Dec 2008 23:05:23 -0000 1.18 @@ -82,9 +82,6 @@ /* number of random bytes needed to generate password */ #define LDAP_EXTOP_PASSMOD_RANDOM_BYTES 6 -/* OID of the extended operation handled by this plug-in */ -#define EXOP_PASSWD_OID "1.3.6.1.4.1.4203.1.11.1" - Slapi_PluginDesc passwdopdesc = { "passwd_modify_plugin", "Fedora", "0.1", "Password Modify extended operation plugin" }; @@ -450,7 +447,7 @@ /* Before going any further, we'll make sure that the right extended operation plugin * has been called: i.e., the OID shipped whithin the extended operation request must - * match this very plugin's OID: EXOP_PASSWD_OID. */ + * match this very plugin's OID: EXTOP_PASSWD_OID. */ if ( slapi_pblock_get( pb, SLAPI_EXT_OP_REQ_OID, &oid ) != 0 ) { errMesg = "Could not get OID value from request.\n"; rc = LDAP_OPERATIONS_ERROR; @@ -462,7 +459,7 @@ "Received extended operation request with OID %s\n", oid ); } - if ( strcasecmp( oid, EXOP_PASSWD_OID ) != 0) { + if ( strcasecmp( oid, EXTOP_PASSWD_OID ) != 0) { errMesg = "Request OID does not match Passwd OID.\n"; rc = LDAP_OPERATIONS_ERROR; goto free_and_return; @@ -783,7 +780,7 @@ static char *passwd_oid_list[] = { - EXOP_PASSWD_OID, + EXTOP_PASSWD_OID, NULL }; @@ -812,9 +809,9 @@ /* Compare the OID specified in the configuration file against the Passwd OID. */ - if ( argv == NULL || strcmp( argv[0], EXOP_PASSWD_OID ) != 0 ) { + if ( argv == NULL || strcmp( argv[0], EXTOP_PASSWD_OID ) != 0 ) { slapi_log_error( SLAPI_LOG_PLUGIN, "passwd_modify_init", - "OID is missing or is not %s\n", EXOP_PASSWD_OID ); + "OID is missing or is not %s\n", EXTOP_PASSWD_OID ); return( -1 ); } else { oid = slapi_ch_strdup( argv[0] ); Index: slap.h =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/slap.h,v retrieving revision 1.43 retrieving revision 1.44 diff -u -r1.43 -r1.44 --- slap.h 5 Dec 2008 22:41:52 -0000 1.43 +++ slap.h 11 Dec 2008 23:05:23 -0000 1.44 @@ -540,6 +540,7 @@ /* extended operations supported by the server */ #define EXTOP_BULK_IMPORT_START_OID "2.16.840.1.113730.3.5.7" #define EXTOP_BULK_IMPORT_DONE_OID "2.16.840.1.113730.3.5.8" +#define EXTOP_PASSWD_OID "1.3.6.1.4.1.4203.1.11.1" /* * Represents a Distinguished Name of an entry From nhosoi at fedoraproject.org Thu Dec 11 23:33:33 2008 From: nhosoi at fedoraproject.org (Noriko Hosoi) Date: Thu, 11 Dec 2008 23:33:33 +0000 (UTC) Subject: [Fedora-directory-commits] ldapserver/ldap/servers/plugins/collation collate.c, 1.9, 1.10 Message-ID: <20081211233333.3F29E70123@cvs1.fedora.phx.redhat.com> Author: nhosoi Update of /cvs/dirsec/ldapserver/ldap/servers/plugins/collation In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv26998 Modified Files: collate.c Log Message: Resolves: #430568 Summary: spurious errors logged when specifying default locale Description: As Ulf Weltman pointed out, U_USING_FALLBACK_WARNING is not an error. (So is not U_USING_DEFAULT_WARNING.) When U_USING_FALLBACK_WARNING or U_USING_DEFAULT_WARNING is returned, suppressed printing the error messages. Index: collate.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/plugins/collation/collate.c,v retrieving revision 1.9 retrieving revision 1.10 diff -u -r1.9 -r1.10 --- collate.c 25 Nov 2008 16:15:09 -0000 1.9 +++ collate.c 11 Dec 2008 23:33:30 -0000 1.10 @@ -456,13 +456,15 @@ slapi_ch_calloc (1, sizeof (collation_indexer_t)); ix = (indexer_t*) slapi_ch_calloc (1, sizeof (indexer_t)); ucol_setAttribute (coll, UCOL_STRENGTH, profile->strength, &err); - if (err != U_ZERO_ERROR) { + if (err != U_ZERO_ERROR && err != U_USING_FALLBACK_WARNING + && (err != U_USING_DEFAULT_WARNING || !is_default)) { LDAPDebug (LDAP_DEBUG_ANY, "collation_indexer_create: could not " "set the collator strength for oid %s to %d: err %d\n", oid, profile->strength, err); } ucol_setAttribute (coll, UCOL_DECOMPOSITION_MODE, profile->decomposition, &err); - if (err != U_ZERO_ERROR) { + if (err != U_ZERO_ERROR && err != U_USING_FALLBACK_WARNING + && (err != U_USING_DEFAULT_WARNING || !is_default)) { LDAPDebug (LDAP_DEBUG_ANY, "collation_indexer_create: could not " "set the collator decomposition mode for oid %s to %d: err %d\n", oid, profile->decomposition, err); From nhosoi at fedoraproject.org Fri Dec 12 01:21:56 2008 From: nhosoi at fedoraproject.org (Noriko Hosoi) Date: Fri, 12 Dec 2008 01:21:56 +0000 (UTC) Subject: [Fedora-directory-commits] ldapserver/ldap/servers/slapd/back-ldbm filterindex.c, 1.7, 1.8 Message-ID: <20081212012156.7C29E70127@cvs1.fedora.phx.redhat.com> Author: nhosoi Update of /cvs/dirsec/ldapserver/ldap/servers/slapd/back-ldbm In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv12405/back-ldbm Modified Files: filterindex.c Log Message: Resolves: #475899 Summary: extensible filter having range operation crashes the server (comment#7) Description: As Rich suggested, set the pb->pb_op to glob_pb->pb_op to catch the abandon request in case the underlying operation is interrupted. Index: filterindex.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/back-ldbm/filterindex.c,v retrieving revision 1.7 retrieving revision 1.8 diff -u -r1.7 -r1.8 --- filterindex.c 5 Dec 2008 21:03:52 -0000 1.7 +++ filterindex.c 12 Dec 2008 01:21:53 -0000 1.8 @@ -335,7 +335,7 @@ { char *type; IDList *idl; - int unindexed = 0; + int unindexed = 0; LDAPDebug( LDAP_DEBUG_TRACE, "=> presence_candidates\n", 0, 0, 0 ); @@ -379,6 +379,7 @@ IDList* idl = NULL; Slapi_PBlock* pb = slapi_pblock_new(); int mrOP = 0; + Slapi_Operation *op = NULL; LDAPDebug (LDAP_DEBUG_TRACE, "=> extensible_candidates\n", 0, 0, 0); if ( ! slapi_mr_filter_index (f, pb) && !slapi_pblock_get (pb, SLAPI_PLUGIN_MR_QUERY_OPERATOR, &mrOP)) { @@ -389,13 +390,18 @@ case SLAPI_OP_EQUAL: case SLAPI_OP_GREATER_OR_EQUAL: case SLAPI_OP_GREATER: - { + { IFP mrINDEX = NULL; void* mrOBJECT = NULL; struct berval** mrVALUES = NULL; char* mrOID = NULL; char* mrTYPE = NULL; + /* set the pb->pb_op to glob_pb->pb_op to catch the abandon req. + * in case the operation is interrupted. */ + slapi_pblock_get (glob_pb, SLAPI_OPERATION, &op); + slapi_pblock_set (pb, SLAPI_OPERATION, op); + slapi_pblock_get (pb, SLAPI_PLUGIN_MR_INDEX_FN, &mrINDEX); slapi_pblock_get (pb, SLAPI_PLUGIN_OBJECT, &mrOBJECT); slapi_pblock_get (pb, SLAPI_PLUGIN_MR_VALUES, &mrVALUES); @@ -493,6 +499,8 @@ idl = idl_allids (be); /* all entries are candidates */ } return_idl: + op = NULL; + slapi_pblock_set (pb, SLAPI_OPERATION, op); slapi_pblock_destroy (pb); LDAPDebug (LDAP_DEBUG_TRACE, "<= extensible_candidates %lu\n", (u_long)IDL_NIDS(idl), 0, 0); @@ -746,7 +754,7 @@ if ( (ftype == LDAP_FILTER_AND) && ((idl == NULL) || (idl_length(idl) <= FILTER_TEST_THRESHOLD))) { break; /* We can exit the loop now, since the candidate list is small already */ - } + } } else if ( ftype == LDAP_FILTER_AND ) { if (isnot) { IDList *new_idl = NULL; From rmeggins at fedoraproject.org Fri Dec 12 18:35:40 2008 From: rmeggins at fedoraproject.org (Richard Allen Megginson) Date: Fri, 12 Dec 2008 18:35:40 +0000 (UTC) Subject: [Fedora-directory-commits] directoryconsole/src/com/netscape/admin/dirserv/panel LDBMPluginSettingPanel.java, 1.1.1.1, 1.2 Message-ID: <20081212183540.A8DAA70123@cvs1.fedora.phx.redhat.com> Author: rmeggins Update of /cvs/dirsec/directoryconsole/src/com/netscape/admin/dirserv/panel In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv26442/directoryconsole/src/com/netscape/admin/dirserv/panel Modified Files: LDBMPluginSettingPanel.java Log Message: Resolves: bug 238762 Bug Description: Support "auto" for "Import cache size" in the LDBM Plug-in Settings Reviewed by: nhosoi (Thanks!) Fix Description: Added a check box for "use auto cache size". If this is checked, a value of -1 will be saved for nsslapd-import-cache-autosize which will tell the server to use the default auto cache value. If this is not checked, a value of 0 will be saved which will tell the server to use the number from nsslapd-import-cachesize. If the check box is checked, the import cachesize field will be disabled. Here are a couple of screen shots. https://bugzilla.redhat.com/attachment.cgi?id=326699 https://bugzilla.redhat.com/attachment.cgi?id=326700 Platforms tested: RHEL5 Flag Day: no Doc impact: yes - will have to document the new UI Index: LDBMPluginSettingPanel.java =================================================================== RCS file: /cvs/dirsec/directoryconsole/src/com/netscape/admin/dirserv/panel/LDBMPluginSettingPanel.java,v retrieving revision 1.1.1.1 retrieving revision 1.2 diff -u -r1.1.1.1 -r1.2 --- LDBMPluginSettingPanel.java 18 Jul 2005 00:55:58 -0000 1.1.1.1 +++ LDBMPluginSettingPanel.java 12 Dec 2008 18:35:38 -0000 1.2 @@ -20,6 +20,8 @@ package com.netscape.admin.dirserv.panel; import java.awt.*; +import java.awt.event.ActionEvent; + import javax.swing.*; import javax.swing.border.*; import com.netscape.admin.dirserv.*; @@ -37,7 +39,7 @@ */ public class LDBMPluginSettingPanel extends BlankPanel { - public LDBMPluginSettingPanel(IDSModel model, String dnEntry) { + public LDBMPluginSettingPanel(IDSModel model, String dnEntry) { super(model, "pldbmsetting",true); _helpToken = "configuration-database-plugin-setting-help"; _dnEntry = dnEntry; @@ -75,6 +77,10 @@ _lRootDatabaseLoc = makeJLabel(_section,"RootDatabaseLoc"); _lRootDatabaseLoc.setLabelFor(_tfRootDatabaseLoc); + /* add check box for autocache size */ + _cbAutoCacheSize = makeJCheckBox(_section,"autoCacheSize", false); + + /* import cache size field */ _tfImportCacheSize = makeJTextField(_section,"importCacheSize"); _lImportCacheSize = makeJLabel( _section,"importCacheSize" ); _lImportCacheSize.setLabelFor(_tfImportCacheSize); @@ -110,6 +116,10 @@ _lRootDatabaseLoc, false, isLocal()); entries.add(_dnEntry, DB_FILE_LOC_ATTR_NAME, fileEntry); setComponentTable(_tfRootDatabaseLoc, fileEntry); + + DSEntryBoolean autoDSEntry = new DSEntryBoolean(null, _cbAutoCacheSize, "-1", "0"); + entries.add(_dnEntry, IMPORT_AUTO_CACHE_SIZE_ATTR_NAME, autoDSEntry); + setComponentTable(_cbAutoCacheSize, autoDSEntry); DSEntryLong importsizeDSEntry = new DSEntryLong(null, _tfImportCacheSize, _lImportCacheSize, @@ -125,12 +135,38 @@ addEntryField( panel, _lMaxCacheSize, _tfMaxCacheSize, lMaxCacheSizeUnit ); addEntryField( panel, _lLookLimit, _tfLookLimit, lLookLimitUnit ); addEntryField( panel, _lModeFile, _tfModeFile, lModeFileUnit ); + addEntryField( panel, new JLabel(""), _cbAutoCacheSize, new JLabel("") ); addEntryField( panel, _lImportCacheSize, _tfImportCacheSize, lImportCacheSizeUnit); addBottomGlue(); _isInitialized = true; } - + + private void enableCacheSize() { + boolean enabled = !_cbAutoCacheSize.isSelected(); + _tfImportCacheSize.setEnabled(enabled); + _lImportCacheSize.setEnabled(enabled); + } + /* (non-Javadoc) + * @see com.netscape.admin.dirserv.panel.BlankPanel#refresh() + */ + public boolean refresh() { + // TODO Auto-generated method stub + boolean status = super.refresh(); + enableCacheSize(); + return status; + } + + /* (non-Javadoc) + * @see com.netscape.admin.dirserv.panel.BlankPanel#actionPerformed(java.awt.event.ActionEvent) + */ + public void actionPerformed(ActionEvent e) { + if (e.getSource().equals(_cbAutoCacheSize)) { + enableCacheSize(); + } + super.actionPerformed(e); + } + private JTextField _tfMaxCacheSize; private JLabel _lMaxCacheSize; @@ -142,6 +178,8 @@ private JTextField _tfRootDatabaseLoc; private JLabel _lRootDatabaseLoc; + + private JCheckBox _cbAutoCacheSize; private JTextField _tfImportCacheSize; private JLabel _lImportCacheSize; @@ -156,6 +194,8 @@ "nsslapd-directory"; private static final String DB_IMPORT__CACHE_SIZE_ATTR_NAM = "nsslapd-import-cachesize"; + private static final String IMPORT_AUTO_CACHE_SIZE_ATTR_NAME = + "nsslapd-import-cache-autosize"; private static final long LIMIT_MIN_VAL = -1; private static final long LIMIT_MAX_VAL = Long.MAX_VALUE; private static final long CACHE_SIZE_NUM_MIN_VAL = 500000; From rmeggins at fedoraproject.org Fri Dec 12 18:35:40 2008 From: rmeggins at fedoraproject.org (Richard Allen Megginson) Date: Fri, 12 Dec 2008 18:35:40 +0000 (UTC) Subject: [Fedora-directory-commits] directoryconsole/src/com/netscape/admin/dirserv dirserv.properties, 1.9, 1.10 Message-ID: <20081212183540.9DAF07012D@cvs1.fedora.phx.redhat.com> Author: rmeggins Update of /cvs/dirsec/directoryconsole/src/com/netscape/admin/dirserv In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv26442/directoryconsole/src/com/netscape/admin/dirserv Modified Files: dirserv.properties Log Message: Resolves: bug 238762 Bug Description: Support "auto" for "Import cache size" in the LDBM Plug-in Settings Reviewed by: nhosoi (Thanks!) Fix Description: Added a check box for "use auto cache size". If this is checked, a value of -1 will be saved for nsslapd-import-cache-autosize which will tell the server to use the default auto cache value. If this is not checked, a value of 0 will be saved which will tell the server to use the number from nsslapd-import-cachesize. If the check box is checked, the import cachesize field will be disabled. Here are a couple of screen shots. https://bugzilla.redhat.com/attachment.cgi?id=326699 https://bugzilla.redhat.com/attachment.cgi?id=326700 Platforms tested: RHEL5 Flag Day: no Doc impact: yes - will have to document the new UI Index: dirserv.properties =================================================================== RCS file: /cvs/dirsec/directoryconsole/src/com/netscape/admin/dirserv/dirserv.properties,v retrieving revision 1.9 retrieving revision 1.10 diff -u -r1.9 -r1.10 --- dirserv.properties 2 Dec 2008 15:27:37 -0000 1.9 +++ dirserv.properties 12 Dec 2008 18:35:37 -0000 1.10 @@ -1488,6 +1488,8 @@ pldbmsetting-importCacheSize-ttip= Size of cache used for import pldbmsetting-importCacheSize-unit-label=bytes pldbmsetting-importCacheSize-columns=15 +pldbmsetting-autoCacheSize-label=Use Import Cache Auto-Size +pldbmsetting-autoCacheSize-ttip=If import cache auto-size is used, the server will automatically figure out the optimal amount of memory to use # From nkinder at fedoraproject.org Fri Dec 12 19:45:07 2008 From: nkinder at fedoraproject.org (Nathan Kinder) Date: Fri, 12 Dec 2008 19:45:07 +0000 (UTC) Subject: [Fedora-directory-commits] mod_admserv mod_admserv.c,1.36,1.37 Message-ID: <20081212194507.6FBB970123@cvs1.fedora.phx.redhat.com> Author: nkinder Update of /cvs/dirsec/mod_admserv In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv5402 Modified Files: mod_admserv.c Log Message: Resolves: 215788 Summary: Fixed copyright block. Index: mod_admserv.c =================================================================== RCS file: /cvs/dirsec/mod_admserv/mod_admserv.c,v retrieving revision 1.36 retrieving revision 1.37 diff -u -r1.36 -r1.37 --- mod_admserv.c 9 Dec 2008 15:23:46 -0000 1.36 +++ mod_admserv.c 12 Dec 2008 19:45:05 -0000 1.37 @@ -1,4 +1,7 @@ -/* Copyright 2002-2004 The Apache Software Foundation +/** BEGIN COPYRIGHT BLOCK + * + * Copyright (C) 2005 Red Hat, Inc. + * All rights reserved. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -11,8 +14,8 @@ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. - */ - + * + * END COPYRIGHT BLOCK **/ /* * mod_admserv.c: Provides communication link between Console and Directory. * From nkinder at fedoraproject.org Fri Dec 12 20:36:02 2008 From: nkinder at fedoraproject.org (Nathan Kinder) Date: Fri, 12 Dec 2008 20:36:02 +0000 (UTC) Subject: [Fedora-directory-commits] ldapserver/ldap/admin/src/scripts repl-monitor.pl.in, NONE, 1.1 repl-monitor.pl, 1.2, NONE Message-ID: <20081212203602.85C3570124@cvs1.fedora.phx.redhat.com> Author: nkinder Update of /cvs/dirsec/ldapserver/ldap/admin/src/scripts In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv14514 Added Files: repl-monitor.pl.in Removed Files: repl-monitor.pl Log Message: Resolves: 250535 Summary: Make repl-monitor.pl a template to pass in correct perl environment. --- NEW FILE repl-monitor.pl.in --- #!@perlexec@ # BEGIN COPYRIGHT BLOCK # This Program is free software; you can redistribute it and/or modify it under # the terms of the GNU General Public License as published by the Free Software # Foundation; version 2 of the License. # # This Program is distributed in the hope that it will be useful, but WITHOUT # ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS # FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. # # You should have received a copy of the GNU General Public License along with # this Program; if not, write to the Free Software Foundation, Inc., 59 Temple # Place, Suite 330, Boston, MA 02111-1307 USA. # # In addition, as a special exception, Red Hat, Inc. gives You the additional # right to link the code of this Program with code not covered under the GNU # General Public License ("Non-GPL Code") and to distribute linked combinations # including the two, subject to the limitations in this paragraph. Non-GPL Code # permitted under this exception must only link to the code of this Program # through those well defined interfaces identified in the file named EXCEPTION # found in the source code files (the "Approved Interfaces"). The files of # Non-GPL Code may instantiate templates or use macros or inline functions from # the Approved Interfaces without causing the resulting work to be covered by # the GNU General Public License. Only Red Hat, Inc. may make changes or # additions to the list of Approved Interfaces. You must obey the GNU General # Public License in all respects for all of the Program code and other code used # in conjunction with the Program except the Non-GPL Code covered by this # exception. If you modify this file, you may extend this exception to your # version of the file, but you are not obligated to do so. If you do not wish to # provide this exception without modification, you must delete this exception # statement from your version and license this file solely under the GPL without # exception. # # # Copyright (C) 2001 Sun Microsystems, Inc. Used by permission. # Copyright (C) 2007 Red Hat, Inc. # All rights reserved. # END COPYRIGHT BLOCK ############################################################################## # # FILE: repl-monitor.pl # # SYNOPSIS: # repl-monitor.pl -f configuration-file [-h host] [-p port] [-r] # [-u refresh-url] [-t refresh-interval] # # repl-monitor.pl -v # # DESCRIPTION: # Given an LDAP replication "supplier" server, crawl over all the ldap # servers via direct or indirect replication agreements. # For each master replica discovered, display the maxcsn of the master # and the replication status of all its lower level replicas. # All output is in HTML. # # OPTIONS: # -f configuration-file # The configuration file contains the sections for the connection # parameters, the server alias, and the thresholds for different colors # when display the time lags between consumers and master. # If the Admin Server is running on Windows, the configuration-file # name may have format "D:/opt/replmon.conf". # # The connection parameter section consists of the section name # followed by one of more connection parameter entries: # # [connection] # host:port:binddn:bindpwd:bindcert # host:port=shadowport:binddn:bindpwd:bindcert # ... # # where host:port default (*:*) to that in a replication agreement, # binddn default (*) to "cn=Directory Manager", and bindcert is the # pathname of cert db if you want the script to connect to the server # via SSL. If bindcert is omitted, the connection will be simple # bind. # "port=shadowport" means to use shadowport instead of port if port # is specified in the replication agreement. This is useful when # for example, ssl port is specified in a replication agreement, # but you can't access the cert db from the machine where this # script is running. So you could let the script to map the ssl # port to a non-ssl port and use the simple bind. # # A server may have a dedicated or a share entry in the connection # section. The script will find out the most matched entry for a given # server. For example, if all the ldap servers except host1 share the # same binddn and bindpassword, the connection section then just need # two entries: # # [connection] # *:*:binddn:bindpassword: # host1:*:binddn:bindpassword: # # If a host:port is assigned an alias, then the alias instead of # host:port will be displayed in The output file. Each host:port # can have only one alias. But each alias may be used by more than # one host:port. # # [alias] # alias = host:port # ... # # CSN time lags between masters and consumers might be displayed in # different colors based on their range. The thresholds for different # colors may be specified in color section: # # [color] # lowmark (in minutes) = color # ... # # If the color section or color entry is missing, the default color # set is: green for [0-5) minutes lag, yellow [5-60), and red 60 and more. # # -h host # Initial replication supplier's host. Default to the current host. # # -p port # Initial replication supplier's port. Default to 389. # # -r If specified, -r causes the routine to be entered without printing # HTML header information. This is suitable when making multiple calls # to this routine (e.g. when specifying multiple, different, "unrelated" # supplier servers) and expecting a single HTML output. # # -t refresh-interval # Specify the refresh interval in seconds. This option has to be # jointly used with option -u. # # -u refresh-url # The output HTML file may invoke a CGI program periodically. If # this CGI program in turn calls this script, the effect is that # the output HTML file would automatically refresh itself. This # is useful for continuing monitoring. See also option -t. # # -v Print out the version of this script # # DIAGNOSTICS: # There are several ways to invoke this script if you got error # "Can't locate Mozilla/LDAP/Conn.pm in @INC", or # "usage: Undefined variable": # # 0. Prerequisite: NSPR, NSS, Mozilla LDAP C SDK, PerLDAP # # 1. Run this perl script via repl-monitor, which sets up LD_LIBRARY_PATH # $ repl-monitor # # 2. If 1 does not work, try invoking this script as follows. # Assuming contains Mozilla/LDAP: # perl -I repl-monitor.pl # ############################################################################# # enable the use of our bundled perldap with our bundled ldapsdk libraries # all of this nonsense can be omitted if the mozldapsdk and perldap are # installed in the operating system locations (e.g. /usr/lib /usr/lib/perl5) # this script is always invoked by repl-monitor-cgi.pl, which sets all of these # If using this script standalone, be sure to set the shared lib path and # the path to the perldap modules. use lib qw(@perlpath@); $usage = "\nusage: $0 -f configuration-file [-h host] [-p port] [-r] [-u refresh-url] [-t refresh-interval]\n\nor : $0 -v\n"; use Getopt::Std; # parse command line arguments use Mozilla::LDAP::Conn; # LDAP module for Perl use Mozilla::LDAP::Utils qw(normalizeDN); # LULU, utilities. use Mozilla::LDAP::API qw(:api :ssl :apiv3 :constant); # Direct access to C API use Time::Local; # to convert GMT Z strings to localtime # # Global variables # $product = "Directory Server Replication Monitor"; $version = "Version 1.0"; # # ldap servers given or discovered from the replication agreements: # @servers = (host:port=shadowport:binddn:password:cert_db) # # entries read from the connection section of the configuration file: # @allconnections = (host:port=shadowport:binddn:password:cert_db) # # aliases of ldap servers read from the configuration file: # %allaliases{$host:$port}= (alias) # # replicas discovered on all ldap servers # @allreplicas = (server#:replicaroot:replicatype:serverid:replicadn) # # ruvs retrieved from all replicas # @allruvs{replica#:masterid} = (rawcsn:decimalcsn;mon/day/year hh:mi:ss) # # agreements discovered on all ldap supplier servers: # @allagreements = (supplier_replica#:consumer#:conntype:schedule:status) # the array may take another format after the consumer replicas are located: # @allagreements = (supplier_replica#:consumer_replica#:conntype:schedule:status) # #main { # turn off buffered I/O $| = 1; # Check for legal options if (!getopts('h:p:f:ru:t:v')) { print $usage; exit -1; } if ($opt_v) { print "$product - $version\n"; exit; } $interval = $opt_t; $interval = 300 if ( !$interval || $interval <= 0 ); # Get current date/time $nowraw = localtime(); ($wday, $mm, $dd, $tt, $yy) = split(/ /, $nowraw); $now = "$wday $mm $dd $yy $tt"; # if no -r (Reenter and skip html header), print html header if (!$opt_r) { # print the HTML header &print_html_header; } else { # print separator for new replication set print "


\n"; } exit -1 if &validateArgs < 0; exit if &read_cfg_file ($opt_f) < 0; # Start with the given host and port # The index names in %ld are defined in Mozilla::LDAP::Utils::ldapArgs() &add_server ("$ld{host}:$ld{port}:$ld{bind}:$ld{pswd}:$ld{cert}"); $serveridx = 0; while ($serveridx <= $#servers) { if (&get_replicas ($serveridx) != 0 && $serveridx == 0) { my ($host, $port, $binddn) = split (/:/, $servers[0]); print("Login to $host:$port as \"$binddn\" failed\n"); exit; } $serveridx++; } &find_consumer_replicas; &process_suppliers; # All done! - well, for the current invokation only # print "\n"; exit; } sub validateArgs { my ($rc) = 0; %ld = Mozilla::LDAP::Utils::ldapArgs(); if (!$opt_v && !$opt_f) { print "

Error: Missing configuration file.\n"; print "

If you need help on the configuration file, Please go back and click the Help button.\n"; #print $usage; # Don't show usage in CGI $rc = -1; } elsif (!$opt_h) { chop ($ld{"host"} = `hostname`); } return $rc; } sub read_cfg_file { my ($fn) = @_; unless (open(CFGFILEHANDLE, $fn)) { print "

Error: Can't open \"$fn\": $!.\n"; print "

If you need help on the configuration file, Please go back and click the Help button.\n"; return -1; } $section = 0; while () { next if (/^\s*\#/ || /^\s*$/); chop ($_); if (m/^\[(.*)\]/) { $section = $1; } else { if ( $section =~ /conn/i ) { push (@allconnections, $_); } elsif ( $section =~ /alias/i ) { m/^\s*(\S.*)\s*=\s*(\S+)/; $allaliases {$2} = $1; } elsif ( $section =~ /color/i ) { m/^\s*(-?\d+)\s*=\s*(\S+)/; $allcolors {$1} = $2; } } } if ( ! keys (%allcolors) ) { $allcolors {0} = "#ccffcc"; #apple green $allcolors {5} = "#ffffcc"; #cream yellow $allcolors {60} = "#ffcccc"; #pale pink } @colorkeys = sort (keys (%allcolors)); close (CFGFILEHANDLE); return 0; } sub get_replicas { my ($serveridx) = @_; my ($conn, $host, $port, $shadowport, $binddn, $bindpwd, $bindcert); my ($others); my ($replica, $replicadn); my ($ruv, $replicaroot, $replicatype, $serverid, $masterid, $maxcsn); my ($type, $flag, $i); my ($myridx, $ridx, $cidx); # # Bind to the server # ($host, $port, $binddn, $bindpwd, $bindcert) = split (/:/, "$servers[$serveridx]", 5); ($port, $shadowport) = split (/=/, $port); $shadowport = $port if !$shadowport; $conn = new Mozilla::LDAP::Conn ($host, $shadowport, "$binddn", $bindpwd, $bindcert); return -1 if (!$conn); # # Get all the replica on the server # $myridx = $#allreplicas + 1; $replica = $conn->search ("cn=mapping tree,cn=config", "sub", "(objectClass=nsDS5Replica)", 0, qw(nsDS5ReplicaRoot nsDS5ReplicaType nsDS5Flags nsDS5ReplicaId)); while ($replica) { $replicadn = $replica->getDN; $replicaroot = normalizeDN ($replica->{nsDS5ReplicaRoot}[0]); $type = $replica->{nsDS5ReplicaType}[0]; $flag = $replica->{nsDS5Flags}[0]; $serverid = $replica->{nsDS5ReplicaId}[0]; # flag = 0: change log is not created # type = 2: read only replica # type = 3: updatable replica $replicatype = $flag == 0 ? "consumer" : ($type == 2 ? "hub" : "master"); push (@allreplicas, "$serveridx:$replicaroot:$replicatype:$serverid:$replicadn"); $replica = $conn->nextEntry (); } # # Get ruv for each replica # for ($ridx = $myridx; $ridx <= $#allreplicas; $ridx++) { $replicaroot = $1 if ($allreplicas[$ridx] =~ /^\d+:([^:]*)/); # do a one level search with nsuniqueid in the filter - this will force the use of the # nsuniqueid index instead of the entry dn index, which seems to be unreliable in # heavily loaded servers $ruv = $conn->search($replicaroot, "one", "(&(nsuniqueid=ffffffff-ffffffff-ffffffff-ffffffff)(objectClass=nsTombstone))", 0, qw(nsds50ruv nsruvReplicaLastModified)); next if !$ruv; # this should be an error case . . . for ($ruv->getValues('nsds50ruv')) { if (m/\{replica\s+(\d+).+?\}\s*\S+\s*(\S+)/i) { $masterid = $1; $maxcsn = &to_decimal_csn ($2); $allruvs {"$ridx:$masterid"} = "$2:$maxcsn"; } } for ($ruv->getValues('nsruvReplicaLastModified')) { if (m/\{replica\s+(\d+).+?\}\s*(\S+)/i) { $masterid = $1; $lastmodifiedat = hex($2); my ($sec, $min, $hour, $mday, $mon, $year) = localtime ($lastmodifiedat); $mon++; $year += 1900; $hour = "0".$hour if ($hour < 10); $min = "0".$min if ($min < 10); $sec = "0".$sec if ($sec < 10); $allruvs {"$ridx:$masterid"} .= ";$mon/$mday/$year $hour:$min:$sec"; } } } # # Get all agreements for each supplier replica # for ($ridx = $myridx; $ridx <= $#allreplicas; $ridx++) { $_ = $allreplicas[$ridx]; # Skip consumers next if m/:consumer:/i; m/:([^:]*)$/; $replicadn = $1; my @attrlist = qw(cn nsds5BeginReplicaRefresh nsds5replicaUpdateInProgress nsds5ReplicaLastInitStatus nsds5ReplicaLastInitStart nsds5ReplicaLastInitEnd nsds5replicaReapActive nsds5replicaLastUpdateStart nsds5replicaLastUpdateEnd nsds5replicaChangesSentSinceStartup nsds5replicaLastUpdateStatus nsds5ReplicaHost nsds5ReplicaPort nsDS5ReplicaBindMethod nsds5ReplicaUpdateSchedule); $agreement = $conn->search("$replicadn", "sub", "(objectClass=nsDS5ReplicationAgreement)", 0, @attrlist); while ($agreement) { my %agmt = (); # Push consumer to server stack if we have not already $host = ($agreement->getValues('nsDS5ReplicaHost'))[0]; $port = ($agreement->getValues('nsDS5ReplicaPort'))[0]; $cidx = &add_server ("$host:$port"); for (@attrlist) { $agmt{$_} = ($agreement->getValues($_))[0]; } if ($agmt{nsDS5ReplicaBindMethod} =~ /simple/i) { $agmt{nsDS5ReplicaBindMethod} = 'n'; } if (!$agmt{nsds5ReplicaUpdateSchedule} || ($agmt{nsds5ReplicaUpdateSchedule} eq '0000-2359 0123456') || ($agmt{nsds5ReplicaUpdateSchedule} eq '*') || ($agmt{nsds5ReplicaUpdateSchedule} eq '* *')) { $agmt{nsds5ReplicaUpdateSchedule} = 'always in sync'; } $agmt{ridx} = $ridx; $agmt{cidx} = $cidx; push @allagreements, \%agmt; $agreement = $conn->nextEntry (); } } $conn->close; return 0; } # # Initially, the agreements have consumer host:port info instead of # replica info. This routine will find the consumer replica info # sub find_consumer_replicas { my ($m_ridx); # index of master's replica my ($s_ridx); # index of supplier's replica my ($c_ridx); # index of consumer's replica my ($c_sidx); # index of consumer server my ($remainder); # my ($s_replicaroot); # supplier replica root my ($c_replicaroot); # consumer replica root my ($j, $val); # # Loop through every agreement defined on the current supplier replica # foreach (@allagreements) { $s_ridx = $_->{ridx}; $c_sidx = $_->{cidx}; $s_replicaroot = $1 if ($allreplicas[$s_ridx] =~ /^\d+:([^:]*)/); $c_replicaroot = ""; # $c_ridx will be assigned to -$c_sidx # if the condumer is not accessible # $c_sidx will not be zero since it's # not the first server. $c_ridx = -$c_sidx; # $c_sidx will not be zero # Loop through consumer's replicas and find # the counter part for the current supplier # replica for ($j = 0; $j <= $#allreplicas; $j++) { # Get a replica on consumer # I'm not sure what's going on here, but possibly could be made # much simpler with normalizeDN and/or ldap_explode_dn if ($allreplicas[$j] =~ /^$c_sidx:([^:]*)/) { $val = $1; # We need to find out the consumer # replica that matches the supplier # replicaroot most. if ($s_replicaroot =~ /^.*$val$/i && length ($val) >= length ($c_replicaroot)) { $c_ridx = $j; # Avoid case-sensitive comparison last if (length($s_replicaroot) == length($val)); $c_replicaroot = $val; } } } $_->{ridx} = $s_ridx; $_->{cidx} = $c_ridx; } } sub process_suppliers { my ($ridx, $mid, $maxcsn); $mid = ""; $last_sidx = -1; # global variable for print html page for ($ridx = 0; $ridx <= $#allreplicas; $ridx++) { # Skip consumers and hubs next if $allreplicas[$ridx] !~ /:master:(\d+):/i; $mid = $1; # Skip replicas without agreements defined yet next if (! grep {$_->{ridx} == $ridx} @allagreements); $maxcsn = &print_master_header ($ridx, $mid); if ( "$maxcsn" != "none" ) { &print_consumer_header (); &print_consumers ($ridx, $mid); } &print_supplier_end; } if ($mid eq "") { print "

The server is not a master or it has no replication agreement\n"; } } sub print_master_header { my ($ridx, $mid) = @_; my ($myruv) = $allruvs {"$ridx:$mid"}; my ($maxcsnval) = split ( /;/, "$myruv" ); my ($maxcsn) = &to_string_csn ($maxcsnval); my ($sidx, $replicaroot, $replicatype, $serverid) = split (/:/, $allreplicas[$ridx]); # Print the master name if ( $last_sidx != $sidx ) { my ($ldapurl) = &get_ldap_url ($sidx, $sidx); &print_legend if ( $last_sidx < 0); print "

\n"; print "\n

\n"; print "Master:  $ldapurl
\n"; $last_sidx = $sidx; } # Print the current replica info onthe master print "\n

\n"; print "\n\n"; print "\n"; print "\n"; print "\n"; print "\n"; print "\n"; print "\n"; print "\n"; print "\n"; print "\n"; print "\n"; print "\n"; print "\n"; } sub print_consumers { my ($m_ridx, $mid) = @_; my ($ignore, $m_replicaroot) = split (/:/, $allreplicas[$m_ridx]); my (@consumers, @ouragreements, @myagreements); my ($s_ridx, $c_ridx, $conntype, $schedule, $status); my ($c_maxcsn_str, $lag, $markcolor); my ($c_replicaroot, $c_replicatype); my ($first_entry); my ($nrows); my ($found); undef @ouragreements; # Collect all the consumer replicas for the current master replica push (@consumers, $m_ridx); foreach (@consumers) { $s_ridx = $_; for (@allagreements) { next if ($_->{ridx} != $s_ridx); $c_ridx = $_->{cidx}; next if $c_ridx == $m_ridx; push @ouragreements, $_; $found = 0; foreach (@consumers) { if ($_ == $c_ridx) { $found = 1; last; } } push (@consumers, $c_ridx) if !$found; } } # Print each consumer replica my ($myruv) = $allruvs {"$m_ridx:$mid"}; my ($m_maxcsn) = split ( /;/, "$myruv" ); foreach (@consumers) { $c_ridx = $_; next if $c_ridx == $m_ridx; if ($c_ridx >= 0) { $myruv = $allruvs {"$c_ridx:$mid"}; ($c_maxcsn, $c_lastmodified) = split ( /;/, "$myruv" ); ($c_maxcsn_str, $lag, $markcolor) = &cacl_time_lag ($m_maxcsn, $c_maxcsn); $c_maxcsn_str =~ s/ /\/; ($c_sidx, $c_replicaroot, $c_replicatype) = split (/:/, $allreplicas[$c_ridx]); $c_replicaroot = "same as master" if $m_replicaroot eq $c_replicaroot; } else { # $c_ridx is actually -$c_sidx when c is not available $c_sidx = -$c_ridx; $c_maxcsn_str = "_"; $lag = "n/a"; $markcolor = red; $c_replicaroot = "_"; $c_replicatype = "_"; } $nrows = 0; foreach (@ouragreements) { next if ($_->{cidx} != $c_ridx); $nrows++; } $first_entry = 1; foreach (@ouragreements) { next if ($_->{cidx} != $c_ridx); $s_ridx = $_->{ridx}; $conntype = $_->{nsDS5ReplicaBindMethod}; $status = $_->{nsds5replicaLastUpdateStatus}; $schedule = $_->{nsds5ReplicaUpdateSchedule}; $s_sidx = $1 if $allreplicas [$s_ridx] =~ /^(\d+):/; $s_ldapurl = &get_ldap_url ($s_sidx, "n/a"); # Print out the consumer's replica and ruvs print "\n\n"; if ($first_entry) { $first_entry = 0; $c_ldapurl = &get_ldap_url ($c_sidx, $conntype); print "\n"; print "\n"; print "\n"; print "\n"; } print "\n"; my $changecount = $_->{nsds5replicaChangesSentSinceStartup}; if ( $changecount =~ /^$mid:(\d+)\/(\d+) / || $changecount =~ / $mid:(\d+)\/(\d+) / ) { $changecount = "$1 / $2"; } elsif ( $changecount =~ /^(\d+)$/ ) { $changecount = $changecount . " / " . "$_->{nsds5replicaChangesSkippedSinceStartup}"; } else { $changecount = "0 / 0"; } print "\n"; my $redfontstart = ""; my $redfontend = ""; if ($status =~ /error/i) { $redfontstart = ""; $redfontend = ""; } elsif ($status =~ /^(\d+) /) { if ( $1 != 0 ) { # warning $redfontstart = ""; $redfontend = ""; } } print "\n"; print "\n"; print "\n"; if ( $schedule =~ /always/i ) { print "\n"; } else { my ($ndays, @days); $schedule =~ /(\d\d)(\d\d)-(\d\d)(\d\d) (\d+)/; print "\n"; $ndays = $5; $ndays =~ s/(\d)/$1,/g; @days = (Sun,Mon,Tue,Wed,Thu,Fri,Sat)[eval $ndays]; print "\n"; } print "\n"; } } } sub cacl_time_lag { my ($s_maxcsn, $c_maxcsn) = @_; my ($markcolor); my ($csn_str); my ($s_tm, $c_tm, $lag_tm, $lag_str, $hours, $minute); $csn_str = &to_string_csn ($c_maxcsn); if ($s_maxcsn && !$c_maxcsn) { $lag_str = "- ?:??:??"; $markcolor = &get_color (36000); # assume consumer has big latency } elsif (!$s_maxcsn && $c_maxcsn) { $lag_str = "+ ?:??:??"; $markcolor = &get_color (1); # consumer is ahead of supplier } elsif ($s_maxcsn le $c_maxcsn) { $lag_str = "0:00:00"; $markcolor = &get_color (0); } else { my ($rawcsn, $decimalcsn) = split (/:/, $s_maxcsn); ($s_tm) = split(/ /, $decimalcsn); ($rawcsn, $decimalcsn) = split (/:/, $c_maxcsn); ($c_tm) = split(/ /, $decimalcsn); if ($s_tm > $c_tm) { $lag_tm = $s_tm - $c_tm; $lag_str = "- "; $markcolor = &get_color ($lag_tm); } else { $lag_tm = $c_tm - $s_tm; $lag_str = "+ "; $markcolor = $allcolors{ $colorkeys[0] }; # no delay } $hours = int ($lag_tm / 3600); $lag_str .= "$hours:"; $lag_tm = $lag_tm % 3600; $minutes = int ($lag_tm / 60); $minutes = "0".$minutes if ($minutes < 10); $lag_str .= "$minutes:"; $lag_tm = $lag_tm % 60; $lag_tm = "0".$lag_tm if ($lag_tm < 10); $lag_str .= "$lag_tm"; } return ($csn_str, $lag_str, $markcolor); } # # The subroutine would append a new entry to the end of # @servers if the host and port are new to @servers. # sub add_server { my ($host, $port, $binddn, $bindpwd, $bindcert) = split (/:/, "@_"); my ($shadowport) = $port; my ($domainpattern) = '\.[^:]+'; my ($i); # Remove the domain name from the host name my ($hostnode) = $host; $hostnode = $1 if $host =~ /^(\w+)\./; # new host:port if ($binddn eq "" || $bindpwd eq "" && $bindcert eq "") { # # Look up connection parameter in the order of # host:port # host:* # *:port # *:* # my (@myconfig, $h, $p, $d, $w, $c); (@myconfig = grep (/^$hostnode($domainpattern)*:$port\D/i, @allconnections)) || (@myconfig = grep (/^$hostnode($domainpattern)*:\*:/i, @allconnections)) || (@myconfig = grep (/^\*:$port\D/, @allconnections)) || (@myconfig = grep (/^\*:\*\D/, @allconnections)); if ($#myconfig >= 0) { ($h, $p, $d, $w, $c) = split (/:/, $myconfig[0]); ($p, $shadowport) = split (/=/, $p); $p = "" if $p eq "*"; $c = "" if $c eq "*"; } if ($binddn eq "" || $binddn eq "*") { if ($d eq "" || $d eq "*") { $binddn = "cn=Directory Manager"; } else { $binddn = $d; } } $bindpwd = $w if ($bindpwd eq "" || $bindpwd eq "*"); $bindcert = $c if ($bindcert eq "" || $bindcert eq "*"); } for ($i = 0; $i <= $#servers; $i++) { return $i if ($servers[$i] =~ /$hostnode($domainpattern)*:\d*=$shadowport\D/i); } if ($shadowport) { push (@servers, "$host:$port=$shadowport:$binddn:$bindpwd:$bindcert"); } else { push (@servers, "$host:$port:$binddn:$bindpwd:$bindcert"); } return $i; } sub get_ldap_url { my ($sidx, $conntype) = @_; my ($host, $port) = split(/:/, $servers[$sidx]); my ($shadowport); ($port, $shadowport) = split (/=/, $port); my ($protocol, $ldapurl); if ($port eq 636 && $conntype eq "0" || $conntype =~ /SSL/i) { $protocol = ldaps; } else { $protocol = ldap; } my ($instance) = $allaliases { "$host:$port" }; $instance = "$host:$port" if !$instance; if ($conntype eq "n/a") { $ldapurl = $instance; } else { $ldapurl = "$instance"; } return $ldapurl; } sub to_decimal_csn { my ($maxcsn) = @_; if (!$maxcsn || $maxcsn eq "") { return "none"; } my ($tm, $seq, $masterid, $subseq) = unpack("a8 a4 a4 a4", $maxcsn); $tm = hex($tm); $seq = hex($seq); $masterid = hex($masterid); $subseq = hex($subseq); return "$tm $seq $masterid $subseq"; } sub to_string_csn { my ($rawcsn, $decimalcsn) = split(/:/, "@_"); if (!$rawcsn || $rawcsn eq "") { return "none"; } my ($tm, $seq, $masterid, $subseq) = split(/ /, $decimalcsn); my ($sec, $min, $hour, $mday, $mon, $year) = localtime($tm); $mon++; $year += 1900; foreach ($sec, $min, $hour, $mday, $mon) { $_ = "0".$_ if ($_ < 10); } my ($csnstr) = "$mon/$mday/$year $hour:$min:$sec"; $csnstr .= " $seq $subseq" if ( $seq != 0 || $subseq != 0 ); return "$rawcsn ($csnstr)"; } sub get_color { my ($lag_minute) = @_; $lag_minute /= 60; my ($color) = $allcolors { $colorkeys[0] }; foreach (@colorkeys) { last if ($lag_minute < $_); $color = $allcolors {$_}; } return $color; } # subroutine to remove escaped encoding sub unescape { #my ($_) = @_; tr/+/ /; s/%(..)/pack("c",hex($1))/ge; $_; } sub print_html_header { # print the HTML header print "Content-type: text/html\n\n"; print "\n"; print "Replication Status\n"; # print "\n"; print "\n\n"; if ($opt_u) { print "\n"; } print "
\n"; print "Replica ID: "; print "$serverid\n"; print "Replica Root: "; print "$replicaroot\n"; print "Max CSN: "; print "$maxcsn\n"; return $maxcsn; } sub print_consumer_header { #Print the header of consumer print "\n
ReceiverTime LagMax CSNLast Modify TimeSupplierSent/SkippedUpdate StatusUpdate StartedUpdate EndedScheduleSSL?
$c_ldapurl
Type: $c_replicatype
$lag
$c_maxcsn_str$c_lastmodified
$s_ldapurl
$changecount$redfontstart$status$redfontend", &format_z_time($_->{nsds5replicaLastUpdateStart}), "", &format_z_time($_->{nsds5replicaLastUpdateEnd}), "$schedule$1:$2-$3:$4@days$conntype
\n"; print "\n"; print "
$now"; print "Directory Server Replication Status\n"; if ($opt_u) { print "
(This page updates every $interval seconds)\n"; } print "		$version"; print "
\n"; } sub print_legend { my ($nlegends) = $#colorkeys + 1; print "\n

Time Lag Legend:

\n"; print "\n\n"; my ($i, $j); for ($i = 0; $i < $nlegends - 1; $i++) { $j = $colorkeys[$i]; print "\n\n"; } $j = $colorkeys[$i]; print "\n\n"; print "\n\n"; print "
within $colorkeys[$i+1] min
over $colorkeys[$i] min
server n/a

\n"; } sub print_supplier_end { print "\n"; } # given a string in generalized time format, convert to ascii time sub format_z_time { my $zstr = shift; return "n/a" if (! $zstr); my ($year, $mon, $day, $hour, $min, $sec) = ($zstr =~ /(\d{4})(\d{2})(\d{2})(\d{2})(\d{2})(\d{2})/); my $time = timegm($sec, $min, $hour, $day, ($mon-1), $year); ($sec, $min, $hour, $day, $mon, $year) = localtime($time); $mon++; $year += 1900; foreach ($sec, $min, $hour, $day, $mon) { $_ = "0".$_ if ($_ < 10); } return "$mon/$day/$year $hour:$min:$sec"; } --- repl-monitor.pl DELETED --- From nhosoi at fedoraproject.org Fri Dec 12 21:09:33 2008 From: nhosoi at fedoraproject.org (Noriko Hosoi) Date: Fri, 12 Dec 2008 21:09:33 +0000 (UTC) Subject: [Fedora-directory-commits] ldapserver/ldap/servers/slapd/back-ldbm dblayer.c, 1.34, 1.35 cache.c, 1.8, 1.9 Message-ID: <20081212210933.9F04970123@cvs1.fedora.phx.redhat.com> Author: nhosoi Update of /cvs/dirsec/ldapserver/ldap/servers/slapd/back-ldbm In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv21242 Modified Files: dblayer.c cache.c Log Message: Resolves: #178248 Summary: db backend entry cache settings field "Memory available for cache" boundaries Fix Description: db_strtoul: check the input string. If the string starts with '-', returning the error ERANGE -- the same error as the larger the upper limit is passed. cache.c: the minimum entry cache size defined in cache.c was 200000, which is different from the info on the Configuration Command File Reference Guide: Valid Range: 500 kilobytes to 4 gigabytes for 32-bit platforms and 500 kilobytes to 2^64-1 for 64-bit platforms Adjusting the define to the doc. Index: dblayer.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/back-ldbm/dblayer.c,v retrieving revision 1.34 retrieving revision 1.35 diff -u -r1.34 -r1.35 --- dblayer.c 20 Nov 2008 17:30:58 -0000 1.34 +++ dblayer.c 12 Dec 2008 21:09:31 -0000 1.35 @@ -3875,10 +3875,20 @@ unsigned long db_strtoul(const char *str, int *err) { - unsigned long val, result, multiplier = 1; + unsigned long val = 0, result, multiplier = 1; char *p; errno = 0; + /* + * manpage of strtoul: Negative values are considered valid input and + * are silently converted to the equivalent unsigned long int value. + */ + /* We don't want to make it happen. */ + for (p = str; p && *p && (*p == ' ' || *p == '\t'); p++) ; + if ('-' == *p) { + if (err) *err = ERANGE; + return val; + } val = strtoul(str, &p, 10); if (errno != 0) { if (err) *err = errno; Index: cache.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/back-ldbm/cache.c,v retrieving revision 1.8 retrieving revision 1.9 diff -u -r1.8 -r1.9 --- cache.c 11 Nov 2008 21:31:41 -0000 1.8 +++ cache.c 12 Dec 2008 21:09:31 -0000 1.9 @@ -50,7 +50,7 @@ #endif /* cache can't get any smaller than this (in bytes) */ -#define MINCACHESIZE (size_t)200000 +#define MINCACHESIZE (size_t)512000 /* don't let hash be smaller than this # of slots */ #define MINHASHSIZE 1024 From nkinder at fedoraproject.org Fri Dec 12 23:38:57 2008 From: nkinder at fedoraproject.org (Nathan Kinder) Date: Fri, 12 Dec 2008 23:38:57 +0000 (UTC) Subject: [Fedora-directory-commits] ldapserver/ldap/servers/slapd snmp_collator.c, 1.18, 1.19 Message-ID: <20081212233857.E3C2E70126@cvs1.fedora.phx.redhat.com> Author: nkinder Update of /cvs/dirsec/ldapserver/ldap/servers/slapd In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv12604/ldap/servers/slapd Modified Files: snmp_collator.c Log Message: Resolves: 437049 Summary: Log error to errors log when we have a problem writing stats file. Index: snmp_collator.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/snmp_collator.c,v retrieving revision 1.18 retrieving revision 1.19 diff -u -r1.18 -r1.19 --- snmp_collator.c 5 Dec 2008 22:41:52 -0000 1.18 +++ snmp_collator.c 12 Dec 2008 23:38:54 -0000 1.19 @@ -440,8 +440,8 @@ { if (err != EEXIST) /* Ignore if file already exists */ { - LDAPDebug( LDAP_DEBUG_ANY, "Failed to open stats file (%s) (error %d).\n", - szStatsFile, err, 0 ); + slapi_log_error(SLAPI_LOG_FATAL, "snmp collator", "Failed to open stats file (%s) " + "(error %d): %s.\n", szStatsFile, err, slapd_system_strerror(err)); exit(1); } } From rmeggins at fedoraproject.org Mon Dec 15 15:59:44 2008 From: rmeggins at fedoraproject.org (Richard Allen Megginson) Date: Mon, 15 Dec 2008 15:59:44 +0000 (UTC) Subject: [Fedora-directory-commits] ldapserver/ldap/servers/plugins/replication windows_protocol_util.c, 1.43, 1.44 Message-ID: <20081215155944.4E7AC7012B@cvs1.fedora.phx.redhat.com> Author: rmeggins Update of /cvs/dirsec/ldapserver/ldap/servers/plugins/replication In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv30518/ldapserver/ldap/servers/plugins/replication Modified Files: windows_protocol_util.c Log Message: Resolves: bug 476127 Bug Description: rhds80 seg fault - pass sync - entry missing userPassword ? Reviewed by: nkinder (Thanks!) Fix Description: The fix is pretty obvious - just make sure we don't deref a NULL. The reason for the NULL is due to a sequence of more than one modify for the userPassword attribute, where one of the mods is a replace with no value or a delete of the attribute. The bug has the details about how to reproduce. One thing I don't know is what client is generating this sequence of operations . . . Platforms tested: RHEL5 Flag Day: no Doc impact: no QA impact: should be covered by regular nightly and manual testing New Tests integrated into TET: none Index: windows_protocol_util.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/plugins/replication/windows_protocol_util.c,v retrieving revision 1.43 retrieving revision 1.44 diff -u -r1.43 -r1.44 --- windows_protocol_util.c 5 Dec 2008 22:41:52 -0000 1.43 +++ windows_protocol_util.c 15 Dec 2008 15:59:41 -0000 1.44 @@ -1812,7 +1812,8 @@ } else { /* password mods are treated specially */ - if (0 == slapi_attr_type_cmp(attr_type, PSEUDO_ATTR_UNHASHEDUSERPASSWORD, SLAPI_TYPE_CMP_SUBTYPE) ) + if ((0 == slapi_attr_type_cmp(attr_type, PSEUDO_ATTR_UNHASHEDUSERPASSWORD, SLAPI_TYPE_CMP_SUBTYPE)) && + mod && mod->mod_bvalues && mod->mod_bvalues[0] && mod->mod_bvalues[0]->bv_val) { char *password_value = NULL; password_value = mod->mod_bvalues[0]->bv_val; From nkinder at fedoraproject.org Mon Dec 15 17:42:28 2008 From: nkinder at fedoraproject.org (Nathan Kinder) Date: Mon, 15 Dec 2008 17:42:28 +0000 (UTC) Subject: [Fedora-directory-commits] ldapserver/ldap/servers/slapd main.c, 1.28, 1.29 Message-ID: <20081215174228.4C8717012B@cvs1.fedora.phx.redhat.com> Author: nkinder Update of /cvs/dirsec/ldapserver/ldap/servers/slapd In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv24077/ldap/servers/slapd Modified Files: main.c Log Message: Resolves: 430368 Summary: Add check for permissions on nsslapd-rundir at startup. Index: main.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/main.c,v retrieving revision 1.28 retrieving revision 1.29 diff -u -r1.28 -r1.29 --- main.c 4 Dec 2008 00:50:18 -0000 1.28 +++ main.c 15 Dec 2008 17:42:25 -0000 1.29 @@ -978,6 +978,17 @@ exit(1); } + /* Ensure that we can read from and write to our rundir */ + if (access(config_get_rundir(), R_OK | W_OK)) { + LDAPDebug(LDAP_DEBUG_ANY, "Unable to access nsslapd-rundir: %s\n", + slapd_system_strerror(errno), 0, 0); + LDAPDebug(LDAP_DEBUG_ANY, "Ensure that user \"%s\" has read and write " + "permissions on %s\n", + slapdFrontendConfig->localuser, config_get_rundir(), 0); + LDAPDebug(LDAP_DEBUG_ANY, "Shutting down.\n", 0, 0, 0); + exit(1); + } + /* * Detach ourselves from the terminal (unless running in debug mode). * We must detach before we start any threads since detach forks() on From rmeggins at fedoraproject.org Mon Dec 15 20:06:58 2008 From: rmeggins at fedoraproject.org (Richard Allen Megginson) Date: Mon, 15 Dec 2008 20:06:58 +0000 (UTC) Subject: [Fedora-directory-commits] adminserver/admserv/cgi-src40 security.c, 1.18, 1.19 Message-ID: <20081215200659.00AF17012E@cvs1.fedora.phx.redhat.com> Author: rmeggins Update of /cvs/dirsec/adminserver/admserv/cgi-src40 In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv29896/adminserver/admserv/cgi-src40 Modified Files: security.c Log Message: Resolves: bug 426439 Bug Description: Unable to load CRL file for a DS instance - when its placed under /etc/dirsrv/slapd-INSTANCE Reviewed by: nhosoi (Thanks!) Fix Description: The main problem was that it was not using the getSecurityDir function to get the security dir based on the SIE passed in. This function is called in main after getting the SIE. I changed the code to set this value in a static variable that can be used throughout the program. In addition, I found and fixed some other bugs related to CRL handling: 1) The code did not work with ASCII CRLs generated by newer versions of crlutil which use the BEGIN CRL header. I added processing for that header type. 2) The code did not handle date/time in generalized time format. I added code to format the date/time based on the type of date/time stored in the CRL. Platforms tested: RHEL5 Flag Day: no Doc impact: no Index: security.c =================================================================== RCS file: /cvs/dirsec/adminserver/admserv/cgi-src40/security.c,v retrieving revision 1.18 retrieving revision 1.19 diff -u -r1.18 -r1.19 --- security.c 11 Dec 2008 18:06:42 -0000 1.18 +++ security.c 15 Dec 2008 20:06:55 -0000 1.19 @@ -39,6 +39,7 @@ #include "certt.h" #include "key.h" #include "secport.h" +#include "secder.h" #include "plstr.h" #include "prsystem.h" @@ -102,6 +103,8 @@ #define X509CRLFOOTER "-----END X509 CRL-----" #define CRLHEADER "-----BEGIN CERTIFICATE REVOCATION LIST-----\n" #define CRLFOOTER "-----END CERTIFICATE REVOCATION LIST-----\n" +#define NEWCRLHEADER "-----BEGIN CRL-----" +#define NEWCRLFOOTER "-----END CRL-----" /*#else #define HEADER "-----BEGIN CERTIFICATE----\n" #define FOOTER "\n-----END CERTIFICATE-----\n" @@ -113,6 +116,8 @@ CERTCertDBHandle *certdb = NULL; char line[BIG_LINE]; +static char *securitydir; /* based on the sie - security dir for ds or as */ + #define RESOURCE_FILE "security" /* main resource string */ @@ -385,6 +390,28 @@ } } +static char * +formatDateTime(SECItem *timechoice) +{ + PRTime decodedTime = 0; + + /* decode the time into the integral value */ + if (SECSuccess != DER_DecodeTimeChoice(&decodedTime, timechoice)) { + return NULL; + } + switch (timechoice->type) { + case siUTCTime: + return DER_UTCTimeToAscii(timechoice); + break; + case siGeneralizedTime: + return CERT_GenTime2FormattedAscii(decodedTime, "%a %b %d %H:%M:%S %Y"); + break; + default: + return NULL; + } + + return NULL; +} /* * Fingerprint (MD5) for a cert */ @@ -581,13 +608,13 @@ fprintf(stdout, "\t%d\n\t%s\n", trustBit, - processNullString((char*)DER_UTCTimeToAscii(&cert->validity.notAfter))); + processNullString((char*)formatDateTime(&cert->validity.notAfter))); fprintf(stdout, "\t%s\n", processNullString(getMD5Fingerprint(cert))); if (showDetail) { fprintf(stdout, "\t%s\n", - processNullString((char*)DER_UTCTimeToAscii(&cert->validity.notBefore))); + processNullString((char*)formatDateTime(&cert->validity.notBefore))); fprintf(stdout, "\t%s\n", processNullString(Hexify((&cert->serialNumber)))); @@ -732,7 +759,7 @@ if (entry != NULL) { fprintf(stdout, "\t\n", x); fprintf(stdout, "\t\t%s\n", processNullString(Hexify(&entry->serialNumber))); - fprintf(stdout, "\t\t%s\n",DER_UTCTimeToAscii(&entry->revocationDate)); + fprintf(stdout, "\t\t%s\n",formatDateTime(&entry->revocationDate)); fprintf(stdout, "\t\n", x); x++; } else { @@ -743,8 +770,8 @@ } fprintf(stdout, "\t%s\n\t%s\n\t%s\n", - DER_UTCTimeToAscii(&crl->crl.lastUpdate), - DER_UTCTimeToAscii(&crl->crl.nextUpdate), + formatDateTime(&crl->crl.lastUpdate), + formatDateTime(&crl->crl.nextUpdate), list_type==SEC_CRL_TYPE?"CRL":"CKL"); } @@ -1496,13 +1523,12 @@ CERTSignedCrl *signed_crl, *excrl, *crl_rv = NULL; SECItem derCrl; char msg[BIG_LINE]; - char *secdir = util_get_security_dir(); char full_path[PATH_MAX]; int list_type = (type && !PORT_Strcmp(type, "CKL"))? SEC_KRL_TYPE : SEC_CRL_TYPE; if (!filename || !*filename || !util_is_valid_path_string(filename) || - !util_verify_file_or_dir(secdir, PR_FILE_DIRECTORY, filename, -1, PR_FILE_FILE)) { + !util_verify_file_or_dir(securitydir, PR_FILE_DIRECTORY, filename, -1, PR_FILE_FILE)) { /* invalid file */ PR_snprintf(msg, sizeof(msg), getResourceString(DBT_NO_FILE_EXISTS), filename); errorRpt(FILE_ERROR, msg); @@ -1511,7 +1537,7 @@ {/*try open the file*/ FILE *f; - PR_snprintf(full_path, sizeof(full_path), "%s%c%s", secdir, FILE_PATHSEP, filename); + PR_snprintf(full_path, sizeof(full_path), "%s%c%s", securitydir, FILE_PATHSEP, filename); if( !(f = fopen(full_path, "rb")) ) { PR_snprintf(msg, sizeof(msg), getResourceString(DBT_NO_FILE_EXISTS), full_path); @@ -1558,12 +1584,19 @@ if (begin == NULL) { begin = (char*) PORT_Strstr((const char*)ascii, X509CRLHEADER); headerlen = strlen(X509CRLHEADER); + if (begin == NULL) { + begin = (char*) PORT_Strstr((const char*)ascii, NEWCRLHEADER); + headerlen = strlen(NEWCRLHEADER); + } } else { headerlen = strlen(CRLHEADER); } if (end == NULL) { end = (char*) PORT_Strstr((const char*)ascii, X509CRLFOOTER); + if (end == NULL) { + end = (char*) PORT_Strstr((const char*)ascii, NEWCRLFOOTER); + } } if ((begin != NULL) && (end != NULL)) { @@ -1799,7 +1832,6 @@ static void moduleOperation(char* op) { const char *binary = "modutil"; /* PATH and LD_LIBRARY_PATH must already be set correctly */ const char *install_dir = LIBDIR; - const char *database_dir = util_get_security_dir(); char *filename, *filetype, *dllname; char cmd[BIG_LINE]; char msg[BIG_LINE]; @@ -1813,7 +1845,7 @@ } PR_snprintf(cmd, sizeof(cmd), "%s -dbdir %s -force -nocertdb -delete \"%s\" 2>&1", binary, - database_dir, + securitydir, dllname); } else if (!PORT_Strcmp(op, "add")) { @@ -1821,9 +1853,9 @@ filename = getParameter("filename",getResourceString(DBT_MISSING_FILE)); filetype = getParameter("format",getResourceString(DBT_MISSING_FORMAT)); - /* see if filename exists in database_dir (securitydir) */ + /* see if filename exists in securitydir */ if(!util_is_valid_path_string(filename) || - !util_verify_file_or_dir(database_dir, PR_FILE_DIRECTORY, filename, -1, PR_FILE_FILE)) { + !util_verify_file_or_dir(securitydir, PR_FILE_DIRECTORY, filename, -1, PR_FILE_FILE)) { PR_snprintf(msg, sizeof(msg), getResourceString(DBT_NO_FILE_EXISTS), filename); rpt_err(FILE_ERROR, msg, NULL, NULL); } @@ -1848,11 +1880,11 @@ binary, filename, install_dir, - database_dir); + securitydir); else if (!PORT_Strcmp(filetype, "dll")) PR_snprintf(cmd, sizeof(cmd), "%s -dbdir %s -add \"%s\" -libfile %s -force -nocertdb 2>&1", binary, - database_dir, + securitydir, dllname, filename); @@ -1931,7 +1963,6 @@ /* cgi env setup */ int _ai = ADMUTIL_Init(); char * m = getenv("REQUEST_METHOD"); - char *securitydir = NULL; /* looked up via sie */ char msg[BIG_LINE]; AdmldapInfo ldapInfo; /* our config */ int rc = 0; From rmeggins at fedoraproject.org Mon Dec 15 21:04:16 2008 From: rmeggins at fedoraproject.org (Richard Allen Megginson) Date: Mon, 15 Dec 2008 21:04:16 +0000 (UTC) Subject: [Fedora-directory-commits] directoryconsole/src/com/netscape/admin/dirserv/panel/replication ORCTask.java, 1.1.1.1, 1.2 ReplicationAgreement.java, 1.3, 1.4 Message-ID: <20081215210416.10EAB7012B@cvs1.fedora.phx.redhat.com> Author: rmeggins Update of /cvs/dirsec/directoryconsole/src/com/netscape/admin/dirserv/panel/replication In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv17612/directoryconsole/src/com/netscape/admin/dirserv/panel/replication Modified Files: ORCTask.java ReplicationAgreement.java Log Message: Resolves: bug 179193 Bug Description: Replication UI most of the time don't return consumer initialization error Reviewed by: nkinder (Thanks!) Fix Description: Just added a 3 second sleep after telling the server to perform the consumer init. This seems to give the server time enough to attempt the init, fail, and set an appropriate error code. Platforms tested: RHEL5 Flag Day: no Doc impact: no Index: ORCTask.java =================================================================== RCS file: /cvs/dirsec/directoryconsole/src/com/netscape/admin/dirserv/panel/replication/ORCTask.java,v retrieving revision 1.1.1.1 retrieving revision 1.2 diff -u -r1.1.1.1 -r1.2 --- ORCTask.java 18 Jul 2005 00:56:08 -0000 1.1.1.1 +++ ORCTask.java 15 Dec 2008 21:04:13 -0000 1.2 @@ -67,6 +67,8 @@ /* send start replication request */ m_agreement.updateEntry(mods); + /* sleep for a moment to let status accrue */ + Thread.sleep(3000); /* The consumer initialization attribute was correctly added. We check until we have the first update result... */ m_firstUpdateStatus = 0; @@ -112,6 +114,9 @@ m_status = me.getLDAPResultCode(); m_firstUpdateMessage = me.getLDAPErrorMessage(); m_dlg.stop (); + } catch (InterruptedException e) { + Debug.println ("Sleep interrupted: Exception occured during ORC: " + e); + m_status = -1; } m_dlg.stop (); Index: ReplicationAgreement.java =================================================================== RCS file: /cvs/dirsec/directoryconsole/src/com/netscape/admin/dirserv/panel/replication/ReplicationAgreement.java,v retrieving revision 1.3 retrieving revision 1.4 diff -u -r1.3 -r1.4 --- ReplicationAgreement.java 24 Nov 2008 16:09:23 -0000 1.3 +++ ReplicationAgreement.java 15 Dec 2008 21:04:13 -0000 1.4 @@ -1400,6 +1400,8 @@ return; } + Debug.println(9, "ReplicationAgreement.updateReplicaStatus: status " + + "entry is " + entry.toString()); String val = DSUtil.getAttrValue(entry, ReplicationTool.REPLICA_LAST_UPDATE_STATUS_ATTR); From nhosoi at fedoraproject.org Mon Dec 15 21:39:32 2008 From: nhosoi at fedoraproject.org (Noriko Hosoi) Date: Mon, 15 Dec 2008 21:39:32 +0000 (UTC) Subject: [Fedora-directory-commits] adminserver/admserv/cfgstuff stop-ds-admin.in, 1.1, 1.2 Message-ID: <20081215213932.882657012E@cvs1.fedora.phx.redhat.com> Author: nhosoi Update of /cvs/dirsec/adminserver/admserv/cfgstuff In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv26076 Modified Files: stop-ds-admin.in Log Message: Resolves: #191779 Summary: restart task confusion Description: removing '-' from -PID not to send the signal to all the processes belonging to the admin server process group. Index: stop-ds-admin.in =================================================================== RCS file: /cvs/dirsec/adminserver/admserv/cfgstuff/stop-ds-admin.in,v retrieving revision 1.1 retrieving revision 1.2 diff -u -r1.1 -r1.2 --- stop-ds-admin.in 11 May 2007 17:26:11 -0000 1.1 +++ stop-ds-admin.in 15 Dec 2008 21:39:30 -0000 1.2 @@ -23,7 +23,7 @@ PID_FILE=@piddir@/@pidfile@ if test -f $PID_FILE ; then - kill -TERM -`cat $PID_FILE` + kill -TERM `cat $PID_FILE` if test $? -ne 0 ; then exit 1 fi @@ -44,7 +44,7 @@ done echo server not responding to exit command echo killing process group -kill -9 -`cat $PID_FILE` +kill -9 `cat $PID_FILE` rm $PID_FILE exit 1 From rmeggins at fedoraproject.org Tue Dec 16 19:07:17 2008 From: rmeggins at fedoraproject.org (Richard Allen Megginson) Date: Tue, 16 Dec 2008 19:07:17 +0000 (UTC) Subject: [Fedora-directory-commits] console/src/com/netscape/management/client/security securityResource.properties, 1.2, 1.3 Message-ID: <20081216190717.B92397012B@cvs1.fedora.phx.redhat.com> Author: rmeggins Update of /cvs/dirsec/console/src/com/netscape/management/client/security In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv19220/console/src/com/netscape/management/client/security Modified Files: securityResource.properties Log Message: fix spelling error Index: securityResource.properties =================================================================== RCS file: /cvs/dirsec/console/src/com/netscape/management/client/security/securityResource.properties,v retrieving revision 1.2 retrieving revision 1.3 diff -u -r1.2 -r1.3 --- securityResource.properties 15 Nov 2007 16:56:53 -0000 1.2 +++ securityResource.properties 16 Dec 2008 19:07:15 -0000 1.3 @@ -215,8 +215,8 @@ CertificateDetailDialog-country=Country CertificateDetailDialog-email=E-mail CertificateDetailDialog-locality=Locality -CertificateDetailDialog-orgUnit=Origanization unit -CertificateDetailDialog-org=Origanization +CertificateDetailDialog-orgUnit=Organization unit +CertificateDetailDialog-org=Organization CertificateDetailDialog-state=State CertificateDetailDialog-signature=Signature algorithm CertificateDetailDialog-algorithm=Public key From rmeggins at fedoraproject.org Tue Dec 16 22:10:35 2008 From: rmeggins at fedoraproject.org (Richard Allen Megginson) Date: Tue, 16 Dec 2008 22:10:35 +0000 (UTC) Subject: [Fedora-directory-commits] directoryconsole/src/com/netscape/admin/dirserv/propedit DSEntryPanel.java, 1.2, 1.3 Message-ID: <20081216221035.8D27C70133@cvs1.fedora.phx.redhat.com> Author: rmeggins Update of /cvs/dirsec/directoryconsole/src/com/netscape/admin/dirserv/propedit In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv20096/directoryconsole/src/com/netscape/admin/dirserv/propedit Modified Files: DSEntryPanel.java Log Message: Resolves: bug 179184 Bug Description: Advanced Properties window sorts by attribute name not "friendly name" Reviewed by: nkinder (Thanks!) Fix Description: Just call the showAllAttributes method at the end of the ctor. This method will sort the list in the correct order. Platforms tested: RHEL5 Flag Day: no Doc impact: no Index: DSEntryPanel.java =================================================================== RCS file: /cvs/dirsec/directoryconsole/src/com/netscape/admin/dirserv/propedit/DSEntryPanel.java,v retrieving revision 1.2 retrieving revision 1.3 diff -u -r1.2 -r1.3 --- DSEntryPanel.java 5 Dec 2008 23:46:25 -0000 1.2 +++ DSEntryPanel.java 16 Dec 2008 22:10:31 -0000 1.3 @@ -97,6 +97,8 @@ add("East", actionPane); add( "Center", _centerPane ); + // force redraw with correct sorting + showAllAttributes(_cbAllowedAttributes.isSelected()); } private void createListOfForbiddenNamingAttributes() { From rmeggins at fedoraproject.org Tue Dec 16 22:16:12 2008 From: rmeggins at fedoraproject.org (Richard Allen Megginson) Date: Tue, 16 Dec 2008 22:16:12 +0000 (UTC) Subject: [Fedora-directory-commits] console/src/com/netscape/management/client/components Table.java, 1.1.1.1, 1.2 TableSorter.java, 1.1.1.1, 1.2 Message-ID: <20081216221612.5334570130@cvs1.fedora.phx.redhat.com> Author: rmeggins Update of /cvs/dirsec/console/src/com/netscape/management/client/components In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv22177/console/src/com/netscape/management/client/components Modified Files: Table.java TableSorter.java Log Message: Resolves: bug 198090 Bug Description: ACI editor table sort problem Reviewed by: nkinder (Thanks!) Fix Description: The main problem was that the Table Model code was not checking the type of the model change event, and was just unconditionally resetting/initializing the internal indexes array every time the checkbox was checked. This caused the table to revert back to the original order every time a checkbox was checked on or off. The only events which should cause the indexes to be reset/initialized are the INSERT and DELETE types, not the UPDATE type. There were also some problems with setting up the initial model, and I cleaned up some bogus code. Platforms tested: RHEL5 Flag Day: no Doc impact: no Index: Table.java =================================================================== RCS file: /cvs/dirsec/console/src/com/netscape/management/client/components/Table.java,v retrieving revision 1.1.1.1 retrieving revision 1.2 diff -u -r1.1.1.1 -r1.2 --- Table.java 18 Jul 2005 00:34:13 -0000 1.1.1.1 +++ Table.java 16 Dec 2008 22:16:09 -0000 1.2 @@ -96,7 +96,8 @@ */ public Table(TableModel dm, boolean enableClientSideSorting) { - this((enableClientSideSorting ? new TableSorter(dm) : dm), null, null); + this(((enableClientSideSorting && !(dm instanceof ISortableTableModel)) ? + new TableSorter(dm) : dm), null, null); this.enableClientSideSorting = enableClientSideSorting; } @@ -135,7 +136,6 @@ { super(dm, cm, sm); initialize(); - TableModel tm = getModel(); initializeColumnHeaders(); } @@ -214,11 +214,16 @@ Enumeration e = tcm.getColumns(); int viewColumnIndex = 0; TableModel tm = getModel(); + // can't refer to this.enableClientSideSorting here because initializeColumnHeaders + // can be called from ctor, before this members are set - but the ctor will have + // wrapped tm in a sortable interface, so check the type of the model to see if it + // is sortable + boolean isSortable = (tm instanceof ISortableTableModel); while (e.hasMoreElements()) { int columnIndex = convertColumnIndexToModel(viewColumnIndex); int alignment = getTableHeaderAlignmentByClass(tm.getColumnClass(columnIndex)); - TextHeaderRenderer headerRenderer = new TextHeaderRenderer(alignment, this.enableClientSideSorting); + TextHeaderRenderer headerRenderer = new TextHeaderRenderer(alignment, isSortable); TableColumn column = (TableColumn)e.nextElement(); column.setHeaderRenderer(headerRenderer); viewColumnIndex++; @@ -318,29 +323,12 @@ */ public void setModel(TableModel dataModel) throws IllegalArgumentException { - - //tableModel = dataModel; - if (this.enableClientSideSorting) { - super.setModel(new TableSorter(dataModel)); - } else { - super.setModel(dataModel); - } - + super.setModel(dataModel); initializeColumnHeaders(); } /** - * Gets the data model for this table. - * - * @return TableModel the data source for this table - * @see JTable#setModel() - */ - public TableModel getModel() { - return super.getModel(); - } - - /** * Sets the column model for this table to newModel and registers * for listener notifications from the new column model. Also sets * the column model of the JTableHeader to columnModel. Index: TableSorter.java =================================================================== RCS file: /cvs/dirsec/console/src/com/netscape/management/client/components/TableSorter.java,v retrieving revision 1.1.1.1 retrieving revision 1.2 diff -u -r1.1.1.1 -r1.2 --- TableSorter.java 18 Jul 2005 00:34:14 -0000 1.1.1.1 +++ TableSorter.java 16 Dec 2008 22:16:09 -0000 1.2 @@ -184,6 +184,10 @@ public void reallocateIndexes() { int rowCount = model.getRowCount(); Debug.println(8, "TableSorter.reallocateIndexes: getRowCount=" + rowCount); + if ((indexes != null) && (rowCount == indexes.length)) { + Debug.println(8, "TableSorter.reallocateIndexes: the model row count is the same as our row count - no need to reallocate"); + return; + } // Set up a new array of indexes with the right number of elements // for the new data model. @@ -196,8 +200,13 @@ } public void tableChanged(TableModelEvent e) { - Debug.println(8, "TableSorter.tableChanged"); - reallocateIndexes(); + Debug.println(8, "TableSorter.tableChanged"); + if (e.getType() != TableModelEvent.UPDATE) { + Debug.println(8, "TableSorter.checkModel: table size was changed - need to reallocate indexes"); + reallocateIndexes(); + } else { + Debug.println(8, "TableSorter.checkModel: table size was not changed - no need to reallocate indexes"); + } super.tableChanged(e); } From rmeggins at fedoraproject.org Tue Dec 16 23:32:04 2008 From: rmeggins at fedoraproject.org (Richard Allen Megginson) Date: Tue, 16 Dec 2008 23:32:04 +0000 (UTC) Subject: [Fedora-directory-commits] console/src/com/netscape/management/client/ug PickerEditorResource.properties, 1.3, 1.4 ResEditorNTUser.java, 1.1.1.1, 1.2 Message-ID: <20081216233204.2011970133@cvs1.fedora.phx.redhat.com> Author: rmeggins Update of /cvs/dirsec/console/src/com/netscape/management/client/ug In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv1890/console/src/com/netscape/management/client/ug Modified Files: PickerEditorResource.properties ResEditorNTUser.java Log Message: Resolves: bug 158334 Bug Description: WinSync Console: Handling of logonHours and accountExpires incorrect. Reviewed by: nhosoi (Thanks!) Files: new file ADUtil.java Fix Description: Added code to convert from Windows FILETIME to Java time. Added special handling for the "Never Expires" value, which can be the very large value or 0. The console now displays "Never Expires" or the actual human readable value for the time. As far as Logon Hours, it's just really messed up. I will open another bug for that. https://bugzilla.redhat.com/attachment.cgi?id=326573 - never expires https://bugzilla.redhat.com/attachment.cgi?id=326574 - expires with date Platforms tested: RHEL5 Flag Day: no Doc impact: yes Index: PickerEditorResource.properties =================================================================== RCS file: /cvs/dirsec/console/src/com/netscape/management/client/ug/PickerEditorResource.properties,v retrieving revision 1.3 retrieving revision 1.4 diff -u -r1.3 -r1.4 --- PickerEditorResource.properties 10 Dec 2008 02:53:19 -0000 1.3 +++ PickerEditorResource.properties 16 Dec 2008 23:32:01 -0000 1.4 @@ -387,6 +387,7 @@ resourceEditor-errorText2=Assigning this value to a user will give this user privileged access. resourceEditor-errorText3=Do you really want to use this value? resourceEditor-errorTitle=Value Warning +resourceEditor-NeverExpires=Never Expires CALPage-displayName=Licenses CALPage-ID=Licenses CALPage-Title=To facilitate tracking of all Client Access Licenses (CAL), please indicate whether Index: ResEditorNTUser.java =================================================================== RCS file: /cvs/dirsec/console/src/com/netscape/management/client/ug/ResEditorNTUser.java,v retrieving revision 1.1.1.1 retrieving revision 1.2 diff -u -r1.1.1.1 -r1.2 --- ResEditorNTUser.java 18 Jul 2005 00:34:23 -0000 1.1.1.1 +++ ResEditorNTUser.java 16 Dec 2008 23:32:01 -0000 1.2 @@ -489,7 +489,14 @@ _tfWorkstationList.setText(_oldWorkstationList); _oldExpiredDate = observable.get(_NT_USER_ACCT_EXPIRED,0); - _lAccountExpired.setText(_oldExpiredDate); + Date dt = ADUtil.convertToJavaDateTime(_oldExpiredDate); + if (ADUtil.neverExpires(dt)) { + _lAccountExpired.setText(_resource.getString("resourceEditor", "NeverExpires")); + } else if (dt != null) { + _lAccountExpired.setText(dt.toString()); + } else { + _lAccountExpired.setText(""); + } _newExpiredDate = _oldExpiredDate; } @@ -617,24 +624,19 @@ } else if (e.getSource()==_bExpiredDate) { // expire date - String sFormat = "yyyyMMddHHmmss"; - SimpleDateFormat formatter = new SimpleDateFormat(sFormat); - Date d = new Date(); - if (!_newExpiredDate.equals("")) - { - ParsePosition p = new ParsePosition(0); - d = formatter.parse(_newExpiredDate,p); - } + Date dt = ADUtil.convertToJavaDateTime(_newExpiredDate); Calendar c = Calendar.getInstance(); - c.setTime(d); + if (!ADUtil.neverExpires(dt) && (dt != null)) { + c.setTime(dt); + } DateTimePicker picker = new DateTimePicker(UtilConsoleGlobals.getActivatedFrame(),c); picker.show(); if (!picker.isCancel()) { c = picker.getCalendar(); - d = c.getTime(); - _newExpiredDate = formatter.format(d); - _lAccountExpired.setText(_newExpiredDate); + dt = c.getTime(); + _newExpiredDate = ADUtil.convertToFileTime(dt); + _lAccountExpired.setText(dt.toString()); } } } From rmeggins at fedoraproject.org Tue Dec 16 23:32:04 2008 From: rmeggins at fedoraproject.org (Richard Allen Megginson) Date: Tue, 16 Dec 2008 23:32:04 +0000 (UTC) Subject: [Fedora-directory-commits] console/src/com/netscape/management/client/util ADUtil.java, NONE, 1.1 Message-ID: <20081216233204.239D97012B@cvs1.fedora.phx.redhat.com> Author: rmeggins Update of /cvs/dirsec/console/src/com/netscape/management/client/util In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv1890/console/src/com/netscape/management/client/util Added Files: ADUtil.java Log Message: Resolves: bug 158334 Bug Description: WinSync Console: Handling of logonHours and accountExpires incorrect. Reviewed by: nhosoi (Thanks!) Files: new file ADUtil.java Fix Description: Added code to convert from Windows FILETIME to Java time. Added special handling for the "Never Expires" value, which can be the very large value or 0. The console now displays "Never Expires" or the actual human readable value for the time. As far as Logon Hours, it's just really messed up. I will open another bug for that. https://bugzilla.redhat.com/attachment.cgi?id=326573 - never expires https://bugzilla.redhat.com/attachment.cgi?id=326574 - expires with date Platforms tested: RHEL5 Flag Day: no Doc impact: yes --- NEW FILE ADUtil.java --- /** BEGIN COPYRIGHT BLOCK * Copyright (C) 2008 Red Hat, Inc. * All rights reserved. * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation version * 2.1 of the License. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * Lesser General Public License for more details. * * You should have received a copy of the GNU Lesser General Public * License along with this library; if not, write to the Free Software * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA * END COPYRIGHT BLOCK **/ /** * This class provides utility methods for dealing with Active Directory * data. */ package com.netscape.management.client.util; import java.util.Date; public class ADUtil { /** * Some of the AD date/time attribute values are in Windows FILETIME * format. This is a 64-bit value which is 100's of nanoseconds since 1/1/1601. * Java uses 64-bit long - milliseconds since 1/1/1970 * AD_EPOCH is the difference in milliseconds between the FILETIME epoch and * the java time epoch. */ static final long AD_EPOCH = 11644473600000L; /* millisecs */ static final long ACCOUNT_NEVER_EXPIRES = 9223372036854775807L; static public Date convertToJavaDateTime(String adtimestr) { if (adtimestr == null) { return null; } Date dt = new Date(); long lts = 0; try { lts = Long.parseLong(adtimestr); } catch (NumberFormatException nfe) { Debug.print(0, "Invalid datetime from AD " + adtimestr); return null; } if ((lts == 0) || (lts == ACCOUNT_NEVER_EXPIRES)) { dt.setTime(-1L); } else { dt.setTime(lts/10000 - AD_EPOCH); } return dt; } static public String convertToFileTime(Date dt) { String val; if (dt == null) { return null; } long lts = dt.getTime(); if (lts == -1L) { val = Long.toString(ACCOUNT_NEVER_EXPIRES); } else { val = Long.toString((lts + AD_EPOCH)*10000); } return val; } static public boolean neverExpires(Date dt) { if (dt == null) { return true; } return dt.getTime() == -1L; } } From rmeggins at fedoraproject.org Tue Dec 16 23:38:30 2008 From: rmeggins at fedoraproject.org (Richard Allen Megginson) Date: Tue, 16 Dec 2008 23:38:30 +0000 (UTC) Subject: [Fedora-directory-commits] console build.properties,1.16,1.17 Message-ID: <20081216233830.8E68E7012B@cvs1.fedora.phx.redhat.com> Author: rmeggins Update of /cvs/dirsec/console In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv2450/console Modified Files: build.properties Log Message: change version to 1.1.3 Index: build.properties =================================================================== RCS file: /cvs/dirsec/console/build.properties,v retrieving revision 1.16 retrieving revision 1.17 diff -u -r1.16 -r1.17 --- build.properties 15 Jul 2008 17:26:56 -0000 1.16 +++ build.properties 16 Dec 2008 23:38:28 -0000 1.17 @@ -23,7 +23,7 @@ console.root=. console.version=11 -console.dotversion=1.1.2 +console.dotversion=1.1.3 console.dotgenversion=1.1 mcc.core=idm-console-mcc From rmeggins at fedoraproject.org Wed Dec 17 00:21:41 2008 From: rmeggins at fedoraproject.org (Richard Allen Megginson) Date: Wed, 17 Dec 2008 00:21:41 +0000 (UTC) Subject: [Fedora-directory-commits] directoryconsole build.properties, 1.9, 1.10 Message-ID: <20081217002142.66BF670130@cvs1.fedora.phx.redhat.com> Author: rmeggins Update of /cvs/dirsec/directoryconsole In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv7635/directoryconsole Modified Files: build.properties Log Message: change version to 1.1.3 Index: build.properties =================================================================== RCS file: /cvs/dirsec/directoryconsole/build.properties,v retrieving revision 1.9 retrieving revision 1.10 diff -u -r1.9 -r1.10 --- build.properties 15 Jul 2008 17:49:02 -0000 1.9 +++ build.properties 17 Dec 2008 00:21:38 -0000 1.10 @@ -21,7 +21,7 @@ lang=en ldapconsole.root=.. -ldapconsole.version=1.1.2 +ldapconsole.version=1.1.3 ldapconsole.gen.version=1.1 brand=fedora ldapconsole.name=${brand}-ds-${ldapconsole.version} From rmeggins at fedoraproject.org Wed Dec 17 16:04:10 2008 From: rmeggins at fedoraproject.org (Richard Allen Megginson) Date: Wed, 17 Dec 2008 16:04:10 +0000 (UTC) Subject: [Fedora-directory-commits] admservconsole build.properties,1.7,1.8 Message-ID: <20081217160410.CB2C770130@cvs1.fedora.phx.redhat.com> Author: rmeggins Update of /cvs/dirsec/admservconsole In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv31016/admservconsole Modified Files: build.properties Log Message: change version to 1.1.3 Index: build.properties =================================================================== RCS file: /cvs/dirsec/admservconsole/build.properties,v retrieving revision 1.7 retrieving revision 1.8 diff -u -r1.7 -r1.8 --- build.properties 15 Jul 2008 17:34:39 -0000 1.7 +++ build.properties 17 Dec 2008 16:04:08 -0000 1.8 @@ -21,7 +21,7 @@ lang=en admservconsole.root=.. -admservconsole.version=1.1.2 +admservconsole.version=1.1.3 admservconsole.gen.version=1.1 brand=fedora admservconsole.name=${brand}-admin-${admservconsole.version} From nkinder at fedoraproject.org Wed Dec 17 17:22:24 2008 From: nkinder at fedoraproject.org (Nathan Kinder) Date: Wed, 17 Dec 2008 17:22:24 +0000 (UTC) Subject: [Fedora-directory-commits] ldapserver/ldap/admin/src/scripts DSCreate.pm.in, 1.14, 1.15 Util.pm.in, 1.17, 1.18 Message-ID: <20081217172224.571CE70130@cvs1.fedora.phx.redhat.com> Author: nkinder Update of /cvs/dirsec/ldapserver/ldap/admin/src/scripts In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv17143/ldap/admin/src/scripts Modified Files: DSCreate.pm.in Util.pm.in Log Message: Resolves: 445305 Summary: Ensure directories created by installer get the requested mode applied. Index: DSCreate.pm.in =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/admin/src/scripts/DSCreate.pm.in,v retrieving revision 1.14 retrieving revision 1.15 diff -u -r1.14 -r1.15 --- DSCreate.pm.in 23 Oct 2008 22:42:54 -0000 1.14 +++ DSCreate.pm.in 17 Dec 2008 17:22:22 -0000 1.15 @@ -160,6 +160,7 @@ my $uid = getpwnam $inf->{General}->{SuiteSpotUserID}; my $gid = -1; # default to leave it alone + my $mode_string = ""; if (defined($inf->{General}->{SuiteSpotGroup})) { $gid = getgrnam $inf->{General}->{SuiteSpotGroup}; @@ -171,6 +172,10 @@ if ($!) { return ('error_chmoding_file', $it, $!); } + + $mode_string = sprintf "%lo", $mode; + debug(1, "changeOwnerMode: changed mode of $it to $mode_string\n"); + $! = 0; # clear errno if ( $gidonly ) { chown -1, $gid, $it; @@ -181,6 +186,12 @@ return ('error_chowning_file', $it, $inf->{General}->{SuiteSpotUserID}, $!); } + if ( $gidonly ) { + debug(1, "changeOwnerMode: changed group ownership of $it to group $gid\n"); + } else { + debug(1, "changeOwnerMode: changed ownership of $it to user $uid group $gid\n"); + } + return (); } Index: Util.pm.in =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/admin/src/scripts/Util.pm.in,v retrieving revision 1.17 retrieving revision 1.18 diff -u -r1.17 -r1.18 --- Util.pm.in 14 Jul 2008 23:25:41 -0000 1.17 +++ Util.pm.in 17 Dec 2008 17:22:22 -0000 1.18 @@ -860,6 +860,7 @@ my ($path, $mode, $user, $group) = @_; my $uid = getpwnam $user; my $gid = -1; # default to leave it alone + my $mode_string = ""; if ($group) { $gid = getgrnam $group; @@ -882,7 +883,10 @@ if ($!) { return ('error_chowning_directory', $_, $!); } - debug(1, "makePaths: created directory $_ mode $mode user $user group $group\n"); + chmod $mode, $_; + $mode_string = sprintf "%lo", $mode; + debug(1, "makePaths: created directory $_ mode $mode_string user $user group $group\n"); + debug(2, "\t" . `ls -ld $_`); } return (); From nkinder at fedoraproject.org Wed Dec 17 17:22:24 2008 From: nkinder at fedoraproject.org (Nathan Kinder) Date: Wed, 17 Dec 2008 17:22:24 +0000 (UTC) Subject: [Fedora-directory-commits] ldapserver/ldap/servers/slapd snmp_collator.c, 1.19, 1.20 Message-ID: <20081217172224.7F83A70130@cvs1.fedora.phx.redhat.com> Author: nkinder Update of /cvs/dirsec/ldapserver/ldap/servers/slapd In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv17143/ldap/servers/slapd Modified Files: snmp_collator.c Log Message: Resolves: 445305 Summary: Ensure directories created by installer get the requested mode applied. Index: snmp_collator.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/snmp_collator.c,v retrieving revision 1.19 retrieving revision 1.20 diff -u -r1.19 -r1.20 --- snmp_collator.c 12 Dec 2008 23:38:54 -0000 1.19 +++ snmp_collator.c 17 Dec 2008 17:22:22 -0000 1.20 @@ -528,17 +528,22 @@ if (errno == EEXIST) { /* It appears that we didn't exit cleanly last time and left the semaphore * around. Recreate it since we don't know what state it is in. */ - sem_unlink(stats_sem_name); + if (sem_unlink(stats_sem_name) != 0) { + LDAPDebug( LDAP_DEBUG_ANY, "Failed to delete old semaphore for stats file (%s). " + "Error %d (%s).\n", szStatsFile, errno, slapd_system_strerror(errno) ); + exit(1); + } + if ((stats_sem = sem_open(stats_sem_name, O_CREAT | O_EXCL, SLAPD_DEFAULT_FILE_MODE, 1)) == SEM_FAILED) { /* No dice */ - LDAPDebug( LDAP_DEBUG_ANY, "Failed to create semaphore for stats file (%s). Error %d.\n", - szStatsFile, errno, 0 ); + LDAPDebug( LDAP_DEBUG_ANY, "Failed to create semaphore for stats file (%s). Error %d (%s).\n", + szStatsFile, errno, slapd_system_strerror(errno) ); exit(1); } } else { /* Some other problem occurred creating the semaphore. */ - LDAPDebug( LDAP_DEBUG_ANY, "Failed to create semaphore for stats file (%s). Error %d.\n", - szStatsFile, errno, 0 ); + LDAPDebug( LDAP_DEBUG_ANY, "Failed to create semaphore for stats file (%s). Error %d.(%s)\n", + szStatsFile, errno, slapd_system_strerror(errno) ); exit(1); } } From nkinder at fedoraproject.org Wed Dec 17 17:26:13 2008 From: nkinder at fedoraproject.org (Nathan Kinder) Date: Wed, 17 Dec 2008 17:26:13 +0000 (UTC) Subject: [Fedora-directory-commits] adminserver/admserv/newinst/src setup-ds-admin.pl.in, 1.12, 1.13 Message-ID: <20081217172613.5A91870130@cvs1.fedora.phx.redhat.com> Author: nkinder Update of /cvs/dirsec/adminserver/admserv/newinst/src In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv17768/admserv/newinst/src Modified Files: setup-ds-admin.pl.in Log Message: Resolves: 445305 Summary: Don't override settings from inf file with default values during a silent install. Index: setup-ds-admin.pl.in =================================================================== RCS file: /cvs/dirsec/adminserver/admserv/newinst/src/setup-ds-admin.pl.in,v retrieving revision 1.12 retrieving revision 1.13 diff -u -r1.12 -r1.13 --- setup-ds-admin.pl.in 14 Jul 2008 18:43:02 -0000 1.12 +++ setup-ds-admin.pl.in 17 Dec 2008 17:26:11 -0000 1.13 @@ -39,32 +39,59 @@ # see if there is already a configds my $admConf = AdminUtil::getAdmConf("$setup->{configdir}/admin-serv"); -# set defaults +# Set defaults, but don't override settings that were +# defined in a passed in inf file. if ($admConf && %{$admConf}) { - $setup->{inf}->{General}->{ConfigDirectoryLdapURL} = $admConf->{ldapurl}; - $setup->{inf}->{General}->{ConfigDirectoryAdminID} = $admConf->{userdn}; - $setup->{inf}->{General}->{AdminDomain} = $admConf->{AdminDomain}; - $setup->{inf}->{General}->{SuiteSpotUserID} = $admConf->{SuiteSpotUserID}; - $setup->{inf}->{General}->{SuiteSpotGroup} = $admConf->{SuiteSpotGroup}; + unless (defined($setup->{inf}->{General}->{ConfigDirectoryLdapURL})) { + $setup->{inf}->{General}->{ConfigDirectoryLdapURL} = $admConf->{ldapurl}; + } + unless (defined($setup->{inf}->{General}->{ConfigDirectoryAdminID})) { + $setup->{inf}->{General}->{ConfigDirectoryAdminID} = $admConf->{userdn}; + } + unless (defined($setup->{inf}->{General}->{AdminDomain})) { + $setup->{inf}->{General}->{AdminDomain} = $admConf->{AdminDomain}; + } + unless (defined($setup->{inf}->{General}->{SuiteSpotUserID})) { + $setup->{inf}->{General}->{SuiteSpotUserID} = $admConf->{SuiteSpotUserID}; + } + unless (defined($setup->{inf}->{General}->{SuiteSpotGroup})) { + $setup->{inf}->{General}->{SuiteSpotGroup} = $admConf->{SuiteSpotGroup}; + } + unless (defined($setup->{inf}->{slapd}->{admin}->{SysUser})) { + $setup->{inf}->{admin}->{SysUser} = $admConf->{sysuser}; + } - $setup->{inf}->{admin}->{SysUser} = $admConf->{sysuser}; # read additional config from config DS my $pset = AdminUtil::getPset($admConf); if ($pset && %{$pset}) { - $setup->{inf}->{admin}->{Port} = $pset->{"configuration.nsserverport"}; + unless (defined($setup->{inf}->{admin}->{Port})) { + $setup->{inf}->{admin}->{Port} = $pset->{"configuration.nsserverport"}; + } $setup->{asorigport} = $pset->{"configuration.nsserverport"}; # save orig. port - $setup->{inf}->{admin}->{ServerIpAddress} = $pset->{"configuration.nsserveraddress"}; - $setup->{inf}->{General}->{FullMachineName} = $pset->{"serverhostname"}; + unless (defined($setup->{inf}->{admin}->{ServerIpAddress})) { + $setup->{inf}->{admin}->{ServerIpAddress} = $pset->{"configuration.nsserveraddress"}; + } + unless (defined($setup->{inf}->{General}->{FullMachineName})) { + $setup->{inf}->{General}->{FullMachineName} = $pset->{"serverhostname"}; + } } my $admpw = AdminUtil::getAdmpw($admConf); if ($admpw && %{$admpw}) { - $setup->{inf}->{admin}->{ServerAdminID} = $admpw->{ServerAdminID}; - $setup->{inf}->{admin}->{ServerAdminPwd} = $admpw->{ServerAdminPwd}; + unless (defined($setup->{inf}->{admin}->{ServerAdminID})) { + $setup->{inf}->{admin}->{ServerAdminID} = $admpw->{ServerAdminID}; + } + unless (defined($setup->{inf}->{admin}->{ServerAdminPwd})) { + $setup->{inf}->{admin}->{ServerAdminPwd} = $admpw->{ServerAdminPwd}; + } } # default to using the existing config DS - $setup->{inf}->{slapd}->{UseExistingMC} = 1; - $setup->{inf}->{slapd}->{SlapdConfigForMC} = 0; + unless (defined($setup->{inf}->{slapd}->{UseExistingMC})) { + $setup->{inf}->{slapd}->{UseExistingMC} = 1; + } + unless (defined($setup->{inf}->{slapd}->{SlapdConfigForMC})) { + $setup->{inf}->{slapd}->{SlapdConfigForMC} = 0; + } $setup->{reconfigas} = 1; # allow AS reconfig } From nkinder at fedoraproject.org Wed Dec 17 18:28:07 2008 From: nkinder at fedoraproject.org (Nathan Kinder) Date: Wed, 17 Dec 2008 18:28:07 +0000 (UTC) Subject: [Fedora-directory-commits] ldapserver/ldap/admin/src/scripts Setup.pm.in, 1.11, 1.12 Message-ID: <20081217182807.09F7A7012E@cvs1.fedora.phx.redhat.com> Author: nkinder Update of /cvs/dirsec/ldapserver/ldap/admin/src/scripts In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv31963/ldap/admin/src/scripts Modified Files: Setup.pm.in Log Message: Resolves: 467233 Summary: Fix undefined subroutine error when trying to display usage message in setup scripts. Index: Setup.pm.in =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/admin/src/scripts/Setup.pm.in,v retrieving revision 1.11 retrieving revision 1.12 diff -u -r1.11 -r1.12 --- Setup.pm.in 14 Jul 2008 18:43:21 -0000 1.11 +++ Setup.pm.in 17 Dec 2008 18:28:04 -0000 1.12 @@ -182,7 +182,7 @@ } } else { # error print STDERR "Error: unknown command line option $_\n"; - usage(); + HelpMessage(); exit 1; } } From nkinder at fedoraproject.org Wed Dec 17 18:58:23 2008 From: nkinder at fedoraproject.org (Nathan Kinder) Date: Wed, 17 Dec 2008 18:58:23 +0000 (UTC) Subject: [Fedora-directory-commits] ldapserver/ldap/admin/src/scripts DialogManager.pm, 1.5, 1.6 setup-ds.res.in, 1.13, 1.14 Message-ID: <20081217185823.91E0670130@cvs1.fedora.phx.redhat.com> Author: nkinder Update of /cvs/dirsec/ldapserver/ldap/admin/src/scripts In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv8393/ldap/admin/src/scripts Modified Files: DialogManager.pm setup-ds.res.in Log Message: Resolves: 463776 Summary: Make "back" reponse in setup code work correctly. Index: DialogManager.pm =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/admin/src/scripts/DialogManager.pm,v retrieving revision 1.5 retrieving revision 1.6 diff -u -r1.5 -r1.6 --- DialogManager.pm 27 Jul 2007 01:46:10 -0000 1.5 +++ DialogManager.pm 17 Dec 2008 18:58:21 -0000 1.6 @@ -104,7 +104,7 @@ } # the word "back" - if ($ans =~ /back/i) { + if ($ans =~ /^\s*back\s*$/i) { return 1; } # a Ctrl-B sequence Index: setup-ds.res.in =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/admin/src/scripts/setup-ds.res.in,v retrieving revision 1.13 retrieving revision 1.14 diff -u -r1.13 -r1.14 --- setup-ds.res.in 14 Jul 2008 23:20:23 -0000 1.13 +++ setup-ds.res.in 17 Dec 2008 18:58:21 -0000 1.14 @@ -7,7 +7,7 @@ dialog_use_different_type = When using Silent or Express mode, some of the\ndialogs are skipped, but validation is still performed\non the default or given answers. You should run this program again and\nchoose Typical or Custom mode in order to provide a valid input\nfor the problem dialog.\n\n # ------------ Welcome Dialog Resource ------------ -dialog_welcome_text = This program will set up the %s Directory Server.\n\nIt is recommended that you have "root" privilege to set up the software.\nTips for using this program:\n - Press "Enter" to choose the default and go to the next screen\n - Type "Control-B" then "Enter" to go back to the previous screen\n - Type "Control-C" to cancel the setup program\n\n +dialog_welcome_text = This program will set up the %s Directory Server.\n\nIt is recommended that you have "root" privilege to set up the software.\nTips for using this program:\n - Press "Enter" to choose the default and go to the next screen\n - Type "Control-B" or the word "back" then "Enter" to go back to the previous screen\n - Type "Control-C" to cancel the setup program\n\n # %s -> brand dialog_welcome_prompt = Would you like to continue with set up? @@ -68,7 +68,7 @@ dialog_dssuffix_error = The suffix '%s' is not a valid DN. Please choose another one.\n\n # ----------- DS Root DN and password Dialog Resource ---------------- -dialog_dsrootdn_text = Certain directory server operations require an administrative user.\nThis user is referred to as the Directory Manager and typically has a\nbind Distinguished Name (DN) of cn=Directory Manager.\nYou will also be prompted for the password for this user. The password must\nbe at least 8 characters long, and contain no spaces.\nPress Control-B then Enter to back up and start over.\n\n +dialog_dsrootdn_text = Certain directory server operations require an administrative user.\nThis user is referred to as the Directory Manager and typically has a\nbind Distinguished Name (DN) of cn=Directory Manager.\nYou will also be prompted for the password for this user. The password must\nbe at least 8 characters long, and contain no spaces.\nPress Control-B or type the word "back", then Enter to back up and start over.\n\n dialog_dsrootdn_prompt = Directory Manager DN dialog_dsrootdn_error = The input '%s' is not a valid DN. Please choose another one.\n\n dialog_dsrootpw_prompt1 = Password @@ -126,4 +126,4 @@ Please remove it first if you really want to recreate it,\ or use a different ServerIdentifier to create another instance.\n error_opening_init_ldif = Could not open the initial LDIF file '%s'.\ -The file was not found or could not be read.\n \ No newline at end of file +The file was not found or could not be read.\n From rmeggins at fedoraproject.org Wed Dec 17 20:47:39 2008 From: rmeggins at fedoraproject.org (Richard Allen Megginson) Date: Wed, 17 Dec 2008 20:47:39 +0000 (UTC) Subject: [Fedora-directory-commits] ldapserver/ldap/servers/slapd util.c, 1.21, 1.22 Message-ID: <20081217204739.A532770131@cvs1.fedora.phx.redhat.com> Author: rmeggins Update of /cvs/dirsec/ldapserver/ldap/servers/slapd In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv19542/ldapserver/ldap/servers/slapd Modified Files: util.c Log Message: Resolves: bug 476891 Bug Description: Replication: Server to Server Connection Error: SASL(-1): generic failure: All-whitespace username. Reviewed by: nkinder (Thanks!) Fix Description: 1) SASL/DIGEST-MD5 needs both username and authid 2) The username and authid in this context are always a bind DN - they must have the "dn:" prefix in order for the SASL mapping to work 3) gssapi (kerberos) sets both username and authid to NULL Platforms tested: RHEL5 Flag Day: no Doc impact: no Index: util.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/util.c,v retrieving revision 1.21 retrieving revision 1.22 diff -u -r1.21 -r1.22 --- util.c 5 Dec 2008 22:41:53 -0000 1.21 +++ util.c 17 Dec 2008 20:47:36 -0000 1.22 @@ -1247,6 +1247,7 @@ const char *realm) { ldapSaslInteractVals *vals = NULL; + char *idprefix = ""; vals = (ldapSaslInteractVals *) slapi_ch_calloc(1, sizeof(ldapSaslInteractVals)); @@ -1261,8 +1262,12 @@ ldap_get_option(ld, LDAP_OPT_X_SASL_MECH, &vals->mech); } + if (vals->mech && !strcasecmp(vals->mech, "DIGEST-MD5")) { + idprefix = "dn:"; /* prefix name and id with this string */ + } + if (authid) { /* use explicit passed in value */ - vals->authid = slapi_ch_strdup(authid); + vals->authid = slapi_ch_smprintf("%s%s", idprefix, authid); } else { /* use option value if any */ ldap_get_option(ld, LDAP_OPT_X_SASL_AUTHCID, &vals->authid); if (!vals->authid) { @@ -1272,7 +1277,7 @@ } if (username) { /* use explicit passed in value */ - vals->username = slapi_ch_strdup(username); + vals->username = slapi_ch_smprintf("%s%s", idprefix, username); } else { /* use option value if any */ ldap_get_option(ld, LDAP_OPT_X_SASL_AUTHZID, &vals->username); if (!vals->username) { /* use default sasl value */ @@ -1413,7 +1418,7 @@ int tries = 0; while (tries < 2) { - void *defaults = ldap_sasl_set_interact_vals(ld, mech, NULL, bindid, + void *defaults = ldap_sasl_set_interact_vals(ld, mech, bindid, bindid, creds, NULL); /* have to first set the defaults used by the callback function */ /* call the bind function */ @@ -1941,8 +1946,9 @@ cc_env_name); } - /* use NULL as username */ + /* use NULL as username and authid */ slapi_ch_free_string(&vals->username); + slapi_ch_free_string(&vals->authid); cleanup: krb5_free_unparsed_name(ctx, princ_name); From nkinder at fedoraproject.org Fri Dec 19 17:07:29 2008 From: nkinder at fedoraproject.org (Nathan Kinder) Date: Fri, 19 Dec 2008 17:07:29 +0000 (UTC) Subject: [Fedora-directory-commits] ldapserver/ldap/servers/slapd add.c, 1.16, 1.17 Message-ID: <20081219170729.5F8007012F@cvs1.fedora.phx.redhat.com> Author: nkinder Update of /cvs/dirsec/ldapserver/ldap/servers/slapd In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv27229/ldap/servers/slapd Modified Files: add.c Log Message: Resolves: 437049 Summary: Add missing parent objectclasses for all operations (replicated or not). Index: add.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/add.c,v retrieving revision 1.16 retrieving revision 1.17 diff -u -r1.16 -r1.17 --- add.c 5 Dec 2008 22:41:52 -0000 1.16 +++ add.c 19 Dec 2008 17:07:26 -0000 1.17 @@ -572,9 +572,7 @@ } /* expand objectClass values to reflect the inheritance hierarchy */ - if (!repl_op) { - slapi_schema_expand_objectclasses( e ); - } + slapi_schema_expand_objectclasses( e ); /* uniqueid needs to be generated for entries added during legacy replication */ From nkinder at fedoraproject.org Fri Dec 19 17:07:29 2008 From: nkinder at fedoraproject.org (Nathan Kinder) Date: Fri, 19 Dec 2008 17:07:29 +0000 (UTC) Subject: [Fedora-directory-commits] ldapserver/ldap/servers/slapd/back-ldbm ldbm_modify.c, 1.7, 1.8 Message-ID: <20081219170729.52B547013F@cvs1.fedora.phx.redhat.com> Author: nkinder Update of /cvs/dirsec/ldapserver/ldap/servers/slapd/back-ldbm In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv27229/ldap/servers/slapd/back-ldbm Modified Files: ldbm_modify.c Log Message: Resolves: 437049 Summary: Add missing parent objectclasses for all operations (replicated or not). Index: ldbm_modify.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/back-ldbm/ldbm_modify.c,v retrieving revision 1.7 retrieving revision 1.8 diff -u -r1.7 -r1.8 --- ldbm_modify.c 8 Oct 2008 17:29:04 -0000 1.7 +++ ldbm_modify.c 19 Dec 2008 17:07:26 -0000 1.8 @@ -206,7 +206,7 @@ int is_fixup_operation= 0; int is_ruv = 0; /* True if the current entry is RUV */ CSN *opcsn = NULL; - int repl_op; + int i = 0; slapi_pblock_get( pb, SLAPI_BACKEND, &be); slapi_pblock_get( pb, SLAPI_PLUGIN_PRIVATE, &li ); @@ -214,7 +214,6 @@ slapi_pblock_get( pb, SLAPI_MODIFY_MODS, &mods ); slapi_pblock_get( pb, SLAPI_PARENT_TXN, (void**)&parent_txn ); slapi_pblock_get( pb, SLAPI_OPERATION, &operation ); - slapi_pblock_get (pb, SLAPI_IS_REPLICATED_OPERATION, &repl_op); is_fixup_operation = operation_is_flag_set(operation, OP_FLAG_REPL_FIXUP); is_ruv = operation_is_flag_set(operation, OP_FLAG_REPL_RUV); inst = (ldbm_instance *) be->be_instance_info; @@ -310,20 +309,13 @@ } /* - * If we are not handling a replicated operation, AND if the - * objectClass attribute type was modified in any way, expand + * If the objectClass attribute type was modified in any way, expand * the objectClass values to reflect the inheritance hierarchy. - * [blackflag 624152]: repl_op covers both regular and legacy replication */ - if(!repl_op) - { - int i; - - for ( i = 0; mods[i] != NULL; ++i ) { - if ( 0 == strcasecmp( SLAPI_ATTR_OBJECTCLASS, mods[i]->mod_type )) { - slapi_schema_expand_objectclasses( ec->ep_entry ); - break; - } + for ( i = 0; mods[i] != NULL; ++i ) { + if ( 0 == strcasecmp( SLAPI_ATTR_OBJECTCLASS, mods[i]->mod_type )) { + slapi_schema_expand_objectclasses( ec->ep_entry ); + break; } } From rmeggins at fedoraproject.org Fri Dec 19 19:26:04 2008 From: rmeggins at fedoraproject.org (Richard Allen Megginson) Date: Fri, 19 Dec 2008 19:26:04 +0000 (UTC) Subject: [Fedora-directory-commits] ldapserver/ldap/servers/slapd util.c, 1.22, 1.23 Message-ID: <20081219192604.7E91B70130@cvs1.fedora.phx.redhat.com> Author: rmeggins Update of /cvs/dirsec/ldapserver/ldap/servers/slapd In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv31545/ldapserver/ldap/servers/slapd Modified Files: util.c Log Message: Resolves: bug 476891 Bug Description: Replication: Server to Server Connection Error: SASL(-1): generic failure: All-whitespace username. Reviewed by: nkinder (Thanks!) Fix Description: My earlier fix for this bug broke GSSAPI - it would cause the username and authid to only be freed under certain conditions e.g. if the krb creds were still valid, the code would not free the username and authid, so they would be passed via SASL instead of the principal name. This fix just makes sure username and authid are always freed, under all circumstances. Platforms tested: RHEL5, Fedora 9 Flag Day: no Doc impact: no Index: util.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/util.c,v retrieving revision 1.22 retrieving revision 1.23 diff -u -r1.22 -r1.23 --- util.c 17 Dec 2008 20:47:36 -0000 1.22 +++ util.c 19 Dec 2008 19:26:01 -0000 1.23 @@ -1946,11 +1946,11 @@ cc_env_name); } +cleanup: /* use NULL as username and authid */ slapi_ch_free_string(&vals->username); slapi_ch_free_string(&vals->authid); -cleanup: krb5_free_unparsed_name(ctx, princ_name); if (kt) { /* NULL not allowed */ krb5_kt_close(ctx, kt); From rmeggins at fedoraproject.org Mon Dec 22 18:08:59 2008 From: rmeggins at fedoraproject.org (Richard Allen Megginson) Date: Mon, 22 Dec 2008 18:08:59 +0000 (UTC) Subject: [Fedora-directory-commits] console/src/com/netscape/management/client/topology TopTopologyNode.java, 1.2, 1.3 Message-ID: <20081222180859.3EC0770131@cvs1.fedora.phx.redhat.com> Author: rmeggins Update of /cvs/dirsec/console/src/com/netscape/management/client/topology In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv16740/console/src/com/netscape/management/client/topology Modified Files: TopTopologyNode.java Log Message: Resolves: bug 312381 Description: ambiguity in imported classes Fix Description: clean up imports - import specific class names only instead of .* Index: TopTopologyNode.java =================================================================== RCS file: /cvs/dirsec/console/src/com/netscape/management/client/topology/TopTopologyNode.java,v retrieving revision 1.2 retrieving revision 1.3 diff -u -r1.2 -r1.3 --- TopTopologyNode.java 10 Jan 2008 18:35:36 -0000 1.2 +++ TopTopologyNode.java 22 Dec 2008 18:08:56 -0000 1.3 @@ -19,14 +19,16 @@ * END COPYRIGHT BLOCK **/ package com.netscape.management.client.topology; -import java.util.*; -import java.awt.event.*; -import javax.swing.*; -import javax.swing.tree.*; -import com.netscape.management.client.*; -import com.netscape.management.client.console.*; -import com.netscape.management.client.util.*; -import netscape.ldap.*; +import java.util.Enumeration; +import java.util.Hashtable; +import java.util.Vector; + +import javax.swing.tree.MutableTreeNode; + +import com.netscape.management.client.IResourceObject; +import com.netscape.management.client.console.Console; +import com.netscape.management.client.console.SplashScreen; +import com.netscape.management.client.util.Debug; /** From rmeggins at fedoraproject.org Mon Dec 22 18:13:10 2008 From: rmeggins at fedoraproject.org (Richard Allen Megginson) Date: Mon, 22 Dec 2008 18:13:10 +0000 (UTC) Subject: [Fedora-directory-commits] console/src/com/netscape/management/client/preferences FilePreferenceManager.java, 1.3, 1.4 Message-ID: <20081222181310.5FF9470131@cvs1.fedora.phx.redhat.com> Author: rmeggins Update of /cvs/dirsec/console/src/com/netscape/management/client/preferences In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv17558/console/src/com/netscape/management/client/preferences Modified Files: FilePreferenceManager.java Log Message: Resolves: bug 312381 Description: ambiguity in imported classes Fix Description: clean up imports - import specific class names only instead of .* Index: FilePreferenceManager.java =================================================================== RCS file: /cvs/dirsec/console/src/com/netscape/management/client/preferences/FilePreferenceManager.java,v retrieving revision 1.3 retrieving revision 1.4 diff -u -r1.3 -r1.4 --- FilePreferenceManager.java 10 Jan 2008 18:35:36 -0000 1.3 +++ FilePreferenceManager.java 22 Dec 2008 18:13:07 -0000 1.4 @@ -19,11 +19,13 @@ * END COPYRIGHT BLOCK **/ package com.netscape.management.client.preferences; -import java.util.*; import java.io.File; import java.io.FilenameFilter; -import com.netscape.management.client.console.*; -import com.netscape.management.client.util.*; +import java.util.Enumeration; +import java.util.Hashtable; + +import com.netscape.management.client.console.Console; +import com.netscape.management.client.util.Debug; /** * A PreferenceManager that reads and stores preference From rmeggins at fedoraproject.org Mon Dec 22 18:48:37 2008 From: rmeggins at fedoraproject.org (Richard Allen Megginson) Date: Mon, 22 Dec 2008 18:48:37 +0000 (UTC) Subject: [Fedora-directory-commits] console/src/com/netscape/management/client/security CertRequestWizard.java, 1.4, 1.5 Message-ID: <20081222184837.227FA7013C@cvs1.fedora.phx.redhat.com> Author: rmeggins Update of /cvs/dirsec/console/src/com/netscape/management/client/security In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv28952/console/src/com/netscape/management/client/security Modified Files: CertRequestWizard.java Log Message: Resolves: bug 312381 Description: ambiguity in imported classes Fix Description: clean up imports - import specific class names only instead of .* Index: CertRequestWizard.java =================================================================== RCS file: /cvs/dirsec/console/src/com/netscape/management/client/security/CertRequestWizard.java,v retrieving revision 1.4 retrieving revision 1.5 diff -u -r1.4 -r1.5 --- CertRequestWizard.java 10 Jan 2008 18:35:36 -0000 1.4 +++ CertRequestWizard.java 22 Dec 2008 18:48:34 -0000 1.5 @@ -19,19 +19,41 @@ * END COPYRIGHT BLOCK **/ package com.netscape.management.client.security; -import java.awt.*; -import java.awt.event.*; -import java.util.*; -import java.util.zip.*; -import java.util.jar.*; -import java.net.*; +import java.awt.Component; +import java.awt.Dialog; +import java.awt.Frame; +import java.awt.GridBagConstraints; +import java.awt.GridBagLayout; +import java.awt.event.ActionEvent; +import java.awt.event.ActionListener; +import java.util.Enumeration; +import java.util.Hashtable; +import java.util.Iterator; +import java.util.Set; +import java.util.Vector; +import java.util.jar.Attributes; +import java.util.jar.JarFile; +import java.util.jar.Manifest; +import java.util.zip.ZipEntry; import java.io.File; import java.io.FilenameFilter; import java.io.InputStream; -import javax.swing.*; -import javax.swing.event.*; -import com.netscape.management.client.console.*; -import com.netscape.management.client.components.*; +import java.net.URL; + +import javax.swing.ButtonGroup; +import javax.swing.DefaultListCellRenderer; +import javax.swing.ImageIcon; +import javax.swing.JLabel; +import javax.swing.JList; +import javax.swing.JOptionPane; +import javax.swing.JPanel; +import javax.swing.JRadioButton; +import javax.swing.SwingUtilities; +import javax.swing.event.ListSelectionEvent; +import javax.swing.event.ListSelectionListener; + +import com.netscape.management.client.security.csr.ICAPlugin; +import com.netscape.management.client.security.csr.IUIPage; import com.netscape.management.client.util.ModalDialogUtil; import com.netscape.management.client.util.ResourceSet; import com.netscape.management.client.util.MultilineLabel; @@ -41,9 +63,19 @@ import com.netscape.management.client.util.AdmTask; import com.netscape.management.client.util.Help; import com.netscape.management.client.util.Browser; -import com.netscape.management.nmclf.*; -import com.netscape.management.client.security.csr.*; -import com.netscape.management.client.preferences.*; +import com.netscape.management.client.preferences.LDAPPreferences; +import com.netscape.management.client.components.ErrorDialog; +import com.netscape.management.client.components.IDataCollectionModel; +import com.netscape.management.client.components.IWizardSequenceManager; +import com.netscape.management.client.components.Wizard; +import com.netscape.management.client.components.WizardDataCollectionModel; +import com.netscape.management.client.components.WizardPage; +import com.netscape.management.client.components.WizardSequenceManager; +import com.netscape.management.client.console.Console; +import com.netscape.management.client.console.ConsoleInfo; +import com.netscape.management.nmclf.SuiConstants; +import com.netscape.management.nmclf.SuiScrollPane; + import netscape.ldap.*; /** @@ -401,7 +433,6 @@ String jarFilename = fList[i].getParent()+"/"+fList[i].getName(); JarFile jarfile = new JarFile(jarFilename); Manifest mf = jarfile.getManifest(); - Map map = mf.getEntries(); Set set = mf.getEntries().keySet(); Iterator iterator = set.iterator(); From rmeggins at fedoraproject.org Mon Dec 22 18:48:37 2008 From: rmeggins at fedoraproject.org (Richard Allen Megginson) Date: Mon, 22 Dec 2008 18:48:37 +0000 (UTC) Subject: [Fedora-directory-commits] console/src/com/netscape/management/client/topology DomainNode.java, 1.2, 1.3 Message-ID: <20081222184837.3B3E17013C@cvs1.fedora.phx.redhat.com> Author: rmeggins Update of /cvs/dirsec/console/src/com/netscape/management/client/topology In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv28952/console/src/com/netscape/management/client/topology Modified Files: DomainNode.java Log Message: Resolves: bug 312381 Description: ambiguity in imported classes Fix Description: clean up imports - import specific class names only instead of .* Index: DomainNode.java =================================================================== RCS file: /cvs/dirsec/console/src/com/netscape/management/client/topology/DomainNode.java,v retrieving revision 1.2 retrieving revision 1.3 diff -u -r1.2 -r1.3 --- DomainNode.java 10 Jan 2008 18:35:36 -0000 1.2 +++ DomainNode.java 22 Dec 2008 18:48:35 -0000 1.3 @@ -19,17 +19,39 @@ * END COPYRIGHT BLOCK **/ package com.netscape.management.client.topology; -import java.util.*; -import javax.swing.*; -import javax.swing.event.*; -import javax.swing.tree.*; +import javax.swing.JCheckBox; +import javax.swing.JPasswordField; +import javax.swing.event.ChangeListener; +import javax.swing.tree.MutableTreeNode; + +import netscape.ldap.LDAPAttribute; +import netscape.ldap.LDAPConnection; +import netscape.ldap.LDAPEntry; +import netscape.ldap.LDAPException; +import netscape.ldap.LDAPModification; +import netscape.ldap.LDAPSearchResults; + import java.awt.Component; import java.text.MessageFormat; -import com.netscape.management.client.*; -import com.netscape.management.client.util.*; -import com.netscape.management.client.console.*; -import com.netscape.management.nmclf.*; -import netscape.ldap.*; +import java.util.Enumeration; +import java.util.Hashtable; +import java.util.Vector; + +import com.netscape.management.client.IMenuInfo; +import com.netscape.management.client.IMenuItem; +import com.netscape.management.client.IPage; +import com.netscape.management.client.IResourceObject; +import com.netscape.management.client.ResourceModel; +import com.netscape.management.client.ResourcePage; +import com.netscape.management.client.console.Console; +import com.netscape.management.client.console.ConsoleInfo; +import com.netscape.management.client.console.SplashScreen; +import com.netscape.management.client.util.Debug; +import com.netscape.management.client.util.LDAPUtil; +import com.netscape.management.client.util.RemoteImage; +import com.netscape.management.client.util.ResourceSet; +import com.netscape.management.client.util.SingleBytePasswordField; +import com.netscape.management.nmclf.SuiPasswordField; /** From rmeggins at fedoraproject.org Mon Dec 22 18:48:37 2008 From: rmeggins at fedoraproject.org (Richard Allen Megginson) Date: Mon, 22 Dec 2008 18:48:37 +0000 (UTC) Subject: [Fedora-directory-commits] console/src/com/netscape/management/client/util IndexDialog.java, 1.2, 1.3 Message-ID: <20081222184837.53D937013C@cvs1.fedora.phx.redhat.com> Author: rmeggins Update of /cvs/dirsec/console/src/com/netscape/management/client/util In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv28952/console/src/com/netscape/management/client/util Modified Files: IndexDialog.java Log Message: Resolves: bug 312381 Description: ambiguity in imported classes Fix Description: clean up imports - import specific class names only instead of .* Index: IndexDialog.java =================================================================== RCS file: /cvs/dirsec/console/src/com/netscape/management/client/util/IndexDialog.java,v retrieving revision 1.2 retrieving revision 1.3 diff -u -r1.2 -r1.3 --- IndexDialog.java 10 Jan 2008 18:35:38 -0000 1.2 +++ IndexDialog.java 22 Dec 2008 18:48:35 -0000 1.3 @@ -20,20 +20,47 @@ package com.netscape.management.client.util; -import java.awt.*; -import java.util.*; +import java.awt.Color; +import java.awt.Dimension; +import java.awt.GridBagConstraints; +import java.awt.GridBagLayout; +import java.awt.Insets; +import java.beans.PropertyChangeEvent; +import java.beans.PropertyChangeListener; +import java.beans.PropertyChangeSupport; +import java.text.CollationKey; +import java.text.Collator; +import java.util.Enumeration; +import java.util.Hashtable; +import java.util.Vector; import java.io.BufferedReader; import java.io.FileReader; import java.io.IOException; import java.io.StringReader; -import java.net.*; -import java.text.*; -import java.beans.*; -import javax.swing.*; -import javax.swing.event.*; -import javax.swing.text.html.*; -import com.netscape.management.client.console.*; -import com.netscape.management.client.components.*; +import java.net.URL; + +import javax.swing.BorderFactory; +import javax.swing.JEditorPane; +import javax.swing.JFrame; +import javax.swing.JLabel; +import javax.swing.JList; +import javax.swing.JPanel; +import javax.swing.JScrollPane; +import javax.swing.JSplitPane; +import javax.swing.JTextField; +import javax.swing.ListSelectionModel; +import javax.swing.UIManager; +import javax.swing.event.DocumentEvent; +import javax.swing.event.DocumentListener; +import javax.swing.event.HyperlinkEvent; +import javax.swing.event.HyperlinkListener; +import javax.swing.event.ListSelectionEvent; +import javax.swing.event.ListSelectionListener; +import javax.swing.text.html.HTMLDocument; +import javax.swing.text.html.HTMLFrameHyperlinkEvent; + +import com.netscape.management.client.components.GenericDialog; +import com.netscape.management.client.console.Console; /** * Dialog to select a topic to display, from a list of URLS organized From rmeggins at fedoraproject.org Mon Dec 22 18:55:23 2008 From: rmeggins at fedoraproject.org (Richard Allen Megginson) Date: Mon, 22 Dec 2008 18:55:23 +0000 (UTC) Subject: [Fedora-directory-commits] adminutil/include/libadminutil resource.h, 1.3, 1.4 Message-ID: <20081222185523.4C2F670131@cvs1.fedora.phx.redhat.com> Author: rmeggins Update of /cvs/dirsec/adminutil/include/libadminutil In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv513/adminutil/include/libadminutil Modified Files: resource.h Log Message: fix compiler warning Index: resource.h =================================================================== RCS file: /cvs/dirsec/adminutil/include/libadminutil/resource.h,v retrieving revision 1.3 retrieving revision 1.4 diff -u -r1.3 -r1.4 --- resource.h 4 Apr 2007 19:37:41 -0000 1.3 +++ resource.h 22 Dec 2008 18:55:20 -0000 1.4 @@ -187,11 +187,11 @@ #ifdef RESOURCE_STR #define BEGIN_STR(argLibraryName) \ - res_RESOURCE_TABLE argLibraryName[] = { 0, #argLibraryName, + res_RESOURCE_TABLE argLibraryName[] = { {0, #argLibraryName} , #define ResDef(argToken,argID,argString) \ - argID, argString, + {argID, argString}, #define END_STR(argLibraryName) \ - 0, 0 }; + {0, 0} }; #else #define BEGIN_STR(argLibraryName) \ enum { From rmeggins at fedoraproject.org Mon Dec 22 18:56:12 2008 From: rmeggins at fedoraproject.org (Richard Allen Megginson) Date: Mon, 22 Dec 2008 18:56:12 +0000 (UTC) Subject: [Fedora-directory-commits] adminutil configure.ac, 1.12, 1.13 aclocal.m4, 1.15, 1.16 missing, 1.14, 1.15 install-sh, 1.14, 1.15 configure, 1.15, 1.16 Makefile.in, 1.15, 1.16 depcomp, 1.14, 1.15 config.sub, 1.14, 1.15 config.guess, 1.14, 1.15 compile, 1.14, 1.15 Message-ID: <20081222185612.A7E2B70131@cvs1.fedora.phx.redhat.com> Author: rmeggins Update of /cvs/dirsec/adminutil In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv644 Modified Files: configure.ac aclocal.m4 missing install-sh configure Makefile.in depcomp config.sub config.guess compile Log Message: bump version to 1.1.8 Index: configure.ac =================================================================== RCS file: /cvs/dirsec/adminutil/configure.ac,v retrieving revision 1.12 retrieving revision 1.13 diff -u -r1.12 -r1.13 --- configure.ac 27 Aug 2008 20:07:58 -0000 1.12 +++ configure.ac 22 Dec 2008 18:56:09 -0000 1.13 @@ -1,7 +1,7 @@ # -*- Autoconf -*- # Process this file with autoconf to produce a configure script. AC_PREREQ(2.59) -AC_INIT([adminutil], [1.1.7], [http://bugzilla.redhat.com/]) +AC_INIT([adminutil], [1.1.8], [http://bugzilla.redhat.com/]) AM_INIT_AUTOMAKE([1.9 foreign subdir-objects]) AM_MAINTAINER_MODE AC_CANONICAL_HOST Index: configure =================================================================== RCS file: /cvs/dirsec/adminutil/configure,v retrieving revision 1.15 retrieving revision 1.16 diff -u -r1.15 -r1.16 --- configure 27 Aug 2008 20:07:59 -0000 1.15 +++ configure 22 Dec 2008 18:56:09 -0000 1.16 @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.59 for adminutil 1.1.7. +# Generated by GNU Autoconf 2.59 for adminutil 1.1.8. # # Report bugs to . # @@ -423,8 +423,8 @@ # Identity of this package. PACKAGE_NAME='adminutil' PACKAGE_TARNAME='adminutil' -PACKAGE_VERSION='1.1.7' -PACKAGE_STRING='adminutil 1.1.7' +PACKAGE_VERSION='1.1.8' +PACKAGE_STRING='adminutil 1.1.8' PACKAGE_BUGREPORT='http://bugzilla.redhat.com/' # Factoring default headers for most tests. @@ -954,7 +954,7 @@ # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures adminutil 1.1.7 to adapt to many kinds of systems. +\`configure' configures adminutil 1.1.8 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1020,7 +1020,7 @@ if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of adminutil 1.1.7:";; + short | recursive ) echo "Configuration of adminutil 1.1.8:";; esac cat <<\_ACEOF @@ -1182,7 +1182,7 @@ test -n "$ac_init_help" && exit 0 if $ac_init_version; then cat <<\_ACEOF -adminutil configure 1.1.7 +adminutil configure 1.1.8 generated by GNU Autoconf 2.59 Copyright (C) 2003 Free Software Foundation, Inc. @@ -1196,7 +1196,7 @@ This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by adminutil $as_me 1.1.7, which was +It was created by adminutil $as_me 1.1.8, which was generated by GNU Autoconf 2.59. Invocation command line was $ $0 $@ @@ -1839,7 +1839,7 @@ # Define the identity of the package. PACKAGE='adminutil' - VERSION='1.1.7' + VERSION='1.1.8' cat >>confdefs.h <<_ACEOF @@ -24401,7 +24401,7 @@ } >&5 cat >&5 <<_CSEOF -This file was extended by adminutil $as_me 1.1.7, which was +This file was extended by adminutil $as_me 1.1.8, which was generated by GNU Autoconf 2.59. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -24459,7 +24459,7 @@ cat >>$CONFIG_STATUS <<_ACEOF ac_cs_version="\\ -adminutil config.status 1.1.7 +adminutil config.status 1.1.8 configured by $0, generated by GNU Autoconf 2.59, with options \\"`echo "$ac_configure_args" | sed 's/[\\""\`\$]/\\\\&/g'`\\" From rmeggins at fedoraproject.org Mon Dec 22 19:50:17 2008 From: rmeggins at fedoraproject.org (Richard Allen Megginson) Date: Mon, 22 Dec 2008 19:50:17 +0000 (UTC) Subject: [Fedora-directory-commits] dsgw entrydisplay.c,1.10,1.11 Message-ID: <20081222195017.2D3BC70133@cvs1.fedora.phx.redhat.com> Author: rmeggins Update of /cvs/dirsec/dsgw In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv16211/dsgw Modified Files: entrydisplay.c Log Message: Resolves: bug 471681 Bug Description: DSGW authenticate multi-result hyperlinks broken Reviewed by: nhosoi (Thanks!) Fix Description: 1) The quoting was a bit off. The DSGW code adds double quotes at the beginning and end of the javascript. We have to use %22 to have DSGW emit double quotes in the right places where other double quotes are needed. 2) If you are attempting to auth as a real user, and you have password policy on such that the user must change the password after reset, and you are using a binddn instead of the default anon, the auth screen would not prompt you for your old password, because it thought you were already bound as the binddn. The binddn is not a real user in this case, and so should not be considered when testing for "bound". Platforms tested: RHEL5 Flag Day: no Doc impact: no Index: entrydisplay.c =================================================================== RCS file: /cvs/dirsec/dsgw/entrydisplay.c,v retrieving revision 1.10 retrieving revision 1.11 diff -u -r1.10 -r1.11 --- entrydisplay.c 20 Mar 2008 02:18:39 -0000 1.10 +++ entrydisplay.c 22 Dec 2008 19:50:15 -0000 1.11 @@ -2912,7 +2912,9 @@ } if ( strcasecmp( argv[0], DSGW_COND_BOUND ) == 0 ) { - return( dsgw_get_binddn() != NULL ); + /* We are not really considered to be bound if we are bound + as the binddn user */ + return( (dsgw_get_binddn() != NULL) && gc->gc_binddn && (0 == dsgw_dn_cmp(dsgw_get_binddn(), gc->gc_binddn)) ); } if ( strcasecmp( argv[0], DSGW_COND_BOUNDASTHISENTRY ) == 0 ) { From rmeggins at fedoraproject.org Mon Dec 22 19:50:17 2008 From: rmeggins at fedoraproject.org (Richard Allen Megginson) Date: Mon, 22 Dec 2008 19:50:17 +0000 (UTC) Subject: [Fedora-directory-commits] dsgw/pbconfig list-Auth.html.in,1.4,1.5 Message-ID: <20081222195017.12DA870134@cvs1.fedora.phx.redhat.com> Author: rmeggins Update of /cvs/dirsec/dsgw/pbconfig In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv16211/dsgw/pbconfig Modified Files: list-Auth.html.in Log Message: Resolves: bug 471681 Bug Description: DSGW authenticate multi-result hyperlinks broken Reviewed by: nhosoi (Thanks!) Fix Description: 1) The quoting was a bit off. The DSGW code adds double quotes at the beginning and end of the javascript. We have to use %22 to have DSGW emit double quotes in the right places where other double quotes are needed. 2) If you are attempting to auth as a real user, and you have password policy on such that the user must change the password after reset, and you are using a binddn instead of the default anon, the auth screen would not prompt you for your old password, because it thought you were already bound as the binddn. The binddn is not a real user in this case, and so should not be considered when testing for "bound". Platforms tested: RHEL5 Flag Day: no Doc impact: no Index: list-Auth.html.in =================================================================== RCS file: /cvs/dirsec/dsgw/pbconfig/list-Auth.html.in,v retrieving revision 1.4 retrieving revision 1.5 diff -u -r1.4 -r1.5 --- list-Auth.html.in 20 Mar 2008 02:18:44 -0000 1.4 +++ list-Auth.html.in 22 Dec 2008 19:50:14 -0000 1.5 @@ -123,7 +123,7 @@ - + From rmeggins at fedoraproject.org Mon Dec 22 19:50:16 2008 From: rmeggins at fedoraproject.org (Richard Allen Megginson) Date: Mon, 22 Dec 2008 19:50:16 +0000 (UTC) Subject: [Fedora-directory-commits] dsgw/config list-Auth.html.in,1.4,1.5 Message-ID: <20081222195016.EF33270133@cvs1.fedora.phx.redhat.com> Author: rmeggins Update of /cvs/dirsec/dsgw/config In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv16211/dsgw/config Modified Files: list-Auth.html.in Log Message: Resolves: bug 471681 Bug Description: DSGW authenticate multi-result hyperlinks broken Reviewed by: nhosoi (Thanks!) Fix Description: 1) The quoting was a bit off. The DSGW code adds double quotes at the beginning and end of the javascript. We have to use %22 to have DSGW emit double quotes in the right places where other double quotes are needed. 2) If you are attempting to auth as a real user, and you have password policy on such that the user must change the password after reset, and you are using a binddn instead of the default anon, the auth screen would not prompt you for your old password, because it thought you were already bound as the binddn. The binddn is not a real user in this case, and so should not be considered when testing for "bound". Platforms tested: RHEL5 Flag Day: no Doc impact: no Index: list-Auth.html.in =================================================================== RCS file: /cvs/dirsec/dsgw/config/list-Auth.html.in,v retrieving revision 1.4 retrieving revision 1.5 diff -u -r1.4 -r1.5 --- list-Auth.html.in 20 Mar 2008 02:18:40 -0000 1.4 +++ list-Auth.html.in 22 Dec 2008 19:50:14 -0000 1.5 @@ -89,7 +89,7 @@ - + From rmeggins at fedoraproject.org Mon Dec 22 21:44:33 2008 From: rmeggins at fedoraproject.org (Richard Allen Megginson) Date: Mon, 22 Dec 2008 21:44:33 +0000 (UTC) Subject: [Fedora-directory-commits] dsgw cgiutil.c, 1.5, 1.6 cookie.c, 1.1.1.1, 1.2 csearch.c, 1.7, 1.8 dnedit.c, 1.7, 1.8 doauth.c, 1.6, 1.7 domodify.c, 1.4, 1.5 dosearch.c, 1.5, 1.6 dsgw.h, 1.10, 1.11 dsgwutil.c, 1.13, 1.14 emitf.c, 1.2, 1.3 entrydisplay.c, 1.11, 1.12 htmlout.c, 1.7, 1.8 ldaputil.c, 1.5, 1.6 search.c, 1.4, 1.5 tutor.c, 1.5, 1.6 Message-ID: <20081222214433.24B737013C@cvs1.fedora.phx.redhat.com> Author: rmeggins Update of /cvs/dirsec/dsgw In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv11172/dsgw Modified Files: cgiutil.c cookie.c csearch.c dnedit.c doauth.c domodify.c dosearch.c dsgw.h dsgwutil.c emitf.c entrydisplay.c htmlout.c ldaputil.c search.c tutor.c Log Message: Resolves: bug 472092 Bug Description: DSGW password corruption Reviewed by: nkinder (Thanks!) Fix Description: 1) By default, all of the get/post parameters have the html entities escaped, so we can be sure that they are displayed to the user escaped, to avoid XSS issues. However, values sent to LDAP must be unescaped. The doauth code is used to authenticate directory manager and ordinary users, so we have to unescape the password explicitly there. The domodify code is used when data is added or modified in the directory server. It's easier to just fix all of the values before sending to the directory server. 2) The entity code has been moved to adminutil, so use the adminutil functions instead of the dsgw functions. This will require adminutil 1.1.8. 3) Clean up various compiler warnings. Platforms tested: RHEL5 Flag Day: no Doc impact: no Index: cgiutil.c =================================================================== RCS file: /cvs/dirsec/dsgw/cgiutil.c,v retrieving revision 1.5 retrieving revision 1.6 diff -u -r1.5 -r1.6 --- cgiutil.c 27 Feb 2008 03:36:50 -0000 1.5 +++ cgiutil.c 22 Dec 2008 21:44:30 -0000 1.6 @@ -152,7 +152,7 @@ } #ifdef DSGW_DEBUG - dsgw_log ("vars=\"%s\"\n", vars); + dsgw_log ("vars=\"%p\"\n", vars); #endif vars = get_input_ptr(); dsgw_vec_convert (vars); /* convert to utf8 */ Index: cookie.c =================================================================== RCS file: /cvs/dirsec/dsgw/cookie.c,v retrieving revision 1.1.1.1 retrieving revision 1.2 diff -u -r1.1.1.1 -r1.2 --- cookie.c 1 Jun 2006 19:43:39 -0000 1.1.1.1 +++ cookie.c 22 Dec 2008 21:44:30 -0000 1.2 @@ -301,7 +301,7 @@ expired = 1; } else { #ifdef DSGW_DEBUG - dsgw_log( "dsgw_ckdn2passwd: cookie expired (%ld > %ld) but within domodify grace period\n", now, atoi( lifetimestr )); + dsgw_log( "dsgw_ckdn2passwd: cookie expired (%ld > %ld) but within domodify grace period\n", now, atol( lifetimestr )); #endif } } else if ( now > atoi( lifetimestr )) { @@ -311,7 +311,7 @@ if ( expired != 0 ) { dsgw_closecookiedb( fp ); #ifdef DSGW_DEBUG - dsgw_log( "dsgw_ckdn2passwd: expired (%ld > %ld)\n", now, atoi( lifetimestr )); + dsgw_log( "dsgw_ckdn2passwd: expired (%ld > %ld)\n", now, atol( lifetimestr )); #endif return DSGW_CKDB_EXPIRED; } Index: csearch.c =================================================================== RCS file: /cvs/dirsec/dsgw/csearch.c,v retrieving revision 1.7 retrieving revision 1.8 diff -u -r1.7 -r1.8 --- csearch.c 20 Mar 2008 02:18:39 -0000 1.7 +++ csearch.c 22 Dec 2008 21:44:30 -0000 1.8 @@ -41,6 +41,9 @@ #include "dsgw.h" #include "dbtdsgw.h" +#ifdef DSGW_DEBUG +#include +#endif static void get_request(char *fname); static void emit_file(char* filename, struct ldap_searchobj* sop); Index: dnedit.c =================================================================== RCS file: /cvs/dirsec/dsgw/dnedit.c,v retrieving revision 1.7 retrieving revision 1.8 diff -u -r1.7 -r1.8 --- dnedit.c 20 Mar 2008 02:18:39 -0000 1.7 +++ dnedit.c 22 Dec 2008 21:44:30 -0000 1.8 @@ -120,8 +120,7 @@ * * I feel your pain, so I have removed the pain. */ - "var comp_js = 'CU'\n", - dsgw_getvp( DSGW_CGINUM_EDIT ), context, edn ); + "var comp_js = 'CU'\n" ); dsgw_emits("var dnlist = new Array;\n" ); for ( i = 0; attrvals && attrvals[ i ] != NULL; i++ ) { xdn = ldap_explode_dn( attrvals[ i ], 1 ); Index: doauth.c =================================================================== RCS file: /cvs/dirsec/dsgw/doauth.c,v retrieving revision 1.6 retrieving revision 1.7 diff -u -r1.6 -r1.7 --- doauth.c 12 Jun 2008 14:01:33 -0000 1.6 +++ doauth.c 22 Dec 2008 21:44:30 -0000 1.7 @@ -76,6 +76,9 @@ encodeddn = dsgw_strdup_escaped( binddn ); authdesturl = dsgw_get_cgi_var( "authdesturl", DSGW_CGIVAR_OPTIONAL ); password = dsgw_get_cgi_var( "password", DSGW_CGIVAR_OPTIONAL ); + if (password && password[0]) { + unescape_entities(password); + } (void) dsgw_init_ldap( &ld, NULL, 1, 0); Index: domodify.c =================================================================== RCS file: /cvs/dirsec/dsgw/domodify.c,v retrieving revision 1.4 retrieving revision 1.5 diff -u -r1.4 -r1.5 --- domodify.c 6 Mar 2008 22:00:09 -0000 1.4 +++ domodify.c 22 Dec 2008 21:44:30 -0000 1.5 @@ -93,13 +93,13 @@ post_request() { LDAP *ld; - int rc, changetype, dnlen, i, passwd_changed, discard_authcreds; + int rc, changetype, dnlen, i, passwd_changed; char *s, *encodeddn, *dn, *newrdn, *changedesc, **rdns, **oldrdns, *jscomp, *entry_name, *new_name, *success_msg; char *old_dn; char buf[ 256 ]; - passwd_changed = discard_authcreds = 0; + passwd_changed = 0; s = dsgw_get_cgi_var( "changetype", DSGW_CGIVAR_REQUIRED ); changedesc = XP_GetClientStr(DBT_Editing_); @@ -553,16 +553,18 @@ return(LDAP_PARAM_ERROR); } - if ( verbose && pmods != NULL ) { + if ( pmods != NULL ) { int j, notascii; unsigned long k; struct berval *bvp; for ( i = 0; pmods[ i ] != NULL; ++i ) { modop = pmods[ i ]->mod_op & ~LDAP_MOD_BVALUES; - dsgw_emitf( "%s %s:\n", modop == LDAP_MOD_REPLACE ? - "replace" : modop == LDAP_MOD_ADD ? - "add" : "delete", pmods[ i ]->mod_type ); + if (verbose) { + dsgw_emitf( "%s %s:\n", modop == LDAP_MOD_REPLACE ? + "replace" : modop == LDAP_MOD_ADD ? + "add" : "delete", pmods[ i ]->mod_type ); + } if ( pmods[ i ]->mod_bvalues != NULL ) { for ( j = 0; pmods[ i ]->mod_bvalues[ j ] != NULL; ++j ) { bvp = pmods[ i ]->mod_bvalues[ j ]; @@ -573,10 +575,16 @@ break; } } - if ( notascii ) { - dsgw_emitf( XP_GetClientStr(DBT_TnotAsciiLdBytesN_), bvp->bv_len ); - } else { - dsgw_emitf( "\t\"%s\"\n", bvp->bv_val ); + if (verbose) { + if ( notascii ) { + dsgw_emitf( XP_GetClientStr(DBT_TnotAsciiLdBytesN_), bvp->bv_len ); + } else { + dsgw_emitf( "\t\"%s\"\n", bvp->bv_val ); + } + } + /* make sure all values sent via LDAP are not html escaped */ + if (!notascii && bvp->bv_val) { /* not not ascii == ascii */ + unescape_entities(bvp->bv_val); } } } Index: dosearch.c =================================================================== RCS file: /cvs/dirsec/dsgw/dosearch.c,v retrieving revision 1.5 retrieving revision 1.6 diff -u -r1.5 -r1.6 --- dosearch.c 27 Feb 2008 03:36:50 -0000 1.5 +++ dosearch.c 22 Dec 2008 21:44:30 -0000 1.6 @@ -139,9 +139,6 @@ static void get_request(char *dn, char *ldapquery) { - int urllen = 0; - int argslen = 0; - char *p = NULL; char *ldapurl = NULL; /* Index: dsgw.h =================================================================== RCS file: /cvs/dirsec/dsgw/dsgw.h,v retrieving revision 1.10 retrieving revision 1.11 diff -u -r1.10 -r1.11 --- dsgw.h 4 Sep 2008 02:46:09 -0000 1.10 +++ dsgw.h 22 Dec 2008 21:44:30 -0000 1.11 @@ -874,8 +874,6 @@ #else ; #endif -char *dsgw_strdup_with_entities( char *s, int *madecopyp ); -void dsgw_convert_entities( char *s ); void dsgw_HTML_emits( char * ); void dsgw_emit_cgi_var( int argc, char **argv ); void dsgw_emit_button( int argc, char **argv, const char* format, ... ) Index: dsgwutil.c =================================================================== RCS file: /cvs/dirsec/dsgw/dsgwutil.c,v retrieving revision 1.13 retrieving revision 1.14 diff -u -r1.13 -r1.14 --- dsgwutil.c 4 Sep 2008 02:46:09 -0000 1.13 +++ dsgwutil.c 22 Dec 2008 21:44:30 -0000 1.14 @@ -40,6 +40,7 @@ * dsgwutil.c -- misc. utility functions -- HTTP gateway */ +#include #include /* PATH_MAX */ #include "dsgw.h" #include "dbtdsgw.h" Index: emitf.c =================================================================== RCS file: /cvs/dirsec/dsgw/emitf.c,v retrieving revision 1.2 retrieving revision 1.3 diff -u -r1.2 -r1.3 --- emitf.c 14 Jan 2008 22:58:30 -0000 1.2 +++ emitf.c 22 Dec 2008 21:44:30 -0000 1.3 @@ -741,7 +741,8 @@ if (*s == 'q' || *s == 'Q') { while (ldap_utf8isspace (LDAP_UTF8INC(s))); if (*s == '=') { - item[i].i_q = strtod(++s, &s); + ++s; + item[i].i_q = strtod(s, &s); } } } while ((s = strchr (s, ';')) != NULL); Index: entrydisplay.c =================================================================== RCS file: /cvs/dirsec/dsgw/entrydisplay.c,v retrieving revision 1.11 retrieving revision 1.12 diff -u -r1.11 -r1.12 --- entrydisplay.c 22 Dec 2008 19:50:15 -0000 1.11 +++ entrydisplay.c 22 Dec 2008 21:44:30 -0000 1.12 @@ -739,7 +739,7 @@ if ( !editable ) { char *urlprefix = dsgw_ch_malloc( strlen(gc->gc_urlpfxmain) + 128); sprintf(urlprefix, "%semptyFrame.html", gc->gc_urlpfxmain); - dsgw_convert_entities(urlprefix); + unescape_entities(urlprefix); /* include the functions used to support "Edit" buttons */ /* function haveAuthCookie() */ @@ -1537,7 +1537,7 @@ int freeit; if ( quote_html_specials ) { - val = dsgw_strdup_with_entities( val, &freeit ); + val = strdup_escape_entities( val, &freeit ); } else { freeit = 0; } Index: htmlout.c =================================================================== RCS file: /cvs/dirsec/dsgw/htmlout.c,v retrieving revision 1.7 retrieving revision 1.8 diff -u -r1.7 -r1.8 --- htmlout.c 11 Jun 2008 21:12:31 -0000 1.7 +++ htmlout.c 22 Dec 2008 21:44:30 -0000 1.8 @@ -176,7 +176,7 @@ } } - newlabel = dsgw_strdup_with_entities( label, &freenewlabel ); + newlabel = strdup_escape_entities( label, &freenewlabel ); if ( newlabel != NULL && *newlabel != '\0' ) { dsgw_emitf( ">%s\n", newlabel ); if ( freenewlabel ) { @@ -266,98 +266,6 @@ } -#define DSGW_MAX_ENTITY_LEN 6 /* " */ -static char *specials = "&\"<>"; -static char *entities[] = { "&", """, "<", ">" }; -static int entitylen[] = { 5, 6, 4, 4 }; -static int entitynum = sizeof(entities)/sizeof(entities[0]); - -char * -dsgw_strdup_with_entities( char *s, int *madecopyp ) -{ -/* - * If the UTF8 string "s" contains any HTML special characters, make a - * duplicate where the appropriate HTML "entities" have been substituted - * for the special chars. For example, "" will be translated - * to "<mcs at ace.com>". - * - * If "s" does not contain any special characters, it is returned and - * *madecopyp is set to 0. - * Otherwise a malloc'd string is returned and *madecopyp is set to 1. - */ - int spcount, idx; - char *p, *q, *r, *d; - - spcount = 0; - for ( p = s; *p != '\0'; LDAP_UTF8INC( p )) { - if ( ((*p) & 0x80) == 0 && strchr( specials, *p ) != NULL ) { - ++spcount; - } - } - - if ( spcount == 0 ) { - *madecopyp = 0; - return( s ); - } - - d = r = dsgw_ch_malloc( strlen( s ) + 1 + spcount * DSGW_MAX_ENTITY_LEN ); - for ( p = s; *p != '\0'; LDAP_UTF8INC( p )) { - if ( ((*p) & 0x80) == 0 && ( q = strchr( specials, *p )) != NULL ) { - idx = ( q - specials ); - memcpy( r, entities[ idx ], entitylen[ idx ] ); - r += entitylen[ idx ]; - } else { - r += LDAP_UTF8COPY( r, p ); - } - } - *r = '\0'; - - *madecopyp = 1; - return( d ); -} - -/* this will convert a string with escaped entities ("&") - back to the original unescaped string ("&") - This is necessary for converting URLs which would normally - have entities in them (e.g. search?context=foo&dn=bar) - for use in javascript (e.g. window.href = 'search?context=foo&dn=bar') - since javascript must use the unescaped version - This converts the string in place since the entities "&" - take up much more room than the single character represented - If you need to work on a copy then make a copy with strdup first. -*/ -void -dsgw_convert_entities(char *s) -{ - int spcount, idx; - char *p, *q, *r, *d; - - if (!s || !*s) { - return; - } - - d = r = s; - for ( p = s; *p != '\0'; LDAP_UTF8INC( p )) { - if ( ((*p) & 0x80) == 0 && ( (*p) == '&') ) { - for( idx = 0; idx < entitynum; ++idx ) { - if (!strncmp(p, entities[ idx ], entitylen[ idx ])) { - break; - } - } - if (idx < entitynum) { - *r = specials[idx]; - ++r; - p += entitylen[ idx ]-1; /* the 1 will be added in the for loop */ - } else { - r += LDAP_UTF8COPY( r, p ); - } - } else { - r += LDAP_UTF8COPY( r, p ); - } - } - *r = '\0'; -} - void dsgw_form_begin( const char* name, const char* format, ... ) { Index: ldaputil.c =================================================================== RCS file: /cvs/dirsec/dsgw/ldaputil.c,v retrieving revision 1.5 retrieving revision 1.6 diff -u -r1.5 -r1.6 --- ldaputil.c 6 Mar 2008 22:00:09 -0000 1.5 +++ ldaputil.c 22 Dec 2008 21:44:30 -0000 1.6 @@ -155,6 +155,9 @@ } rndstr = dn = NULL; passwd = dsgw_get_cgi_var( "passwd", DSGW_CGIVAR_OPTIONAL ); + if (passwd && passwd[0]) { + unescape_entities(passwd); /* unescape before using with ldap */ + } if (( p = dsgw_get_cgi_var( "ldapsizelimit", DSGW_CGIVAR_OPTIONAL )) != NULL ) { @@ -189,7 +192,7 @@ #ifdef DSGW_DEBUG dsgw_log( "dsgw_init_ldap: run under admserv, user id = %s, " - "dn = %s, passwd = %s, skipac = %d, dn = 0x%x\n", + "dn = %s, passwd = %s, skipac = %d, dn = 0x%p\n", userid == NULL ? "NULL" : userid, dn == NULL ? "NULL" : dn, passwd == NULL ? "NULL" : passwd, Index: search.c =================================================================== RCS file: /cvs/dirsec/dsgw/search.c,v retrieving revision 1.4 retrieving revision 1.5 diff -u -r1.4 -r1.5 --- search.c 6 Mar 2008 22:00:09 -0000 1.4 +++ search.c 22 Dec 2008 21:44:30 -0000 1.5 @@ -38,9 +38,11 @@ /* * search.c -- CGI program to generate smart search form -- HTTP gateway */ - #include "dsgw.h" #include "dbtdsgw.h" +#ifdef DSGW_DEBUG +#include +#endif static void get_request(char *docname); static void do_searchtype_popup( struct ldap_searchobj *sop ); Index: tutor.c =================================================================== RCS file: /cvs/dirsec/dsgw/tutor.c,v retrieving revision 1.5 retrieving revision 1.6 diff -u -r1.5 -r1.6 --- tutor.c 20 Mar 2008 02:18:39 -0000 1.5 +++ tutor.c 22 Dec 2008 21:44:30 -0000 1.6 @@ -198,7 +198,7 @@ * Where MANUAL is literal */ html = PL_strdup(gc->gc_urlpfxmain); - dsgw_convert_entities(html); + unescape_entities(html); dsgw_emitf("Location: %s%s/%s\n\n", html, DSGW_MANUALSHORTCUT, head); free(html);