From nkinder at fedoraproject.org Mon Jan 5 16:57:06 2009 From: nkinder at fedoraproject.org (Nathan Kinder) Date: Mon, 5 Jan 2009 16:57:06 +0000 (UTC) Subject: [Fedora-directory-commits] ldapserver/ldap/servers/slapd add.c, 1.17, 1.18 modrdn.c, 1.12, 1.13 Message-ID: <20090105165706.2ECB27013F@cvs1.fedora.phx.redhat.com> Author: nkinder Update of /cvs/dirsec/ldapserver/ldap/servers/slapd In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv20204/ldap/servers/slapd Modified Files: add.c modrdn.c Log Message: Resolves: 474621 Summary: Don't allow auto-generated attributes to be used in RDN. Index: add.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/add.c,v retrieving revision 1.17 retrieving revision 1.18 diff -u -r1.17 -r1.18 --- add.c 19 Dec 2008 17:07:26 -0000 1.17 +++ add.c 5 Jan 2009 16:57:03 -0000 1.18 @@ -68,6 +68,7 @@ static int add_internal_pb (Slapi_PBlock *pb); static void op_shared_add (Slapi_PBlock *pb); static void add_created_attrs(Operation *op, Slapi_Entry *e); +static int check_rdn_for_created_attrs(Slapi_Entry *e); static void handle_fast_add(Slapi_PBlock *pb, Slapi_Entry *entry); static void add_uniqueid (Slapi_Entry *e); static PRBool check_oc_subentry(Slapi_Entry *e, struct berval **vals, char *normtype); @@ -176,17 +177,25 @@ goto free_and_return; } - /* if this is uniqueid attribute, set uniqueid field of the entry */ - if (strcasecmp (normtype, SLAPI_ATTR_UNIQUEID) == 0) - { - e->e_uniqueid = slapi_ch_strdup (vals[0]->bv_val); - } - if(searchsubentry) searchsubentry=check_oc_subentry(e,vals,normtype); + /* if this is uniqueid attribute, set uniqueid field of the entry */ + if (strcasecmp (normtype, SLAPI_ATTR_UNIQUEID) == 0) + { + e->e_uniqueid = slapi_ch_strdup (vals[0]->bv_val); + } + if(searchsubentry) searchsubentry=check_oc_subentry(e,vals,normtype); } + slapi_ch_free( (void**)&normtype ); ber_bvecfree( vals ); } + /* Ensure that created attributes are not used in the RDN. */ + if (check_rdn_for_created_attrs(e)) { + op_shared_log_error_access (pb, "ADD", slapi_sdn_get_dn(slapi_entry_get_sdn_const(e)), "invalid DN"); + send_ldap_result( pb, LDAP_INVALID_DN_SYNTAX, NULL, "illegal attribute in RDN", 0, NULL ); + goto free_and_return; + } + if ( tag == LBER_DEFAULT ) { op_shared_log_error_access (pb, "ADD", slapi_sdn_get_dn (slapi_entry_get_sdn_const(e)), "decoding error"); send_ldap_result( pb, LDAP_PROTOCOL_ERROR, NULL, @@ -723,6 +732,40 @@ } +/* Checks if created attributes are used in the RDN. + * Returns 1 if created attrs are in the RDN, and + * 0 if created attrs are not in the RDN. Returns + * -1 if an error occurred. + */ +static int check_rdn_for_created_attrs(Slapi_Entry *e) +{ + int i, rc = 0; + Slapi_RDN *rdn = NULL; + char *value = NULL; + char *type[] = {SLAPI_ATTR_UNIQUEID, "modifytimestamp", "createtimestamp", + "creatorsname", "modifiersname", 0}; + + if (rdn = slapi_rdn_new()) { + slapi_rdn_init_dn(rdn, slapi_entry_get_dn_const(e)); + + for (i = 0; type[i] != NULL; i++) { + if (slapi_rdn_contains_attr(rdn, type[i], &value)) { + LDAPDebug(LDAP_DEBUG_TRACE, "Invalid DN. RDN contains %s attribute\n", type[i], 0, 0); + rc = 1; + break; + } + } + + slapi_rdn_free(&rdn); + } else { + LDAPDebug(LDAP_DEBUG_TRACE, "check_rdn_for_created_attrs: Error allocating RDN\n", 0, 0, 0); + rc = -1; + } + + return rc; +} + + static void handle_fast_add(Slapi_PBlock *pb, Slapi_Entry *entry) { Slapi_Backend *be; Index: modrdn.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/modrdn.c,v retrieving revision 1.12 retrieving revision 1.13 diff -u -r1.12 -r1.13 --- modrdn.c 5 Dec 2008 22:41:52 -0000 1.12 +++ modrdn.c 5 Jan 2009 16:57:03 -0000 1.13 @@ -64,6 +64,7 @@ /* Forward declarations */ static int rename_internal_pb (Slapi_PBlock *pb); static void op_shared_rename (Slapi_PBlock *pb, int passin_args ); +static int check_rdn_for_created_attrs(const char *newrdn); /* This function is called to process operation that come over external connections */ void @@ -151,10 +152,11 @@ op_shared_rename(pb, 1 /* pass in ownership of string arguments */ ); return; -free_and_return:; +free_and_return: slapi_ch_free((void **) &dn ); slapi_ch_free((void **) &newrdn ); slapi_ch_free((void **) &newsuperior ); + return; } /* This function is used to issue internal modrdn operation @@ -386,6 +388,12 @@ ldap_value_free(rdns); } + /* check if created attributes are used in the new RDN */ + if (check_rdn_for_created_attrs((const char *)newrdn)) { + send_ldap_result(pb, LDAP_INVALID_DN_SYNTAX, NULL, "invalid attribute in RDN", 0, NULL); + goto free_and_return_nolock; + } + /* check that the dn is formatted correctly */ if ((rdns = ldap_explode_dn(newsuperior, 0)) == NULL) { @@ -536,3 +544,35 @@ slapi_ch_free((void **)&s); } } + + +/* Checks if created attributes are used in the RDN. + * Returns 1 if created attrs are in the RDN, and + * 0 if created attrs are not in the RDN. Returns + * -1 if an error occurs. + */ +static int check_rdn_for_created_attrs(const char *newrdn) +{ + int i, rc = 0; + Slapi_RDN *rdn = NULL; + char *value = NULL; + char *type[] = {"modifytimestamp", "createtimestamp", + "creatorsname", "modifiersname", 0}; + + if (newrdn && *newrdn && (rdn = slapi_rdn_new())) { + slapi_rdn_init_dn(rdn, newrdn); + for (i = 0; type[i] != NULL; i++) { + if (slapi_rdn_contains_attr(rdn, type[i], &value)) { + LDAPDebug(LDAP_DEBUG_TRACE, "Invalid DN. RDN contains %s attribute\n", type[i], 0, 0); + rc = 1; + break; + } + } + slapi_rdn_free(&rdn); + } else { + LDAPDebug(LDAP_DEBUG_TRACE, "check_rdn_for_created_attrs: Error allocating RDN\n", 0, 0, 0); + rc = -1; + } + + return rc; +} From nhosoi at fedoraproject.org Tue Jan 6 22:50:33 2009 From: nhosoi at fedoraproject.org (Noriko Hosoi) Date: Tue, 6 Jan 2009 22:50:33 +0000 (UTC) Subject: [Fedora-directory-commits] ldapserver/ldap/servers/slapd slapi-private.h, 1.31, 1.32 ava.c, 1.8, 1.9 dn.c, 1.10, 1.11 util.c, 1.23, 1.24 Message-ID: <20090106225034.1FFB970125@cvs1.fedora.phx.redhat.com> Author: nhosoi Update of /cvs/dirsec/ldapserver/ldap/servers/slapd In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv2079 Modified Files: slapi-private.h ava.c dn.c util.c Log Message: Resolves: #438139 Summary: DN with antislash('\') rename (modrdn) problem Problem description: Unescape codes in the DS (strcpy_special_undo in ava.c and strcpy_unescape_dnvalue in dn.c) were "unescaping" more than the escape code (e.g., escape_dn_value in NET LDAP) does escaping. The test string 'BeforeSlash\AfterSlash' fortunately/unfortunately contains '\Af', which is considered '\##' (where # is hex number) by the DS unescape functions even though it was not meant to be escaped. As long as using UTF-8, there is no chance for the server to receive "\af". Change description: 1) There were identical static functions: strcpy_special_undo (ava.c) and strcpy_special_undo (dn.c). Merged them to strcpy_unescape_value and put it in util.c. 2) In the unescape/normalize functions for dn (strcpy_unescape_value in util.c and substr_dn_normalize in dn.c), added a check for the first hex number in '\##'. If the 8th bit is on, we don't do unescaping but store it as is since the unescaped character is not UTF-8. 3) If 2 consecutive '\'s are passed to the unescape/normalize functions, keep one of them. Index: slapi-private.h =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/slapi-private.h,v retrieving revision 1.31 retrieving revision 1.32 diff -u -r1.31 -r1.32 --- slapi-private.h 2 Dec 2008 15:29:30 -0000 1.31 +++ slapi-private.h 6 Jan 2009 22:50:29 -0000 1.32 @@ -1111,11 +1111,12 @@ int slapd_security_library_is_initialized( void ); char* slapd_get_tmp_dir( void ); -/* Misc crrrrrrap */ +/* util.c */ #include /* GGOODREPL - For BUFSIZ, below, gak */ const char* escape_string (const char* str, char buf[BUFSIZ]); const char* escape_string_with_punctuation(const char* str, char buf[BUFSIZ]); const char* escape_filter_value(const char* str, int len, char buf[BUFSIZ]); +void strcpy_unescape_value( char *d, const char *s ); char *slapi_berval_get_string_copy(const struct berval *bval); Index: ava.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/ava.c,v retrieving revision 1.8 retrieving revision 1.9 diff -u -r1.8 -r1.9 --- ava.c 15 Oct 2008 06:30:03 -0000 1.8 +++ ava.c 6 Jan 2009 22:50:30 -0000 1.9 @@ -96,73 +96,9 @@ *s++ = '\0'; ava->ava_type = rdn; - strcpy_special_undo( s, s ); + strcpy_unescape_value( s, s ); ava->ava_value.bv_val = s; ava->ava_value.bv_len = strlen( s ); return( 0 ); } - -/* -** This function takes a quoted attribute value of the form "abc", -** and strips off the enclosing quotes. It also deals with quoted -** characters by removing the preceeding '\' character. -** -*/ -static void -strcpy_special_undo( char *d, const char *s ) -{ - const char *end = s + strlen(s); - for ( ; s < end && *s; s++ ) - { - switch ( *s ) - { - case '"': - break; - case '\\': - { - /* - * The '\' could be escaping a single character, ie \" - * or could be escaping a hex byte, ie \01 - */ - int singlecharacter= 1; - if ( s+2 < end ) - { - int n = hexchar2int( s[1] ); - if ( n >= 0 ) - { - int n2 = hexchar2int( s[2] ); - if ( n2 >= 0 ) - { - singlecharacter= 0; - n = (n << 4) + n2; - if (n == 0) - { - /* don't change \00 */ - *d++ = *++s; - *d++ = *++s; - } - else - { - /* change \xx to a single char */ - ++s; - *(unsigned char*)(s+1) = n; - } - } - } - } - if(singlecharacter) - { - s++; - *d++ = *s; - } - break; - } - default: - *d++ = *s; - break; - } - } - *d = '\0'; -} - Index: dn.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/dn.c,v retrieving revision 1.10 retrieving revision 1.11 diff -u -r1.10 -r1.11 --- dn.c 4 Oct 2007 16:27:47 -0000 1.10 +++ dn.c 6 Jan 2009 22:50:30 -0000 1.11 @@ -138,11 +138,11 @@ char * substr_dn_normalize( char *dn, char *end ) { - /* \xx is changed to \c. - * \c is changed to c, unless this would change its meaning. - * All values that contain 2 or more separators are "enquoted"; - * all other values are not enquoted. - */ + /* \xx is changed to \c. + * \c is changed to c, unless this would change its meaning. + * All values that contain 2 or more separators are "enquoted"; + * all other values are not enquoted. + */ char *value = NULL; char *value_separator = NULL; char *d = NULL; @@ -192,22 +192,22 @@ break; case INVALUE: if ( gotesc ) { - if ( SEPARATOR( *s ) ) { - value_separator = d; - } else if ( ! NEEDSESCAPE( *s ) ) { - --d; /* eliminate the \ */ - } + if ( SEPARATOR( *s ) ) { + value_separator = d; + } else if ( ! NEEDSESCAPE( *s ) ) { + --d; /* eliminate the \ */ + } } else if ( SEPARATOR( *s ) ) { - while ( SPACE( *(d - 1) ) ) - d--; - if ( value_separator == dn ) { /* 2 or more separators */ + while ( SPACE( *(d - 1) ) ) + d--; + if ( value_separator == dn ) { /* 2 or more separators */ /* convert to quoted value: */ char *L = NULL; /* char after last seperator */ char *R; /* value character iterator */ int escape_skips = 0; /* number of escapes we have seen after the first */ for ( R = value; (R = strchr( R, '\\' )) && (R < d); L = ++R ) { - if ( SEPARATOR( R[1] )) { + if ( SEPARATOR( R[1] )) { if ( L == NULL ) { /* executes once, at first escape, adds opening quote */ const size_t len = R - value; @@ -229,113 +229,120 @@ --d; ++escape_skips; } - } + } } memmove( value, L, d - L + escape_skips ); *d++ = '"'; /* closing quote */ - } - state = B4TYPE; + } + state = B4TYPE; - /* - * Track and sort attribute values within - * multivalued RDNs. - */ - if ( *s == '+' || rdn_av_count > 0 ) { + /* + * Track and sort attribute values within + * multivalued RDNs. + */ + if ( *s == '+' || rdn_av_count > 0 ) { add_rdn_av( typestart, d, &rdn_av_count, &rdn_avs, initial_rdn_av_stack ); - } - if ( *s != '+' ) { /* at end of this RDN */ + } + if ( *s != '+' ) { /* at end of this RDN */ if ( rdn_av_count > 1 ) { - sort_rdn_avs( rdn_avs, rdn_av_count ); + sort_rdn_avs( rdn_avs, rdn_av_count ); } if ( rdn_av_count > 0 ) { - reset_rdn_avs( &rdn_avs, &rdn_av_count ); + reset_rdn_avs( &rdn_avs, &rdn_av_count ); } - } + } - *d++ = (*s == '+') ? '+' : ','; - break; + *d++ = (*s == '+') ? '+' : ','; + break; } *d++ = *s; break; case INQUOTEDVALUE: if ( gotesc ) { - if ( ! NEEDSESCAPE( *s ) ) { - --d; /* eliminate the \ */ - } + if ( ! NEEDSESCAPE( *s ) ) { + --d; /* eliminate the \ */ + } } else if ( *s == '"' ) { - state = B4SEPARATOR; - if ( value_separator == dn /* 2 or more separators */ - || SPACE( value[1] ) || SPACE( d[-1] ) ) { - *d++ = *s; - } else { - /* convert to non-quoted value: */ - if ( value_separator == NULL ) { /* no separators */ - memmove ( value, value+1, (d-value)-1 ); - --d; - } else { /* 1 separator */ - memmove ( value, value+1, (value_separator-value)-1 ); - *(value_separator - 1) = '\\'; + state = B4SEPARATOR; + if ( value_separator == dn /* 2 or more separators */ + || SPACE( value[1] ) || SPACE( d[-1] ) ) { + *d++ = *s; + } else { + /* convert to non-quoted value: */ + if ( value_separator == NULL ) { /* no separators */ + memmove ( value, value+1, (d-value)-1 ); + --d; + } else { /* 1 separator */ + memmove ( value, value+1, (value_separator-value)-1 ); + *(value_separator - 1) = '\\'; + } } - } - break; + break; } if ( SEPARATOR( *s )) { - if ( value_separator ) value_separator = dn; - else value_separator = d; + if ( value_separator ) value_separator = dn; + else value_separator = d; } *d++ = *s; break; case B4SEPARATOR: if ( SEPARATOR( *s ) ) { - state = B4TYPE; + state = B4TYPE; - /* - * Track and sort attribute values within - * multivalued RDNs. - */ - if ( *s == '+' || rdn_av_count > 0 ) { - add_rdn_av( typestart, d, &rdn_av_count, - &rdn_avs, initial_rdn_av_stack ); - } - if ( *s != '+' ) { /* at end of this RDN */ - if ( rdn_av_count > 1 ) { - sort_rdn_avs( rdn_avs, rdn_av_count ); + /* + * Track and sort attribute values within + * multivalued RDNs. + */ + if ( *s == '+' || rdn_av_count > 0 ) { + add_rdn_av( typestart, d, &rdn_av_count, + &rdn_avs, initial_rdn_av_stack ); } - if ( rdn_av_count > 0 ) { - reset_rdn_avs( &rdn_avs, &rdn_av_count ); + if ( *s != '+' ) { /* at end of this RDN */ + if ( rdn_av_count > 1 ) { + sort_rdn_avs( rdn_avs, rdn_av_count ); + } + if ( rdn_av_count > 0 ) { + reset_rdn_avs( &rdn_avs, &rdn_av_count ); + } } - } - *d++ = (*s == '+') ? '+' : ','; + *d++ = (*s == '+') ? '+' : ','; } break; default: LDAPDebug( LDAP_DEBUG_ANY, - "slapi_dn_normalize - unknown state %d\n", state, 0, 0 ); + "slapi_dn_normalize - unknown state %d\n", state, 0, 0 ); break; } - if ( *s != '\\' ) { - gotesc = 0; - } else { - gotesc = 1; - if ( s+2 < end ) { - int n = hexchar2int( s[1] ); - if ( n >= 0 ) { - int n2 = hexchar2int( s[2] ); - if ( n2 >= 0 ) { - n = (n << 4) + n2; - if (n == 0) { /* don't change \00 */ - *d++ = *++s; - *d++ = *++s; - gotesc = 0; - } else { /* change \xx to a single char */ - ++s; - *(unsigned char*)(s+1) = n; - } + if ( *s == '\\' ) { + if ( gotesc ) { /* '\\', again */ + /* =XXX\\\\7AYYY; we should keep \\\\. */ + gotesc = 0; + } else { + gotesc = 1; + if ( s+2 < end ) { + int n = hexchar2int( s[1] ); + /* If 8th bit is on, the char is not ASCII (not UTF-8). + * Thus, not UTF-8 */ + if ( n >= 0 && n < 8 ) { + int n2 = hexchar2int( s[2] ); + if ( n2 >= 0 ) { + n = (n << 4) + n2; + if (n == 0) { /* don't change \00 */ + *d++ = *++s; + *d++ = *++s; + gotesc = 0; + } else { /* change \xx to a single char */ + ++s; + *(unsigned char*)(s+1) = n; + } + } + } } - } } + } else { + gotesc = 0; } } @@ -349,14 +356,14 @@ * or B4SEPARATOR state if we have a valid rdn component to * be added. */ if ((rdn_av_count > 0) && ((state == INVALUE) || (state == B4SEPARATOR))) { - add_rdn_av( typestart, d, &rdn_av_count, - &rdn_avs, initial_rdn_av_stack ); + add_rdn_av( typestart, d, &rdn_av_count, + &rdn_avs, initial_rdn_av_stack ); } if ( rdn_av_count > 1 ) { - sort_rdn_avs( rdn_avs, rdn_av_count ); + sort_rdn_avs( rdn_avs, rdn_av_count ); } if ( rdn_av_count > 0 ) { - reset_rdn_avs( &rdn_avs, &rdn_av_count ); + reset_rdn_avs( &rdn_avs, &rdn_av_count ); } /* Trim trailing spaces */ while ( d != dn && *(d - 1) == ' ' ) d--; /* XXX 518524 */ @@ -793,73 +800,6 @@ return 0; } - - -/* -** This function takes a quoted attribute value of the form "abc", -** and strips off the enclosing quotes. It also deals with quoted -** characters by removing the preceeding '\' character. -** -*/ -static void -strcpy_unescape_dnvalue( char *d, const char *s ) -{ - const char *end = s + strlen(s); - for ( ; *s; s++ ) - { - switch ( *s ) - { - case '"': - break; - case '\\': - { - /* - * The '\' could be escaping a single character, ie \" - * or could be escaping a hex byte, ie \01 - */ - int singlecharacter= 1; - if ( s+2 < end ) - { - int n = hexchar2int( s[1] ); - if ( n >= 0 ) - { - int n2 = hexchar2int( s[2] ); - if ( n2 >= 0 ) - { - singlecharacter= 0; - n = (n << 4) + n2; - if (n == 0) - { - /* don't change \00 */ - *d++ = *++s; - *d++ = *++s; - } - else - { - /* change \xx to a single char */ - ++s; - *(unsigned char*)(s+1) = n; - } - } - } - } - if(singlecharacter) - { - s++; - *d++ = *s; - } - break; - } - default: - *d++ = *s; - break; - } - } - *d = '\0'; -} - - - int slapi_rdn2typeval( char *rdn, @@ -881,7 +821,7 @@ When adding the rdn attribute in the entry, we need to remove all special escaped characters included in the value itself, i.e., strings like "\;" must be converted to ";" and so on... */ - strcpy_unescape_dnvalue(s,s); + strcpy_unescape_value(s,s); bv->bv_val = s; bv->bv_len = strlen( s ); Index: util.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/util.c,v retrieving revision 1.23 retrieving revision 1.24 diff -u -r1.23 -r1.24 --- util.c 19 Dec 2008 19:26:01 -0000 1.23 +++ util.c 6 Jan 2009 22:50:30 -0000 1.24 @@ -198,6 +198,64 @@ return do_escape_string(str,len,buf,special_filter); } +/* +** This function takes a quoted attribute value of the form "abc", +** and strips off the enclosing quotes. It also deals with quoted +** characters by removing the preceeding '\' character. +** +*/ +void +strcpy_unescape_value( char *d, const char *s ) +{ + char *head = d; + int gotesc = 0; + const char *end = s + strlen(s); + for ( ; *s; s++ ) + { + switch ( *s ) + { + case '\\': + if ( gotesc ) { + gotesc = 0; + } else { + gotesc = 1; + if ( s+2 < end ) { + int n = hexchar2int( s[1] ); + /* If 8th bit is on, the char is not ASCII (not UTF-8). + * Thus, not UTF-8 */ + if ( n >= 0 && n < 8 ) { + int n2 = hexchar2int( s[2] ); + if ( n2 >= 0 ) { + n = (n << 4) + n2; + if (n == 0) { /* don't change \00 */ + *d++ = *s++; + *d++ = *s++; + *d++ = *s; + } else { /* change \xx to a single char */ + *d++ = (char)n; + s += 2; + } + gotesc = 0; + } + } + } + if (gotesc) { + *d++ = *s; + } + } + break; + default: + if (gotesc) { + d--; + } + *d++ = *s; + gotesc = 0; + break; + } + } + *d = '\0'; +} + /* functions to convert between an entry and a set of mods */ int slapi_mods2entry (Slapi_Entry **e, const char *idn, LDAPMod **iattrs) { From nkinder at fedoraproject.org Wed Jan 7 00:15:47 2009 From: nkinder at fedoraproject.org (Nathan Kinder) Date: Wed, 7 Jan 2009 00:15:47 +0000 (UTC) Subject: [Fedora-directory-commits] ldapserver/ldap/servers/slapd main.c, 1.29, 1.30 Message-ID: <20090107001547.63F8B70141@cvs1.fedora.phx.redhat.com> Author: nkinder Update of /cvs/dirsec/ldapserver/ldap/servers/slapd In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv26341/ldap/servers/slapd Modified Files: main.c Log Message: Resolves:479065 Summary: Only check permissions on nsslapd-rundir in normal execution mode. Index: main.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/main.c,v retrieving revision 1.29 retrieving revision 1.30 diff -u -r1.29 -r1.30 --- main.c 15 Dec 2008 17:42:25 -0000 1.29 +++ main.c 7 Jan 2009 00:15:44 -0000 1.30 @@ -976,17 +976,18 @@ case SLAPD_EXEMODE_PRINTVERSION: slapd_print_version(1); exit(1); - } - - /* Ensure that we can read from and write to our rundir */ - if (access(config_get_rundir(), R_OK | W_OK)) { - LDAPDebug(LDAP_DEBUG_ANY, "Unable to access nsslapd-rundir: %s\n", - slapd_system_strerror(errno), 0, 0); - LDAPDebug(LDAP_DEBUG_ANY, "Ensure that user \"%s\" has read and write " - "permissions on %s\n", - slapdFrontendConfig->localuser, config_get_rundir(), 0); - LDAPDebug(LDAP_DEBUG_ANY, "Shutting down.\n", 0, 0, 0); - exit(1); + default: + /* Ensure that we can read from and write to our rundir */ + if (access(config_get_rundir(), R_OK | W_OK)) { + LDAPDebug(LDAP_DEBUG_ANY, "Unable to access nsslapd-rundir: %s\n", + slapd_system_strerror(errno), 0, 0); + LDAPDebug(LDAP_DEBUG_ANY, "Ensure that user \"%s\" has read and write " + "permissions on %s\n", + slapdFrontendConfig->localuser, config_get_rundir(), 0); + LDAPDebug(LDAP_DEBUG_ANY, "Shutting down.\n", 0, 0, 0); + exit(1); + } + break; } /* From rmeggins at fedoraproject.org Wed Jan 7 02:33:40 2009 From: rmeggins at fedoraproject.org (Richard Allen Megginson) Date: Wed, 7 Jan 2009 02:33:40 +0000 (UTC) Subject: [Fedora-directory-commits] ldapserver/ldap/servers/slapd util.c, 1.24, 1.25 Message-ID: <20090107023340.77AD07013F@cvs1.fedora.phx.redhat.com> Author: rmeggins Update of /cvs/dirsec/ldapserver/ldap/servers/slapd In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv29276/ldapserver/ldap/servers/slapd Modified Files: util.c Log Message: Resolves: bug 479077 Bug Description: Server to Server SASL/DIGEST-MD5 not Supported over SSL/TLS Reviewed by: nkinder (Thanks!) Fix Description: If using TLS/SSL, we don't need to use a sasl security layer, so just set the maxssf to 0. Platforms tested: RHEL5 Flag Day: no Doc impact: no Index: util.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/util.c,v retrieving revision 1.24 retrieving revision 1.25 diff -u -r1.24 -r1.25 --- util.c 6 Jan 2009 22:50:30 -0000 1.24 +++ util.c 7 Jan 2009 02:33:37 -0000 1.25 @@ -1257,6 +1257,10 @@ } } } else { + /* a SASL mech - set the sasl ssf to 0 if using TLS/SSL */ + if (secure) { + ldap_set_option(ld, LDAP_OPT_X_SASL_SECPROPS, "maxssf=0"); + } rc = slapd_ldap_sasl_interactive_bind(ld, bindid, creds, mech, serverctrls, returnedctrls, msgidp); From rmeggins at fedoraproject.org Wed Jan 7 21:45:58 2009 From: rmeggins at fedoraproject.org (Richard Allen Megginson) Date: Wed, 7 Jan 2009 21:45:58 +0000 (UTC) Subject: [Fedora-directory-commits] ldapserver/ldap/servers/plugins/replication windows_protocol_util.c, 1.44, 1.45 Message-ID: <20090107214558.6988470141@cvs1.fedora.phx.redhat.com> Author: rmeggins Update of /cvs/dirsec/ldapserver/ldap/servers/plugins/replication In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv23969/ldapserver/ldap/servers/plugins/replication Modified Files: windows_protocol_util.c Log Message: Resolves: bug 478656 Bug Description: rhds accounts are disabled in ad after full sync Reviewed by: nkinder (Thanks!) Fix Description: The incremental sync code calls send_accountcontrol_modify after adding an entry, but the total update code does not. I modified the code to do that. I also changed the send_accountcontrol_modify to force the account to be enabled if adding it. I tried just adding userAccountContro:512 to the default user add template, but AD does not like this - gives operations error. So you have to modify userAccountControl after adding the entry. I also cleaned up a couple of minor memory leaks. Platforms tested: RHEL5 Flag Day: no Doc impact: Yes - we need to document the fact that new accounts will now be created in AD enabled Index: windows_protocol_util.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/plugins/replication/windows_protocol_util.c,v retrieving revision 1.44 retrieving revision 1.45 diff -u -r1.44 -r1.45 --- windows_protocol_util.c 15 Dec 2008 15:59:41 -0000 1.44 +++ windows_protocol_util.c 7 Jan 2009 21:45:55 -0000 1.45 @@ -806,7 +806,7 @@ } static int -send_accountcontrol_modify(Slapi_DN *sdn, Private_Repl_Protocol *prp) +send_accountcontrol_modify(Slapi_DN *sdn, Private_Repl_Protocol *prp, int missing_entry) { ConnResult mod_return = 0; Slapi_Mods smods = {0}; @@ -823,9 +823,18 @@ acctval = slapi_entry_attr_get_ulong(remote_entry, "userAccountControl"); } slapi_entry_free(remote_entry); + /* if we are adding a new entry, we need to set the entry to be + enabled to allow AD login */ + if (missing_entry) { + slapi_log_error(SLAPI_LOG_REPL, windows_repl_plugin_name, + "%s: New Windows entry %s will be enabled.\n", + agmt_get_long_name(prp->agmt), slapi_sdn_get_dn(sdn)); + acctval &= ~0x2; /* unset the disabled bit, if set */ + } + /* set the account to be a normal account */ acctval |= 0x0200; /* normal account == 512 */ - slapi_mods_init (&smods, 0); + slapi_mods_init (&smods, 0); PR_snprintf(acctvalstr, sizeof(acctvalstr), "%lu", acctval); slapi_mods_add_string(&smods, LDAP_MOD_REPLACE, "userAccountControl", acctvalstr); @@ -1320,7 +1329,7 @@ * userAccountControl: 512 */ if (op->operation_type == SLAPI_OPERATION_ADD && missing_entry) { - return_value = send_accountcontrol_modify(remote_dn, prp); + return_value = send_accountcontrol_modify(remote_dn, prp, missing_entry); } } } @@ -1340,6 +1349,7 @@ { slapi_sdn_free(&remote_dn); } + slapi_ch_free_string(&password); return return_value; } @@ -3631,6 +3641,10 @@ } ldap_mods_free(entryattrs, 1); entryattrs = NULL; + + if (retval == 0) { /* set the account control bits */ + retval = send_accountcontrol_modify(remote_dn, prp, missing_entry); + } } } else { @@ -3659,6 +3673,7 @@ slapi_entry_free(remote_entry); } } + slapi_ch_free_string(&password); return retval; } From fedora-directory-commits at redhat.com Thu Jan 8 21:44:26 2009 From: fedora-directory-commits at redhat.com (Doctor Conrad) Date: Thu, 8 Jan 2009 16:44:26 -0500 Subject: [Fedora-directory-commits] RE: (Canadian Pharmacy Message) I don\'t know where are you! Message-ID: <20090108134427.6372.qmail@mta.email.webmd.com> An HTML attachment was scrubbed... URL: From rmeggins at fedoraproject.org Thu Jan 8 22:29:41 2009 From: rmeggins at fedoraproject.org (Richard Allen Megginson) Date: Thu, 8 Jan 2009 22:29:41 +0000 (UTC) Subject: [Fedora-directory-commits] adminserver configure.ac, 1.27, 1.28 aclocal.m4, 1.42, 1.43 configure, 1.46, 1.47 missing, 1.32, 1.33 install-sh, 1.32, 1.33 Makefile.in, 1.49, 1.50 depcomp, 1.32, 1.33 config.sub, 1.32, 1.33 config.guess, 1.32, 1.33 compile, 1.31, 1.32 Message-ID: <20090108222941.6C40E7011C@cvs1.fedora.phx.redhat.com> Author: rmeggins Update of /cvs/dirsec/adminserver In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv7919 Modified Files: configure.ac aclocal.m4 configure missing install-sh Makefile.in depcomp config.sub config.guess compile Log Message: initial version 1.1.7 commit Index: configure.ac =================================================================== RCS file: /cvs/dirsec/adminserver/configure.ac,v retrieving revision 1.27 retrieving revision 1.28 diff -u -r1.27 -r1.28 --- configure.ac 14 Jul 2008 23:51:43 -0000 1.27 +++ configure.ac 8 Jan 2009 22:29:38 -0000 1.28 @@ -2,7 +2,7 @@ # Process this file with autoconf to produce a configure script. AC_PREREQ(2.59) -AC_INIT([dirsrv-admin], [1.1.6], [http://bugzilla.redhat.com/]) +AC_INIT([dirsrv-admin], [1.1.7], [http://bugzilla.redhat.com/]) AC_CONFIG_SRCDIR([admserv/cgi-src40/viewlog.c]) AM_INIT_AUTOMAKE([1.9 foreign subdir-objects]) AM_MAINTAINER_MODE Index: configure =================================================================== RCS file: /cvs/dirsec/adminserver/configure,v retrieving revision 1.46 retrieving revision 1.47 diff -u -r1.46 -r1.47 --- configure 3 Sep 2008 21:42:57 -0000 1.46 +++ configure 8 Jan 2009 22:29:38 -0000 1.47 @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.59 for dirsrv-admin 1.1.6. +# Generated by GNU Autoconf 2.59 for dirsrv-admin 1.1.7. # # Report bugs to . # @@ -423,8 +423,8 @@ # Identity of this package. PACKAGE_NAME='dirsrv-admin' PACKAGE_TARNAME='dirsrv-admin' -PACKAGE_VERSION='1.1.6' -PACKAGE_STRING='dirsrv-admin 1.1.6' +PACKAGE_VERSION='1.1.7' +PACKAGE_STRING='dirsrv-admin 1.1.7' PACKAGE_BUGREPORT='http://bugzilla.redhat.com/' ac_unique_file="admserv/cgi-src40/viewlog.c" @@ -957,7 +957,7 @@ # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures dirsrv-admin 1.1.6 to adapt to many kinds of systems. +\`configure' configures dirsrv-admin 1.1.7 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1023,7 +1023,7 @@ if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of dirsrv-admin 1.1.6:";; + short | recursive ) echo "Configuration of dirsrv-admin 1.1.7:";; esac cat <<\_ACEOF @@ -1202,7 +1202,7 @@ test -n "$ac_init_help" && exit 0 if $ac_init_version; then cat <<\_ACEOF -dirsrv-admin configure 1.1.6 +dirsrv-admin configure 1.1.7 generated by GNU Autoconf 2.59 Copyright (C) 2003 Free Software Foundation, Inc. @@ -1216,7 +1216,7 @@ This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by dirsrv-admin $as_me 1.1.6, which was +It was created by dirsrv-admin $as_me 1.1.7, which was generated by GNU Autoconf 2.59. Invocation command line was $ $0 $@ @@ -1860,7 +1860,7 @@ # Define the identity of the package. PACKAGE='dirsrv-admin' - VERSION='1.1.6' + VERSION='1.1.7' cat >>confdefs.h <<_ACEOF @@ -25613,7 +25613,7 @@ } >&5 cat >&5 <<_CSEOF -This file was extended by dirsrv-admin $as_me 1.1.6, which was +This file was extended by dirsrv-admin $as_me 1.1.7, which was generated by GNU Autoconf 2.59. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -25676,7 +25676,7 @@ cat >>$CONFIG_STATUS <<_ACEOF ac_cs_version="\\ -dirsrv-admin config.status 1.1.6 +dirsrv-admin config.status 1.1.7 configured by $0, generated by GNU Autoconf 2.59, with options \\"`echo "$ac_configure_args" | sed 's/[\\""\`\$]/\\\\&/g'`\\" From nhosoi at fedoraproject.org Thu Jan 8 23:11:46 2009 From: nhosoi at fedoraproject.org (Noriko Hosoi) Date: Thu, 8 Jan 2009 23:11:46 +0000 (UTC) Subject: [Fedora-directory-commits] ldapserver/ldap/servers/plugins/cos cos_cache.c, 1.9, 1.10 Message-ID: <20090108231146.80A4A7013F@cvs1.fedora.phx.redhat.com> Author: nhosoi Update of /cvs/dirsec/ldapserver/ldap/servers/plugins/cos In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv12555 Modified Files: cos_cache.c Log Message: Resolves: #436830 Summary: Memory leak in ns-slapd's Class Of Service Fix Description: When all the necessary values for the template cache are not available, the allocated memory should be discarded. One of them pCosPriority was missed to release. Index: cos_cache.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/plugins/cos/cos_cache.c,v retrieving revision 1.9 retrieving revision 1.10 diff -u -r1.9 -r1.10 --- cos_cache.c 18 Oct 2007 00:08:28 -0000 1.9 +++ cos_cache.c 8 Jan 2009 23:11:43 -0000 1.10 @@ -1190,7 +1190,7 @@ { while(dnVals[valIndex]) { - if(dnVals[valIndex]->bv_val) + if(dnVals[valIndex]->bv_val) cos_cache_add_attrval(pSneakyVal, dnVals[valIndex]->bv_val); @@ -1269,6 +1269,8 @@ cos_cache_del_attrval_list(&pDn); if(pAttributes) cos_cache_del_attr_list(&pAttributes); + if(pCosPriority) + cos_cache_del_attrval_list(&pCosPriority); } } /* From nkinder at fedoraproject.org Fri Jan 9 17:24:32 2009 From: nkinder at fedoraproject.org (Nathan Kinder) Date: Fri, 9 Jan 2009 17:24:32 +0000 (UTC) Subject: [Fedora-directory-commits] ldapserver/ldap/servers/slapd main.c, 1.30, 1.31 Message-ID: <20090109172432.AD04470141@cvs1.fedora.phx.redhat.com> Author: nkinder Update of /cvs/dirsec/ldapserver/ldap/servers/slapd In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv4170/ldap/servers/slapd Modified Files: main.c Log Message: Resolves: 381361 Summary: Add support for synchronizing the cn attribute between DS and AD. Index: main.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/main.c,v retrieving revision 1.30 retrieving revision 1.31 diff -u -r1.30 -r1.31 --- main.c 7 Jan 2009 00:15:44 -0000 1.30 +++ main.c 9 Jan 2009 17:24:30 -0000 1.31 @@ -977,17 +977,23 @@ slapd_print_version(1); exit(1); default: + { + char *rundir = config_get_rundir(); + /* Ensure that we can read from and write to our rundir */ - if (access(config_get_rundir(), R_OK | W_OK)) { + if (access(rundir, R_OK | W_OK)) { LDAPDebug(LDAP_DEBUG_ANY, "Unable to access nsslapd-rundir: %s\n", slapd_system_strerror(errno), 0, 0); LDAPDebug(LDAP_DEBUG_ANY, "Ensure that user \"%s\" has read and write " "permissions on %s\n", - slapdFrontendConfig->localuser, config_get_rundir(), 0); + slapdFrontendConfig->localuser, rundir, 0); LDAPDebug(LDAP_DEBUG_ANY, "Shutting down.\n", 0, 0, 0); + slapi_ch_free_string(&rundir); exit(1); } + slapi_ch_free_string(&rundir); break; + } } /* From nkinder at fedoraproject.org Fri Jan 9 17:24:32 2009 From: nkinder at fedoraproject.org (Nathan Kinder) Date: Fri, 9 Jan 2009 17:24:32 +0000 (UTC) Subject: [Fedora-directory-commits] ldapserver/ldap/servers/plugins/replication windows_protocol_util.c, 1.45, 1.46 Message-ID: <20090109172432.A62EE70142@cvs1.fedora.phx.redhat.com> Author: nkinder Update of /cvs/dirsec/ldapserver/ldap/servers/plugins/replication In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv4170/ldap/servers/plugins/replication Modified Files: windows_protocol_util.c Log Message: Resolves: 381361 Summary: Add support for synchronizing the cn attribute between DS and AD. Index: windows_protocol_util.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/plugins/replication/windows_protocol_util.c,v retrieving revision 1.45 retrieving revision 1.46 diff -u -r1.45 -r1.46 --- windows_protocol_util.c 7 Jan 2009 21:45:55 -0000 1.45 +++ windows_protocol_util.c 9 Jan 2009 17:24:29 -0000 1.46 @@ -81,6 +81,8 @@ static int windows_update_remote_entry(Private_Repl_Protocol *prp,Slapi_Entry *remote_entry,Slapi_Entry *local_entry); static int is_guid_dn(Slapi_DN *remote_dn); static int map_windows_tombstone_dn(Slapi_Entry *e, Slapi_DN **dn, Private_Repl_Protocol *prp, int *exists); +static int windows_check_mods_for_rdn_change(Private_Repl_Protocol *prp, LDAPMod **original_mods, + Slapi_Entry *local_entry, Slapi_DN *remote_dn, char **newrdn); /* Controls the direction of flow for mapped attributes */ @@ -207,13 +209,13 @@ { FAKE_STREET_ATTR_NAME, "street", fromwindowsonly, always, normal}, { "userParameters", "ntUserParms", bidirectional, always, normal}, { "userWorkstations", "ntUserWorkstations", bidirectional, always, normal}, - { "sAMAccountName", "ntUserDomainId", bidirectional, always, normal}, - /* cn is a naming attribute in AD, so we don't want to change it after entry creation */ - { "cn", "cn", towindowsonly, createonly, normal}, + { "sAMAccountName", "ntUserDomainId", bidirectional, always, normal}, + /* AD uses cn as it's naming attribute. We handle it as a special case */ + { "cn", "cn", towindowsonly, createonly, normal}, /* However, it isn't a naming attribute in DS (we use uid) so it's safe to accept changes inbound */ - { "name", "cn", fromwindowsonly, always, normal}, - { "manager", "manager", bidirectional, always, dnmap}, - { "seealso", "seealso", bidirectional, always, dnmap}, + { "name", "cn", fromwindowsonly, always, normal}, + { "manager", "manager", bidirectional, always, dnmap}, + { "seealso", "seealso", bidirectional, always, dnmap}, {NULL, NULL, -1} }; @@ -224,7 +226,7 @@ /* IETF schema has 'street' and 'streetaddress' as aliases, but Microsoft does not */ { "streetAddress", "street", towindowsonly, always, normal}, { FAKE_STREET_ATTR_NAME, "street", fromwindowsonly, always, normal}, - { "member", "uniquemember", bidirectional, always, dnmap}, + { "member", "uniquemember", bidirectional, always, dnmap}, {NULL, NULL, -1} }; @@ -1229,6 +1231,7 @@ case SLAPI_OPERATION_MODIFY: { LDAPMod **mapped_mods = NULL; + char *newrdn = NULL; windows_map_mods_for_replay(prp,op->p.p_modify.modify_mods, &mapped_mods, is_user, &password); if (is_user) { @@ -1249,6 +1252,17 @@ &mapped_mods); } + /* Check if a naming attribute is being modified. */ + if (windows_check_mods_for_rdn_change(prp, op->p.p_modify.modify_mods, local_entry, remote_dn, &newrdn)) { + /* Issue MODRDN */ + slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name, "%s: renaming remote entry \"%s\" with new RDN of \"%s\"\n", + agmt_get_long_name(prp->agmt), slapi_sdn_get_dn(remote_dn), newrdn); + return_value = windows_conn_send_rename(prp->conn, slapi_sdn_get_dn(remote_dn), + newrdn, NULL, 1 /* delete old RDN */, + NULL, NULL /* returned controls */); + slapi_ch_free_string(&newrdn); + } + /* It's possible that the mapping process results in an empty mod list, in which case we don't bother with the replay */ if ( mapped_mods == NULL || *(mapped_mods)== NULL ) { @@ -1550,11 +1564,12 @@ { Slapi_Attr *new_attr = NULL; - /* AD treats streetAddress as a single-valued attribute, while we define it - * as a multi-valued attribute as it's defined in rfc 4519. We only + /* AD treats cn and streetAddress as a single-valued attributes, while we define + * them as multi-valued attribute as it's defined in rfc 4519. We only * sync the first value to AD to avoid a constraint violation. */ - if (0 == slapi_attr_type_cmp(new_type, "streetAddress", SLAPI_TYPE_CMP_SUBTYPE)) { + if ((0 == slapi_attr_type_cmp(new_type, "streetAddress", SLAPI_TYPE_CMP_SUBTYPE)) || + (0 == slapi_attr_type_cmp(new_type, "cn", SLAPI_TYPE_CMP_SUBTYPE))) { if (slapi_valueset_count(vs) > 1) { int i = 0; Slapi_Value *value = NULL; @@ -1570,7 +1585,7 @@ slapi_valueset_add_value_ext(vs, new_value, SLAPI_VALUE_FLAG_PASSIN); } } - } + } slapi_entry_add_valueset(new_entry,type,vs); @@ -1716,6 +1731,166 @@ return return_value; } + +static int +windows_check_mods_for_rdn_change(Private_Repl_Protocol *prp, LDAPMod **original_mods, + Slapi_Entry *local_entry, Slapi_DN *remote_dn, char **newrdn) +{ + int ret = 0; + int need_rename = 0; + int got_entry = 0; + Slapi_Entry *remote_entry = NULL; + Slapi_Attr *remote_rdn_attr = NULL; + Slapi_Value *remote_rdn_val = NULL; + Slapi_Mods smods = {0}; + Slapi_Mod *smod = slapi_mod_new(); + Slapi_Mod *last_smod = smod; + + LDAPDebug( LDAP_DEBUG_TRACE, "=> windows_check_mods_for_rdn_change\n", 0, 0, 0 ); + + /* Iterate through the original mods, looking for a modification to the RDN attribute */ + slapi_mods_init_byref(&smods, original_mods); + smod = slapi_mods_get_first_smod(&smods, last_smod); + while(smod) { + /* Check if this is modifying the naming attribute (cn) */ + if (slapi_attr_types_equivalent(slapi_mod_get_type(smod), "cn")) { + /* Fetch the remote entry so we can compare the new values + * against the existing remote value. We only need to do + * this once for all mods. */ + if (!got_entry) { + windows_get_remote_entry(prp, remote_dn, &remote_entry); + if (remote_entry) { + /* Fetch and duplicate the cn attribute so we can perform comparisions */ + slapi_entry_attr_find(remote_entry, "cn", &remote_rdn_attr); + if (remote_rdn_attr) { + remote_rdn_attr = slapi_attr_dup(remote_rdn_attr); + slapi_attr_first_value(remote_rdn_attr, &remote_rdn_val); + } + slapi_entry_free(remote_entry); + } + got_entry = 1; + + /* If we didn't get the remote value for some odd reason, just bail out. */ + if (!remote_rdn_val) { + slapi_mod_done(smod); + goto done; + } + } + + if (SLAPI_IS_MOD_REPLACE(slapi_mod_get_operation(smod))) { + /* For a replace, we just need to check if the old value that AD + * has is still present after the operation. If not, we rename + * the entry in AD using the first new value as the RDN. */ + Slapi_Value *new_val = NULL; + struct berval *bval = NULL; + + /* Assume that we're going to need to do a rename. */ + ret = 1; + + /* Get the first new value, which is to be used as the RDN if we decide + * that a rename is necessary. */ + bval = slapi_mod_get_first_value(smod); + if (bval && bval->bv_val) { + /* Fill in new RDN to return to caller. */ + slapi_ch_free_string(newrdn); + *newrdn = slapi_ch_smprintf("cn=%s", bval->bv_val); + + /* Loop through all new values to check if they match + * the value present in AD. */ + do { + new_val = slapi_value_new_berval(bval); + if (slapi_value_compare(remote_rdn_attr, remote_rdn_val, new_val) == 0) { + /* We have a match. This means we don't want to rename the entry in AD. */ + slapi_ch_free_string(newrdn); + slapi_value_free(&new_val); + ret = 0; + break; + } + slapi_value_free(&new_val); + bval = slapi_mod_get_next_value(smod); + } while (bval && bval->bv_val); + } + } else if (SLAPI_IS_MOD_DELETE(slapi_mod_get_operation(smod))) { + /* We need to check if the cn in AD is the value being deleted. If + * so, set a flag saying that we will need to do a rename. We will either + * get a new value added from another mod in this op, or we will need to + * use an old value that is left over after the delete operation. */ + if (slapi_mod_get_num_values(smod) == 0) { + /* All values are being deleted, so a rename will be needed. One + * of the other mods will be adding the new values(s). */ + need_rename = 1; + } else { + Slapi_Value *del_val = NULL; + struct berval *bval = NULL; + + bval = slapi_mod_get_first_value(smod); + while (bval && bval->bv_val) { + /* Is this value the same one that is used as the RDN in AD? */ + del_val = slapi_value_new_berval(bval); + if (slapi_value_compare(remote_rdn_attr, remote_rdn_val, del_val) == 0) { + /* We have a match. This means we need to rename the entry in AD. */ + need_rename = 1; + slapi_value_free(&del_val); + break; + } + slapi_value_free(&del_val); + bval = slapi_mod_get_next_value(smod); + } + } + } else if (SLAPI_IS_MOD_ADD(slapi_mod_get_operation(smod))) { + /* We only need to care about an add if the old value was deleted. */ + if (need_rename) { + /* Just grab the first new value and use it to create the new RDN. */ + struct berval *bval = slapi_mod_get_first_value(smod); + + if (bval && bval->bv_val) { + /* Fill in new RDN to return to caller. */ + slapi_ch_free_string(newrdn); + *newrdn = slapi_ch_smprintf("cn=%s", bval->bv_val); + need_rename = 0; + ret = 1; + } + } + } + } + + /* Get the next mod from this op. */ + slapi_mod_done(smod); + + /* Need to prevent overwriting old smod with NULL return value and causing a leak. */ + smod = slapi_mods_get_next_smod(&smods, last_smod); + } + +done: + /* We're done with the mods and the copied cn attr from the remote entry. */ + slapi_attr_free(&remote_rdn_attr); + if (last_smod) { + slapi_mod_free(&last_smod); + } + slapi_mods_done (&smods); + + if (need_rename) { + /* We need to perform a rename, but we didn't get the value for the + * new RDN from this operation. We fetch the first value from the local + * entry to create the new RDN. */ + if (local_entry) { + char *newval = slapi_entry_attr_get_charptr(local_entry, "cn"); + if (newval) { + /* Fill in new RDN to return to caller. */ + slapi_ch_free_string(newrdn); + *newrdn = slapi_ch_smprintf("cn=%s", newval); + slapi_ch_free_string(&newval); + ret = 1; + } + } + } + + LDAPDebug( LDAP_DEBUG_TRACE, "<= windows_check_mods_for_rdn_change: %d\n", ret, 0, 0 ); + + return ret; +} + + static void windows_map_mods_for_replay(Private_Repl_Protocol *prp,LDAPMod **original_mods, LDAPMod ***returned_mods, int is_user, char** password) { @@ -3247,9 +3422,16 @@ if (!mapdn) { int values_equal = 0; - /* AD has a legth contraint on the initials attribute, - * so treat is as a special case. */ - if (0 == slapi_attr_type_cmp(type, "initials", SLAPI_TYPE_CMP_SUBTYPE)) { + /* We only have to deal with processing the cn here for + * operations coming from AD since the mapping for the + * to_windows case has the create only flag set. We + * just need to check if the value from the AD entry + * is already present in the DS entry. */ + if (0 == slapi_attr_type_cmp(type, "name", SLAPI_TYPE_CMP_SUBTYPE) && !to_windows) { + values_equal = attr_compare_present(attr, local_attr); + /* AD has a legth contraint on the initials attribute, + * so treat is as a special case. */ + } else if (0 == slapi_attr_type_cmp(type, "initials", SLAPI_TYPE_CMP_SUBTYPE)) { values_equal = attr_compare_equal(attr, local_attr, AD_INITIALS_LENGTH); /* If we're getting a streetAddress (a fake attr name is used) from AD, then * we just check if the value in AD is present in our entry in DS. In this @@ -3320,6 +3502,7 @@ i = slapi_valueset_next_value(vs, i, &value); } } + slapi_mods_add_mod_values(smods,LDAP_MOD_REPLACE, local_type,valueset_get_valuearray(vs)); *do_modify = 1; From nkinder at fedoraproject.org Fri Jan 9 18:11:44 2009 From: nkinder at fedoraproject.org (Nathan Kinder) Date: Fri, 9 Jan 2009 18:11:44 +0000 (UTC) Subject: [Fedora-directory-commits] ldapserver/ldap/servers/plugins/replication windows_protocol_util.c, 1.46, 1.47 Message-ID: <20090109181144.D86627013F@cvs1.fedora.phx.redhat.com> Author: nkinder Update of /cvs/dirsec/ldapserver/ldap/servers/plugins/replication In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv10769/ldap/servers/plugins/replication Modified Files: windows_protocol_util.c Log Message: Resolves: 381361 Summary: Optimized fetching of remote entry when checking if a rename is needed with winsync. Index: windows_protocol_util.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/plugins/replication/windows_protocol_util.c,v retrieving revision 1.46 retrieving revision 1.47 diff -u -r1.46 -r1.47 --- windows_protocol_util.c 9 Jan 2009 17:24:29 -0000 1.46 +++ windows_protocol_util.c 9 Jan 2009 18:11:41 -0000 1.47 @@ -1758,7 +1758,15 @@ * against the existing remote value. We only need to do * this once for all mods. */ if (!got_entry) { - windows_get_remote_entry(prp, remote_dn, &remote_entry); + int free_entry = 0; + + /* See if we have already fetched the remote entry. + * If not, we just fetch it ourselves. */ + if ((remote_entry = windows_private_get_raw_entry(prp->agmt)) == NULL) { + windows_get_remote_entry(prp, remote_dn, &remote_entry); + free_entry = 1; + } + if (remote_entry) { /* Fetch and duplicate the cn attribute so we can perform comparisions */ slapi_entry_attr_find(remote_entry, "cn", &remote_rdn_attr); @@ -1766,7 +1774,12 @@ remote_rdn_attr = slapi_attr_dup(remote_rdn_attr); slapi_attr_first_value(remote_rdn_attr, &remote_rdn_val); } - slapi_entry_free(remote_entry); + + /* We only want to free the entry if we fetched it ourselves + * by calling windows_get_remote_entry(). */ + if (free_entry) { + slapi_entry_free(remote_entry); + } } got_entry = 1; From rmeggins at fedoraproject.org Fri Jan 9 21:30:59 2009 From: rmeggins at fedoraproject.org (Richard Allen Megginson) Date: Fri, 9 Jan 2009 21:30:59 +0000 (UTC) Subject: [Fedora-directory-commits] ldapserver/ldap/servers/plugins/replication windows_protocol_util.c, 1.47, 1.48 Message-ID: <20090109213059.C386870143@cvs1.fedora.phx.redhat.com> Author: rmeggins Update of /cvs/dirsec/ldapserver/ldap/servers/plugins/replication In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv8842/ldapserver/ldap/servers/plugins/replication Modified Files: windows_protocol_util.c Log Message: Resolves: bug 471068 Bug Description: winsync doesn't recognize some changes Reviewed by: nkinder (Thanks!) Fix Description: Before sending updates to AD, first check to see if the updates still apply. For modify/add operations, check to make sure the value to add doesn't exist. If it does, remove it from the list of values in the mod. If all values are removed, then just skip the modify/add op altogether. For modify/del ops, check to see if the attribute exists. If not, just skip the op. If it does exist, check to see if the values exist, and remove the values from the mod/del op that do not exist anymore. If all values have been removed, just skip the mod/del op. I added a new slapi function - slapi_mod_init_valueset_byval - which will init a Slapi_Mod and init the list of values using a valueset. Fortunately there was already a function for converting a Slapi_Value** to a berval**. I also fixed a few compiler warnings. Platforms tested: RHEL5 Flag Day: no Doc impact: yes - add new function to slapi docs Index: windows_protocol_util.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/plugins/replication/windows_protocol_util.c,v retrieving revision 1.47 retrieving revision 1.48 diff -u -r1.47 -r1.48 --- windows_protocol_util.c 9 Jan 2009 18:11:41 -0000 1.47 +++ windows_protocol_util.c 9 Jan 2009 21:30:55 -0000 1.48 @@ -62,7 +62,7 @@ static Slapi_Entry* windows_entry_already_exists(Slapi_Entry *e); static void extract_guid_from_entry_bv(Slapi_Entry *e, const struct berval **bv); #endif -static void windows_map_mods_for_replay(Private_Repl_Protocol *prp,LDAPMod **original_mods, LDAPMod ***returned_mods, int is_user, char** password); +static void windows_map_mods_for_replay(Private_Repl_Protocol *prp,LDAPMod **original_mods, LDAPMod ***returned_mods, int is_user, char** password, const Slapi_Entry *ad_entry); static int is_subject_of_agreement_local(const Slapi_Entry *local_entry,const Repl_Agmt *ra); static int windows_create_remote_entry(Private_Repl_Protocol *prp,Slapi_Entry *original_entry, Slapi_DN *remote_sdn, Slapi_Entry **remote_entry, char** password); static int windows_get_local_entry(const Slapi_DN* local_dn,Slapi_Entry **local_entry); @@ -1233,7 +1233,8 @@ LDAPMod **mapped_mods = NULL; char *newrdn = NULL; - windows_map_mods_for_replay(prp,op->p.p_modify.modify_mods, &mapped_mods, is_user, &password); + windows_map_mods_for_replay(prp,op->p.p_modify.modify_mods, &mapped_mods, is_user, &password, + windows_private_get_raw_entry(prp->agmt)); if (is_user) { winsync_plugin_call_pre_ad_mod_user_mods_cb(prp->agmt, windows_private_get_raw_entry(prp->agmt), @@ -1731,6 +1732,104 @@ return return_value; } +/* + Before we send the modify to AD, we need to check to see if the mod still + applies - the entry in AD may have been modified, and those changes not sync'd + back to the DS, since the way winsync currently works is that it polls periodically + using DirSync for changes in AD - note that this does not guarantee that the mod + will apply cleanly, since there is still a small window of time between the time + we read the entry from AD and the time the mod op is sent, but doing this check + here should substantially reduce the chances of these types of out-of-sync problems + + If we do find a mod that does not apply cleanly, we just discard it and log an + error message to that effect. +*/ +static int +mod_already_made(Private_Repl_Protocol *prp, Slapi_Mod *smod, const Slapi_Entry *ad_entry) +{ + int retval = 0; + int op = 0; + const char *type = NULL; + + if (!slapi_mod_isvalid(smod)) { /* bogus */ + slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name, + "%s: mod_already_made: " + "modify operation is null - skipping.\n", + agmt_get_long_name(prp->agmt)); + return 1; + } + + op = slapi_mod_get_operation(smod); + type = slapi_mod_get_type(smod); + if (SLAPI_IS_MOD_ADD(op)) { /* make sure value is not there */ + struct berval *bv = NULL; + for (bv = slapi_mod_get_first_value(smod); + bv; bv = slapi_mod_get_next_value(smod)) { + Slapi_Value *sv = slapi_value_new(); + slapi_value_init_berval(sv, bv); /* copies bv_val */ + if (slapi_entry_attr_has_syntax_value(ad_entry, type, sv)) { + slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name, + "%s: mod_already_made: " + "remote entry attr [%s] already has value [%s] - will not send.\n", + agmt_get_long_name(prp->agmt), type, + slapi_value_get_string(sv)); + slapi_mod_remove_value(smod); /* removes the value at the current iterator pos */ + } + slapi_value_free(&sv); + } + /* if all values were removed, no need to send the mod */ + if (slapi_mod_get_num_values(smod) == 0) { + slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name, + "%s: mod_already_made: " + "remote entry attr [%s] had all mod values removed - will not send.\n", + agmt_get_long_name(prp->agmt), type); + retval = 1; + } + } else if (SLAPI_IS_MOD_DELETE(op)) { /* make sure value or attr is there */ + Slapi_Attr *attr = NULL; + + /* if attribute does not exist, no need to send the delete */ + if (slapi_entry_attr_find(ad_entry, type, &attr) || !attr) { + slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name, + "%s: mod_already_made: " + "remote entry attr [%s] already deleted - will not send.\n", + agmt_get_long_name(prp->agmt), type); + retval = 1; + } else if (slapi_mod_get_num_values(smod) > 0) { + /* if attr exists, remove mods that have already been applied */ + struct berval *bv = NULL; + for (bv = slapi_mod_get_first_value(smod); + bv; bv = slapi_mod_get_next_value(smod)) { + Slapi_Value *sv = slapi_value_new(); + slapi_value_init_berval(sv, bv); /* copies bv_val */ + if (!slapi_entry_attr_has_syntax_value(ad_entry, type, sv)) { + slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name, + "%s: mod_already_made: " + "remote entry attr [%s] already deleted value [%s] - will not send.\n", + agmt_get_long_name(prp->agmt), type, + slapi_value_get_string(sv)); + slapi_mod_remove_value(smod); /* removes the value at the current iterator pos */ + } + slapi_value_free(&sv); + } + /* if all values were removed, no need to send the mod */ + if (slapi_mod_get_num_values(smod) == 0) { + slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name, + "%s: mod_already_made: " + "remote entry attr [%s] had all mod values removed - will not send.\n", + agmt_get_long_name(prp->agmt), type); + retval = 1; + } + } /* else if no values specified, this means delete the attribute */ + } else { /* allow this mod */ + slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name, + "%s: mod_already_made: " + "skipping mod op [%d]\n", + agmt_get_long_name(prp->agmt), op); + } + + return retval; +} static int windows_check_mods_for_rdn_change(Private_Repl_Protocol *prp, LDAPMod **original_mods, @@ -1905,12 +2004,13 @@ static void -windows_map_mods_for_replay(Private_Repl_Protocol *prp,LDAPMod **original_mods, LDAPMod ***returned_mods, int is_user, char** password) +windows_map_mods_for_replay(Private_Repl_Protocol *prp,LDAPMod **original_mods, LDAPMod ***returned_mods, int is_user, char** password, const Slapi_Entry *ad_entry) { Slapi_Mods smods = {0}; Slapi_Mods mapped_smods = {0}; LDAPMod *mod = NULL; int is_nt4 = windows_private_get_isnt4(prp->agmt); + Slapi_Mod *mysmod = NULL; LDAPDebug( LDAP_DEBUG_TRACE, "=> windows_map_mods_for_replay\n", 0, 0, 0 ); @@ -1945,8 +2045,9 @@ } } - /* copy over the mod */ - slapi_mods_add_modbvps(&mapped_smods,mod->mod_op,attr_type,mod->mod_bvalues); + /* create the new smod to add to the mapped_smods */ + mysmod = slapi_mod_new(); + slapi_mod_init_byval(mysmod, mod); /* copy contents */ } else { char *mapped_type = NULL; @@ -1967,7 +2068,8 @@ map_dn_values(prp,vs,&mapped_values, 1 /* to windows */,0); if (mapped_values) { - slapi_mods_add_mod_values(&mapped_smods,mod->mod_op,mapped_type,valueset_get_valuearray(mapped_values)); + mysmod = slapi_mod_new(); + slapi_mod_init_valueset_byval(mysmod, mod->mod_op, mapped_type, mapped_values); slapi_valueset_free(mapped_values); mapped_values = NULL; } else @@ -1975,7 +2077,10 @@ /* this might be a del: mod, in which case there are no values */ if (mod->mod_op & LDAP_MOD_DELETE) { - slapi_mods_add_mod_values(&mapped_smods, LDAP_MOD_DELETE, mapped_type, NULL); + mysmod = slapi_mod_new(); + slapi_mod_init(mysmod, 0); + slapi_mod_set_operation(mysmod, LDAP_MOD_DELETE|LDAP_MOD_BVALUES); + slapi_mod_set_type(mysmod, mapped_type); } } slapi_mod_done(&smod); @@ -2004,7 +2109,10 @@ slapi_mod_done(&smod); } - slapi_mods_add_modbvps(&mapped_smods,mod->mod_op,mapped_type,mod->mod_bvalues); + /* create the new smod to add to the mapped_smods */ + mysmod = slapi_mod_new(); + slapi_mod_init_byval(mysmod, mod); /* copy contents */ + slapi_mod_set_type(mysmod, mapped_type); } slapi_ch_free_string(&mapped_type); } else @@ -2050,6 +2158,13 @@ } } /* Otherwise we do not copy this mod at all */ + if (mysmod && !mod_already_made(prp, mysmod, ad_entry)) { /* make sure this mod is still valid to send */ + slapi_mods_add_ldapmod(&mapped_smods, slapi_mod_get_ldapmod_passout(mysmod)); + } + if (mysmod) { + slapi_mod_free(&mysmod); + } + mod = slapi_mods_get_next_mod(&smods); } slapi_mods_done (&smods); From rmeggins at fedoraproject.org Fri Jan 9 21:30:59 2009 From: rmeggins at fedoraproject.org (Richard Allen Megginson) Date: Fri, 9 Jan 2009 21:30:59 +0000 (UTC) Subject: [Fedora-directory-commits] ldapserver/ldap/servers/slapd add.c, 1.18, 1.19 modutil.c, 1.7, 1.8 slapi-plugin.h, 1.36, 1.37 util.c, 1.25, 1.26 Message-ID: <20090109213100.2397D70141@cvs1.fedora.phx.redhat.com> Author: rmeggins Update of /cvs/dirsec/ldapserver/ldap/servers/slapd In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv8842/ldapserver/ldap/servers/slapd Modified Files: add.c modutil.c slapi-plugin.h util.c Log Message: Resolves: bug 471068 Bug Description: winsync doesn't recognize some changes Reviewed by: nkinder (Thanks!) Fix Description: Before sending updates to AD, first check to see if the updates still apply. For modify/add operations, check to make sure the value to add doesn't exist. If it does, remove it from the list of values in the mod. If all values are removed, then just skip the modify/add op altogether. For modify/del ops, check to see if the attribute exists. If not, just skip the op. If it does exist, check to see if the values exist, and remove the values from the mod/del op that do not exist anymore. If all values have been removed, just skip the mod/del op. I added a new slapi function - slapi_mod_init_valueset_byval - which will init a Slapi_Mod and init the list of values using a valueset. Fortunately there was already a function for converting a Slapi_Value** to a berval**. I also fixed a few compiler warnings. Platforms tested: RHEL5 Flag Day: no Doc impact: yes - add new function to slapi docs Index: add.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/add.c,v retrieving revision 1.18 retrieving revision 1.19 diff -u -r1.18 -r1.19 --- add.c 5 Jan 2009 16:57:03 -0000 1.18 +++ add.c 9 Jan 2009 21:30:56 -0000 1.19 @@ -745,7 +745,7 @@ char *type[] = {SLAPI_ATTR_UNIQUEID, "modifytimestamp", "createtimestamp", "creatorsname", "modifiersname", 0}; - if (rdn = slapi_rdn_new()) { + if ((rdn = slapi_rdn_new())) { slapi_rdn_init_dn(rdn, slapi_entry_get_dn_const(e)); for (i = 0; type[i] != NULL; i++) { Index: modutil.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/modutil.c,v retrieving revision 1.7 retrieving revision 1.8 diff -u -r1.7 -r1.8 --- modutil.c 10 Nov 2006 23:45:40 -0000 1.7 +++ modutil.c 9 Jan 2009 21:30:56 -0000 1.8 @@ -595,6 +595,21 @@ } void +slapi_mod_init_valueset_byval(Slapi_Mod *smod, int op, const char *type, const Slapi_ValueSet *svs) +{ + PR_ASSERT(smod!=NULL); + slapi_mod_init(smod, 0); + slapi_mod_set_operation (smod, op); + slapi_mod_set_type (smod, type); + if (svs!=NULL) { + Slapi_Value **svary = valueset_get_valuearray(svs); + valuearray_get_bervalarray(svary, &smod->mod->mod_bvalues); + smod->num_values = slapi_valueset_count(svs); + smod->num_elements = smod->num_values + 1; + } +} + +void slapi_mod_free (Slapi_Mod **smod) { slapi_mod_done(*smod); @@ -750,15 +765,16 @@ if (mod == NULL || mod->mod == NULL) return 0; - op = mod->mod->mod_op && ~LDAP_MOD_BVALUES; + op = mod->mod->mod_op; - if (op != LDAP_MOD_ADD && op != LDAP_MOD_DELETE && op != LDAP_MOD_REPLACE) + if (!SLAPI_IS_MOD_ADD(op) && !SLAPI_IS_MOD_DELETE(op) && !SLAPI_IS_MOD_REPLACE(op)) return 0; if (mod->mod->mod_type == NULL) return 0; - if (op != LDAP_MOD_DELETE && mod->num_values == 0) + /* add op must have at least 1 value */ + if (SLAPI_IS_MOD_ADD(op) && (mod->num_values == 0)) return 0; return 1; Index: slapi-plugin.h =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/slapi-plugin.h,v retrieving revision 1.36 retrieving revision 1.37 diff -u -r1.36 -r1.37 --- slapi-plugin.h 5 Dec 2008 22:41:52 -0000 1.36 +++ slapi-plugin.h 9 Jan 2009 21:30:56 -0000 1.37 @@ -573,6 +573,8 @@ void slapi_mod_init_byval(Slapi_Mod *smod, const LDAPMod *mod); void slapi_mod_init_byref(Slapi_Mod *smod, LDAPMod *mod); void slapi_mod_init_passin(Slapi_Mod *smod, LDAPMod *mod); +/* init a mod and set the mod values to be a copy of the given valueset */ +void slapi_mod_init_valueset_byval(Slapi_Mod *smod, int op, const char *type, const Slapi_ValueSet *svs); void slapi_mod_add_value(Slapi_Mod *smod, const struct berval *val); void slapi_mod_remove_value(Slapi_Mod *smod); struct berval *slapi_mod_get_first_value(Slapi_Mod *smod); Index: util.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/util.c,v retrieving revision 1.25 retrieving revision 1.26 diff -u -r1.25 -r1.26 --- util.c 7 Jan 2009 02:33:37 -0000 1.25 +++ util.c 9 Jan 2009 21:30:56 -0000 1.26 @@ -207,7 +207,6 @@ void strcpy_unescape_value( char *d, const char *s ) { - char *head = d; int gotesc = 0; const char *end = s + strlen(s); for ( ; *s; s++ ) From rmeggins at fedoraproject.org Fri Jan 9 21:30:59 2009 From: rmeggins at fedoraproject.org (Richard Allen Megginson) Date: Fri, 9 Jan 2009 21:30:59 +0000 (UTC) Subject: [Fedora-directory-commits] ldapserver/ldap/servers/slapd/back-ldbm dblayer.c, 1.35, 1.36 Message-ID: <20090109213100.622B17011C@cvs1.fedora.phx.redhat.com> Author: rmeggins Update of /cvs/dirsec/ldapserver/ldap/servers/slapd/back-ldbm In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv8842/ldapserver/ldap/servers/slapd/back-ldbm Modified Files: dblayer.c Log Message: Resolves: bug 471068 Bug Description: winsync doesn't recognize some changes Reviewed by: nkinder (Thanks!) Fix Description: Before sending updates to AD, first check to see if the updates still apply. For modify/add operations, check to make sure the value to add doesn't exist. If it does, remove it from the list of values in the mod. If all values are removed, then just skip the modify/add op altogether. For modify/del ops, check to see if the attribute exists. If not, just skip the op. If it does exist, check to see if the values exist, and remove the values from the mod/del op that do not exist anymore. If all values have been removed, just skip the mod/del op. I added a new slapi function - slapi_mod_init_valueset_byval - which will init a Slapi_Mod and init the list of values using a valueset. Fortunately there was already a function for converting a Slapi_Value** to a berval**. I also fixed a few compiler warnings. Platforms tested: RHEL5 Flag Day: no Doc impact: yes - add new function to slapi docs Index: dblayer.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/back-ldbm/dblayer.c,v retrieving revision 1.35 retrieving revision 1.36 diff -u -r1.35 -r1.36 --- dblayer.c 12 Dec 2008 21:09:31 -0000 1.35 +++ dblayer.c 9 Jan 2009 21:30:56 -0000 1.36 @@ -3884,7 +3884,7 @@ * are silently converted to the equivalent unsigned long int value. */ /* We don't want to make it happen. */ - for (p = str; p && *p && (*p == ' ' || *p == '\t'); p++) ; + for (p = (char *)str; p && *p && (*p == ' ' || *p == '\t'); p++) ; if ('-' == *p) { if (err) *err = ERANGE; return val; From nhosoi at fedoraproject.org Fri Jan 9 21:33:41 2009 From: nhosoi at fedoraproject.org (Noriko Hosoi) Date: Fri, 9 Jan 2009 21:33:41 +0000 (UTC) Subject: [Fedora-directory-commits] ldapserver/ldap/servers/slapd/back-ldbm filterindex.c, 1.8, 1.9 Message-ID: <20090109213341.E202F70141@cvs1.fedora.phx.redhat.com> Author: nhosoi Update of /cvs/dirsec/ldapserver/ldap/servers/slapd/back-ldbm In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv9079 Modified Files: filterindex.c Log Message: Resolves: #464854 Summary: ldapsearch with size limit (-z) doesn't work with OR filter and range search Description: SIZELIMIT is checked in index_range_read to eliminate the unnecessary data retrieval. But when the filter contains a range search which is connected by AND, then we should not do sizelimit. There was a bug in the function which sets is_and. The flag should have been cleared only when the function set it to 1. Instead, it was cleared each time the function is called. It let index_range_read stop reading when it reaches sizelimit even though it should not have. Index: filterindex.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/back-ldbm/filterindex.c,v retrieving revision 1.8 retrieving revision 1.9 diff -u -r1.8 -r1.9 --- filterindex.c 12 Dec 2008 01:21:53 -0000 1.8 +++ filterindex.c 9 Jan 2009 21:33:39 -0000 1.9 @@ -672,9 +672,17 @@ } if (ftype == LDAP_FILTER_AND && f_count > 1) { - is_and = 1; + slapi_pblock_get(pb, SLAPI_SEARCH_IS_AND, &is_and); + if (is_and) { + /* Outer candidates function already set IS_AND. + * So, this function does not touch it. */ + is_and = 0; + } else { + /* Outer candidates function hasn't set IS_AND */ + is_and = 1; + slapi_pblock_set(pb, SLAPI_SEARCH_IS_AND, &is_and); + } } - slapi_pblock_set(pb, SLAPI_SEARCH_IS_AND, &is_and); if (le_count != 1 || ge_count != 1 || f_count != 2) { is_bounded_range = 0; @@ -789,8 +797,15 @@ LDAPDebug( LDAP_DEBUG_TRACE, "<= list_candidates %lu\n", (u_long)IDL_NIDS(idl), 0, 0 ); out: - is_and = 0; - slapi_pblock_set(pb, SLAPI_SEARCH_IS_AND, &is_and); + if (is_and) { + /* + * Sets IS_AND back to 0 only when this function set 1. + * The info of the outer (&...) needs to be passed to the + * descendent *_candidates functions called recursively. + */ + is_and = 0; + slapi_pblock_set(pb, SLAPI_SEARCH_IS_AND, &is_and); + } slapi_ch_free_string(&tpairs[0]); slapi_ch_bvfree(&vpairs[0]); slapi_ch_free_string(&tpairs[1]); From nkinder at fedoraproject.org Fri Jan 9 23:10:19 2009 From: nkinder at fedoraproject.org (Nathan Kinder) Date: Fri, 9 Jan 2009 23:10:19 +0000 (UTC) Subject: [Fedora-directory-commits] ldapserver/ldap/servers/slapd slapi-plugin.h, 1.37, 1.38 slapi-private.h, 1.32, 1.33 Message-ID: <20090109231019.DA32D7013F@cvs1.fedora.phx.redhat.com> Author: nkinder Update of /cvs/dirsec/ldapserver/ldap/servers/slapd In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv24347/ldap/servers/slapd Modified Files: slapi-plugin.h slapi-private.h Log Message: Resolves: 472602 Summary: Expose internal operation flag via SLAPI. Index: slapi-plugin.h =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/slapi-plugin.h,v retrieving revision 1.37 retrieving revision 1.38 diff -u -r1.37 -r1.38 --- slapi-plugin.h 9 Jan 2009 21:30:56 -0000 1.37 +++ slapi-plugin.h 9 Jan 2009 23:10:17 -0000 1.38 @@ -100,6 +100,7 @@ #define SLAPI_ATTR_FLAG_NORMALIZED 0x0200 /* the attr value is normalized */ /* operation flags */ +#define SLAPI_OP_FLAG_INTERNAL 0x00020 /* An operation generated by the core server or a plugin. */ #define SLAPI_OP_FLAG_NEVER_CHAIN 0x00800 /* Do not chain the operation */ #define SLAPI_OP_FLAG_NO_ACCESS_CHECK 0x10000 /* Do not check for access control - bypass them */ Index: slapi-private.h =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/slapi-private.h,v retrieving revision 1.32 retrieving revision 1.33 diff -u -r1.32 -r1.33 --- slapi-private.h 6 Jan 2009 22:50:29 -0000 1.32 +++ slapi-private.h 9 Jan 2009 23:10:17 -0000 1.33 @@ -391,9 +391,7 @@ * generated as a consequence * of a Replicated Operation. */ -#define OP_FLAG_INTERNAL 0x00020 /* An operation generated by - * the core server or a plugin. - */ +#define OP_FLAG_INTERNAL SLAPI_OP_FLAG_INTERNAL /* 0x00020 */ #define OP_FLAG_ACTION_LOG_ACCESS 0x00040 #define OP_FLAG_ACTION_LOG_AUDIT 0x00080 #define OP_FLAG_ACTION_SCHEMA_CHECK 0x00100 From nkinder at fedoraproject.org Mon Jan 12 16:26:16 2009 From: nkinder at fedoraproject.org (Nathan Kinder) Date: Mon, 12 Jan 2009 16:26:16 +0000 (UTC) Subject: [Fedora-directory-commits] ldapserver/ldap/admin/src/scripts template-bak2db.pl.in, 1.4, 1.5 template-db2bak.pl.in, 1.7, 1.8 template-db2index.pl.in, 1.5, 1.6 template-db2ldif.pl.in, 1.6, 1.7 template-fixup-memberof.pl.in, 1.1, 1.2 template-ldif2db.pl.in, 1.4, 1.5 template-ns-accountstatus.pl.in, 1.4, 1.5 template-ns-activate.pl.in, 1.4, 1.5 template-ns-inactivate.pl.in, 1.4, 1.5 template-schema-reload.pl.in, 1.1, 1.2 Message-ID: <20090112162616.D095870129@cvs1.fedora.phx.redhat.com> Author: nkinder Update of /cvs/dirsec/ldapserver/ldap/admin/src/scripts In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv19010/ldap/admin/src/scripts Modified Files: template-bak2db.pl.in template-db2bak.pl.in template-db2index.pl.in template-db2ldif.pl.in template-fixup-memberof.pl.in template-ldif2db.pl.in template-ns-accountstatus.pl.in template-ns-activate.pl.in template-ns-inactivate.pl.in template-schema-reload.pl.in Log Message: Resolves: 170461 Summary: Remove dependency on Term::ReadKey for password prompting in Perl scripts. Index: template-bak2db.pl.in =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/admin/src/scripts/template-bak2db.pl.in,v retrieving revision 1.4 retrieving revision 1.5 diff -u -r1.4 -r1.5 --- template-bak2db.pl.in 12 Feb 2007 19:55:10 -0000 1.4 +++ template-bak2db.pl.in 12 Jan 2009 16:26:14 -0000 1.5 @@ -91,17 +91,15 @@ close(RPASS); } elsif ($passwd eq "-"){ # Read the password from terminal - die "The '-w -' option requires an extension library (Term::ReadKey) which is not\n", - "part of the standard perl distribution. If you want to use it, you must\n", - "download and install the module. You can find it at\n", - "http://www.perl.com/CPAN/CPAN.html\n"; -# Remove the previous line and uncomment the following 6 lines once you have installed Term::ReadKey module. -# use Term::ReadKey; -# print "Bind Password: "; -# ReadMode('noecho'); -# $passwd = ReadLine(0); -# chomp($passwd); -# ReadMode('normal'); + print "Bind Password: "; + # Disable console echo + system("stty -echo"); + # read the answer + $passwd = ; + # Enable console echo + system("stty echo"); + print "\n"; + chop($passwd); # trim trailing newline } if ( $rootdn eq "" || $passwd eq "") { &usage; exit(1); } ($s, $m, $h, $dy, $mn, $yr, $wdy, $ydy, $r) = localtime(time); Index: template-db2bak.pl.in =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/admin/src/scripts/template-db2bak.pl.in,v retrieving revision 1.7 retrieving revision 1.8 diff -u -r1.7 -r1.8 --- template-db2bak.pl.in 20 Mar 2007 01:15:32 -0000 1.7 +++ template-db2bak.pl.in 12 Jan 2009 16:26:14 -0000 1.8 @@ -88,17 +88,15 @@ close(RPASS); } elsif ($passwd eq "-"){ # Read the password from terminal - die "The '-w -' option requires an extension library (Term::ReadKey) which is not\n", - "part of the standard perl distribution. If you want to use it, you must\n", - "download and install the module. You can find it at\n", - "http://www.perl.com/CPAN/CPAN.html\n"; -# Remove the previous line and uncomment the following 6 lines once you have installed Term::ReadKey module. -# use Term::ReadKey; -# print "Bind Password: "; -# ReadMode('noecho'); -# $passwd = ReadLine(0); -# chomp($passwd); -# ReadMode('normal'); + print "Bind Password: "; + # Disable console echo + system("stty -echo"); + # read the answer + $passwd = ; + # Enable console echo + system("stty echo"); + print "\n"; + chop($passwd); # trim trailing newline } if ( $rootdn eq "" || $passwd eq "") { &usage; exit(1); } ($s, $m, $h, $dy, $mn, $yr, $wdy, $ydy, $r) = localtime(time); Index: template-db2index.pl.in =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/admin/src/scripts/template-db2index.pl.in,v retrieving revision 1.5 retrieving revision 1.6 diff -u -r1.5 -r1.6 --- template-db2index.pl.in 6 Dec 2007 02:45:20 -0000 1.5 +++ template-db2index.pl.in 12 Jan 2009 16:26:14 -0000 1.6 @@ -127,17 +127,15 @@ close(RPASS); } elsif ($passwd eq "-"){ # Read the password from terminal - die "The '-w -' option requires an extension library (Term::ReadKey) which is not\n", - "part of the standard perl distribution. If you want to use it, you must\n", - "download and install the module. You can find it at\n", - "http://www.perl.com/CPAN/CPAN.html\n"; -# Remove the previous line and uncomment the following 6 lines once you have installed Term::ReadKey module. -# use Term::ReadKey; -# print "Bind Password: "; -# ReadMode('noecho'); -# $passwd = ReadLine(0); -# chomp($passwd); -# ReadMode('normal'); + print "Bind Password: "; + # Disable console echo + system("stty -echo"); + # read the answer + $passwd = ; + # Enable console echo + system("stty echo"); + print "\n"; + chop($passwd); # trim trailing newline } if ( $rootdn eq "" || $passwd eq "" ) Index: template-db2ldif.pl.in =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/admin/src/scripts/template-db2ldif.pl.in,v retrieving revision 1.6 retrieving revision 1.7 diff -u -r1.6 -r1.7 --- template-db2ldif.pl.in 20 Mar 2007 01:15:32 -0000 1.6 +++ template-db2ldif.pl.in 12 Jan 2009 16:26:14 -0000 1.7 @@ -179,17 +179,15 @@ close(RPASS); } elsif ($passwd eq "-"){ # Read the password from terminal - die "The '-w -' option requires an extension library (Term::ReadKey) which is not\n", - "part of the standard perl distribution. If you want to use it, you must\n", - "download and install the module. You can find it at\n", - "http://www.perl.com/CPAN/CPAN.html\n"; -# Remove the previous line and uncomment the following 6 lines once you have installed Term::ReadKey module. -# use Term::ReadKey; -# print "Bind Password: "; -# ReadMode('noecho'); -# $passwd = ReadLine(0); -# chomp($passwd); -# ReadMode('normal'); + print "Bind Password: "; + # Disable console echo + system("stty -echo"); + # read the answer + $passwd = ; + # Enable console echo + system("stty echo"); + print "\n"; + chop($passwd); # trim trailing newline } if (($instances[0] eq "" && $included[0] eq "") || $rootdn eq "" || $passwd eq "") { &usage; exit(1); } ($s, $m, $h, $dy, $mn, $yr, $wdy, $ydy, $r) = localtime(time); @@ -262,7 +260,7 @@ $ENV{'PATH'} = "$prefix at ldapsdk_bindir@:$prefix/usr/bin:@ldapsdk_bindir@:/usr/bin"; $ENV{'LD_LIBRARY_PATH'} = "$prefix at nss_libdir@:$prefix/usr/lib:@nss_libdir@:/usr/lib"; $ENV{'SHLIB_PATH'} = "$prefix at nss_libdir@:$prefix/usr/lib:@nss_libdir@:/usr/lib"; -print("Exported ldif file: ${ldiffile}\n"); +print("Exporting to ldif file: ${ldiffile}\n"); open(FOO, "| ldapmodify $vstr -h {{SERVER-NAME}} -p {{SERVER-PORT}} -D \"$rootdn\" -w \"$passwd\" -a" ); print(FOO "$entry"); close(FOO); Index: template-fixup-memberof.pl.in =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/admin/src/scripts/template-fixup-memberof.pl.in,v retrieving revision 1.1 retrieving revision 1.2 diff -u -r1.1 -r1.2 --- template-fixup-memberof.pl.in 10 Jun 2008 20:24:03 -0000 1.1 +++ template-fixup-memberof.pl.in 12 Jan 2009 16:26:14 -0000 1.2 @@ -118,17 +118,15 @@ close(RPASS); } elsif ($passwd eq "-"){ # Read the password from terminal - die "The '-w -' option requires an extension library (Term::ReadKey) which is not\n", - "part of the standard perl distribution. If you want to use it, you must\n", - "download and install the module. You can find it at\n", - "http://www.perl.com/CPAN/CPAN.html\n"; -# Remove the previous line and uncomment the following 6 lines once you have installed Term::ReadKey module. -# use Term::ReadKey; -# print "Bind Password: "; -# ReadMode('noecho'); -# $passwd = ReadLine(0); -# chomp($passwd); -# ReadMode('normal'); + print "Bind Password: "; + # Disable console echo + system("stty -echo"); + # read the answer + $passwd = ; + # Enable console echo + system("stty echo"); + print "\n"; + chop($passwd); # trim trailing newline } if ( $rootdn eq "" || $passwd eq "" || $basedn_arg eq "" ) Index: template-ldif2db.pl.in =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/admin/src/scripts/template-ldif2db.pl.in,v retrieving revision 1.4 retrieving revision 1.5 diff -u -r1.4 -r1.5 --- template-ldif2db.pl.in 12 Feb 2007 19:55:10 -0000 1.4 +++ template-ldif2db.pl.in 12 Jan 2009 16:26:14 -0000 1.5 @@ -167,17 +167,15 @@ close(RPASS); } elsif ($passwd eq "-"){ # Read the password from terminal - die "The '-w -' option requires an extension library (Term::ReadKey) which is not\n", - "part of the standard perl distribution. If you want to use it, you must\n", - "download and install the module. You can find it at\n", - "http://www.perl.com/CPAN/CPAN.html\n"; -# Remove the previous line and uncomment the following 6 lines once you have installed Term::ReadKey module. -# use Term::ReadKey; -# print "Bind Password: "; -# ReadMode('noecho'); -# $passwd = ReadLine(0); -# chomp($passwd); -# ReadMode('normal'); + print "Bind Password: "; + # Disable console echo + system("stty -echo"); + # read the answer + $passwd = ; + # Enable console echo + system("stty echo"); + print "\n"; + chop($passwd); # trim trailing newline } if (($instance eq "" && $included[0] eq "") || $ldiffiles[0] eq "" || $rootdn eq "" || $passwd eq "") { &usage; exit(1); } ($s, $m, $h, $dy, $mn, $yr, $wdy, $ydy, $r) = localtime(time); Index: template-ns-accountstatus.pl.in =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/admin/src/scripts/template-ns-accountstatus.pl.in,v retrieving revision 1.4 retrieving revision 1.5 diff -u -r1.4 -r1.5 --- template-ns-accountstatus.pl.in 12 Feb 2007 19:55:10 -0000 1.4 +++ template-ns-accountstatus.pl.in 12 Jan 2009 16:26:14 -0000 1.5 @@ -463,17 +463,15 @@ close(RPASS); } elsif ($rootpw eq "-"){ # Read the password from terminal - die "The '-w -' option requires an extension library (Term::ReadKey) which is not\n", - "part of the standard perl distribution. If you want to use it, you must\n", - "download and install the module. You can find it at\n", - "http://www.perl.com/CPAN/CPAN.html\n"; -# Remove the previous line and uncomment the following 6 lines once you have installed Term::ReadKey module. -# use Term::ReadKey; -# print "Bind Password: "; -# ReadMode('noecho'); -# $rootpw = ReadLine(0); -# chomp($rootpw); -# ReadMode('normal'); + print "Bind Password: "; + # Disable console echo + system("stty -echo"); + # read the answer + $rootpw = ; + # Enable console echo + system("stty echo"); + print "\n"; + chop($rootpw); # trim trailing newline } if( $rootpw eq "" ) Index: template-ns-activate.pl.in =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/admin/src/scripts/template-ns-activate.pl.in,v retrieving revision 1.4 retrieving revision 1.5 diff -u -r1.4 -r1.5 --- template-ns-activate.pl.in 12 Feb 2007 19:55:10 -0000 1.4 +++ template-ns-activate.pl.in 12 Jan 2009 16:26:14 -0000 1.5 @@ -463,17 +463,15 @@ close(RPASS); } elsif ($rootpw eq "-"){ # Read the password from terminal - die "The '-w -' option requires an extension library (Term::ReadKey) which is not\n", - "part of the standard perl distribution. If you want to use it, you must\n", - "download and install the module. You can find it at\n", - "http://www.perl.com/CPAN/CPAN.html\n"; -# Remove the previous line and uncomment the following 6 lines once you have installed Term::ReadKey module. -# use Term::ReadKey; -# print "Bind Password: "; -# ReadMode('noecho'); -# $rootpw = ReadLine(0); -# chomp($rootpw); -# ReadMode('normal'); + print "Bind Password: "; + # Disable console echo + system("stty -echo"); + # read the answer + $rootpw = ; + # Enable console echo + system("stty echo"); + print "\n"; + chop($rootpw); # trim trailing newline } if( $rootpw eq "" ) Index: template-ns-inactivate.pl.in =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/admin/src/scripts/template-ns-inactivate.pl.in,v retrieving revision 1.4 retrieving revision 1.5 diff -u -r1.4 -r1.5 --- template-ns-inactivate.pl.in 12 Feb 2007 19:55:10 -0000 1.4 +++ template-ns-inactivate.pl.in 12 Jan 2009 16:26:14 -0000 1.5 @@ -463,17 +463,15 @@ close(RPASS); } elsif ($rootpw eq "-"){ # Read the password from terminal - die "The '-w -' option requires an extension library (Term::ReadKey) which is not\n", - "part of the standard perl distribution. If you want to use it, you must\n", - "download and install the module. You can find it at\n", - "http://www.perl.com/CPAN/CPAN.html\n"; -# Remove the previous line and uncomment the following 6 lines once you have installed Term::ReadKey module. -# use Term::ReadKey; -# print "Bind Password: "; -# ReadMode('noecho'); -# $rootpw = ReadLine(0); -# chomp($rootpw); -# ReadMode('normal'); + print "Bind Password: "; + # Disable console echo + system("stty -echo"); + # read the answer + $rootpw = ; + # Enable console echo + system("stty echo"); + print "\n"; + chop($rootpw); # trim trailing newline } if( $rootpw eq "" ) Index: template-schema-reload.pl.in =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/admin/src/scripts/template-schema-reload.pl.in,v retrieving revision 1.1 retrieving revision 1.2 diff -u -r1.1 -r1.2 --- template-schema-reload.pl.in 2 Jul 2008 16:14:40 -0000 1.1 +++ template-schema-reload.pl.in 12 Jan 2009 16:26:14 -0000 1.2 @@ -108,17 +108,15 @@ close(RPASS); } elsif ($passwd eq "-"){ # Read the password from terminal - die "The '-w -' option requires an extension library (Term::ReadKey) which is not\n", - "part of the standard perl distribution. If you want to use it, you must\n", - "download and install the module. You can find it at\n", - "http://www.perl.com/CPAN/CPAN.html\n"; -# Remove the previous line and uncomment the following 6 lines once you have installed Term::ReadKey module. -# use Term::ReadKey; -# print "Bind Password: "; -# ReadMode('noecho'); -# $passwd = ReadLine(0); -# chomp($passwd); -# ReadMode('normal'); + print "Bind Password: "; + # Disable console echo + system("stty -echo"); + # read the answer + $passwd = ; + # Enable console echo + system("stty echo"); + print "\n"; + chop($passwd); # trim trailing newline } if ( $rootdn eq "" || $passwd eq "" ) From nkinder at fedoraproject.org Mon Jan 12 16:47:36 2009 From: nkinder at fedoraproject.org (Nathan Kinder) Date: Mon, 12 Jan 2009 16:47:36 +0000 (UTC) Subject: [Fedora-directory-commits] mod_restartd LICENSE, NONE, 1.1 Makefile.am, 1.10, 1.11 Makefile.in, 1.11, 1.12 aclocal.m4, 1.10, 1.11 configure, 1.10, 1.11 configure.in, 1.8, 1.9 ltmain.sh, 1.3, 1.4 makerpm.sh, 1.1, 1.2 mod_include-2.2.h, 1.1, 1.2 mod_include.h, 1.1.1.1, 1.2 mod_restartd-2.2.c, 1.1, 1.2 mod_restartd.c, 1.5, 1.6 mod_restartd.spec, 1.1, 1.2 mod_suexec-2.2.h, 1.1, 1.2 mod_suexec.h, 1.1.1.1, 1.2 AUTHORS, 1.1, NONE COPYING, 1.1, NONE ChangeLog, 1.1, NONE INSTALL, 1.2, NONE NEWS, 1.1, NONE Message-ID: <20090112164736.D52047013F@cvs1.fedora.phx.redhat.com> Author: nkinder Update of /cvs/dirsec/mod_restartd In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv24747 Modified Files: Makefile.am Makefile.in aclocal.m4 configure configure.in ltmain.sh makerpm.sh mod_include-2.2.h mod_include.h mod_restartd-2.2.c mod_restartd.c mod_restartd.spec mod_suexec-2.2.h mod_suexec.h Added Files: LICENSE Removed Files: AUTHORS COPYING ChangeLog INSTALL NEWS Log Message: Resolves: 215836 Summary: Correct license headers in mod_restartd. --- NEW FILE LICENSE --- # BEGIN COPYRIGHT BLOCK # # The Apache Software License, Version 1.1 # # Copyright (c) 2000-2003 The Apache Software Foundation. All rights # reserved. # # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions # are met: # # 1. Redistributions of source code must retain the above copyright # notice, this list of conditions and the following disclaimer. # # 2. Redistributions in binary form must reproduce the above copyright # notice, this list of conditions and the following disclaimer in # the documentation and/or other materials provided with the # distribution. # # 3. The end-user documentation included with the redistribution, # if any, must include the following acknowledgment: # "This product includes software developed by the # Apache Software Foundation (http://www.apache.org/)." # Alternately, this acknowledgment may appear in the software itself, # if and wherever such third-party acknowledgments normally appear. # # 4. The names "Apache" and "Apache Software Foundation" must # not be used to endorse or promote products derived from this # software without prior written permission. For written # permission, please contact apache at apache.org. # # 5. Products derived from this software may not be called "Apache", # nor may "Apache" appear in their name, without prior written # permission of the Apache Software Foundation. # # THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED # WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES # OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE # DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR # ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF # USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND # ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, # OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT # OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF # SUCH DAMAGE. # ==================================================================== # # This software consists of voluntary contributions made by many # individuals on behalf of the Apache Software Foundation. For more # information on the Apache Software Foundation, please see # . # # Portions of this software are based upon public domain software # originally written at the National Center for Supercomputing Applications, # University of Illinois, Urbana-Champaign. # # Copyright (C) 2005 Red Hat, Inc. # All rights reserved. # # END COPYRIGHT BLOCK Index: Makefile.am =================================================================== RCS file: /cvs/dirsec/mod_restartd/Makefile.am,v retrieving revision 1.10 retrieving revision 1.11 diff -u -r1.10 -r1.11 --- Makefile.am 11 May 2007 19:47:21 -0000 1.10 +++ Makefile.am 12 Jan 2009 16:47:33 -0000 1.11 @@ -1,3 +1,67 @@ +# BEGIN COPYRIGHT BLOCK +# +# The Apache Software License, Version 1.1 +# +# Copyright (c) 2000-2003 The Apache Software Foundation. All rights +# reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in +# the documentation and/or other materials provided with the +# distribution. +# +# 3. The end-user documentation included with the redistribution, +# if any, must include the following acknowledgment: +# "This product includes software developed by the +# Apache Software Foundation (http://www.apache.org/)." +# Alternately, this acknowledgment may appear in the software itself, +# if and wherever such third-party acknowledgments normally appear. +# +# 4. The names "Apache" and "Apache Software Foundation" must +# not be used to endorse or promote products derived from this +# software without prior written permission. For written +# permission, please contact apache at apache.org. +# +# 5. Products derived from this software may not be called "Apache", +# nor may "Apache" appear in their name, without prior written +# permission of the Apache Software Foundation. +# +# THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES +# OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +# DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR +# ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT +# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF +# USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND +# ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, +# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT +# OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. +# ==================================================================== +# +# This software consists of voluntary contributions made by many +# individuals on behalf of the Apache Software Foundation. For more +# information on the Apache Software Foundation, please see +# . +# +# Portions of this software are based upon public domain software +# originally written at the National Center for Supercomputing Applications, +# University of Illinois, Urbana-Champaign. +# +# Copyright (C) 2005 Red Hat, Inc. +# All rights reserved. +# +# END COPYRIGHT BLOCK + + # The directory in which the module is installed - # relative to libdir - apxs will ignore this though moddir = $(libdir)@moddir@ Index: Makefile.in =================================================================== RCS file: /cvs/dirsec/mod_restartd/Makefile.in,v retrieving revision 1.11 retrieving revision 1.12 diff -u -r1.11 -r1.12 --- Makefile.in 11 May 2007 19:47:21 -0000 1.11 +++ Makefile.in 12 Jan 2009 16:47:33 -0000 1.12 @@ -14,6 +14,69 @@ @SET_MAKE@ +# BEGIN COPYRIGHT BLOCK +# +# The Apache Software License, Version 1.1 +# +# Copyright (c) 2000-2003 The Apache Software Foundation. All rights +# reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in +# the documentation and/or other materials provided with the +# distribution. +# +# 3. The end-user documentation included with the redistribution, +# if any, must include the following acknowledgment: +# "This product includes software developed by the +# Apache Software Foundation (http://www.apache.org/)." +# Alternately, this acknowledgment may appear in the software itself, +# if and wherever such third-party acknowledgments normally appear. +# +# 4. The names "Apache" and "Apache Software Foundation" must +# not be used to endorse or promote products derived from this +# software without prior written permission. For written +# permission, please contact apache at apache.org. +# +# 5. Products derived from this software may not be called "Apache", +# nor may "Apache" appear in their name, without prior written +# permission of the Apache Software Foundation. +# +# THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES +# OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +# DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR +# ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT +# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF +# USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND +# ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, +# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT +# OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. +# ==================================================================== +# +# This software consists of voluntary contributions made by many +# individuals on behalf of the Apache Software Foundation. For more +# information on the Apache Software Foundation, please see +# . +# +# Portions of this software are based upon public domain software +# originally written at the National Center for Supercomputing Applications, +# University of Illinois, Urbana-Champaign. +# +# Copyright (C) 2005 Red Hat, Inc. +# All rights reserved. +# +# END COPYRIGHT BLOCK + srcdir = @srcdir@ top_srcdir = @top_srcdir@ VPATH = @srcdir@ @@ -37,9 +100,8 @@ build_triplet = @build@ host_triplet = @host@ DIST_COMMON = README $(am__configure_deps) $(srcdir)/Makefile.am \ - $(srcdir)/Makefile.in $(top_srcdir)/configure AUTHORS COPYING \ - ChangeLog INSTALL NEWS config.guess config.sub depcomp \ - install-sh ltmain.sh missing mkinstalldirs + $(srcdir)/Makefile.in $(top_srcdir)/configure config.guess \ + config.sub depcomp install-sh ltmain.sh missing mkinstalldirs subdir = . ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/configure.in @@ -135,7 +197,6 @@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ RANLIB = @RANLIB@ -SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ STRIP = @STRIP@ @@ -218,15 +279,15 @@ @for dep in $?; do \ case '$(am__configure_deps)' in \ *$$dep*) \ - echo ' cd $(srcdir) && $(AUTOMAKE) --gnu '; \ - cd $(srcdir) && $(AUTOMAKE) --gnu \ + echo ' cd $(srcdir) && $(AUTOMAKE) --foreign '; \ + cd $(srcdir) && $(AUTOMAKE) --foreign \ && exit 0; \ exit 1;; \ esac; \ done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu Makefile'; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign Makefile'; \ cd $(top_srcdir) && \ - $(AUTOMAKE) --gnu Makefile + $(AUTOMAKE) --foreign Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ Index: aclocal.m4 =================================================================== RCS file: /cvs/dirsec/mod_restartd/aclocal.m4,v retrieving revision 1.10 retrieving revision 1.11 diff -u -r1.10 -r1.11 --- aclocal.m4 11 May 2007 19:47:21 -0000 1.10 +++ aclocal.m4 12 Jan 2009 16:47:33 -0000 1.11 @@ -1578,27 +1578,10 @@ # before this can be enabled. hardcode_into_libs=yes - # find out which ABI we are using - libsuff= - case "$host_cpu" in - x86_64*|s390x*|powerpc64*) - echo '[#]line __oline__ "configure"' > conftest.$ac_ext - if AC_TRY_EVAL(ac_compile); then - case `/usr/bin/file conftest.$ac_objext` in - *64-bit*) - libsuff=64 - sys_lib_search_path_spec="/lib${libsuff} /usr/lib${libsuff} /usr/local/lib${libsuff}" - ;; - esac - fi - rm -rf conftest* - ;; - esac - # Append ld.so.conf contents to the search path if test -f /etc/ld.so.conf; then - lt_ld_extra=`awk '/^include / { system(sprintf("cd /etc; cat %s 2>/dev/null", \[$]2)); skip = 1; } { if (!skip) print \[$]0; skip = 0; }' < /etc/ld.so.conf | $SED -e 's/#.*//;s/[:, ]/ /g;s/=[^=]*$//;s/=[^= ]* / /g;/^$/d' | tr '\n' ' '` - sys_lib_dlsearch_path_spec="/lib${libsuff} /usr/lib${libsuff} $lt_ld_extra" + lt_ld_extra=`awk '/^include / { system(sprintf("cd /etc; cat %s", \[$]2)); skip = 1; } { if (!skip) print \[$]0; skip = 0; }' < /etc/ld.so.conf | $SED -e 's/#.*//;s/[:, ]/ /g;s/=[^=]*$//;s/=[^= ]* / /g;/^$/d' | tr '\n' ' '` + sys_lib_dlsearch_path_spec="/lib /usr/lib $lt_ld_extra" fi # We used to test for /lib/ld.so.1 and disable shared libraries on @@ -4305,9 +4288,6 @@ # Is the compiler the GNU C compiler? with_gcc=$_LT_AC_TAGVAR(GCC, $1) -gcc_dir=\`gcc -print-file-name=. | $SED 's,/\.$,,'\` -gcc_ver=\`gcc -dumpversion\` - # An ERE matcher. EGREP=$lt_EGREP @@ -4441,11 +4421,11 @@ # Dependencies to place before the objects being linked to create a # shared library. -predep_objects=\`echo $lt_[]_LT_AC_TAGVAR(predep_objects, $1) | \$SED -e "s@\${gcc_dir}@\\\${gcc_dir}@g;s@\${gcc_ver}@\\\${gcc_ver}@g"\` +predep_objects=$lt_[]_LT_AC_TAGVAR(predep_objects, $1) # Dependencies to place after the objects being linked to create a # shared library. -postdep_objects=\`echo $lt_[]_LT_AC_TAGVAR(postdep_objects, $1) | \$SED -e "s@\${gcc_dir}@\\\${gcc_dir}@g;s@\${gcc_ver}@\\\${gcc_ver}@g"\` +postdep_objects=$lt_[]_LT_AC_TAGVAR(postdep_objects, $1) # Dependencies to place before the objects being linked to create a # shared library. @@ -4457,7 +4437,7 @@ # The library search path used internally by the compiler when linking # a shared library. -compiler_lib_search_path=\`echo $lt_[]_LT_AC_TAGVAR(compiler_lib_search_path, $1) | \$SED -e "s@\${gcc_dir}@\\\${gcc_dir}@g;s@\${gcc_ver}@\\\${gcc_ver}@g"\` +compiler_lib_search_path=$lt_[]_LT_AC_TAGVAR(compiler_lib_search_path, $1) # Method to check whether dependent libraries are shared objects. deplibs_check_method=$lt_deplibs_check_method @@ -4537,7 +4517,7 @@ link_all_deplibs=$_LT_AC_TAGVAR(link_all_deplibs, $1) # Compile-time system search path for libraries -sys_lib_search_path_spec=\`echo $lt_sys_lib_search_path_spec | \$SED -e "s@\${gcc_dir}@\\\${gcc_dir}@g;s@\${gcc_ver}@\\\${gcc_ver}@g"\` +sys_lib_search_path_spec=$lt_sys_lib_search_path_spec # Run-time system search path for libraries sys_lib_dlsearch_path_spec=$lt_sys_lib_dlsearch_path_spec @@ -6373,7 +6353,6 @@ done done done -IFS=$as_save_IFS lt_ac_max=0 lt_ac_count=0 # Add /usr/xpg4/bin/sed as it is typically found on Solaris @@ -6406,7 +6385,6 @@ done ]) SED=$lt_cv_path_SED -AC_SUBST([SED]) AC_MSG_RESULT([$SED]) ]) Index: configure =================================================================== RCS file: /cvs/dirsec/mod_restartd/configure,v retrieving revision 1.10 retrieving revision 1.11 diff -u -r1.10 -r1.11 --- configure 11 May 2007 19:47:21 -0000 1.10 +++ configure 12 Jan 2009 16:47:33 -0000 1.11 @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.59. +# Generated by GNU Autoconf 2.59 for mod_restartd 1.0. # # Copyright (C) 2003 Free Software Foundation, Inc. # This configure script is free software; the Free Software Foundation @@ -419,11 +419,11 @@ : ${ac_max_here_lines=38} # Identity of this package. -PACKAGE_NAME= -PACKAGE_TARNAME= -PACKAGE_VERSION= -PACKAGE_STRING= -PACKAGE_BUGREPORT= +PACKAGE_NAME='mod_restartd' +PACKAGE_TARNAME='mod_restartd' +PACKAGE_VERSION='1.0' +PACKAGE_STRING='mod_restartd 1.0' +PACKAGE_BUGREPORT='' # Factoring default headers for most tests. ac_includes_default="\ @@ -462,7 +462,7 @@ # include #endif" -ac_subst_vars='SHELL PATH_SEPARATOR PACKAGE_NAME PACKAGE_TARNAME PACKAGE_VERSION PACKAGE_STRING PACKAGE_BUGREPORT exec_prefix prefix program_transform_name bindir sbindir libexecdir datadir sysconfdir sharedstatedir localstatedir libdir includedir oldincludedir infodir mandir build_alias host_alias target_alias DEFS ECHO_C ECHO_N ECHO_T LIBS INSTALL_PROGRAM INSTALL_SCRIPT INSTALL_DATA CYGPATH_W PACKAGE VERSION ACLOCAL AUTOCONF AUTOMAKE AUTOHEADER MAKEINFO install_sh STRIP ac_ct_STRIP INSTALL_STRIP_PROGRAM mkdir_p AWK SET_MAKE am__leading_dot AMTAR am__tar am__untar CC CFLAGS LDFLAGS CPPFLAGS ac_ct_CC EXEEXT OBJEXT DEPDIR am__include am__quote AMDEP_TRUE AMDEP_FALSE AMDEPBACKSLASH CCDEPMODE am__fastdepCC_TRUE am__fastdepCC_FALSE build build_cpu build_vendor build_os host host_cpu host_vendor host_os SED EGREP LN_S ECHO AR ac_ct_AR RANLIB ac_ct_RANLIB CPP CXX CXXFLAGS ac_ct_CXX CXXDEPMODE am__fastdepCXX_TRUE am__fastdepCXX_FALSE CXXCPP F77 FFLAGS ac_ct_F77 LIBTOOL APR_CONFIG A PXS HAVE_ADMINSERVER_TRUE HAVE_ADMINSERVER_FALSE apr_inc apache_inc apache_conf apache_prefix apache_bin extra_cppflags ap_ver_suf moddir LIBOBJS LTLIBOBJS' +ac_subst_vars='SHELL PATH_SEPARATOR PACKAGE_NAME PACKAGE_TARNAME PACKAGE_VERSION PACKAGE_STRING PACKAGE_BUGREPORT exec_prefix prefix program_transform_name bindir sbindir libexecdir datadir sysconfdir sharedstatedir localstatedir libdir includedir oldincludedir infodir mandir build_alias host_alias target_alias DEFS ECHO_C ECHO_N ECHO_T LIBS INSTALL_PROGRAM INSTALL_SCRIPT INSTALL_DATA CYGPATH_W PACKAGE VERSION ACLOCAL AUTOCONF AUTOMAKE AUTOHEADER MAKEINFO install_sh STRIP ac_ct_STRIP INSTALL_STRIP_PROGRAM mkdir_p AWK SET_MAKE am__leading_dot AMTAR am__tar am__untar CC CFLAGS LDFLAGS CPPFLAGS ac_ct_CC EXEEXT OBJEXT DEPDIR am__include am__quote AMDEP_TRUE AMDEP_FALSE AMDEPBACKSLASH CCDEPMODE am__fastdepCC_TRUE am__fastdepCC_FALSE build build_cpu build_vendor build_os host host_cpu host_vendor host_os EGREP LN_S ECHO AR ac_ct_AR RANLIB ac_ct_RANLIB CPP CXX CXXFLAGS ac_ct_CXX CXXDEPMODE am__fastdepCXX_TRUE am__fastdepCXX_FALSE CXXCPP F77 FFLAGS ac_ct_F77 LIBTOOL APR_CONFIG APXS HAVE_ADMINSERVER_TRUE HAVE_ADMINSERVER_FALSE apr_inc apache_inc apache_conf apache_prefix apache_bin extra_cppflags ap_ver_suf moddir LIBOBJS LTLIBOBJS' ac_subst_files='' # Initialize some variables set by options. @@ -951,7 +951,7 @@ # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures this package to adapt to many kinds of systems. +\`configure' configures mod_restartd 1.0 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1016,7 +1016,9 @@ fi if test -n "$ac_init_help"; then - + case $ac_init_help in + short | recursive ) echo "Configuration of mod_restartd 1.0:";; + esac cat <<\_ACEOF Optional Features: @@ -1157,6 +1159,8 @@ test -n "$ac_init_help" && exit 0 if $ac_init_version; then cat <<\_ACEOF +mod_restartd configure 1.0 +generated by GNU Autoconf 2.59 Copyright (C) 2003 Free Software Foundation, Inc. This configure script is free software; the Free Software Foundation @@ -1169,7 +1173,7 @@ This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by $as_me, which was +It was created by mod_restartd $as_me 1.0, which was generated by GNU Autoconf 2.59. Invocation command line was $ $0 $@ @@ -1498,6 +1502,14 @@ + + + + + + + + # Automake initialization am__api_version="1.9" ac_aux_dir= @@ -1805,8 +1817,8 @@ # Define the identity of the package. - PACKAGE=mod_restartd - VERSION=1.0 + PACKAGE='mod_restartd' + VERSION='1.0' cat >>confdefs.h <<_ACEOF @@ -3188,7 +3200,6 @@ done done done -IFS=$as_save_IFS lt_ac_max=0 lt_ac_count=0 # Add /usr/xpg4/bin/sed as it is typically found on Solaris @@ -3223,7 +3234,6 @@ fi SED=$lt_cv_path_SED - echo "$as_me:$LINENO: result: $SED" >&5 echo "${ECHO_T}$SED" >&6 @@ -3664,7 +3674,7 @@ ;; *-*-irix6*) # Find out which ABI we are using. - echo '#line 3667 "configure"' > conftest.$ac_ext + echo '#line 3677 "configure"' > conftest.$ac_ext if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? @@ -4441,9 +4451,9 @@ echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;} ( cat <<\_ASBOX -## ------------------------------------------ ## -## Report this to the AC_PACKAGE_NAME lists. ## -## ------------------------------------------ ## +## --------------------------------------- ## +## Report this to the mod_restartd lists. ## +## --------------------------------------- ## _ASBOX ) | sed "s/^/$as_me: WARNING: /" >&2 @@ -5263,7 +5273,7 @@ # Provide some information about the compiler. -echo "$as_me:5266:" \ +echo "$as_me:5276:" \ "checking for Fortran 77 compiler version" >&5 ac_compiler=`set X $ac_compile; echo $2` { (eval echo "$as_me:$LINENO: \"$ac_compiler --version &5\"") >&5 @@ -6326,11 +6336,11 @@ -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:6329: $lt_compile\"" >&5) + (eval echo "\"\$as_me:6339: $lt_compile\"" >&5) (eval "$lt_compile" 2>conftest.err) ac_status=$? cat conftest.err >&5 - echo "$as_me:6333: \$? = $ac_status" >&5 + echo "$as_me:6343: \$? = $ac_status" >&5 if (exit $ac_status) && test -s "$ac_outfile"; then # The compiler can only warn and ignore the option if not recognized # So say no if there are warnings other than the usual output. @@ -6594,11 +6604,11 @@ -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:6597: $lt_compile\"" >&5) + (eval echo "\"\$as_me:6607: $lt_compile\"" >&5) (eval "$lt_compile" 2>conftest.err) ac_status=$? cat conftest.err >&5 - echo "$as_me:6601: \$? = $ac_status" >&5 + echo "$as_me:6611: \$? = $ac_status" >&5 if (exit $ac_status) && test -s "$ac_outfile"; then # The compiler can only warn and ignore the option if not recognized # So say no if there are warnings other than the usual output. @@ -6698,11 +6708,11 @@ -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:6701: $lt_compile\"" >&5) + (eval echo "\"\$as_me:6711: $lt_compile\"" >&5) (eval "$lt_compile" 2>out/conftest.err) ac_status=$? cat out/conftest.err >&5 - echo "$as_me:6705: \$? = $ac_status" >&5 + echo "$as_me:6715: \$? = $ac_status" >&5 if (exit $ac_status) && test -s out/conftest2.$ac_objext then # The compiler can only warn and ignore the option if not recognized @@ -8163,31 +8173,10 @@ # before this can be enabled. hardcode_into_libs=yes - # find out which ABI we are using - libsuff= - case "$host_cpu" in - x86_64*|s390x*|powerpc64*) - echo '#line 8170 "configure"' > conftest.$ac_ext - if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 - (eval $ac_compile) 2>&5 - ac_status=$? - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); }; then - case `/usr/bin/file conftest.$ac_objext` in - *64-bit*) - libsuff=64 - sys_lib_search_path_spec="/lib${libsuff} /usr/lib${libsuff} /usr/local/lib${libsuff}" - ;; - esac - fi - rm -rf conftest* - ;; - esac - # Append ld.so.conf contents to the search path if test -f /etc/ld.so.conf; then - lt_ld_extra=`awk '/^include / { system(sprintf("cd /etc; cat %s 2>/dev/null", \$2)); skip = 1; } { if (!skip) print \$0; skip = 0; }' < /etc/ld.so.conf | $SED -e 's/#.*//;s/[:, ]/ /g;s/=[^=]*$//;s/=[^= ]* / /g;/^$/d' | tr '\n' ' '` - sys_lib_dlsearch_path_spec="/lib${libsuff} /usr/lib${libsuff} $lt_ld_extra" + lt_ld_extra=`awk '/^include / { system(sprintf("cd /etc; cat %s", \$2)); skip = 1; } { if (!skip) print \$0; skip = 0; }' < /etc/ld.so.conf | $SED -e 's/#.*//;s/[:, ]/ /g;s/=[^=]*$//;s/=[^= ]* / /g;/^$/d' | tr '\n' ' '` + sys_lib_dlsearch_path_spec="/lib /usr/lib $lt_ld_extra" fi # We used to test for /lib/ld.so.1 and disable shared libraries on @@ -9064,7 +9053,7 @@ lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2 lt_status=$lt_dlunknown cat > conftest.$ac_ext < conftest.$ac_ext <&5) + (eval echo "\"\$as_me:11496: $lt_compile\"" >&5) (eval "$lt_compile" 2>conftest.err) ac_status=$? cat conftest.err >&5 - echo "$as_me:11514: \$? = $ac_status" >&5 + echo "$as_me:11500: \$? = $ac_status" >&5 if (exit $ac_status) && test -s "$ac_outfile"; then # The compiler can only warn and ignore the option if not recognized # So say no if there are warnings other than the usual output. @@ -11611,11 +11597,11 @@ -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:11614: $lt_compile\"" >&5) + (eval echo "\"\$as_me:11600: $lt_compile\"" >&5) (eval "$lt_compile" 2>out/conftest.err) ac_status=$? cat out/conftest.err >&5 - echo "$as_me:11618: \$? = $ac_status" >&5 + echo "$as_me:11604: \$? = $ac_status" >&5 if (exit $ac_status) && test -s out/conftest2.$ac_objext then # The compiler can only warn and ignore the option if not recognized @@ -12143,31 +12129,10 @@ # before this can be enabled. hardcode_into_libs=yes - # find out which ABI we are using - libsuff= - case "$host_cpu" in - x86_64*|s390x*|powerpc64*) - echo '#line 12150 "configure"' > conftest.$ac_ext - if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 - (eval $ac_compile) 2>&5 - ac_status=$? - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); }; then - case `/usr/bin/file conftest.$ac_objext` in - *64-bit*) - libsuff=64 - sys_lib_search_path_spec="/lib${libsuff} /usr/lib${libsuff} /usr/local/lib${libsuff}" - ;; - esac - fi - rm -rf conftest* - ;; - esac - # Append ld.so.conf contents to the search path if test -f /etc/ld.so.conf; then - lt_ld_extra=`awk '/^include / { system(sprintf("cd /etc; cat %s 2>/dev/null", \$2)); skip = 1; } { if (!skip) print \$0; skip = 0; }' < /etc/ld.so.conf | $SED -e 's/#.*//;s/[:, ]/ /g;s/=[^=]*$//;s/=[^= ]* / /g;/^$/d' | tr '\n' ' '` - sys_lib_dlsearch_path_spec="/lib${libsuff} /usr/lib${libsuff} $lt_ld_extra" + lt_ld_extra=`awk '/^include / { system(sprintf("cd /etc; cat %s", \$2)); skip = 1; } { if (!skip) print \$0; skip = 0; }' < /etc/ld.so.conf | $SED -e 's/#.*//;s/[:, ]/ /g;s/=[^=]*$//;s/=[^= ]* / /g;/^$/d' | tr '\n' ' '` + sys_lib_dlsearch_path_spec="/lib /usr/lib $lt_ld_extra" fi # We used to test for /lib/ld.so.1 and disable shared libraries on @@ -12551,9 +12516,6 @@ # Is the compiler the GNU C compiler? with_gcc=$GCC_CXX -gcc_dir=\`gcc -print-file-name=. | $SED 's,/\.$,,'\` -gcc_ver=\`gcc -dumpversion\` - # An ERE matcher. EGREP=$lt_EGREP @@ -12687,11 +12649,11 @@ # Dependencies to place before the objects being linked to create a # shared library. -predep_objects=\`echo $lt_predep_objects_CXX | \$SED -e "s@\${gcc_dir}@\\\${gcc_dir}@g;s@\${gcc_ver}@\\\${gcc_ver}@g"\` +predep_objects=$lt_predep_objects_CXX # Dependencies to place after the objects being linked to create a # shared library. -postdep_objects=\`echo $lt_postdep_objects_CXX | \$SED -e "s@\${gcc_dir}@\\\${gcc_dir}@g;s@\${gcc_ver}@\\\${gcc_ver}@g"\` +postdep_objects=$lt_postdep_objects_CXX # Dependencies to place before the objects being linked to create a # shared library. @@ -12703,7 +12665,7 @@ # The library search path used internally by the compiler when linking # a shared library. -compiler_lib_search_path=\`echo $lt_compiler_lib_search_path_CXX | \$SED -e "s@\${gcc_dir}@\\\${gcc_dir}@g;s@\${gcc_ver}@\\\${gcc_ver}@g"\` +compiler_lib_search_path=$lt_compiler_lib_search_path_CXX # Method to check whether dependent libraries are shared objects. deplibs_check_method=$lt_deplibs_check_method @@ -12783,7 +12745,7 @@ link_all_deplibs=$link_all_deplibs_CXX # Compile-time system search path for libraries -sys_lib_search_path_spec=\`echo $lt_sys_lib_search_path_spec | \$SED -e "s@\${gcc_dir}@\\\${gcc_dir}@g;s@\${gcc_ver}@\\\${gcc_ver}@g"\` +sys_lib_search_path_spec=$lt_sys_lib_search_path_spec # Run-time system search path for libraries sys_lib_dlsearch_path_spec=$lt_sys_lib_dlsearch_path_spec @@ -13205,11 +13167,11 @@ -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:13208: $lt_compile\"" >&5) + (eval echo "\"\$as_me:13170: $lt_compile\"" >&5) (eval "$lt_compile" 2>conftest.err) ac_status=$? cat conftest.err >&5 - echo "$as_me:13212: \$? = $ac_status" >&5 + echo "$as_me:13174: \$? = $ac_status" >&5 if (exit $ac_status) && test -s "$ac_outfile"; then # The compiler can only warn and ignore the option if not recognized # So say no if there are warnings other than the usual output. @@ -13309,11 +13271,11 @@ -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:13312: $lt_compile\"" >&5) + (eval echo "\"\$as_me:13274: $lt_compile\"" >&5) (eval "$lt_compile" 2>out/conftest.err) ac_status=$? cat out/conftest.err >&5 - echo "$as_me:13316: \$? = $ac_status" >&5 + echo "$as_me:13278: \$? = $ac_status" >&5 if (exit $ac_status) && test -s out/conftest2.$ac_objext then # The compiler can only warn and ignore the option if not recognized @@ -14754,31 +14716,10 @@ # before this can be enabled. hardcode_into_libs=yes - # find out which ABI we are using - libsuff= - case "$host_cpu" in - x86_64*|s390x*|powerpc64*) - echo '#line 14761 "configure"' > conftest.$ac_ext - if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 - (eval $ac_compile) 2>&5 - ac_status=$? - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); }; then - case `/usr/bin/file conftest.$ac_objext` in - *64-bit*) - libsuff=64 - sys_lib_search_path_spec="/lib${libsuff} /usr/lib${libsuff} /usr/local/lib${libsuff}" - ;; - esac - fi - rm -rf conftest* - ;; - esac - # Append ld.so.conf contents to the search path if test -f /etc/ld.so.conf; then - lt_ld_extra=`awk '/^include / { system(sprintf("cd /etc; cat %s 2>/dev/null", \$2)); skip = 1; } { if (!skip) print \$0; skip = 0; }' < /etc/ld.so.conf | $SED -e 's/#.*//;s/[:, ]/ /g;s/=[^=]*$//;s/=[^= ]* / /g;/^$/d' | tr '\n' ' '` - sys_lib_dlsearch_path_spec="/lib${libsuff} /usr/lib${libsuff} $lt_ld_extra" + lt_ld_extra=`awk '/^include / { system(sprintf("cd /etc; cat %s", \$2)); skip = 1; } { if (!skip) print \$0; skip = 0; }' < /etc/ld.so.conf | $SED -e 's/#.*//;s/[:, ]/ /g;s/=[^=]*$//;s/=[^= ]* / /g;/^$/d' | tr '\n' ' '` + sys_lib_dlsearch_path_spec="/lib /usr/lib $lt_ld_extra" fi # We used to test for /lib/ld.so.1 and disable shared libraries on @@ -15162,9 +15103,6 @@ # Is the compiler the GNU C compiler? with_gcc=$GCC_F77 -gcc_dir=\`gcc -print-file-name=. | $SED 's,/\.$,,'\` -gcc_ver=\`gcc -dumpversion\` - # An ERE matcher. EGREP=$lt_EGREP @@ -15298,11 +15236,11 @@ # Dependencies to place before the objects being linked to create a # shared library. -predep_objects=\`echo $lt_predep_objects_F77 | \$SED -e "s@\${gcc_dir}@\\\${gcc_dir}@g;s@\${gcc_ver}@\\\${gcc_ver}@g"\` +predep_objects=$lt_predep_objects_F77 # Dependencies to place after the objects being linked to create a # shared library. -postdep_objects=\`echo $lt_postdep_objects_F77 | \$SED -e "s@\${gcc_dir}@\\\${gcc_dir}@g;s@\${gcc_ver}@\\\${gcc_ver}@g"\` +postdep_objects=$lt_postdep_objects_F77 # Dependencies to place before the objects being linked to create a # shared library. @@ -15314,7 +15252,7 @@ # The library search path used internally by the compiler when linking # a shared library. -compiler_lib_search_path=\`echo $lt_compiler_lib_search_path_F77 | \$SED -e "s@\${gcc_dir}@\\\${gcc_dir}@g;s@\${gcc_ver}@\\\${gcc_ver}@g"\` +compiler_lib_search_path=$lt_compiler_lib_search_path_F77 # Method to check whether dependent libraries are shared objects. deplibs_check_method=$lt_deplibs_check_method @@ -15394,7 +15332,7 @@ link_all_deplibs=$link_all_deplibs_F77 # Compile-time system search path for libraries -sys_lib_search_path_spec=\`echo $lt_sys_lib_search_path_spec | \$SED -e "s@\${gcc_dir}@\\\${gcc_dir}@g;s@\${gcc_ver}@\\\${gcc_ver}@g"\` +sys_lib_search_path_spec=$lt_sys_lib_search_path_spec # Run-time system search path for libraries sys_lib_dlsearch_path_spec=$lt_sys_lib_dlsearch_path_spec @@ -15536,11 +15474,11 @@ -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:15539: $lt_compile\"" >&5) + (eval echo "\"\$as_me:15477: $lt_compile\"" >&5) (eval "$lt_compile" 2>conftest.err) ac_status=$? cat conftest.err >&5 - echo "$as_me:15543: \$? = $ac_status" >&5 + echo "$as_me:15481: \$? = $ac_status" >&5 if (exit $ac_status) && test -s "$ac_outfile"; then # The compiler can only warn and ignore the option if not recognized # So say no if there are warnings other than the usual output. @@ -15804,11 +15742,11 @@ -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:15807: $lt_compile\"" >&5) + (eval echo "\"\$as_me:15745: $lt_compile\"" >&5) (eval "$lt_compile" 2>conftest.err) ac_status=$? cat conftest.err >&5 - echo "$as_me:15811: \$? = $ac_status" >&5 + echo "$as_me:15749: \$? = $ac_status" >&5 if (exit $ac_status) && test -s "$ac_outfile"; then # The compiler can only warn and ignore the option if not recognized # So say no if there are warnings other than the usual output. @@ -15908,11 +15846,11 @@ -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:15911: $lt_compile\"" >&5) + (eval echo "\"\$as_me:15849: $lt_compile\"" >&5) (eval "$lt_compile" 2>out/conftest.err) ac_status=$? cat out/conftest.err >&5 - echo "$as_me:15915: \$? = $ac_status" >&5 + echo "$as_me:15853: \$? = $ac_status" >&5 if (exit $ac_status) && test -s out/conftest2.$ac_objext then # The compiler can only warn and ignore the option if not recognized @@ -17373,31 +17311,10 @@ # before this can be enabled. hardcode_into_libs=yes - # find out which ABI we are using - libsuff= - case "$host_cpu" in - x86_64*|s390x*|powerpc64*) - echo '#line 17380 "configure"' > conftest.$ac_ext - if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 - (eval $ac_compile) 2>&5 - ac_status=$? - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); }; then - case `/usr/bin/file conftest.$ac_objext` in - *64-bit*) - libsuff=64 - sys_lib_search_path_spec="/lib${libsuff} /usr/lib${libsuff} /usr/local/lib${libsuff}" - ;; - esac - fi - rm -rf conftest* - ;; - esac - # Append ld.so.conf contents to the search path if test -f /etc/ld.so.conf; then - lt_ld_extra=`awk '/^include / { system(sprintf("cd /etc; cat %s 2>/dev/null", \$2)); skip = 1; } { if (!skip) print \$0; skip = 0; }' < /etc/ld.so.conf | $SED -e 's/#.*//;s/[:, ]/ /g;s/=[^=]*$//;s/=[^= ]* / /g;/^$/d' | tr '\n' ' '` - sys_lib_dlsearch_path_spec="/lib${libsuff} /usr/lib${libsuff} $lt_ld_extra" + lt_ld_extra=`awk '/^include / { system(sprintf("cd /etc; cat %s", \$2)); skip = 1; } { if (!skip) print \$0; skip = 0; }' < /etc/ld.so.conf | $SED -e 's/#.*//;s/[:, ]/ /g;s/=[^=]*$//;s/=[^= ]* / /g;/^$/d' | tr '\n' ' '` + sys_lib_dlsearch_path_spec="/lib /usr/lib $lt_ld_extra" fi # We used to test for /lib/ld.so.1 and disable shared libraries on @@ -17781,9 +17698,6 @@ # Is the compiler the GNU C compiler? with_gcc=$GCC_GCJ -gcc_dir=\`gcc -print-file-name=. | $SED 's,/\.$,,'\` -gcc_ver=\`gcc -dumpversion\` - # An ERE matcher. EGREP=$lt_EGREP @@ -17917,11 +17831,11 @@ # Dependencies to place before the objects being linked to create a # shared library. -predep_objects=\`echo $lt_predep_objects_GCJ | \$SED -e "s@\${gcc_dir}@\\\${gcc_dir}@g;s@\${gcc_ver}@\\\${gcc_ver}@g"\` +predep_objects=$lt_predep_objects_GCJ # Dependencies to place after the objects being linked to create a # shared library. -postdep_objects=\`echo $lt_postdep_objects_GCJ | \$SED -e "s@\${gcc_dir}@\\\${gcc_dir}@g;s@\${gcc_ver}@\\\${gcc_ver}@g"\` +postdep_objects=$lt_postdep_objects_GCJ # Dependencies to place before the objects being linked to create a # shared library. @@ -17933,7 +17847,7 @@ # The library search path used internally by the compiler when linking # a shared library. -compiler_lib_search_path=\`echo $lt_compiler_lib_search_path_GCJ | \$SED -e "s@\${gcc_dir}@\\\${gcc_dir}@g;s@\${gcc_ver}@\\\${gcc_ver}@g"\` +compiler_lib_search_path=$lt_compiler_lib_search_path_GCJ # Method to check whether dependent libraries are shared objects. deplibs_check_method=$lt_deplibs_check_method @@ -18013,7 +17927,7 @@ link_all_deplibs=$link_all_deplibs_GCJ # Compile-time system search path for libraries -sys_lib_search_path_spec=\`echo $lt_sys_lib_search_path_spec | \$SED -e "s@\${gcc_dir}@\\\${gcc_dir}@g;s@\${gcc_ver}@\\\${gcc_ver}@g"\` +sys_lib_search_path_spec=$lt_sys_lib_search_path_spec # Run-time system search path for libraries sys_lib_dlsearch_path_spec=$lt_sys_lib_dlsearch_path_spec @@ -18265,9 +18179,6 @@ # Is the compiler the GNU C compiler? with_gcc=$GCC_RC -gcc_dir=\`gcc -print-file-name=. | $SED 's,/\.$,,'\` -gcc_ver=\`gcc -dumpversion\` - # An ERE matcher. EGREP=$lt_EGREP @@ -18401,11 +18312,11 @@ # Dependencies to place before the objects being linked to create a # shared library. -predep_objects=\`echo $lt_predep_objects_RC | \$SED -e "s@\${gcc_dir}@\\\${gcc_dir}@g;s@\${gcc_ver}@\\\${gcc_ver}@g"\` +predep_objects=$lt_predep_objects_RC # Dependencies to place after the objects being linked to create a # shared library. -postdep_objects=\`echo $lt_postdep_objects_RC | \$SED -e "s@\${gcc_dir}@\\\${gcc_dir}@g;s@\${gcc_ver}@\\\${gcc_ver}@g"\` +postdep_objects=$lt_postdep_objects_RC # Dependencies to place before the objects being linked to create a # shared library. @@ -18417,7 +18328,7 @@ # The library search path used internally by the compiler when linking # a shared library. -compiler_lib_search_path=\`echo $lt_compiler_lib_search_path_RC | \$SED -e "s@\${gcc_dir}@\\\${gcc_dir}@g;s@\${gcc_ver}@\\\${gcc_ver}@g"\` +compiler_lib_search_path=$lt_compiler_lib_search_path_RC # Method to check whether dependent libraries are shared objects. deplibs_check_method=$lt_deplibs_check_method @@ -18497,7 +18408,7 @@ link_all_deplibs=$link_all_deplibs_RC # Compile-time system search path for libraries -sys_lib_search_path_spec=\`echo $lt_sys_lib_search_path_spec | \$SED -e "s@\${gcc_dir}@\\\${gcc_dir}@g;s@\${gcc_ver}@\\\${gcc_ver}@g"\` +sys_lib_search_path_spec=$lt_sys_lib_search_path_spec # Run-time system search path for libraries sys_lib_dlsearch_path_spec=$lt_sys_lib_dlsearch_path_spec @@ -18894,9 +18805,9 @@ echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;} ( cat <<\_ASBOX -## ------------------------------------------ ## -## Report this to the AC_PACKAGE_NAME lists. ## -## ------------------------------------------ ## +## --------------------------------------- ## +## Report this to the mod_restartd lists. ## +## --------------------------------------- ## _ASBOX ) | sed "s/^/$as_me: WARNING: /" >&2 @@ -19688,7 +19599,7 @@ } >&5 cat >&5 <<_CSEOF -This file was extended by $as_me, which was +This file was extended by mod_restartd $as_me 1.0, which was generated by GNU Autoconf 2.59. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -19746,7 +19657,7 @@ cat >>$CONFIG_STATUS <<_ACEOF ac_cs_version="\\ -config.status +mod_restartd config.status 1.0 configured by $0, generated by GNU Autoconf 2.59, with options \\"`echo "$ac_configure_args" | sed 's/[\\""\`\$]/\\\\&/g'`\\" @@ -19988,7 +19899,6 @@ s, at host_cpu@,$host_cpu,;t t s, at host_vendor@,$host_vendor,;t t s, at host_os@,$host_os,;t t -s, at SED@,$SED,;t t s, at EGREP@,$EGREP,;t t s, at LN_S@,$LN_S,;t t s, at ECHO@,$ECHO,;t t Index: configure.in =================================================================== RCS file: /cvs/dirsec/mod_restartd/configure.in,v retrieving revision 1.8 retrieving revision 1.9 diff -u -r1.8 -r1.9 --- configure.in 11 May 2007 19:47:21 -0000 1.8 +++ configure.in 12 Jan 2009 16:47:33 -0000 1.9 @@ -1,8 +1,8 @@ # Required initializer -AC_INIT +AC_INIT(mod_restartd, 1.0) # Automake initialization -AM_INIT_AUTOMAKE(mod_restartd, 1.0) +AM_INIT_AUTOMAKE([1.9 foreign]) # Add a test for a compiler. AC_PROG_CC Index: ltmain.sh =================================================================== RCS file: /cvs/dirsec/mod_restartd/ltmain.sh,v retrieving revision 1.3 retrieving revision 1.4 diff -u -r1.3 -r1.4 --- ltmain.sh 11 May 2007 19:47:21 -0000 1.3 +++ ltmain.sh 12 Jan 2009 16:47:33 -0000 1.4 @@ -46,16 +46,10 @@ VERSION=1.5.22 TIMESTAMP=" (1.1220.2.365 2005/12/18 22:14:06)" -# Be Bourne compatible (taken from Autoconf:_AS_BOURNE_COMPATIBLE). -if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then - emulate sh - NULLCMD=: - # Zsh 3.x and 4.x performs word splitting on ${1+"$@"}, which - # is contrary to our usage. Disable this feature. - alias -g '${1+"$@"}'='"$@"' +# See if we are running on zsh, and set the options which allow our +# commands through without removal of \ escapes. +if test -n "${ZSH_VERSION+set}" ; then setopt NO_GLOB_SUBST -else - case `(set -o) 2>/dev/null` in *posix*) set -o posix;; esac fi # Check that we have a working $echo. @@ -111,14 +105,12 @@ # These must not be set unconditionally because not all systems understand # e.g. LANG=C (notably SCO). # We save the old values to restore during execute mode. -for lt_var in LANG LC_ALL LC_CTYPE LC_COLLATE LC_MESSAGES -do - eval "if test \"\${$lt_var+set}\" = set; then - save_$lt_var=\$$lt_var - $lt_var=C - export $lt_var - fi" -done +if test "${LC_ALL+set}" = set; then + save_LC_ALL="$LC_ALL"; LC_ALL=C; export LC_ALL +fi +if test "${LANG+set}" = set; then + save_LANG="$LANG"; LANG=C; export LANG +fi # Make sure IFS has a sensible default lt_nl=' @@ -144,8 +136,6 @@ preserve_args= lo2o="s/\\.lo\$/.${objext}/" o2lo="s/\\.${objext}\$/.lo/" -extracted_archives= -extracted_serial=0 ##################################### # Shell function definitions: @@ -337,17 +327,7 @@ *) my_xabs=`pwd`"/$my_xlib" ;; esac my_xlib=`$echo "X$my_xlib" | $Xsed -e 's%^.*/%%'` - my_xlib_u=$my_xlib - while :; do - case " $extracted_archives " in - *" $my_xlib_u "*) - extracted_serial=`expr $extracted_serial + 1` - my_xlib_u=lt$extracted_serial-$my_xlib ;; - *) break ;; - esac - done - extracted_archives="$extracted_archives $my_xlib_u" - my_xdir="$my_gentop/$my_xlib_u" + my_xdir="$my_gentop/$my_xlib" $show "${rm}r $my_xdir" $run ${rm}r "$my_xdir" @@ -778,7 +758,6 @@ *.f90) xform=f90 ;; *.for) xform=for ;; *.java) xform=java ;; - *.obj) xform=obj ;; esac libobj=`$echo "X$libobj" | $Xsed -e "s/\.$xform$/.lo/"` @@ -1159,9 +1138,8 @@ for arg do case $arg in - -all-static | -static | -static-libtool-libs) - case $arg in - -all-static) + -all-static | -static) + if test "X$arg" = "X-all-static"; then if test "$build_libtool_libs" = yes && test -z "$link_static_flag"; then $echo "$modename: warning: complete static linking is impossible in this configuration" 1>&2 fi @@ -1169,20 +1147,12 @@ dlopen_self=$dlopen_self_static fi prefer_static_libs=yes - ;; - -static) + else if test -z "$pic_flag" && test -n "$link_static_flag"; then dlopen_self=$dlopen_self_static fi prefer_static_libs=built - ;; - -static-libtool-libs) - if test -z "$pic_flag" && test -n "$link_static_flag"; then - dlopen_self=$dlopen_self_static - fi - prefer_static_libs=yes - ;; - esac + fi build_libtool_libs=no build_old_libs=yes break @@ -1742,7 +1712,7 @@ continue ;; - -static | -static-libtool-libs) + -static) # The effects of -static are defined in a previous loop. # We used to do the same as -all-static on platforms that # didn't have a PIC flag, but the assumption that the effects @@ -2520,9 +2490,7 @@ if test "$linkmode,$pass" = "prog,link"; then if test -n "$library_names" && - { { test "$prefer_static_libs" = no || - test "$prefer_static_libs,$installed" = "built,yes"; } || - test -z "$old_library"; }; then + { test "$prefer_static_libs" = no || test -z "$old_library"; }; then # We need to hardcode the library path if test -n "$shlibpath_var" && test -z "$avoidtemprpath" ; then # Make sure the rpath contains only unique directories. @@ -3218,7 +3186,7 @@ # which has an extra 1 added just for fun # case $version_type in - darwin|linux|osf|windows|none) + darwin|linux|osf|windows) current=`expr $number_major + $number_minor` age="$number_minor" revision="$number_revision" @@ -3442,11 +3410,11 @@ fi # Eliminate all temporary directories. -# for path in $notinst_path; do -# lib_search_path=`$echo "$lib_search_path " | ${SED} -e "s% $path % %g"` -# deplibs=`$echo "$deplibs " | ${SED} -e "s% -L$path % %g"` -# dependency_libs=`$echo "$dependency_libs " | ${SED} -e "s% -L$path % %g"` -# done + for path in $notinst_path; do + lib_search_path=`$echo "$lib_search_path " | ${SED} -e "s% $path % %g"` + deplibs=`$echo "$deplibs " | ${SED} -e "s% -L$path % %g"` + dependency_libs=`$echo "$dependency_libs " | ${SED} -e "s% -L$path % %g"` + done if test -n "$xrpath"; then # If the user specified any rpath flags, then add them. @@ -3547,12 +3515,13 @@ int main() { return 0; } EOF $rm conftest - if $LTCC $LTCFLAGS -o conftest conftest.c $deplibs; then + $LTCC $LTCFLAGS -o conftest conftest.c $deplibs + if test "$?" -eq 0 ; then ldd_output=`ldd conftest` for i in $deplibs; do name=`expr $i : '-l\(.*\)'` # If $name is empty we are operating on a -L argument. - if test "$name" != "" && test "$name" != "0"; then + if test "$name" != "" && test "$name" -ne "0"; then if test "X$allow_libtool_libs_with_static_runtimes" = "Xyes" ; then case " $predeps $postdeps " in *" $i "*) @@ -3591,7 +3560,9 @@ # If $name is empty we are operating on a -L argument. if test "$name" != "" && test "$name" != "0"; then $rm conftest - if $LTCC $LTCFLAGS -o conftest conftest.c $i; then + $LTCC $LTCFLAGS -o conftest conftest.c $i + # Did it work? + if test "$?" -eq 0 ; then ldd_output=`ldd conftest` if test "X$allow_libtool_libs_with_static_runtimes" = "Xyes" ; then case " $predeps $postdeps " in @@ -3623,7 +3594,7 @@ droppeddeps=yes $echo $echo "*** Warning! Library $i is needed by this library but I was not able to" - $echo "*** make it link in! You will probably need to install it or some" + $echo "*** make it link in! You will probably need to install it or some" $echo "*** library that it depends on before this library will be fully" $echo "*** functional. Installing it before continuing would be even better." fi @@ -4268,14 +4239,12 @@ reload_conv_objs= gentop= # reload_cmds runs $LD directly, so let us get rid of - # -Wl from whole_archive_flag_spec and hope we can get by with - # turning comma into space.. + # -Wl from whole_archive_flag_spec wl= if test -n "$convenience"; then if test -n "$whole_archive_flag_spec"; then - eval tmp_whole_archive_flags=\"$whole_archive_flag_spec\" - reload_conv_objs=$reload_objs\ `$echo "X$tmp_whole_archive_flags" | $Xsed -e 's|,| |g'` + eval reload_conv_objs=\"\$reload_objs $whole_archive_flag_spec\" else gentop="$output_objdir/${obj}x" generated="$generated $gentop" @@ -4723,16 +4692,16 @@ case $host in *cygwin* | *mingw* ) if test -f "$output_objdir/${outputname}.def" ; then - compile_command=`$echo "X$compile_command" | $SP2NL | $Xsed -e "s%@SYMFILE@%$output_objdir/${outputname}.def $output_objdir/${outputname}S.${objext}%" | $NL2SP` - finalize_command=`$echo "X$finalize_command" | $SP2NL | $Xsed -e "s%@SYMFILE@%$output_objdir/${outputname}.def $output_objdir/${outputname}S.${objext}%" | $NL2SP` + compile_command=`$echo "X$compile_command" | $Xsed -e "s%@SYMFILE@%$output_objdir/${outputname}.def $output_objdir/${outputname}S.${objext}%"` + finalize_command=`$echo "X$finalize_command" | $Xsed -e "s%@SYMFILE@%$output_objdir/${outputname}.def $output_objdir/${outputname}S.${objext}%"` else - compile_command=`$echo "X$compile_command" | $SP2NL | $Xsed -e "s%@SYMFILE@%$output_objdir/${outputname}S.${objext}%" | $NL2SP` - finalize_command=`$echo "X$finalize_command" | $SP2NL | $Xsed -e "s%@SYMFILE@%$output_objdir/${outputname}S.${objext}%" | $NL2SP` + compile_command=`$echo "X$compile_command" | $Xsed -e "s%@SYMFILE@%$output_objdir/${outputname}S.${objext}%"` + finalize_command=`$echo "X$finalize_command" | $Xsed -e "s%@SYMFILE@%$output_objdir/${outputname}S.${objext}%"` fi ;; * ) - compile_command=`$echo "X$compile_command" | $SP2NL | $Xsed -e "s%@SYMFILE@%$output_objdir/${outputname}S.${objext}%" | $NL2SP` - finalize_command=`$echo "X$finalize_command" | $SP2NL | $Xsed -e "s%@SYMFILE@%$output_objdir/${outputname}S.${objext}%" | $NL2SP` + compile_command=`$echo "X$compile_command" | $Xsed -e "s%@SYMFILE@%$output_objdir/${outputname}S.${objext}%"` + finalize_command=`$echo "X$finalize_command" | $Xsed -e "s%@SYMFILE@%$output_objdir/${outputname}S.${objext}%"` ;; esac ;; @@ -4747,13 +4716,13 @@ # really was required. # Nullify the symbol file. - compile_command=`$echo "X$compile_command" | $SP2NL | $Xsed -e "s% @SYMFILE@%%" | $NL2SP` - finalize_command=`$echo "X$finalize_command" | $SP2NL | $Xsed -e "s% @SYMFILE@%%" | $NL2SP` + compile_command=`$echo "X$compile_command" | $Xsed -e "s% @SYMFILE@%%"` + finalize_command=`$echo "X$finalize_command" | $Xsed -e "s% @SYMFILE@%%"` fi if test "$need_relink" = no || test "$build_libtool_libs" != yes; then # Replace the output file specification. - compile_command=`$echo "X$compile_command" | $SP2NL | $Xsed -e 's%@OUTPUT@%'"$output"'%g' | $NL2SP` + compile_command=`$echo "X$compile_command" | $Xsed -e 's%@OUTPUT@%'"$output"'%g'` link_command="$compile_command$compile_rpath" # We have no uninstalled library dependencies, so finalize right now. @@ -4840,7 +4809,7 @@ if test "$fast_install" != no; then link_command="$finalize_var$compile_command$finalize_rpath" if test "$fast_install" = yes; then - relink_command=`$echo "X$compile_var$compile_command$compile_rpath" | $SP2NL | $Xsed -e 's%@OUTPUT@%\$progdir/\$file%g' | $NL2SP` + relink_command=`$echo "X$compile_var$compile_command$compile_rpath" | $Xsed -e 's%@OUTPUT@%\$progdir/\$file%g'` else # fast_install is set to needless relink_command= @@ -4877,7 +4846,7 @@ fi done relink_command="(cd `pwd`; $relink_command)" - relink_command=`$echo "X$relink_command" | $SP2NL | $Xsed -e "$sed_quote_subst" | $NL2SP` + relink_command=`$echo "X$relink_command" | $Xsed -e "$sed_quote_subst"` fi # Quote $echo for shipping. @@ -5284,18 +5253,6 @@ Xsed='${SED} -e 1s/^X//' sed_quote_subst='$sed_quote_subst' -# Be Bourne compatible (taken from Autoconf:_AS_BOURNE_COMPATIBLE). -if test -n \"\${ZSH_VERSION+set}\" && (emulate sh) >/dev/null 2>&1; then - emulate sh - NULLCMD=: - # Zsh 3.x and 4.x performs word splitting on \${1+\"\$@\"}, which - # is contrary to our usage. Disable this feature. - alias -g '\${1+\"\$@\"}'='\"\$@\"' - setopt NO_GLOB_SUBST -else - case \`(set -o) 2>/dev/null\` in *posix*) set -o posix;; esac -fi - # The HP-UX ksh and POSIX shell print the target directory to stdout # if CDPATH is set. (unset CDPATH) >/dev/null 2>&1 && unset CDPATH @@ -5438,7 +5395,7 @@ ;; esac $echo >> $output "\ - \$echo \"\$0: cannot exec \$program \$*\" + \$echo \"\$0: cannot exec \$program \${1+\"\$@\"}\" exit $EXIT_FAILURE fi else @@ -5624,7 +5581,7 @@ done # Quote the link command for shipping. relink_command="(cd `pwd`; $SHELL $progpath $preserve_args --mode=relink $libtool_args @inst_prefix_dir@)" - relink_command=`$echo "X$relink_command" | $SP2NL | $Xsed -e "$sed_quote_subst" | $NL2SP` + relink_command=`$echo "X$relink_command" | $Xsed -e "$sed_quote_subst"` if test "$hardcode_automatic" = yes ; then relink_command= fi @@ -5969,9 +5926,9 @@ if test -n "$inst_prefix_dir"; then # Stick the inst_prefix_dir data into the link command. - relink_command=`$echo "$relink_command" | $SP2NL | $SED "s%@inst_prefix_dir@%-inst-prefix-dir $inst_prefix_dir%" | $NL2SP` + relink_command=`$echo "$relink_command" | $SED "s%@inst_prefix_dir@%-inst-prefix-dir $inst_prefix_dir%"` else - relink_command=`$echo "$relink_command" | $SP2NL | $SED "s%@inst_prefix_dir@%%" | $NL2SP` + relink_command=`$echo "$relink_command" | $SED "s%@inst_prefix_dir@%%"` fi $echo "$modename: warning: relinking \`$file'" 1>&2 @@ -6180,7 +6137,7 @@ file=`$echo "X$file$stripped_ext" | $Xsed -e 's%^.*/%%'` outputname="$tmpdir/$file" # Replace the output file specification. - relink_command=`$echo "X$relink_command" | $SP2NL | $Xsed -e 's%@OUTPUT@%'"$outputname"'%g' | $NL2SP` + relink_command=`$echo "X$relink_command" | $Xsed -e 's%@OUTPUT@%'"$outputname"'%g'` $show "$relink_command" if $run eval "$relink_command"; then : @@ -6456,15 +6413,12 @@ fi # Restore saved environment variables - for lt_var in LANG LC_ALL LC_CTYPE LC_COLLATE LC_MESSAGES - do - eval "if test \"\${save_$lt_var+set}\" = set; then - $lt_var=\$save_$lt_var; export $lt_var - else - $lt_unset $lt_var - fi" - done - + if test "${save_LC_ALL+set}" = set; then + LC_ALL="$save_LC_ALL"; export LC_ALL + fi + if test "${save_LANG+set}" = set; then + LANG="$save_LANG"; export LANG + fi # Now prepare to actually exec the command. exec_cmd="\$cmd$args" @@ -6821,9 +6775,9 @@ -dlpreopen FILE link in FILE and add its symbols to lt_preloaded_symbols -export-dynamic allow symbols from OUTPUT-FILE to be resolved with dlsym(3) -export-symbols SYMFILE - try to export only the symbols listed in SYMFILE + try to export only the symbols listed in SYMFILE -export-symbols-regex REGEX - try to export only the symbols matching REGEX + try to export only the symbols matching REGEX -LLIBDIR search LIBDIR for required installed libraries -lNAME OUTPUT-FILE requires the installed library libNAME -module build a library that can dlopened @@ -6837,11 +6791,9 @@ -release RELEASE specify package release information -rpath LIBDIR the created library will eventually be installed in LIBDIR -R[ ]LIBDIR add LIBDIR to the runtime path of programs and libraries - -static do not do any dynamic linking of uninstalled libtool libraries - -static-libtool-libs - do not do any dynamic linking of libtool libraries + -static do not do any dynamic linking of libtool libraries -version-info CURRENT[:REVISION[:AGE]] - specify library version info [each variable defaults to 0] + specify library version info [each variable defaults to 0] All other options (arguments beginning with \`-') are ignored. Index: makerpm.sh =================================================================== RCS file: /cvs/dirsec/mod_restartd/makerpm.sh,v retrieving revision 1.1 retrieving revision 1.2 diff -u -r1.1 -r1.2 --- makerpm.sh 3 Nov 2005 20:12:57 -0000 1.1 +++ makerpm.sh 12 Jan 2009 16:47:33 -0000 1.2 @@ -1,5 +1,67 @@ #!/bin/sh -xv +# BEGIN COPYRIGHT BLOCK +# +# The Apache Software License, Version 1.1 +# +# Copyright (c) 2000-2003 The Apache Software Foundation. All rights +# reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in +# the documentation and/or other materials provided with the +# distribution. +# +# 3. The end-user documentation included with the redistribution, +# if any, must include the following acknowledgment: +# "This product includes software developed by the +# Apache Software Foundation (http://www.apache.org/)." +# Alternately, this acknowledgment may appear in the software itself, +# if and wherever such third-party acknowledgments normally appear. +# +# 4. The names "Apache" and "Apache Software Foundation" must +# not be used to endorse or promote products derived from this +# software without prior written permission. For written +# permission, please contact apache at apache.org. +# +# 5. Products derived from this software may not be called "Apache", +# nor may "Apache" appear in their name, without prior written +# permission of the Apache Software Foundation. +# +# THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES +# OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +# DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR +# ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT +# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF +# USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND +# ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, +# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT +# OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. +# ==================================================================== +# +# This software consists of voluntary contributions made by many +# individuals on behalf of the Apache Software Foundation. For more +# information on the Apache Software Foundation, please see +# . +# +# Portions of this software are based upon public domain software +# originally written at the National Center for Supercomputing Applications, +# University of Illinois, Urbana-Champaign. +# +# Copyright (C) 2005 Red Hat, Inc. +# All rights reserved. +# END COPYRIGHT BLOCK + # This script provides an example of how to build the various flavors # of the mod_restartd rpm. If you don't have a source tarball, you # can create one from checking out the source tree (which you presumably Index: mod_include-2.2.h =================================================================== RCS file: /cvs/dirsec/mod_restartd/mod_include-2.2.h,v retrieving revision 1.1 retrieving revision 1.2 diff -u -r1.1 -r1.2 --- mod_include-2.2.h 31 Jan 2006 22:38:57 -0000 1.1 +++ mod_include-2.2.h 12 Jan 2009 16:47:33 -0000 1.2 @@ -1,18 +1,62 @@ -/* Copyright 2000-2005 The Apache Software Foundation or its licensors, as - * applicable. +/* BEGIN COPYRIGHT BLOCK + * ==================================================================== + * The Apache Software License, Version 1.1 * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ + * Copyright (c) 2000-2003 The Apache Software Foundation. All rights + * reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. The end-user documentation included with the redistribution, + * if any, must include the following acknowledgment: + * "This product includes software developed by the + * Apache Software Foundation (http://www.apache.org/)." + * Alternately, this acknowledgment may appear in the software itself, + * if and wherever such third-party acknowledgments normally appear. + * + * 4. The names "Apache" and "Apache Software Foundation" must + * not be used to endorse or promote products derived from this + * software without prior written permission. For written + * permission, please contact apache at apache.org. + * + * 5. Products derived from this software may not be called "Apache", + * nor may "Apache" appear in their name, without prior written + * permission of the Apache Software Foundation. + * + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED + * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF + * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND + * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT + * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * ==================================================================== + * + * This software consists of voluntary contributions made by many + * individuals on behalf of the Apache Software Foundation. For more + * information on the Apache Software Foundation, please see + * . + * + * Portions of this software are based upon public domain software + * originally written at the National Center for Supercomputing Applications, + * University of Illinois, Urbana-Champaign. + * + * END COPYRIGHT BLOCK */ /** * @file mod_include.h Index: mod_include.h =================================================================== RCS file: /cvs/dirsec/mod_restartd/mod_include.h,v retrieving revision 1.1.1.1 retrieving revision 1.2 diff -u -r1.1.1.1 -r1.2 --- mod_include.h 16 Aug 2005 15:51:13 -0000 1.1.1.1 +++ mod_include.h 12 Jan 2009 16:47:33 -0000 1.2 @@ -1,4 +1,5 @@ -/* ==================================================================== +/* BEGIN COPYRIGHT BLOCK + * ==================================================================== * The Apache Software License, Version 1.1 * * Copyright (c) 2000-2003 The Apache Software Foundation. All rights @@ -54,7 +55,8 @@ * Portions of this software are based upon public domain software * originally written at the National Center for Supercomputing Applications, * University of Illinois, Urbana-Champaign. - */ + * + * END COPYRIGHT BLOCK */ #ifndef _MOD_INCLUDE_H #define _MOD_INCLUDE_H 1 Index: mod_restartd-2.2.c =================================================================== RCS file: /cvs/dirsec/mod_restartd/mod_restartd-2.2.c,v retrieving revision 1.1 retrieving revision 1.2 diff -u -r1.1 -r1.2 --- mod_restartd-2.2.c 31 Jan 2006 22:38:57 -0000 1.1 +++ mod_restartd-2.2.c 12 Jan 2009 16:47:33 -0000 1.2 @@ -1,18 +1,62 @@ -/* Copyright 1999-2005 The Apache Software Foundation or its licensors, as - * applicable. +/* BEGIN COPYRIGHT BLOCK + * ==================================================================== + * The Apache Software License, Version 1.1 * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at + * Copyright (c) 2000-2003 The Apache Software Foundation. All rights + * reserved. * - * http://www.apache.org/licenses/LICENSE-2.0 + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. The end-user documentation included with the redistribution, + * if any, must include the following acknowledgment: + * "This product includes software developed by the + * Apache Software Foundation (http://www.apache.org/)." + * Alternately, this acknowledgment may appear in the software itself, + * if and wherever such third-party acknowledgments normally appear. + * + * 4. The names "Apache" and "Apache Software Foundation" must + * not be used to endorse or promote products derived from this + * software without prior written permission. For written + * permission, please contact apache at apache.org. + * + * 5. Products derived from this software may not be called "Apache", + * nor may "Apache" appear in their name, without prior written + * permission of the Apache Software Foundation. + * + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED + * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF + * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND + * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT + * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * ==================================================================== + * + * This software consists of voluntary contributions made by many + * individuals on behalf of the Apache Software Foundation. For more + * information on the Apache Software Foundation, please see + * . + * + * Portions of this software are based upon public domain software + * originally written at the National Center for Supercomputing Applications, + * University of Illinois, Urbana-Champaign. + * + * END COPYRIGHT BLOCK */ /* * http_script: keeps all script-related ramblings together. Index: mod_restartd.c =================================================================== RCS file: /cvs/dirsec/mod_restartd/mod_restartd.c,v retrieving revision 1.5 retrieving revision 1.6 diff -u -r1.5 -r1.6 --- mod_restartd.c 27 Sep 2007 16:55:31 -0000 1.5 +++ mod_restartd.c 12 Jan 2009 16:47:33 -0000 1.6 @@ -1,4 +1,5 @@ -/* ==================================================================== +/* BEGIN COPYRIGHT BLOCK + * ==================================================================== * The Apache Software License, Version 1.1 * * Copyright (c) 2000-2003 The Apache Software Foundation. All rights @@ -54,7 +55,8 @@ * Portions of this software are based upon public domain software * originally written at the National Center for Supercomputing Applications, * University of Illinois, Urbana-Champaign. - */ + * + * END COPYRIGHT BLOCK */ /* * http_script: keeps all script-related ramblings together. Index: mod_restartd.spec =================================================================== RCS file: /cvs/dirsec/mod_restartd/mod_restartd.spec,v retrieving revision 1.1 retrieving revision 1.2 diff -u -r1.1 -r1.2 --- mod_restartd.spec 3 Nov 2005 20:12:57 -0000 1.1 +++ mod_restartd.spec 12 Jan 2009 16:47:33 -0000 1.2 @@ -1,16 +1,60 @@ # BEGIN COPYRIGHT BLOCK # -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# The Apache Software License, Version 1.1 +# +# Copyright (c) 2000-2003 The Apache Software Foundation. All rights +# reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in +# the documentation and/or other materials provided with the +# distribution. +# +# 3. The end-user documentation included with the redistribution, +# if any, must include the following acknowledgment: +# "This product includes software developed by the +# Apache Software Foundation (http://www.apache.org/)." +# Alternately, this acknowledgment may appear in the software itself, +# if and wherever such third-party acknowledgments normally appear. +# +# 4. The names "Apache" and "Apache Software Foundation" must +# not be used to endorse or promote products derived from this +# software without prior written permission. For written +# permission, please contact apache at apache.org. +# +# 5. Products derived from this software may not be called "Apache", +# nor may "Apache" appear in their name, without prior written +# permission of the Apache Software Foundation. +# +# THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES +# OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +# DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR +# ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT +# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF +# USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND +# ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, +# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT +# OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. +# ==================================================================== +# +# This software consists of voluntary contributions made by many +# individuals on behalf of the Apache Software Foundation. For more +# information on the Apache Software Foundation, please see +# . +# +# Portions of this software are based upon public domain software +# originally written at the National Center for Supercomputing Applications, +# University of Illinois, Urbana-Champaign. # # Copyright (C) 2005 Red Hat, Inc. # All rights reserved. @@ -21,7 +65,7 @@ Name: mod_restartd Version: 1.0 Release: 1.%{platform} -License: Apache 2.0 +License: Apache 1.1 Group: System Environment/Daemons URL: http://directory.fedora.redhat.com/ Source: %{name}-%{version}.tar.gz Index: mod_suexec-2.2.h =================================================================== RCS file: /cvs/dirsec/mod_restartd/mod_suexec-2.2.h,v retrieving revision 1.1 retrieving revision 1.2 diff -u -r1.1 -r1.2 --- mod_suexec-2.2.h 31 Jan 2006 22:38:57 -0000 1.1 +++ mod_suexec-2.2.h 12 Jan 2009 16:47:34 -0000 1.2 @@ -1,18 +1,62 @@ -/* Copyright 2001-2005 The Apache Software Foundation or its licensors, as - * applicable. +/* BEGIN COPYRIGHT BLOCK + * ==================================================================== + * The Apache Software License, Version 1.1 * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ + * Copyright (c) 2000-2003 The Apache Software Foundation. All rights + * reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. The end-user documentation included with the redistribution, + * if any, must include the following acknowledgment: + * "This product includes software developed by the + * Apache Software Foundation (http://www.apache.org/)." + * Alternately, this acknowledgment may appear in the software itself, + * if and wherever such third-party acknowledgments normally appear. + * + * 4. The names "Apache" and "Apache Software Foundation" must + * not be used to endorse or promote products derived from this + * software without prior written permission. For written + * permission, please contact apache at apache.org. + * + * 5. Products derived from this software may not be called "Apache", + * nor may "Apache" appear in their name, without prior written + * permission of the Apache Software Foundation. + * + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED + * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF + * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND + * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT + * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * ==================================================================== + * + * This software consists of voluntary contributions made by many + * individuals on behalf of the Apache Software Foundation. For more + * information on the Apache Software Foundation, please see + * . + * + * Portions of this software are based upon public domain software + * originally written at the National Center for Supercomputing Applications, + * University of Illinois, Urbana-Champaign. + * + * END COPYRIGHT BLOCK */ /** * @file mod_suexec.h Index: mod_suexec.h =================================================================== RCS file: /cvs/dirsec/mod_restartd/mod_suexec.h,v retrieving revision 1.1.1.1 retrieving revision 1.2 diff -u -r1.1.1.1 -r1.2 --- mod_suexec.h 16 Aug 2005 15:51:13 -0000 1.1.1.1 +++ mod_suexec.h 12 Jan 2009 16:47:34 -0000 1.2 @@ -1,4 +1,5 @@ -/* ==================================================================== +/* BEGIN COPYRIGHT BLOCK + * ==================================================================== * The Apache Software License, Version 1.1 * * Copyright (c) 2000-2003 The Apache Software Foundation. All rights @@ -54,7 +55,8 @@ * Portions of this software are based upon public domain software * originally written at the National Center for Supercomputing Applications, * University of Illinois, Urbana-Champaign. - */ + * + * END COPYRIGHT BLOCK */ #include "unixd.h" typedef struct { --- AUTHORS DELETED --- --- COPYING DELETED --- --- ChangeLog DELETED --- --- INSTALL DELETED --- --- NEWS DELETED --- From nkinder at fedoraproject.org Mon Jan 12 18:14:59 2009 From: nkinder at fedoraproject.org (Nathan Kinder) Date: Mon, 12 Jan 2009 18:14:59 +0000 (UTC) Subject: [Fedora-directory-commits] ldapserver/ldap/servers/slapd regex.c, 1.7, 1.8 Message-ID: <20090112181459.624FF70129@cvs1.fedora.phx.redhat.com> Author: nkinder Update of /cvs/dirsec/ldapserver/ldap/servers/slapd In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv7329/ldap/servers/slapd Modified Files: regex.c Log Message: Resolves: 174394 Summary: Make regex filter code handle empty values properly. Index: regex.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/regex.c,v retrieving revision 1.7 retrieving revision 1.8 diff -u -r1.7 -r1.8 --- regex.c 30 Jun 2008 17:28:16 -0000 1.7 +++ regex.c 12 Jan 2009 18:14:57 -0000 1.8 @@ -66,6 +66,10 @@ * Modification history: * * $Log$ + * Revision 1.8 2009/01/12 18:14:57 nkinder + * Resolves: 174394 + * Summary: Make regex filter code handle empty values properly. + * * Revision 1.7 2008/06/30 17:28:16 nhosoi * Resoves: #448831 * Summary: attacker can tie up CPU in regex code @@ -769,7 +773,8 @@ do { if ((ep = pmatch((UCHAR*)lp,ap,time_up,&ldaperror))) break; - lp++; + if (*lp) + lp++; } while (*lp); break; From nhosoi at fedoraproject.org Mon Jan 12 19:18:40 2009 From: nhosoi at fedoraproject.org (Noriko Hosoi) Date: Mon, 12 Jan 2009 19:18:40 +0000 (UTC) Subject: [Fedora-directory-commits] ldapserver/ldap/servers/plugins/syntaxes phonetic.c, 1.5, 1.6 Message-ID: <20090112191840.C2A4370129@cvs1.fedora.phx.redhat.com> Author: nhosoi Update of /cvs/dirsec/ldapserver/ldap/servers/plugins/syntaxes In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv22952 Modified Files: phonetic.c Log Message: Resolves: #460613 Summary: Approximate Search '~=' Returns unexpected result Change description: increasing the maximum length of "phonetic" string from 4 to 6. The length 4 is sometimes too short to distinguish long words. For instance, the sample string Queensland is converted to KNSLNT if there is no limitation; Consulting is to KNSLTNK. By cutting them at the 5th character, the 2 strings are considered to sound like each other. Index: phonetic.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/plugins/syntaxes/phonetic.c,v retrieving revision 1.5 retrieving revision 1.6 diff -u -r1.5 -r1.6 --- phonetic.c 10 Nov 2006 23:45:31 -0000 1.5 +++ phonetic.c 12 Jan 2009 19:18:38 -0000 1.6 @@ -68,7 +68,7 @@ case 0x00A0: /* non-breaking space */ case 0x3000: /* ideographic space */ case 0xFEFF: /* zero-width non-breaking space */ - return 1; + return 1; default: break; } return 0; @@ -77,61 +77,61 @@ char * first_word( char *s ) { - if ( s == NULL ) { - return( NULL ); - } - - while ( iswordbreak( s ) ) { - if ( *s == '\0' ) { - return( NULL ); - } else { - LDAP_UTF8INC( s ); - } - } + if ( s == NULL ) { + return( NULL ); + } + + while ( iswordbreak( s ) ) { + if ( *s == '\0' ) { + return( NULL ); + } else { + LDAP_UTF8INC( s ); + } + } - return( s ); + return( s ); } char * next_word( char *s ) { - if ( s == NULL ) { - return( NULL ); - } - - while ( ! iswordbreak( s ) ) { - LDAP_UTF8INC( s ); - } - - while ( iswordbreak( s ) ) { - if ( *s == '\0' ) { - return( NULL ); - } else { - LDAP_UTF8INC( s ); - } - } + if ( s == NULL ) { + return( NULL ); + } + + while ( ! iswordbreak( s ) ) { + LDAP_UTF8INC( s ); + } + + while ( iswordbreak( s ) ) { + if ( *s == '\0' ) { + return( NULL ); + } else { + LDAP_UTF8INC( s ); + } + } - return( s ); + return( s ); } char * word_dup( char *w ) { - char *s, *ret; - char save; + char *s, *ret; + char save; - for ( s = w; !iswordbreak( s ); LDAP_UTF8INC( s )) - ; /* NULL */ - save = *s; - *s = '\0'; - ret = slapi_ch_strdup( w ); - *s = save; + for ( s = w; !iswordbreak( s ); LDAP_UTF8INC( s )) + ; /* NULL */ + save = *s; + *s = '\0'; + ret = slapi_ch_strdup( w ); + *s = save; - return( ret ); + return( ret ); } #ifndef MAXPHONEMELEN -#define MAXPHONEMELEN 4 +#define MAXPHONEMELEN 6 #endif #if defined(SOUNDEX) @@ -140,11 +140,11 @@ char * phonetic( char *s ) { - char code, adjacent, ch; - char *p; - char **c; - int i, cmax; - char phoneme[MAXPHONEMELEN + 1]; + char code, adjacent, ch; + char *p; + char **c; + int i, cmax; + char phoneme[MAXPHONEMELEN + 1]; p = s; if ( p == NULL || *p == '\0' ) { @@ -152,18 +152,18 @@ } adjacent = '0'; - phoneme[0] = TOUPPER(*p); + phoneme[0] = TOUPPER(*p); - phoneme[1] = '\0'; + phoneme[1] = '\0'; for ( i = 0; i < 99 && (! iswordbreak(p)); LDAP_UTF8INC( p )) { - ch = TOUPPER (*p); + ch = TOUPPER (*p); code = '0'; switch (ch) { case 'B': case 'F': - case 'P': + case 'P': case 'V': code = (adjacent != '1') ? '1' : '0'; break; @@ -196,18 +196,18 @@ } if ( i == 0 ) { - adjacent = code; - i++; - } else if ( code != '0' ) { - if ( i == MAXPHONEMELEN ) - break; + adjacent = code; + i++; + } else if ( code != '0' ) { + if ( i == MAXPHONEMELEN ) + break; adjacent = phoneme[i] = code; i++; } } - if ( i > 0 ) - phoneme[i] = '\0'; + if ( i > 0 ) + phoneme[i] = '\0'; return( slapi_ch_strdup( phoneme ) ); } @@ -224,274 +224,274 @@ /* Character coding array */ static char vsvfn[26] = { - 1, 16, 4, 16, 9, 2, 4, 16, 9, 2, 0, 2, 2, - /* A B C D E F G H I J K L M */ - 2, 1, 4, 0, 2, 4, 4, 1, 0, 0, 0, 8, 0}; - /* N O P Q R S T U V W X Y Z */ + 1, 16, 4, 16, 9, 2, 4, 16, 9, 2, 0, 2, 2, + /* A B C D E F G H I J K L M */ + 2, 1, 4, 0, 2, 4, 4, 1, 0, 0, 0, 8, 0}; + /* N O P Q R S T U V W X Y Z */ /* Macros to access character coding array */ -#define vowel(x) ((x) != '\0' && vsvfn[(x) - 'A'] & 1) /* AEIOU */ -#define same(x) ((x) != '\0' && vsvfn[(x) - 'A'] & 2) /* FJLMNR */ -#define varson(x) ((x) != '\0' && vsvfn[(x) - 'A'] & 4) /* CGPST */ -#define frontv(x) ((x) != '\0' && vsvfn[(x) - 'A'] & 8) /* EIY */ -#define noghf(x) ((x) != '\0' && vsvfn[(x) - 'A'] & 16) /* BDH */ +#define vowel(x) ((x) != '\0' && vsvfn[(x) - 'A'] & 1) /* AEIOU */ +#define same(x) ((x) != '\0' && vsvfn[(x) - 'A'] & 2) /* FJLMNR */ +#define varson(x) ((x) != '\0' && vsvfn[(x) - 'A'] & 4) /* CGPST */ +#define frontv(x) ((x) != '\0' && vsvfn[(x) - 'A'] & 8) /* EIY */ +#define noghf(x) ((x) != '\0' && vsvfn[(x) - 'A'] & 16) /* BDH */ char * phonetic( char *Word ) { - char *n, *n_start, *n_end; /* pointers to string */ - char *metaph_end; /* pointers to metaph */ - char ntrans[42]; /* word with uppercase letters */ - int KSflag; /* state flag for X -> KS */ - char buf[MAXPHONEMELEN + 2]; - char *Metaph; - - /* - * Copy Word to internal buffer, dropping non-alphabetic characters - * and converting to upper case - */ - n = ntrans + 4; n_end = ntrans + 35; - while (!iswordbreak( Word ) && n < n_end) { - if (isascii(*Word)) { - if (isalpha(*Word)) { - *n++ = TOUPPER(*Word); - } - ++Word; - } else { - auto const size_t len = LDAP_UTF8COPY(n, Word); - n += len; Word += len; - } - } - Metaph = buf; - *Metaph = '\0'; - if (n == ntrans + 4) { - return( slapi_ch_strdup( buf ) ); /* Return if null */ - } - n_end = n; /* Set n_end to end of string */ - - /* ntrans[0] will always be == 0 */ - ntrans[0] = '\0'; - ntrans[1] = '\0'; - ntrans[2] = '\0'; - ntrans[3] = '\0'; - *n++ = 0; - *n++ = 0; - *n++ = 0; - *n = 0; /* Pad with nulls */ - n = ntrans + 4; /* Assign pointer to start */ - - /* Check for PN, KN, GN, AE, WR, WH, and X at start */ - switch (*n) { - case 'P': - case 'K': - case 'G': - /* 'PN', 'KN', 'GN' becomes 'N' */ - if (*(n + 1) == 'N') - *n++ = 0; - break; - case 'A': - /* 'AE' becomes 'E' */ - if (*(n + 1) == 'E') - *n++ = 0; - break; - case 'W': - /* 'WR' becomes 'R', and 'WH' to 'H' */ - if (*(n + 1) == 'R') - *n++ = 0; - else if (*(n + 1) == 'H') { - *(n + 1) = *n; - *n++ = 0; - } - break; - case 'X': - /* 'X' becomes 'S' */ - *n = 'S'; - break; - } - - /* - * Now, loop step through string, stopping at end of string or when - * the computed 'metaph' is MAXPHONEMELEN characters long - */ - - KSflag = 0; /* state flag for KS translation */ - for (metaph_end = Metaph + MAXPHONEMELEN, n_start = n; - n <= n_end && Metaph < metaph_end; n++) { - if (KSflag) { - KSflag = 0; - *Metaph++ = 'S'; - } else if (!isascii(*n)) { - *Metaph++ = *n; - } else { - /* Drop duplicates except for CC */ - if (*(n - 1) == *n && *n != 'C') - continue; - /* Check for F J L M N R or first letter vowel */ - if (same(*n) || (n == n_start && vowel(*n))) { - *Metaph++ = *n; - } else { - switch (*n) { - case 'B': - - /* - * B unless in -MB - */ - if (n < (n_end - 1) && *(n - 1) != 'M') { - *Metaph++ = *n; - } - break; - case 'C': - - /* - * X if in -CIA-, -CH- else S if in - * -CI-, -CE-, -CY- else dropped if - * in -SCI-, -SCE-, -SCY- else K - */ - if (*(n - 1) != 'S' || !frontv(*(n + 1))) { - if (*(n + 1) == 'I' && *(n + 2) == 'A') { - *Metaph++ = 'X'; - } else if (frontv(*(n + 1))) { - *Metaph++ = 'S'; - } else if (*(n + 1) == 'H') { - *Metaph++ = ((n == n_start && !vowel(*(n + 2))) - || *(n - 1) == 'S') - ? (char) 'K' : (char) 'X'; - } else { - *Metaph++ = 'K'; - } - } - break; - case 'D': - - /* - * J if in DGE or DGI or DGY else T - */ - *Metaph++ = (*(n + 1) == 'G' && frontv(*(n + 2))) - ? (char) 'J' : (char) 'T'; - break; - case 'G': - - /* - * F if in -GH and not B--GH, D--GH, - * -H--GH, -H---GH else dropped if - * -GNED, -GN, -DGE-, -DGI-, -DGY- - * else J if in -GE-, -GI-, -GY- and - * not GG else K - */ - if ((*(n + 1) != 'J' || vowel(*(n + 2))) && - (*(n + 1) != 'N' || ((n + 1) < n_end && - (*(n + 2) != 'E' || *(n + 3) != 'D'))) && - (*(n - 1) != 'D' || !frontv(*(n + 1)))) - *Metaph++ = (frontv(*(n + 1)) && - *(n + 2) != 'G') ? (char) 'G' : (char) 'K'; - else if (*(n + 1) == 'H' && !noghf(*(n - 3)) && - *(n - 4) != 'H') - *Metaph++ = 'F'; - break; - case 'H': - - /* - * H if before a vowel and not after - * C, G, P, S, T else dropped - */ - if (!varson(*(n - 1)) && (!vowel(*(n - 1)) || - vowel(*(n + 1)))) - *Metaph++ = 'H'; - break; - case 'K': - - /* - * dropped if after C else K - */ - if (*(n - 1) != 'C') - *Metaph++ = 'K'; - break; - case 'P': - - /* - * F if before H, else P - */ - *Metaph++ = *(n + 1) == 'H' ? - (char) 'F' : (char) 'P'; - break; - case 'Q': - - /* - * K - */ - *Metaph++ = 'K'; - break; - case 'S': - - /* - * X in -SH-, -SIO- or -SIA- else S - */ - *Metaph++ = (*(n + 1) == 'H' || - (*(n + 1) == 'I' && (*(n + 2) == 'O' || - *(n + 2) == 'A'))) - ? (char) 'X' : (char) 'S'; - break; - case 'T': - - /* - * X in -TIA- or -TIO- else 0 (zero) - * before H else dropped if in -TCH- - * else T - */ - if (*(n + 1) == 'I' && (*(n + 2) == 'O' || - *(n + 2) == 'A')) - *Metaph++ = 'X'; - else if (*(n + 1) == 'H') - *Metaph++ = '0'; - else if (*(n + 1) != 'C' || *(n + 2) != 'H') - *Metaph++ = 'T'; - break; - case 'V': - - /* - * F - */ - *Metaph++ = 'F'; - break; - case 'W': - - /* - * W after a vowel, else dropped - */ - case 'Y': - - /* - * Y unless followed by a vowel - */ - if (vowel(*(n + 1))) - *Metaph++ = *n; - break; - case 'X': - - /* - * KS - */ - if (n == n_start) - *Metaph++ = 'S'; - else { - *Metaph++ = 'K'; /* Insert K, then S */ - KSflag = 1; - } - break; - case 'Z': - - /* - * S - */ - *Metaph++ = 'S'; - break; - } - } - } - } + char *n, *n_start, *n_end; /* pointers to string */ + char *metaph_end; /* pointers to metaph */ + char ntrans[42]; /* word with uppercase letters */ + int KSflag; /* state flag for X -> KS */ + char buf[MAXPHONEMELEN + 2]; + char *Metaph; + + /* + * Copy Word to internal buffer, dropping non-alphabetic characters + * and converting to upper case + */ + n = ntrans + 4; n_end = ntrans + 35; + while (!iswordbreak( Word ) && n < n_end) { + if (isascii(*Word)) { + if (isalpha(*Word)) { + *n++ = TOUPPER(*Word); + } + ++Word; + } else { + auto const size_t len = LDAP_UTF8COPY(n, Word); + n += len; Word += len; + } + } + Metaph = buf; + *Metaph = '\0'; + if (n == ntrans + 4) { + return( slapi_ch_strdup( buf ) ); /* Return if null */ + } + n_end = n; /* Set n_end to end of string */ + + /* ntrans[0] will always be == 0 */ + ntrans[0] = '\0'; + ntrans[1] = '\0'; + ntrans[2] = '\0'; + ntrans[3] = '\0'; + *n++ = 0; + *n++ = 0; + *n++ = 0; + *n = 0; /* Pad with nulls */ + n = ntrans + 4; /* Assign pointer to start */ + + /* Check for PN, KN, GN, AE, WR, WH, and X at start */ + switch (*n) { + case 'P': + case 'K': + case 'G': + /* 'PN', 'KN', 'GN' becomes 'N' */ + if (*(n + 1) == 'N') + *n++ = 0; + break; + case 'A': + /* 'AE' becomes 'E' */ + if (*(n + 1) == 'E') + *n++ = 0; + break; + case 'W': + /* 'WR' becomes 'R', and 'WH' to 'H' */ + if (*(n + 1) == 'R') + *n++ = 0; + else if (*(n + 1) == 'H') { + *(n + 1) = *n; + *n++ = 0; + } + break; + case 'X': + /* 'X' becomes 'S' */ + *n = 'S'; + break; + } + + /* + * Now, loop step through string, stopping at end of string or when + * the computed 'metaph' is MAXPHONEMELEN characters long + */ + + KSflag = 0; /* state flag for KS translation */ + for (metaph_end = Metaph + MAXPHONEMELEN, n_start = n; + n <= n_end && Metaph < metaph_end; n++) { + if (KSflag) { + KSflag = 0; + *Metaph++ = 'S'; + } else if (!isascii(*n)) { + *Metaph++ = *n; + } else { + /* Drop duplicates except for CC */ + if (*(n - 1) == *n && *n != 'C') + continue; + /* Check for F J L M N R or first letter vowel */ + if (same(*n) || (n == n_start && vowel(*n))) { + *Metaph++ = *n; + } else { + switch (*n) { + case 'B': + + /* + * B unless in -MB + */ + if (n < (n_end - 1) && *(n - 1) != 'M') { + *Metaph++ = *n; + } + break; + case 'C': + + /* + * X if in -CIA-, -CH- else S if in + * -CI-, -CE-, -CY- else dropped if + * in -SCI-, -SCE-, -SCY- else K + */ + if (*(n - 1) != 'S' || !frontv(*(n + 1))) { + if (*(n + 1) == 'I' && *(n + 2) == 'A') { + *Metaph++ = 'X'; + } else if (frontv(*(n + 1))) { + *Metaph++ = 'S'; + } else if (*(n + 1) == 'H') { + *Metaph++ = ((n == n_start && !vowel(*(n + 2))) + || *(n - 1) == 'S') + ? (char) 'K' : (char) 'X'; + } else { + *Metaph++ = 'K'; + } + } + break; + case 'D': + + /* + * J if in DGE or DGI or DGY else T + */ + *Metaph++ = (*(n + 1) == 'G' && frontv(*(n + 2))) + ? (char) 'J' : (char) 'T'; + break; + case 'G': + + /* + * F if in -GH and not B--GH, D--GH, + * -H--GH, -H---GH else dropped if + * -GNED, -GN, -DGE-, -DGI-, -DGY- + * else J if in -GE-, -GI-, -GY- and + * not GG else K + */ + if ((*(n + 1) != 'J' || vowel(*(n + 2))) && + (*(n + 1) != 'N' || ((n + 1) < n_end && + (*(n + 2) != 'E' || *(n + 3) != 'D'))) && + (*(n - 1) != 'D' || !frontv(*(n + 1)))) + *Metaph++ = (frontv(*(n + 1)) && + *(n + 2) != 'G') ? (char) 'G' : (char) 'K'; + else if (*(n + 1) == 'H' && !noghf(*(n - 3)) && + *(n - 4) != 'H') + *Metaph++ = 'F'; + break; + case 'H': + + /* + * H if before a vowel and not after + * C, G, P, S, T else dropped + */ + if (!varson(*(n - 1)) && (!vowel(*(n - 1)) || + vowel(*(n + 1)))) + *Metaph++ = 'H'; + break; + case 'K': + + /* + * dropped if after C else K + */ + if (*(n - 1) != 'C') + *Metaph++ = 'K'; + break; + case 'P': + + /* + * F if before H, else P + */ + *Metaph++ = *(n + 1) == 'H' ? + (char) 'F' : (char) 'P'; + break; + case 'Q': + + /* + * K + */ + *Metaph++ = 'K'; + break; + case 'S': + + /* + * X in -SH-, -SIO- or -SIA- else S + */ + *Metaph++ = (*(n + 1) == 'H' || + (*(n + 1) == 'I' && (*(n + 2) == 'O' || + *(n + 2) == 'A'))) + ? (char) 'X' : (char) 'S'; + break; + case 'T': + + /* + * X in -TIA- or -TIO- else 0 (zero) + * before H else dropped if in -TCH- + * else T + */ + if (*(n + 1) == 'I' && (*(n + 2) == 'O' || + *(n + 2) == 'A')) + *Metaph++ = 'X'; + else if (*(n + 1) == 'H') + *Metaph++ = '0'; + else if (*(n + 1) != 'C' || *(n + 2) != 'H') + *Metaph++ = 'T'; + break; + case 'V': + + /* + * F + */ + *Metaph++ = 'F'; + break; + case 'W': + + /* + * W after a vowel, else dropped + */ + case 'Y': + + /* + * Y unless followed by a vowel + */ + if (vowel(*(n + 1))) + *Metaph++ = *n; + break; + case 'X': + + /* + * KS + */ + if (n == n_start) + *Metaph++ = 'S'; + else { + *Metaph++ = 'K'; /* Insert K, then S */ + KSflag = 1; + } + break; + case 'Z': + + /* + * S + */ + *Metaph++ = 'S'; + break; + } + } + } + } - *Metaph = 0; /* Null terminate */ - return( slapi_ch_strdup( buf ) ); + *Metaph = 0; /* Null terminate */ + return( slapi_ch_strdup( buf ) ); } #endif /* METAPHONE */ From nkinder at fedoraproject.org Mon Jan 12 23:49:46 2009 From: nkinder at fedoraproject.org (Nathan Kinder) Date: Mon, 12 Jan 2009 23:49:46 +0000 (UTC) Subject: [Fedora-directory-commits] ldapserver/ldap/schema 28pilot.ldif, 1.4, 1.5 Message-ID: <20090112234946.830097013F@cvs1.fedora.phx.redhat.com> Author: nkinder Update of /cvs/dirsec/ldapserver/ldap/schema In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv3189/ldap/schema Modified Files: 28pilot.ldif Log Message: Resolves: 437900 Summary: Add AUXILIARY keyword to domainRelatedObject and simpleSecurityObject definitions. Index: 28pilot.ldif =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/schema/28pilot.ldif,v retrieving revision 1.4 retrieving revision 1.5 diff -u -r1.4 -r1.5 --- 28pilot.ldif 19 Apr 2005 22:07:27 -0000 1.4 +++ 28pilot.ldif 12 Jan 2009 23:49:44 -0000 1.5 @@ -88,7 +88,7 @@ objectClasses: ( 0.9.2342.19200300.100.4.6 NAME 'document' DESC 'Standard LDAP objectclass' SUP pilotObject MUST ( documentIdentifier ) MAY ( abstract $ authorCN $ authorSN $ cn $ description $ documentAuthor $ documentLocation $ documentPublisher $ documentStore $ documentTitle $ documentVersion $ keywords $ l $ o $ obsoletedByDocument $ obsoletesDocument $ ou $ seeAlso $ subject $ updatedByDocument $ updatesDocument ) X-ORIGIN 'RFC 1274' ) objectClasses: ( 0.9.2342.19200300.100.4.7 NAME 'room' DESC 'Standard LDAP objectclass' SUP top MUST ( cn ) MAY ( description $ roomNumber $ seeAlso $ telephoneNumber ) X-ORIGIN 'RFC 1274' ) objectClasses: ( 0.9.2342.19200300.100.4.9 NAME 'documentSeries' DESC 'Standard LDAP objectclass' SUP top MUST ( cn ) MAY ( description $ l $ o $ ou $ seeAlso $ telephoneNumber ) X-ORIGIN 'RFC 1274' ) -objectClasses: ( 0.9.2342.19200300.100.4.17 NAME 'domainRelatedObject' DESC 'Standard LDAP objectclass' SUP top MUST ( associatedDomain ) X-ORIGIN 'RFC 1274' ) +objectClasses: ( 0.9.2342.19200300.100.4.17 NAME 'domainRelatedObject' DESC 'Standard LDAP objectclass' SUP top AUXILIARY MUST ( associatedDomain ) X-ORIGIN 'RFC 1274' ) objectClasses: ( 0.9.2342.19200300.100.4.18 NAME 'friendlyCountry' DESC 'Standard LDAP objectclass' SUP country MUST ( co ) X-ORIGIN 'RFC 1274' ) -objectClasses: ( 0.9.2342.19200300.100.4.19 NAME 'simpleSecurityObject' DESC 'Standard LDAP objectclass' SUP top MUST ( userPassword ) X-ORIGIN 'RFC 1274' ) +objectClasses: ( 0.9.2342.19200300.100.4.19 NAME 'simpleSecurityObject' DESC 'Standard LDAP objectclass' SUP top AUXILIARY MUST ( userPassword ) X-ORIGIN 'RFC 1274' ) objectClasses: ( 0.9.2342.19200300.100.4.20 NAME 'pilotOrganization' DESC 'Standard LDAP objectclass' SUP top MUST ( ou $ o ) MAY ( buildingName $ businessCategory $ description $ destinationIndicator $ facsimileTelephoneNumber $ internationaliSDNNumber $ l $ physicalDeliveryOfficeName $ postOfficeBox $ postalAddress $ postalCode $ preferredDeliveryMethod $ registeredAddress $ searchGuide $ seeAlso $ st $ street $ telephoneNumber $ teletexTerminalIdentifier $ telexNumber $ userPassword $ x121Address ) X-ORIGIN 'RFC 1274' ) From rmeggins at fedoraproject.org Tue Jan 13 18:28:36 2009 From: rmeggins at fedoraproject.org (Richard Allen Megginson) Date: Tue, 13 Jan 2009 18:28:36 +0000 (UTC) Subject: [Fedora-directory-commits] ldapserver/ldap/servers/slapd attr.c, 1.9, 1.10 ava.c, 1.9, 1.10 Message-ID: <20090113182836.AFC2070141@cvs1.fedora.phx.redhat.com> Author: rmeggins Update of /cvs/dirsec/ldapserver/ldap/servers/slapd In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv28075/ldapserver/ldap/servers/slapd Modified Files: attr.c ava.c Log Message: Resolves: bug 204966 Bug Description: WinSync ignores entry if NT attributes are added later. Reviewed by: nkinder (Thanks!) Fix Description: If we are replaying a modify operation, we need to check if the ntUser objectclass is being added along with the other attributes that tell the sync service to sync this entry. If the objectclass is being added or replaced, we check the existing entry to see if it is still a sync-able entry. If it is, we call process_replay_add to add the entry. I changed this function to accept a Slapi_Entry to add rather than the operation structure. Finally, I had to change the way we send the Account Control flags to take into account an entry that may have been added as a result of a modify operation. I fixed a memory leak when setting the Slapi_Attr attribute type, and cleaned up a compiler warning. NOTE: There will be no clear text password to send (unless the userPassword was modified in the same modify operation). This means the account will be added to Windows, and will be enabled, but will be essentially unusable - the user cannot login - until either the user modifies the password on the directory server side, or the administrator resets the password. Platforms tested: RHEL5 Flag Day: no Doc impact: yes - we will have to document the new winsync behavior Index: attr.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/attr.c,v retrieving revision 1.9 retrieving revision 1.10 diff -u -r1.9 -r1.10 --- attr.c 30 Aug 2007 15:56:36 -0000 1.9 +++ attr.c 13 Jan 2009 18:28:34 -0000 1.10 @@ -707,6 +707,7 @@ if((NULL == a) || (NULL == type)) { rc = -1; } else { + slapi_ch_free_string(&a->a_type); a->a_type = slapi_ch_strdup(type); } return rc; Index: ava.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/ava.c,v retrieving revision 1.9 retrieving revision 1.10 diff -u -r1.9 -r1.10 --- ava.c 6 Jan 2009 22:50:30 -0000 1.9 +++ ava.c 13 Jan 2009 18:28:34 -0000 1.10 @@ -50,8 +50,6 @@ #endif #include "slap.h" -static void strcpy_special_undo(); - int get_ava( BerElement *ber, From rmeggins at fedoraproject.org Tue Jan 13 18:28:36 2009 From: rmeggins at fedoraproject.org (Richard Allen Megginson) Date: Tue, 13 Jan 2009 18:28:36 +0000 (UTC) Subject: [Fedora-directory-commits] ldapserver/ldap/servers/plugins/replication windows_protocol_util.c, 1.48, 1.49 Message-ID: <20090113182836.A6E1170142@cvs1.fedora.phx.redhat.com> Author: rmeggins Update of /cvs/dirsec/ldapserver/ldap/servers/plugins/replication In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv28075/ldapserver/ldap/servers/plugins/replication Modified Files: windows_protocol_util.c Log Message: Resolves: bug 204966 Bug Description: WinSync ignores entry if NT attributes are added later. Reviewed by: nkinder (Thanks!) Fix Description: If we are replaying a modify operation, we need to check if the ntUser objectclass is being added along with the other attributes that tell the sync service to sync this entry. If the objectclass is being added or replaced, we check the existing entry to see if it is still a sync-able entry. If it is, we call process_replay_add to add the entry. I changed this function to accept a Slapi_Entry to add rather than the operation structure. Finally, I had to change the way we send the Account Control flags to take into account an entry that may have been added as a result of a modify operation. I fixed a memory leak when setting the Slapi_Attr attribute type, and cleaned up a compiler warning. NOTE: There will be no clear text password to send (unless the userPassword was modified in the same modify operation). This means the account will be added to Windows, and will be enabled, but will be essentially unusable - the user cannot login - until either the user modifies the password on the directory server side, or the administrator resets the password. Platforms tested: RHEL5 Flag Day: no Doc impact: yes - we will have to document the new winsync behavior Index: windows_protocol_util.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/plugins/replication/windows_protocol_util.c,v retrieving revision 1.48 retrieving revision 1.49 diff -u -r1.48 -r1.49 --- windows_protocol_util.c 9 Jan 2009 21:30:55 -0000 1.48 +++ windows_protocol_util.c 13 Jan 2009 18:28:34 -0000 1.49 @@ -993,8 +993,55 @@ slapi_log_error(SLAPI_LOG_REPL, NULL, "Attempting to add entry %s to AD for local entry %s\n",remote_dn_string,local_dn_string); } +/* + * The entry may have been modified to make it "sync-able", so the modify operation should + * actually trigger the addition of the entry to windows + * check the list of mods to see if the sync objectclass/attributes were added to the entry + * and if so if the current local entry still has them +*/ +static int +sync_attrs_added(LDAPMod **original_mods, Slapi_Entry *local_entry) { + int retval = 0; + int ii = 0; + char *useroc = "ntuser"; + char *groupoc = "ntgroup"; + size_t ulen = 6; + size_t glen = 7; + + for (ii = 0; (retval == 0) && original_mods && original_mods[ii]; ++ii) { + LDAPMod *mod = original_mods[ii]; + /* look for a mod/add or replace op with valid type and values */ + if (!(SLAPI_IS_MOD_ADD(mod->mod_op) || SLAPI_IS_MOD_REPLACE(mod->mod_op)) || + !mod->mod_type || !mod->mod_bvalues || !mod->mod_bvalues[0]) { + continue; /* skip it */ + } + /* if it has an objectclass mod, see if ntuser or ntgroup is one of them */ + if (!strcasecmp(mod->mod_type, "objectclass")) { + int jj = 0; + for (jj = 0; (retval == 0) && mod->mod_bvalues[jj]; ++jj) { + struct berval *bv = mod->mod_bvalues[jj]; + if (((bv->bv_len == ulen) && !PL_strncasecmp(useroc, bv->bv_val, ulen)) || + ((bv->bv_len == glen) && !PL_strncasecmp(groupoc, bv->bv_val, glen))) { + retval = 1; /* has magic objclass value */ + } + } + } + } + + /* if the modify op had the right values, see if they are still present in + the local entry */ + if (retval == 1) { + retval = add_remote_entry_allowed(local_entry); /* check local entry */ + if (retval < 0) { + retval = 0; + } + } + + return retval; +} + static ConnResult -process_replay_add(Private_Repl_Protocol *prp, slapi_operation_parameters *op, Slapi_Entry *local_entry, Slapi_DN *local_dn, Slapi_DN *remote_dn, int is_user, int missing_entry, char **password) +process_replay_add(Private_Repl_Protocol *prp, Slapi_Entry *add_entry, Slapi_Entry *local_entry, Slapi_DN *local_dn, Slapi_DN *remote_dn, int is_user, int missing_entry, char **password) { int remote_add_allowed = add_remote_entry_allowed(local_entry); ConnResult return_value = 0; @@ -1083,7 +1130,7 @@ LDAPMod **entryattrs = NULL; Slapi_Entry *mapped_entry = NULL; /* First map the entry */ - rc = windows_create_remote_entry(prp,op->p.p_add.target_entry, remote_dn, &mapped_entry, password); + rc = windows_create_remote_entry(prp,add_entry, remote_dn, &mapped_entry, password); /* Convert entry to mods */ if (0 == rc && mapped_entry) { @@ -1212,27 +1259,37 @@ agmt_get_long_name(prp->agmt), op2string(op->operation_type), op->target_address.dn, slapi_sdn_get_dn(remote_dn)); switch (op->operation_type) { - /* - we should check the modify case first and check the list of mods - - if the magic objectclass (ntuser) and attributes (ntUserCreateNewAccount - or ntGroupCreateNewAccount) then we should fall through to the ADD case - since the user wants to add the user to AD - could maybe just change - process_replay_add slightly, to add the mods list from the modify - operation - process_replay_add already turns the entry into a mods list - to pass to the ldap add operation, so it should not be too much more - trouble to apply the additional mods from the modify operation - we'll - have to pass in local entry, or perhaps just change the operation from - modify to an add, and set the op->p.p_add.target_entry to the local_entry - which gets retrieved above - */ case SLAPI_OPERATION_ADD: - return_value = process_replay_add(prp,op,local_entry,local_dn,remote_dn,is_user,missing_entry,&password); + return_value = process_replay_add(prp,op->p.p_add.target_entry,local_entry,local_dn,remote_dn,is_user,missing_entry,&password); break; case SLAPI_OPERATION_MODIFY: { LDAPMod **mapped_mods = NULL; char *newrdn = NULL; + /* + * If the magic objectclass and attributes have been added to the entry + * to make the entry sync-able, add the entry first, then apply the other + * mods + */ + if (sync_attrs_added(op->p.p_modify.modify_mods, local_entry)) { + Slapi_Entry *ad_entry = NULL; + + return_value = process_replay_add(prp,local_entry,local_entry,local_dn,remote_dn,is_user,missing_entry,&password); + slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name, + "%s: windows_replay_update: " + "The modify operation added the sync objectclass and attribute, so " + "the entry was added to windows - result [%d]\n", + agmt_get_long_name(prp->agmt), return_value); + if (return_value) { + break; /* error adding entry - cannot continue */ + } + /* the modify op needs the new remote entry, so retrieve it */ + windows_get_remote_entry(prp, remote_dn, &ad_entry); + slapi_entry_free(ad_entry); /* getting sets windows_private_get_raw_entry */ + } + + windows_map_mods_for_replay(prp,op->p.p_modify.modify_mods, &mapped_mods, is_user, &password, windows_private_get_raw_entry(prp->agmt)); if (is_user) { @@ -1336,18 +1393,19 @@ slapi_log_error(SLAPI_LOG_REPL, windows_repl_plugin_name, "%s: windows_replay_update: update password returned %d\n", agmt_get_long_name(prp->agmt), return_value ); - } else { - /* If we successfully added an entry, and then subsequently changed - * its password, THEN we need to change its status in AD in order - * that it can be used (otherwise the user is marked as disabled). - * To do this we set this attribute and value: - * userAccountControl: 512 */ - if (op->operation_type == SLAPI_OPERATION_ADD && missing_entry) - { - return_value = send_accountcontrol_modify(remote_dn, prp, missing_entry); - } } } + /* If we successfully added an entry, and then subsequently changed + * its password, THEN we need to change its status in AD in order + * that it can be used (otherwise the user is marked as disabled). + * To do this we set this attribute and value: + * userAccountControl: 512 + * Or, if we added a new entry, we need to change the useraccountcontrol + * to make the new user enabled by default + */ + if ((return_value == CONN_OPERATION_SUCCESS) && remote_dn && (password || missing_entry)) { + return_value = send_accountcontrol_modify(remote_dn, prp, missing_entry); + } } else { /* We ignore operations that target entries outside of our sync'ed subtree, or which are not Windows users or groups */ } From rmeggins at fedoraproject.org Tue Jan 13 19:01:13 2009 From: rmeggins at fedoraproject.org (Richard Allen Megginson) Date: Tue, 13 Jan 2009 19:01:13 +0000 (UTC) Subject: [Fedora-directory-commits] ldapserver/ldap/servers/slapd ssl.c, 1.21, 1.22 Message-ID: <20090113190113.342707013F@cvs1.fedora.phx.redhat.com> Author: rmeggins Update of /cvs/dirsec/ldapserver/ldap/servers/slapd In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv727/ldapserver/ldap/servers/slapd Modified Files: ssl.c Log Message: Resolves: bug 479202 Bug Description: Acceptance test: mmrepl {accept,chainonupdate} : slapd dumps core during accept_cleanup() Reviewed by: nkinder (Thanks!) Fix Description: Have to call ldapssl_set_option(ld, SSL_NO_CACHE, PR_TRUE) after setting up the connection for client auth Platforms tested: RHEL5 Flag Day: no Doc impact: no Index: ssl.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/ssl.c,v retrieving revision 1.21 retrieving revision 1.22 diff -u -r1.21 -r1.22 --- ssl.c 5 Dec 2008 22:41:52 -0000 1.21 +++ ssl.c 13 Jan 2009 19:01:10 -0000 1.22 @@ -1159,15 +1159,6 @@ /* Free config data */ - /* We cannot allow NSS to cache outgoing client auth connections - - each client auth connection must have it's own non-shared SSL - connection to the peer so that it will go through the - entire handshake protocol every time including the use of its - own unique client cert - see bug 605457 - */ - - ldapssl_set_option(ld, SSL_NO_CACHE, PR_TRUE); - #ifndef _WIN32 StdPinObj = (SVRCOREStdPinObj *)SVRCORE_GetRegisteredPinObj(); err = SVRCORE_StdPinGetPin( &pw, StdPinObj, token ); @@ -1188,6 +1179,15 @@ SLAPI_COMPONENT_NAME_NSPR " error %d - %s)", SERVER_KEY_NAME, cert_name, rc, errorCode, slapd_pr_strerror(errorCode)); + } else { + /* We cannot allow NSS to cache outgoing client auth connections - + each client auth connection must have it's own non-shared SSL + connection to the peer so that it will go through the + entire handshake protocol every time including the use of its + own unique client cert - see bug 605457 + */ + + ldapssl_set_option(ld, SSL_NO_CACHE, PR_TRUE); } } From rmeggins at fedoraproject.org Tue Jan 13 22:24:18 2009 From: rmeggins at fedoraproject.org (Richard Allen Megginson) Date: Tue, 13 Jan 2009 22:24:18 +0000 (UTC) Subject: [Fedora-directory-commits] ldapserver/ldap/servers/slapd util.c, 1.26, 1.27 Message-ID: <20090113222418.58CCF70141@cvs1.fedora.phx.redhat.com> Author: rmeggins Update of /cvs/dirsec/ldapserver/ldap/servers/slapd In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv24442/ldapserver/ldap/servers/slapd Modified Files: util.c Log Message: Resolves: bug 479313 Bug Description: Server to Server SASL - DIGEST/MD5 - Can not Stop server Reviewed by: nhosoi (Thanks!) Fix Description: Using ldap_set_option with LDAP_OPT_X_SASL_SECPROPS is not thread safe. ldap_set_option acquires the OPTION lock, but using LDAP_OPT_X_SASL_SECPROPS just calls return rather than calling break to exit the switch and unlock the lock. A mozilla bug has been filed https://bugzilla.mozilla.org/show_bug.cgi?id=473438. The fix is to use LDAP_OPT_X_SASL_SSF_MAX. Platforms tested: RHEL5 Flag Day: no Doc impact: no Index: util.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/util.c,v retrieving revision 1.26 retrieving revision 1.27 diff -u -r1.26 -r1.27 --- util.c 9 Jan 2009 21:30:56 -0000 1.26 +++ util.c 13 Jan 2009 22:24:15 -0000 1.27 @@ -1105,6 +1105,7 @@ return slapi_ldap_init_ext(NULL, ldaphost, ldapport, secure, shared, NULL); } +#include /* * Does the correct bind operation simple/sasl/cert depending * on the arguments passed in. If the user specified to use @@ -1258,7 +1259,8 @@ } else { /* a SASL mech - set the sasl ssf to 0 if using TLS/SSL */ if (secure) { - ldap_set_option(ld, LDAP_OPT_X_SASL_SECPROPS, "maxssf=0"); + sasl_ssf_t max_ssf = 0; + ldap_set_option(ld, LDAP_OPT_X_SASL_SSF_MAX, &max_ssf); } rc = slapd_ldap_sasl_interactive_bind(ld, bindid, creds, mech, serverctrls, returnedctrls, @@ -1282,7 +1284,6 @@ /* the following implements the client side of sasl bind, for LDAP server -> LDAP server SASL */ -#include typedef struct { char *mech; From rmeggins at fedoraproject.org Wed Jan 14 15:08:00 2009 From: rmeggins at fedoraproject.org (Richard Allen Megginson) Date: Wed, 14 Jan 2009 15:08:00 +0000 (UTC) Subject: [Fedora-directory-commits] ldapserver/ldap/servers/plugins/replication repl5.h, 1.13, 1.14 repl_globals.c, 1.7, 1.8 windows_inc_protocol.c, 1.18, 1.19 windows_private.c, 1.22, 1.23 windowsrepl.h, 1.17, 1.18 Message-ID: <20090114150800.BE33470136@cvs1.fedora.phx.redhat.com> Author: rmeggins Update of /cvs/dirsec/ldapserver/ldap/servers/plugins/replication In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv4430/ldapserver/ldap/servers/plugins/replication Modified Files: repl5.h repl_globals.c windows_inc_protocol.c windows_private.c windowsrepl.h Log Message: Resolves: bug 222055 Bug Description: DirSync interval should be configurable Reviewed by: nhosoi (Thanks!) Fix Description: Added a new config attribute - winSyncInterval - this is how often to run the dirsync search, in seconds. The default is 600 (5 minutes) which was the old hard coded value. Due to the way it's coded, the change only takes effect when the agreement is created or restarted, so the value cannot really be dynamically changed. Platforms tested: RHEL5 Flag Day: no Doc impact: yes - document the new attribute Index: repl5.h =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/plugins/replication/repl5.h,v retrieving revision 1.13 retrieving revision 1.14 diff -u -r1.13 -r1.14 --- repl5.h 4 Nov 2008 18:23:08 -0000 1.13 +++ repl5.h 14 Jan 2009 15:07:58 -0000 1.14 @@ -149,6 +149,7 @@ extern const char *type_nsds7CreateNewGroups; extern const char *type_nsds7DirsyncCookie; extern const char *type_nsds7WindowsDomain; +extern const char *type_winSyncInterval; /* To Allow Consumer Initialisation when adding an agreement - */ extern const char *type_nsds5BeginReplicaRefresh; Index: repl_globals.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/plugins/replication/repl_globals.c,v retrieving revision 1.7 retrieving revision 1.8 diff -u -r1.7 -r1.8 --- repl_globals.c 10 Nov 2006 23:45:17 -0000 1.7 +++ repl_globals.c 14 Jan 2009 15:07:58 -0000 1.8 @@ -126,13 +126,14 @@ const char *type_nsds5ReplicaBusyWaitTime = "nsds5ReplicaBusyWaitTime"; const char *type_nsds5ReplicaSessionPauseTime = "nsds5ReplicaSessionPauseTime"; -/* windows sync specifica attributes */ +/* windows sync specific attributes */ const char *type_nsds7WindowsReplicaArea = "nsds7WindowsReplicaSubtree"; const char *type_nsds7DirectoryReplicaArea = "nsds7DirectoryReplicaSubtree"; const char *type_nsds7CreateNewUsers = "nsds7NewWinUserSyncEnabled"; const char *type_nsds7CreateNewGroups = "nsds7NewWinGroupSyncEnabled"; const char *type_nsds7WindowsDomain = "nsds7WindowsDomain"; const char *type_nsds7DirsyncCookie = "nsds7DirsyncCookie"; +const char *type_winSyncInterval = "winSyncInterval"; /* To Allow Consumer Initialisation when adding an agreement - */ const char *type_nsds5BeginReplicaRefresh = "nsds5BeginReplicaRefresh"; Index: windows_inc_protocol.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/plugins/replication/windows_inc_protocol.c,v retrieving revision 1.18 retrieving revision 1.19 diff -u -r1.18 -r1.19 --- windows_inc_protocol.c 5 Dec 2008 22:41:52 -0000 1.18 +++ windows_inc_protocol.c 14 Jan 2009 15:07:58 -0000 1.19 @@ -128,11 +128,6 @@ */ #define MAX_WAIT_BETWEEN_SESSIONS PR_SecondsToInterval(60 * 5) /* 5 minutes */ /* - * Periodic synchronization interval. This is used for scheduling the periodic_dirsync event. - * The time is in milliseconds. - */ -#define PERIODIC_DIRSYNC_INTERVAL 5 * 60 * 1000 /* DBDB this should probably be configurable. 5 mins fixed for now */ -/* * tests if the protocol has been shutdown and we need to quit * event_occurred resets the bits in the bit flag, so whoever tests for shutdown * resets the flags, so the next one who tests for shutdown won't get it, so we @@ -345,12 +340,13 @@ if (is_first_start) { + unsigned long interval = windows_private_get_sync_interval(prp->agmt) * 1000; /* * The function, the arguments, the time (hence) when it is first to be called, * and the repeat interval. */ /* DBDB: we should probably make this polling interval configurable */ - dirsync = slapi_eq_repeat(periodic_dirsync, (void*) prp, (time_t)0 , PERIODIC_DIRSYNC_INTERVAL); + dirsync = slapi_eq_repeat(periodic_dirsync, (void*) prp, (time_t)0 , interval); is_first_start = PR_FALSE; } break; Index: windows_private.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/plugins/replication/windows_private.c,v retrieving revision 1.22 retrieving revision 1.23 diff -u -r1.22 -r1.23 --- windows_private.c 5 Dec 2008 22:41:52 -0000 1.22 +++ windows_private.c 14 Jan 2009 15:07:58 -0000 1.23 @@ -73,6 +73,7 @@ Slapi_Filter *deleted_filter; /* Used for checking if an entry is an AD tombstone */ Slapi_Entry *raw_entry; /* "raw" un-schema processed last entry read from AD */ void *api_cookie; /* private data used by api callbacks */ + time_t sync_interval; /* how often to run the dirsync search, in seconds */ }; static void windows_private_set_windows_domain(const Repl_Agmt *ra, char *domain); @@ -153,6 +154,16 @@ tmpstr = NULL; retval = 1; } + if (type == NULL || slapi_attr_types_equivalent(type,type_winSyncInterval)) + { + tmpstr = slapi_entry_attr_get_charptr(e, type_winSyncInterval); + if (NULL != tmpstr) + { + windows_private_set_sync_interval(ra,tmpstr); + } + slapi_ch_free_string(&tmpstr); + retval = 1; + } return retval; } @@ -203,6 +214,7 @@ dp->dirsync_maxattributecount = -1; dp->directory_filter = NULL; dp->deleted_filter = NULL; + dp->sync_interval = PERIODIC_DIRSYNC_INTERVAL; LDAPDebug0Args( LDAP_DEBUG_TRACE, "<= windows_private_new\n" ); return dp; @@ -866,6 +878,43 @@ LDAPDebug0Args( LDAP_DEBUG_TRACE, "<= windows_private_set_api_cookie\n" ); } +time_t +windows_private_get_sync_interval(const Repl_Agmt *ra) +{ + Dirsync_Private *dp; + + LDAPDebug0Args( LDAP_DEBUG_TRACE, "=> windows_private_get_sync_interval\n" ); + + PR_ASSERT(ra); + + dp = (Dirsync_Private *) agmt_get_priv(ra); + PR_ASSERT (dp); + + LDAPDebug0Args( LDAP_DEBUG_TRACE, "<= windows_private_get_sync_interval\n" ); + + return dp->sync_interval; +} + +void +windows_private_set_sync_interval(Repl_Agmt *ra, char *str) +{ + Dirsync_Private *dp; + time_t tmpval = 0; + + LDAPDebug0Args( LDAP_DEBUG_TRACE, "=> windows_private_set_sync_interval\n" ); + + PR_ASSERT(ra); + + dp = (Dirsync_Private *) agmt_get_priv(ra); + PR_ASSERT (dp); + + if (str && (tmpval = (time_t)atol(str))) { + dp->sync_interval = tmpval; + } + + LDAPDebug0Args( LDAP_DEBUG_TRACE, "<= windows_private_set_sync_interval\n" ); +} + /* an array of function pointers */ static void **_WinSyncAPI = NULL; Index: windowsrepl.h =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/plugins/replication/windowsrepl.h,v retrieving revision 1.17 retrieving revision 1.18 diff -u -r1.17 -r1.18 --- windowsrepl.h 23 Sep 2008 21:13:22 -0000 1.17 +++ windowsrepl.h 14 Jan 2009 15:07:58 -0000 1.18 @@ -80,6 +80,8 @@ void windows_private_set_raw_entry(const Repl_Agmt *ra, Slapi_Entry *e); void *windows_private_get_api_cookie(const Repl_Agmt *ra); void windows_private_set_api_cookie(Repl_Agmt *ra, void *cookie); +time_t windows_private_get_sync_interval(const Repl_Agmt *ra); +void windows_private_set_sync_interval(Repl_Agmt *ra, char *str); /* in windows_connection.c */ ConnResult windows_conn_connect(Repl_Connection *conn); @@ -122,6 +124,12 @@ #define NTUNIQUEID_LENGTH 32 #define AD_GUID_LENGTH 36 +/* + * Periodic synchronization interval. This is used for scheduling the periodic_dirsync event. + * The time is in seconds. + */ +#define PERIODIC_DIRSYNC_INTERVAL 5 * 60 /* default value is 5 minutes */ + /* called for each replication agreement - so the winsync plugin can be agreement specific and store agreement specific data From rmeggins at fedoraproject.org Wed Jan 14 15:08:00 2009 From: rmeggins at fedoraproject.org (Richard Allen Megginson) Date: Wed, 14 Jan 2009 15:08:00 +0000 (UTC) Subject: [Fedora-directory-commits] ldapserver/ldap/schema 01common.ldif, 1.3, 1.4 Message-ID: <20090114150800.A703470141@cvs1.fedora.phx.redhat.com> Author: rmeggins Update of /cvs/dirsec/ldapserver/ldap/schema In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv4430/ldapserver/ldap/schema Modified Files: 01common.ldif Log Message: Resolves: bug 222055 Bug Description: DirSync interval should be configurable Reviewed by: nhosoi (Thanks!) Fix Description: Added a new config attribute - winSyncInterval - this is how often to run the dirsync search, in seconds. The default is 600 (5 minutes) which was the old hard coded value. Due to the way it's coded, the change only takes effect when the agreement is created or restarted, so the value cannot really be dynamically changed. Platforms tested: RHEL5 Flag Day: no Doc impact: yes - document the new attribute Index: 01common.ldif =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/schema/01common.ldif,v retrieving revision 1.3 retrieving revision 1.4 diff -u -r1.3 -r1.4 --- 01common.ldif 3 Dec 2008 00:03:25 -0000 1.3 +++ 01common.ldif 14 Jan 2009 15:07:58 -0000 1.4 @@ -218,6 +218,7 @@ attributeTypes: ( 2.16.840.1.113730.3.1.1003 NAME 'nsds7NewWinGroupSyncEnabled' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.1004 NAME 'nsds7WindowsDomain' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.1005 NAME 'nsds7DirsyncCookie' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.1099 NAME 'winSyncInterval' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 1.3.6.1.1.4 NAME 'vendorName' EQUALITY 1.3.6.1.4.1.1466.109.114.1 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE NO-USER-MODIFICATION USAGE dSAOperation X-ORIGIN 'RFC 3045' ) attributeTypes: ( 1.3.6.1.1.5 NAME 'vendorVersion' EQUALITY 1.3.6.1.4.1.1466.109.114.1 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE NO-USER-MODIFICATION USAGE dSAOperation X-ORIGIN 'RFC 3045' ) attributeTypes: ( 2.16.840.1.113730.3.1.3023 NAME 'nsViewFilter' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'Netscape Directory Server' ) @@ -279,7 +280,7 @@ objectClasses: ( 2.16.840.1.113730.3.2.100 NAME 'cosClassicDefinition' DESC 'Netscape defined objectclass' SUP cosSuperDefinition MAY ( cosTemplateDn $ cosspecifier ) X-ORIGIN 'Netscape Directory Server' ) objectClasses: ( 2.16.840.1.113730.3.2.101 NAME 'cosPointerDefinition' DESC 'Netscape defined objectclass' SUP cosSuperDefinition MAY ( cosTemplateDn ) X-ORIGIN 'Netscape Directory Server' ) objectClasses: ( 2.16.840.1.113730.3.2.102 NAME 'cosIndirectDefinition' DESC 'Netscape defined objectclass' SUP cosSuperDefinition MAY ( cosIndirectSpecifier ) X-ORIGIN 'Netscape Directory Server' ) -objectClasses: ( 2.16.840.1.113730.3.2.503 NAME 'nsDSWindowsReplicationAgreement' DESC 'Netscape defined objectclass' SUP top MUST ( cn ) MAY ( nsDS5ReplicaHost $ nsDS5ReplicaPort $ nsDS5ReplicaTransportInfo $ nsDS5ReplicaBindDN $ nsDS5ReplicaCredentials $ nsDS5ReplicaBindMethod $ nsDS5ReplicaRoot $ nsDS5ReplicatedAttributeList $ nsDS5ReplicaUpdateSchedule $ nsds5BeginReplicaRefresh $ description $ nsds50ruv $ nsruvReplicaLastModified $ nsds5ReplicaTimeout $ nsds5replicaChangesSentSinceStartup $ nsds5replicaLastUpdateEnd $ nsds5replicaLastUpdateStart $ nsds5replicaLastUpdateStatus $ nsds5replicaUpdateInProgress $ nsds5replicaLastInitEnd $ nsds5replicaLastInitStart $ nsds5replicaLastInitStatus $ nsds5debugreplicatimeout $ nsds5replicaBusyWaitTime $ nsds5replicaSessionPauseTime $ nsds7WindowsReplicaSubtree $ nsds7DirectoryReplicaSubtree $ nsds7NewWinUserSyncEnabled $ nsds7NewWinGroupSyncEnabled $ nsds7WindowsDomain $ nsds7DirsyncCookie) X-ORIGIN 'Netscape Directory Server' ) +objectClasses: ( 2.16.840.1.113730.3.2.503 NAME 'nsDSWindowsReplicationAgreement' DESC 'Netscape defined objectclass' SUP top MUST ( cn ) MAY ( nsDS5ReplicaHost $ nsDS5ReplicaPort $ nsDS5ReplicaTransportInfo $ nsDS5ReplicaBindDN $ nsDS5ReplicaCredentials $ nsDS5ReplicaBindMethod $ nsDS5ReplicaRoot $ nsDS5ReplicatedAttributeList $ nsDS5ReplicaUpdateSchedule $ nsds5BeginReplicaRefresh $ description $ nsds50ruv $ nsruvReplicaLastModified $ nsds5ReplicaTimeout $ nsds5replicaChangesSentSinceStartup $ nsds5replicaLastUpdateEnd $ nsds5replicaLastUpdateStart $ nsds5replicaLastUpdateStatus $ nsds5replicaUpdateInProgress $ nsds5replicaLastInitEnd $ nsds5replicaLastInitStart $ nsds5replicaLastInitStatus $ nsds5debugreplicatimeout $ nsds5replicaBusyWaitTime $ nsds5replicaSessionPauseTime $ nsds7WindowsReplicaSubtree $ nsds7DirectoryReplicaSubtree $ nsds7NewWinUserSyncEnabled $ nsds7NewWinGroupSyncEnabled $ nsds7WindowsDomain $ nsds7DirsyncCookie $ winSyncInterval) X-ORIGIN 'Netscape Dir ectory Server' ) objectClasses: ( 2.16.840.1.113730.3.2.128 NAME 'costemplate' DESC 'Netscape defined objectclass' SUP top MAY ( cn $ cospriority ) X-ORIGIN 'Netscape Directory Server' ) objectClasses: ( 2.16.840.1.113730.3.2.304 NAME 'nsView' DESC 'Netscape defined objectclass' SUP top AUXILIARY MAY ( nsViewFilter $ description ) X-ORIGIN 'Netscape Directory Server' ) objectClasses: ( 2.16.840.1.113730.3.2.316 NAME 'nsAttributeEncryption' DESC 'Netscape defined objectclass' SUP top MUST ( cn $ nsEncryptionAlgorithm ) X-ORIGIN 'Netscape Directory Server' ) From nkinder at fedoraproject.org Wed Jan 14 17:19:34 2009 From: nkinder at fedoraproject.org (Nathan Kinder) Date: Wed, 14 Jan 2009 17:19:34 +0000 (UTC) Subject: [Fedora-directory-commits] ldapserver/wrappers initscript.in, 1.8, 1.9 Message-ID: <20090114171934.A01A170141@cvs1.fedora.phx.redhat.com> Author: nkinder Update of /cvs/dirsec/ldapserver/wrappers In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv19384/wrappers Modified Files: initscript.in Log Message: Resolves: 253311 Summary: Clean up formatting of init script output. Index: initscript.in =================================================================== RCS file: /cvs/dirsec/ldapserver/wrappers/initscript.in,v retrieving revision 1.8 retrieving revision 1.9 diff -u -r1.8 -r1.9 --- initscript.in 8 Dec 2007 17:40:32 -0000 1.8 +++ initscript.in 14 Jan 2009 17:19:32 -0000 1.9 @@ -143,7 +143,8 @@ successes=`expr $successes + 1` server_running=1 else - echo_n " not running, but pid file exists - attempt to start anyway..." + echo " not running, but pid file exists" + echo_n " $instance... attempting to start anyway" rm -f $pidfile fi fi @@ -218,10 +219,10 @@ touch $lockfile fi if [ $errors -ge 1 ]; then - echo "*** Warning: $errors instance(s) failed to start" + echo " *** Warning: $errors instance(s) failed to start" fi else - echo "*** Error: no $prog instances configured" + echo " *** Error: no $prog instances configured" fi } @@ -229,10 +230,10 @@ echo "Shutting down $prog: " errors=0 for instance in $INSTANCES; do + echo_n " $instance..." pidfile=$piddir/slapd-$instance.pid if [ -f $pidfile ]; then pid=`cat $pidfile` - echo_n " $instance..." server_stopped=0 if kill -0 $pid > /dev/null 2>&1 ; then kill $pid @@ -242,6 +243,10 @@ failure; echo errors=`expr $errors + 1` fi + else + echo_n " server not running" + failure; echo + errors=`expr $errors + 1` fi if [ $server_stopped -eq 1 ] ; then loop_counter=1 @@ -266,10 +271,14 @@ rm -f $pidfile fi fi + else + echo_n " server already stopped" + failure; echo + errors=`expr $errors + 1` fi done if [ $errors -ge 1 ]; then - echo_n "*** Error: $errors instance(s) unsuccessfully stopped" + echo_n " *** Error: $errors instance(s) unsuccessfully stopped" failure; echo else rm -f $lockfile From rmeggins at fedoraproject.org Wed Jan 14 18:48:44 2009 From: rmeggins at fedoraproject.org (Richard Allen Megginson) Date: Wed, 14 Jan 2009 18:48:44 +0000 (UTC) Subject: [Fedora-directory-commits] ldapserver Makefile.am, 1.78, 1.79 aclocal.m4, 1.78, 1.79 configure, 1.98, 1.99 missing, 1.59, 1.60 install-sh, 1.59, 1.60 depcomp, 1.59, 1.60 compile, 1.52, 1.53 Makefile.in, 1.102, 1.103 config.sub, 1.58, 1.59 config.guess, 1.58, 1.59 Message-ID: <20090114184844.8F96D70142@cvs1.fedora.phx.redhat.com> Author: rmeggins Update of /cvs/dirsec/ldapserver In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv28313 Modified Files: Makefile.am aclocal.m4 configure missing install-sh depcomp compile Makefile.in config.sub config.guess Log Message: Resolves: bug 202134 Description: add sudo and hostObject schemas by default Fix Description: added 60nss-ldap.ldif for the hostObject and other nss ldap schema Index: Makefile.am =================================================================== RCS file: /cvs/dirsec/ldapserver/Makefile.am,v retrieving revision 1.78 retrieving revision 1.79 diff -u -r1.78 -r1.79 --- Makefile.am 4 Nov 2008 18:23:05 -0000 1.78 +++ Makefile.am 14 Jan 2009 18:48:41 -0000 1.79 @@ -228,6 +228,7 @@ $(srcdir)/ldap/schema/60sabayon.ldif \ $(srcdir)/ldap/schema/60sudo.ldif \ $(srcdir)/ldap/schema/60trust.ldif \ + $(srcdir)/ldap/schema/60nss-ldap.ldif \ $(srcdir)/ldap/schema/99user.ldif sbin_SCRIPTS = ldap/admin/src/scripts/setup-ds.pl \ Index: Makefile.in =================================================================== RCS file: /cvs/dirsec/ldapserver/Makefile.in,v retrieving revision 1.102 retrieving revision 1.103 diff -u -r1.102 -r1.103 --- Makefile.in 4 Nov 2008 18:23:07 -0000 1.102 +++ Makefile.in 14 Jan 2009 18:48:41 -0000 1.103 @@ -1235,6 +1235,7 @@ $(srcdir)/ldap/schema/60sabayon.ldif \ $(srcdir)/ldap/schema/60sudo.ldif \ $(srcdir)/ldap/schema/60trust.ldif \ + $(srcdir)/ldap/schema/60nss-ldap.ldif \ $(srcdir)/ldap/schema/99user.ldif sbin_SCRIPTS = ldap/admin/src/scripts/setup-ds.pl \ From rmeggins at fedoraproject.org Wed Jan 14 18:48:44 2009 From: rmeggins at fedoraproject.org (Richard Allen Megginson) Date: Wed, 14 Jan 2009 18:48:44 +0000 (UTC) Subject: [Fedora-directory-commits] ldapserver/ldap/schema 60nss-ldap.ldif, NONE, 1.1 Message-ID: <20090114184844.52E0F70143@cvs1.fedora.phx.redhat.com> Author: rmeggins Update of /cvs/dirsec/ldapserver/ldap/schema In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv28313/ldap/schema Added Files: 60nss-ldap.ldif Log Message: Resolves: bug 202134 Description: add sudo and hostObject schemas by default Fix Description: added 60nss-ldap.ldif for the hostObject and other nss ldap schema --- NEW FILE 60nss-ldap.ldif --- # LDAP Name Service Additional Schema # http://www.iana.org/assignments/gssapi-service-names dn: cn=schema attributetypes: ( 1.3.6.1.4.1.5322.17.2.1 NAME 'authorizedService' DESC 'IANA GSS-API authorized service name' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} X-ORIGIN 'NSS LDAP schema' ) objectclasses: ( 1.3.6.1.4.1.5322.17.1.1 NAME 'authorizedServiceObject' DESC 'Auxiliary object class for adding authorizedService attribute' SUP top AUXILIARY MAY authorizedService X-ORIGIN 'NSS LDAP schema' ) objectclasses: ( 1.3.6.1.4.1.5322.17.1.2 NAME 'hostObject' DESC 'Auxiliary object class for adding host attribute' SUP top AUXILIARY MAY host X-ORIGIN 'NSS LDAP schema' ) From nkinder at fedoraproject.org Wed Jan 14 19:23:14 2009 From: nkinder at fedoraproject.org (Nathan Kinder) Date: Wed, 14 Jan 2009 19:23:14 +0000 (UTC) Subject: [Fedora-directory-commits] ldapserver/wrappers initscript.in, 1.9, 1.10 Message-ID: <20090114192314.A497370141@cvs1.fedora.phx.redhat.com> Author: nkinder Update of /cvs/dirsec/ldapserver/wrappers In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv31196/wrappers Modified Files: initscript.in Log Message: Resolves: 442474 Summary: Make init script status command exit codes follow LSB standard. Index: initscript.in =================================================================== RCS file: /cvs/dirsec/ldapserver/wrappers/initscript.in,v retrieving revision 1.9 retrieving revision 1.10 diff -u -r1.9 -r1.10 --- initscript.in 14 Jan 2009 17:19:32 -0000 1.9 +++ initscript.in 14 Jan 2009 19:23:12 -0000 1.10 @@ -292,6 +292,7 @@ status() { + ret=0 for instance in $INSTANCES; do if [ -f $piddir/slapd-$instance.pid ]; then pid=`cat $piddir/slapd-$instance.pid` @@ -299,9 +300,11 @@ echo "$prog $instance (pid $pid) is running..." else echo "$prog $instance dead but pid file exists" + ret=1 fi else echo "$prog $instance is stopped" + ret=3 fi done } From nkinder at fedoraproject.org Thu Jan 15 18:24:51 2009 From: nkinder at fedoraproject.org (Nathan Kinder) Date: Thu, 15 Jan 2009 18:24:51 +0000 (UTC) Subject: [Fedora-directory-commits] ldapserver/ldap/servers/slapd extendop.c, 1.11, 1.12 modify.c, 1.20, 1.21 passwd_extop.c, 1.18, 1.19 Message-ID: <20090115182451.317EB70142@cvs1.fedora.phx.redhat.com> Author: nkinder Update of /cvs/dirsec/ldapserver/ldap/servers/slapd In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv21352/ldap/servers/slapd Modified Files: extendop.c modify.c passwd_extop.c Log Message: Resolves: 184141 Summary: Make password modify extop work properly with the password policy control. Index: extendop.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/extendop.c,v retrieving revision 1.11 retrieving revision 1.12 diff -u -r1.11 -r1.12 --- extendop.c 11 Dec 2008 23:05:23 -0000 1.11 +++ extendop.c 15 Jan 2009 18:24:48 -0000 1.12 @@ -311,6 +311,19 @@ goto free_and_return; } + /* decode the optional controls - put them in the pblock */ + if ( (lderr = get_ldapmessage_controls( pb, pb->pb_op->o_ber, NULL )) != 0 ) + { + char *dn = NULL; + slapi_pblock_get(pb, SLAPI_CONN_DN, &dn); + + op_shared_log_error_access (pb, "EXT", dn ? dn : "", "failed to decode LDAP controls"); + send_ldap_result( pb, lderr, NULL, NULL, 0, NULL ); + + slapi_ch_free_string(&dn); + goto free_and_return; + } + slapi_pblock_set( pb, SLAPI_EXT_OP_REQ_OID, extoid ); slapi_pblock_set( pb, SLAPI_EXT_OP_REQ_VALUE, &extval ); rc = plugin_call_exop_plugins( pb, extoid ); Index: modify.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/modify.c,v retrieving revision 1.20 retrieving revision 1.21 diff -u -r1.20 -r1.21 --- modify.c 5 Dec 2008 22:41:52 -0000 1.20 +++ modify.c 15 Jan 2009 18:24:48 -0000 1.21 @@ -437,21 +437,30 @@ static int modify_internal_pb (Slapi_PBlock *pb) { - LDAPControl **controls; + LDAPControl **controls; + LDAPControl *pwpolicy_ctrl; Operation *op; - int opresult = 0; + int opresult = 0; LDAPMod **normalized_mods = NULL; LDAPMod **mods; LDAPMod **mod; Slapi_Mods smods; - int pw_change = 0; - char *old_pw = NULL; + int pw_change = 0; + char *old_pw = NULL; PR_ASSERT (pb != NULL); slapi_pblock_get(pb, SLAPI_MODIFY_MODS, &mods); slapi_pblock_get(pb, SLAPI_CONTROLS_ARG, &controls); + /* See if pwpolicy control is present. We need to do + * this before we call op_shared_allow_pw_change() since + * it looks for SLAPI_PWPOLICY in the pblock to determine + * if the response contorl is needed. */ + pwpolicy_ctrl = slapi_control_present( controls, + LDAP_X_CONTROL_PWPOLICY_REQUEST, NULL, NULL ); + slapi_pblock_set( pb, SLAPI_PWPOLICY, &pwpolicy_ctrl ); + if(mods == NULL) { opresult = LDAP_PARAM_ERROR; Index: passwd_extop.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/passwd_extop.c,v retrieving revision 1.18 retrieving revision 1.19 diff -u -r1.18 -r1.19 --- passwd_extop.c 11 Dec 2008 23:05:23 -0000 1.18 +++ passwd_extop.c 15 Jan 2009 18:24:48 -0000 1.19 @@ -143,33 +143,48 @@ /* Construct Mods pblock and perform the modify operation * Sets result of operation in SLAPI_PLUGIN_INTOP_RESULT */ -static int passwd_apply_mods(const char *dn, Slapi_Mods *mods) +static int passwd_apply_mods(const char *dn, Slapi_Mods *mods, LDAPControl **req_controls, + LDAPControl ***resp_controls) { Slapi_PBlock pb; + LDAPControl **req_controls_copy = NULL; + LDAPControl **pb_resp_controls = NULL; int ret=0; LDAPDebug( LDAP_DEBUG_TRACE, "=> passwd_apply_mods\n", 0, 0, 0 ); if (mods && (slapi_mods_get_num_mods(mods) > 0)) { + /* We need to dup the request controls since the original + * pblock owns the ones that have been passed in. */ + if (req_controls) { + slapi_add_controls(&req_controls_copy, req_controls, 1); + } + pblock_init(&pb); slapi_modify_internal_set_pb (&pb, dn, - slapi_mods_get_ldapmods_byref(mods), - NULL, /* Controls */ - NULL, /* UniqueID */ - pw_get_componentID(), /* PluginID */ - 0); /* Flags */ + slapi_mods_get_ldapmods_byref(mods), + req_controls_copy, NULL, /* UniqueID */ + pw_get_componentID(), /* PluginID */ + 0); /* Flags */ - ret =slapi_modify_internal_pb (&pb); + ret =slapi_modify_internal_pb (&pb); - slapi_pblock_get(&pb, SLAPI_PLUGIN_INTOP_RESULT, &ret); + slapi_pblock_get(&pb, SLAPI_PLUGIN_INTOP_RESULT, &ret); - if (ret != LDAP_SUCCESS){ - LDAPDebug(LDAP_DEBUG_TRACE, "WARNING: passwordPolicy modify error %d on entry '%s'\n", - ret, dn, 0); - } + /* Retreive and duplicate the response controls since they will be + * destroyed along with the pblock used for the internal operation. */ + slapi_pblock_get(&pb, SLAPI_RESCONTROLS, &pb_resp_controls); + if (pb_resp_controls) { + slapi_add_controls(resp_controls, pb_resp_controls, 1); + } - pblock_done(&pb); + if (ret != LDAP_SUCCESS){ + LDAPDebug(LDAP_DEBUG_TRACE, "WARNING: passwordPolicy modify error %d on entry '%s'\n", + ret, dn, 0); + } + + pblock_done(&pb); } LDAPDebug( LDAP_DEBUG_TRACE, "<= passwd_apply_mods: %d\n", ret, 0, 0 ); @@ -180,7 +195,8 @@ /* Modify the userPassword attribute field of the entry */ -static int passwd_modify_userpassword(Slapi_Entry *targetEntry, const char *newPasswd) +static int passwd_modify_userpassword(Slapi_Entry *targetEntry, const char *newPasswd, + LDAPControl **req_controls, LDAPControl ***resp_controls) { char *dn = NULL; int ret = 0; @@ -193,7 +209,7 @@ slapi_mods_add_string(&smods, LDAP_MOD_REPLACE, SLAPI_USERPWD_ATTR, newPasswd); - ret = passwd_apply_mods(dn, &smods); + ret = passwd_apply_mods(dn, &smods, req_controls, resp_controls); slapi_mods_done(&smods); @@ -432,15 +448,18 @@ char *oldPasswd = NULL; char *newPasswd = NULL; char *errMesg = NULL; - int ret=0, rc=0, sasl_ssf=0; + int ret=0, rc=0, sasl_ssf=0, need_pwpolicy_ctrl=0; ber_tag_t tag=0; ber_len_t len=(ber_len_t)-1; struct berval *extop_value = NULL; struct berval *gen_passwd = NULL; BerElement *ber = NULL; BerElement *response_ber = NULL; - Slapi_Entry *targetEntry=NULL; + Slapi_Entry *targetEntry=NULL; Connection *conn = NULL; + LDAPControl **req_controls = NULL; + LDAPControl **resp_controls = NULL; + passwdPolicy *pwpolicy = NULL; /* Slapi_DN sdn; */ LDAPDebug( LDAP_DEBUG_TRACE, "=> passwd_modify_extop\n", 0, 0, 0 ); @@ -589,33 +608,31 @@ } if (oldPasswd == NULL || *oldPasswd == '\0') { - /* If user is authenticated, they already gave their password during - the bind operation (or used sasl or client cert auth or OS creds) */ - slapi_pblock_get(pb, SLAPI_CONN_AUTHMETHOD, &authmethod); - if (!authmethod || !strcmp(authmethod, SLAPD_AUTH_NONE)) { - errMesg = "User must be authenticated to the directory server.\n"; - rc = LDAP_INSUFFICIENT_ACCESS; - goto free_and_return; - } + /* If user is authenticated, they already gave their password during + * the bind operation (or used sasl or client cert auth or OS creds) */ + slapi_pblock_get(pb, SLAPI_CONN_AUTHMETHOD, &authmethod); + if (!authmethod || !strcmp(authmethod, SLAPD_AUTH_NONE)) { + errMesg = "User must be authenticated to the directory server.\n"; + rc = LDAP_INSUFFICIENT_ACCESS; + goto free_and_return; + } } + + /* Fetch the password policy. We need this in case we need to + * generate a password as well as for some policy checks. */ + pwpolicy = new_passwdPolicy( pb, dn ); /* A new password was not supplied in the request, so we need to generate * a random one and return it to the user in a response. */ if (newPasswd == NULL || *newPasswd == '\0') { - passwdPolicy *pwpolicy; int rval; /* Do a free of newPasswd here to be safe, otherwise we may leak 1 byte */ slapi_ch_free_string( &newPasswd ); - - pwpolicy = new_passwdPolicy( pb, dn ); - /* Generate a new password */ rval = passwd_modify_generate_passwd( pwpolicy, &newPasswd, &errMesg ); - delete_passwdPolicy(&pwpolicy); - if (rval != LDAP_SUCCESS) { if (!errMesg) errMesg = "Error generating new password.\n"; @@ -659,8 +676,8 @@ /* Did they give us a DN ? */ if (dn == NULL || *dn == '\0') { /* Get the DN from the bind identity on this connection */ - slapi_ch_free_string(&dn); - dn = slapi_ch_strdup(bindDN); + slapi_ch_free_string(&dn); + dn = slapi_ch_strdup(bindDN); LDAPDebug( LDAP_DEBUG_ANY, "Missing userIdentity in request, using the bind DN instead.\n", 0, 0, 0 ); @@ -703,8 +720,14 @@ slapi_pblock_set(pb, SLAPI_BACKEND, be); } + /* Check if the pwpolicy control is present */ + slapi_pblock_get( pb, SLAPI_PWPOLICY, &need_pwpolicy_ctrl ); + ret = slapi_access_allowed ( pb, targetEntry, SLAPI_USERPWD_ATTR, NULL, SLAPI_ACL_WRITE ); - if ( ret != LDAP_SUCCESS ) { + if ( ret != LDAP_SUCCESS ) { + if (need_pwpolicy_ctrl) { + slapi_pwpolicy_make_response_control ( pb, -1, -1, LDAP_PWPOLICY_PWDMODNOTALLOWED ); + } errMesg = "Insufficient access rights\n"; rc = LDAP_INSUFFICIENT_ACCESS; goto free_and_return; @@ -714,21 +737,50 @@ * They gave us a password (old), check it against the target entry * Is the old password valid ? */ - if (oldPasswd && *oldPasswd) { - ret = passwd_check_pwd(targetEntry, oldPasswd); - if (ret) { - /* No, then we fail this operation */ - errMesg = "Invalid oldPasswd value.\n"; - rc = ret; - goto free_and_return; - } - } - + if (oldPasswd && *oldPasswd) { + ret = passwd_check_pwd(targetEntry, oldPasswd); + if (ret) { + /* No, then we fail this operation */ + errMesg = "Invalid oldPasswd value.\n"; + rc = ret; + goto free_and_return; + } + } + + /* Check if password policy allows users to change their passwords. We need to do + * this here since the normal modify code doesn't perform this check for + * internal operations. */ + if (!pb->pb_op->o_isroot && !pb->pb_conn->c_needpw && !pwpolicy->pw_change) { + Slapi_DN *bindSDN = slapi_sdn_new_dn_byref(bindDN); + /* Is this a user modifying their own password? */ + if (slapi_sdn_compare(bindSDN, slapi_entry_get_sdn(targetEntry))==0) { + if (need_pwpolicy_ctrl) { + slapi_pwpolicy_make_response_control ( pb, -1, -1, LDAP_PWPOLICY_PWDMODNOTALLOWED ); + } + errMesg = "User is not allowed to change password\n"; + rc = LDAP_UNWILLING_TO_PERFORM; + slapi_sdn_free(&bindSDN); + goto free_and_return; + } + slapi_sdn_free(&bindSDN); + } + /* Fetch any present request controls so we can use them when + * performing the modify operation. */ + slapi_pblock_get(pb, SLAPI_REQCONTROLS, &req_controls); + /* Now we're ready to make actual password change */ - ret = passwd_modify_userpassword(targetEntry, newPasswd); + ret = passwd_modify_userpassword(targetEntry, newPasswd, req_controls, &resp_controls); + + /* Set the response controls if necessary. We want to do this now + * so it is set for both the success and failure cases. The pblock + * will now own the controls. */ + if (resp_controls) { + slapi_pblock_set(pb, SLAPI_RESCONTROLS, resp_controls); + } + if (ret != LDAP_SUCCESS) { - /* Failed to modify the password, e.g. because insufficient access allowed */ + /* Failed to modify the password, e.g. because password policy, etc. */ errMesg = "Failed to update password\n"; rc = ret; goto free_and_return; @@ -742,7 +794,7 @@ LDAPDebug( LDAP_DEBUG_TRACE, "<= passwd_modify_extop: %d\n", rc, 0, 0 ); /* Free anything that we allocated above */ - free_and_return: +free_and_return: slapi_ch_free_string(&bindDN); /* slapi_pblock_get SLAPI_CONN_DN does strdup */ slapi_ch_free_string(&oldPasswd); slapi_ch_free_string(&newPasswd); @@ -756,6 +808,7 @@ slapi_ch_free_string(&otdn); slapi_pblock_set( pb, SLAPI_ORIGINAL_TARGET, NULL ); slapi_ch_free_string(&authmethod); + delete_passwdPolicy(&pwpolicy); if ( targetEntry != NULL ){ slapi_entry_free (targetEntry); From rmeggins at fedoraproject.org Thu Jan 15 20:28:33 2009 From: rmeggins at fedoraproject.org (Richard Allen Megginson) Date: Thu, 15 Jan 2009 20:28:33 +0000 (UTC) Subject: [Fedora-directory-commits] ldapserver/ldap/schema 05rfc2247.ldif, 1.4, 1.5 28pilot.ldif, 1.5, 1.6 Message-ID: <20090115202833.1A9A970142@cvs1.fedora.phx.redhat.com> Author: rmeggins Update of /cvs/dirsec/ldapserver/ldap/schema In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv9756 Modified Files: 05rfc2247.ldif 28pilot.ldif Log Message: Resolves: bug 179956 Description: aRecord not defined Index: 05rfc2247.ldif =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/schema/05rfc2247.ldif,v retrieving revision 1.4 retrieving revision 1.5 diff -u -r1.4 -r1.5 --- 05rfc2247.ldif 19 Apr 2005 22:07:27 -0000 1.4 +++ 05rfc2247.ldif 15 Jan 2009 20:28:30 -0000 1.5 @@ -43,9 +43,6 @@ # dn: cn=schema attributeTypes: ( 0.9.2342.19200300.100.1.25 NAME ( 'dc' 'domaincomponent' ) DESC 'Standard LDAP attribute type' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'RFC 2247' ) -attributeTypes: ( 0.9.2342.19200300.100.1.26 NAME 'dNSRecord' DESC 'Pilot attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'Internet directory pilot' ) attributeTypes: ( 0.9.2342.19200300.100.1.38 NAME 'associatedName' DESC 'Standard LDAP attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'RFC 1274' ) objectClasses: ( 1.3.6.1.4.1.1466.344 NAME 'dcObject' DESC 'Standard LDAP objectclass' SUP top AUXILIARY MUST dc X-ORIGIN 'RFC 2247' ) objectClasses: ( 0.9.2342.19200300.100.4.13 NAME 'domain' DESC 'Standard LDAP objectclass' SUP top STRUCTURAL MUST dc MAY ( associatedName $ businessCategory $ description $ destinationIndicator $ facsimileTelephoneNumber $ internationaliSDNNumber $ l $ o $ physicalDeliveryOfficeName $ postOfficeBox $ postalAddress $ postalCode $ preferredDeliveryMethod $ registeredAddress $ searchGuide $ seeAlso $ st $ street $ telephoneNumber $ teletexTerminalIdentifier $ telexNumber $ userPassword $ x121Address ) X-ORIGIN 'RFC 2247' ) -objectClasses: ( 0.9.2342.19200300.100.4.14 NAME 'RFC822localPart' DESC 'Pilot objectclass' SUP domain MAY ( cn $ sn ) X-ORIGIN 'Internet directory pilot' ) -objectClasses: ( 0.9.2342.19200300.100.4.15 NAME 'DNSDomain' DESC 'Pilot objectclass' SUP domain MAY dNSRecord X-ORIGIN 'Internet directory pilot' ) Index: 28pilot.ldif =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/schema/28pilot.ldif,v retrieving revision 1.5 retrieving revision 1.6 diff -u -r1.5 -r1.6 --- 28pilot.ldif 12 Jan 2009 23:49:44 -0000 1.5 +++ 28pilot.ldif 15 Jan 2009 20:28:30 -0000 1.6 @@ -82,12 +82,20 @@ attributeTypes: ( 0.9.2342.19200300.100.1.4 NAME 'info' DESC 'Standard LDAP attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'RFC 1274' ) attributeTypes: ( 0.9.2342.19200300.100.1.8 NAME 'userClass' DESC 'Standard LDAP attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'RFC 1274' ) attributeTypes: ( 0.9.2342.19200300.100.1.9 NAME 'host' DESC 'Standard LDAP attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'RFC 1274' ) +attributeTypes: ( 0.9.2342.19200300.100.1.26 NAME ( 'ARecord' 'DNSRecord' ) DESC 'Pilot attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'Internet directory pilot' ) +attributeTypes: ( 0.9.2342.19200300.100.1.27 NAME ( 'MDRecord' ) DESC 'Pilot attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'Internet directory pilot' ) +attributeTypes: ( 0.9.2342.19200300.100.1.28 NAME ( 'MXRecord' ) DESC 'Pilot attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'Internet directory pilot' ) +attributeTypes: ( 0.9.2342.19200300.100.1.29 NAME ( 'NSRecord' ) DESC 'Pilot attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'Internet directory pilot' ) +attributeTypes: ( 0.9.2342.19200300.100.1.30 NAME ( 'SOARecord' ) DESC 'Pilot attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'Internet directory pilot' ) +attributeTypes: ( 0.9.2342.19200300.100.1.31 NAME ( 'CNAMERecord' ) DESC 'Pilot attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'Internet directory pilot' ) objectClasses: ( 0.9.2342.19200300.100.4.3 NAME 'pilotObject' DESC 'Standard LDAP objectclass' SUP top MAY ( audio $ dITRedirect $ info $ jpegPhoto $ lastModifiedBy $ lastModifiedTime $ manager $ photo $ uniqueIdentifier ) X-ORIGIN 'RFC 1274' ) objectClasses: ( 0.9.2342.19200300.100.4.4 NAME 'newPilotPerson' DESC 'Pilot objectclass' SUP person MAY ( businessCategory $ drink $ homePhone $ homePostalAddress $ janetMailbox $ mail $ mailPreferenceOption $ mobile $ organizationalStatus $ otherMailbox $ pager $ personalSignature $ personalTitle $ preferredDeliveryMethod $ roomNumber $ secretary $ textEncodedORAddress $ uid $ userClass ) X-ORIGIN 'Internet White Pages Pilot' ) objectClasses: ( 0.9.2342.19200300.100.4.5 NAME 'account' DESC 'Standard LDAP objectclass' SUP top MUST ( uid ) MAY ( description $ host $ l $ o $ ou $ seeAlso ) X-ORIGIN 'RFC 1274' ) objectClasses: ( 0.9.2342.19200300.100.4.6 NAME 'document' DESC 'Standard LDAP objectclass' SUP pilotObject MUST ( documentIdentifier ) MAY ( abstract $ authorCN $ authorSN $ cn $ description $ documentAuthor $ documentLocation $ documentPublisher $ documentStore $ documentTitle $ documentVersion $ keywords $ l $ o $ obsoletedByDocument $ obsoletesDocument $ ou $ seeAlso $ subject $ updatedByDocument $ updatesDocument ) X-ORIGIN 'RFC 1274' ) objectClasses: ( 0.9.2342.19200300.100.4.7 NAME 'room' DESC 'Standard LDAP objectclass' SUP top MUST ( cn ) MAY ( description $ roomNumber $ seeAlso $ telephoneNumber ) X-ORIGIN 'RFC 1274' ) objectClasses: ( 0.9.2342.19200300.100.4.9 NAME 'documentSeries' DESC 'Standard LDAP objectclass' SUP top MUST ( cn ) MAY ( description $ l $ o $ ou $ seeAlso $ telephoneNumber ) X-ORIGIN 'RFC 1274' ) +objectClasses: ( 0.9.2342.19200300.100.4.14 NAME 'RFC822localPart' DESC 'Pilot objectclass' SUP domain MAY ( cn $ sn ) X-ORIGIN 'Internet directory pilot' ) +objectClasses: ( 0.9.2342.19200300.100.4.15 NAME 'DNSDomain' DESC 'Pilot objectclass' SUP domain MAY ( ARecord $ MDRecord $ MXRecord $ NSRecord $ SOARecord $ CNAMERecord ) X-ORIGIN 'Internet directory pilot' ) objectClasses: ( 0.9.2342.19200300.100.4.17 NAME 'domainRelatedObject' DESC 'Standard LDAP objectclass' SUP top AUXILIARY MUST ( associatedDomain ) X-ORIGIN 'RFC 1274' ) objectClasses: ( 0.9.2342.19200300.100.4.18 NAME 'friendlyCountry' DESC 'Standard LDAP objectclass' SUP country MUST ( co ) X-ORIGIN 'RFC 1274' ) objectClasses: ( 0.9.2342.19200300.100.4.19 NAME 'simpleSecurityObject' DESC 'Standard LDAP objectclass' SUP top AUXILIARY MUST ( userPassword ) X-ORIGIN 'RFC 1274' ) From nhosoi at fedoraproject.org Thu Jan 15 22:44:42 2009 From: nhosoi at fedoraproject.org (Noriko Hosoi) Date: Thu, 15 Jan 2009 22:44:42 +0000 (UTC) Subject: [Fedora-directory-commits] ldapserver/ldap/servers/slapd/back-ldbm ancestorid.c, 1.7, 1.8 Message-ID: <20090115224442.CB89F70142@cvs1.fedora.phx.redhat.com> Author: nhosoi Update of /cvs/dirsec/ldapserver/ldap/servers/slapd/back-ldbm In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv960 Modified Files: ancestorid.c Log Message: Resolves: #469800 Summary: Slow import post-processing with large number of non-leaf entries (comment #15) Change description: Fixed ldbm_ancestorid_new_idl_create_index so that the ancestor key has the value including all the descendent ids in the IDlist. The code checked in previously only stores the direct children and their children. Index: ancestorid.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/back-ldbm/ancestorid.c,v retrieving revision 1.7 retrieving revision 1.8 diff -u -r1.7 -r1.8 --- ancestorid.c 3 Dec 2008 19:14:18 -0000 1.7 +++ ancestorid.c 15 Jan 2009 22:44:40 -0000 1.8 @@ -455,35 +455,38 @@ /* Insert into ancestorid for this node */ ret = idl_store_block(be, db_aid, &key, children, txn, ai_aid); - if (ret != 0) { - idl_free(children); - break; - } - - /* Get parentid for this entry */ - ret = ldbm_parentid(be, txn, id, &parentid); if (ret != 0) { idl_free(children); break; } - /* A suffix entry does not have a parent */ - if (parentid == NOID) { - idl_free(children); - continue; + /* Get parentid(s) for this entry */ + while (1) { + ret = ldbm_parentid(be, txn, id, &parentid); + if (ret != 0) { + idl_free(children); + goto out; + } + + /* A suffix entry does not have a parent */ + if (parentid == NOID) { + idl_free(children); + break; + } + + /* Reset the key to the parent id */ + key.size = PR_snprintf(key.data, key.ulen, "%c%lu", + EQ_PREFIX, (u_long)parentid); + key.size++; + + /* Insert into ancestorid for this node's parent */ + ret = idl_store_block(be, db_aid, &key, children, txn, ai_aid); + if (ret != 0) { + idl_free(children); + goto out; + } + id = parentid; } - - /* Reset the key to the parent id */ - key.size = PR_snprintf(key.data, key.ulen, "%c%lu", - EQ_PREFIX, (u_long)parentid); - key.size++; - - /* Insert into ancestorid for this node's parent */ - ret = idl_store_block(be, db_aid, &key, children, txn, ai_aid); - idl_free(children); - if (ret != 0) { - break; - } } while (nids > 0); if (ret != 0) { From nkinder at fedoraproject.org Fri Jan 16 05:26:44 2009 From: nkinder at fedoraproject.org (Nathan Kinder) Date: Fri, 16 Jan 2009 05:26:44 +0000 (UTC) Subject: [Fedora-directory-commits] ldapserver/ldap/servers/slapd passwd_extop.c, 1.19, 1.20 pw.c, 1.19, 1.20 Message-ID: <20090116052644.BA2BC70141@cvs1.fedora.phx.redhat.com> Author: nkinder Update of /cvs/dirsec/ldapserver/ldap/servers/slapd In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv15940/ldap/servers/slapd Modified Files: passwd_extop.c pw.c Log Message: Resolves: 248924 Summary: Make password modify extended operation reset expired passwords. Index: passwd_extop.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/passwd_extop.c,v retrieving revision 1.19 retrieving revision 1.20 diff -u -r1.19 -r1.20 --- passwd_extop.c 15 Jan 2009 18:24:48 -0000 1.19 +++ passwd_extop.c 16 Jan 2009 05:26:42 -0000 1.20 @@ -143,8 +143,8 @@ /* Construct Mods pblock and perform the modify operation * Sets result of operation in SLAPI_PLUGIN_INTOP_RESULT */ -static int passwd_apply_mods(const char *dn, Slapi_Mods *mods, LDAPControl **req_controls, - LDAPControl ***resp_controls) +static int passwd_apply_mods(Slapi_PBlock *pb_orig, const char *dn, Slapi_Mods *mods, + LDAPControl **req_controls, LDAPControl ***resp_controls) { Slapi_PBlock pb; LDAPControl **req_controls_copy = NULL; @@ -168,7 +168,19 @@ pw_get_componentID(), /* PluginID */ 0); /* Flags */ + /* We copy the connection from the original pblock into the + * pblock we use for the internal modify operation. We do + * this to allow the password policy code to be able to tell + * that the password change was initiated by the user who + * sent the extended operation instead of always assuming + * that it was done by the root DN. */ + pb.pb_conn = pb_orig->pb_conn; + ret =slapi_modify_internal_pb (&pb); + + /* We now clean up the connection that we copied into the + * new pblock. We want to leave it untouched. */ + pb.pb_conn = NULL; slapi_pblock_get(&pb, SLAPI_PLUGIN_INTOP_RESULT, &ret); @@ -195,8 +207,8 @@ /* Modify the userPassword attribute field of the entry */ -static int passwd_modify_userpassword(Slapi_Entry *targetEntry, const char *newPasswd, - LDAPControl **req_controls, LDAPControl ***resp_controls) +static int passwd_modify_userpassword(Slapi_PBlock *pb_orig, Slapi_Entry *targetEntry, + const char *newPasswd, LDAPControl **req_controls, LDAPControl ***resp_controls) { char *dn = NULL; int ret = 0; @@ -209,7 +221,7 @@ slapi_mods_add_string(&smods, LDAP_MOD_REPLACE, SLAPI_USERPWD_ATTR, newPasswd); - ret = passwd_apply_mods(dn, &smods, req_controls, resp_controls); + ret = passwd_apply_mods(pb_orig, dn, &smods, req_controls, resp_controls); slapi_mods_done(&smods); @@ -770,7 +782,7 @@ slapi_pblock_get(pb, SLAPI_REQCONTROLS, &req_controls); /* Now we're ready to make actual password change */ - ret = passwd_modify_userpassword(targetEntry, newPasswd, req_controls, &resp_controls); + ret = passwd_modify_userpassword(pb, targetEntry, newPasswd, req_controls, &resp_controls); /* Set the response controls if necessary. We want to do this now * so it is set for both the success and failure cases. The pblock Index: pw.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/pw.c,v retrieving revision 1.19 retrieving revision 1.20 diff -u -r1.19 -r1.20 --- pw.c 24 Nov 2008 17:16:55 -0000 1.19 +++ pw.c 16 Jan 2009 05:26:42 -0000 1.20 @@ -160,6 +160,7 @@ /* Checks if the specified value is encoded. Returns 1 if it is and 0 otherwise */ +/* NGK - Use this for checking if the password is hashed */ int slapi_is_encoded (char *value) { struct pw_scheme *is_hashed = NULL; @@ -554,6 +555,11 @@ time_t cur_time; char *dn; passwdPolicy *pwpolicy = NULL; + int internal_op = 0; + Slapi_Operation *operation = NULL; + + slapi_pblock_get(pb, SLAPI_OPERATION, &operation); + internal_op = slapi_operation_is_flag_set(operation, SLAPI_OP_FLAG_INTERNAL); cur_time = current_time(); slapi_pblock_get( pb, SLAPI_TARGET_DN, &dn ); @@ -588,12 +594,13 @@ /* Clear the passwordgraceusertime from the user entry */ slapi_mods_add_string(&smods, LDAP_MOD_REPLACE, "passwordgraceusertime", "0"); - /* if the password is reset by root, mark it the first time logon */ - - if ( pb->pb_requestor_isroot == 1 && - pwpolicy->pw_must_change){ + /* If the password is reset by root, mark it the first time logon. If this is an internal + * operation, we have a special case for the password modify extended operation where + * we stuff the actual user who initiated the password change in pb_conn. We check + * for this special case to ensure we reset the expiration date properly. */ + if ((internal_op && pwpolicy->pw_must_change && (!pb->pb_conn || slapi_dn_isroot(pb->pb_conn->c_dn))) || + (!internal_op && pwpolicy->pw_must_change && (pb->pb_requestor_isroot == 1))) { pw_exp_date = NO_TIME; - } else if ( pwpolicy->pw_exp == 1 ) { Slapi_Entry *pse = NULL; @@ -757,6 +764,20 @@ int max_repeated = 0; int num_categories = 0; + /* NGK - Check if password is already hashed and reject if so. */ + /* NGK - Allow if root or if replication user */ + if (slapi_is_encoded(slapi_value_get_string(vals[i]))) { + PR_snprintf( errormsg, BUFSIZ, + "invalid password syntax - pre-hashed passwords are not allowed"); + if ( pwresponse_req == 1 ) { + slapi_pwpolicy_make_response_control ( pb, -1, -1, + LDAP_PWPOLICY_INVALIDPWDSYNTAX ); + } + pw_send_ldap_result ( pb, LDAP_CONSTRAINT_VIOLATION, NULL, errormsg, 0, NULL ); + delete_passwdPolicy(&pwpolicy); + return( 1 ); + } + /* check for the minimum password length */ if ( pwpolicy->pw_minlength > ldap_utf8characters((char *)slapi_value_get_string( vals[i] )) ) From nkinder at fedoraproject.org Fri Jan 16 17:54:41 2009 From: nkinder at fedoraproject.org (Nathan Kinder) Date: Fri, 16 Jan 2009 17:54:41 +0000 (UTC) Subject: [Fedora-directory-commits] ldapserver/ldap/servers/slapd pw.c, 1.20, 1.21 Message-ID: <20090116175441.8D98570141@cvs1.fedora.phx.redhat.com> Author: nkinder Update of /cvs/dirsec/ldapserver/ldap/servers/slapd In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv10264/ldap/servers/slapd Modified Files: pw.c Log Message: Resolves: 204626 Summary: Reject pre-hashed password from unprivileged users when password syntax checking is enabled. Don't check password syntax for pre-hashed password from privileged users. Index: pw.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/pw.c,v retrieving revision 1.20 retrieving revision 1.21 diff -u -r1.20 -r1.21 --- pw.c 16 Jan 2009 05:26:42 -0000 1.20 +++ pw.c 16 Jan 2009 17:54:38 -0000 1.21 @@ -740,17 +740,24 @@ check_pw_syntax_ext ( Slapi_PBlock *pb, const Slapi_DN *sdn, Slapi_Value **vals, char **old_pw, Slapi_Entry *e, int mod_op, Slapi_Mods *smods) { - Slapi_Attr* attr; - int i, pwresponse_req = 0; - char *dn= (char*)slapi_sdn_get_ndn(sdn); /* jcm - Had to cast away const */ - char *pwd = NULL; - char *p = NULL; - char errormsg[ BUFSIZ ]; - passwdPolicy *pwpolicy = NULL; + Slapi_Attr *attr; + int i, pwresponse_req = 0; + int is_replication = 0; + int internal_op = 0; + char *dn= (char*)slapi_sdn_get_ndn(sdn); /* jcm - Had to cast away const */ + char *pwd = NULL; + char *p = NULL; + char errormsg[ BUFSIZ ]; + passwdPolicy *pwpolicy = NULL; + Slapi_Operation *operation = NULL; pwpolicy = new_passwdPolicy(pb, dn); slapi_pblock_get ( pb, SLAPI_PWPOLICY, &pwresponse_req ); + slapi_pblock_get(pb, SLAPI_IS_REPLICATED_OPERATION, &is_replication); + slapi_pblock_get(pb, SLAPI_OPERATION, &operation); + internal_op = slapi_operation_is_flag_set(operation, SLAPI_OP_FLAG_INTERNAL); + if ( pwpolicy->pw_syntax == 1 ) { for ( i = 0; vals[ i ] != NULL; ++i ) { int syntax_violation = 0; @@ -764,18 +771,29 @@ int max_repeated = 0; int num_categories = 0; - /* NGK - Check if password is already hashed and reject if so. */ - /* NGK - Allow if root or if replication user */ - if (slapi_is_encoded(slapi_value_get_string(vals[i]))) { - PR_snprintf( errormsg, BUFSIZ, - "invalid password syntax - pre-hashed passwords are not allowed"); - if ( pwresponse_req == 1 ) { - slapi_pwpolicy_make_response_control ( pb, -1, -1, - LDAP_PWPOLICY_INVALIDPWDSYNTAX ); + /* Check if password is already hashed and reject if so. We + * We need to allow the root DN and replicated ops to send + * pre-hashed passwords. We also check for a connection object + * when processing an internal operation to handle a special + * case for the password modify extended operation. */ + if (slapi_is_encoded((char *)slapi_value_get_string(vals[i]))) { + if ((!is_replication && ((internal_op && pb->pb_conn && !slapi_dn_isroot(pb->pb_conn->c_dn)) || + (!internal_op && !pb->pb_requestor_isroot)))) { + PR_snprintf( errormsg, BUFSIZ, + "invalid password syntax - pre-hashed passwords are not allowed"); + if ( pwresponse_req == 1 ) { + slapi_pwpolicy_make_response_control ( pb, -1, -1, + LDAP_PWPOLICY_INVALIDPWDSYNTAX ); + } + pw_send_ldap_result ( pb, LDAP_CONSTRAINT_VIOLATION, NULL, errormsg, 0, NULL ); + delete_passwdPolicy(&pwpolicy); + return( 1 ); + } else { + /* We want to skip syntax checking since this is a pre-hashed + * password from replication or the root DN. */ + delete_passwdPolicy(&pwpolicy); + return( 0 ); } - pw_send_ldap_result ( pb, LDAP_CONSTRAINT_VIOLATION, NULL, errormsg, 0, NULL ); - delete_passwdPolicy(&pwpolicy); - return( 1 ); } /* check for the minimum password length */ From rmeggins at fedoraproject.org Fri Jan 16 19:38:27 2009 From: rmeggins at fedoraproject.org (Richard Allen Megginson) Date: Fri, 16 Jan 2009 19:38:27 +0000 (UTC) Subject: [Fedora-directory-commits] console/src/com/netscape/management/client/security/csr CertRequestInfoPage.java, 1.1.1.1, 1.2 Message-ID: <20090116193827.54BEB70142@cvs1.fedora.phx.redhat.com> Author: rmeggins Update of /cvs/dirsec/console/src/com/netscape/management/client/security/csr In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv25025/console/src/com/netscape/management/client/security/csr Modified Files: CertRequestInfoPage.java Log Message: Resolves: bug 480251 Bug Description: rhds80 console - ssl - csr wizard really wants a country/region string Reviewed by: nkinder (Thanks!) Fix Description: Have to make sure the string is long enough before taking the substring Platforms tested: RHEL5 Flag Day: no Doc impact: no Index: CertRequestInfoPage.java =================================================================== RCS file: /cvs/dirsec/console/src/com/netscape/management/client/security/csr/CertRequestInfoPage.java,v retrieving revision 1.1.1.1 retrieving revision 1.2 diff -u -r1.1.1.1 -r1.2 --- CertRequestInfoPage.java 18 Jul 2005 00:34:18 -0000 1.1.1.1 +++ CertRequestInfoPage.java 16 Jan 2009 19:38:25 -0000 1.2 @@ -186,8 +186,20 @@ _sessionData.put("organization", o.getText()); _sessionData.put("org_unit", ou.getText()); _sessionData.put("locality", l.getText()); - _sessionData.put("country" , (c.getSelectedItem() != null)?((String)(c.getSelectedItem())).substring(0, 2):""); - _sessionData.put("state" , (st.getSelectedItem()!=null)?((String)(st.getSelectedItem())).substring(0,2):""); + String c_str = (String)c.getSelectedItem(); + if ((c_str != null) && (c_str.length() >= 2)) { + c_str = c_str.substring(0, 2); + } else { + c_str = ""; + } + _sessionData.put("country" , c_str); + String st_str = (String)st.getSelectedItem(); + if ((st_str != null) && (st_str.length() >= 2)) { + st_str = st_str.substring(0, 2); + } else { + st_str = ""; + } + _sessionData.put("state" , st_str); setDN(); From nkinder at fedoraproject.org Mon Jan 19 19:43:50 2009 From: nkinder at fedoraproject.org (Nathan Kinder) Date: Mon, 19 Jan 2009 19:43:50 +0000 (UTC) Subject: [Fedora-directory-commits] ldapserver/ldap/servers/slapd attrsyntax.c, 1.8, 1.9 Message-ID: <20090119194350.47D2770141@cvs1.fedora.phx.redhat.com> Author: nkinder Update of /cvs/dirsec/ldapserver/ldap/servers/slapd In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv30232/ldap/servers/slapd Modified Files: attrsyntax.c Log Message: Resolves: 474945 Summary: Fixed assertion when improperly deleting syntaxinfo. Index: attrsyntax.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/attrsyntax.c,v retrieving revision 1.8 retrieving revision 1.9 diff -u -r1.8 -r1.9 --- attrsyntax.c 15 Oct 2008 06:30:03 -0000 1.8 +++ attrsyntax.c 19 Jan 2009 19:43:47 -0000 1.9 @@ -567,7 +567,6 @@ rc = LDAP_TYPE_OR_VALUE_EXISTS; goto cleanup_and_return; } - attr_syntax_delete(oldas_from_name); } else if ( NULL != oldas_from_oid ) { /* failure - OID is in use but name does not exist */ rc = LDAP_TYPE_OR_VALUE_EXISTS; From nkinder at fedoraproject.org Mon Jan 19 21:27:27 2009 From: nkinder at fedoraproject.org (Nathan Kinder) Date: Mon, 19 Jan 2009 21:27:27 +0000 (UTC) Subject: [Fedora-directory-commits] ldapserver/ldap/servers/slapd schema.c, 1.18, 1.19 Message-ID: <20090119212727.053B370142@cvs1.fedora.phx.redhat.com> Author: nkinder Update of /cvs/dirsec/ldapserver/ldap/servers/slapd In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv11731/ldap/servers/slapd Modified Files: schema.c Log Message: Resolves: 480384 Summary: Allow attribute aliases to be used as SUP attribute in attributetype definitions. Index: schema.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/schema.c,v retrieving revision 1.18 retrieving revision 1.19 diff -u -r1.18 -r1.19 --- schema.c 4 Dec 2008 22:33:29 -0000 1.18 +++ schema.c 19 Jan 2009 21:27:24 -0000 1.19 @@ -3111,7 +3111,16 @@ if(asi->asi_name != NULL) { if (strcasecmp (asi->asi_name, aew->sup ) == 0) { aew->rc=0; - } + } else if (asi->asi_aliases) { + int i = 0; + + /* Loop through aliases to see if any match */ + for (i=0; asi->asi_aliases[i] != NULL; i++) { + if (strcasecmp (asi->asi_aliases[i], aew->sup ) == 0) { + aew->rc=0; + } + } + } } } } From nkinder at fedoraproject.org Wed Jan 21 00:00:35 2009 From: nkinder at fedoraproject.org (Nathan Kinder) Date: Wed, 21 Jan 2009 00:00:35 +0000 (UTC) Subject: [Fedora-directory-commits] ldapserver/ldap/servers/slapd attr.c, 1.10, 1.11 attrlist.c, 1.7, 1.8 attrsyntax.c, 1.9, 1.10 entry.c, 1.20, 1.21 proto-slap.h, 1.44, 1.45 pw.c, 1.21, 1.22 schema.c, 1.19, 1.20 slapi-private.h, 1.33, 1.34 Message-ID: <20090121000035.4F2A170142@cvs1.fedora.phx.redhat.com> Author: nkinder Update of /cvs/dirsec/ldapserver/ldap/servers/slapd In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv25646/ldap/servers/slapd Modified Files: attr.c attrlist.c attrsyntax.c entry.c proto-slap.h pw.c schema.c slapi-private.h Log Message: Resolves: 474945 Summary: Consistently deal with attr syntax info struct ref count when fetcvhing and returning them to the global hashtables. Index: attr.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/attr.c,v retrieving revision 1.10 retrieving revision 1.11 diff -u -r1.10 -r1.11 --- attr.c 13 Jan 2009 18:28:34 -0000 1.10 +++ attr.c 21 Jan 2009 00:00:32 -0000 1.11 @@ -226,11 +226,11 @@ Slapi_Attr * slapi_attr_init(Slapi_Attr *a, const char *type) { - return slapi_attr_init_locking_optional(a, type, PR_TRUE, PR_TRUE); + return slapi_attr_init_locking_optional(a, type, PR_TRUE); } Slapi_Attr * -slapi_attr_init_locking_optional(Slapi_Attr *a, const char *type, PRBool use_lock, PRBool ref_count) +slapi_attr_init_locking_optional(Slapi_Attr *a, const char *type, PRBool use_lock) { PR_ASSERT(a!=NULL); @@ -249,7 +249,7 @@ { basetype = tmp; /* basetype was malloc'd */ } - asi = attr_syntax_get_by_name_locking_optional(basetype, use_lock, ref_count); + asi = attr_syntax_get_by_name_locking_optional(basetype, use_lock); } if(NULL == asi) { @@ -260,7 +260,7 @@ * attribute type that has that syntax. */ asi = attr_syntax_get_by_name_locking_optional( - ATTR_WITH_DIRSTRING_SYNTAX, use_lock, ref_count); + ATTR_WITH_DIRSTRING_SYNTAX, use_lock); } else { Index: attrlist.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/attrlist.c,v retrieving revision 1.7 retrieving revision 1.8 diff -u -r1.7 -r1.8 --- attrlist.c 10 Nov 2006 23:45:40 -0000 1.7 +++ attrlist.c 21 Jan 2009 00:00:32 -0000 1.8 @@ -63,11 +63,11 @@ int attrlist_find_or_create(Slapi_Attr **alist, const char *type, Slapi_Attr ***a) { - return attrlist_find_or_create_locking_optional(alist, type, a, PR_TRUE, PR_TRUE); + return attrlist_find_or_create_locking_optional(alist, type, a, PR_TRUE); } int -attrlist_find_or_create_locking_optional(Slapi_Attr **alist, const char *type, Slapi_Attr ***a, PRBool use_lock, PRBool ref_count) +attrlist_find_or_create_locking_optional(Slapi_Attr **alist, const char *type, Slapi_Attr ***a, PRBool use_lock) { int rc= 0; /* found */ if ( *a==NULL ) @@ -82,7 +82,7 @@ if( **a==NULL ) { **a = slapi_attr_new(); - slapi_attr_init_locking_optional(**a, type, use_lock, ref_count); + slapi_attr_init_locking_optional(**a, type, use_lock); rc= 1; /* created */ } return rc; Index: attrsyntax.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/attrsyntax.c,v retrieving revision 1.9 retrieving revision 1.10 diff -u -r1.9 -r1.10 --- attrsyntax.c 19 Jan 2009 19:43:47 -0000 1.9 +++ attrsyntax.c 21 Jan 2009 00:00:32 -0000 1.10 @@ -78,7 +78,7 @@ static void attr_syntax_delete_no_lock( struct asyntaxinfo *asip, PRBool remove_from_oid_table ); static struct asyntaxinfo *attr_syntax_get_by_oid_locking_optional( const - char *oid, PRBool use_lock, PRBool ref_count); + char *oid, PRBool use_lock); #ifdef ATTR_LDAP_DEBUG static void attr_syntax_print(); @@ -236,12 +236,20 @@ struct asyntaxinfo * attr_syntax_get_by_oid(const char *oid) { - return attr_syntax_get_by_oid_locking_optional( oid, PR_TRUE, PR_TRUE); + return attr_syntax_get_by_oid_locking_optional( oid, PR_TRUE); } +/* + * A version of attr_syntax_get_by_oid() that allows you to bypass using + * a lock to access the global oid hash table. + * + * Note: once the caller is finished using it, the structure must be + * returned by calling attr_syntax_return_locking_optional() with the + * same use_lock parameter. + */ static struct asyntaxinfo * -attr_syntax_get_by_oid_locking_optional( const char *oid, PRBool use_lock, PRBool ref_count ) +attr_syntax_get_by_oid_locking_optional( const char *oid, PRBool use_lock ) { struct asyntaxinfo *asi = 0; if (oid2asi) @@ -250,7 +258,7 @@ asi = (struct asyntaxinfo *)PL_HashTableLookup_const(oid2asi, oid); if (asi) { - if(ref_count) PR_AtomicIncrement( &asi->asi_refcnt ); + PR_AtomicIncrement( &asi->asi_refcnt ); } if ( use_lock ) AS_UNLOCK_READ(oid2asi_lock); } @@ -290,12 +298,20 @@ struct asyntaxinfo * attr_syntax_get_by_name(const char *name) { - return attr_syntax_get_by_name_locking_optional(name, PR_TRUE, PR_TRUE); + return attr_syntax_get_by_name_locking_optional(name, PR_TRUE); } +/* + * A version of attr_syntax_get_by_name() that allows you to bypass using + * a lock around the global name hashtable. + * + * Note: once the caller is finished using it, the structure must be + * returned by calling attr_syntax_return_locking_optional() with the + * same use_lock parameter. + */ struct asyntaxinfo * -attr_syntax_get_by_name_locking_optional(const char *name, PRBool use_lock, PRBool ref_count) +attr_syntax_get_by_name_locking_optional(const char *name, PRBool use_lock) { struct asyntaxinfo *asi = 0; if (name2asi) @@ -303,12 +319,12 @@ if ( use_lock ) AS_LOCK_READ(name2asi_lock); asi = (struct asyntaxinfo *)PL_HashTableLookup_const(name2asi, name); if ( NULL != asi ) { - if(ref_count) PR_AtomicIncrement( &asi->asi_refcnt ); + PR_AtomicIncrement( &asi->asi_refcnt ); } if ( use_lock ) AS_UNLOCK_READ(name2asi_lock); } if (!asi) /* given name may be an OID */ - asi = attr_syntax_get_by_oid_locking_optional(name, use_lock, ref_count); + asi = attr_syntax_get_by_oid_locking_optional(name, use_lock); return asi; } @@ -343,6 +359,8 @@ AS_LOCK_WRITE(name2asi_lock); /* get a write lock */ if ( asi->asi_marked_for_delete ) /* one final check */ { + /* ref count is 0 and it's flagged for + * deletion, so it's safe to free now */ attr_syntax_free(asi); } AS_UNLOCK_WRITE(name2asi_lock); @@ -427,6 +445,10 @@ if ( asi->asi_refcnt > 0 ) { asi->asi_marked_for_delete = PR_TRUE; } else { + /* This is ok, but the correct thing is to call delete first, + * then to call return. The last return will then take care of + * the free. The only way this free would happen here is if + * you return the syntax before calling delete. */ attr_syntax_free(asi); } } @@ -450,7 +472,7 @@ char *r; - if((asi=attr_syntax_get_by_name_locking_optional(s, PR_TRUE, PR_FALSE)) != NULL ) { + if((asi=attr_syntax_get_by_name(s)) != NULL ) { r = slapi_ch_strdup(asi->asi_name); attr_syntax_return( asi ); } @@ -480,7 +502,7 @@ return 0; } -/* check syntax without incrementing refcount -- handles locking itself */ +/* check syntax */ static void * attr_syntax_get_plugin_by_name_with_default( const char *type ) @@ -491,14 +513,13 @@ /* * first we look for this attribute type explictly */ - if ( (asi = attr_syntax_get_by_name_locking_optional(type, PR_TRUE, PR_FALSE)) == NULL ) { + if ( (asi = attr_syntax_get_by_name(type)) == NULL ) { /* * no syntax for this type... return DirectoryString * syntax. we accomplish this by looking up a well known * attribute type that has that syntax. */ - asi = attr_syntax_get_by_name_locking_optional( - ATTR_WITH_DIRSTRING_SYNTAX, PR_TRUE, PR_FALSE); + asi = attr_syntax_get_by_name(ATTR_WITH_DIRSTRING_SYNTAX); } if ( NULL != asi ) { plugin = asi->asi_plugin; @@ -548,7 +569,7 @@ /* make sure the oid is unique */ if ( NULL != ( oldas_from_oid = attr_syntax_get_by_oid_locking_optional( - asip->asi_oid, !nolock, PR_TRUE))) { + asip->asi_oid, !nolock))) { if ( 0 == (asip->asi_flags & SLAPI_ATTR_FLAG_OVERRIDE)) { /* failure - OID is in use; no override flag */ rc = LDAP_TYPE_OR_VALUE_EXISTS; @@ -560,13 +581,15 @@ * the primary name and OID point to the same schema definition. */ if ( NULL != ( oldas_from_name = attr_syntax_get_by_name_locking_optional( - asip->asi_name, !nolock, PR_TRUE))) { + asip->asi_name, !nolock))) { if ( 0 == (asip->asi_flags & SLAPI_ATTR_FLAG_OVERRIDE) || ( oldas_from_oid != oldas_from_name )) { /* failure; no override flag OR OID and name don't match */ rc = LDAP_TYPE_OR_VALUE_EXISTS; goto cleanup_and_return; } + /* Flag for deletion. We are going to override this attr */ + attr_syntax_delete(oldas_from_name); } else if ( NULL != oldas_from_oid ) { /* failure - OID is in use but name does not exist */ rc = LDAP_TYPE_OR_VALUE_EXISTS; @@ -580,15 +603,17 @@ if ( NULL != ( tmpasi = attr_syntax_get_by_name_locking_optional( - asip->asi_aliases[i], !nolock,PR_TRUE))) { + asip->asi_aliases[i], !nolock))) { if (asip->asi_flags & SLAPI_ATTR_FLAG_OVERRIDE) { + /* Flag for tmpasi for deletion. It will be free'd + * when attr_syntax_return is called. */ attr_syntax_delete(tmpasi); } else { /* failure - one of the aliases is already in use */ rc = LDAP_TYPE_OR_VALUE_EXISTS; } - attr_syntax_return( tmpasi ); + attr_syntax_return_locking_optional( tmpasi, !nolock ); if ( LDAP_SUCCESS != rc ) { goto cleanup_and_return; } @@ -605,8 +630,8 @@ attr_syntax_add_by_name( asip, !nolock); cleanup_and_return: - attr_syntax_return( oldas_from_oid ); - attr_syntax_return( oldas_from_name ); + attr_syntax_return_locking_optional( oldas_from_oid, !nolock ); + attr_syntax_return_locking_optional( oldas_from_name, !nolock ); return rc; } Index: entry.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/entry.c,v retrieving revision 1.20 retrieving revision 1.21 diff -u -r1.20 -r1.21 --- entry.c 5 Dec 2008 22:41:52 -0000 1.20 +++ entry.c 21 Jan 2009 00:00:32 -0000 1.21 @@ -304,7 +304,7 @@ switch(attr_state) { case ATTRIBUTE_PRESENT: - if(attrlist_find_or_create_locking_optional(&e->e_attrs, type, &a, PR_FALSE, PR_TRUE)==0 /* Found */) + if(attrlist_find_or_create_locking_optional(&e->e_attrs, type, &a, PR_FALSE)==0 /* Found */) { LDAPDebug (LDAP_DEBUG_ANY, "str2entry_fast: Error. Non-contiguous attribute values for %s\n", type, 0, 0); PR_ASSERT(0); @@ -312,7 +312,7 @@ } break; case ATTRIBUTE_DELETED: - if(attrlist_find_or_create_locking_optional(&e->e_deleted_attrs, type, &a, PR_FALSE, PR_TRUE)==0 /* Found */) + if(attrlist_find_or_create_locking_optional(&e->e_deleted_attrs, type, &a, PR_FALSE)==0 /* Found */) { LDAPDebug (LDAP_DEBUG_ANY, "str2entry_fast: Error. Non-contiguous deleted attribute values for %s\n", type, 0, 0); PR_ASSERT(0); @@ -940,7 +940,7 @@ { int maxvals = 0; Slapi_Attr **a= NULL; - attrlist_find_or_create_locking_optional(alist, sa->sa_type, &a, PR_FALSE, PR_TRUE); + attrlist_find_or_create_locking_optional(alist, sa->sa_type, &a, PR_FALSE); valuearray_add_valuearray_fast( /* JCM should be calling a valueset function */ &(*a)->a_present_values.va, /* JCM .va is private */ sa->sa_present_values.va, Index: proto-slap.h =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/proto-slap.h,v retrieving revision 1.44 retrieving revision 1.45 diff -u -r1.44 -r1.45 --- proto-slap.h 2 Dec 2008 15:29:30 -0000 1.44 +++ proto-slap.h 21 Jan 2009 00:00:32 -0000 1.45 @@ -76,7 +76,7 @@ void attrlist_free(Slapi_Attr *alist); int attrlist_find_or_create(Slapi_Attr **alist, const char *type, Slapi_Attr ***a); -int attrlist_find_or_create_locking_optional(Slapi_Attr **alist, const char *type, Slapi_Attr ***a, PRBool use_lock, PRBool ref_count); +int attrlist_find_or_create_locking_optional(Slapi_Attr **alist, const char *type, Slapi_Attr ***a, PRBool use_lock); void attrlist_merge( Slapi_Attr **alist, const char *type, struct berval **vals ); void attrlist_merge_valuearray( Slapi_Attr **alist, const char *type, Slapi_Value **vals ); int attrlist_delete( Slapi_Attr **attrs, const char *type ); @@ -110,7 +110,7 @@ void attr_syntax_delete_all_not_flagged( unsigned long flag ); struct asyntaxinfo *attr_syntax_get_by_oid ( const char *oid ); struct asyntaxinfo *attr_syntax_get_by_name ( const char *name ); -struct asyntaxinfo *attr_syntax_get_by_name_locking_optional ( const char *name, PRBool use_lock, PRBool ref_count ); +struct asyntaxinfo *attr_syntax_get_by_name_locking_optional ( const char *name, PRBool use_lock ); /* * Call attr_syntax_return() when you are done using a value returned * by attr_syntax_get_by_oid() or attr_syntax_get_by_name(). Index: pw.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/pw.c,v retrieving revision 1.21 retrieving revision 1.22 diff -u -r1.21 -r1.22 --- pw.c 16 Jan 2009 17:54:38 -0000 1.21 +++ pw.c 21 Jan 2009 00:00:32 -0000 1.22 @@ -160,7 +160,6 @@ /* Checks if the specified value is encoded. Returns 1 if it is and 0 otherwise */ -/* NGK - Use this for checking if the password is hashed */ int slapi_is_encoded (char *value) { struct pw_scheme *is_hashed = NULL; Index: schema.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/schema.c,v retrieving revision 1.19 retrieving revision 1.20 diff -u -r1.19 -r1.20 --- schema.c 19 Jan 2009 21:27:24 -0000 1.19 +++ schema.c 21 Jan 2009 00:00:32 -0000 1.20 @@ -2443,6 +2443,7 @@ LDAPDebug( LDAP_DEBUG_TRACE, "schema_replace_attributes:" " replacing type %s (OID %s)\n", newasip->asi_name, newasip->asi_oid, 0 ); + /* flag for deletion */ attr_syntax_delete( oldasip ); } @@ -3149,7 +3150,8 @@ /* * if asipp is NULL, the attribute type is added to the global set of schema. - * if asipp is not NULL, the AT is not added but *asipp is set. + * if asipp is not NULL, the AT is not added but *asipp is set. When you are + * finished with *asipp, use attr_syntax_free() to dispose of it. * * schema_flags: Any or none of the following bits could be set * DSE_SCHEMA_NO_CHECK -- schema won't be checked Index: slapi-private.h =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/slapi-private.h,v retrieving revision 1.33 retrieving revision 1.34 diff -u -r1.33 -r1.34 --- slapi-private.h 9 Jan 2009 23:10:17 -0000 1.33 +++ slapi-private.h 21 Jan 2009 00:00:32 -0000 1.34 @@ -344,7 +344,7 @@ int entry_add_dncsn_ext(Slapi_Entry *entry, const CSN *csn, PRUint32 flags); /* attr.c */ -Slapi_Attr *slapi_attr_init_locking_optional(Slapi_Attr *a, const char *type, PRBool use_lock, PRBool ref_count); +Slapi_Attr *slapi_attr_init_locking_optional(Slapi_Attr *a, const char *type, PRBool use_lock); int attr_set_csn( Slapi_Attr *a, const CSN *csn); int attr_set_deletion_csn( Slapi_Attr *a, const CSN *csn); const CSN *attr_get_deletion_csn(const Slapi_Attr *a); From rmeggins at fedoraproject.org Wed Jan 21 21:27:06 2009 From: rmeggins at fedoraproject.org (Richard Allen Megginson) Date: Wed, 21 Jan 2009 21:27:06 +0000 (UTC) Subject: [Fedora-directory-commits] adminserver/admserv/cfgstuff admserv.conf.in, 1.11, 1.12 Message-ID: <20090121212706.8090A70141@cvs1.fedora.phx.redhat.com> Author: rmeggins Update of /cvs/dirsec/adminserver/admserv/cfgstuff In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv21429/adminserver/admserv/cfgstuff Modified Files: admserv.conf.in Log Message: Resolves: bug 480869 Bug Description: DS console: Can not delete DS instance Reviewed by: nhosoi (Thanks!) Fix Description: The problem is that ds_remove does not get the admin bind dn and password, and attempts to make an anonymous bind. This fails with err=53 because DS 8.1 will not allow anonymous bind by default. The solution is to allow the admin server to pass the dn and password to the ds_remove process. Platforms tested: RHEL5 Flag Day: no Doc impact: no Index: admserv.conf.in =================================================================== RCS file: /cvs/dirsec/adminserver/admserv/cfgstuff/admserv.conf.in,v retrieving revision 1.11 retrieving revision 1.12 diff -u -r1.11 -r1.12 --- admserv.conf.in 9 Jun 2008 15:42:46 -0000 1.11 +++ admserv.conf.in 21 Jan 2009 21:27:04 -0000 1.12 @@ -124,8 +124,7 @@ AuthType basic AuthName "Admin Server" Require valid-user -## turn off the password pipe when using mod_restartd - AdminSDK off + AdminSDK on ADMCgiBinDir @cgibindir@ Options +ExecCGI RetainPerms on From rmeggins at fedoraproject.org Wed Jan 21 21:30:55 2009 From: rmeggins at fedoraproject.org (Richard Allen Megginson) Date: Wed, 21 Jan 2009 21:30:55 +0000 (UTC) Subject: [Fedora-directory-commits] fedora-idm-console fedora-idm-console, 1.2, 1.3 Message-ID: <20090121213055.A02DE70141@cvs1.fedora.phx.redhat.com> Author: rmeggins Update of /cvs/dirsec/fedora-idm-console In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv22627 Modified Files: fedora-idm-console Log Message: Resolves: bug 480631 Description: Error in shell script "fedora-idm-console" causes problems with arguments containing spaces Fix Description: use "$@" for Console arguments Index: fedora-idm-console =================================================================== RCS file: /cvs/dirsec/fedora-idm-console/fedora-idm-console,v retrieving revision 1.2 retrieving revision 1.3 diff -u -r1.2 -r1.3 --- fedora-idm-console 17 Oct 2007 22:19:44 -0000 1.2 +++ fedora-idm-console 21 Jan 2009 21:30:53 -0000 1.3 @@ -31,4 +31,4 @@ # # Launch the Console # -java -cp @jssjar@:@ldapjdkjar@:$CLASSDEST/@basejar@:$CLASSDEST/@mccjar@:$CLASSDEST/@mcclangjar@:$CLASSDEST/@nmclfjar@:$CLASSDEST/@nmclflangjar@:$CLASSDEST/@themejar@ -Djava.library.path=@libdir@ -Djava.util.prefs.systemRoot="$HOME/. at prefsdir@" -Djava.util.prefs.userRoot="$HOME/. at prefsdir@" com.netscape.management.client.console.Console $* +java -cp @jssjar@:@ldapjdkjar@:$CLASSDEST/@basejar@:$CLASSDEST/@mccjar@:$CLASSDEST/@mcclangjar@:$CLASSDEST/@nmclfjar@:$CLASSDEST/@nmclflangjar@:$CLASSDEST/@themejar@ -Djava.library.path=@libdir@ -Djava.util.prefs.systemRoot="$HOME/. at prefsdir@" -Djava.util.prefs.userRoot="$HOME/. at prefsdir@" com.netscape.management.client.console.Console "$@" From rmeggins at fedoraproject.org Thu Jan 22 22:03:03 2009 From: rmeggins at fedoraproject.org (Richard Allen Megginson) Date: Thu, 22 Jan 2009 22:03:03 +0000 (UTC) Subject: [Fedora-directory-commits] adminserver/admserv/cfgstuff admserv.conf.in, 1.12, 1.13 Message-ID: <20090122220304.1412870142@cvs1.fedora.phx.redhat.com> Author: rmeggins Update of /cvs/dirsec/adminserver/admserv/cfgstuff In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv11725 Modified Files: admserv.conf.in Log Message: Resolves: bug 480869 Bug Description: DS console: Can not delete DS instance Reviewed by: nkinder (Thanks!) Fix Description: Enabling the password pipe breaks the other tasks - so the real solution is to enable the password pipe only for the remove task, and leave it disabled for the other tasks. Platforms tested: RHEL5 Flag Day: no Doc impact: no Index: admserv.conf.in =================================================================== RCS file: /cvs/dirsec/adminserver/admserv/cfgstuff/admserv.conf.in,v retrieving revision 1.12 retrieving revision 1.13 diff -u -r1.12 -r1.13 --- admserv.conf.in 21 Jan 2009 21:27:04 -0000 1.12 +++ admserv.conf.in 22 Jan 2009 22:03:01 -0000 1.13 @@ -119,7 +119,22 @@ # Handle Stop, Start, Restart, Instance Creation - invoke mod_restartd # need to add instance creation because you may want to create an instance # of DS on a low port, and instance creation starts the instance as well - + + AuthUserFile @configdir@/admpw + AuthType basic + AuthName "Admin Server" + Require valid-user +## turn off the password pipe when using mod_restartd + AdminSDK off + ADMCgiBinDir @cgibindir@ + Options +ExecCGI + RetainPerms on + Order allow,deny + Allow from all + + +# special case for the remove task - it needs to use the password pipe + AuthUserFile @configdir@/admpw AuthType basic AuthName "Admin Server" From nhosoi at fedoraproject.org Fri Jan 23 20:44:17 2009 From: nhosoi at fedoraproject.org (Noriko Hosoi) Date: Fri, 23 Jan 2009 20:44:17 +0000 (UTC) Subject: [Fedora-directory-commits] ldapserver/ldap/servers/plugins/acl acllas.c, 1.15, 1.16 Message-ID: <20090123204417.D071870141@cvs1.fedora.phx.redhat.com> Author: nhosoi Update of /cvs/dirsec/ldapserver/ldap/servers/plugins/acl In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv29803 Modified Files: acllas.c Log Message: Resolves: #208076 Summary: userattr="parent[1].#LDAPURL" does not work Description: It turned out userattr="parent[1].#LDAPURL" was not implemented. The functionality has been implemented with this change. Index: acllas.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/plugins/acl/acllas.c,v retrieving revision 1.15 retrieving revision 1.16 diff -u -r1.15 -r1.16 --- acllas.c 5 Dec 2008 22:41:50 -0000 1.15 +++ acllas.c 23 Jan 2009 20:44:14 -0000 1.16 @@ -248,6 +248,7 @@ char *n_clientdn, struct acl_pblock *aclpb); static int acllas__verify_client (Slapi_Entry* e, void *callback_data); +static int acllas__verify_ldapurl (Slapi_Entry* e, void *callback_data); static char* acllas__dn_parent( char *dn, int level); static int acllas__get_members (Slapi_Entry* e, void *callback_data); static int acllas__client_match_URL (struct acl_pblock *aclpb, @@ -1129,6 +1130,7 @@ char *attr; int result; char *clientdn; + Acl_PBlock *aclpb }; #define ACLLAS_MAX_LEVELS 10 int @@ -1360,6 +1362,237 @@ return rc; } + +/*************************************************************************** +* +* DS_LASLdapUrlAttrEval +* +* +* Input: +* attr_name The string "ldapurl" - in lower case. +* comparator CMP_OP_EQ or CMP_OP_NE only +* attr_pattern A comma-separated list of users +* cachable Always set to FALSE. +* subject Subject property list +* resource Resource property list +* auth_info Authentication info, if any +* las_info LAS info to pass the resource entry +* +* Returns: +* retcode The usual LAS return codes. +* +* Error Handling: +* None. +* +**************************************************************************/ +int +DS_LASLdapUrlAttrEval(NSErr_t *errp, char *attr_name, CmpOp_t comparator, + char *attr_pattern, int *cachable, void **LAS_cookie, + PList_t subject, PList_t resource, PList_t auth_info, + PList_t global_auth, lasInfo lasinfo) +{ + + char *n_currEntryDn = NULL; + char *s_attrName = NULL, *attrName = NULL; + char *ptr; + int matched; + int rc, len, i; + int levels[ACLLAS_MAX_LEVELS]; + int numOflevels =0; + struct userdnattr_info info; + char *attrs[2] = { LDAP_ALL_USER_ATTRS, NULL }; + int got_undefined = 0; + + /* + ** The ldapurlAttr syntax is + ** userdnattr = or + ** userdnattr = parent[0,2,4].attribute" + ** Ex: + ** userdnattr = manager; or + ** userdnattr = "parent[0,2,4].manager"; + ** + ** Here 0 means current level, 2 means grandfather and + ** 4 (great great grandfather) + ** + ** The function of this LAS is to compare the value of the + ** attribute in the Slapi_Entry with the "ldapurl". + ** + ** Ex: ldapurl: ldap:///dc=example,dc=com??sub?(l=Mountain View) + ** and in the Slapi_Entry of the bind user has + ** l = Mountain View. Compare the bind user's 'l' and the value to + ** determine the result. + ** + */ + s_attrName = attrName = slapi_ch_strdup(attr_pattern); + + /* ignore leading/trailing whitespace */ + while (ldap_utf8isspace(attrName)) LDAP_UTF8INC(attrName); + len = strlen(attrName); + ptr = attrName+len-1; + while (ptr >= attrName && ldap_utf8isspace(ptr)) { + *ptr = '\0'; + LDAP_UTF8DEC(ptr); + } + + /* See if we have a parent[2].attr" rule */ + if ( (ptr = strstr(attrName, "parent[")) != NULL) { + char *word, *str, *next; + + numOflevels = 0; + n_currEntryDn = slapi_entry_get_ndn ( lasinfo.resourceEntry ); + str = attrName; + + word = ldap_utf8strtok_r(str, "[],. ",&next); + /* The first word is "parent[" and so it's not important */ + + while ((word= ldap_utf8strtok_r(NULL, "[],.", &next)) != NULL) { + if (ldap_utf8isdigit(word)) { + while (word && ldap_utf8isspace(word)) LDAP_UTF8INC(word); + if (numOflevels < ACLLAS_MAX_LEVELS) + levels[numOflevels++] = atoi (word); + else { + /* + * Here, ignore the extra levels..it's really + * a syntax error which should have been ruled out at parse time + */ + slapi_log_error( SLAPI_LOG_FATAL, plugin_name, + "DS_LASLdapUrlattr: Exceeded the ATTR LIMIT:%d: Ignoring extra levels\n", + ACLLAS_MAX_LEVELS); + } + } else { + /* Must be the attr name. We can goof of by + ** having parent[1,2,a] but then you have to be + ** stupid to do that. + */ + char *p = word; + if (*--p == '.') { + attrName = word; + break; + } + } + } + info.attr = attrName; + info.clientdn = lasinfo.clientDn; + info.aclpb = lasinfo.aclpb; + info.result = 0; + } else { + levels[0] = 0; + numOflevels = 1; + + } + + /* No attribute name specified--it's a syntax error and so undefined */ + if (attrName == NULL ) { + slapi_ch_free ( (void**) &s_attrName); + return LAS_EVAL_FAIL; + } + + slapi_log_error( SLAPI_LOG_ACL, plugin_name,"Attr:%s\n" , attrName); + matched = ACL_FALSE; + for (i = 0; i < numOflevels; i++) { + if ( levels[i] == 0 ) { /* parent[0] or the target itself */ + Slapi_Value *sval = NULL; + const struct berval *attrVal; + Slapi_Attr *attrs; + int i; + + /* Get the attr from the resouce entry */ + if ( 0 == slapi_entry_attr_find (lasinfo.resourceEntry, + attrName, &attrs) ) { + i = slapi_attr_first_value ( attrs, &sval ); + if ( i == -1 ) { + /* Attr val not there + * so it's value cannot equal other one */ + matched = ACL_FALSE; + continue; /* try next level */ + } + } else { + /* Not there so it cannot equal another one */ + matched = ACL_FALSE; + continue; /* try next level */ + } + + while ( matched != ACL_TRUE && (sval != NULL)) { + attrVal = slapi_value_get_berval ( sval ); + matched = acllas__client_match_URL ( lasinfo.aclpb, + lasinfo.clientDn, + attrVal->bv_val); + if ( matched != ACL_TRUE ) + i = slapi_attr_next_value ( attrs, i, &sval ); + if ( matched == ACL_DONT_KNOW ) { + got_undefined = 1; + } + } + } else { + char *p_dn; /* parent dn */ + Slapi_PBlock *aPb = NULL; + + p_dn = acllas__dn_parent (n_currEntryDn, levels[i]); + if (p_dn == NULL) continue; + + /* use new search internal API */ + aPb = slapi_pblock_new (); + + /* + * This search may be chained if chaining for ACL is + * is enabled in the backend and the entry is in + * a chained backend. + */ + slapi_search_internal_set_pb ( aPb, + p_dn, + LDAP_SCOPE_BASE, + "objectclass=*", + &attrs[0], + 0, + NULL /* controls */, + NULL /* uniqueid */, + aclplugin_get_identity (ACL_PLUGIN_IDENTITY), + 0 /* actions */); + + slapi_search_internal_callback_pb(aPb, + &info /* callback_data */, + NULL/* result_callback */, + acllas__verify_ldapurl, + NULL /* referral_callback */); + slapi_pblock_destroy(aPb); + + /* + * Currently info.result is boolean so + * we do not need to check for ACL_DONT_KNOW + */ + if (info.result) { + matched = ACL_TRUE; + slapi_log_error( SLAPI_LOG_ACL, plugin_name, + "userdnAttr matches at level (%d)\n", levels[i]); + } + } + if (matched == ACL_TRUE) { + break; + } + } + slapi_ch_free ( (void **) &s_attrName); + + /* + * If no terms were undefined, then evaluate as normal. + * If there was an undefined term, but another one was TRUE, + * then we also evaluate as normal. + * Otherwise, the whole expression is UNDEFINED. + */ + if ( matched == ACL_TRUE || !got_undefined ) { + if (comparator == CMP_OP_EQ) { + rc = (matched == ACL_TRUE ? LAS_EVAL_TRUE : LAS_EVAL_FALSE); + } else { + rc = (matched == ACL_TRUE ? LAS_EVAL_FALSE : LAS_EVAL_TRUE); + } + } else { + rc = LAS_EVAL_FAIL; + slapi_log_error( SLAPI_LOG_ACL, plugin_name, + "Returning UNDEFINED for userdnattr evaluation.\n"); + } + + return rc; +} + /*************************************************************************** * * DS_LASAuthMethodEval @@ -2764,9 +2997,8 @@ i = slapi_attr_first_value ( attr,&sval ); while ( i != -1 ) { - attrVal = slapi_value_get_berval ( sval ); - val = slapi_dn_normalize ( - slapi_ch_strdup(attrVal->bv_val)); + attrVal = slapi_value_get_berval ( sval ); + val = slapi_dn_normalize(slapi_ch_strdup(attrVal->bv_val)); if (slapi_utf8casecmp((ACLUCHP)val, (ACLUCHP)info->clientdn ) == 0) { info->result = 1; @@ -2778,6 +3010,56 @@ } return 0; } + +/* + * acllas__verify_ldapurl + * + * returns 1 if the attribute exists in the entry and + * it's value is equal to the client Dn. + * If the attribute is not in the entry, or it is and the + * value differs from the clientDn then returns FALSE. + * + * Verify if client's entry includes the attribute value that + * matches the filter in LDAPURL + * This is a handler from a search being done at DS_LASLdapUrlAttrEval(). + * + */ +static int +acllas__verify_ldapurl(Slapi_Entry* e, void *callback_data) +{ + + Slapi_Attr *attr; + struct userdnattr_info *info; + Slapi_Value *sval; + const struct berval *attrVal; + int rc; + + info = (struct userdnattr_info *) callback_data; + info->result = ACL_FALSE; + + rc = slapi_entry_attr_find( e, info->attr, &attr); + if (rc != 0 || attr == NULL) { + return 0; + } + + rc = slapi_attr_first_value ( attr, &sval ); + if ( rc == -1 ) { + return 0; + } + + while (rc != -1 && sval != NULL) { + attrVal = slapi_value_get_berval ( sval ); + info->result = acllas__client_match_URL ( info->aclpb, + info->clientdn, + attrVal->bv_val); + if ( info->result == ACL_TRUE ) { + return 0; + } + rc = slapi_attr_next_value ( attr, rc, &sval ); + } + return 0; +} + /* * * acllas__get_members @@ -2847,7 +3129,6 @@ int rc; int matched = ACL_FALSE; char *p; - int URLAttrRule = 0; lasInfo lasinfo; int got_undefined = 0; @@ -2882,7 +3163,10 @@ subject, resource, auth_info, global_auth); goto done_las; } else if ( 0 == strncasecmp ( attrValue, "LDAPURL", 7) ) { - URLAttrRule = 1; + matched = DS_LASLdapUrlAttrEval(errp, DS_LAS_USERATTR, comparator, + attrName, cachable, LAS_cookie, + subject, resource, auth_info, global_auth, lasinfo); + goto done_las; } else if ( 0 == strncasecmp ( attrValue, "ROLEDN", 6)) { matched = DS_LASRoleDnAttrEval (errp,DS_LAS_ROLEDN, comparator, attrName, cachable, LAS_cookie, @@ -2894,7 +3178,6 @@ /* SD 00/16/03 pass NULL in case the req is chained */ char **attrs=NULL; - /* Use new search internal API */ Slapi_PBlock *aPb = slapi_pblock_new (); /* @@ -2924,54 +3207,23 @@ slapi_log_error ( SLAPI_LOG_ACL, plugin_name, "DS_LASUserAttrEval: AttrName:%s, attrVal:%s\n", attrName, attrValue ); - if ( URLAttrRule ) { - Slapi_Value *sval=NULL; - const struct berval *attrVal; - Slapi_Attr *attrs; - int i; - - /* Get the attr from the resouce entry */ - if ( 0 == slapi_entry_attr_find (lasinfo.resourceEntry, attrName, &attrs) ) { - i= slapi_attr_first_value ( attrs, &sval ); - if ( i==-1 ) { - matched = ACL_FALSE; /* Attr val not there so it's value cannot equal other one */ - goto done_acl; - } - } else { - matched = ACL_FALSE; /* Not there so it cannot equal another one */ - goto done_acl; - } - - while( matched != ACL_TRUE && (sval != NULL)) { - attrVal = slapi_value_get_berval ( sval ); - matched = acllas__client_match_URL ( lasinfo.aclpb, - lasinfo.clientDn, - attrVal->bv_val); - if ( matched != ACL_TRUE ) - i = slapi_attr_next_value ( attrs, i, &sval ); - if ( matched == ACL_DONT_KNOW ) { - got_undefined = 1; - } - }/* while */ - } else { - /* - * Here it's the userAttr = "OU#Directory Server" case. - * Allocate the Slapi_Value on the stack and init it by reference - * to avoid having to malloc and free memory. - */ - Slapi_Value v; - - slapi_value_init_string_passin(&v, attrValue); - rc = slapi_entry_attr_has_syntax_value ( lasinfo.resourceEntry, attrName, - &v ); - if (rc) { - rc = slapi_entry_attr_has_syntax_value ( - lasinfo.aclpb->aclpb_client_entry, - attrName, &v ); - if (rc) matched = ACL_TRUE; - } - /* Nothing to free--cool */ + /* + * Here it's the userAttr = "OU#Directory Server" case. + * Allocate the Slapi_Value on the stack and init it by reference + * to avoid having to malloc and free memory. + */ + Slapi_Value v; + + slapi_value_init_string_passin(&v, attrValue); + rc = slapi_entry_attr_has_syntax_value ( lasinfo.resourceEntry, attrName, + &v ); + if (rc) { + rc = slapi_entry_attr_has_syntax_value ( + lasinfo.aclpb->aclpb_client_entry, + attrName, &v ); + if (rc) matched = ACL_TRUE; } + /* Nothing to free--cool */ /* * Find out what the result is, in @@ -2979,7 +3231,6 @@ * and got_undefined says whether a logical term evaluated to ACL_DONT_KNOW. * */ -done_acl: if ( matched == ACL_TRUE || !got_undefined) { if (comparator == CMP_OP_EQ) { rc = (matched == ACL_TRUE ? LAS_EVAL_TRUE : LAS_EVAL_FALSE); From rmeggins at fedoraproject.org Fri Jan 23 20:45:08 2009 From: rmeggins at fedoraproject.org (Richard Allen Megginson) Date: Fri, 23 Jan 2009 20:45:08 +0000 (UTC) Subject: [Fedora-directory-commits] console/src/com/netscape/management/client/security CertInstallCertNamePage.java, 1.1.1.1, 1.2 Message-ID: <20090123204508.8050370141@cvs1.fedora.phx.redhat.com> Author: rmeggins Update of /cvs/dirsec/console/src/com/netscape/management/client/security In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv30150/console/src/com/netscape/management/client/security Modified Files: CertInstallCertNamePage.java Log Message: Resolves: bug 481176 Bug Description: Null Point Exception Attempting to Install CA Certifcate Reviewed by: nhosoi (Thanks!) Fix Description: The problem is that the certificate is not recognized by NSS as a CA certificate because it is missing some flags and the basic constraint extension for CAs. The wizard code wrongly assumed that any certificate being installed in this context is a CA cert. I changed the code to handle other types of certs. However, this doesn't fix the problem where the CA cert shows up under Server Certs instead of CA Certs, because only "real" CA certs with the proper settings will show up under the CA Certs list. Platforms tested: RHEL5 Flag Day: no Doc impact: no Index: CertInstallCertNamePage.java =================================================================== RCS file: /cvs/dirsec/console/src/com/netscape/management/client/security/CertInstallCertNamePage.java,v retrieving revision 1.1.1.1 retrieving revision 1.2 diff -u -r1.1.1.1 -r1.2 --- CertInstallCertNamePage.java 18 Jul 2005 00:34:15 -0000 1.1.1.1 +++ CertInstallCertNamePage.java 23 Jan 2009 20:45:06 -0000 1.2 @@ -41,8 +41,15 @@ if (dataModel.getValue("certtype").equals(Integer.toString(CertInstallWizard.CA))) { CertificateList certList = (CertificateList)(dataModel.getValue("certlist")); Vector cert = (Vector)(certList.getCACerts()); - certName.setText(KeyCertUtility.getCertName((Hashtable)(cert.elementAt(0)), _tokenName, _consoleInfo, _sie)); - + if ((cert == null) || cert.isEmpty()) { + cert = (Vector)(certList.getServerCerts()); + } + if ((cert == null) || cert.isEmpty()) { + cert = (Vector)(certList.getCerts()); + } + if ((cert != null) && !cert.isEmpty()) { + certName.setText(KeyCertUtility.getCertName((Hashtable)(cert.elementAt(0)), _tokenName, _consoleInfo, _sie)); + } certName.setEnabled(false); certType.setText(resource.getString("CertInstallCertNamePage", "caCert")); } else { From jmagne at fedoraproject.org Sat Jan 24 00:08:04 2009 From: jmagne at fedoraproject.org (Jack Magne) Date: Sat, 24 Jan 2009 00:08:04 +0000 (UTC) Subject: [Fedora-directory-commits] coolkey/src/libckyapplet cky_card.c, 1.1, 1.2 Message-ID: <20090124000804.7BF9070141@cvs1.fedora.phx.redhat.com> Author: jmagne Update of /cvs/dirsec/coolkey/src/libckyapplet In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv27302 Modified Files: cky_card.c Log Message: Fix to allow protocol T1 cards to work. Bug# 479880. Index: cky_card.c =================================================================== RCS file: /cvs/dirsec/coolkey/src/libckyapplet/cky_card.c,v retrieving revision 1.1 retrieving revision 1.2 diff -u -r1.1 -r1.2 --- cky_card.c 9 Jun 2006 18:44:17 -0000 1.1 +++ cky_card.c 24 Jan 2009 00:08:01 -0000 1.2 @@ -129,6 +129,7 @@ SCardGetStatusChangeFn SCardGetStatusChange; SCardCancelFn SCardCancel; SCARD_IO_REQUEST *SCARD_PCI_T0_; + SCARD_IO_REQUEST *SCARD_PCI_T1_; } SCard; #define GET_ADDRESS(library, scard, name) \ @@ -195,6 +196,12 @@ if( status != CKYSUCCESS ) { goto fail; } + + status = ckyShLibrary_getAddress( library, + (void**) &scard->SCARD_PCI_T1_, MAKE_DLL_SYMBOL(g_rgSCardT1Pci)); + if( status != CKYSUCCESS ) { + goto fail; + } return scard; fail: @@ -884,6 +891,7 @@ SCARDHANDLE cardHandle; unsigned long lastError; CKYBool inTransaction; + unsigned long protocol; }; static void @@ -894,6 +902,7 @@ conn->cardHandle = 0; conn->lastError = 0; conn->inTransaction = 0; + conn->protocol = SCARD_PROTOCOL_T0; } CKYCardConnection * @@ -934,14 +943,13 @@ { CKYStatus ret; unsigned long rv; - unsigned long protocol; ret = CKYCardConnection_Disconnect(conn); if (ret != CKYSUCCESS) { return ret; } rv = conn->scard->SCardConnect( conn->ctx->context, readerName, - SCARD_SHARE_SHARED, SCARD_PROTOCOL_T0, &conn->cardHandle, &protocol); + SCARD_SHARE_SHARED, SCARD_PROTOCOL_T0 | SCARD_PROTOCOL_T1, &conn->cardHandle, &conn->protocol); if (rv != SCARD_S_SUCCESS) { conn->lastError = rv; return CKYSCARDERR; @@ -978,7 +986,7 @@ unsigned long protocol; rv = conn->scard->SCardReconnect(conn->cardHandle, - SCARD_SHARE_SHARED, SCARD_PROTOCOL_T0, init, &protocol); + SCARD_SHARE_SHARED, SCARD_PROTOCOL_T0 | SCARD_PROTOCOL_T1 , init, &protocol); if (rv != SCARD_S_SUCCESS) { conn->lastError = rv; return CKYSCARDERR; @@ -1039,10 +1047,17 @@ return ret; } - rv = conn->scard->SCardTransmit(conn->cardHandle, - conn->scard->SCARD_PCI_T0_, - CKYBuffer_Data(&apdu->apduBuf), CKYBuffer_Size(&apdu->apduBuf), - NULL, response->data, &response->len); + if( conn->protocol == SCARD_PROTOCOL_T0 ) { + rv = conn->scard->SCardTransmit(conn->cardHandle, + conn->scard->SCARD_PCI_T0_, + CKYBuffer_Data(&apdu->apduBuf), CKYBuffer_Size(&apdu->apduBuf), + NULL, response->data, &response->len); + } else { + rv = conn->scard->SCardTransmit(conn->cardHandle, + conn->scard->SCARD_PCI_T1_, + CKYBuffer_Data(&apdu->apduBuf), CKYBuffer_Size(&apdu->apduBuf), + NULL, response->data, &response->len); + } if (rv != SCARD_S_SUCCESS) { conn->lastError =rv; From jmagne at fedoraproject.org Sat Jan 24 00:54:22 2009 From: jmagne at fedoraproject.org (Jack Magne) Date: Sat, 24 Jan 2009 00:54:22 +0000 (UTC) Subject: [Fedora-directory-commits] coolkey/applet/src/com/redhat/ckey/applet CardEdge.java, 1.4, 1.4.2.1 Message-ID: <20090124005422.8EB9D70141@cvs1.fedora.phx.redhat.com> Author: jmagne Update of /cvs/dirsec/coolkey/applet/src/com/redhat/ckey/applet In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv1416 Modified Files: Tag: COOLKEY_330J_BRANCH CardEdge.java Log Message: Fix to allow tokens with small amounts of volatile memory to run. Bug#480111. Index: CardEdge.java =================================================================== RCS file: /cvs/dirsec/coolkey/applet/src/com/redhat/ckey/applet/CardEdge.java,v retrieving revision 1.4 retrieving revision 1.4.2.1 diff -u -r1.4 -r1.4.2.1 --- CardEdge.java 12 Nov 2007 19:24:51 -0000 1.4 +++ CardEdge.java 24 Jan 2009 00:54:20 -0000 1.4.2.1 @@ -122,9 +122,9 @@ private static final byte VERSION_PROTOCOL_MAJOR = 1; private static final byte VERSION_PROTOCOL_MINOR = 1; private static final byte VERSION_APPLET_MAJOR = 1; - private static final byte VERSION_APPLET_MINOR = 3; - private static final short BUILDID_MAJOR = (short) 0x4734; - private static final short BUILDID_MINOR = (short) 0xb002; + private static final byte VERSION_APPLET_MINOR = 4; + private static final short BUILDID_MAJOR = (short) 0x4979; + private static final short BUILDID_MINOR = (short) 0x178d; private static final short ZEROS = 0; // * Enable pin size check @@ -484,6 +484,7 @@ private byte[] keyTries; // persistent private byte[] issuerInfo; // persistent + /** * Instance variable array declarations - TRANSIENT * Allocated by JCSystem.makeTransientXxxxxArray calls below. @@ -524,6 +525,7 @@ signatures = new Signature [MAX_NUM_KEYS]; default_nonce = new byte [NONCE_SIZE]; issuerInfo = new byte [ISSUER_INFO_SIZE]; + iobuf = new byte [IOBUF_ALLOC]; for (byte i = 0; i < MAX_NUM_KEYS; i++) { keyTries[i] = MAX_KEY_TRIES; @@ -2792,8 +2794,8 @@ private void initTransient() { - iobuf = JCSystem.makeTransientByteArray(IOBUF_ALLOC, - JCSystem.CLEAR_ON_DESELECT); + //iobuf = JCSystem.makeTransientByteArray(IOBUF_ALLOC, + // JCSystem.CLEAR_ON_DESELECT); ciph_dirs = JCSystem.makeTransientByteArray(MAX_NUM_KEYS, JCSystem.CLEAR_ON_DESELECT); // From rmeggins at fedoraproject.org Mon Jan 26 17:35:17 2009 From: rmeggins at fedoraproject.org (Richard Allen Megginson) Date: Mon, 26 Jan 2009 17:35:17 +0000 (UTC) Subject: [Fedora-directory-commits] ldapserver/ldap/servers/plugins/replication windows_protocol_util.c, 1.49, 1.50 Message-ID: <20090126173517.7BE157010C@cvs1.fedora.phx.redhat.com> Author: rmeggins Update of /cvs/dirsec/ldapserver/ldap/servers/plugins/replication In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv9715/ldapserver/ldap/servers/plugins/replication Modified Files: windows_protocol_util.c Log Message: Resolves: bug 481223 Bug Description: Removing Group Member in ADS and Send and Receive Updates Crashes the Directory Server Reviewed by: nkinder (Thanks!) Fix Description: I broke this with my earlier fix about sending mods to AD. There are calls which reset the raw entry from AD before the call to mod_already_made. The fix is to only retrieve the raw entry just before we use it, after it may have been reset. I also found a memory leak in the mod init with valueset function I added for the prior fix. Platforms tested: RHEL5 Flag Day: no Doc impact: no Index: windows_protocol_util.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/plugins/replication/windows_protocol_util.c,v retrieving revision 1.49 retrieving revision 1.50 diff -u -r1.49 -r1.50 --- windows_protocol_util.c 13 Jan 2009 18:28:34 -0000 1.49 +++ windows_protocol_util.c 26 Jan 2009 17:35:14 -0000 1.50 @@ -62,7 +62,7 @@ static Slapi_Entry* windows_entry_already_exists(Slapi_Entry *e); static void extract_guid_from_entry_bv(Slapi_Entry *e, const struct berval **bv); #endif -static void windows_map_mods_for_replay(Private_Repl_Protocol *prp,LDAPMod **original_mods, LDAPMod ***returned_mods, int is_user, char** password, const Slapi_Entry *ad_entry); +static void windows_map_mods_for_replay(Private_Repl_Protocol *prp,LDAPMod **original_mods, LDAPMod ***returned_mods, int is_user, char** password); static int is_subject_of_agreement_local(const Slapi_Entry *local_entry,const Repl_Agmt *ra); static int windows_create_remote_entry(Private_Repl_Protocol *prp,Slapi_Entry *original_entry, Slapi_DN *remote_sdn, Slapi_Entry **remote_entry, char** password); static int windows_get_local_entry(const Slapi_DN* local_dn,Slapi_Entry **local_entry); @@ -1290,8 +1290,7 @@ } - windows_map_mods_for_replay(prp,op->p.p_modify.modify_mods, &mapped_mods, is_user, &password, - windows_private_get_raw_entry(prp->agmt)); + windows_map_mods_for_replay(prp,op->p.p_modify.modify_mods, &mapped_mods, is_user, &password); if (is_user) { winsync_plugin_call_pre_ad_mod_user_mods_cb(prp->agmt, windows_private_get_raw_entry(prp->agmt), @@ -1803,11 +1802,12 @@ error message to that effect. */ static int -mod_already_made(Private_Repl_Protocol *prp, Slapi_Mod *smod, const Slapi_Entry *ad_entry) +mod_already_made(Private_Repl_Protocol *prp, Slapi_Mod *smod) { int retval = 0; int op = 0; const char *type = NULL; + const Slapi_Entry *ad_entry = windows_private_get_raw_entry(prp->agmt); if (!slapi_mod_isvalid(smod)) { /* bogus */ slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name, @@ -2062,7 +2062,7 @@ static void -windows_map_mods_for_replay(Private_Repl_Protocol *prp,LDAPMod **original_mods, LDAPMod ***returned_mods, int is_user, char** password, const Slapi_Entry *ad_entry) +windows_map_mods_for_replay(Private_Repl_Protocol *prp,LDAPMod **original_mods, LDAPMod ***returned_mods, int is_user, char** password) { Slapi_Mods smods = {0}; Slapi_Mods mapped_smods = {0}; @@ -2216,7 +2216,7 @@ } } /* Otherwise we do not copy this mod at all */ - if (mysmod && !mod_already_made(prp, mysmod, ad_entry)) { /* make sure this mod is still valid to send */ + if (mysmod && !mod_already_made(prp, mysmod)) { /* make sure this mod is still valid to send */ slapi_mods_add_ldapmod(&mapped_smods, slapi_mod_get_ldapmod_passout(mysmod)); } if (mysmod) { From rmeggins at fedoraproject.org Mon Jan 26 17:35:17 2009 From: rmeggins at fedoraproject.org (Richard Allen Megginson) Date: Mon, 26 Jan 2009 17:35:17 +0000 (UTC) Subject: [Fedora-directory-commits] ldapserver/ldap/servers/slapd modutil.c, 1.8, 1.9 Message-ID: <20090126173517.742CB70143@cvs1.fedora.phx.redhat.com> Author: rmeggins Update of /cvs/dirsec/ldapserver/ldap/servers/slapd In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv9715/ldapserver/ldap/servers/slapd Modified Files: modutil.c Log Message: Resolves: bug 481223 Bug Description: Removing Group Member in ADS and Send and Receive Updates Crashes the Directory Server Reviewed by: nkinder (Thanks!) Fix Description: I broke this with my earlier fix about sending mods to AD. There are calls which reset the raw entry from AD before the call to mod_already_made. The fix is to only retrieve the raw entry just before we use it, after it may have been reset. I also found a memory leak in the mod init with valueset function I added for the prior fix. Platforms tested: RHEL5 Flag Day: no Doc impact: no Index: modutil.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/modutil.c,v retrieving revision 1.8 retrieving revision 1.9 diff -u -r1.8 -r1.9 --- modutil.c 9 Jan 2009 21:30:56 -0000 1.8 +++ modutil.c 26 Jan 2009 17:35:15 -0000 1.9 @@ -603,6 +603,8 @@ slapi_mod_set_type (smod, type); if (svs!=NULL) { Slapi_Value **svary = valueset_get_valuearray(svs); + ber_bvecfree(smod->mod->mod_bvalues); + smod->mod->mod_bvalues = NULL; valuearray_get_bervalarray(svary, &smod->mod->mod_bvalues); smod->num_values = slapi_valueset_count(svs); smod->num_elements = smod->num_values + 1; From rmeggins at fedoraproject.org Mon Jan 26 22:27:16 2009 From: rmeggins at fedoraproject.org (Richard Allen Megginson) Date: Mon, 26 Jan 2009 22:27:16 +0000 (UTC) Subject: [Fedora-directory-commits] mod_restartd mod_restartd-2.2.c,1.2,1.3 Message-ID: <20090126222716.72F3670141@cvs1.fedora.phx.redhat.com> Author: rmeggins Update of /cvs/dirsec/mod_restartd In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv28940 Modified Files: mod_restartd-2.2.c Log Message: Resolves: bug 480869 Description: DS console: Can not delete DS instance Fix Description: needed to add remove to the mod_restartd uri pattern. Index: mod_restartd-2.2.c =================================================================== RCS file: /cvs/dirsec/mod_restartd/mod_restartd-2.2.c,v retrieving revision 1.2 retrieving revision 1.3 diff -u -r1.2 -r1.3 --- mod_restartd-2.2.c 12 Jan 2009 16:47:33 -0000 1.2 +++ mod_restartd-2.2.c 26 Jan 2009 22:27:13 -0000 1.3 @@ -921,7 +921,7 @@ } } - ap_regcomp(&uriPat, "/.*/tasks/operation/(start|restart|stop|startconfigds|create)$", + ap_regcomp(&uriPat, "/.*/tasks/operation/(start|restart|stop|startconfigds|create|remove)$", AP_REG_ICASE); return ret; From rmeggins at fedoraproject.org Tue Jan 27 22:37:20 2009 From: rmeggins at fedoraproject.org (Richard Allen Megginson) Date: Tue, 27 Jan 2009 22:37:20 +0000 (UTC) Subject: [Fedora-directory-commits] ldapserver/ldap/servers/plugins/chainingdb cb_instance.c, 1.13, 1.14 Message-ID: <20090127223720.89FED70142@cvs1.fedora.phx.redhat.com> Author: rmeggins Update of /cvs/dirsec/ldapserver/ldap/servers/plugins/chainingdb In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv19724/ldapserver/ldap/servers/plugins/chainingdb Modified Files: cb_instance.c Log Message: Resolves: bug 479253 Bug Description: Configuring Server to Server GSSAPI over SSL - Need better Error Message Reviewed by: nkinder (Thanks!) Fix Description: If the user attempts to set the bind mech to GSSAPI, and a secure transport is being used, the server will return LDAP_UNWILLING_TO_PERFORM and provide a useful error message. Same if GSSAPI is being used and the user attempts to use a secure transport. Platforms tested: RHEL5 Flag Day: no Doc impact: no Index: cb_instance.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/plugins/chainingdb/cb_instance.c,v retrieving revision 1.13 retrieving revision 1.14 diff -u -r1.13 -r1.14 --- cb_instance.c 2 Dec 2008 15:29:30 -0000 1.13 +++ cb_instance.c 27 Jan 2009 22:37:17 -0000 1.14 @@ -722,7 +722,18 @@ return(LDAP_INVALID_SYNTAX); } - if (apply) { + if (ludp && (ludp->lud_options & LDAP_URL_OPT_SECURE) && inst && inst->rwl_config_lock) { + int isgss = 0; + PR_RWLock_Rlock(inst->rwl_config_lock); + isgss = inst->pool->mech && !PL_strcasecmp(inst->pool->mech, "GSSAPI"); + PR_RWLock_Unlock(inst->rwl_config_lock); + if (isgss) { + PR_snprintf (errorbuf, SLAPI_DSE_RETURNTEXT_SIZE, "Cannot use LDAPS if using GSSAPI - please change the %s to use something other than GSSAPI before changing connection to use LDAPS", CB_CONFIG_BINDMECH); + rc = LDAP_UNWILLING_TO_PERFORM; + } + } + + if ((LDAP_SUCCESS == rc) && apply) { PR_RWLock_Wlock(inst->rwl_config_lock); @@ -1346,7 +1357,18 @@ cb_backend_instance * inst=(cb_backend_instance *) arg; int rc = LDAP_SUCCESS; - if (apply) { + if (value && inst && inst->rwl_config_lock) { + int isgss = 0; + PR_RWLock_Rlock(inst->rwl_config_lock); + isgss = inst->pool->mech && !PL_strcasecmp(inst->pool->mech, "GSSAPI"); + PR_RWLock_Unlock(inst->rwl_config_lock); + if (isgss) { + PR_snprintf (errorbuf, SLAPI_DSE_RETURNTEXT_SIZE, "Cannot use startTLS if using GSSAPI - please change the %s to use something other than GSSAPI before changing connection to use startTLS", CB_CONFIG_BINDMECH); + rc = LDAP_UNWILLING_TO_PERFORM; + } + } + + if ((LDAP_SUCCESS == rc) && apply) { PR_RWLock_Wlock(inst->rwl_config_lock); inst->pool->starttls=(int) ((uintptr_t)value); PR_RWLock_Unlock(inst->rwl_config_lock); @@ -1374,7 +1396,18 @@ cb_backend_instance * inst=(cb_backend_instance *) arg; int rc=LDAP_SUCCESS; - if (apply) { + if (value && !PL_strcasecmp((char *) value, "GSSAPI") && inst && inst->rwl_config_lock) { + int secure = 0; + PR_RWLock_Rlock(inst->rwl_config_lock); + secure = inst->pool->secure || inst->pool->starttls; + PR_RWLock_Unlock(inst->rwl_config_lock); + if (secure) { + PR_snprintf (errorbuf, SLAPI_DSE_RETURNTEXT_SIZE, "Cannot use SASL/GSSAPI if using SSL or TLS - please change the connection to use no security before changing %s to use GSSAPI", CB_CONFIG_BINDMECH); + rc = LDAP_UNWILLING_TO_PERFORM; + } + } + + if ((LDAP_SUCCESS == rc) && apply) { PR_RWLock_Wlock(inst->rwl_config_lock); if (( phase != CB_CONFIG_PHASE_INITIALIZATION ) && ( phase != CB_CONFIG_PHASE_STARTUP )) { From rmeggins at fedoraproject.org Tue Jan 27 22:37:20 2009 From: rmeggins at fedoraproject.org (Richard Allen Megginson) Date: Tue, 27 Jan 2009 22:37:20 +0000 (UTC) Subject: [Fedora-directory-commits] ldapserver/ldap/servers/plugins/replication repl5_agmtlist.c, 1.11, 1.12 Message-ID: <20090127223720.9C4687010B@cvs1.fedora.phx.redhat.com> Author: rmeggins Update of /cvs/dirsec/ldapserver/ldap/servers/plugins/replication In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv19724/ldapserver/ldap/servers/plugins/replication Modified Files: repl5_agmtlist.c Log Message: Resolves: bug 479253 Bug Description: Configuring Server to Server GSSAPI over SSL - Need better Error Message Reviewed by: nkinder (Thanks!) Fix Description: If the user attempts to set the bind mech to GSSAPI, and a secure transport is being used, the server will return LDAP_UNWILLING_TO_PERFORM and provide a useful error message. Same if GSSAPI is being used and the user attempts to use a secure transport. Platforms tested: RHEL5 Flag Day: no Doc impact: no Index: repl5_agmtlist.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/plugins/replication/repl5_agmtlist.c,v retrieving revision 1.11 retrieving revision 1.12 diff -u -r1.11 -r1.12 --- repl5_agmtlist.c 10 Nov 2006 23:45:17 -0000 1.11 +++ repl5_agmtlist.c 27 Jan 2009 22:37:18 -0000 1.12 @@ -48,6 +48,7 @@ */ #include "repl5.h" +#include #define AGMT_CONFIG_BASE "cn=mapping tree, cn=config" #define CONFIG_FILTER "(objectclass=nsds5replicationagreement)" @@ -373,8 +374,22 @@ else if (slapi_attr_types_equivalent(mods[i]->mod_type, type_nsds5TransportInfo)) { + /* do not allow GSSAPI if using TLS/SSL */ + char *tmpstr = slapi_entry_attr_get_charptr(e, type_nsds5TransportInfo); + /* if some value was set, and the value was not set to LDAP (i.e. was set to use security), + and we're already using gssapi, deny the change */ + if (tmpstr && PL_strcasecmp(tmpstr, "LDAP") && (BINDMETHOD_SASL_GSSAPI == agmt_get_bindmethod(agmt))) + { + /* Report the error to the client */ + PR_snprintf (errortext, SLAPI_DSE_RETURNTEXT_SIZE, "Cannot use SASL/GSSAPI if using SSL or TLS - please change %s to a value other than SASL/GSSAPI before changing %s to use security", type_nsds5ReplicaBindMethod, type_nsds5TransportInfo); + slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name, "agmtlist_modify_callback: " + "%s", errortext); + + *returncode = LDAP_UNWILLING_TO_PERFORM; + rc = SLAPI_DSE_CALLBACK_ERROR; + } /* New Transport info */ - if (agmt_set_transportinfo_from_entry(agmt, e) != 0) + else if (agmt_set_transportinfo_from_entry(agmt, e) != 0) { slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name, "agmtlist_modify_callback: " "failed to update transport info for agreement %s\n", @@ -386,8 +401,19 @@ else if (slapi_attr_types_equivalent(mods[i]->mod_type, type_nsds5ReplicaBindMethod)) { - /* New replica bind method */ - if (agmt_set_bind_method_from_entry(agmt, e) != 0) + /* do not allow GSSAPI if using TLS/SSL */ + char *tmpstr = slapi_entry_attr_get_charptr(e, type_nsds5ReplicaBindMethod); + if (tmpstr && !PL_strcasecmp(tmpstr, "SASL/GSSAPI") && agmt_get_transport_flags(agmt)) + { + /* Report the error to the client */ + PR_snprintf (errortext, SLAPI_DSE_RETURNTEXT_SIZE, "Cannot use SASL/GSSAPI if using SSL or TLS - please change %s to LDAP before changing %s to use SASL/GSSAPI", type_nsds5TransportInfo, type_nsds5ReplicaBindMethod); + slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name, "agmtlist_modify_callback: " + "%s", errortext); + + *returncode = LDAP_UNWILLING_TO_PERFORM; + rc = SLAPI_DSE_CALLBACK_ERROR; + } + else if (agmt_set_bind_method_from_entry(agmt, e) != 0) { slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name, "agmtlist_modify_callback: " "failed to update bind method for agreement %s\n", @@ -395,6 +421,7 @@ *returncode = LDAP_OPERATIONS_ERROR; rc = SLAPI_DSE_CALLBACK_ERROR; } + slapi_ch_free_string(&tmpstr); } else if (slapi_attr_types_equivalent(mods[i]->mod_type, type_nsds5ReplicatedAttributeList)) From nhosoi at fedoraproject.org Wed Jan 28 00:01:12 2009 From: nhosoi at fedoraproject.org (Noriko Hosoi) Date: Wed, 28 Jan 2009 00:01:12 +0000 (UTC) Subject: [Fedora-directory-commits] adminutil/lib/libadmsslutil admsslutil.c, 1.10, 1.11 psetcssl.c, 1.4, 1.5 srvutilssl.c, 1.7, 1.8 uginfossl.c, 1.3, 1.4 Message-ID: <20090128000112.AA8E270141@cvs1.fedora.phx.redhat.com> Author: nhosoi Update of /cvs/dirsec/adminutil/lib/libadmsslutil In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv32529/lib/libadmsslutil Modified Files: admsslutil.c psetcssl.c srvutilssl.c uginfossl.c Log Message: Resolves: #191834 Summary: Clean up admin password in memory when it's freed Description: (comment #5) 1) overwrote password string with '\0's. 2) psetCreate (psetc.c), psetCreateSSL (psetcssl.c) Both has the similar code "passwd = bindPasswd; /* not to free bindPasswd */". According to the comment, by setting bindPasswd to passwd, bindPasswd is not supposed to be freed. But the current location does not stop it's being freed since at that point bindPasswd is NULL and NULL is set to passwd. (Probably, the path is not usually taken.) Index: admsslutil.c =================================================================== RCS file: /cvs/dirsec/adminutil/lib/libadmsslutil/admsslutil.c,v retrieving revision 1.10 retrieving revision 1.11 diff -u -r1.10 -r1.11 --- admsslutil.c 3 Dec 2008 18:36:50 -0000 1.10 +++ admsslutil.c 28 Jan 2009 00:01:10 -0000 1.11 @@ -96,6 +96,7 @@ char *dn = admldapGetSIEDN(info); ldapError = ldap_simple_bind_s(ld, dn, passwd); PL_strfree(dn); + memset(passwd, '\0', strlen(passwd)); PL_strfree(passwd); } else { /* no password means just punt rather than do anon bind */ Index: psetcssl.c =================================================================== RCS file: /cvs/dirsec/adminutil/lib/libadmsslutil/psetcssl.c,v retrieving revision 1.4 retrieving revision 1.5 diff -u -r1.4 -r1.5 --- psetcssl.c 8 May 2007 19:13:26 -0000 1.4 +++ psetcssl.c 28 Jan 2009 00:01:10 -0000 1.5 @@ -205,11 +205,11 @@ userDN = admldapGetUserDN(ldapInfo, user); if (passwd) { bindPasswd = passwd; - } else { - bindPasswd = admldapGetSIEPWD(ldapInfo); + } else { /* passwd is NULL */ + bindPasswd = admldapGetSIEPWD(ldapInfo); /* duplicated; need to free */ if (!bindPasswd) { + ADM_GetCurrentPassword(errorcode, &bindPasswd); /* should not free */ passwd = bindPasswd; /* not to free bindPasswd */ - ADM_GetCurrentPassword(errorcode, &bindPasswd); } } @@ -228,7 +228,12 @@ PR_Free(ldapHost); PR_Free(sieDN); PR_smprintf_free(path); - if (!passwd) { if (bindPasswd) PR_Free(bindPasswd); } + if (!passwd) { + if (bindPasswd) { + memset(bindPasswd, '\0', strlen(bindPasswd)); + PR_Free(bindPasswd); + } + } return pset; } Index: srvutilssl.c =================================================================== RCS file: /cvs/dirsec/adminutil/lib/libadmsslutil/srvutilssl.c,v retrieving revision 1.7 retrieving revision 1.8 diff -u -r1.7 -r1.8 --- srvutilssl.c 3 Dec 2008 18:36:50 -0000 1.7 +++ srvutilssl.c 28 Jan 2009 00:01:10 -0000 1.8 @@ -75,8 +75,11 @@ PR_Free(host); host = NULL; - PR_Free(siepwd); - siepwd = NULL; + if (siepwd) { + memset(siepwd, '\0', strlen(siepwd)); + PR_Free(siepwd); + siepwd = NULL; + } if (!domainPset) goto err; nl = retrieveSIEs(domainPset, domainDN, adminName); @@ -132,8 +135,11 @@ host = NULL; PR_Free(siedn); siedn = NULL; - PR_Free(siepwd); - siepwd = NULL; + if (siepwd) { + memset(siepwd, '\0', strlen(siepwd)); + PR_Free(siepwd); + siepwd = NULL; + } if (!domainPset) goto err; resultList = retrieveISIEs(domainPset, domainDN); psetDelete(domainPset); Index: uginfossl.c =================================================================== RCS file: /cvs/dirsec/adminutil/lib/libadmsslutil/uginfossl.c,v retrieving revision 1.3 retrieving revision 1.4 diff -u -r1.3 -r1.4 --- uginfossl.c 4 Apr 2007 19:37:47 -0000 1.3 +++ uginfossl.c 28 Jan 2009 00:01:10 -0000 1.4 @@ -103,7 +103,10 @@ *error_code = ADMUTIL_LDAP_ERR; destroyAdmldap(ldapInfo); PL_strfree(binddn); - PL_strfree(bindpw); + if (bindpw) { + memset(bindpw, 0, strlen(bindpw)); + PL_strfree(bindpw); + } return NULL; } @@ -111,7 +114,11 @@ binddn, bindpw); PL_strfree(binddn); - PL_strfree(bindpw); + if (bindpw) { + memset(bindpw, 0, strlen(bindpw)); + PL_strfree(bindpw); + bindpw = NULL; + } /* authenticate to LDAP server*/ if (ldapError != LDAP_SUCCESS) { From nhosoi at fedoraproject.org Wed Jan 28 00:01:12 2009 From: nhosoi at fedoraproject.org (Noriko Hosoi) Date: Wed, 28 Jan 2009 00:01:12 +0000 (UTC) Subject: [Fedora-directory-commits] adminutil/lib/libadminutil admutil.c, 1.9, 1.10 psetc.c, 1.5, 1.6 srvutil.c, 1.6, 1.7 uginfo.c, 1.5, 1.6 Message-ID: <20090128000112.947CB70142@cvs1.fedora.phx.redhat.com> Author: nhosoi Update of /cvs/dirsec/adminutil/lib/libadminutil In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv32529/lib/libadminutil Modified Files: admutil.c psetc.c srvutil.c uginfo.c Log Message: Resolves: #191834 Summary: Clean up admin password in memory when it's freed Description: (comment #5) 1) overwrote password string with '\0's. 2) psetCreate (psetc.c), psetCreateSSL (psetcssl.c) Both has the similar code "passwd = bindPasswd; /* not to free bindPasswd */". According to the comment, by setting bindPasswd to passwd, bindPasswd is not supposed to be freed. But the current location does not stop it's being freed since at that point bindPasswd is NULL and NULL is set to passwd. (Probably, the path is not usually taken.) Index: admutil.c =================================================================== RCS file: /cvs/dirsec/adminutil/lib/libadminutil/admutil.c,v retrieving revision 1.9 retrieving revision 1.10 diff -u -r1.9 -r1.10 --- admutil.c 5 Jul 2007 21:12:55 -0000 1.9 +++ admutil.c 28 Jan 2009 00:01:10 -0000 1.10 @@ -1434,24 +1434,23 @@ admInfo->localAdminName = NULL; } if (admInfo->localAdminPassword) { + memset(admInfo->localAdminPassword, '\0', strlen(admInfo->localAdminPassword)); PR_Free(admInfo->localAdminPassword); admInfo->localAdminPassword = NULL; } - if (admInfo->sieDN) - { - PR_Free(admInfo->sieDN); - admInfo->sieDN = NULL; - } - if (admInfo->userDN) - { - PR_Free(admInfo->userDN); - admInfo->userDN = NULL; - } - if (admInfo->passwd) - { - PR_Free(admInfo->passwd); - admInfo->passwd = NULL; - } + if (admInfo->sieDN) { + PR_Free(admInfo->sieDN); + admInfo->sieDN = NULL; + } + if (admInfo->userDN) { + PR_Free(admInfo->userDN); + admInfo->userDN = NULL; + } + if (admInfo->passwd) { + memset(admInfo->passwd, '\0', strlen(admInfo->passwd)); + PR_Free(admInfo->passwd); + admInfo->passwd = NULL; + } if (admInfo->ldapHndl) { ldap_unbind(admInfo->ldapHndl); admInfo->ldapHndl = NULL; @@ -1876,7 +1875,10 @@ PR_IMPLEMENT(void) admSetCachedSIEPWD(const char *pwd) { - if (cachedSIEPWD) PR_Free(cachedSIEPWD); + if (cachedSIEPWD) { + memset(cachedSIEPWD, '\0', strlen(cachedSIEPWD)); + PR_Free(cachedSIEPWD); + } cachedSIEPWD = PL_strdup(pwd); } Index: psetc.c =================================================================== RCS file: /cvs/dirsec/adminutil/lib/libadminutil/psetc.c,v retrieving revision 1.5 retrieving revision 1.6 diff -u -r1.5 -r1.6 --- psetc.c 8 May 2007 19:13:25 -0000 1.5 +++ psetc.c 28 Jan 2009 00:01:10 -0000 1.6 @@ -171,7 +171,10 @@ if (psetp->configFile) PR_Free(psetp->configFile); if (psetp->sieDN) PR_Free(psetp->sieDN); if (psetp->binddn) PR_Free(psetp->binddn); - if (psetp->bindpw) PR_Free(psetp->bindpw); + if (psetp->bindpw) { + memset(psetp->bindpw, 0, strlen(psetp->bindpw)); + PR_Free(psetp->bindpw); + } PR_Free(psetp); } @@ -1362,11 +1365,11 @@ userDN = admldapGetUserDN(ldapInfo, user); if (passwd) { bindPasswd = passwd; - } else { - bindPasswd = admldapGetSIEPWD(ldapInfo); + } else { /* passwd is NULL */ + bindPasswd = admldapGetSIEPWD(ldapInfo); /* duplicated; need to free */ if (!bindPasswd) { + ADM_GetCurrentPassword(errorcode, &bindPasswd); /* should not free */ passwd = bindPasswd; /* setting this not to free bindPasswd */ - ADM_GetCurrentPassword(errorcode, &bindPasswd); } } @@ -1384,7 +1387,13 @@ PR_Free(sieDN); PR_smprintf_free(path); PR_Free(userDN); - if (!passwd) { if (bindPasswd) PR_Free(bindPasswd); } + if (!passwd) { + if (bindPasswd) { + memset(bindPasswd, '\0', strlen(bindPasswd)); + PR_Free(bindPasswd); + bindPasswd = NULL; + } + } destroyAdmldap(ldapInfo); return pset; } @@ -2367,7 +2376,10 @@ if (pset->binddn) PR_Free(pset->binddn); if (userDN) pset->binddn = PL_strdup(userDN); else pset->binddn = NULL; - if (pset->bindpw) PR_Free(pset->bindpw); + if (pset->bindpw) { + memset(pset->bindpw, 0, strlen(pset->bindpw)); + PR_Free(pset->bindpw); + } if (passwd) pset->bindpw = PL_strdup(passwd); else pset->bindpw = NULL; Index: srvutil.c =================================================================== RCS file: /cvs/dirsec/adminutil/lib/libadminutil/srvutil.c,v retrieving revision 1.6 retrieving revision 1.7 diff -u -r1.6 -r1.7 --- srvutil.c 3 Dec 2008 18:36:49 -0000 1.6 +++ srvutil.c 28 Jan 2009 00:01:10 -0000 1.7 @@ -82,7 +82,10 @@ if (sie) PR_Free(sie); if (domainDN) PR_Free(domainDN); if (host) PR_Free(host); - if (siepwd) PR_Free(siepwd); + if (siepwd) { + memset(siepwd, '\0', strlen(siepwd)); + PR_Free(siepwd); + } return nl; err: @@ -90,7 +93,10 @@ if (sie) PR_Free(sie); if (domainDN) PR_Free(domainDN); if (host) PR_Free(host); - if (siepwd) PR_Free(siepwd); + if (siepwd) { + memset(siepwd, '\0', strlen(siepwd)); + PR_Free(siepwd); + } return NULL; } @@ -182,7 +188,10 @@ psetDelete(domainPset); PL_strfree(host); PL_strfree(sie); - PL_strfree(siepwd); + if (siepwd) { + memset(siepwd, '\0', strlen(siepwd)); + PL_strfree(siepwd); + } PL_strfree(isie); return resultList; Index: uginfo.c =================================================================== RCS file: /cvs/dirsec/adminutil/lib/libadminutil/uginfo.c,v retrieving revision 1.5 retrieving revision 1.6 diff -u -r1.5 -r1.6 --- uginfo.c 8 May 2007 19:13:25 -0000 1.5 +++ uginfo.c 28 Jan 2009 00:01:10 -0000 1.6 @@ -123,7 +123,7 @@ if (s && strcmp(s[0], "")) { char *temp = strrchr(directoryURLVals[0], '/'); /* append failover list to url */ - if (NULL != temp) { + if (NULL != temp) { *temp = '\0'; PR_snprintf(buffer, sizeof(buffer), "%s %s/%s", directoryURLVals[0], s[0], temp + 1); @@ -144,6 +144,9 @@ } if (bindPasswordVals) { *bindPassword = PL_strdup(bindPasswordVals[0]); + if (bindPasswordVals[0]) { + memset(bindPasswordVals[0], '\0', strlen(bindPasswordVals[0])); + } ldap_value_free(bindPasswordVals); } if (directoryInfoRefVals) { @@ -282,7 +285,11 @@ } if (oldDirectoryURL) PR_Free(oldDirectoryURL); if (oldBindDN) PR_Free(oldBindDN); - if (oldBindPassword) PR_Free(oldBindPassword); + if (oldBindPassword) { + memset(oldBindPassword, '\0', strlen(oldBindPassword)); + PR_Free(oldBindPassword); + oldBindPassword = NULL; + } if (oldDirectoryInfoRef) PR_Free(oldDirectoryInfoRef); } @@ -302,7 +309,11 @@ *error_code = UG_LDAP_SYSTEM_ERR; if (oldDirectoryURL) PR_Free(oldDirectoryURL); if (oldBindDN) PR_Free(oldBindDN); - if (oldBindPassword) PR_Free(oldBindPassword); + if (oldBindPassword) { + memset(oldBindPassword, '\0', strlen(oldBindPassword)); + PR_Free(oldBindPassword); + oldBindPassword = NULL; + } if (oldDirectoryInfoRef) PR_Free(oldDirectoryInfoRef); return 0; } @@ -449,6 +460,7 @@ oldBindDN = NULL; } if (oldBindPassword) { + memset(oldBindPassword, '\0', strlen(oldBindPassword)); PR_Free(oldBindPassword); oldBindPassword = NULL; } From nhosoi at fedoraproject.org Wed Jan 28 00:05:15 2009 From: nhosoi at fedoraproject.org (Noriko Hosoi) Date: Wed, 28 Jan 2009 00:05:15 +0000 (UTC) Subject: [Fedora-directory-commits] adminserver/admserv/cgi-src40 sec-activate.c, 1.13, 1.14 security.c, 1.19, 1.20 viewlog.c, 1.12, 1.13 Message-ID: <20090128000515.C1CD570141@cvs1.fedora.phx.redhat.com> Author: nhosoi Update of /cvs/dirsec/adminserver/admserv/cgi-src40 In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv1705/admserv/cgi-src40 Modified Files: sec-activate.c security.c viewlog.c Log Message: Resolves: #191834 Summary: Clean up admin password in memory when it's freed Description: (comment #6) Overwrote password strings with '\0's. Index: sec-activate.c =================================================================== RCS file: /cvs/dirsec/adminserver/admserv/cgi-src40/sec-activate.c,v retrieving revision 1.13 retrieving revision 1.14 diff -u -r1.13 -r1.14 --- sec-activate.c 4 Dec 2008 20:01:28 -0000 1.13 +++ sec-activate.c 28 Jan 2009 00:05:13 -0000 1.14 @@ -463,6 +463,7 @@ admSetCachedSIEPWD(pwd); + memset(pwd, 0, strlen(pwd)); free(pwd); return admGetCachedSIEPWD(); Index: security.c =================================================================== RCS file: /cvs/dirsec/adminserver/admserv/cgi-src40/security.c,v retrieving revision 1.19 retrieving revision 1.20 diff -u -r1.19 -r1.20 --- security.c 15 Dec 2008 20:06:55 -0000 1.19 +++ security.c 28 Jan 2009 00:05:13 -0000 1.20 @@ -505,7 +505,8 @@ PL_strfree(ssecurity); PL_strfree(binddn); if (freebindpw) { - PL_strfree(bindpw); + memset(bindpw, 0, strlen(bindpw)); + PL_strfree(bindpw); } } } Index: viewlog.c =================================================================== RCS file: /cvs/dirsec/adminserver/admserv/cgi-src40/viewlog.c,v retrieving revision 1.12 retrieving revision 1.13 diff -u -r1.12 -r1.13 --- viewlog.c 4 Dec 2008 20:01:28 -0000 1.12 +++ viewlog.c 28 Jan 2009 00:05:13 -0000 1.13 @@ -269,7 +269,9 @@ PL_strfree(ssecurity); PL_strfree(binddn); if (freebindpw) { + memset(bindpw, 0, strlen(bindpw)); PL_strfree(bindpw); + bindpw = NULL; } } } From nhosoi at fedoraproject.org Wed Jan 28 00:05:15 2009 From: nhosoi at fedoraproject.org (Noriko Hosoi) Date: Wed, 28 Jan 2009 00:05:15 +0000 (UTC) Subject: [Fedora-directory-commits] mod_admserv mod_admserv.c,1.37,1.38 Message-ID: <20090128000515.EE88E70143@cvs1.fedora.phx.redhat.com> Author: nhosoi Update of /cvs/dirsec/mod_admserv In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv1705/mod_admserv Modified Files: mod_admserv.c Log Message: Resolves: #191834 Summary: Clean up admin password in memory when it's freed Description: (comment #6) Overwrote password strings with '\0's. Index: mod_admserv.c =================================================================== RCS file: /cvs/dirsec/mod_admserv/mod_admserv.c,v retrieving revision 1.37 retrieving revision 1.38 diff -u -r1.37 -r1.38 --- mod_admserv.c 12 Dec 2008 19:45:05 -0000 1.37 +++ mod_admserv.c 28 Jan 2009 00:05:13 -0000 1.38 @@ -886,25 +886,28 @@ if (error != UG_OP_OK) { *errorInfo = (char*)"unable to set User/Group baseDN"; - goto done; + goto done; } } if (!extractLdapServerData(&userGroupServer, userGroupLdapURL, s)) { *errorInfo = (char*)"unable to extract User/Group LDAP info"; - goto done; + goto done; } userGroupServer.bindDN = userGroupBindDN ? apr_pstrdup(module_pool, userGroupBindDN) : NULL; userGroupServer.bindPW = userGroupBindPW ? apr_pstrdup(module_pool, userGroupBindPW) : NULL; - retval = TRUE; /* made it here, so success */ + retval = TRUE; /* made it here, so success */ done: - PL_strfree(siedn); - PL_strfree(userGroupLdapURL); - PL_strfree(userGroupBindDN); - PL_strfree(userGroupBindPW); - PL_strfree(dirInfoRef); - destroyAdmldap(info); + PL_strfree(siedn); + PL_strfree(userGroupLdapURL); + PL_strfree(userGroupBindDN); + if (userGroupBindPW) { + memset(userGroupBindPW, 0, strlen(userGroupBindPW)); + PL_strfree(userGroupBindPW); + } + PL_strfree(dirInfoRef); + destroyAdmldap(info); return retval; } From nkinder at fedoraproject.org Wed Jan 28 21:26:01 2009 From: nkinder at fedoraproject.org (Nathan Kinder) Date: Wed, 28 Jan 2009 21:26:01 +0000 (UTC) Subject: [Fedora-directory-commits] adminserver/admserv/schema/ldif 20asdata.ldif.tmpl, 1.6, 1.7 Message-ID: <20090128212601.5F59770144@cvs1.fedora.phx.redhat.com> Author: nkinder Update of /cvs/dirsec/adminserver/admserv/schema/ldif In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv19994/admserv/schema/ldif Modified Files: 20asdata.ldif.tmpl Log Message: Resolves: 430364 Summary: Allow listen address to be passed in via installer. Index: 20asdata.ldif.tmpl =================================================================== RCS file: /cvs/dirsec/adminserver/admserv/schema/ldif/20asdata.ldif.tmpl,v retrieving revision 1.6 retrieving revision 1.7 diff -u -r1.6 -r1.7 --- 20asdata.ldif.tmpl 14 Jul 2008 18:43:02 -0000 1.6 +++ 20asdata.ldif.tmpl 28 Jan 2009 21:25:59 -0000 1.7 @@ -78,7 +78,7 @@ cn: Configuration nsServerPort: %as_port% nsSuiteSpotUser: %as_user% -nsServerAddress: +nsServerAddress: %as_addr% nsAdminEnableEnduser: on nsAdminEnableDSGW: on nsDirectoryInfoRef: cn=Server Group, cn=%fqdn%, ou=%domain%, o=NetscapeRoot From nkinder at fedoraproject.org Wed Jan 28 21:26:01 2009 From: nkinder at fedoraproject.org (Nathan Kinder) Date: Wed, 28 Jan 2009 21:26:01 +0000 (UTC) Subject: [Fedora-directory-commits] adminserver/admserv/cgi-src40 config.c, 1.16, 1.17 Message-ID: <20090128212601.65A6E7010D@cvs1.fedora.phx.redhat.com> Author: nkinder Update of /cvs/dirsec/adminserver/admserv/cgi-src40 In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv19994/admserv/cgi-src40 Modified Files: config.c Log Message: Resolves: 430364 Summary: Allow listen address to be passed in via installer. Index: config.c =================================================================== RCS file: /cvs/dirsec/adminserver/admserv/cgi-src40/config.c,v retrieving revision 1.16 retrieving revision 1.17 diff -u -r1.16 -r1.17 --- config.c 4 Dec 2008 20:01:28 -0000 1.16 +++ config.c 28 Jan 2009 21:25:58 -0000 1.17 @@ -1037,13 +1037,9 @@ #endif static int validate_addr(char* ip) { - - char systemInfo[SYS_INFO_BUFFER_LENGTH]; - char buf[PR_NETDB_BUF_SIZE]; - PRIntn index; - PRNetAddr netaddr, netaddr1; - PRStatus pr_st; - PRHostEnt hostentry; + PRNetAddr netaddr; + PRFileDesc *sock = NULL; + int ret = 0; /* If ip address is not define, it means that server should listen on all interfaces */ if (ip==NULL || *ip=='\0') return 1; @@ -1052,18 +1048,16 @@ if (!strcmp(ip, "127.0.0.1")) return 1; if (!strcmp(ip, "0.0.0.0")) return 1; - PR_StringToNetAddr(ip, &netaddr); - - pr_st = PR_GetSystemInfo(PR_SI_HOSTNAME, systemInfo, SYS_INFO_BUFFER_LENGTH); - - pr_st = PR_GetHostByName(systemInfo, buf, PR_NETDB_BUF_SIZE, &hostentry); - - index = 0; - while ((index = PR_EnumerateHostEnt(index, &hostentry, 8000, &netaddr1))) { - if (netaddr1.inet.ip == netaddr.inet.ip) return 1; + if (PR_StringToNetAddr(ip, &netaddr) == PR_SUCCESS) { + if ((sock = PR_NewTCPSocket()) != NULL) { + if (PR_Bind(sock, &netaddr) == PR_SUCCESS) { + ret = 1; + } + PR_Close(sock); + } } - - return 0; + + return ret; } /* From nkinder at fedoraproject.org Wed Jan 28 21:26:01 2009 From: nkinder at fedoraproject.org (Nathan Kinder) Date: Wed, 28 Jan 2009 21:26:01 +0000 (UTC) Subject: [Fedora-directory-commits] adminserver/admserv/newinst/src AdminServer.pm.in, 1.14, 1.15 adminserver.map.in, 1.10, 1.11 Message-ID: <20090128212601.62AA870143@cvs1.fedora.phx.redhat.com> Author: nkinder Update of /cvs/dirsec/adminserver/admserv/newinst/src In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv19994/admserv/newinst/src Modified Files: AdminServer.pm.in adminserver.map.in Log Message: Resolves: 430364 Summary: Allow listen address to be passed in via installer. Index: AdminServer.pm.in =================================================================== RCS file: /cvs/dirsec/adminserver/admserv/newinst/src/AdminServer.pm.in,v retrieving revision 1.14 retrieving revision 1.15 diff -u -r1.14 -r1.15 --- AdminServer.pm.in 14 Jul 2008 20:00:03 -0000 1.14 +++ AdminServer.pm.in 28 Jan 2009 21:25:58 -0000 1.15 @@ -346,7 +346,9 @@ $? = 0; # clear error my $output = `$cmd 2>&1`; - if ($?) { + # Check the output of the config CGI to see if something bad happened. + if ($? || $output =~ /NMC_Status: 1/) { + debug(0, "Error updating console.conf:\n"); debug(0, $output); $ENV{LD_LIBRARY_PATH} = $savepath; $ENV{SHLIB_PATH} = $savepath; Index: adminserver.map.in =================================================================== RCS file: /cvs/dirsec/adminserver/admserv/newinst/src/adminserver.map.in,v retrieving revision 1.10 retrieving revision 1.11 diff -u -r1.10 -r1.11 --- adminserver.map.in 14 Jul 2008 18:43:02 -0000 1.10 +++ adminserver.map.in 28 Jan 2009 21:25:58 -0000 1.11 @@ -48,6 +48,7 @@ uname_m = `open(UNAMEM, "uname -m |"); $returnvalue = ; chomp $returnvalue; close(UNAMEM);` asid = `$returnvalue = $mapper->{fqdn}; $returnvalue =~ s/\..*$//;` as_port = Port +as_addr = ServerIpAddress admpw = "@configdir@/admpw" as_error = "@logdir@/error" as_access = "@logdir@/access" From rmeggins at fedoraproject.org Wed Jan 28 21:59:43 2009 From: rmeggins at fedoraproject.org (Richard Allen Megginson) Date: Wed, 28 Jan 2009 21:59:43 +0000 (UTC) Subject: [Fedora-directory-commits] ldapserver/ldap/servers/slapd ssl.c, 1.22, 1.23 Message-ID: <20090128215943.D32AB70141@cvs1.fedora.phx.redhat.com> Author: rmeggins Update of /cvs/dirsec/ldapserver/ldap/servers/slapd In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv27785/ldapserver/ldap/servers/slapd Modified Files: ssl.c Log Message: Resolves: bug 482909 Bug Description: server seg fault if doing SSLCLIENTAUTH without being an ssl server Reviewed by: nkinder (Thanks!) Fix Description: When I changed the code to allow the DS to be an SSL client without having to be an SSL server, I missed the svrcore setup for EXTERNAL (ssl client auth). The fix is to check to see if svrcore has been set up, and initialize it if not, before attempting to use it. Platforms tested: RHEL5 Flag Day: no Doc impact: no Index: ssl.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/ssl.c,v retrieving revision 1.22 retrieving revision 1.23 diff -u -r1.22 -r1.23 --- ssl.c 13 Jan 2009 19:01:10 -0000 1.22 +++ ssl.c 28 Jan 2009 21:59:41 -0000 1.23 @@ -473,18 +473,11 @@ return rv; } -/* - * slapd_ssl_init() is called from main() if we plan to listen - * on a secure port. - */ -int -slapd_ssl_init() { +static int +svrcore_setup() +{ PRErrorCode errorCode; - char ** family_list; - char *val = NULL; - char cipher_string[1024]; int rv = 0; - PK11SlotInfo *slot; #ifndef _WIN32 SVRCOREStdPinObj *StdPinObj; #else @@ -492,40 +485,11 @@ SVRCOREAltPinObj *AltPinObj; SVRCORENTUserPinObj *NTUserPinObj; #endif - Slapi_Entry *entry = NULL; - - /* Get general information */ - - getConfigEntry( configDN, &entry ); - - val = slapi_entry_attr_get_charptr( entry, "nssslSessionTimeout" ); - ciphers = slapi_entry_attr_get_charptr( entry, "nsssl3ciphers" ); - - /* We are currently using the value of sslSessionTimeout - for ssl3SessionTimeout, see SSL_ConfigServerSessionIDCache() */ - /* Note from Tom Weinstein on the meaning of the timeout: - - Timeouts are in seconds. '0' means use the default, which is - 24hrs for SSL3 and 100 seconds for SSL2. - */ - - if(!val) { - errorCode = PR_GetError(); - slapd_SSL_warn("Security Initialization: Failed to retrieve SSL " - "configuration information (" - SLAPI_COMPONENT_NAME_NSPR " error %d - %s): " - "nssslSessionTimeout: %s ", - errorCode, slapd_pr_strerror(errorCode), - (val ? "found" : "not found")); - slapi_ch_free((void **) &val); - slapi_ch_free((void **) &ciphers); - return -1; - } - - stimeout = atoi(val); - slapi_ch_free((void **) &val); - #ifndef _WIN32 + StdPinObj = (SVRCOREStdPinObj *)SVRCORE_GetRegisteredPinObj(); + if (StdPinObj) { + return 0; /* already registered */ + } if ( SVRCORE_CreateStdPinObj(&StdPinObj, dongle_file_name, PR_TRUE) != SVRCORE_Success) { errorCode = PR_GetError(); @@ -536,6 +500,10 @@ } SVRCORE_RegisterPinObj((SVRCOREPinObj *)StdPinObj); #else + AltPinObj = (SVRCOREAltPinObj *)SVRCORE_GetRegisteredPinObj(); + if (AltPinObj) { + return 0; /* already registered */ + } if (SVRCORE_CreateFilePinObj(&FilePinObj, dongle_file_name) != SVRCORE_Success) { errorCode = PR_GetError(); @@ -563,6 +531,58 @@ #endif /* _WIN32 */ + return rv; +} + +/* + * slapd_ssl_init() is called from main() if we plan to listen + * on a secure port. + */ +int +slapd_ssl_init() { + PRErrorCode errorCode; + char ** family_list; + char *val = NULL; + char cipher_string[1024]; + int rv = 0; + PK11SlotInfo *slot; + Slapi_Entry *entry = NULL; + + /* Get general information */ + + getConfigEntry( configDN, &entry ); + + val = slapi_entry_attr_get_charptr( entry, "nssslSessionTimeout" ); + ciphers = slapi_entry_attr_get_charptr( entry, "nsssl3ciphers" ); + + /* We are currently using the value of sslSessionTimeout + for ssl3SessionTimeout, see SSL_ConfigServerSessionIDCache() */ + /* Note from Tom Weinstein on the meaning of the timeout: + + Timeouts are in seconds. '0' means use the default, which is + 24hrs for SSL3 and 100 seconds for SSL2. + */ + + if(!val) { + errorCode = PR_GetError(); + slapd_SSL_warn("Security Initialization: Failed to retrieve SSL " + "configuration information (" + SLAPI_COMPONENT_NAME_NSPR " error %d - %s): " + "nssslSessionTimeout: %s ", + errorCode, slapd_pr_strerror(errorCode), + (val ? "found" : "not found")); + slapi_ch_free((void **) &val); + slapi_ch_free((void **) &ciphers); + return -1; + } + + stimeout = atoi(val); + slapi_ch_free((void **) &val); + + if (svrcore_setup()) { + return -1; + } + if((family_list = getChildren(configDN))) { char **family; char *token; @@ -687,6 +707,10 @@ #ifndef _WIN32 SVRCOREStdPinObj *StdPinObj; + if (svrcore_setup()) { + return 1; + } + StdPinObj = (SVRCOREStdPinObj *)SVRCORE_GetRegisteredPinObj(); SVRCORE_SetStdPinInteractive(StdPinObj, PR_FALSE); #endif @@ -1159,35 +1183,37 @@ /* Free config data */ + if (!svrcore_setup()) { #ifndef _WIN32 - StdPinObj = (SVRCOREStdPinObj *)SVRCORE_GetRegisteredPinObj(); - err = SVRCORE_StdPinGetPin( &pw, StdPinObj, token ); + StdPinObj = (SVRCOREStdPinObj *)SVRCORE_GetRegisteredPinObj(); + err = SVRCORE_StdPinGetPin( &pw, StdPinObj, token ); #else - AltPinObj = (SVRCOREAltPinObj *)SVRCORE_GetRegisteredPinObj(); - pw = SVRCORE_GetPin( (SVRCOREPinObj *)AltPinObj, token, PR_FALSE); + AltPinObj = (SVRCOREAltPinObj *)SVRCORE_GetRegisteredPinObj(); + pw = SVRCORE_GetPin( (SVRCOREPinObj *)AltPinObj, token, PR_FALSE); #endif - if ( err != SVRCORE_Success || pw == NULL) { - errorCode = PR_GetError(); - slapd_SSL_warn("SSL client authentication cannot be used " - "(no password). (" SLAPI_COMPONENT_NAME_NSPR " error %d - %s)", - errorCode, slapd_pr_strerror(errorCode)); - } else { - rc = ldapssl_enable_clientauth (ld, SERVER_KEY_NAME, pw, cert_name); - if (rc != 0) { + if ( err != SVRCORE_Success || pw == NULL) { errorCode = PR_GetError(); - slapd_SSL_warn("ldapssl_enable_clientauth(%s, %s) %i (" - SLAPI_COMPONENT_NAME_NSPR " error %d - %s)", - SERVER_KEY_NAME, cert_name, rc, - errorCode, slapd_pr_strerror(errorCode)); + slapd_SSL_warn("SSL client authentication cannot be used " + "(no password). (" SLAPI_COMPONENT_NAME_NSPR " error %d - %s)", + errorCode, slapd_pr_strerror(errorCode)); } else { - /* We cannot allow NSS to cache outgoing client auth connections - - each client auth connection must have it's own non-shared SSL - connection to the peer so that it will go through the - entire handshake protocol every time including the use of its - own unique client cert - see bug 605457 - */ + rc = ldapssl_enable_clientauth (ld, SERVER_KEY_NAME, pw, cert_name); + if (rc != 0) { + errorCode = PR_GetError(); + slapd_SSL_warn("ldapssl_enable_clientauth(%s, %s) %i (" + SLAPI_COMPONENT_NAME_NSPR " error %d - %s)", + SERVER_KEY_NAME, cert_name, rc, + errorCode, slapd_pr_strerror(errorCode)); + } else { + /* We cannot allow NSS to cache outgoing client auth connections - + each client auth connection must have it's own non-shared SSL + connection to the peer so that it will go through the + entire handshake protocol every time including the use of its + own unique client cert - see bug 605457 + */ - ldapssl_set_option(ld, SSL_NO_CACHE, PR_TRUE); + ldapssl_set_option(ld, SSL_NO_CACHE, PR_TRUE); + } } } From nkinder at fedoraproject.org Thu Jan 29 17:32:24 2009 From: nkinder at fedoraproject.org (Nathan Kinder) Date: Thu, 29 Jan 2009 17:32:24 +0000 (UTC) Subject: [Fedora-directory-commits] ldapserver/ldap/servers/slapd/tools/rsearch rsearch.c, 1.5, 1.6 rsearch.h, 1.4, 1.5 searchthread.c, 1.6, 1.7 Message-ID: <20090129173224.4E19270141@cvs1.fedora.phx.redhat.com> Author: nkinder Update of /cvs/dirsec/ldapserver/ldap/servers/slapd/tools/rsearch In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv3879/ldap/servers/slapd/tools/rsearch Modified Files: rsearch.c rsearch.h searchthread.c Log Message: Resolves: 470611 Summary: Enhanced rsearch to allow user filter and password to be configurable (contributed by telackey at bozemanpass.com). Index: rsearch.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/tools/rsearch/rsearch.c,v retrieving revision 1.5 retrieving revision 1.6 diff -u -r1.5 -r1.6 --- rsearch.c 8 Oct 2008 17:29:04 -0000 1.5 +++ rsearch.c 29 Jan 2009 17:32:21 -0000 1.6 @@ -54,6 +54,8 @@ #include #include +#include +#include #ifdef XP_UNIX #include #endif @@ -104,6 +106,8 @@ "-C num -- take num samples, then stop\n" "-R num -- drop connection & reconnect every num searches\n" "-x -- Use -B file for binding; ignored if -B is not given\n" + "-W -- Password to use when binding with -B. Default is the UID.\n" + "-U -- Filter to use with binding file. Ignored if -x is not given. Default is '(uid=%%s)'.\n" "\n", DEFAULT_HOSTNAME, DEFAULT_PORT, LDAP_SCOPE_BASE, LDAP_SCOPE_ONELEVEL, LDAP_SCOPE_SUBTREE, @@ -223,6 +227,8 @@ char *attrFile = 0; char *bindDN = NULL; char *bindPW = NULL; +char *userPW = NULL; +char *uidFilter = NULL; char **attrToReturn = 0; char *attrList = 0; Operation opType = op_search; @@ -253,7 +259,7 @@ } while ((ch = getopt(argc, argv, - "B:a:j:i:h:s:f:p:o:t:T:D:w:n:A:S:C:R:bvlyqmMcduNLHx?V")) + "U:W:B:a:j:i:h:s:f:p:o:t:T:D:w:n:A:S:C:R:bvlyqmMcduNLHx?V")) != EOF) switch (ch) { case 'h': @@ -359,6 +365,12 @@ case 'x': useBFile = 1; break; + case 'W': + userPW = optarg; + break; + case 'U': + uidFilter = optarg; + break; case 'a': if (optarg[0] == '?') { usage_A(); @@ -387,6 +399,11 @@ argc -= optind; argv += optind; + if (uidFilter && NULL == strstr(uidFilter, "%s")) { + printf("rsearch: invalid UID filter - must contain %%s, eg, (uid=%%s)\n"); + usage(); + } + PR_Init(PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 0); ntable = nt_new(0); @@ -487,13 +504,20 @@ cumrate += rate; if ((numThreads > 1) || (!verbose)) { if (!quiet) { + char tbuf[18]; + struct tm* now; + time_t lt; + + time(<); + now = localtime(<); + strftime(tbuf, sizeof(tbuf), "%Y%m%d %H:%M:%S", now); if (showRunningAvg) - printf("Rate: %7.2f/thr (cumul rate: %7.2f/thr)\n", - rate, cumrate/(double)counter); + printf("%s - Rate: %7.2f/thr (cumul rate: %7.2f/thr)\n", + tbuf, rate, cumrate/(double)counter); else - printf("Rate: %7.2f/thr (%6.2f/sec =%7.4fms/op), " + printf("%s - Rate: %7.2f/thr (%6.2f/sec =%7.4fms/op), " "total:%6u (%d thr)\n", - rate, val, (double)1000.0/val, total, numThreads); + tbuf, rate, val, (double)1000.0/val, total, numThreads); } } if (countLimit && (counter >= countLimit)) { Index: rsearch.h =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/tools/rsearch/rsearch.h,v retrieving revision 1.4 retrieving revision 1.5 diff -u -r1.4 -r1.5 --- rsearch.h 1 Aug 2007 17:51:10 -0000 1.4 +++ rsearch.h 29 Jan 2009 17:32:21 -0000 1.5 @@ -69,6 +69,8 @@ /**/ extern char *nameFile; extern char *bindDN; extern char *bindPW; +extern char *userPW; +extern char *uidFilter; extern char **attrToReturn; /**/ extern char *attrList; extern Operation opType; Index: searchthread.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/tools/rsearch/searchthread.c,v retrieving revision 1.6 retrieving revision 1.7 diff -u -r1.6 -r1.7 --- searchthread.c 8 Oct 2008 17:29:04 -0000 1.6 +++ searchthread.c 29 Jan 2009 17:32:21 -0000 1.7 @@ -90,7 +90,6 @@ st->alive = 1; st->lock = PR_NewLock(); st->retry = 0; - srand(time(0)); return st; } @@ -106,6 +105,11 @@ return st->id; } +void st_seed(SearchThread *st) { + time_t t = time(0); + t -= st->id * 1000; + srand((unsigned int)t); +} static void st_enableTCPnodelay(SearchThread *st) { @@ -143,12 +147,12 @@ st->soc = -1; } -static int st_bind_core(SearchThread *st, LDAP **ld, char *dn, char *uid) +static int st_bind_core(SearchThread *st, LDAP **ld, char *dn, char *pw) { int ret = 0; int retry = 0; while (1) { - ret = ldap_simple_bind_s(*ld, dn, uid); + ret = ldap_simple_bind_s(*ld, dn, pw); if (LDAP_SUCCESS == ret) { break; } else if (LDAP_CONNECT_ERROR == ret && retry < 10) { @@ -156,7 +160,7 @@ } else { fprintf(stderr, "T%d: failed to bind, ldap_simple_bind_s" "(%s, %s) returned 0x%x (errno %d)\n", - st->id, dn, uid, ret, errno); + st->id, dn, pw, ret, errno); *ld = NULL; return 0; } @@ -188,30 +192,33 @@ if (opType != op_delete && opType != op_modify && opType != op_idxmodify && sdattable && sdt_getlen(sdattable) > 0) { int e; - char *dn, *uid; + char *dn, *uid, *upw; do { e = sdt_getrand(sdattable); } while (e < 0); dn = sdt_dn_get(sdattable, e); uid = sdt_uid_get(sdattable, e); + /* in this test, assuming uid == password unless told otherwise */ + upw = (userPW) ? userPW : uid; if (useBFile) { - /* in this test, assuming uid == password */ + if (dn) { - if (0 == st_bind_core(st, &(st->ld), dn, uid)) { + if (0 == st_bind_core(st, &(st->ld), dn, upw)) { return 0; } } else if (uid) { char filterBuffer[100]; char *pFilter; + char *filterTemplate = (uidFilter) ? uidFilter : "(uid=%s)"; struct timeval timeout; int scope = LDAP_SCOPE_SUBTREE, attrsOnly = 0; LDAPMessage *result; int retry = 0; pFilter = filterBuffer; - sprintf(filterBuffer, "(uid=%s)", uid); + sprintf(filterBuffer, filterTemplate, uid); timeout.tv_sec = 3600; timeout.tv_usec = 0; while (1) { @@ -230,7 +237,7 @@ } dn = ldap_get_dn(st->ld2, result); - if (0 == st_bind_core(st, &(st->ld), dn, uid)) { + if (0 == st_bind_core(st, &(st->ld), dn, upw)) { return 0; } } else { @@ -239,7 +246,7 @@ return 0; } } else { - if (0 == st_bind_core(st, &(st->ld), dn, uid)) { + if (0 == st_bind_core(st, &(st->ld), dn, upw)) { return 0; } } @@ -504,6 +511,7 @@ int notBound = 1, res = LDAP_SUCCESS, searches = 0; PRUint32 span; + st_seed(st); st->alive = 1; st->ld = 0; while (1) { @@ -544,6 +552,10 @@ return; } } + else { + /* Fake status for NOOP */ + res = LDAP_SUCCESS; + } if (LDAP_SUCCESS == res) { st->retry = 0; } else if (LDAP_CONNECT_ERROR == res && st->retry < 10) { From rmeggins at fedoraproject.org Thu Jan 29 21:24:02 2009 From: rmeggins at fedoraproject.org (Richard Allen Megginson) Date: Thu, 29 Jan 2009 21:24:02 +0000 (UTC) Subject: [Fedora-directory-commits] console/src/com/netscape/management/client/console Console.java, 1.14, 1.15 Message-ID: <20090129212402.351DB70142@cvs1.fedora.phx.redhat.com> Author: rmeggins Update of /cvs/dirsec/console/src/com/netscape/management/client/console In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv10703/console/src/com/netscape/management/client/console Modified Files: Console.java Log Message: Resolves: bug 430364 Bug Description: setup-ds-admin.pl does not correctly set the admin server ip address Reviewed by: nkinder (Thanks!) Fix Description: If the admin server advertises its IP address in its cn=config nsServerAddress, the console will attempt to use the address instead of hostname (which will break https, btw). If the address is set to 0.0.0.0, clients cannot use this, so must fall back on the hostname. Platforms tested: RHEL5 Flag Day: no Doc impact: no Index: Console.java =================================================================== RCS file: /cvs/dirsec/console/src/com/netscape/management/client/console/Console.java,v retrieving revision 1.14 retrieving revision 1.15 diff -u -r1.14 -r1.15 --- Console.java 15 Jul 2008 17:26:58 -0000 1.14 +++ Console.java 29 Jan 2009 21:23:59 -0000 1.15 @@ -266,8 +266,9 @@ * nsserveraddress might not be defined, which means that the * admin server should listen on all interfaces rather than on * a specific one. Read serverhostname from the SIE entry. + * admin server uses 0.0.0.0 to mean listen on all interfaces */ - if (host == null || host.trim().length() == 0) { + if ((host == null) || (host.trim().length() == 0) || host.equals("0.0.0.0")) { LDAPEntry sieEntry = ldc.read(dn=adminServerDN, new String[] {"serverhostname"}); if (sieEntry == null) { Debug.println("ERROR Console.getInstanceAdminURL: " + From rmeggins at fedoraproject.org Thu Jan 29 21:24:02 2009 From: rmeggins at fedoraproject.org (Richard Allen Megginson) Date: Thu, 29 Jan 2009 21:24:02 +0000 (UTC) Subject: [Fedora-directory-commits] console/src/com/netscape/management/client/topology AdminGroupNode.java, 1.3, 1.4 ServerNode.java, 1.4, 1.5 Message-ID: <20090129212402.408A270116@cvs1.fedora.phx.redhat.com> Author: rmeggins Update of /cvs/dirsec/console/src/com/netscape/management/client/topology In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv10703/console/src/com/netscape/management/client/topology Modified Files: AdminGroupNode.java ServerNode.java Log Message: Resolves: bug 430364 Bug Description: setup-ds-admin.pl does not correctly set the admin server ip address Reviewed by: nkinder (Thanks!) Fix Description: If the admin server advertises its IP address in its cn=config nsServerAddress, the console will attempt to use the address instead of hostname (which will break https, btw). If the address is set to 0.0.0.0, clients cannot use this, so must fall back on the hostname. Platforms tested: RHEL5 Flag Day: no Doc impact: no Index: AdminGroupNode.java =================================================================== RCS file: /cvs/dirsec/console/src/com/netscape/management/client/topology/AdminGroupNode.java,v retrieving revision 1.3 retrieving revision 1.4 diff -u -r1.3 -r1.4 --- AdminGroupNode.java 15 Nov 2007 16:56:53 -0000 1.3 +++ AdminGroupNode.java 29 Jan 2009 21:23:59 -0000 1.4 @@ -415,8 +415,9 @@ * nsserveraddress might not be defined, which means that the * admin server should listen on all interfaces rather than on * a specific one. Read serverhostname from the SIE entry. + * admin server uses 0.0.0.0 to mean listen on all interfaces */ - if (host == null || host.trim().length() == 0) { + if ((host == null) || (host.trim().length() == 0) || host.equals("0.0.0.0")) { LDAPEntry sieEntry = ldc.read(dn=ldapDN, new String[] {"serverhostname"}); if (sieEntry == null) { Debug.println(0, "AdminGroupNode.findAdminURL: " + Index: ServerNode.java =================================================================== RCS file: /cvs/dirsec/console/src/com/netscape/management/client/topology/ServerNode.java,v retrieving revision 1.4 retrieving revision 1.5 diff -u -r1.4 -r1.5 --- ServerNode.java 9 Jul 2007 19:01:01 -0000 1.4 +++ ServerNode.java 29 Jan 2009 21:23:59 -0000 1.5 @@ -994,8 +994,9 @@ * nsserveraddress might not be defined, which means that the * admin server should listen on all interfaces rather than on * a specific one. Read serverhostname from the SIE entry. + * admin server uses 0.0.0.0 to mean listen on all interfaces */ - if (host == null || host.trim().length() == 0) { + if ((host == null) || (host.trim().length() == 0) || host.equals("0.0.0.0")) { LDAPEntry sieEntry = ldc.read(dn=adminServerDN, new String[] {"serverhostname"}); if (sieEntry == null) { Debug.println(0, "ERROR ConsoleInfo.getInstanceAdminURL: " + From rmeggins at fedoraproject.org Thu Jan 29 21:24:02 2009 From: rmeggins at fedoraproject.org (Richard Allen Megginson) Date: Thu, 29 Jan 2009 21:24:02 +0000 (UTC) Subject: [Fedora-directory-commits] console/src/com/netscape/management/client/util ClassLoaderUtil.java, 1.3, 1.4 Message-ID: <20090129212402.4635870117@cvs1.fedora.phx.redhat.com> Author: rmeggins Update of /cvs/dirsec/console/src/com/netscape/management/client/util In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv10703/console/src/com/netscape/management/client/util Modified Files: ClassLoaderUtil.java Log Message: Resolves: bug 430364 Bug Description: setup-ds-admin.pl does not correctly set the admin server ip address Reviewed by: nkinder (Thanks!) Fix Description: If the admin server advertises its IP address in its cn=config nsServerAddress, the console will attempt to use the address instead of hostname (which will break https, btw). If the address is set to 0.0.0.0, clients cannot use this, so must fall back on the hostname. Platforms tested: RHEL5 Flag Day: no Doc impact: no Index: ClassLoaderUtil.java =================================================================== RCS file: /cvs/dirsec/console/src/com/netscape/management/client/util/ClassLoaderUtil.java,v retrieving revision 1.3 retrieving revision 1.4 diff -u -r1.3 -r1.4 --- ClassLoaderUtil.java 15 Jul 2008 17:26:59 -0000 1.3 +++ ClassLoaderUtil.java 29 Jan 2009 21:24:00 -0000 1.4 @@ -365,8 +365,9 @@ * nsserveraddress might not be defined, which means that the * admin server should listen on all interfaces rather than on * a specific one. Read serverhostname from the SIE entry. + * admin server uses 0.0.0.0 to mean listen on all interfaces */ - if (sHost == null || sHost.trim().length() == 0) { + if ((sHost == null) || (sHost.trim().length() == 0) || sHost.equals("0.0.0.0")) { LDAPEntry sieEntry = readEntry(ldc, sLocation, new String[] {"serverhostname"}); if (sieEntry == null) { throw new LDAPException( From nkinder at fedoraproject.org Thu Jan 29 21:33:13 2009 From: nkinder at fedoraproject.org (Nathan Kinder) Date: Thu, 29 Jan 2009 21:33:13 +0000 (UTC) Subject: [Fedora-directory-commits] adminserver Makefile.am, 1.42, 1.43 Makefile.in, 1.50, 1.51 aclocal.m4, 1.43, 1.44 configure, 1.47, 1.48 configure.ac, 1.28, 1.29 Message-ID: <20090129213313.9E4DD70142@cvs1.fedora.phx.redhat.com> Author: nkinder Update of /cvs/dirsec/adminserver In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv11742 Modified Files: Makefile.am Makefile.in aclocal.m4 configure configure.ac Log Message: Resolves: 430364 Summary: Set default adminserver listen address to 0.0.0.0 if not defined in inf file. Index: Makefile.am =================================================================== RCS file: /cvs/dirsec/adminserver/Makefile.am,v retrieving revision 1.42 retrieving revision 1.43 diff -u -r1.42 -r1.43 --- Makefile.am 3 Sep 2008 21:42:57 -0000 1.42 +++ Makefile.am 29 Jan 2009 21:33:11 -0000 1.43 @@ -440,6 +440,7 @@ -e 's, at piddir\@,$(piddir),g' \ -e 's, at pidfile\@,$(pidfile),g' \ -e 's, at admservport\@,$(admservport),g' \ + -e 's, at admservip\@,$(admservip),g' \ -e 's, at LIBPATH\@,$(LIBPATH),g' \ -e 's, at nss_libdir\@,$(runtime_nss_libdir),g' \ -e 's, at ldapsdk_libdir\@,$(runtime_ldapsdk_libdir),g' \ @@ -491,6 +492,7 @@ -e 's, at piddir\@,$(piddir),g' \ -e 's, at pidfile\@,$(pidfile),g' \ -e 's, at admservport\@,$(admservport),g' \ + -e 's, at admservip\@,$(admservip),g' \ -e 's, at LIBPATH\@,$(LIBPATH),g' \ -e 's, at nss_libdir\@,$(runtime_nss_libdir),g' \ -e 's, at ldapsdk_libdir\@,$(runtime_ldapsdk_libdir),g' \ Index: Makefile.in =================================================================== RCS file: /cvs/dirsec/adminserver/Makefile.in,v retrieving revision 1.50 retrieving revision 1.51 diff -u -r1.50 -r1.51 --- Makefile.in 8 Jan 2009 22:29:38 -0000 1.50 +++ Makefile.in 29 Jan 2009 21:33:11 -0000 1.51 @@ -353,7 +353,6 @@ PATH_SEPARATOR = @PATH_SEPARATOR@ PKG_CONFIG = @PKG_CONFIG@ RANLIB = @RANLIB@ -SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ SOLARIS_FALSE = @SOLARIS_FALSE@ @@ -374,6 +373,7 @@ adminutil_ver = @adminutil_ver@ admlogdir = @admlogdir@ admmoddir = $(libdir)@admmoddir@ +admservip = @admservip@ admservport = @admservport@ am__fastdepCC_FALSE = @am__fastdepCC_FALSE@ am__fastdepCC_TRUE = @am__fastdepCC_TRUE@ @@ -779,6 +779,7 @@ @BUNDLE_FALSE@ -e 's, at piddir\@,$(piddir),g' \ @BUNDLE_FALSE@ -e 's, at pidfile\@,$(pidfile),g' \ @BUNDLE_FALSE@ -e 's, at admservport\@,$(admservport),g' \ + at BUNDLE_FALSE@ -e 's, at admservip\@,$(admservip),g' \ @BUNDLE_FALSE@ -e 's, at LIBPATH\@,$(LIBPATH),g' \ @BUNDLE_FALSE@ -e 's, at nss_libdir\@,$(runtime_nss_libdir),g' \ @BUNDLE_FALSE@ -e 's, at ldapsdk_libdir\@,$(runtime_ldapsdk_libdir),g' \ @@ -839,6 +840,7 @@ @BUNDLE_TRUE@ -e 's, at piddir\@,$(piddir),g' \ @BUNDLE_TRUE@ -e 's, at pidfile\@,$(pidfile),g' \ @BUNDLE_TRUE@ -e 's, at admservport\@,$(admservport),g' \ + at BUNDLE_TRUE@ -e 's, at admservip\@,$(admservip),g' \ @BUNDLE_TRUE@ -e 's, at LIBPATH\@,$(LIBPATH),g' \ @BUNDLE_TRUE@ -e 's, at nss_libdir\@,$(runtime_nss_libdir),g' \ @BUNDLE_TRUE@ -e 's, at ldapsdk_libdir\@,$(runtime_ldapsdk_libdir),g' \ Index: aclocal.m4 =================================================================== RCS file: /cvs/dirsec/adminserver/aclocal.m4,v retrieving revision 1.43 retrieving revision 1.44 diff -u -r1.43 -r1.44 --- aclocal.m4 8 Jan 2009 22:29:38 -0000 1.43 +++ aclocal.m4 29 Jan 2009 21:33:11 -0000 1.44 @@ -1578,27 +1578,10 @@ # before this can be enabled. hardcode_into_libs=yes - # find out which ABI we are using - libsuff= - case "$host_cpu" in - x86_64*|s390x*|powerpc64*) - echo '[#]line __oline__ "configure"' > conftest.$ac_ext - if AC_TRY_EVAL(ac_compile); then - case `/usr/bin/file conftest.$ac_objext` in - *64-bit*) - libsuff=64 - sys_lib_search_path_spec="/lib${libsuff} /usr/lib${libsuff} /usr/local/lib${libsuff}" - ;; - esac - fi - rm -rf conftest* - ;; - esac - # Append ld.so.conf contents to the search path if test -f /etc/ld.so.conf; then - lt_ld_extra=`awk '/^include / { system(sprintf("cd /etc; cat %s 2>/dev/null", \[$]2)); skip = 1; } { if (!skip) print \[$]0; skip = 0; }' < /etc/ld.so.conf | $SED -e 's/#.*//;s/[:, ]/ /g;s/=[^=]*$//;s/=[^= ]* / /g;/^$/d' | tr '\n' ' '` - sys_lib_dlsearch_path_spec="/lib${libsuff} /usr/lib${libsuff} $lt_ld_extra" + lt_ld_extra=`awk '/^include / { system(sprintf("cd /etc; cat %s", \[$]2)); skip = 1; } { if (!skip) print \[$]0; skip = 0; }' < /etc/ld.so.conf | $SED -e 's/#.*//;s/[:, ]/ /g;s/=[^=]*$//;s/=[^= ]* / /g;/^$/d' | tr '\n' ' '` + sys_lib_dlsearch_path_spec="/lib /usr/lib $lt_ld_extra" fi # We used to test for /lib/ld.so.1 and disable shared libraries on @@ -4305,9 +4288,6 @@ # Is the compiler the GNU C compiler? with_gcc=$_LT_AC_TAGVAR(GCC, $1) -gcc_dir=\`gcc -print-file-name=. | $SED 's,/\.$,,'\` -gcc_ver=\`gcc -dumpversion\` - # An ERE matcher. EGREP=$lt_EGREP @@ -4441,11 +4421,11 @@ # Dependencies to place before the objects being linked to create a # shared library. -predep_objects=\`echo $lt_[]_LT_AC_TAGVAR(predep_objects, $1) | \$SED -e "s@\${gcc_dir}@\\\${gcc_dir}@g;s@\${gcc_ver}@\\\${gcc_ver}@g"\` +predep_objects=$lt_[]_LT_AC_TAGVAR(predep_objects, $1) # Dependencies to place after the objects being linked to create a # shared library. -postdep_objects=\`echo $lt_[]_LT_AC_TAGVAR(postdep_objects, $1) | \$SED -e "s@\${gcc_dir}@\\\${gcc_dir}@g;s@\${gcc_ver}@\\\${gcc_ver}@g"\` +postdep_objects=$lt_[]_LT_AC_TAGVAR(postdep_objects, $1) # Dependencies to place before the objects being linked to create a # shared library. @@ -4457,7 +4437,7 @@ # The library search path used internally by the compiler when linking # a shared library. -compiler_lib_search_path=\`echo $lt_[]_LT_AC_TAGVAR(compiler_lib_search_path, $1) | \$SED -e "s@\${gcc_dir}@\\\${gcc_dir}@g;s@\${gcc_ver}@\\\${gcc_ver}@g"\` +compiler_lib_search_path=$lt_[]_LT_AC_TAGVAR(compiler_lib_search_path, $1) # Method to check whether dependent libraries are shared objects. deplibs_check_method=$lt_deplibs_check_method @@ -4537,7 +4517,7 @@ link_all_deplibs=$_LT_AC_TAGVAR(link_all_deplibs, $1) # Compile-time system search path for libraries -sys_lib_search_path_spec=\`echo $lt_sys_lib_search_path_spec | \$SED -e "s@\${gcc_dir}@\\\${gcc_dir}@g;s@\${gcc_ver}@\\\${gcc_ver}@g"\` +sys_lib_search_path_spec=$lt_sys_lib_search_path_spec # Run-time system search path for libraries sys_lib_dlsearch_path_spec=$lt_sys_lib_dlsearch_path_spec @@ -6373,7 +6353,6 @@ done done done -IFS=$as_save_IFS lt_ac_max=0 lt_ac_count=0 # Add /usr/xpg4/bin/sed as it is typically found on Solaris @@ -6406,7 +6385,6 @@ done ]) SED=$lt_cv_path_SED -AC_SUBST([SED]) AC_MSG_RESULT([$SED]) ]) Index: configure =================================================================== RCS file: /cvs/dirsec/adminserver/configure,v retrieving revision 1.47 retrieving revision 1.48 diff -u -r1.47 -r1.48 --- configure 8 Jan 2009 22:29:38 -0000 1.47 +++ configure 29 Jan 2009 21:33:11 -0000 1.48 @@ -468,7 +468,7 @@ ac_default_prefix=/opt/dirsrv ac_subdirs_all="$ac_subdirs_all mod_admserv" ac_subdirs_all="$ac_subdirs_all mod_restartd" -ac_subst_vars='SHELL PATH_SEPARATOR PACKAGE_NAME PACKAGE_TARNAME PACKAGE_VERSION PACKAGE_STRING PACKAGE_BUGREPORT exec_prefix prefix program_transform_name bindir sbindir libexecdir datadir sysconfdir sharedstatedir localstatedir libdir includedir oldincludedir infodir mandir build_alias host_alias target_alias DEFS ECHO_C ECHO_N ECHO_T LIBS INSTALL_PROGRAM INSTALL_SCRIPT INSTALL_DATA CYGPATH_W PACKAGE VERSION ACLOCAL AUTOCONF AUTOMAKE AUTOHEADER MAKEINFO install_sh STRIP ac_ct_STRIP INSTALL_STRIP_PROGRAM mkdir_p AWK SET_MAKE am__leading_dot AMTAR am__tar am__untar MAINTAINER_MODE_TRUE MAINTAINER_MODE_FALSE MAINT build build_cpu build_vendor build_os host host_cpu host_vendor host_os CXX CXXFLAGS LDFLAGS CPPFLAGS ac_ct_CXX EXEEXT OBJEXT DEPDIR am__include am__quote AMDEP_TRUE AMDEP_FALSE AMDEPBACKSLASH CXXDEPMODE am__fastdepCXX_TRUE am__fastdepCXX_FALSE CC CFLAGS ac_ct_CC CCDEPMODE am__fastdepCC_TRUE am__fastdepCC_FALSE SED EGREP LN_S ECHO AR ac_ct_AR RANLIB ac_ct_RANLIB CPP CXXCPP F77 FFLAGS ac_ct_F77 LIBTOOL LIBOBJS PACKAGE_BASE_NAME PACKAGE_BASE_VERSION debug_defs BUNDLE_TRUE BUNDLE_FALSE LIBSOCKET LIBNSL LIBCSTD LIBCRUN initdir perlexec CXXLINK_REQUIRED_TRUE CXXLINK_REQUIRED_FALSE HPUX_TRUE HPUX_FALSE SOLARIS_TRUE SOLARIS_FALSE initconfigdir HTTPD APXS APR_CONFIG PKG_CONFIG ICU_CONFIG nsspcache instconfigdir dslibdir nspr_inc nspr_lib nspr_libdir nss_inc nss_lib nss_libdir sasl_inc sasl_lib sasl_libdir ldapsdk_inc ldapsdk_lib ldapsdk_libdir adminutil_inc adminutil_lib adminutil_libdir adminutil_ver icu_lib icu_libdir icu_inc icu_bin instancename cgibindir cmdbindir moddir modnssbindir propertydir htmldir icondir manualdir httpdconf httpdconfdir mimemagic httpduser httpdgroup admlogdir piddir pidfile admservport ldifdir admmoddir nssmoddir infdir perldir brand capbrand vendor WINNT_TRUE WINNT_FALSE APACHE22_TRUE APACHE22_FALSE subdirs MOD_ADMSERV_TRUE MOD_ADMSERV_FALSE MOD_RESTARTD_TRUE MOD_RESTARTD_FALSE LTLIBOBJS' +ac_subst_vars='SHELL PATH_SEPARATOR PACKAGE_NAME PACKAGE_TARNAME PACKAGE_VERSION PACKAGE_STRING PACKAGE_BUGREPORT exec_prefix prefix program_transform_name bindir sbindir libexecdir datadir sysconfdir sharedstatedir localstatedir libdir includedir oldincludedir infodir mandir build_alias host_alias target_alias DEFS ECHO_C ECHO_N ECHO_T LIBS INSTALL_PROGRAM INSTALL_SCRIPT INSTALL_DATA CYGPATH_W PACKAGE VERSION ACLOCAL AUTOCONF AUTOMAKE AUTOHEADER MAKEINFO install_sh STRIP ac_ct_STRIP INSTALL_STRIP_PROGRAM mkdir_p AWK SET_MAKE am__leading_dot AMTAR am__tar am__untar MAINTAINER_MODE_TRUE MAINTAINER_MODE_FALSE MAINT build build_cpu build_vendor build_os host host_cpu host_vendor host_os CXX CXXFLAGS LDFLAGS CPPFLAGS ac_ct_CXX EXEEXT OBJEXT DEPDIR am__include am__quote AMDEP_TRUE AMDEP_FALSE AMDEPBACKSLASH CXXDEPMODE am__fastdepCXX_TRUE am__fastdepCXX_FALSE CC CFLAGS ac_ct_CC CCDEPMODE am__fastdepCC_TRUE am__fastdepCC_FALSE EGREP LN_S ECHO AR ac_ct_AR RANLIB ac_ct_RANLIB CPP CXX CPP F77 FFLAGS ac_ct_F77 LIBTOOL LIBOBJS PACKAGE_BASE_NAME PACKAGE_BASE_VERSION debug_defs BUNDLE_TRUE BUNDLE_FALSE LIBSOCKET LIBNSL LIBCSTD LIBCRUN initdir perlexec CXXLINK_REQUIRED_TRUE CXXLINK_REQUIRED_FALSE HPUX_TRUE HPUX_FALSE SOLARIS_TRUE SOLARIS_FALSE initconfigdir HTTPD APXS APR_CONFIG PKG_CONFIG ICU_CONFIG nsspcache instconfigdir dslibdir nspr_inc nspr_lib nspr_libdir nss_inc nss_lib nss_libdir sasl_inc sasl_lib sasl_libdir ldapsdk_inc ldapsdk_lib ldapsdk_libdir adminutil_inc adminutil_lib adminutil_libdir adminutil_ver icu_lib icu_libdir icu_inc icu_bin instancename cgibindir cmdbindir moddir modnssbindir propertydir htmldir icondir manualdir httpdconf httpdconfdir mimemagic httpduser httpdgroup admlogdir piddir pidfile admservport admservip ldifdir admmoddir nssmoddir infdir perldir brand capbrand vendor WINNT_TRUE WINNT_FALSE APACHE22_TRUE APACHE22_FALSE subdirs MOD_ADMSERV_TRUE MOD_ADMSERV_FALSE MOD_RESTARTD_TRUE MOD_RESTARTD_FALSE LTLIBOBJS' ac_subst_files='' # Initialize some variables set by options. @@ -3839,7 +3839,6 @@ done done done -IFS=$as_save_IFS lt_ac_max=0 lt_ac_count=0 # Add /usr/xpg4/bin/sed as it is typically found on Solaris @@ -3874,7 +3873,6 @@ fi SED=$lt_cv_path_SED - echo "$as_me:$LINENO: result: $SED" >&5 echo "${ECHO_T}$SED" >&6 @@ -4315,7 +4313,7 @@ ;; *-*-irix6*) # Find out which ABI we are using. - echo '#line 4318 "configure"' > conftest.$ac_ext + echo '#line 4316 "configure"' > conftest.$ac_ext if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? @@ -5450,7 +5448,7 @@ # Provide some information about the compiler. -echo "$as_me:5453:" \ +echo "$as_me:5451:" \ "checking for Fortran 77 compiler version" >&5 ac_compiler=`set X $ac_compile; echo $2` { (eval echo "$as_me:$LINENO: \"$ac_compiler --version &5\"") >&5 @@ -6513,11 +6511,11 @@ -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:6516: $lt_compile\"" >&5) + (eval echo "\"\$as_me:6514: $lt_compile\"" >&5) (eval "$lt_compile" 2>conftest.err) ac_status=$? cat conftest.err >&5 - echo "$as_me:6520: \$? = $ac_status" >&5 + echo "$as_me:6518: \$? = $ac_status" >&5 if (exit $ac_status) && test -s "$ac_outfile"; then # The compiler can only warn and ignore the option if not recognized # So say no if there are warnings other than the usual output. @@ -6781,11 +6779,11 @@ -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:6784: $lt_compile\"" >&5) + (eval echo "\"\$as_me:6782: $lt_compile\"" >&5) (eval "$lt_compile" 2>conftest.err) ac_status=$? cat conftest.err >&5 - echo "$as_me:6788: \$? = $ac_status" >&5 + echo "$as_me:6786: \$? = $ac_status" >&5 if (exit $ac_status) && test -s "$ac_outfile"; then # The compiler can only warn and ignore the option if not recognized # So say no if there are warnings other than the usual output. @@ -6885,11 +6883,11 @@ -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:6888: $lt_compile\"" >&5) + (eval echo "\"\$as_me:6886: $lt_compile\"" >&5) (eval "$lt_compile" 2>out/conftest.err) ac_status=$? cat out/conftest.err >&5 - echo "$as_me:6892: \$? = $ac_status" >&5 + echo "$as_me:6890: \$? = $ac_status" >&5 if (exit $ac_status) && test -s out/conftest2.$ac_objext then # The compiler can only warn and ignore the option if not recognized @@ -8350,31 +8348,10 @@ # before this can be enabled. hardcode_into_libs=yes - # find out which ABI we are using - libsuff= - case "$host_cpu" in - x86_64*|s390x*|powerpc64*) - echo '#line 8357 "configure"' > conftest.$ac_ext - if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 - (eval $ac_compile) 2>&5 - ac_status=$? - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); }; then - case `/usr/bin/file conftest.$ac_objext` in - *64-bit*) - libsuff=64 - sys_lib_search_path_spec="/lib${libsuff} /usr/lib${libsuff} /usr/local/lib${libsuff}" - ;; - esac - fi - rm -rf conftest* - ;; - esac - # Append ld.so.conf contents to the search path if test -f /etc/ld.so.conf; then - lt_ld_extra=`awk '/^include / { system(sprintf("cd /etc; cat %s 2>/dev/null", \$2)); skip = 1; } { if (!skip) print \$0; skip = 0; }' < /etc/ld.so.conf | $SED -e 's/#.*//;s/[:, ]/ /g;s/=[^=]*$//;s/=[^= ]* / /g;/^$/d' | tr '\n' ' '` - sys_lib_dlsearch_path_spec="/lib${libsuff} /usr/lib${libsuff} $lt_ld_extra" + lt_ld_extra=`awk '/^include / { system(sprintf("cd /etc; cat %s", \$2)); skip = 1; } { if (!skip) print \$0; skip = 0; }' < /etc/ld.so.conf | $SED -e 's/#.*//;s/[:, ]/ /g;s/=[^=]*$//;s/=[^= ]* / /g;/^$/d' | tr '\n' ' '` + sys_lib_dlsearch_path_spec="/lib /usr/lib $lt_ld_extra" fi # We used to test for /lib/ld.so.1 and disable shared libraries on @@ -9251,7 +9228,7 @@ lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2 lt_status=$lt_dlunknown cat > conftest.$ac_ext < conftest.$ac_ext <&5) + (eval echo "\"\$as_me:11671: $lt_compile\"" >&5) (eval "$lt_compile" 2>conftest.err) ac_status=$? cat conftest.err >&5 - echo "$as_me:11701: \$? = $ac_status" >&5 + echo "$as_me:11675: \$? = $ac_status" >&5 if (exit $ac_status) && test -s "$ac_outfile"; then # The compiler can only warn and ignore the option if not recognized # So say no if there are warnings other than the usual output. @@ -11798,11 +11772,11 @@ -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:11801: $lt_compile\"" >&5) + (eval echo "\"\$as_me:11775: $lt_compile\"" >&5) (eval "$lt_compile" 2>out/conftest.err) ac_status=$? cat out/conftest.err >&5 - echo "$as_me:11805: \$? = $ac_status" >&5 + echo "$as_me:11779: \$? = $ac_status" >&5 if (exit $ac_status) && test -s out/conftest2.$ac_objext then # The compiler can only warn and ignore the option if not recognized @@ -12330,31 +12304,10 @@ # before this can be enabled. hardcode_into_libs=yes - # find out which ABI we are using - libsuff= - case "$host_cpu" in - x86_64*|s390x*|powerpc64*) - echo '#line 12337 "configure"' > conftest.$ac_ext - if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 - (eval $ac_compile) 2>&5 - ac_status=$? - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); }; then - case `/usr/bin/file conftest.$ac_objext` in - *64-bit*) - libsuff=64 - sys_lib_search_path_spec="/lib${libsuff} /usr/lib${libsuff} /usr/local/lib${libsuff}" - ;; - esac - fi - rm -rf conftest* - ;; - esac - # Append ld.so.conf contents to the search path if test -f /etc/ld.so.conf; then - lt_ld_extra=`awk '/^include / { system(sprintf("cd /etc; cat %s 2>/dev/null", \$2)); skip = 1; } { if (!skip) print \$0; skip = 0; }' < /etc/ld.so.conf | $SED -e 's/#.*//;s/[:, ]/ /g;s/=[^=]*$//;s/=[^= ]* / /g;/^$/d' | tr '\n' ' '` - sys_lib_dlsearch_path_spec="/lib${libsuff} /usr/lib${libsuff} $lt_ld_extra" + lt_ld_extra=`awk '/^include / { system(sprintf("cd /etc; cat %s", \$2)); skip = 1; } { if (!skip) print \$0; skip = 0; }' < /etc/ld.so.conf | $SED -e 's/#.*//;s/[:, ]/ /g;s/=[^=]*$//;s/=[^= ]* / /g;/^$/d' | tr '\n' ' '` + sys_lib_dlsearch_path_spec="/lib /usr/lib $lt_ld_extra" fi # We used to test for /lib/ld.so.1 and disable shared libraries on @@ -12738,9 +12691,6 @@ # Is the compiler the GNU C compiler? with_gcc=$GCC_CXX -gcc_dir=\`gcc -print-file-name=. | $SED 's,/\.$,,'\` -gcc_ver=\`gcc -dumpversion\` - # An ERE matcher. EGREP=$lt_EGREP @@ -12874,11 +12824,11 @@ # Dependencies to place before the objects being linked to create a # shared library. -predep_objects=\`echo $lt_predep_objects_CXX | \$SED -e "s@\${gcc_dir}@\\\${gcc_dir}@g;s@\${gcc_ver}@\\\${gcc_ver}@g"\` +predep_objects=$lt_predep_objects_CXX # Dependencies to place after the objects being linked to create a # shared library. -postdep_objects=\`echo $lt_postdep_objects_CXX | \$SED -e "s@\${gcc_dir}@\\\${gcc_dir}@g;s@\${gcc_ver}@\\\${gcc_ver}@g"\` +postdep_objects=$lt_postdep_objects_CXX # Dependencies to place before the objects being linked to create a # shared library. @@ -12890,7 +12840,7 @@ # The library search path used internally by the compiler when linking # a shared library. -compiler_lib_search_path=\`echo $lt_compiler_lib_search_path_CXX | \$SED -e "s@\${gcc_dir}@\\\${gcc_dir}@g;s@\${gcc_ver}@\\\${gcc_ver}@g"\` +compiler_lib_search_path=$lt_compiler_lib_search_path_CXX # Method to check whether dependent libraries are shared objects. deplibs_check_method=$lt_deplibs_check_method @@ -12970,7 +12920,7 @@ link_all_deplibs=$link_all_deplibs_CXX # Compile-time system search path for libraries -sys_lib_search_path_spec=\`echo $lt_sys_lib_search_path_spec | \$SED -e "s@\${gcc_dir}@\\\${gcc_dir}@g;s@\${gcc_ver}@\\\${gcc_ver}@g"\` +sys_lib_search_path_spec=$lt_sys_lib_search_path_spec # Run-time system search path for libraries sys_lib_dlsearch_path_spec=$lt_sys_lib_dlsearch_path_spec @@ -13392,11 +13342,11 @@ -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:13395: $lt_compile\"" >&5) + (eval echo "\"\$as_me:13345: $lt_compile\"" >&5) (eval "$lt_compile" 2>conftest.err) ac_status=$? cat conftest.err >&5 - echo "$as_me:13399: \$? = $ac_status" >&5 + echo "$as_me:13349: \$? = $ac_status" >&5 if (exit $ac_status) && test -s "$ac_outfile"; then # The compiler can only warn and ignore the option if not recognized # So say no if there are warnings other than the usual output. @@ -13496,11 +13446,11 @@ -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:13499: $lt_compile\"" >&5) + (eval echo "\"\$as_me:13449: $lt_compile\"" >&5) (eval "$lt_compile" 2>out/conftest.err) ac_status=$? cat out/conftest.err >&5 - echo "$as_me:13503: \$? = $ac_status" >&5 + echo "$as_me:13453: \$? = $ac_status" >&5 if (exit $ac_status) && test -s out/conftest2.$ac_objext then # The compiler can only warn and ignore the option if not recognized @@ -14941,31 +14891,10 @@ # before this can be enabled. hardcode_into_libs=yes - # find out which ABI we are using - libsuff= - case "$host_cpu" in - x86_64*|s390x*|powerpc64*) - echo '#line 14948 "configure"' > conftest.$ac_ext - if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 - (eval $ac_compile) 2>&5 - ac_status=$? - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); }; then - case `/usr/bin/file conftest.$ac_objext` in - *64-bit*) - libsuff=64 - sys_lib_search_path_spec="/lib${libsuff} /usr/lib${libsuff} /usr/local/lib${libsuff}" - ;; - esac - fi - rm -rf conftest* - ;; - esac - # Append ld.so.conf contents to the search path if test -f /etc/ld.so.conf; then - lt_ld_extra=`awk '/^include / { system(sprintf("cd /etc; cat %s 2>/dev/null", \$2)); skip = 1; } { if (!skip) print \$0; skip = 0; }' < /etc/ld.so.conf | $SED -e 's/#.*//;s/[:, ]/ /g;s/=[^=]*$//;s/=[^= ]* / /g;/^$/d' | tr '\n' ' '` - sys_lib_dlsearch_path_spec="/lib${libsuff} /usr/lib${libsuff} $lt_ld_extra" + lt_ld_extra=`awk '/^include / { system(sprintf("cd /etc; cat %s", \$2)); skip = 1; } { if (!skip) print \$0; skip = 0; }' < /etc/ld.so.conf | $SED -e 's/#.*//;s/[:, ]/ /g;s/=[^=]*$//;s/=[^= ]* / /g;/^$/d' | tr '\n' ' '` + sys_lib_dlsearch_path_spec="/lib /usr/lib $lt_ld_extra" fi # We used to test for /lib/ld.so.1 and disable shared libraries on @@ -15349,9 +15278,6 @@ # Is the compiler the GNU C compiler? with_gcc=$GCC_F77 -gcc_dir=\`gcc -print-file-name=. | $SED 's,/\.$,,'\` -gcc_ver=\`gcc -dumpversion\` - # An ERE matcher. EGREP=$lt_EGREP @@ -15485,11 +15411,11 @@ # Dependencies to place before the objects being linked to create a # shared library. -predep_objects=\`echo $lt_predep_objects_F77 | \$SED -e "s@\${gcc_dir}@\\\${gcc_dir}@g;s@\${gcc_ver}@\\\${gcc_ver}@g"\` +predep_objects=$lt_predep_objects_F77 # Dependencies to place after the objects being linked to create a # shared library. -postdep_objects=\`echo $lt_postdep_objects_F77 | \$SED -e "s@\${gcc_dir}@\\\${gcc_dir}@g;s@\${gcc_ver}@\\\${gcc_ver}@g"\` +postdep_objects=$lt_postdep_objects_F77 # Dependencies to place before the objects being linked to create a # shared library. @@ -15501,7 +15427,7 @@ # The library search path used internally by the compiler when linking # a shared library. -compiler_lib_search_path=\`echo $lt_compiler_lib_search_path_F77 | \$SED -e "s@\${gcc_dir}@\\\${gcc_dir}@g;s@\${gcc_ver}@\\\${gcc_ver}@g"\` +compiler_lib_search_path=$lt_compiler_lib_search_path_F77 # Method to check whether dependent libraries are shared objects. deplibs_check_method=$lt_deplibs_check_method @@ -15581,7 +15507,7 @@ link_all_deplibs=$link_all_deplibs_F77 # Compile-time system search path for libraries -sys_lib_search_path_spec=\`echo $lt_sys_lib_search_path_spec | \$SED -e "s@\${gcc_dir}@\\\${gcc_dir}@g;s@\${gcc_ver}@\\\${gcc_ver}@g"\` +sys_lib_search_path_spec=$lt_sys_lib_search_path_spec # Run-time system search path for libraries sys_lib_dlsearch_path_spec=$lt_sys_lib_dlsearch_path_spec @@ -15723,11 +15649,11 @@ -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:15726: $lt_compile\"" >&5) + (eval echo "\"\$as_me:15652: $lt_compile\"" >&5) (eval "$lt_compile" 2>conftest.err) ac_status=$? cat conftest.err >&5 - echo "$as_me:15730: \$? = $ac_status" >&5 + echo "$as_me:15656: \$? = $ac_status" >&5 if (exit $ac_status) && test -s "$ac_outfile"; then # The compiler can only warn and ignore the option if not recognized # So say no if there are warnings other than the usual output. @@ -15991,11 +15917,11 @@ -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:15994: $lt_compile\"" >&5) + (eval echo "\"\$as_me:15920: $lt_compile\"" >&5) (eval "$lt_compile" 2>conftest.err) ac_status=$? cat conftest.err >&5 - echo "$as_me:15998: \$? = $ac_status" >&5 + echo "$as_me:15924: \$? = $ac_status" >&5 if (exit $ac_status) && test -s "$ac_outfile"; then # The compiler can only warn and ignore the option if not recognized # So say no if there are warnings other than the usual output. @@ -16095,11 +16021,11 @@ -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:16098: $lt_compile\"" >&5) + (eval echo "\"\$as_me:16024: $lt_compile\"" >&5) (eval "$lt_compile" 2>out/conftest.err) ac_status=$? cat out/conftest.err >&5 - echo "$as_me:16102: \$? = $ac_status" >&5 + echo "$as_me:16028: \$? = $ac_status" >&5 if (exit $ac_status) && test -s out/conftest2.$ac_objext then # The compiler can only warn and ignore the option if not recognized @@ -17560,31 +17486,10 @@ # before this can be enabled. hardcode_into_libs=yes - # find out which ABI we are using - libsuff= - case "$host_cpu" in - x86_64*|s390x*|powerpc64*) - echo '#line 17567 "configure"' > conftest.$ac_ext - if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 - (eval $ac_compile) 2>&5 - ac_status=$? - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); }; then - case `/usr/bin/file conftest.$ac_objext` in - *64-bit*) - libsuff=64 - sys_lib_search_path_spec="/lib${libsuff} /usr/lib${libsuff} /usr/local/lib${libsuff}" - ;; - esac - fi - rm -rf conftest* - ;; - esac - # Append ld.so.conf contents to the search path if test -f /etc/ld.so.conf; then - lt_ld_extra=`awk '/^include / { system(sprintf("cd /etc; cat %s 2>/dev/null", \$2)); skip = 1; } { if (!skip) print \$0; skip = 0; }' < /etc/ld.so.conf | $SED -e 's/#.*//;s/[:, ]/ /g;s/=[^=]*$//;s/=[^= ]* / /g;/^$/d' | tr '\n' ' '` - sys_lib_dlsearch_path_spec="/lib${libsuff} /usr/lib${libsuff} $lt_ld_extra" + lt_ld_extra=`awk '/^include / { system(sprintf("cd /etc; cat %s", \$2)); skip = 1; } { if (!skip) print \$0; skip = 0; }' < /etc/ld.so.conf | $SED -e 's/#.*//;s/[:, ]/ /g;s/=[^=]*$//;s/=[^= ]* / /g;/^$/d' | tr '\n' ' '` + sys_lib_dlsearch_path_spec="/lib /usr/lib $lt_ld_extra" fi # We used to test for /lib/ld.so.1 and disable shared libraries on @@ -17968,9 +17873,6 @@ # Is the compiler the GNU C compiler? with_gcc=$GCC_GCJ -gcc_dir=\`gcc -print-file-name=. | $SED 's,/\.$,,'\` -gcc_ver=\`gcc -dumpversion\` - # An ERE matcher. EGREP=$lt_EGREP @@ -18104,11 +18006,11 @@ # Dependencies to place before the objects being linked to create a # shared library. -predep_objects=\`echo $lt_predep_objects_GCJ | \$SED -e "s@\${gcc_dir}@\\\${gcc_dir}@g;s@\${gcc_ver}@\\\${gcc_ver}@g"\` +predep_objects=$lt_predep_objects_GCJ # Dependencies to place after the objects being linked to create a # shared library. -postdep_objects=\`echo $lt_postdep_objects_GCJ | \$SED -e "s@\${gcc_dir}@\\\${gcc_dir}@g;s@\${gcc_ver}@\\\${gcc_ver}@g"\` +postdep_objects=$lt_postdep_objects_GCJ # Dependencies to place before the objects being linked to create a # shared library. @@ -18120,7 +18022,7 @@ # The library search path used internally by the compiler when linking # a shared library. -compiler_lib_search_path=\`echo $lt_compiler_lib_search_path_GCJ | \$SED -e "s@\${gcc_dir}@\\\${gcc_dir}@g;s@\${gcc_ver}@\\\${gcc_ver}@g"\` +compiler_lib_search_path=$lt_compiler_lib_search_path_GCJ # Method to check whether dependent libraries are shared objects. deplibs_check_method=$lt_deplibs_check_method @@ -18200,7 +18102,7 @@ link_all_deplibs=$link_all_deplibs_GCJ # Compile-time system search path for libraries -sys_lib_search_path_spec=\`echo $lt_sys_lib_search_path_spec | \$SED -e "s@\${gcc_dir}@\\\${gcc_dir}@g;s@\${gcc_ver}@\\\${gcc_ver}@g"\` +sys_lib_search_path_spec=$lt_sys_lib_search_path_spec # Run-time system search path for libraries sys_lib_dlsearch_path_spec=$lt_sys_lib_dlsearch_path_spec @@ -18452,9 +18354,6 @@ # Is the compiler the GNU C compiler? with_gcc=$GCC_RC -gcc_dir=\`gcc -print-file-name=. | $SED 's,/\.$,,'\` -gcc_ver=\`gcc -dumpversion\` - # An ERE matcher. EGREP=$lt_EGREP @@ -18588,11 +18487,11 @@ # Dependencies to place before the objects being linked to create a # shared library. -predep_objects=\`echo $lt_predep_objects_RC | \$SED -e "s@\${gcc_dir}@\\\${gcc_dir}@g;s@\${gcc_ver}@\\\${gcc_ver}@g"\` +predep_objects=$lt_predep_objects_RC # Dependencies to place after the objects being linked to create a # shared library. -postdep_objects=\`echo $lt_postdep_objects_RC | \$SED -e "s@\${gcc_dir}@\\\${gcc_dir}@g;s@\${gcc_ver}@\\\${gcc_ver}@g"\` +postdep_objects=$lt_postdep_objects_RC # Dependencies to place before the objects being linked to create a # shared library. @@ -18604,7 +18503,7 @@ # The library search path used internally by the compiler when linking # a shared library. -compiler_lib_search_path=\`echo $lt_compiler_lib_search_path_RC | \$SED -e "s@\${gcc_dir}@\\\${gcc_dir}@g;s@\${gcc_ver}@\\\${gcc_ver}@g"\` +compiler_lib_search_path=$lt_compiler_lib_search_path_RC # Method to check whether dependent libraries are shared objects. deplibs_check_method=$lt_deplibs_check_method @@ -18684,7 +18583,7 @@ link_all_deplibs=$link_all_deplibs_RC # Compile-time system search path for libraries -sys_lib_search_path_spec=\`echo $lt_sys_lib_search_path_spec | \$SED -e "s@\${gcc_dir}@\\\${gcc_dir}@g;s@\${gcc_ver}@\\\${gcc_ver}@g"\` +sys_lib_search_path_spec=$lt_sys_lib_search_path_spec # Run-time system search path for libraries sys_lib_dlsearch_path_spec=$lt_sys_lib_dlsearch_path_spec @@ -23040,6 +22939,7 @@ httpduser=nobody httpdgroup=nobody admservport=9830 +admservip=0.0.0.0 # initdir initdir=/rc.d CXXLINK_REQUIRED=0 @@ -25067,6 +24967,7 @@ + # WINNT should be true if building on Windows system not using # cygnus, mingw, or the like and using cmd.exe as the shell @@ -25929,7 +25830,6 @@ s, at CCDEPMODE@,$CCDEPMODE,;t t s, at am__fastdepCC_TRUE@,$am__fastdepCC_TRUE,;t t s, at am__fastdepCC_FALSE@,$am__fastdepCC_FALSE,;t t -s, at SED@,$SED,;t t s, at EGREP@,$EGREP,;t t s, at LN_S@,$LN_S,;t t s, at ECHO@,$ECHO,;t t @@ -26008,6 +25908,7 @@ s, at piddir@,$piddir,;t t s, at pidfile@,$pidfile,;t t s, at admservport@,$admservport,;t t +s, at admservip@,$admservip,;t t s, at ldifdir@,$ldifdir,;t t s, at admmoddir@,$admmoddir,;t t s, at nssmoddir@,$nssmoddir,;t t Index: configure.ac =================================================================== RCS file: /cvs/dirsec/adminserver/configure.ac,v retrieving revision 1.28 retrieving revision 1.29 diff -u -r1.28 -r1.29 --- configure.ac 8 Jan 2009 22:29:38 -0000 1.28 +++ configure.ac 29 Jan 2009 21:33:11 -0000 1.29 @@ -108,6 +108,7 @@ httpduser=nobody httpdgroup=nobody admservport=9830 +admservip=0.0.0.0 # initdir initdir=/rc.d CXXLINK_REQUIRED=0 @@ -367,6 +368,7 @@ AC_SUBST(piddir) AC_SUBST(pidfile) AC_SUBST(admservport) +AC_SUBST(admservip) AC_SUBST(HTTPD) AC_SUBST(ldifdir) AC_SUBST(admmoddir) From nkinder at fedoraproject.org Thu Jan 29 21:33:13 2009 From: nkinder at fedoraproject.org (Nathan Kinder) Date: Thu, 29 Jan 2009 21:33:13 +0000 (UTC) Subject: [Fedora-directory-commits] adminserver/admserv/cfgstuff console.conf.in, 1.3, 1.4 Message-ID: <20090129213313.883B570143@cvs1.fedora.phx.redhat.com> Author: nkinder Update of /cvs/dirsec/adminserver/admserv/cfgstuff In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv11742/admserv/cfgstuff Modified Files: console.conf.in Log Message: Resolves: 430364 Summary: Set default adminserver listen address to 0.0.0.0 if not defined in inf file. Index: console.conf.in =================================================================== RCS file: /cvs/dirsec/adminserver/admserv/cfgstuff/console.conf.in,v retrieving revision 1.3 retrieving revision 1.4 diff -u -r1.3 -r1.4 --- console.conf.in 18 Dec 2007 19:55:23 -0000 1.3 +++ console.conf.in 29 Jan 2009 21:33:11 -0000 1.4 @@ -74,7 +74,7 @@ # # To allow connections to IPv6 addresses add "Listen [::]:80" # -Listen 0.0.0.0:@admservport@ +Listen @admservip@:@admservport@ # SSL Engine Switch: # Enable/Disable SSL for this virtual host. From nkinder at fedoraproject.org Thu Jan 29 21:33:13 2009 From: nkinder at fedoraproject.org (Nathan Kinder) Date: Thu, 29 Jan 2009 21:33:13 +0000 (UTC) Subject: [Fedora-directory-commits] adminserver/admserv/newinst/src ASDialogs.pm.in, 1.6, 1.7 Message-ID: <20090129213313.A121070117@cvs1.fedora.phx.redhat.com> Author: nkinder Update of /cvs/dirsec/adminserver/admserv/newinst/src In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv11742/admserv/newinst/src Modified Files: ASDialogs.pm.in Log Message: Resolves: 430364 Summary: Set default adminserver listen address to 0.0.0.0 if not defined in inf file. Index: ASDialogs.pm.in =================================================================== RCS file: /cvs/dirsec/adminserver/admserv/newinst/src/ASDialogs.pm.in,v retrieving revision 1.6 retrieving revision 1.7 diff -u -r1.6 -r1.7 --- ASDialogs.pm.in 24 Jul 2007 20:10:16 -0000 1.6 +++ ASDialogs.pm.in 29 Jan 2009 21:33:11 -0000 1.7 @@ -87,6 +87,9 @@ 'dialog_ashostip_text', sub { my $self = shift; + if (!defined($self->{manager}->{inf}->{admin}->{ServerIpAddress})) { + $self->{manager}->{inf}->{admin}->{ServerIpAddress} = "@admservip@"; + } return $self->{manager}->{inf}->{admin}->{ServerIpAddress}; }, sub { From nkinder at fedoraproject.org Thu Jan 29 21:33:14 2009 From: nkinder at fedoraproject.org (Nathan Kinder) Date: Thu, 29 Jan 2009 21:33:14 +0000 (UTC) Subject: [Fedora-directory-commits] mod_admserv Makefile.in, 1.26, 1.27 aclocal.m4, 1.18, 1.19 configure, 1.28, 1.29 ltmain.sh, 1.6, 1.7 Message-ID: <20090129213314.B049970142@cvs1.fedora.phx.redhat.com> Author: nkinder Update of /cvs/dirsec/mod_admserv In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv11742/mod_admserv Modified Files: Makefile.in aclocal.m4 configure ltmain.sh Log Message: Resolves: 430364 Summary: Set default adminserver listen address to 0.0.0.0 if not defined in inf file. Index: Makefile.in =================================================================== RCS file: /cvs/dirsec/mod_admserv/Makefile.in,v retrieving revision 1.26 retrieving revision 1.27 diff -u -r1.26 -r1.27 --- Makefile.in 17 Aug 2007 18:41:16 -0000 1.26 +++ Makefile.in 29 Jan 2009 21:33:11 -0000 1.27 @@ -166,7 +166,6 @@ PATH_SEPARATOR = @PATH_SEPARATOR@ PKG_CONFIG = @PKG_CONFIG@ RANLIB = @RANLIB@ -SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ STRIP = @STRIP@ Index: aclocal.m4 =================================================================== RCS file: /cvs/dirsec/mod_admserv/aclocal.m4,v retrieving revision 1.18 retrieving revision 1.19 diff -u -r1.18 -r1.19 --- aclocal.m4 17 Aug 2007 18:41:16 -0000 1.18 +++ aclocal.m4 29 Jan 2009 21:33:11 -0000 1.19 @@ -1578,27 +1578,10 @@ # before this can be enabled. hardcode_into_libs=yes - # find out which ABI we are using - libsuff= - case "$host_cpu" in - x86_64*|s390x*|powerpc64*) - echo '[#]line __oline__ "configure"' > conftest.$ac_ext - if AC_TRY_EVAL(ac_compile); then - case `/usr/bin/file conftest.$ac_objext` in - *64-bit*) - libsuff=64 - sys_lib_search_path_spec="/lib${libsuff} /usr/lib${libsuff} /usr/local/lib${libsuff}" - ;; - esac - fi - rm -rf conftest* - ;; - esac - # Append ld.so.conf contents to the search path if test -f /etc/ld.so.conf; then - lt_ld_extra=`awk '/^include / { system(sprintf("cd /etc; cat %s 2>/dev/null", \[$]2)); skip = 1; } { if (!skip) print \[$]0; skip = 0; }' < /etc/ld.so.conf | $SED -e 's/#.*//;s/[:, ]/ /g;s/=[^=]*$//;s/=[^= ]* / /g;/^$/d' | tr '\n' ' '` - sys_lib_dlsearch_path_spec="/lib${libsuff} /usr/lib${libsuff} $lt_ld_extra" + lt_ld_extra=`awk '/^include / { system(sprintf("cd /etc; cat %s", \[$]2)); skip = 1; } { if (!skip) print \[$]0; skip = 0; }' < /etc/ld.so.conf | $SED -e 's/#.*//;s/[:, ]/ /g;s/=[^=]*$//;s/=[^= ]* / /g;/^$/d' | tr '\n' ' '` + sys_lib_dlsearch_path_spec="/lib /usr/lib $lt_ld_extra" fi # We used to test for /lib/ld.so.1 and disable shared libraries on @@ -4305,9 +4288,6 @@ # Is the compiler the GNU C compiler? with_gcc=$_LT_AC_TAGVAR(GCC, $1) -gcc_dir=\`gcc -print-file-name=. | $SED 's,/\.$,,'\` -gcc_ver=\`gcc -dumpversion\` - # An ERE matcher. EGREP=$lt_EGREP @@ -4441,11 +4421,11 @@ # Dependencies to place before the objects being linked to create a # shared library. -predep_objects=\`echo $lt_[]_LT_AC_TAGVAR(predep_objects, $1) | \$SED -e "s@\${gcc_dir}@\\\${gcc_dir}@g;s@\${gcc_ver}@\\\${gcc_ver}@g"\` +predep_objects=$lt_[]_LT_AC_TAGVAR(predep_objects, $1) # Dependencies to place after the objects being linked to create a # shared library. -postdep_objects=\`echo $lt_[]_LT_AC_TAGVAR(postdep_objects, $1) | \$SED -e "s@\${gcc_dir}@\\\${gcc_dir}@g;s@\${gcc_ver}@\\\${gcc_ver}@g"\` +postdep_objects=$lt_[]_LT_AC_TAGVAR(postdep_objects, $1) # Dependencies to place before the objects being linked to create a # shared library. @@ -4457,7 +4437,7 @@ # The library search path used internally by the compiler when linking # a shared library. -compiler_lib_search_path=\`echo $lt_[]_LT_AC_TAGVAR(compiler_lib_search_path, $1) | \$SED -e "s@\${gcc_dir}@\\\${gcc_dir}@g;s@\${gcc_ver}@\\\${gcc_ver}@g"\` +compiler_lib_search_path=$lt_[]_LT_AC_TAGVAR(compiler_lib_search_path, $1) # Method to check whether dependent libraries are shared objects. deplibs_check_method=$lt_deplibs_check_method @@ -4537,7 +4517,7 @@ link_all_deplibs=$_LT_AC_TAGVAR(link_all_deplibs, $1) # Compile-time system search path for libraries -sys_lib_search_path_spec=\`echo $lt_sys_lib_search_path_spec | \$SED -e "s@\${gcc_dir}@\\\${gcc_dir}@g;s@\${gcc_ver}@\\\${gcc_ver}@g"\` +sys_lib_search_path_spec=$lt_sys_lib_search_path_spec # Run-time system search path for libraries sys_lib_dlsearch_path_spec=$lt_sys_lib_dlsearch_path_spec @@ -6373,7 +6353,6 @@ done done done -IFS=$as_save_IFS lt_ac_max=0 lt_ac_count=0 # Add /usr/xpg4/bin/sed as it is typically found on Solaris @@ -6406,7 +6385,6 @@ done ]) SED=$lt_cv_path_SED -AC_SUBST([SED]) AC_MSG_RESULT([$SED]) ]) Index: configure =================================================================== RCS file: /cvs/dirsec/mod_admserv/configure,v retrieving revision 1.28 retrieving revision 1.29 diff -u -r1.28 -r1.29 --- configure 17 Aug 2007 18:41:16 -0000 1.28 +++ configure 29 Jan 2009 21:33:11 -0000 1.29 @@ -462,7 +462,7 @@ # include #endif" -ac_subst_vars='SHELL PATH_SEPARATOR PACKAGE_NAME PACKAGE_TARNAME PACKAGE_VERSION PACKAGE_STRING PACKAGE_BUGREPORT exec_prefix prefix program_transform_name bindir sbindir libexecdir datadir sysconfdir sharedstatedir localstatedir libdir includedir oldincludedir infodir mandir build_alias host_alias target_alias DEFS ECHO_C ECHO_N ECHO_T LIBS INSTALL_PROGRAM INSTALL_SCRIPT INSTALL_DATA CYGPATH_W PACKAGE VERSION ACLOCAL AUTOCONF AUTOMAKE AUTOHEADER MAKEINFO install_sh STRIP ac_ct_STRIP INSTALL_STRIP_PROGRAM mkdir_p AWK SET_MAKE am__leading_dot AMTAR am__tar am__untar CC CFLAGS LDFLAGS CPPFLAGS ac_ct_CC EXEEXT OBJEXT DEPDIR am__include am__quote AMDEP_TRUE AMDEP_FALSE AMDEPBACKSLASH CCDEPMODE am__fastdepCC_TRUE am__fastdepCC_FALSE build build_cpu build_vendor build_os host host_cpu host_vendor host_os SED EGREP LN_S ECHO AR ac_ct_AR RANLIB ac_ct_RANLIB CPP CXX CXXFLAGS ac_ct_CXX CXXDEPMODE am__fastdepCXX_TRUE am__fastdepCXX_FALSE CXXCPP F77 FFLAGS ac_ct_F77 LIBTOOL LIBCSTD LIBC RUN platform_defs CXXLINK_REQUIRED_TRUE CXXLINK_REQUIRED_FALSE APR_CONFIG APXS PKG_CONFIG ICU_CONFIG HAVE_ADMINSERVER_TRUE HAVE_ADMINSERVER_FALSE apr_inc apache_inc apache_conf apache_prefix apache_bin nspr_inc nspr_lib ldapsdk_inc ldapsdk_lib ldapsdk_ver adminutil_inc adminutil_lib adminutil_ver icu_lib nss_inc nss_lib sasl_lib extra_cppflags moddir LIBOBJS LTLIBOBJS' +ac_subst_vars='SHELL PATH_SEPARATOR PACKAGE_NAME PACKAGE_TARNAME PACKAGE_VERSION PACKAGE_STRING PACKAGE_BUGREPORT exec_prefix prefix program_transform_name bindir sbindir libexecdir datadir sysconfdir sharedstatedir localstatedir libdir includedir oldincludedir infodir mandir build_alias host_alias target_alias DEFS ECHO_C ECHO_N ECHO_T LIBS INSTALL_PROGRAM INSTALL_SCRIPT INSTALL_DATA CYGPATH_W PACKAGE VERSION ACLOCAL AUTOCONF AUTOMAKE AUTOHEADER MAKEINFO install_sh STRIP ac_ct_STRIP INSTALL_STRIP_PROGRAM mkdir_p AWK SET_MAKE am__leading_dot AMTAR am__tar am__untar CC CFLAGS LDFLAGS CPPFLAGS ac_ct_CC EXEEXT OBJEXT DEPDIR am__include am__quote AMDEP_TRUE AMDEP_FALSE AMDEPBACKSLASH CCDEPMODE am__fastdepCC_TRUE am__fastdepCC_FALSE build build_cpu build_vendor build_os host host_cpu host_vendor host_os EGREP LN_S ECHO AR ac_ct_AR RANLIB ac_ct_RANLIB CPP CXX CXXFLAGS ac_ct_CXX CXXDEPMODE am__fastdepCXX_TRUE am__fastdepCXX_FALSE CXXCPP F77 FFLAGS ac_ct_F77 LIBTOOL LIBCSTD LIBCRUN platform_defs CXXLINK_REQUIRED_TRUE CXXLINK_REQUIRED_FALSE APR_CONFIG APXS PKG_CONFIG ICU_CONFIG HAVE_ADMINSERVER_TRUE HAVE_ADMINSERVER_FALSE apr_inc apache_inc apache_conf apache_prefix apache_bin nspr_inc nspr_lib ldapsdk_inc ldapsdk_lib ldapsdk_ver adminutil_inc adminutil_lib adminutil_ver icu_lib nss_inc nss_lib sasl_lib extra_cppflags moddir LIBOBJS LTLIBOBJS' ac_subst_files='' # Initialize some variables set by options. @@ -3217,7 +3217,6 @@ done done done -IFS=$as_save_IFS lt_ac_max=0 lt_ac_count=0 # Add /usr/xpg4/bin/sed as it is typically found on Solaris @@ -3252,7 +3251,6 @@ fi SED=$lt_cv_path_SED - echo "$as_me:$LINENO: result: $SED" >&5 echo "${ECHO_T}$SED" >&6 @@ -3693,7 +3691,7 @@ ;; *-*-irix6*) # Find out which ABI we are using. - echo '#line 3696 "configure"' > conftest.$ac_ext + echo '#line 3694 "configure"' > conftest.$ac_ext if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? @@ -5292,7 +5290,7 @@ # Provide some information about the compiler. -echo "$as_me:5295:" \ +echo "$as_me:5293:" \ "checking for Fortran 77 compiler version" >&5 ac_compiler=`set X $ac_compile; echo $2` { (eval echo "$as_me:$LINENO: \"$ac_compiler --version &5\"") >&5 @@ -6355,11 +6353,11 @@ -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:6358: $lt_compile\"" >&5) + (eval echo "\"\$as_me:6356: $lt_compile\"" >&5) (eval "$lt_compile" 2>conftest.err) ac_status=$? cat conftest.err >&5 - echo "$as_me:6362: \$? = $ac_status" >&5 + echo "$as_me:6360: \$? = $ac_status" >&5 if (exit $ac_status) && test -s "$ac_outfile"; then # The compiler can only warn and ignore the option if not recognized # So say no if there are warnings other than the usual output. @@ -6623,11 +6621,11 @@ -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:6626: $lt_compile\"" >&5) + (eval echo "\"\$as_me:6624: $lt_compile\"" >&5) (eval "$lt_compile" 2>conftest.err) ac_status=$? cat conftest.err >&5 - echo "$as_me:6630: \$? = $ac_status" >&5 + echo "$as_me:6628: \$? = $ac_status" >&5 if (exit $ac_status) && test -s "$ac_outfile"; then # The compiler can only warn and ignore the option if not recognized # So say no if there are warnings other than the usual output. @@ -6727,11 +6725,11 @@ -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:6730: $lt_compile\"" >&5) + (eval echo "\"\$as_me:6728: $lt_compile\"" >&5) (eval "$lt_compile" 2>out/conftest.err) ac_status=$? cat out/conftest.err >&5 - echo "$as_me:6734: \$? = $ac_status" >&5 + echo "$as_me:6732: \$? = $ac_status" >&5 if (exit $ac_status) && test -s out/conftest2.$ac_objext then # The compiler can only warn and ignore the option if not recognized @@ -8192,31 +8190,10 @@ # before this can be enabled. hardcode_into_libs=yes - # find out which ABI we are using - libsuff= - case "$host_cpu" in - x86_64*|s390x*|powerpc64*) - echo '#line 8199 "configure"' > conftest.$ac_ext - if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 - (eval $ac_compile) 2>&5 - ac_status=$? - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); }; then - case `/usr/bin/file conftest.$ac_objext` in - *64-bit*) - libsuff=64 - sys_lib_search_path_spec="/lib${libsuff} /usr/lib${libsuff} /usr/local/lib${libsuff}" - ;; - esac - fi - rm -rf conftest* - ;; - esac - # Append ld.so.conf contents to the search path if test -f /etc/ld.so.conf; then - lt_ld_extra=`awk '/^include / { system(sprintf("cd /etc; cat %s 2>/dev/null", \$2)); skip = 1; } { if (!skip) print \$0; skip = 0; }' < /etc/ld.so.conf | $SED -e 's/#.*//;s/[:, ]/ /g;s/=[^=]*$//;s/=[^= ]* / /g;/^$/d' | tr '\n' ' '` - sys_lib_dlsearch_path_spec="/lib${libsuff} /usr/lib${libsuff} $lt_ld_extra" + lt_ld_extra=`awk '/^include / { system(sprintf("cd /etc; cat %s", \$2)); skip = 1; } { if (!skip) print \$0; skip = 0; }' < /etc/ld.so.conf | $SED -e 's/#.*//;s/[:, ]/ /g;s/=[^=]*$//;s/=[^= ]* / /g;/^$/d' | tr '\n' ' '` + sys_lib_dlsearch_path_spec="/lib /usr/lib $lt_ld_extra" fi # We used to test for /lib/ld.so.1 and disable shared libraries on @@ -9093,7 +9070,7 @@ lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2 lt_status=$lt_dlunknown cat > conftest.$ac_ext < conftest.$ac_ext <&5) + (eval echo "\"\$as_me:11513: $lt_compile\"" >&5) (eval "$lt_compile" 2>conftest.err) ac_status=$? cat conftest.err >&5 - echo "$as_me:11543: \$? = $ac_status" >&5 + echo "$as_me:11517: \$? = $ac_status" >&5 if (exit $ac_status) && test -s "$ac_outfile"; then # The compiler can only warn and ignore the option if not recognized # So say no if there are warnings other than the usual output. @@ -11640,11 +11614,11 @@ -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:11643: $lt_compile\"" >&5) + (eval echo "\"\$as_me:11617: $lt_compile\"" >&5) (eval "$lt_compile" 2>out/conftest.err) ac_status=$? cat out/conftest.err >&5 - echo "$as_me:11647: \$? = $ac_status" >&5 + echo "$as_me:11621: \$? = $ac_status" >&5 if (exit $ac_status) && test -s out/conftest2.$ac_objext then # The compiler can only warn and ignore the option if not recognized @@ -12172,31 +12146,10 @@ # before this can be enabled. hardcode_into_libs=yes - # find out which ABI we are using - libsuff= - case "$host_cpu" in - x86_64*|s390x*|powerpc64*) - echo '#line 12179 "configure"' > conftest.$ac_ext - if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 - (eval $ac_compile) 2>&5 - ac_status=$? - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); }; then - case `/usr/bin/file conftest.$ac_objext` in - *64-bit*) - libsuff=64 - sys_lib_search_path_spec="/lib${libsuff} /usr/lib${libsuff} /usr/local/lib${libsuff}" - ;; - esac - fi - rm -rf conftest* - ;; - esac - # Append ld.so.conf contents to the search path if test -f /etc/ld.so.conf; then - lt_ld_extra=`awk '/^include / { system(sprintf("cd /etc; cat %s 2>/dev/null", \$2)); skip = 1; } { if (!skip) print \$0; skip = 0; }' < /etc/ld.so.conf | $SED -e 's/#.*//;s/[:, ]/ /g;s/=[^=]*$//;s/=[^= ]* / /g;/^$/d' | tr '\n' ' '` - sys_lib_dlsearch_path_spec="/lib${libsuff} /usr/lib${libsuff} $lt_ld_extra" + lt_ld_extra=`awk '/^include / { system(sprintf("cd /etc; cat %s", \$2)); skip = 1; } { if (!skip) print \$0; skip = 0; }' < /etc/ld.so.conf | $SED -e 's/#.*//;s/[:, ]/ /g;s/=[^=]*$//;s/=[^= ]* / /g;/^$/d' | tr '\n' ' '` + sys_lib_dlsearch_path_spec="/lib /usr/lib $lt_ld_extra" fi # We used to test for /lib/ld.so.1 and disable shared libraries on @@ -12580,9 +12533,6 @@ # Is the compiler the GNU C compiler? with_gcc=$GCC_CXX -gcc_dir=\`gcc -print-file-name=. | $SED 's,/\.$,,'\` -gcc_ver=\`gcc -dumpversion\` - # An ERE matcher. EGREP=$lt_EGREP @@ -12716,11 +12666,11 @@ # Dependencies to place before the objects being linked to create a # shared library. -predep_objects=\`echo $lt_predep_objects_CXX | \$SED -e "s@\${gcc_dir}@\\\${gcc_dir}@g;s@\${gcc_ver}@\\\${gcc_ver}@g"\` +predep_objects=$lt_predep_objects_CXX # Dependencies to place after the objects being linked to create a # shared library. -postdep_objects=\`echo $lt_postdep_objects_CXX | \$SED -e "s@\${gcc_dir}@\\\${gcc_dir}@g;s@\${gcc_ver}@\\\${gcc_ver}@g"\` +postdep_objects=$lt_postdep_objects_CXX # Dependencies to place before the objects being linked to create a # shared library. @@ -12732,7 +12682,7 @@ # The library search path used internally by the compiler when linking # a shared library. -compiler_lib_search_path=\`echo $lt_compiler_lib_search_path_CXX | \$SED -e "s@\${gcc_dir}@\\\${gcc_dir}@g;s@\${gcc_ver}@\\\${gcc_ver}@g"\` +compiler_lib_search_path=$lt_compiler_lib_search_path_CXX # Method to check whether dependent libraries are shared objects. deplibs_check_method=$lt_deplibs_check_method @@ -12812,7 +12762,7 @@ link_all_deplibs=$link_all_deplibs_CXX # Compile-time system search path for libraries -sys_lib_search_path_spec=\`echo $lt_sys_lib_search_path_spec | \$SED -e "s@\${gcc_dir}@\\\${gcc_dir}@g;s@\${gcc_ver}@\\\${gcc_ver}@g"\` +sys_lib_search_path_spec=$lt_sys_lib_search_path_spec # Run-time system search path for libraries sys_lib_dlsearch_path_spec=$lt_sys_lib_dlsearch_path_spec @@ -13234,11 +13184,11 @@ -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:13237: $lt_compile\"" >&5) + (eval echo "\"\$as_me:13187: $lt_compile\"" >&5) (eval "$lt_compile" 2>conftest.err) ac_status=$? cat conftest.err >&5 - echo "$as_me:13241: \$? = $ac_status" >&5 + echo "$as_me:13191: \$? = $ac_status" >&5 if (exit $ac_status) && test -s "$ac_outfile"; then # The compiler can only warn and ignore the option if not recognized # So say no if there are warnings other than the usual output. @@ -13338,11 +13288,11 @@ -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:13341: $lt_compile\"" >&5) + (eval echo "\"\$as_me:13291: $lt_compile\"" >&5) (eval "$lt_compile" 2>out/conftest.err) ac_status=$? cat out/conftest.err >&5 - echo "$as_me:13345: \$? = $ac_status" >&5 + echo "$as_me:13295: \$? = $ac_status" >&5 if (exit $ac_status) && test -s out/conftest2.$ac_objext then # The compiler can only warn and ignore the option if not recognized @@ -14783,31 +14733,10 @@ # before this can be enabled. hardcode_into_libs=yes - # find out which ABI we are using - libsuff= - case "$host_cpu" in - x86_64*|s390x*|powerpc64*) - echo '#line 14790 "configure"' > conftest.$ac_ext - if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 - (eval $ac_compile) 2>&5 - ac_status=$? - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); }; then - case `/usr/bin/file conftest.$ac_objext` in - *64-bit*) - libsuff=64 - sys_lib_search_path_spec="/lib${libsuff} /usr/lib${libsuff} /usr/local/lib${libsuff}" - ;; - esac - fi - rm -rf conftest* - ;; - esac - # Append ld.so.conf contents to the search path if test -f /etc/ld.so.conf; then - lt_ld_extra=`awk '/^include / { system(sprintf("cd /etc; cat %s 2>/dev/null", \$2)); skip = 1; } { if (!skip) print \$0; skip = 0; }' < /etc/ld.so.conf | $SED -e 's/#.*//;s/[:, ]/ /g;s/=[^=]*$//;s/=[^= ]* / /g;/^$/d' | tr '\n' ' '` - sys_lib_dlsearch_path_spec="/lib${libsuff} /usr/lib${libsuff} $lt_ld_extra" + lt_ld_extra=`awk '/^include / { system(sprintf("cd /etc; cat %s", \$2)); skip = 1; } { if (!skip) print \$0; skip = 0; }' < /etc/ld.so.conf | $SED -e 's/#.*//;s/[:, ]/ /g;s/=[^=]*$//;s/=[^= ]* / /g;/^$/d' | tr '\n' ' '` + sys_lib_dlsearch_path_spec="/lib /usr/lib $lt_ld_extra" fi # We used to test for /lib/ld.so.1 and disable shared libraries on @@ -15191,9 +15120,6 @@ # Is the compiler the GNU C compiler? with_gcc=$GCC_F77 -gcc_dir=\`gcc -print-file-name=. | $SED 's,/\.$,,'\` -gcc_ver=\`gcc -dumpversion\` - # An ERE matcher. EGREP=$lt_EGREP @@ -15327,11 +15253,11 @@ # Dependencies to place before the objects being linked to create a # shared library. -predep_objects=\`echo $lt_predep_objects_F77 | \$SED -e "s@\${gcc_dir}@\\\${gcc_dir}@g;s@\${gcc_ver}@\\\${gcc_ver}@g"\` +predep_objects=$lt_predep_objects_F77 # Dependencies to place after the objects being linked to create a # shared library. -postdep_objects=\`echo $lt_postdep_objects_F77 | \$SED -e "s@\${gcc_dir}@\\\${gcc_dir}@g;s@\${gcc_ver}@\\\${gcc_ver}@g"\` +postdep_objects=$lt_postdep_objects_F77 # Dependencies to place before the objects being linked to create a # shared library. @@ -15343,7 +15269,7 @@ # The library search path used internally by the compiler when linking # a shared library. -compiler_lib_search_path=\`echo $lt_compiler_lib_search_path_F77 | \$SED -e "s@\${gcc_dir}@\\\${gcc_dir}@g;s@\${gcc_ver}@\\\${gcc_ver}@g"\` +compiler_lib_search_path=$lt_compiler_lib_search_path_F77 # Method to check whether dependent libraries are shared objects. deplibs_check_method=$lt_deplibs_check_method @@ -15423,7 +15349,7 @@ link_all_deplibs=$link_all_deplibs_F77 # Compile-time system search path for libraries -sys_lib_search_path_spec=\`echo $lt_sys_lib_search_path_spec | \$SED -e "s@\${gcc_dir}@\\\${gcc_dir}@g;s@\${gcc_ver}@\\\${gcc_ver}@g"\` +sys_lib_search_path_spec=$lt_sys_lib_search_path_spec # Run-time system search path for libraries sys_lib_dlsearch_path_spec=$lt_sys_lib_dlsearch_path_spec @@ -15565,11 +15491,11 @@ -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:15568: $lt_compile\"" >&5) + (eval echo "\"\$as_me:15494: $lt_compile\"" >&5) (eval "$lt_compile" 2>conftest.err) ac_status=$? cat conftest.err >&5 - echo "$as_me:15572: \$? = $ac_status" >&5 + echo "$as_me:15498: \$? = $ac_status" >&5 if (exit $ac_status) && test -s "$ac_outfile"; then # The compiler can only warn and ignore the option if not recognized # So say no if there are warnings other than the usual output. @@ -15833,11 +15759,11 @@ -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:15836: $lt_compile\"" >&5) + (eval echo "\"\$as_me:15762: $lt_compile\"" >&5) (eval "$lt_compile" 2>conftest.err) ac_status=$? cat conftest.err >&5 - echo "$as_me:15840: \$? = $ac_status" >&5 + echo "$as_me:15766: \$? = $ac_status" >&5 if (exit $ac_status) && test -s "$ac_outfile"; then # The compiler can only warn and ignore the option if not recognized # So say no if there are warnings other than the usual output. @@ -15937,11 +15863,11 @@ -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:15940: $lt_compile\"" >&5) + (eval echo "\"\$as_me:15866: $lt_compile\"" >&5) (eval "$lt_compile" 2>out/conftest.err) ac_status=$? cat out/conftest.err >&5 - echo "$as_me:15944: \$? = $ac_status" >&5 + echo "$as_me:15870: \$? = $ac_status" >&5 if (exit $ac_status) && test -s out/conftest2.$ac_objext then # The compiler can only warn and ignore the option if not recognized @@ -17402,31 +17328,10 @@ # before this can be enabled. hardcode_into_libs=yes - # find out which ABI we are using - libsuff= - case "$host_cpu" in - x86_64*|s390x*|powerpc64*) - echo '#line 17409 "configure"' > conftest.$ac_ext - if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 - (eval $ac_compile) 2>&5 - ac_status=$? - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); }; then - case `/usr/bin/file conftest.$ac_objext` in - *64-bit*) - libsuff=64 - sys_lib_search_path_spec="/lib${libsuff} /usr/lib${libsuff} /usr/local/lib${libsuff}" - ;; - esac - fi - rm -rf conftest* - ;; - esac - # Append ld.so.conf contents to the search path if test -f /etc/ld.so.conf; then - lt_ld_extra=`awk '/^include / { system(sprintf("cd /etc; cat %s 2>/dev/null", \$2)); skip = 1; } { if (!skip) print \$0; skip = 0; }' < /etc/ld.so.conf | $SED -e 's/#.*//;s/[:, ]/ /g;s/=[^=]*$//;s/=[^= ]* / /g;/^$/d' | tr '\n' ' '` - sys_lib_dlsearch_path_spec="/lib${libsuff} /usr/lib${libsuff} $lt_ld_extra" + lt_ld_extra=`awk '/^include / { system(sprintf("cd /etc; cat %s", \$2)); skip = 1; } { if (!skip) print \$0; skip = 0; }' < /etc/ld.so.conf | $SED -e 's/#.*//;s/[:, ]/ /g;s/=[^=]*$//;s/=[^= ]* / /g;/^$/d' | tr '\n' ' '` + sys_lib_dlsearch_path_spec="/lib /usr/lib $lt_ld_extra" fi # We used to test for /lib/ld.so.1 and disable shared libraries on @@ -17810,9 +17715,6 @@ # Is the compiler the GNU C compiler? with_gcc=$GCC_GCJ -gcc_dir=\`gcc -print-file-name=. | $SED 's,/\.$,,'\` -gcc_ver=\`gcc -dumpversion\` - # An ERE matcher. EGREP=$lt_EGREP @@ -17946,11 +17848,11 @@ # Dependencies to place before the objects being linked to create a # shared library. -predep_objects=\`echo $lt_predep_objects_GCJ | \$SED -e "s@\${gcc_dir}@\\\${gcc_dir}@g;s@\${gcc_ver}@\\\${gcc_ver}@g"\` +predep_objects=$lt_predep_objects_GCJ # Dependencies to place after the objects being linked to create a # shared library. -postdep_objects=\`echo $lt_postdep_objects_GCJ | \$SED -e "s@\${gcc_dir}@\\\${gcc_dir}@g;s@\${gcc_ver}@\\\${gcc_ver}@g"\` +postdep_objects=$lt_postdep_objects_GCJ # Dependencies to place before the objects being linked to create a # shared library. @@ -17962,7 +17864,7 @@ # The library search path used internally by the compiler when linking # a shared library. -compiler_lib_search_path=\`echo $lt_compiler_lib_search_path_GCJ | \$SED -e "s@\${gcc_dir}@\\\${gcc_dir}@g;s@\${gcc_ver}@\\\${gcc_ver}@g"\` +compiler_lib_search_path=$lt_compiler_lib_search_path_GCJ # Method to check whether dependent libraries are shared objects. deplibs_check_method=$lt_deplibs_check_method @@ -18042,7 +17944,7 @@ link_all_deplibs=$link_all_deplibs_GCJ # Compile-time system search path for libraries -sys_lib_search_path_spec=\`echo $lt_sys_lib_search_path_spec | \$SED -e "s@\${gcc_dir}@\\\${gcc_dir}@g;s@\${gcc_ver}@\\\${gcc_ver}@g"\` +sys_lib_search_path_spec=$lt_sys_lib_search_path_spec # Run-time system search path for libraries sys_lib_dlsearch_path_spec=$lt_sys_lib_dlsearch_path_spec @@ -18294,9 +18196,6 @@ # Is the compiler the GNU C compiler? with_gcc=$GCC_RC -gcc_dir=\`gcc -print-file-name=. | $SED 's,/\.$,,'\` -gcc_ver=\`gcc -dumpversion\` - # An ERE matcher. EGREP=$lt_EGREP @@ -18430,11 +18329,11 @@ # Dependencies to place before the objects being linked to create a # shared library. -predep_objects=\`echo $lt_predep_objects_RC | \$SED -e "s@\${gcc_dir}@\\\${gcc_dir}@g;s@\${gcc_ver}@\\\${gcc_ver}@g"\` +predep_objects=$lt_predep_objects_RC # Dependencies to place after the objects being linked to create a # shared library. -postdep_objects=\`echo $lt_postdep_objects_RC | \$SED -e "s@\${gcc_dir}@\\\${gcc_dir}@g;s@\${gcc_ver}@\\\${gcc_ver}@g"\` +postdep_objects=$lt_postdep_objects_RC # Dependencies to place before the objects being linked to create a # shared library. @@ -18446,7 +18345,7 @@ # The library search path used internally by the compiler when linking # a shared library. -compiler_lib_search_path=\`echo $lt_compiler_lib_search_path_RC | \$SED -e "s@\${gcc_dir}@\\\${gcc_dir}@g;s@\${gcc_ver}@\\\${gcc_ver}@g"\` +compiler_lib_search_path=$lt_compiler_lib_search_path_RC # Method to check whether dependent libraries are shared objects. deplibs_check_method=$lt_deplibs_check_method @@ -18526,7 +18425,7 @@ link_all_deplibs=$link_all_deplibs_RC # Compile-time system search path for libraries -sys_lib_search_path_spec=\`echo $lt_sys_lib_search_path_spec | \$SED -e "s@\${gcc_dir}@\\\${gcc_dir}@g;s@\${gcc_ver}@\\\${gcc_ver}@g"\` +sys_lib_search_path_spec=$lt_sys_lib_search_path_spec # Run-time system search path for libraries sys_lib_dlsearch_path_spec=$lt_sys_lib_dlsearch_path_spec @@ -21105,7 +21004,6 @@ s, at host_cpu@,$host_cpu,;t t s, at host_vendor@,$host_vendor,;t t s, at host_os@,$host_os,;t t -s, at SED@,$SED,;t t s, at EGREP@,$EGREP,;t t s, at LN_S@,$LN_S,;t t s, at ECHO@,$ECHO,;t t Index: ltmain.sh =================================================================== RCS file: /cvs/dirsec/mod_admserv/ltmain.sh,v retrieving revision 1.6 retrieving revision 1.7 diff -u -r1.6 -r1.7 --- ltmain.sh 11 May 2007 19:46:36 -0000 1.6 +++ ltmain.sh 29 Jan 2009 21:33:12 -0000 1.7 @@ -46,16 +46,10 @@ VERSION=1.5.22 TIMESTAMP=" (1.1220.2.365 2005/12/18 22:14:06)" -# Be Bourne compatible (taken from Autoconf:_AS_BOURNE_COMPATIBLE). -if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then - emulate sh - NULLCMD=: - # Zsh 3.x and 4.x performs word splitting on ${1+"$@"}, which - # is contrary to our usage. Disable this feature. - alias -g '${1+"$@"}'='"$@"' +# See if we are running on zsh, and set the options which allow our +# commands through without removal of \ escapes. +if test -n "${ZSH_VERSION+set}" ; then setopt NO_GLOB_SUBST -else - case `(set -o) 2>/dev/null` in *posix*) set -o posix;; esac fi # Check that we have a working $echo. @@ -111,14 +105,12 @@ # These must not be set unconditionally because not all systems understand # e.g. LANG=C (notably SCO). # We save the old values to restore during execute mode. -for lt_var in LANG LC_ALL LC_CTYPE LC_COLLATE LC_MESSAGES -do - eval "if test \"\${$lt_var+set}\" = set; then - save_$lt_var=\$$lt_var - $lt_var=C - export $lt_var - fi" -done +if test "${LC_ALL+set}" = set; then + save_LC_ALL="$LC_ALL"; LC_ALL=C; export LC_ALL +fi +if test "${LANG+set}" = set; then + save_LANG="$LANG"; LANG=C; export LANG +fi # Make sure IFS has a sensible default lt_nl=' @@ -144,8 +136,6 @@ preserve_args= lo2o="s/\\.lo\$/.${objext}/" o2lo="s/\\.${objext}\$/.lo/" -extracted_archives= -extracted_serial=0 ##################################### # Shell function definitions: @@ -337,17 +327,7 @@ *) my_xabs=`pwd`"/$my_xlib" ;; esac my_xlib=`$echo "X$my_xlib" | $Xsed -e 's%^.*/%%'` - my_xlib_u=$my_xlib - while :; do - case " $extracted_archives " in - *" $my_xlib_u "*) - extracted_serial=`expr $extracted_serial + 1` - my_xlib_u=lt$extracted_serial-$my_xlib ;; - *) break ;; - esac - done - extracted_archives="$extracted_archives $my_xlib_u" - my_xdir="$my_gentop/$my_xlib_u" + my_xdir="$my_gentop/$my_xlib" $show "${rm}r $my_xdir" $run ${rm}r "$my_xdir" @@ -778,7 +758,6 @@ *.f90) xform=f90 ;; *.for) xform=for ;; *.java) xform=java ;; - *.obj) xform=obj ;; esac libobj=`$echo "X$libobj" | $Xsed -e "s/\.$xform$/.lo/"` @@ -1159,9 +1138,8 @@ for arg do case $arg in - -all-static | -static | -static-libtool-libs) - case $arg in - -all-static) + -all-static | -static) + if test "X$arg" = "X-all-static"; then if test "$build_libtool_libs" = yes && test -z "$link_static_flag"; then $echo "$modename: warning: complete static linking is impossible in this configuration" 1>&2 fi @@ -1169,20 +1147,12 @@ dlopen_self=$dlopen_self_static fi prefer_static_libs=yes - ;; - -static) + else if test -z "$pic_flag" && test -n "$link_static_flag"; then dlopen_self=$dlopen_self_static fi prefer_static_libs=built - ;; - -static-libtool-libs) - if test -z "$pic_flag" && test -n "$link_static_flag"; then - dlopen_self=$dlopen_self_static - fi - prefer_static_libs=yes - ;; - esac + fi build_libtool_libs=no build_old_libs=yes break @@ -1742,7 +1712,7 @@ continue ;; - -static | -static-libtool-libs) + -static) # The effects of -static are defined in a previous loop. # We used to do the same as -all-static on platforms that # didn't have a PIC flag, but the assumption that the effects @@ -2520,9 +2490,7 @@ if test "$linkmode,$pass" = "prog,link"; then if test -n "$library_names" && - { { test "$prefer_static_libs" = no || - test "$prefer_static_libs,$installed" = "built,yes"; } || - test -z "$old_library"; }; then + { test "$prefer_static_libs" = no || test -z "$old_library"; }; then # We need to hardcode the library path if test -n "$shlibpath_var" && test -z "$avoidtemprpath" ; then # Make sure the rpath contains only unique directories. @@ -3218,7 +3186,7 @@ # which has an extra 1 added just for fun # case $version_type in - darwin|linux|osf|windows|none) + darwin|linux|osf|windows) current=`expr $number_major + $number_minor` age="$number_minor" revision="$number_revision" @@ -3442,11 +3410,11 @@ fi # Eliminate all temporary directories. -# for path in $notinst_path; do -# lib_search_path=`$echo "$lib_search_path " | ${SED} -e "s% $path % %g"` -# deplibs=`$echo "$deplibs " | ${SED} -e "s% -L$path % %g"` -# dependency_libs=`$echo "$dependency_libs " | ${SED} -e "s% -L$path % %g"` -# done + for path in $notinst_path; do + lib_search_path=`$echo "$lib_search_path " | ${SED} -e "s% $path % %g"` + deplibs=`$echo "$deplibs " | ${SED} -e "s% -L$path % %g"` + dependency_libs=`$echo "$dependency_libs " | ${SED} -e "s% -L$path % %g"` + done if test -n "$xrpath"; then # If the user specified any rpath flags, then add them. @@ -3547,12 +3515,13 @@ int main() { return 0; } EOF $rm conftest - if $LTCC $LTCFLAGS -o conftest conftest.c $deplibs; then + $LTCC $LTCFLAGS -o conftest conftest.c $deplibs + if test "$?" -eq 0 ; then ldd_output=`ldd conftest` for i in $deplibs; do name=`expr $i : '-l\(.*\)'` # If $name is empty we are operating on a -L argument. - if test "$name" != "" && test "$name" != "0"; then + if test "$name" != "" && test "$name" -ne "0"; then if test "X$allow_libtool_libs_with_static_runtimes" = "Xyes" ; then case " $predeps $postdeps " in *" $i "*) @@ -3591,7 +3560,9 @@ # If $name is empty we are operating on a -L argument. if test "$name" != "" && test "$name" != "0"; then $rm conftest - if $LTCC $LTCFLAGS -o conftest conftest.c $i; then + $LTCC $LTCFLAGS -o conftest conftest.c $i + # Did it work? + if test "$?" -eq 0 ; then ldd_output=`ldd conftest` if test "X$allow_libtool_libs_with_static_runtimes" = "Xyes" ; then case " $predeps $postdeps " in @@ -3623,7 +3594,7 @@ droppeddeps=yes $echo $echo "*** Warning! Library $i is needed by this library but I was not able to" - $echo "*** make it link in! You will probably need to install it or some" + $echo "*** make it link in! You will probably need to install it or some" $echo "*** library that it depends on before this library will be fully" $echo "*** functional. Installing it before continuing would be even better." fi @@ -4268,14 +4239,12 @@ reload_conv_objs= gentop= # reload_cmds runs $LD directly, so let us get rid of - # -Wl from whole_archive_flag_spec and hope we can get by with - # turning comma into space.. + # -Wl from whole_archive_flag_spec wl= if test -n "$convenience"; then if test -n "$whole_archive_flag_spec"; then - eval tmp_whole_archive_flags=\"$whole_archive_flag_spec\" - reload_conv_objs=$reload_objs\ `$echo "X$tmp_whole_archive_flags" | $Xsed -e 's|,| |g'` + eval reload_conv_objs=\"\$reload_objs $whole_archive_flag_spec\" else gentop="$output_objdir/${obj}x" generated="$generated $gentop" @@ -4723,16 +4692,16 @@ case $host in *cygwin* | *mingw* ) if test -f "$output_objdir/${outputname}.def" ; then - compile_command=`$echo "X$compile_command" | $SP2NL | $Xsed -e "s%@SYMFILE@%$output_objdir/${outputname}.def $output_objdir/${outputname}S.${objext}%" | $NL2SP` - finalize_command=`$echo "X$finalize_command" | $SP2NL | $Xsed -e "s%@SYMFILE@%$output_objdir/${outputname}.def $output_objdir/${outputname}S.${objext}%" | $NL2SP` + compile_command=`$echo "X$compile_command" | $Xsed -e "s%@SYMFILE@%$output_objdir/${outputname}.def $output_objdir/${outputname}S.${objext}%"` + finalize_command=`$echo "X$finalize_command" | $Xsed -e "s%@SYMFILE@%$output_objdir/${outputname}.def $output_objdir/${outputname}S.${objext}%"` else - compile_command=`$echo "X$compile_command" | $SP2NL | $Xsed -e "s%@SYMFILE@%$output_objdir/${outputname}S.${objext}%" | $NL2SP` - finalize_command=`$echo "X$finalize_command" | $SP2NL | $Xsed -e "s%@SYMFILE@%$output_objdir/${outputname}S.${objext}%" | $NL2SP` + compile_command=`$echo "X$compile_command" | $Xsed -e "s%@SYMFILE@%$output_objdir/${outputname}S.${objext}%"` + finalize_command=`$echo "X$finalize_command" | $Xsed -e "s%@SYMFILE@%$output_objdir/${outputname}S.${objext}%"` fi ;; * ) - compile_command=`$echo "X$compile_command" | $SP2NL | $Xsed -e "s%@SYMFILE@%$output_objdir/${outputname}S.${objext}%" | $NL2SP` - finalize_command=`$echo "X$finalize_command" | $SP2NL | $Xsed -e "s%@SYMFILE@%$output_objdir/${outputname}S.${objext}%" | $NL2SP` + compile_command=`$echo "X$compile_command" | $Xsed -e "s%@SYMFILE@%$output_objdir/${outputname}S.${objext}%"` + finalize_command=`$echo "X$finalize_command" | $Xsed -e "s%@SYMFILE@%$output_objdir/${outputname}S.${objext}%"` ;; esac ;; @@ -4747,13 +4716,13 @@ # really was required. # Nullify the symbol file. - compile_command=`$echo "X$compile_command" | $SP2NL | $Xsed -e "s% @SYMFILE@%%" | $NL2SP` - finalize_command=`$echo "X$finalize_command" | $SP2NL | $Xsed -e "s% @SYMFILE@%%" | $NL2SP` + compile_command=`$echo "X$compile_command" | $Xsed -e "s% @SYMFILE@%%"` + finalize_command=`$echo "X$finalize_command" | $Xsed -e "s% @SYMFILE@%%"` fi if test "$need_relink" = no || test "$build_libtool_libs" != yes; then # Replace the output file specification. - compile_command=`$echo "X$compile_command" | $SP2NL | $Xsed -e 's%@OUTPUT@%'"$output"'%g' | $NL2SP` + compile_command=`$echo "X$compile_command" | $Xsed -e 's%@OUTPUT@%'"$output"'%g'` link_command="$compile_command$compile_rpath" # We have no uninstalled library dependencies, so finalize right now. @@ -4840,7 +4809,7 @@ if test "$fast_install" != no; then link_command="$finalize_var$compile_command$finalize_rpath" if test "$fast_install" = yes; then - relink_command=`$echo "X$compile_var$compile_command$compile_rpath" | $SP2NL | $Xsed -e 's%@OUTPUT@%\$progdir/\$file%g' | $NL2SP` + relink_command=`$echo "X$compile_var$compile_command$compile_rpath" | $Xsed -e 's%@OUTPUT@%\$progdir/\$file%g'` else # fast_install is set to needless relink_command= @@ -4877,7 +4846,7 @@ fi done relink_command="(cd `pwd`; $relink_command)" - relink_command=`$echo "X$relink_command" | $SP2NL | $Xsed -e "$sed_quote_subst" | $NL2SP` + relink_command=`$echo "X$relink_command" | $Xsed -e "$sed_quote_subst"` fi # Quote $echo for shipping. @@ -5284,18 +5253,6 @@ Xsed='${SED} -e 1s/^X//' sed_quote_subst='$sed_quote_subst' -# Be Bourne compatible (taken from Autoconf:_AS_BOURNE_COMPATIBLE). -if test -n \"\${ZSH_VERSION+set}\" && (emulate sh) >/dev/null 2>&1; then - emulate sh - NULLCMD=: - # Zsh 3.x and 4.x performs word splitting on \${1+\"\$@\"}, which - # is contrary to our usage. Disable this feature. - alias -g '\${1+\"\$@\"}'='\"\$@\"' - setopt NO_GLOB_SUBST -else - case \`(set -o) 2>/dev/null\` in *posix*) set -o posix;; esac -fi - # The HP-UX ksh and POSIX shell print the target directory to stdout # if CDPATH is set. (unset CDPATH) >/dev/null 2>&1 && unset CDPATH @@ -5438,7 +5395,7 @@ ;; esac $echo >> $output "\ - \$echo \"\$0: cannot exec \$program \$*\" + \$echo \"\$0: cannot exec \$program \${1+\"\$@\"}\" exit $EXIT_FAILURE fi else @@ -5624,7 +5581,7 @@ done # Quote the link command for shipping. relink_command="(cd `pwd`; $SHELL $progpath $preserve_args --mode=relink $libtool_args @inst_prefix_dir@)" - relink_command=`$echo "X$relink_command" | $SP2NL | $Xsed -e "$sed_quote_subst" | $NL2SP` + relink_command=`$echo "X$relink_command" | $Xsed -e "$sed_quote_subst"` if test "$hardcode_automatic" = yes ; then relink_command= fi @@ -5969,9 +5926,9 @@ if test -n "$inst_prefix_dir"; then # Stick the inst_prefix_dir data into the link command. - relink_command=`$echo "$relink_command" | $SP2NL | $SED "s%@inst_prefix_dir@%-inst-prefix-dir $inst_prefix_dir%" | $NL2SP` + relink_command=`$echo "$relink_command" | $SED "s%@inst_prefix_dir@%-inst-prefix-dir $inst_prefix_dir%"` else - relink_command=`$echo "$relink_command" | $SP2NL | $SED "s%@inst_prefix_dir@%%" | $NL2SP` + relink_command=`$echo "$relink_command" | $SED "s%@inst_prefix_dir@%%"` fi $echo "$modename: warning: relinking \`$file'" 1>&2 @@ -6180,7 +6137,7 @@ file=`$echo "X$file$stripped_ext" | $Xsed -e 's%^.*/%%'` outputname="$tmpdir/$file" # Replace the output file specification. - relink_command=`$echo "X$relink_command" | $SP2NL | $Xsed -e 's%@OUTPUT@%'"$outputname"'%g' | $NL2SP` + relink_command=`$echo "X$relink_command" | $Xsed -e 's%@OUTPUT@%'"$outputname"'%g'` $show "$relink_command" if $run eval "$relink_command"; then : @@ -6456,15 +6413,12 @@ fi # Restore saved environment variables - for lt_var in LANG LC_ALL LC_CTYPE LC_COLLATE LC_MESSAGES - do - eval "if test \"\${save_$lt_var+set}\" = set; then - $lt_var=\$save_$lt_var; export $lt_var - else - $lt_unset $lt_var - fi" - done - + if test "${save_LC_ALL+set}" = set; then + LC_ALL="$save_LC_ALL"; export LC_ALL + fi + if test "${save_LANG+set}" = set; then + LANG="$save_LANG"; export LANG + fi # Now prepare to actually exec the command. exec_cmd="\$cmd$args" @@ -6821,9 +6775,9 @@ -dlpreopen FILE link in FILE and add its symbols to lt_preloaded_symbols -export-dynamic allow symbols from OUTPUT-FILE to be resolved with dlsym(3) -export-symbols SYMFILE - try to export only the symbols listed in SYMFILE + try to export only the symbols listed in SYMFILE -export-symbols-regex REGEX - try to export only the symbols matching REGEX + try to export only the symbols matching REGEX -LLIBDIR search LIBDIR for required installed libraries -lNAME OUTPUT-FILE requires the installed library libNAME -module build a library that can dlopened @@ -6837,11 +6791,9 @@ -release RELEASE specify package release information -rpath LIBDIR the created library will eventually be installed in LIBDIR -R[ ]LIBDIR add LIBDIR to the runtime path of programs and libraries - -static do not do any dynamic linking of uninstalled libtool libraries - -static-libtool-libs - do not do any dynamic linking of libtool libraries + -static do not do any dynamic linking of libtool libraries -version-info CURRENT[:REVISION[:AGE]] - specify library version info [each variable defaults to 0] + specify library version info [each variable defaults to 0] All other options (arguments beginning with \`-') are ignored. From nkinder at fedoraproject.org Thu Jan 29 23:41:37 2009 From: nkinder at fedoraproject.org (Nathan Kinder) Date: Thu, 29 Jan 2009 23:41:37 +0000 (UTC) Subject: [Fedora-directory-commits] ldapserver/wrappers initscript.in, 1.10, 1.11 Message-ID: <20090129234137.CB2A270141@cvs1.fedora.phx.redhat.com> Author: nkinder Update of /cvs/dirsec/ldapserver/wrappers In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv4123/wrappers Modified Files: initscript.in Log Message: Resolves: 452007 Summary: Make init script ignore removed instances. Index: initscript.in =================================================================== RCS file: /cvs/dirsec/ldapserver/wrappers/initscript.in,v retrieving revision 1.10 retrieving revision 1.11 diff -u -r1.10 -r1.11 --- initscript.in 14 Jan 2009 19:23:12 -0000 1.10 +++ initscript.in 29 Jan 2009 23:41:35 -0000 1.11 @@ -97,7 +97,8 @@ INSTANCES="" -for FILE in `/bin/ls -d $instbase/slapd-* 2>/dev/null`; do +# Ignore instances that have been removed +for FILE in `/bin/ls -d $instbase/slapd-* | sed -n '/\.removed$/!p' 2>/dev/null`; do if [ -d "$FILE" ] ; then inst=`echo "$FILE" | sed -e "s|$instbase/slapd-||"` INSTANCES="$INSTANCES $inst" From nhosoi at fedoraproject.org Sat Jan 31 00:06:13 2009 From: nhosoi at fedoraproject.org (Noriko Hosoi) Date: Sat, 31 Jan 2009 00:06:13 +0000 (UTC) Subject: [Fedora-directory-commits] ldapserver/ldap/servers/slapd main.c, 1.31, 1.32 Message-ID: <20090131000613.A01E070141@cvs1.fedora.phx.redhat.com> Author: nhosoi Update of /cvs/dirsec/ldapserver/ldap/servers/slapd In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv27705 Modified Files: main.c Log Message: Resolves: #483167 Summary: db2ldif -s "" crashes with segmentation fault Change description: adding a check to see if there is no entries. Index: main.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/main.c,v retrieving revision 1.31 retrieving revision 1.32 diff -u -r1.31 -r1.32 --- main.c 9 Jan 2009 17:24:30 -0000 1.31 +++ main.c 31 Jan 2009 00:06:11 -0000 1.32 @@ -1917,7 +1917,7 @@ } rval = 0; - for (ep = entries; *ep; ep++) { + for (ep = entries; ep && *ep; ep++) { backend = slapi_entry_attr_get_charptr(*ep, "nsslapd-backend"); if (backend) { charray_add(instances, backend);