From 6d559c537c2709b25881e08acdb2cbfaf1153f2a Mon Sep 17 00:00:00 2001 From: unknown Date: Sep 09 2005 00:51:53 +0000 Subject: This commit was manufactured by cvs2git to create tag 'ds71sp1_winsync_20050912'. --- diff --git a/Makefile b/Makefile index e73ca9e..3e3dc48 100644 --- a/Makefile +++ b/Makefile @@ -79,7 +79,7 @@ help: @echo " USE_ORGCHART=1 - build/bundle the Org Chart webapp" @echo " USE_DSGW=1 - build/bundle the Phonebook/DS Gateway webapp" @echo " USE_JAVATOOLS=1 - build/bundle the Java command line tools" - @echo " USE_SETUPSDK=1 - build/bundle programs that use Setup SDK" + @echo " USE_SETUPUTIL=1 - build/bundle programs that use Setuputil" ###### Implementation notes: # @@ -131,7 +131,7 @@ help: ifeq ($(INTERNAL_BUILD), 1) COMPONENT_DEPENDENCIES = $(ADMINUTIL_DEP) $(NSPR_DEP) $(ARLIB_DEP) $(DBM_DEP) $(SECURITY_DEP) $(SVRCORE_DEP) \ - $(ICU_DEP) $(SETUPSDK_DEP) $(LDAPSDK_DEP) $(DB_LIB_DEP) $(SASL_DEP) $(NETSNMP_DEP) \ + $(ICU_DEP) $(SETUPUTIL_DEP) $(LDAPSDK_DEP) $(DB_LIB_DEP) $(SASL_DEP) $(NETSNMP_DEP) \ $(AXIS_DEP) $(DSMLJAR_DEP) $(DSDOC_DEP) $(ADSYNC_DEP) $(NT4SYNC_DEP) endif @@ -206,9 +206,14 @@ brandDirectory: $(RELTOOLSPATH)/brandver.pl $(RELTOOLSPATH)/brandver.pl -i branding/rhds/brandver.dat -s redhat-ds.spec @echo ==== Finished Branding LDAP Server ========== +debrandDirectory: $(RELTOOLSPATH)/brandver.pl + @echo ==== Debranding LDAP Server ========== + $(RELTOOLSPATH)/brandver.pl -i branding/fedora/brandver.dat -s fedora-ds.spec + @echo ==== Finished Debranding LDAP Server ========== + normalizeDirectory: $(RELTOOLSPATH)/brandver.pl @echo ==== Normalizing LDAP Server ========== - $(RELTOOLSPATH)/brandver.pl -i branding/rhds/normalize.dat -s redhat-ds.spec + $(RELTOOLSPATH)/brandver.pl -i branding/fedora/normalize.dat -s redhat-ds.spec @echo ==== Normalizing Branding LDAP Server ========== buildAndPkgDirectory: buildDirectory pkgDirectory @@ -311,7 +316,7 @@ Longduration: setupDirectory: cd ldap/cm; $(MAKE) $(MFLAGS) releaseDirectory; -ifeq ($(USE_SETUPSDK), 1) +ifeq ($(USE_SETUPUTIL), 1) cd ldap/cm; $(MAKE) $(MFLAGS) packageDirectory; endif diff --git a/component_versions.mk b/component_versions.mk index 1a9024b..5c47b76 100644 --- a/component_versions.mk +++ b/component_versions.mk @@ -122,10 +122,10 @@ endif # admin server ifndef ADM_RELDATE - ADM_RELDATE = 20050512 + ADM_RELDATE = 20050901 endif ifndef ADM_VERSDIR - ADM_VERSDIR = adminserver/70$(BUILD_MODE) + ADM_VERSDIR = adminserver/7.1 endif # Net-SNMP @@ -133,16 +133,17 @@ ifndef NETSNMP_VER NETSNMP_VER = v5.2.1 endif -# setup sdk -ifndef SETUP_SDK_RELDATE - SETUP_SDK_RELDATE = 20050426 +# setuputil +ifndef SETUPUTIL_RELDATE + SETUPUTIL_RELDATE = 20050831 endif -ifndef SETUPSDK_VER - SETUPSDK_VER = 70 +ifndef SETUPUTIL_VER + SETUPUTIL_VER = 71 + SETUPUTIL_DOT_VER = 7.1 endif -ifndef SETUPSDK_VERSDIR - SETUPSDK_VERSDIR=setupsdk$(SETUPSDK_VER)$(BUILD_MODE) +ifndef SETUPUTIL_VERSDIR + SETUPUTIL_VERSDIR=setuputil/$(SETUPUTIL_DOT_VER) endif # infozip utilities @@ -157,14 +158,15 @@ endif # admin utility library ifndef ADMINUTIL_VER - ADMINUTIL_VER=70 + ADMINUTIL_VER=71 + ADMINUTIL_DOT_VER=7.1 endif ifndef ADMINUTIL_RELDATE - ADMINUTIL_RELDATE=20050330 + ADMINUTIL_RELDATE=20050721 endif ifndef ADMINUTIL_VERSDIR - ADMINUTIL_VERSDIR=adminsdk$(ADMINUTIL_VER)$(BUILD_MODE) + ADMINUTIL_VERSDIR=adminutil/$(ADMINUTIL_DOT_VER) endif # LDAP Console diff --git a/components.mk b/components.mk index d218fa4..8c367f6 100644 --- a/components.mk +++ b/components.mk @@ -152,7 +152,7 @@ NSPR_LIBS_TO_PKG = $(addsuffix .$(DLL_SUFFIX),$(addprefix $(NSPR_LIBPATH)/lib,$( LIBS_TO_PKG += $(NSPR_LIBS_TO_PKG) LIBS_TO_PKG_SHARED += $(NSPR_LIBS_TO_PKG) # needed for cmd line tools -ifeq ($(USE_SETUPSDK), 1) +ifeq ($(USE_SETUPUTIL), 1) PACKAGE_SETUP_LIBS += $(NSPR_LIBS_TO_PKG) endif ifeq ($(USE_DSGW), 1) @@ -237,7 +237,7 @@ SECURITY_LIBS_TO_PKG = $(addsuffix .$(DLL_SUFFIX),$(addprefix $(SECURITY_LIBPATH SECURITY_LIBS_TO_PKG += $(addsuffix .chk,$(addprefix $(SECURITY_LIBPATH)/$(LIB_PREFIX),$(SECURITY_NEED_CHK))) LIBS_TO_PKG += $(SECURITY_LIBS_TO_PKG) LIBS_TO_PKG_SHARED += $(SECURITY_LIBS_TO_PKG) # for cmd line tools -ifeq ($(USE_SETUPSDK), 1) +ifeq ($(USE_SETUPUTIL), 1) PACKAGE_SETUP_LIBS += $(SECURITY_LIBS_TO_PKG) endif ifeq ($(USE_DSGW), 1) @@ -318,7 +318,7 @@ ifeq ($(ARCH), WINNT) LIBS_TO_PKG += $(addsuffix .$(DLL_SUFFIX),$(addprefix $(LDAPSDK_LIBPATH)/,$(LDAPDLL_NAME))) LIBS_TO_PKG_SHARED += $(addsuffix .$(DLL_SUFFIX),$(addprefix $(LDAPSDK_LIBPATH)/,$(LDAPDLL_NAME))) - ifeq ($(USE_SETUPSDK), 1) + ifeq ($(USE_SETUPUTIL), 1) PACKAGE_SETUP_LIBS += $(addsuffix .$(DLL_SUFFIX),$(addprefix $(LDAPSDK_LIBPATH)/,$(LDAPDLL_NAME))) endif ifeq ($(USE_DSGW), 1) @@ -339,7 +339,7 @@ else # not WINNT LIBS_TO_PKG += $(addprefix $(LDAPSDK_LIBPATH)/,$(LDAP_SOLIBS)) LIBS_TO_PKG_SHARED += $(addprefix $(LDAPSDK_LIBPATH)/,$(LDAP_SOLIBS)) - ifeq ($(USE_SETUPSDK), 1) + ifeq ($(USE_SETUPUTIL), 1) PACKAGE_SETUP_LIBS += $(addprefix $(LDAPSDK_LIBPATH)/,$(LDAP_SOLIBS)) endif ifeq ($(USE_DSGW), 1) diff --git a/internal_comp_deps.mk b/internal_comp_deps.mk index 1665f58..6cb72d1 100644 --- a/internal_comp_deps.mk +++ b/internal_comp_deps.mk @@ -322,10 +322,14 @@ endif # DB_SOURCE_ROOT # ADMINUTIL library ####################################### ADMINUTIL_VERSION=$(ADMINUTIL_RELDATE) -ADMINUTIL_BASE=adminsdk/$(ADMINUTIL_VERSDIR)/${ADMINUTIL_VERSION} -ADMSDKOBJDIR = $(FULL_RTL_OBJDIR) -ADMINUTIL_IMPORT=$(COMPONENTS_DIR)/${ADMINUTIL_BASE}/$(NSOBJDIR_NAME) -#ADMINUTIL_IMPORT=$(COMPONENTS_DIR_DEV)/${ADMINUTIL_BASE}/$(NSOBJDIR_NAME) +ADMINUTIL_BASE=$(ADMINUTIL_VERSDIR)/${ADMINUTIL_VERSION} +ifeq ($(BUILD_MODE), int) + ADMINUTIL_IMPORT=$(COMPONENTS_DIR)/${ADMINUTIL_BASE}/$(NSOBJDIR_NAME) +# ADMINUTIL_IMPORT=$(COMPONENTS_DIR_DEV)/${ADMINUTIL_BASE}/$(NSOBJDIR_NAME) +else + ADMINUTIL_IMPORT=$(COMPONENTS_DIR)/${ADMINUTIL_BASE}/$(NSOBJDIR_NAME) +# ADMINUTIL_IMPORT=$(FED_COMPONENTS_DIR)/${ADMINUTIL_BASE}/$(NSOBJDIR_NAME) +endif # this is the base directory under which the component's files will be found # during the build process ADMINUTIL_BUILD_DIR=$(NSCP_DISTDIR_FULL_RTL)/adminutil @@ -339,7 +343,7 @@ LIBS_TO_PKG_CLIENTS += $(wildcard $(ADMINUTIL_LIBPATH)/*.$(DLL_SUFFIX)) # # Libadminutil # -ADMINUTIL_DEP = $(ADMINUTIL_LIBPATH)/libadminutil$(ADMINUTIL_VER).$(LIB_SUFFIX) +ADMINUTIL_DEP = $(ADMINUTIL_LIBPATH)/libadminutil$(ADMINUTIL_VER).$(DLL_SUFFIX) ifeq ($(ARCH), WINNT) ADMINUTIL_LINK = /LIBPATH:$(ADMINUTIL_LIBPATH) libadminutil$(ADMINUTIL_VER).$(LIB_SUFFIX) ADMINUTIL_S_LINK = /LIBPATH:$(ADMINUTIL_LIBPATH) libadminutil_s$(ADMINUTIL_VER).$(LIB_SUFFIX) @@ -376,7 +380,7 @@ NETSNMP_DEP = $(NETSNMP_INCDIR)/net-snmp/net-snmp-includes.h ifndef NETSNMP_PULL_METHOD NETSNMP_PULL_METHOD = $(COMPONENT_PULL_METHOD) endif - + $(NETSNMP_DEP): $(NSCP_DISTDIR_FULL_RTL) ifneq ($(ARCH), WINNT) ifdef COMPONENT_DEPS @@ -392,41 +396,45 @@ endif # NETSNMP_SOURCE_ROOT ########################################################### -### SETUPSDK ############################# +### SETUPUTIL ############################# # this is where the build looks for setupsdk components -SETUP_SDK_BUILD_DIR = $(NSCP_DISTDIR)/setupsdk -SETUPSDK_VERSION = $(SETUP_SDK_RELDATE) -SETUPSDK_RELEASE = $(COMPONENTS_DIR)/setupsdk/$(SETUPSDK_VERSDIR)/$(SETUPSDK_VERSION)/$(NSOBJDIR_NAME) -#SETUPSDK_RELEASE = $(COMPONENTS_DIR_DEV)/setupsdk/$(SETUPSDK_VERSDIR)/$(SETUPSDK_VERSION)/$(NSOBJDIR_NAME) -SETUPSDK_LIBPATH = $(SETUP_SDK_BUILD_DIR)/lib -SETUPSDK_INCDIR = $(SETUP_SDK_BUILD_DIR)/include -SETUPSDK_BINPATH = $(SETUP_SDK_BUILD_DIR)/bin -SETUPSDK_INCLUDE = -I$(SETUPSDK_INCDIR) +SETUPUTIL_BUILD_DIR = $(NSCP_DISTDIR)/setuputil +SETUPUTIL_VERSION = $(SETUPUTIL_RELDATE) +ifeq ($(BUILD_MODE), int) +# SETUPUTIL_RELEASE = $(COMPONENTS_DIR)/$(SETUPUTIL_VERSDIR)/$(SETUPUTIL_VERSION)/$(NSOBJDIR_NAME) + SETUPUTIL_RELEASE = $(COMPONENTS_DIR_DEV)/$(SETUPUTIL_VERSDIR)/$(SETUPUTIL_VERSION)/$(NSOBJDIR_NAME) +else + SETUPUTIL_RELEASE = $(FED_COMPONENTS_DIR)/$(SETUPUTIL_VERSDIR)/$(SETUPUTIL_VERSION)/$(NSOBJDIR_NAME) +endif +SETUPUTIL_LIBPATH = $(SETUPUTIL_BUILD_DIR)/lib +SETUPUTIL_INCDIR = $(SETUPUTIL_BUILD_DIR)/include +SETUPUTIL_BINPATH = $(SETUPUTIL_BUILD_DIR)/bin +SETUPUTIL_INCLUDE = -I$(SETUPUTIL_INCDIR) ifeq ($(ARCH), WINNT) -SETUP_SDK_FILES = setupsdk.tar.gz -unzip $(NSCP_DISTDIR)/setupsdk -SETUPSDK_DEP = $(SETUPSDK_LIBPATH)/nssetup32.$(LIB_SUFFIX) -SETUPSDKLINK = /LIBPATH:$(SETUPSDK_LIBPATH) nssetup32.$(LIB_SUFFIX) -SETUPSDK_S_LINK = /LIBPATH:$(SETUPSDK_LIBPATH) nssetup32_s.$(LIB_SUFFIX) +SETUPUTIL_FILES = setuputil.tar.gz -unzip $(NSCP_DISTDIR)/setuputil +SETUPUTIL_DEP = $(SETUPUTIL_LIBPATH)/nssetup32.$(LIB_SUFFIX) +SETUPUTILLINK = /LIBPATH:$(SETUPUTIL_LIBPATH) nssetup32.$(LIB_SUFFIX) +SETUPUTIL_S_LINK = /LIBPATH:$(SETUPUTIL_LIBPATH) nssetup32_s.$(LIB_SUFFIX) else -SETUP_SDK_FILES = bin,lib,include -SETUPSDK_DEP = $(SETUPSDK_LIBPATH)/libinstall.$(LIB_SUFFIX) -SETUPSDKLINK = -L$(SETUPSDK_LIBPATH) -linstall -SETUPSDK_S_LINK = $(SETUPSDKLINK) +SETUPUTIL_FILES = bin,lib,include +SETUPUTIL_DEP = $(SETUPUTIL_LIBPATH)/libinstall.$(LIB_SUFFIX) +SETUPUTILLINK = -L$(SETUPUTIL_LIBPATH) -linstall +SETUPUTIL_S_LINK = $(SETUPUTILLINK) endif -ifndef SETUPSDK_PULL_METHOD -SETUPSDK_PULL_METHOD = $(COMPONENT_PULL_METHOD) +ifndef SETUPUTIL_PULL_METHOD +SETUPUTIL_PULL_METHOD = $(COMPONENT_PULL_METHOD) endif -$(SETUPSDK_DEP): $(NSCP_DISTDIR) +$(SETUPUTIL_DEP): $(NSCP_DISTDIR) ifdef COMPONENT_DEPS - $(FTP_PULL) -method $(SETUPSDK_PULL_METHOD) \ - -objdir $(SETUP_SDK_BUILD_DIR) -componentdir $(SETUPSDK_RELEASE) \ - -files $(SETUP_SDK_FILES) + $(FTP_PULL) -method $(SETUPUTIL_PULL_METHOD) \ + -objdir $(SETUPUTIL_BUILD_DIR) -componentdir $(SETUPUTIL_RELEASE) \ + -files $(SETUPUTIL_FILES) endif -@if [ ! -f $@ ] ; \ - then echo "Error: could not get component SETUPSDK file $@" ; \ + then echo "Error: could not get component SETUPUTIL file $@" ; \ fi # apache-axis java classes ####################################### AXIS = axis-$(AXIS_VERSION).zip @@ -702,28 +710,13 @@ endif ADMIN_REL = $(ADM_VERSDIR) ADMIN_REL_DATE = $(ADM_VERSION) -ADMIN_FILE = admserv.tar.gz -ADMIN_FILE_TAR = admserv.tar -ADMSDKOBJDIR = $(NSCONFIG)$(NSOBJDIR_TAG).OBJ -IMPORTADMINSRV_BASE=$(COMPONENTS_DIR)/$(ADMIN_REL)/$(ADMIN_REL_DATE) -#IMPORTADMINSRV_BASE=$(COMPONENTS_DIR_DEV)/$(ADMIN_REL)/$(ADMIN_REL_DATE) +#ADMIN_FILE = adminserver.tar.gz +ADMIN_FILE = admin,base +ADMIN_FILE_TAR = adminserver.tar +IMPORTADMINSRV_BASE=$(COMPONENTS_DIR_DEV)/$(ADMIN_REL)/$(ADMIN_REL_DATE) IMPORTADMINSRV = $(IMPORTADMINSRV_BASE)/$(NSOBJDIR_NAME_32) -ADMSERV_DIR=$(ABS_ROOT_PARENT)/dist/$(NSOBJDIR_NAME)/admserv -ADMSERV_DEP = $(ADMSERV_DIR)/setup$(EXE_SUFFIX) - -ifdef FORTEZZA - ADM_VERSION = $(ADM_RELDATE)F -else - ifeq ($(SECURITY), domestic) - ADM_VERSION = $(ADM_RELDATE)D - else - ifneq ($(ARCH), IRIX) - ADM_VERSION = $(ADM_RELDATE)E - else - ADM_VERSION = $(ADM_RELDATE)D - endif - endif -endif +ADMSERV_DIR=$(ABS_ROOT_PARENT)/dist/$(NSOBJDIR_NAME)/adminserver +ADMSERV_DEP = $(ADMSERV_DIR)/admin/admin.inf ADM_VERSION = $(ADM_RELDATE) ADM_RELEASE = $(COMPONENTS_DIR)/$(ADM_VERSDIR)/$(ADM_VERSION)/$(NSOBJDIR_NAME) @@ -741,7 +734,7 @@ $(ADMSERV_DEP): $(ABS_ROOT_PARENT)/dist/$(NSOBJDIR_NAME) ifdef ADMSERV_DEPS $(FTP_PULL) -method $(ADMSERV_PULL_METHOD) \ -objdir $(ADMSERV_DIR) -componentdir $(IMPORTADMINSRV) \ - -files $(ADMIN_FILE) -unzip $(ADMSERV_DIR) + -files $(ADMIN_FILE) endif @if [ ! -f $@ ] ; \ then echo "Error: could not get component ADMINSERV file $@" ; \ @@ -755,7 +748,7 @@ DSDOC_DIR = $(ABS_ROOT)/../dist/dsdoc DSDOC_VERSDIR = $(DIR_NORM_VERSION)$(BUILD_MODE) #DSDOC_RELEASE = $(COMPONENTS_DIR_DEV)/ldapserverdoc/$(DSDOC_VERSDIR)/$(DSDOC_RELDATE) DSDOC_RELEASE = $(COMPONENTS_DIR)/ldapserverdoc/$(DSDOC_VERSDIR)/$(DSDOC_RELDATE) - + DSDOC_CLIENTS = slapd_clients.zip DSDOC_COPYRIGHT = slapd_copyright.zip DSDOC_FILES = $(DSDOC_COPYRIGHT),$(DSDOC_CLIENTS) diff --git a/ldap/Makefile b/ldap/Makefile index c9d3c78..2af98bf 100644 --- a/ldap/Makefile +++ b/ldap/Makefile @@ -61,7 +61,7 @@ ldapprogs: ifneq ($(ARCH), WINNT) cd systools; $(MAKE) $(MFLAGS) all # new unix installer -ifeq ($(USE_SETUPSDK), 1) +ifeq ($(USE_SETUPUTIL), 1) cd cm/newinst; $(MAKE) $(MFLAGS) all ifeq ($(USE_64),1) # In 64-bit builds, we build the installer 32-bit, which has the side-effect that the uninstaller and ns-update scripts @@ -70,11 +70,11 @@ ifeq ($(USE_64),1) $(CP) $(RELDIR_32)/bin/slapd/admin/bin/ns-update $(LDAP_ADMIN_BIN_RELDIR) $(CP) $(RELDIR_32)/bin/slapd/admin/bin/uninstall $(LDAP_ADMIN_BIN_RELDIR) endif # USE_64 -endif # USE_SETUPSDK +endif # USE_SETUPUTIL else # not WINNT -ifeq ($(USE_SETUPSDK), 1) +ifeq ($(USE_SETUPUTIL), 1) cd cm/newinstnt; $(MAKE) $(MFLAGS) all -endif # USE_SETUPSDK +endif # USE_SETUPUTIL endif # WINNT cd admin; $(MAKE) $(MFLAGS) all ifeq ($(ARCH), WINNT) diff --git a/ldap/admin/src/DSAdmin.mk b/ldap/admin/src/DSAdmin.mk index 50a27fb..0a1db8f 100644 --- a/ldap/admin/src/DSAdmin.mk +++ b/ldap/admin/src/DSAdmin.mk @@ -62,7 +62,7 @@ ifneq ($(ARCH), WINNT) EXTRALDFLAGS += $(SSLLIBFLAG) endif -EXTRA_LIBS += $(LIBPERL_A) $(SETUPSDK_S_LINK) $(LDAP_ADMLIB) \ +EXTRA_LIBS += $(LIBPERL_A) $(SETUPUTIL_S_LINK) $(LDAP_ADMLIB) \ $(LDAPLINK) $(DEPLINK) $(ADMINUTIL_LINK) \ $(NSPRLINK) $(NLSLINK) \ $(NLSLINK_CONV_STATIC) @@ -102,7 +102,7 @@ DSADMIN_BASENAME = DSAdmin$(DLL_PRESUFFIX).$(DLL_SUFFIX) OBJS= $(addprefix $(OBJDEST)/, $(DSADMIN_OBJS)) DSADMIN_SO = $(addprefix $(BINDIR)/, $(DSADMIN_BASENAME)) -EXTRA_LIBS_DEP = $(SETUPSDK_DEP) +EXTRA_LIBS_DEP = $(SETUPUTIL_DEP) # for Solaris, our most common unix build platform, we check for undefined # symbols at link time so we don't catch them at run time. To do this, we diff --git a/ldap/admin/src/Makefile b/ldap/admin/src/Makefile index fedbd72..af5cb82 100644 --- a/ldap/admin/src/Makefile +++ b/ldap/admin/src/Makefile @@ -95,8 +95,8 @@ ifeq ($(USE_ADMINSERVER), 1) EXTRA_LIBS += $(ADMINUTIL_LINK) endif EXTRA_LIBS += $(SECURITYLINK) $(NSPRLINK) -ifeq ($(USE_SETUPSDK), 1) - EXTRA_LIBS += $(SETUPSDK_S_LINK) +ifeq ($(USE_SETUPUTIL), 1) + EXTRA_LIBS += $(SETUPUTIL_S_LINK) endif EXTRA_LIBS += $(ICULINK) $(OLD_EXTRA_LIBS) @@ -220,7 +220,7 @@ endif ifeq ($(ARCH), WINNT) OBJECTS += namegen.o latest_file.o -ifeq ($(USE_SETUPSDK), 1) +ifeq ($(USE_SETUPUTIL), 1) OBJECTS += ds_remove_uninst.o endif endif @@ -308,7 +308,7 @@ $(BINDIR)/ds_create.exe: $(OBJDEST)/instindex.o $(OBJDEST)/cfg_sspt.o \ $(LINK_EXE) $(NT_NOLIBS) $(OBJDEST)/instindex.o \ $(OBJDEST)/create_instance.o $(OBJDEST)/cfg_sspt.o \ $(OBJDEST)/configure_instance.o $(OBJDEST)/script-gen.o \ - $(SETUPSDK_S_LINK) $(LDAP_SDK_LIBS) $(LIBNT) \ + $(SETUPUTIL_S_LINK) $(LDAP_SDK_LIBS) $(LIBNT) \ $(NSPRLINK) $(EXTRA_LIBS) $(DB_LIB) # linking this file causes a .exp and a .lib file to be generated which don't seem # to be required while running, so I get rid of them @@ -317,10 +317,10 @@ $(BINDIR)/ds_create.exe: $(OBJDEST)/instindex.o $(OBJDEST)/cfg_sspt.o \ $(BINDIR)/ds_remove: $(OBJDEST)/ds_remove.o $(OBJDEST)/ds_remove_uninst.o $(DEPLIBS) $(EXTRA_LIBS_DEP) $(LINK_EXE_NOLIBSOBJS) $(SHARED) $(EXTRALDFLAGS) \ $(OBJDEST)/ds_remove.o $(OBJDEST)/ds_remove_uninst.o $(OBJDEST)/init_ds_env.o \ - $(SETUPSDK_S_LINK) $(GLUEOBJ) $(EXTRA_LIBS) + $(SETUPUTIL_S_LINK) $(GLUEOBJ) $(EXTRA_LIBS) $(BINDIR)/ds_remove.exe: $(OBJDEST)/ds_remove.o $(OBJDEST)/ds_remove_uninst.o $(DEPLIBS) $(EXTRA_LIBS_DEP) - $(LINK_EXE) $(OBJDEST)/ds_remove_uninst.o $(OBJDEST)/ds_remove.o $(OBJDEST)/init_ds_env.o $(LDAP_SDK_LIBS) $(NSPRLINK) $(SETUPSDK_S_LINK) $(NT_NOLIBS) + $(LINK_EXE) $(OBJDEST)/ds_remove_uninst.o $(OBJDEST)/ds_remove.o $(OBJDEST)/init_ds_env.o $(LDAP_SDK_LIBS) $(NSPRLINK) $(SETUPUTIL_S_LINK) $(NT_NOLIBS) # linking this file causes a .exp and a .lib file to be generated which don't seem # to be required while running, so I get rid of them $(RM) $(subst .exe,.exp,$@) $(subst .exe,.lib,$@) @@ -330,9 +330,9 @@ $(OBJDEST)/%.o: %.c $(OBJDEST)/%.o: %.cpp ifeq ($(ARCH), WINNT) - $(CC) -c $(CFLAGS) $(MCC_INCLUDE) $(SETUPSDK_INCLUDE) $< $(OFFLAG)$@ + $(CC) -c $(CFLAGS) $(MCC_INCLUDE) $(SETUPUTIL_INCLUDE) $< $(OFFLAG)$@ else - $(CXX) $(EXCEPTIONS) -c $(CFLAGS) $(MCC_INCLUDE) $(SETUPSDK_INCLUDE) $< $(OFFLAG)$@ + $(CXX) $(EXCEPTIONS) -c $(CFLAGS) $(MCC_INCLUDE) $(SETUPUTIL_INCLUDE) $< $(OFFLAG)$@ endif ifneq ($(ARCH), WINNT) diff --git a/ldap/admin/src/create_instance.c b/ldap/admin/src/create_instance.c index 2bc8c62..11ff03e 100644 --- a/ldap/admin/src/create_instance.c +++ b/ldap/admin/src/create_instance.c @@ -1161,7 +1161,7 @@ char *create_server(server_config_s *cf, char *param_name) " sleep 1;\n" " else\n" " PID=`cat $PIDFILE`\n" - /* rbyrne: setupsdk takes any message here as an error: + /* rbyrne: setuputil takes any message here as an error: " echo Server has been started. ns-slapd process started: $PID\n"*/ " exit 0;\n" " fi\n" @@ -1218,7 +1218,7 @@ char *create_server(server_config_s *cf, char *param_name) " sleep 1;\n" " else\n" " PID=`cat $PIDFILE`\n" - /* rbyrne: setupsdk takes any message here as an error: + /* rbyrne: setuputil takes any message here as an error: " echo Server has been started. ns-slapd process started: $PID\n"*/ " exit 0;\n" " fi\n" @@ -1297,7 +1297,7 @@ char *create_server(server_config_s *cf, char *param_name) " fi\n" " else\n" " PID=`cat $PIDFILE`\n" - /* rbyrne: setupsdk takes any message here as an error: + /* rbyrne: setuputil takes any message here as an error: " echo Server has been started. ns-slapd process started: $PID\n"*/ " exit 0;\n" " fi\n" @@ -1345,7 +1345,7 @@ char *create_server(server_config_s *cf, char *param_name) " if test -f $PIDFILE ; then\n" " rm -f $PIDFILE\n" " fi\n" - /* rbyrne: setupsdk takes any message here as an error: + /* rbyrne: setuputil takes any message here as an error: " echo Server has been stopped. ns-slapd process stopped: $PID\n"*/ " exit 0\n" " fi\n" @@ -3194,6 +3194,36 @@ char *ds_gen_confs(char *sroot, server_config_s *cf, fprintf(f, "nsslapd-pluginenabled: on\n"); fprintf(f, "\n"); + fprintf(f, "dn: cn=SSHA256,cn=Password Storage Schemes,cn=plugins,cn=config\n"); + fprintf(f, "objectclass: top\n"); + fprintf(f, "objectclass: nsSlapdPlugin\n"); + fprintf(f, "cn: SSHA256\n"); + fprintf(f, "nsslapd-pluginpath: %s/lib/pwdstorage-plugin%s\n", sroot, shared_lib); + fprintf(f, "nsslapd-plugininitfunc: ssha256_pwd_storage_scheme_init\n"); + fprintf(f, "nsslapd-plugintype: pwdstoragescheme\n"); + fprintf(f, "nsslapd-pluginenabled: on\n"); + fprintf(f, "\n"); + + fprintf(f, "dn: cn=SSHA384,cn=Password Storage Schemes,cn=plugins,cn=config\n"); + fprintf(f, "objectclass: top\n"); + fprintf(f, "objectclass: nsSlapdPlugin\n"); + fprintf(f, "cn: SSHA384\n"); + fprintf(f, "nsslapd-pluginpath: %s/lib/pwdstorage-plugin%s\n", sroot, shared_lib); + fprintf(f, "nsslapd-plugininitfunc: ssha384_pwd_storage_scheme_init\n"); + fprintf(f, "nsslapd-plugintype: pwdstoragescheme\n"); + fprintf(f, "nsslapd-pluginenabled: on\n"); + fprintf(f, "\n"); + + fprintf(f, "dn: cn=SSHA512,cn=Password Storage Schemes,cn=plugins,cn=config\n"); + fprintf(f, "objectclass: top\n"); + fprintf(f, "objectclass: nsSlapdPlugin\n"); + fprintf(f, "cn: SSHA512\n"); + fprintf(f, "nsslapd-pluginpath: %s/lib/pwdstorage-plugin%s\n", sroot, shared_lib); + fprintf(f, "nsslapd-plugininitfunc: ssha512_pwd_storage_scheme_init\n"); + fprintf(f, "nsslapd-plugintype: pwdstoragescheme\n"); + fprintf(f, "nsslapd-pluginenabled: on\n"); + fprintf(f, "\n"); + fprintf(f, "dn: cn=SHA,cn=Password Storage Schemes,cn=plugins,cn=config\n"); fprintf(f, "objectclass: top\n"); fprintf(f, "objectclass: nsSlapdPlugin\n"); @@ -3204,6 +3234,36 @@ char *ds_gen_confs(char *sroot, server_config_s *cf, fprintf(f, "nsslapd-pluginenabled: on\n"); fprintf(f, "\n"); + fprintf(f, "dn: cn=SHA256,cn=Password Storage Schemes,cn=plugins,cn=config\n"); + fprintf(f, "objectclass: top\n"); + fprintf(f, "objectclass: nsSlapdPlugin\n"); + fprintf(f, "cn: SHA256\n"); + fprintf(f, "nsslapd-pluginpath: %s/lib/pwdstorage-plugin%s\n", sroot, shared_lib); + fprintf(f, "nsslapd-plugininitfunc: sha256_pwd_storage_scheme_init\n"); + fprintf(f, "nsslapd-plugintype: pwdstoragescheme\n"); + fprintf(f, "nsslapd-pluginenabled: on\n"); + fprintf(f, "\n"); + + fprintf(f, "dn: cn=SHA384,cn=Password Storage Schemes,cn=plugins,cn=config\n"); + fprintf(f, "objectclass: top\n"); + fprintf(f, "objectclass: nsSlapdPlugin\n"); + fprintf(f, "cn: SHA384\n"); + fprintf(f, "nsslapd-pluginpath: %s/lib/pwdstorage-plugin%s\n", sroot, shared_lib); + fprintf(f, "nsslapd-plugininitfunc: sha384_pwd_storage_scheme_init\n"); + fprintf(f, "nsslapd-plugintype: pwdstoragescheme\n"); + fprintf(f, "nsslapd-pluginenabled: on\n"); + fprintf(f, "\n"); + + fprintf(f, "dn: cn=SHA512,cn=Password Storage Schemes,cn=plugins,cn=config\n"); + fprintf(f, "objectclass: top\n"); + fprintf(f, "objectclass: nsSlapdPlugin\n"); + fprintf(f, "cn: SHA512\n"); + fprintf(f, "nsslapd-pluginpath: %s/lib/pwdstorage-plugin%s\n", sroot, shared_lib); + fprintf(f, "nsslapd-plugininitfunc: sha512_pwd_storage_scheme_init\n"); + fprintf(f, "nsslapd-plugintype: pwdstoragescheme\n"); + fprintf(f, "nsslapd-pluginenabled: on\n"); + fprintf(f, "\n"); + #if !defined(_WIN32) fprintf(f, "dn: cn=CRYPT,cn=Password Storage Schemes,cn=plugins,cn=config\n"); fprintf(f, "objectclass: top\n"); @@ -3216,6 +3276,16 @@ char *ds_gen_confs(char *sroot, server_config_s *cf, fprintf(f, "\n"); #endif + fprintf(f, "dn: cn=MD5,cn=Password Storage Schemes,cn=plugins,cn=config\n"); + fprintf(f, "objectclass: top\n"); + fprintf(f, "objectclass: nsSlapdPlugin\n"); + fprintf(f, "cn: MD5\n"); + fprintf(f, "nsslapd-pluginpath: %s/lib/pwdstorage-plugin%s\n", sroot, shared_lib); + fprintf(f, "nsslapd-plugininitfunc: md5_pwd_storage_scheme_init\n"); + fprintf(f, "nsslapd-plugintype: pwdstoragescheme\n"); + fprintf(f, "nsslapd-pluginenabled: on\n"); + fprintf(f, "\n"); + fprintf(f, "dn: cn=CLEAR,cn=Password Storage Schemes,cn=plugins,cn=config\n"); fprintf(f, "objectclass: top\n"); fprintf(f, "objectclass: nsSlapdPlugin\n"); @@ -4662,6 +4732,7 @@ int parse_form(server_config_s *cf) return 1; } + cf->suitespot3x_uid = ds_a_get_cgi_var("suitespot3x_uid", NULL, NULL); cf->cfg_sspt = ds_a_get_cgi_var("cfg_sspt", NULL, NULL); cf->cfg_sspt_uid = ds_a_get_cgi_var("cfg_sspt_uid", NULL, NULL); if (cf->cfg_sspt_uid && *(cf->cfg_sspt_uid) && diff --git a/ldap/admin/src/ds_newinst.c b/ldap/admin/src/ds_newinst.c index 3757686..6f686cf 100644 --- a/ldap/admin/src/ds_newinst.c +++ b/ldap/admin/src/ds_newinst.c @@ -37,7 +37,7 @@ /* * ds_newinst.c - creates a new instance of directory server, scripts, * configuration, etc. Does not create any Admin Server stuff or - * deal with any setupsdk stuff, but may be optionally used to create + * deal with any setuputil stuff, but may be optionally used to create * and configure the config suffix (o=NetscapeRoot) */ diff --git a/ldap/admin/src/ds_remove_uninst.cpp b/ldap/admin/src/ds_remove_uninst.cpp index 672be92..79fef79 100644 --- a/ldap/admin/src/ds_remove_uninst.cpp +++ b/ldap/admin/src/ds_remove_uninst.cpp @@ -37,7 +37,7 @@ * END COPYRIGHT BLOCK **/ // ds_remove_uninst.cpp // -// ds_remove routines that use c++ calls in adminsdk +// ds_remove routines that use c++ calls in adminutil // #include #include diff --git a/ldap/admin/src/scripts/template-db2index.pl b/ldap/admin/src/scripts/template-db2index.pl index d86decc..9e79109 100644 --- a/ldap/admin/src/scripts/template-db2index.pl +++ b/ldap/admin/src/scripts/template-db2index.pl @@ -40,21 +40,21 @@ # sub usage { - print(STDERR "Usage: $0 [-v] -D rootdn { -w password | -w - | -j filename } \n"); - print(STDERR " -n instance [-t attributeName[:indextypes[:matchingrules]]]\n"); - print(STDERR " Opts: -D rootdn - Directory Manager\n"); - print(STDERR " : -w password - Directory Manager's password\n"); - print(STDERR " : -w - - Prompt for Directory Manager's password\n"); - print(STDERR " : -j filename - Read Directory Manager's password from file\n"); - print(STDERR " : -n instance - instance to be indexed\n"); - print(STDERR " : -t attributeName[:indextypes[:matchingrules]]\n"); - print(STDERR " - attribute: name of the attribute to be indexed\n"); - print(STDERR " If omitted, all the indexes defined \n"); - print(STDERR " for that instance are generated.\n"); - print(STDERR " - indextypes: comma separated index types\n"); - print(STDERR " - matchingrules: comma separated matrules\n"); - print(STDERR " Example: -t foo:eq,pres\n"); - print(STDERR " : -v - version\n"); + print(STDERR "Usage: $0 [-v] -D rootdn { -w password | -w - | -j filename } \n"); + print(STDERR " -n instance [-t attributeName[:indextypes[:matchingrules]]]\n"); + print(STDERR " Opts: -D rootdn - Directory Manager\n"); + print(STDERR " : -w password - Directory Manager's password\n"); + print(STDERR " : -w - - Prompt for Directory Manager's password\n"); + print(STDERR " : -j filename - Read Directory Manager's password from file\n"); + print(STDERR " : -n instance - instance to be indexed\n"); + print(STDERR " : -t attributeName[:indextypes[:matchingrules]]\n"); + print(STDERR " - attribute: name of the attribute to be indexed\n"); + print(STDERR " If omitted, all the indexes defined \n"); + print(STDERR " for that instance are generated.\n"); + print(STDERR " - indextypes: comma separated index types\n"); + print(STDERR " - matchingrules: comma separated matrules\n"); + print(STDERR " Example: -t foo:eq,pres\n"); + print(STDERR " : -v - verbose\n"); } $instance = ""; @@ -71,81 +71,81 @@ $mydsroot = "{{MY-DS-ROOT}}"; $i = 0; while ($i <= $#ARGV) { - if ("$ARGV[$i]" eq "-n") - { - # instance - $i++; $instance = $ARGV[$i]; - } - elsif ("$ARGV[$i]" eq "-D") - { - # Directory Manager - $i++; $rootdn = $ARGV[$i]; - } - elsif ("$ARGV[$i]" eq "-w") - { - # Directory Manager's password - $i++; $passwd = $ARGV[$i]; - } - elsif ("$ARGV[$i]" eq "-j") - { - # Read Directory Manager's password from a file - $i++; $passwdfile = $ARGV[$i]; - } - elsif ("$ARGV[$i]" eq "-t") - { - # Attribute to index - $i++; $attribute_arg = $ARGV[$i]; - } - elsif ("$ARGV[$i]" eq "-T") - { - # Vlvattribute to index - $i++; $vlvattribute_arg = $ARGV[$i]; - } - elsif ("$ARGV[$i]" eq "-v") - { - # verbose - $verbose = 1; - } - else - { - &usage; exit(1); - } - $i++; + if ("$ARGV[$i]" eq "-n") + { + # instance + $i++; $instance = $ARGV[$i]; + } + elsif ("$ARGV[$i]" eq "-D") + { + # Directory Manager + $i++; $rootdn = $ARGV[$i]; + } + elsif ("$ARGV[$i]" eq "-w") + { + # Directory Manager's password + $i++; $passwd = $ARGV[$i]; + } + elsif ("$ARGV[$i]" eq "-j") + { + # Read Directory Manager's password from a file + $i++; $passwdfile = $ARGV[$i]; + } + elsif ("$ARGV[$i]" eq "-t") + { + # Attribute to index + $i++; $attribute_arg = $ARGV[$i]; + } + elsif ("$ARGV[$i]" eq "-T") + { + # Vlvattribute to index + $i++; $vlvattribute_arg = $ARGV[$i]; + } + elsif ("$ARGV[$i]" eq "-v") + { + # verbose + $verbose = 1; + } + else + { + &usage; exit(1); + } + $i++; } if ($passwdfile ne ""){ # Open file and get the password - unless (open (RPASS, $passwdfile)) { - die "Error, cannot open password file $passwdfile\n"; - } - $passwd = ; - chomp($passwd); - close(RPASS); + unless (open (RPASS, $passwdfile)) { + die "Error, cannot open password file $passwdfile\n"; + } + $passwd = ; + chomp($passwd); + close(RPASS); } elsif ($passwd eq "-"){ # Read the password from terminal - die "The '-w -' option requires an extension library (Term::ReadKey) which is not\n", - "part of the standard perl distribution. If you want to use it, you must\n", - "download and install the module. You can find it at\n", - "http://www.perl.com/CPAN/CPAN.html\n"; + die "The '-w -' option requires an extension library (Term::ReadKey) which is not\n", + "part of the standard perl distribution. If you want to use it, you must\n", + "download and install the module. You can find it at\n", + "http://www.perl.com/CPAN/CPAN.html\n"; # Remove the previous line and uncomment the following 6 lines once you have installed Term::ReadKey module. # use Term::ReadKey; -# print "Bind Password: "; -# ReadMode('noecho'); -# $passwd = ReadLine(0); -# chomp($passwd); -# ReadMode('normal'); +# print "Bind Password: "; +# ReadMode('noecho'); +# $passwd = ReadLine(0); +# chomp($passwd); +# ReadMode('normal'); } if ( $rootdn eq "" || $passwd eq "" ) { - &usage; - exit(1); + &usage; + exit(1); } $vstr = ""; if ($verbose != 0) { - $vstr = "-v"; + $vstr = "-v"; } ($s, $m, $h, $dy, $mn, $yr, $wdy, $ydy, $r) = localtime(time); @@ -154,74 +154,72 @@ $taskname = "db2index_${yr}_${mn}_${dy}_${h}_${m}_${s}"; if ( $instance eq "" ) { - &usage; - exit(1); + &usage; + exit(1); } -else + +# No attribute name has been specified: let's get them from the configuration +$attribute=""; +$indexes_list=""; +$vlvattribute=""; +$vlvindexes_list=""; +chdir("$dsroot{{SEP}}shared{{SEP}}bin"); +if ( $attribute_arg eq "" && $vlvattribute_arg eq "" ) { - # No attribute name has been specified: let's get them from the configuration - $attribute=""; - $indexes_list=""; - $vlvattribute=""; - $vlvindexes_list=""; - if ( $attribute_arg eq "" && $vlvattribute_arg eq "" ) - { - # Get the list of indexes from the entry - $indexes_list="$dsroot{{SEP}}shared{{SEP}}bin{{SEP}}ldapsearch $vstr -h {{SERVER-NAME}} -p {{SERVER-PORT}} -D \"$rootdn\" -w \"$passwd\" -s one " . - "-b \"cn=index,cn=\"$instance\", cn=ldbm database,cn=plugins,cn=config\" \"(&(objectclass=*)(nsSystemIndex=false))\" cn"; - - # build the values of the attribute nsIndexAttribute - open(LDAP1, "$indexes_list |"); - while () { - s/\n //g; - if (/^cn: (.*)\n/) { - $IndexAttribute="nsIndexAttribute"; - $attribute="$attribute$IndexAttribute: $1\n"; - } - } - close(LDAP1); - if ( $attribute eq "" ) - { - # No attribute to index, just exit - exit(0); - } + # Get the list of indexes from the entry + $indexes_list="$dsroot{{SEP}}shared{{SEP}}bin{{SEP}}ldapsearch $vstr -h {{SERVER-NAME}} -p {{SERVER-PORT}} -D \"$rootdn\" -w \"$passwd\" -s one " . + "-b \"cn=index,cn=\"$instance\", cn=ldbm database,cn=plugins,cn=config\" \"(&(objectclass=*)(nsSystemIndex=false))\" cn"; - # Get the list of indexes from the entry - $vlvindexes_list="$dsroot{{SEP}}shared{{SEP}}bin{{SEP}}ldapsearch $vstr -h {{SERVER-NAME}} -p {{SERVER-PORT}} -D \"$rootdn\" -w \"$passwd\" -s sub -b \"cn=\"$instance\", cn=ldbm database,cn=plugins,cn=config\" \"objectclass=vlvIndex\" cn"; - - # build the values of the attribute nsIndexVlvAttribute - open(LDAP1, "$vlvindexes_list |"); - while () { - s/\n //g; - if (/^cn: (.*)\n/) { - $vlvIndexAttribute="nsIndexVlvAttribute"; - $vlvattribute="$vlvattribute$vlvIndexAttribute: $1\n"; - } + # build the values of the attribute nsIndexAttribute + open(LDAP1, "$indexes_list |"); + while () { + s/\n //g; + if (/^cn: (.*)\n/) { + $IndexAttribute="nsIndexAttribute"; + $attribute="$attribute$IndexAttribute: $1\n"; } - close(LDAP1); } - else + close(LDAP1); + if ( $attribute eq "" ) { - if ( $attribute_arg ne "" ) - { - $attribute="nsIndexAttribute: $attribute_arg\n"; - } - if ( $vlvattribute_arg ne "" ) - { - $vlvattribute="nsIndexVlvAttribute: $vlvattribute_arg\n"; + # No attribute to index, just exit + exit(0); + } + + # Get the list of indexes from the entry + $vlvindexes_list="$dsroot{{SEP}}shared{{SEP}}bin{{SEP}}ldapsearch $vstr -h {{SERVER-NAME}} -p {{SERVER-PORT}} -D \"$rootdn\" -w \"$passwd\" -s sub -b \"cn=\"$instance\", cn=ldbm database,cn=plugins,cn=config\" \"objectclass=vlvIndex\" cn"; + + # build the values of the attribute nsIndexVlvAttribute + open(LDAP1, "$vlvindexes_list |"); + while () { + s/\n //g; + if (/^cn: (.*)\n/) { + $vlvIndexAttribute="nsIndexVlvAttribute"; + $vlvattribute="$vlvattribute$vlvIndexAttribute: $1\n"; } } - - # Build the task entry to add - - $dn = "dn: cn=$taskname, cn=index, cn=tasks, cn=config\n"; - $misc = "changetype: add\nobjectclass: top\nobjectclass: extensibleObject\n"; - $cn = "cn: $taskname\n"; - $nsinstance = "nsInstance: ${instance}\n"; - - $entry = "${dn}${misc}${cn}${nsinstance}${attribute}${vlvattribute}"; + close(LDAP1); } -chdir("$dsroot{{SEP}}shared{{SEP}}bin"); +else +{ + if ( $attribute_arg ne "" ) + { + $attribute="nsIndexAttribute: $attribute_arg\n"; + } + if ( $vlvattribute_arg ne "" ) + { + $vlvattribute="nsIndexVlvAttribute: $vlvattribute_arg\n"; + } +} + +# Build the task entry to add + +$dn = "dn: cn=$taskname, cn=index, cn=tasks, cn=config\n"; +$misc = "changetype: add\nobjectclass: top\nobjectclass: extensibleObject\n"; +$cn = "cn: $taskname\n"; +$nsinstance = "nsInstance: ${instance}\n"; + +$entry = "${dn}${misc}${cn}${nsinstance}${attribute}${vlvattribute}"; open(FOO, "| $dsroot{{SEP}}shared{{SEP}}bin{{SEP}}ldapmodify $vstr -h {{SERVER-NAME}} -p {{SERVER-PORT}} -D \"$rootdn\" -w \"$passwd\" -a" ); print(FOO "$entry"); close(FOO); diff --git a/ldap/admin/src/upgradeServer b/ldap/admin/src/upgradeServer index 319bcdc..7a46218 100755 --- a/ldap/admin/src/upgradeServer +++ b/ldap/admin/src/upgradeServer @@ -419,7 +419,7 @@ sub getChangelogVersion { sub instantiate_new_scripts { @newtemplates = ( - "$sroot/bin/slapd/admin/scripts/template-ns-newpwpolicy.pl" + "$sroot/bin/slapd/admin/scripts/template-db2index.pl" ); $host = localhost; @@ -435,7 +435,6 @@ sub instantiate_new_scripts { foreach $src ( @newtemplates ) { $dest = "$sroot/$prefix/$1" if $src =~ /.*template-(.*)$/; - next if -f $dest; unless ( open ( template, $src )) { print "Can't open $src: $!\n"; next; @@ -451,6 +450,7 @@ sub instantiate_new_scripts { s#{{ROOT-DN}}#$rootdn#g; s#{{SERVER-PORT}}#$port#g; s#{{SERVER-NAME}}#$host#g; + s#{{MY-DS-ROOT}}#$sroot/$prefix#g; printf target; } close template; diff --git a/ldap/cm/Makefile b/ldap/cm/Makefile index 1f31e35..61b5a96 100644 --- a/ldap/cm/Makefile +++ b/ldap/cm/Makefile @@ -194,12 +194,12 @@ SHAREDIR = $(SHARETOP)/$(BUILD_DATE)/$(NC_BUILD_FLAVOR) #ADM_VERSDIR = admserv40 #ADM_RELDATE = untested/19980119 #IMPORTADMINSRV = $(IMPORTADMINSRV_BASE)/$(NSOBJDIR_NAME_32) -IMPORTADMINSRVNOTAR = $(COMPONENTS_DIR)/$(ADM_VERSDIR)/$(ADM_VERSION)/untar/$(NSOBJDIR_NAME) +IMPORTADMINSRVNOTARBASE = $(COMPONENTS_DIR_DEV)/$(ADM_VERSDIR)/$(ADM_VERSION)/$(NSOBJDIR_NAME) # these are files and directories in the import adminsrv directory which we don't # make a local copy of, we just import directly into the tar file or create a # symlink to -ADMIN_IMPORTS=setup base admin svrcore silent.inf LICENSE.txt README.txt -ADMIN_SERVER_TARGZ=admserv.tar.gz +ADMIN_IMPORTS=base admin +ADMIN_SERVER_TARGZ=adminserver.tar.gz ADMIN_IMPORTS_TARGZ=$(ADMIN_SERVER_TARGZ) # Release directory for ldapsdk @@ -610,9 +610,11 @@ packageDirectory: $(INSTDIR)/slapd \ $(INSTDIR)/tools/infozip.zip \ $(ADMSERV_DEP) -# copy over the setup sdk stuff -# hack - remove once admin server bundles setupsdk 6.02 -# cp -R $(SETUP_SDK_BUILD_DIR)/bin/* $(INSTDIR) +# this gets setup, setup.inf, silent.inf, the zip wrapper, and svrcore, among others +ifeq ($(USE_SETUPUTIL),1) + cp -R $(SETUPUTIL_BINPATH)/* $(INSTDIR) + $(PERL) -w $(FIX_SETUP_INF) $(SETUPUTIL_BINPATH)/setup.inf $(INSTDIR)/setup.inf +endif # copy in our product .inf files $(INSTALL) -m 755 $(OBJDIR_32)/*.inf $(INSTDIR)/slapd @@ -675,23 +677,17 @@ endif # if the untar directory is there, hooray; otherwise, we will have to unpack the # binaries ourselves . . . - @curdir=`pwd`; cd $(INSTDIR) ; \ - if [ ! -d $(IMPORTADMINSRVNOTAR) ] ; \ + curdir=`pwd`; cd $(INSTDIR) ; \ + if [ ! -d $(IMPORTADMINSRVNOTARBASE)/admin ] ; \ then for file in $(ADMIN_IMPORTS_TARGZ) ; \ do rm -rf $$file ; \ $(GUNZIP) -c $(ADMSERV_DIR)/$$file | $(TAR) xvf - ; \ done ; \ - cd $$curdir ; \ - $(PERL) -w $(FIX_SETUP_INF) $(INSTDIR)/setup.inf \ - $(INSTDIR)/setup.inf.tmp ; \ - mv $(INSTDIR)/setup.inf.tmp \ - $(INSTDIR)/setup.inf ; \ else \ for file in $(ADMIN_IMPORTS) ; \ do rm -rf $$file ; \ - ln -s $(IMPORTADMINSRVNOTAR)/$$file $$file ; \ + cp -r $(IMPORTADMINSRVNOTARBASE)/$$file $$file ; \ done ; \ - $(PERL) -w $(FIX_SETUP_INF) $(IMPORTADMINSRVNOTAR)/setup.inf setup.inf ; \ fi # we must remove the nsbase.zip file - we package those files now @@ -700,11 +696,6 @@ endif # base.inf file $(PERL) -w $(FIX_BASE_INF) $(INSTDIR)/base/base.inf -# We must remove the JRE per Red Hat. The user will download the jre -ifneq ($(ARCH), Linux) - rm -f $(INSTDIR)/base/nsjre.zip -endif - # Move setup binary to dssetup mv $(INSTDIR)/setup $(INSTDIR)/dssetup # Move the new setup wrappers into place @@ -734,11 +725,6 @@ endif # Install dsktune at root of Installation cp $(RELDIR)/bin/slapd/server/dsktune $(INSTDIR) -# copy the sample silent.inf from setup - if [ ! -f $(INSTDIR)/silent.inf ] ; \ - then cp $(SETUPSDK_BINPATH)/silent.inf $(INSTDIR) ; \ - fi - ifndef NO_INSTALLER_TAR_FILES # build the slapd package tar file cd $(INSTDIR); $(TAR) cvf - slapd \ diff --git a/ldap/cm/newinst/Makefile b/ldap/cm/newinst/Makefile index 739dc59..518862f 100644 --- a/ldap/cm/newinst/Makefile +++ b/ldap/cm/newinst/Makefile @@ -57,8 +57,8 @@ include $(BUILD_ROOT)/nsconfig.mk include $(LDAP_SRC)/nsldap.mk test: - echo $(SETUPSDK_VERSION) - echo $(SETUPSDK_RELEASE) + echo $(SETUPUTIL_VERSION) + echo $(SETUPUTIL_RELEASE) # MODULE_CFLAGS = -DUSE_ADMSERV @@ -98,12 +98,12 @@ endif INFO= $(OBJDIR)/$(DIR) # Source for staged installation utilities -INCDIR=$(SETUPSDK_INCLUDE) -I$(LDAP_SRC)/admin/include -I$(LDAP_SRC)/admin/lib -I$(LDAP_SRC)/admin/src +INCDIR=$(SETUPUTIL_INCLUDE) -I$(LDAP_SRC)/admin/include -I$(LDAP_SRC)/admin/lib -I$(LDAP_SRC)/admin/src # ADM_VERSDIR = admserv40 # ADM_RELDATE = 19980112 -all: $(OBJDEST) $(BINDEST) $(SETUPSDK_DEP) $(LDAPSDK_DEP) $(SECURITY_DEP) $(NSPR_DEP) $(OSOBJS) $(OBJS1) $(OBJS2) $(BINS) $(INFO) $(BINDEST)/ns-update $(BINDEST)/uninstall +all: $(OBJDEST) $(BINDEST) $(SETUPUTIL_DEP) $(LDAPSDK_DEP) $(SECURITY_DEP) $(NSPR_DEP) $(OSOBJS) $(OBJS1) $(OBJS2) $(BINS) $(INFO) $(BINDEST)/ns-update $(BINDEST)/uninstall # removed ns-keygen from build - it was only used for Dir Lite # $(BINDEST)/ns-keygen ifeq ($(ARCH), BSDI) @@ -172,7 +172,7 @@ $(BINDEST)/uninstall: uninstall $(BINDEST)/ns-config: $(OBJS1) $(OBJS2) $(PURIFY) $(CXX) $(SHARED_FLAG) $(CFLAGS) $(MCC_INCLUDE) $(INCDIR) \ - -o $(BINDEST)/ns-config $(RPATHFLAG_PREFIX)$(RPATHFLAG)$(RPATHFLAG_EXTRAS) $(OBJS1) $(OBJS2) $(SETUPSDKLINK) $(LDAPLINK) $(SECURITYLINK) $(NSPRLINK) \ + -o $(BINDEST)/ns-config $(RPATHFLAG_PREFIX)$(RPATHFLAG)$(RPATHFLAG_EXTRAS) $(OBJS1) $(OBJS2) $(SETUPUTILLINK) $(LDAPLINK) $(SECURITYLINK) $(NSPRLINK) \ $(EXTRA_LIBS) $(CURSES) ifeq ($(ARCH), WINNT) @@ -191,5 +191,5 @@ $(OBJDEST)/%.o: %.cc ns-config-gt: $(OBJS1GT) $(PURIFY) $(CXX) $(NONSHARED) $(CFLAGS) $(MCC_INCLUDE) $(INCDIR) \ - -o ns-config-gt $(OBJS1GT) $(SETUPSDKLINK) $(LIBLDAP) \ + -o ns-config-gt $(OBJS1GT) $(SETUPUTILLINK) $(LIBLDAP) \ $(EXTRA_LIBS) $(CURSES) diff --git a/ldap/cm/newinst/setup b/ldap/cm/newinst/setup index 45bc474..3d7819e 100755 --- a/ldap/cm/newinst/setup +++ b/ldap/cm/newinst/setup @@ -248,9 +248,20 @@ if ! [ $silent ]; then echo "SuiteSpotGroup = $group" >> $inffile echo ServerRoot = `pwd` >> $inffile + # check if ds instance directory exists or not + # if it does, run ns-config with the reconfigure option + doreconfig="" + for x in `ls -d slapd-*` + do + if [ -d $x ]; then + doreconfig="-r" + break + fi + done + # first, run ds cd bin/slapd/admin/bin - ./ns-config -f $inffile -l $logfile -m $installmode || doExit + ./ns-config -f $inffile -l $logfile -m $installmode $doreconfig || doExit cd ../../../.. # next, run admin diff --git a/ldap/cm/newinst/ux-config.cc b/ldap/cm/newinst/ux-config.cc index 420d744..bb0ae42 100644 --- a/ldap/cm/newinst/ux-config.cc +++ b/ldap/cm/newinst/ux-config.cc @@ -206,11 +206,6 @@ SlapdPreInstall::init() if (installMode() != Silent) { -/* richm 20011005 - we can't do this until we get setupsdk46 - if ever - if (iDSISolaris) - Dialog::initDisplay("Directory", (const char *) NULL, "Configuration"); - else -*/ Dialog::initDisplay("Directory"); } diff --git a/ldap/cm/newinstnt/Makefile b/ldap/cm/newinstnt/Makefile index 0210c0e..2de27a4 100644 --- a/ldap/cm/newinstnt/Makefile +++ b/ldap/cm/newinstnt/Makefile @@ -54,7 +54,7 @@ include $(LDAP_SRC)/nsldap.mk OUTDIR=$(OBJDIR)/setup -CFLAGS=/nologo /MD /W3 /Gm /GX /Zi /Od $(SETUPSDK_INCLUDE) $(LDAPSDK_INCLUDE) \ +CFLAGS=/nologo /MD /W3 /Gm /GX /Zi /Od $(SETUPUTIL_INCLUDE) $(LDAPSDK_INCLUDE) \ /I "$(LDAP_SRC)/admin/include" /I "$(LDAP_SRC)/admin/lib" \ /I "$(LDAP_SRC)/admin/src" /D \ "WIN32" /D "_DEBUG" /D "_WINDOWS" /Fp"$(OUTDIR)/dsinst.pch" /YX \ @@ -71,7 +71,7 @@ LIBS= \ kernel32.lib user32.lib gdi32.lib comdlg32.lib\ comctl32.lib advapi32.lib shell32.lib uuid.lib\ wsock32.lib\ - $(SETUPSDKLINK) $(LDAP_SDK_LIBLDAP_DLL) $(NSPRLINK) + $(SETUPUTILLINK) $(LDAP_SDK_LIBLDAP_DLL) $(NSPRLINK) DSOBJS= \ $(OUTDIR)/dsinst_dsalib_dn.obj \ @@ -92,7 +92,7 @@ RC=rc.exe RM=erase /F /Q FIXINF= ../newinst/fixINF.pl -all: $(SETUPSDK_DEP) $(LDAPSDK_DEP) $(NSPR_DEP) $(ADMINUTIL_DEP) $(OUTDIR)/dsinst.dll $(OUTDIR)/slapd.inf +all: $(SETUPUTIL_DEP) $(LDAPSDK_DEP) $(NSPR_DEP) $(ADMINUTIL_DEP) $(OUTDIR)/dsinst.dll $(OUTDIR)/slapd.inf clean: -rm -rf "$(OUTDIR)" diff --git a/ldap/cm/newinstnt/dsinst.c b/ldap/cm/newinstnt/dsinst.c index 0b9534b..f371d4c 100644 --- a/ldap/cm/newinstnt/dsinst.c +++ b/ldap/cm/newinstnt/dsinst.c @@ -7455,7 +7455,7 @@ NSPERLINST_PostInstall(VOID) return FALSE; } - // hack to work around potential bug in setupsdk . . . + // hack to work around potential bug in setuputil . . . SetCurrentDirectory("../slapd"); my_snprintf(infFile, sizeof(infFile), "slapd.inf"); GetProductInfoStringWithTok(NSPERL_POST_INSTALL_PROG, "=", nsPerlPostInstall, diff --git a/ldap/cm/newinstnt/dsinst.rc b/ldap/cm/newinstnt/dsinst.rc index 68ef807..0e0ef2c 100644 --- a/ldap/cm/newinstnt/dsinst.rc +++ b/ldap/cm/newinstnt/dsinst.rc @@ -190,7 +190,7 @@ END IDD_SUITESPOTID DIALOG DISCARDABLE 0, 0, 297, 163 STYLE WS_CHILD | WS_DISABLED | WS_CAPTION CAPTION -"Directory Server 7.0 Fedora configuration directory server administrator " +"Directory Server 7.1 Fedora configuration directory server administrator " FONT 8, "MS Sans Serif" BEGIN @@ -489,7 +489,7 @@ END IDD_ADMIN_ID_ONLY DIALOG DISCARDABLE 0, 0, 297, 163 STYLE WS_CHILD | WS_DISABLED | WS_CAPTION CAPTION -"Directory Server 7.0 Fedora configuration directory server administrator " +"Directory Server 7.1 Fedora configuration directory server administrator " FONT 8, "MS Sans Serif" BEGIN diff --git a/ldap/servers/plugins/pam_passthru/pam_passthru.h b/ldap/servers/plugins/pam_passthru/pam_passthru.h index e0de996..19e93b2 100644 --- a/ldap/servers/plugins/pam_passthru/pam_passthru.h +++ b/ldap/servers/plugins/pam_passthru/pam_passthru.h @@ -131,6 +131,7 @@ int pam_passthru_check_suffix(Pam_PassthruConfig *cfg, char *binddn); /* * pam_ptimpl.c */ +int pam_passthru_pam_init( void ); int pam_passthru_do_pam_auth(Slapi_PBlock *pb, Pam_PassthruConfig *cfg); #endif /* _PAM_PASSTHRU_H_ */ diff --git a/ldap/servers/plugins/pam_passthru/pam_ptimpl.c b/ldap/servers/plugins/pam_passthru/pam_ptimpl.c index eb2c42e..232ce3c 100644 --- a/ldap/servers/plugins/pam_passthru/pam_ptimpl.c +++ b/ldap/servers/plugins/pam_passthru/pam_ptimpl.c @@ -39,6 +39,11 @@ #include "pam_passthru.h" +/* + * PAM is not thread safe. We have to execute any PAM API calls in + * a critical section. This is the lock that protects that code. + */ +static Slapi_Mutex *PAMLock; /* Utility struct to wrap strings to avoid mallocs if possible - use stack allocated string space */ @@ -271,6 +276,8 @@ do_one_pam_auth( my_data.pb = pb; my_data.pam_identity = pam_id.str; my_pam_conv.appdata_ptr = &my_data; + slapi_lock_mutex(PAMLock); + /* from this point on we are in the critical section */ rc = pam_start(pam_service, pam_id.str, &my_pam_conv, &pam_handle); report_pam_error("during pam_start", rc, pam_handle); @@ -351,6 +358,8 @@ do_one_pam_auth( rc = pam_end(pam_handle, rc); report_pam_error("during pam_end", rc, pam_handle); + slapi_unlock_mutex(PAMLock); + /* not in critical section any more */ delete_my_str_buf(&pam_id); @@ -376,6 +385,20 @@ do_one_pam_auth( } /* + * Perform any PAM subsystem initialization that must be done at startup time. + * For now, this means only the PAM mutex since PAM is not thread safe. + */ +int +pam_passthru_pam_init( void ) +{ + if (!(PAMLock = slapi_new_mutex())) { + return LDAP_LOCAL_ERROR; + } + + return 0; +} + +/* * Entry point into the PAM auth code. Shields the rest of the app * from PAM API code. Get our config params, then call the actual * code that does the PAM auth. Can call that code up to 3 times, diff --git a/ldap/servers/plugins/pam_passthru/pam_ptpreop.c b/ldap/servers/plugins/pam_passthru/pam_ptpreop.c index ed1a5bd..40a425c 100644 --- a/ldap/servers/plugins/pam_passthru/pam_ptpreop.c +++ b/ldap/servers/plugins/pam_passthru/pam_ptpreop.c @@ -128,6 +128,12 @@ pam_passthru_bindpreop_start( Slapi_PBlock *pb ) return( -1 ); } + if (( rc = pam_passthru_pam_init()) != LDAP_SUCCESS ) { + slapi_log_error( SLAPI_LOG_FATAL, PAM_PASSTHRU_PLUGIN_SUBSYSTEM, + "could not initialize PAM subsystem (%d)\n", rc); + return( -1 ); + } + return( 0 ); } diff --git a/ldap/servers/plugins/pwdstorage/Makefile b/ldap/servers/plugins/pwdstorage/Makefile index 04c14ef..32eb5a1 100644 --- a/ldap/servers/plugins/pwdstorage/Makefile +++ b/ldap/servers/plugins/pwdstorage/Makefile @@ -68,7 +68,8 @@ PWD_OBJS= \ ns-mta-md5_pwd.o \ sha_pwd.o \ ssha_pwd.o \ - md5c.o + md5c.o \ + md5_pwd.o ifneq ($(ARCH), WINNT) PWD_OBJS += crypt_pwd.o diff --git a/ldap/servers/plugins/pwdstorage/md5_pwd.c b/ldap/servers/plugins/pwdstorage/md5_pwd.c new file mode 100644 index 0000000..410e9c5 --- /dev/null +++ b/ldap/servers/plugins/pwdstorage/md5_pwd.c @@ -0,0 +1,130 @@ +/** BEGIN COPYRIGHT BLOCK + * This Program is free software; you can redistribute it and/or modify it under + * the terms of the GNU General Public License as published by the Free Software + * Foundation; version 2 of the License. + * + * This Program is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS + * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along with + * this Program; if not, write to the Free Software Foundation, Inc., 59 Temple + * Place, Suite 330, Boston, MA 02111-1307 USA. + * + * In addition, as a special exception, Red Hat, Inc. gives You the additional + * right to link the code of this Program with code not covered under the GNU + * General Public License ("Non-GPL Code") and to distribute linked combinations + * including the two, subject to the limitations in this paragraph. Non-GPL Code + * permitted under this exception must only link to the code of this Program + * through those well defined interfaces identified in the file named EXCEPTION + * found in the source code files (the "Approved Interfaces"). The files of + * Non-GPL Code may instantiate templates or use macros or inline functions from + * the Approved Interfaces without causing the resulting work to be covered by + * the GNU General Public License. Only Red Hat, Inc. may make changes or + * additions to the list of Approved Interfaces. You must obey the GNU General + * Public License in all respects for all of the Program code and other code used + * in conjunction with the Program except the Non-GPL Code covered by this + * exception. If you modify this file, you may extend this exception to your + * version of the file, but you are not obligated to do so. If you do not wish to + * provide this exception without modification, you must delete this exception + * statement from your version and license this file solely under the GPL without + * exception. + * + * + * Copyright (C) 2005 Red Hat, Inc. + * All rights reserved. + * END COPYRIGHT BLOCK **/ +/* + * MD5 Password Encryption/Comparison routines by David Irving, Fred Brittain, + * and Aaron Gagnon -- University of Maine Farmington + * Donated to the RedHat Directory Server Project 2005-06-10 + */ + +#include +#include +#include +#include +#include +#include +#include "pwdstorage.h" + +#define MD5_HASH_LEN 20 +#define MD5_SUBSYSTEM_NAME "MD5 password hash" + +int +md5_pw_cmp( char *userpwd, char *dbpwd ) +{ + int rc=-1; + char * bver; + PK11Context *ctx=NULL; + unsigned int outLen; + unsigned char hash_out[MD5_HASH_LEN]; + unsigned char b2a_out[MD5_HASH_LEN*2]; /* conservative */ + SECItem binary_item; + + ctx = PK11_CreateDigestContext(SEC_OID_MD5); + if (ctx == NULL) { + slapi_log_error(SLAPI_LOG_PLUGIN, MD5_SUBSYSTEM_NAME, + "Could not create context for digest operation for password compare"); + goto loser; + } + + /* create the hash */ + PK11_DigestBegin(ctx); + PK11_DigestOp(ctx, userpwd, strlen(userpwd)); + PK11_DigestFinal(ctx, hash_out, &outLen, sizeof hash_out); + PK11_DestroyContext(ctx, 1); + + /* convert the binary hash to base64 */ + binary_item.data = hash_out; + binary_item.len = outLen; + bver = NSSBase64_EncodeItem(NULL, b2a_out, sizeof b2a_out, &binary_item); + /* bver points to b2a_out upon success */ + if (bver) { + rc = strcmp(bver,dbpwd); + } else { + slapi_log_error(SLAPI_LOG_PLUGIN, MD5_SUBSYSTEM_NAME, + "Could not base64 encode hashed value for password compare"); + } +loser: + return rc; +} + +char * +md5_pw_enc( char *pwd ) +{ + char * bver, *enc=NULL; + PK11Context *ctx=NULL; + unsigned int outLen; + unsigned char hash_out[MD5_HASH_LEN]; + unsigned char b2a_out[MD5_HASH_LEN*2]; /* conservative */ + SECItem binary_item; + + ctx = PK11_CreateDigestContext(SEC_OID_MD5); + if (ctx == NULL) { + slapi_log_error(SLAPI_LOG_PLUGIN, MD5_SUBSYSTEM_NAME, + "Could not create context for digest operation for password encoding"); + return NULL; + } + + /* create the hash */ + PK11_DigestBegin(ctx); + PK11_DigestOp(ctx, pwd, strlen(pwd)); + PK11_DigestFinal(ctx, hash_out, &outLen, sizeof hash_out); + PK11_DestroyContext(ctx, 1); + + /* convert the binary hash to base64 */ + binary_item.data = hash_out; + binary_item.len = outLen; + bver = NSSBase64_EncodeItem(NULL, b2a_out, sizeof b2a_out, &binary_item); + if (bver) { + enc = slapi_ch_smprintf("%c%s%c%s", PWD_HASH_PREFIX_START, MD5_SCHEME_NAME, + PWD_HASH_PREFIX_END, bver ); + } else { + slapi_log_error(SLAPI_LOG_PLUGIN, MD5_SUBSYSTEM_NAME, + "Could not base64 encode hashed value for password encoding"); + } + + return( enc ); +} + diff --git a/ldap/servers/plugins/pwdstorage/pwd_init.c b/ldap/servers/plugins/pwdstorage/pwd_init.c index 600436d..e55d309 100644 --- a/ldap/servers/plugins/pwdstorage/pwd_init.c +++ b/ldap/servers/plugins/pwdstorage/pwd_init.c @@ -47,6 +47,18 @@ static Slapi_PluginDesc sha_pdesc = { "sha-password-storage-scheme", PLUGIN_MAGI static Slapi_PluginDesc ssha_pdesc = { "ssha-password-storage-scheme", PLUGIN_MAGIC_VENDOR_STR, PRODUCTTEXT, "Salted Secure Hashing Algorithm (SSHA)" }; +static Slapi_PluginDesc sha256_pdesc = { "sha256-password-storage-scheme", PLUGIN_MAGIC_VENDOR_STR, PRODUCTTEXT, "Secure Hashing Algorithm (SHA256)" }; + +static Slapi_PluginDesc ssha256_pdesc = { "ssha256-password-storage-scheme", PLUGIN_MAGIC_VENDOR_STR, PRODUCTTEXT, "Salted Secure Hashing Algorithm (SSHA256)" }; + +static Slapi_PluginDesc sha384_pdesc = { "sha384-password-storage-scheme", PLUGIN_MAGIC_VENDOR_STR, PRODUCTTEXT, "Secure Hashing Algorithm (SHA384)" }; + +static Slapi_PluginDesc ssha384_pdesc = { "ssha384-password-storage-scheme", PLUGIN_MAGIC_VENDOR_STR, PRODUCTTEXT, "Salted Secure Hashing Algorithm (SSHA384)" }; + +static Slapi_PluginDesc sha512_pdesc = { "sha512-password-storage-scheme", PLUGIN_MAGIC_VENDOR_STR, PRODUCTTEXT, "Secure Hashing Algorithm (SHA512)" }; + +static Slapi_PluginDesc ssha512_pdesc = { "ssha512-password-storage-scheme", PLUGIN_MAGIC_VENDOR_STR, PRODUCTTEXT, "Salted Secure Hashing Algorithm (SSHA512)" }; + #ifndef _WIN32 static Slapi_PluginDesc crypt_pdesc = { "crypt-password-storage-scheme", PLUGIN_MAGIC_VENDOR_STR, PRODUCTTEXT, "Unix crypt algorithm (CRYPT)" }; #endif @@ -55,6 +67,8 @@ static Slapi_PluginDesc clear_pdesc = { "clear-password-storage-scheme", PLUGIN_ static Slapi_PluginDesc ns_mta_md5_pdesc = { "NS-MTA-MD5-password-storage-scheme", PLUGIN_MAGIC_VENDOR_STR, PRODUCTTEXT, "Netscape MD5 (NS-MTA-MD5)" }; +static Slapi_PluginDesc md5_pdesc = { "md5-password-storage-scheme", PLUGIN_MAGIC_VENDOR_STR, PRODUCTTEXT, "MD5 hash algorithm (MD5)" }; + static char *plugin_name = "NSPwdStoragePlugin"; int @@ -106,6 +120,153 @@ ssha_pwd_storage_scheme_init( Slapi_PBlock *pb ) return( rc ); } +int +sha256_pwd_storage_scheme_init( Slapi_PBlock *pb ) +{ + int rc; + char *name; + + slapi_log_error( SLAPI_LOG_PLUGIN, plugin_name, "=> sha256_pwd_storage_scheme_init\n" ); + + rc = slapi_pblock_set( pb, SLAPI_PLUGIN_VERSION, + (void *) SLAPI_PLUGIN_VERSION_01 ); + rc |= slapi_pblock_set( pb, SLAPI_PLUGIN_DESCRIPTION, + (void *)&sha256_pdesc ); + rc |= slapi_pblock_set( pb, SLAPI_PLUGIN_PWD_STORAGE_SCHEME_ENC_FN, + (void *) sha256_pw_enc); + rc |= slapi_pblock_set( pb, SLAPI_PLUGIN_PWD_STORAGE_SCHEME_CMP_FN, + (void *) sha256_pw_cmp ); + name = slapi_ch_strdup("SHA256"); + rc |= slapi_pblock_set( pb, SLAPI_PLUGIN_PWD_STORAGE_SCHEME_NAME, + name ); + + slapi_log_error( SLAPI_LOG_PLUGIN, plugin_name, "<= sha256_pwd_storage_scheme_init %d\n\n", rc ); + + return( rc ); +} + +int +ssha256_pwd_storage_scheme_init( Slapi_PBlock *pb ) +{ + int rc; + char *name; + + slapi_log_error( SLAPI_LOG_PLUGIN, plugin_name, "=> ssha256_pwd_storage_scheme_init\n" ); + + rc = slapi_pblock_set( pb, SLAPI_PLUGIN_VERSION, + (void *) SLAPI_PLUGIN_VERSION_01 ); + rc |= slapi_pblock_set( pb, SLAPI_PLUGIN_DESCRIPTION, + (void *)&ssha256_pdesc ); + rc |= slapi_pblock_set( pb, SLAPI_PLUGIN_PWD_STORAGE_SCHEME_ENC_FN, + (void *) salted_sha256_pw_enc ); + rc |= slapi_pblock_set( pb, SLAPI_PLUGIN_PWD_STORAGE_SCHEME_CMP_FN, + (void *) sha256_pw_cmp ); + name = slapi_ch_strdup("SSHA256"); + rc |= slapi_pblock_set( pb, SLAPI_PLUGIN_PWD_STORAGE_SCHEME_NAME, + name ); + + slapi_log_error( SLAPI_LOG_PLUGIN, plugin_name, "<= ssha256_pwd_storage_scheme_init %d\n\n", rc ); + return( rc ); +} + +int +sha384_pwd_storage_scheme_init( Slapi_PBlock *pb ) +{ + int rc; + char *name; + + slapi_log_error( SLAPI_LOG_PLUGIN, plugin_name, "=> sha384_pwd_storage_scheme_init\n" ); + + rc = slapi_pblock_set( pb, SLAPI_PLUGIN_VERSION, + (void *) SLAPI_PLUGIN_VERSION_01 ); + rc |= slapi_pblock_set( pb, SLAPI_PLUGIN_DESCRIPTION, + (void *)&sha384_pdesc ); + rc |= slapi_pblock_set( pb, SLAPI_PLUGIN_PWD_STORAGE_SCHEME_ENC_FN, + (void *) sha384_pw_enc); + rc |= slapi_pblock_set( pb, SLAPI_PLUGIN_PWD_STORAGE_SCHEME_CMP_FN, + (void *) sha384_pw_cmp ); + name = slapi_ch_strdup("SHA384"); + rc |= slapi_pblock_set( pb, SLAPI_PLUGIN_PWD_STORAGE_SCHEME_NAME, + name ); + + slapi_log_error( SLAPI_LOG_PLUGIN, plugin_name, "<= sha384_pwd_storage_scheme_init %d\n\n", rc ); + + return( rc ); +} + +int +ssha384_pwd_storage_scheme_init( Slapi_PBlock *pb ) +{ + int rc; + char *name; + + slapi_log_error( SLAPI_LOG_PLUGIN, plugin_name, "=> ssha384_pwd_storage_scheme_init\n" ); + + rc = slapi_pblock_set( pb, SLAPI_PLUGIN_VERSION, + (void *) SLAPI_PLUGIN_VERSION_01 ); + rc |= slapi_pblock_set( pb, SLAPI_PLUGIN_DESCRIPTION, + (void *)&ssha384_pdesc ); + rc |= slapi_pblock_set( pb, SLAPI_PLUGIN_PWD_STORAGE_SCHEME_ENC_FN, + (void *) salted_sha384_pw_enc ); + rc |= slapi_pblock_set( pb, SLAPI_PLUGIN_PWD_STORAGE_SCHEME_CMP_FN, + (void *) sha384_pw_cmp ); + name = slapi_ch_strdup("SSHA384"); + rc |= slapi_pblock_set( pb, SLAPI_PLUGIN_PWD_STORAGE_SCHEME_NAME, + name ); + + slapi_log_error( SLAPI_LOG_PLUGIN, plugin_name, "<= ssha384_pwd_storage_scheme_init %d\n\n", rc ); + return( rc ); +} + +int +sha512_pwd_storage_scheme_init( Slapi_PBlock *pb ) +{ + int rc; + char *name; + + slapi_log_error( SLAPI_LOG_PLUGIN, plugin_name, "=> sha512_pwd_storage_scheme_init\n" ); + + rc = slapi_pblock_set( pb, SLAPI_PLUGIN_VERSION, + (void *) SLAPI_PLUGIN_VERSION_01 ); + rc |= slapi_pblock_set( pb, SLAPI_PLUGIN_DESCRIPTION, + (void *)&sha512_pdesc ); + rc |= slapi_pblock_set( pb, SLAPI_PLUGIN_PWD_STORAGE_SCHEME_ENC_FN, + (void *) sha512_pw_enc); + rc |= slapi_pblock_set( pb, SLAPI_PLUGIN_PWD_STORAGE_SCHEME_CMP_FN, + (void *) sha512_pw_cmp ); + name = slapi_ch_strdup("SHA512"); + rc |= slapi_pblock_set( pb, SLAPI_PLUGIN_PWD_STORAGE_SCHEME_NAME, + name ); + + slapi_log_error( SLAPI_LOG_PLUGIN, plugin_name, "<= sha512_pwd_storage_scheme_init %d\n\n", rc ); + + return( rc ); +} + +int +ssha512_pwd_storage_scheme_init( Slapi_PBlock *pb ) +{ + int rc; + char *name; + + slapi_log_error( SLAPI_LOG_PLUGIN, plugin_name, "=> ssha512_pwd_storage_scheme_init\n" ); + + rc = slapi_pblock_set( pb, SLAPI_PLUGIN_VERSION, + (void *) SLAPI_PLUGIN_VERSION_01 ); + rc |= slapi_pblock_set( pb, SLAPI_PLUGIN_DESCRIPTION, + (void *)&ssha512_pdesc ); + rc |= slapi_pblock_set( pb, SLAPI_PLUGIN_PWD_STORAGE_SCHEME_ENC_FN, + (void *) salted_sha512_pw_enc ); + rc |= slapi_pblock_set( pb, SLAPI_PLUGIN_PWD_STORAGE_SCHEME_CMP_FN, + (void *) sha512_pw_cmp ); + name = slapi_ch_strdup("SSHA512"); + rc |= slapi_pblock_set( pb, SLAPI_PLUGIN_PWD_STORAGE_SCHEME_NAME, + name ); + + slapi_log_error( SLAPI_LOG_PLUGIN, plugin_name, "<= ssha512_pwd_storage_scheme_init %d\n\n", rc ); + return( rc ); +} + #ifndef _WIN32 int crypt_pwd_storage_scheme_init( Slapi_PBlock *pb ) @@ -180,3 +341,27 @@ ns_mta_md5_pwd_storage_scheme_init( Slapi_PBlock *pb ) slapi_log_error( SLAPI_LOG_PLUGIN, plugin_name, "<= ns_mta_md5_pwd_storage_scheme_init %d\n\n", rc ); return( rc ); } + +int +md5_pwd_storage_scheme_init( Slapi_PBlock *pb ) +{ + int rc; + char *name; + + slapi_log_error( SLAPI_LOG_PLUGIN, plugin_name, "=> md5_pwd_storage_scheme_init\n" ); + + rc = slapi_pblock_set( pb, SLAPI_PLUGIN_VERSION, + (void *) SLAPI_PLUGIN_VERSION_01 ); + rc |= slapi_pblock_set( pb, SLAPI_PLUGIN_DESCRIPTION, + (void *)&md5_pdesc ); + rc |= slapi_pblock_set( pb, SLAPI_PLUGIN_PWD_STORAGE_SCHEME_ENC_FN, + (void *) md5_pw_enc ); + rc |= slapi_pblock_set( pb, SLAPI_PLUGIN_PWD_STORAGE_SCHEME_CMP_FN, + (void *) md5_pw_cmp ); + name = slapi_ch_strdup("MD5"); + rc |= slapi_pblock_set( pb, SLAPI_PLUGIN_PWD_STORAGE_SCHEME_NAME, + name ); + + slapi_log_error( SLAPI_LOG_PLUGIN, plugin_name, "<= md5_pwd_storage_scheme_init %d\n\n", rc ); + return( rc ); +} diff --git a/ldap/servers/plugins/pwdstorage/pwdstorage.h b/ldap/servers/plugins/pwdstorage/pwdstorage.h index 1f2fa48..70fe11b 100644 --- a/ldap/servers/plugins/pwdstorage/pwdstorage.h +++ b/ldap/servers/plugins/pwdstorage/pwdstorage.h @@ -49,21 +49,49 @@ #define PWD_HASH_PREFIX_START '{' #define PWD_HASH_PREFIX_END '}' +#define MAX_SHA_HASH_SIZE 64 + #define SHA1_SCHEME_NAME "SHA" #define SHA1_NAME_LEN 3 #define SALTED_SHA1_SCHEME_NAME "SSHA" #define SALTED_SHA1_NAME_LEN 4 +#define SHA256_SCHEME_NAME "SHA256" +#define SHA256_NAME_LEN 6 +#define SALTED_SHA256_SCHEME_NAME "SSHA256" +#define SALTED_SHA256_NAME_LEN 7 +#define SHA384_SCHEME_NAME "SHA384" +#define SHA384_NAME_LEN 6 +#define SALTED_SHA384_SCHEME_NAME "SSHA384" +#define SALTED_SHA384_NAME_LEN 7 +#define SHA512_SCHEME_NAME "SHA512" +#define SHA512_NAME_LEN 6 +#define SALTED_SHA512_SCHEME_NAME "SSHA512" +#define SALTED_SHA512_NAME_LEN 7 #define CRYPT_SCHEME_NAME "crypt" #define CRYPT_NAME_LEN 5 #define NS_MTA_MD5_SCHEME_NAME "NS-MTA-MD5" #define NS_MTA_MD5_NAME_LEN 10 #define CLEARTEXT_SCHEME_NAME "clear" #define CLEARTEXT_NAME_LEN 5 +#define MD5_SCHEME_NAME "MD5" +#define MD5_NAME_LEN 3 -SECStatus sha1_salted_hash(unsigned char *hash_out, char *pwd, struct berval *salt); +SECStatus sha_salted_hash(unsigned char *hash_out, char *pwd, struct berval *salt, unsigned int secOID); +int sha_pw_cmp( char *userpwd, char *dbpwd, unsigned int shaLen ); +char * sha_pw_enc( char *pwd, unsigned int shaLen ); +char * salted_sha_pw_enc( char *pwd, unsigned int shaLen ); int sha1_pw_cmp( char *userpwd, char *dbpwd ); char * sha1_pw_enc( char *pwd ); char * salted_sha1_pw_enc( char *pwd ); +int sha256_pw_cmp( char *userpwd, char *dbpwd ); +char * sha256_pw_enc( char *pwd ); +char * salted_sha256_pw_enc( char *pwd ); +int sha384_pw_cmp( char *userpwd, char *dbpwd ); +char * sha384_pw_enc( char *pwd ); +char * salted_sha384_pw_enc( char *pwd ); +int sha512_pw_cmp( char *userpwd, char *dbpwd ); +char * sha512_pw_enc( char *pwd ); +char * salted_sha512_pw_enc( char *pwd ); int clear_pw_cmp( char *userpwd, char *dbpwd ); char *clear_pw_enc( char *pwd ); #ifndef _WIN32 @@ -72,6 +100,8 @@ int crypt_pw_cmp( char *userpwd, char *dbpwd ); char *crypt_pw_enc( char *pwd ); #endif int ns_mta_md5_pw_cmp( char *userpwd, char *dbpwd ); +int md5_pw_cmp( char *userpwd, char *dbpwd ); +char *md5_pw_enc( char *pwd ); #if !defined(NET_SSL) @@ -117,6 +147,9 @@ typedef enum DSStatusEnum { * Number of bytes each hash algorithm produces */ #define SHA1_LENGTH 20 +#define SHA256_LENGTH 32 +#define SHA384_LENGTH 48 +#define SHA512_LENGTH 64 /******************************************/ /* diff --git a/ldap/servers/plugins/pwdstorage/sha_pwd.c b/ldap/servers/plugins/pwdstorage/sha_pwd.c index a40f40f..6a86f16 100644 --- a/ldap/servers/plugins/pwdstorage/sha_pwd.c +++ b/ldap/servers/plugins/pwdstorage/sha_pwd.c @@ -50,7 +50,7 @@ #include #endif /* NET_SSL */ -#define SHA1_SALT_LENGTH 8 /* number of bytes of data in salt */ +#define SHA_SALT_LENGTH 8 /* number of bytes of data in salt */ #define NOT_FIRST_TIME (time_t)1 /* not the first logon */ static char *hasherrmsg = "pw_cmp: %s userPassword \"%s\" is the wrong length or is not properly encoded BASE64\n"; @@ -62,21 +62,46 @@ static char *plugin_name = "NSPwdStoragePlugin"; * 8 bytes of salt plus the first 10 bytes of the SHA-1 digest. * It's obsolescent now, but we still handle such stored values. */ - + int -sha1_pw_cmp (char *userpwd, char *dbpwd ) +sha_pw_cmp (char *userpwd, char *dbpwd, unsigned int shaLen ) { /* - * SHA1 passwords are stored in the database as SHA1_LENGTH bytes of + * SHA passwords are stored in the database as shaLen bytes of * hash, followed by zero or more bytes of salt, all BASE64 encoded. */ int result = 1; /* failure */ - unsigned char userhash[SHA1_LENGTH]; - unsigned char quick_dbhash[SHA1_LENGTH + SHA1_SALT_LENGTH + 3]; + unsigned char userhash[MAX_SHA_HASH_SIZE]; + unsigned char quick_dbhash[MAX_SHA_HASH_SIZE + SHA_SALT_LENGTH + 3]; unsigned char *dbhash = quick_dbhash; struct berval salt; int hash_len; /* must be a signed valued -- see below */ - + unsigned int secOID; + char *schemeName; + + /* Determine which algorithm we're using */ + switch (shaLen) { + case SHA1_LENGTH: + schemeName = SHA1_SCHEME_NAME; + secOID = SEC_OID_SHA1; + break; + case SHA256_LENGTH: + schemeName = SHA256_SCHEME_NAME; + secOID = SEC_OID_SHA256; + break; + case SHA384_LENGTH: + schemeName = SHA384_SCHEME_NAME; + secOID = SEC_OID_SHA384; + break; + case SHA512_LENGTH: + schemeName = SHA512_SCHEME_NAME; + secOID = SEC_OID_SHA512; + break; + default: + /* An unknown shaLen was passed in. We shouldn't get here. */ + goto loser; + } + /* * Decode hash stored in database. * @@ -90,54 +115,137 @@ sha1_pw_cmp (char *userpwd, char *dbpwd ) if ( dbhash == NULL ) goto loser; } hash_len = ldif_base64_decode( dbpwd, dbhash ); - if ( hash_len >= SHA1_LENGTH ) { - salt.bv_val = (void*)(dbhash + SHA1_LENGTH); - salt.bv_len = hash_len - SHA1_LENGTH; + if ( hash_len >= shaLen ) { + salt.bv_val = (void*)(dbhash + shaLen); + salt.bv_len = hash_len - shaLen; } else if ( hash_len == DS40B1_SALTED_SHA_LENGTH ) { salt.bv_val = (void*)dbhash; salt.bv_len = 8; } else { /* unsupported, invalid BASE64 (hash_len < 0), or similar */ - slapi_log_error( SLAPI_LOG_PLUGIN, plugin_name, hasherrmsg, SHA1_SCHEME_NAME, dbpwd ); + slapi_log_error( SLAPI_LOG_PLUGIN, plugin_name, hasherrmsg, schemeName, dbpwd ); goto loser; } - - /* SHA1 hash the user's key */ - if ( sha1_salted_hash( userhash, userpwd, &salt ) != SECSuccess ) { - slapi_log_error( SLAPI_LOG_PLUGIN, plugin_name, "sha1_pw_cmp: SHA1_Hash() failed\n"); + + /* hash the user's key */ + if ( sha_salted_hash( userhash, userpwd, &salt, secOID ) != SECSuccess ) { + slapi_log_error( SLAPI_LOG_PLUGIN, plugin_name, "sha_pw_cmp: sha_salted_hash() failed\n"); goto loser; } - + /* the proof is in the comparison... */ result = ( hash_len == DS40B1_SALTED_SHA_LENGTH ) ? ( memcmp( userhash, dbhash + 8, hash_len - 8 )) : - ( memcmp( userhash, dbhash, SHA1_LENGTH )); - + ( memcmp( userhash, dbhash, shaLen )); + loser: if ( dbhash && dbhash != quick_dbhash ) slapi_ch_free( (void**)&dbhash ); return result; } - - + char * -sha1_pw_enc( char *pwd ) +sha_pw_enc( char *pwd, unsigned int shaLen ) { - unsigned char hash[ SHA1_LENGTH ]; + unsigned char hash[MAX_SHA_HASH_SIZE]; char *enc; - - /* SHA1 hash the user's key */ - if ( sha1_salted_hash( hash, pwd, NULL ) != SECSuccess ) { + char *schemeName; + unsigned int schemeNameLen; + unsigned int secOID; + + /* Determine which algorithm we're using */ + switch (shaLen) { + case SHA1_LENGTH: + schemeName = SHA1_SCHEME_NAME; + schemeNameLen = SHA1_NAME_LEN; + secOID = SEC_OID_SHA1; + break; + case SHA256_LENGTH: + schemeName = SHA256_SCHEME_NAME; + schemeNameLen = SHA256_NAME_LEN; + secOID = SEC_OID_SHA256; + break; + case SHA384_LENGTH: + schemeName = SHA384_SCHEME_NAME; + schemeNameLen = SHA384_NAME_LEN; + secOID = SEC_OID_SHA384; + break; + case SHA512_LENGTH: + schemeName = SHA512_SCHEME_NAME; + schemeNameLen = SHA512_NAME_LEN; + secOID = SEC_OID_SHA512; + break; + default: + /* An unknown shaLen was passed in. We shouldn't get here. */ + return( NULL ); + } + + /* hash the user's key */ + if ( sha_salted_hash( hash, pwd, NULL, secOID ) != SECSuccess ) { return( NULL ); } - - if (( enc = slapi_ch_malloc( 3 + SHA1_NAME_LEN + - LDIF_BASE64_LEN( SHA1_LENGTH ))) == NULL ) { + + if (( enc = slapi_ch_malloc( 3 + schemeNameLen + + LDIF_BASE64_LEN( shaLen ))) == NULL ) { return( NULL ); } - - sprintf( enc, "%c%s%c", PWD_HASH_PREFIX_START, SHA1_SCHEME_NAME, + + sprintf( enc, "%c%s%c", PWD_HASH_PREFIX_START, schemeName, PWD_HASH_PREFIX_END ); - (void)ldif_base64_encode( hash, enc + 2 + SHA1_NAME_LEN, - SHA1_LENGTH, -1 ); - + (void)ldif_base64_encode( hash, enc + 2 + schemeNameLen, + shaLen, -1 ); + return( enc ); } + +/* + * Wrapper password comparison functions + */ +int +sha1_pw_cmp (char *userpwd, char *dbpwd ) +{ + return sha_pw_cmp( userpwd, dbpwd, SHA1_LENGTH ); +} + +int +sha256_pw_cmp (char *userpwd, char *dbpwd ) +{ + return sha_pw_cmp( userpwd, dbpwd, SHA256_LENGTH ); +} + +int +sha384_pw_cmp (char *userpwd, char *dbpwd ) +{ + return sha_pw_cmp( userpwd, dbpwd, SHA384_LENGTH ); +} + +int +sha512_pw_cmp (char *userpwd, char *dbpwd ) +{ + return sha_pw_cmp( userpwd, dbpwd, SHA512_LENGTH ); +} + +/* + * Wrapper password encryption functions + */ +char * +sha1_pw_enc( char *pwd ) +{ + return sha_pw_enc( pwd, SHA1_LENGTH ); +} + +char * +sha256_pw_enc( char *pwd ) +{ + return sha_pw_enc( pwd, SHA256_LENGTH ); +} + +char * +sha384_pw_enc( char *pwd ) +{ + return sha_pw_enc( pwd, SHA384_LENGTH ); +} + +char * +sha512_pw_enc( char *pwd ) +{ + return sha_pw_enc( pwd, SHA512_LENGTH ); +} diff --git a/ldap/servers/plugins/pwdstorage/ssha_pwd.c b/ldap/servers/plugins/pwdstorage/ssha_pwd.c index 0384c33..b23c2ad 100644 --- a/ldap/servers/plugins/pwdstorage/ssha_pwd.c +++ b/ldap/servers/plugins/pwdstorage/ssha_pwd.c @@ -53,7 +53,7 @@ #include #endif /* NET_SSL */ -#define SHA1_SALT_LENGTH 8 /* number of bytes of data in salt */ +#define SHA_SALT_LENGTH 8 /* number of bytes of data in salt */ static void ssha_rand_array(void *randx, size_t len); @@ -70,75 +70,146 @@ ssha_rand_array(void *randx, size_t len) PK11_GenerateRandom((unsigned char *)randx, (int)len); } -/* - * A salted SHA1 hash - * if salt is null, no salt is used (this is for backward compatibility) -*/ SECStatus -sha1_salted_hash(unsigned char *hash_out, char *pwd, struct berval *salt) +sha_salted_hash(unsigned char *hash_out, char *pwd, struct berval *salt, unsigned int secOID) { PK11Context *ctx; unsigned int outLen; + unsigned int shaLen; SECStatus rc; + + switch (secOID) { + case SEC_OID_SHA1: + shaLen = SHA1_LENGTH; + break; + case SEC_OID_SHA256: + shaLen = SHA256_LENGTH; + break; + case SEC_OID_SHA384: + shaLen = SHA384_LENGTH; + break; + case SEC_OID_SHA512: + shaLen = SHA512_LENGTH; + break; + default: + /* An unknown secOID was passed in. We shouldn't get here. */ + rc = SECFailure; + return rc; + } if (salt && salt->bv_len) { - ctx = PK11_CreateDigestContext(SEC_OID_SHA1); - if (ctx == NULL) { - rc = SECFailure; - } - else { - PK11_DigestBegin(ctx); - PK11_DigestOp(ctx, (unsigned char*)pwd, strlen(pwd)); - PK11_DigestOp(ctx, (unsigned char*)(salt->bv_val), salt->bv_len); - PK11_DigestFinal(ctx, hash_out, &outLen, SHA1_LENGTH); - PK11_DestroyContext(ctx, 1); - if (outLen == SHA1_LENGTH) - rc = SECSuccess; - else - rc = SECFailure; - } + ctx = PK11_CreateDigestContext(secOID); + if (ctx == NULL) { + rc = SECFailure; + } else { + PK11_DigestBegin(ctx); + PK11_DigestOp(ctx, (unsigned char*)pwd, strlen(pwd)); + PK11_DigestOp(ctx, (unsigned char*)(salt->bv_val), salt->bv_len); + PK11_DigestFinal(ctx, hash_out, &outLen, shaLen); + PK11_DestroyContext(ctx, 1); + if (outLen == shaLen) + rc = SECSuccess; + else + rc = SECFailure; + } } else { /*backward compatibility*/ - rc = PK11_HashBuf(SEC_OID_SHA1, hash_out, (unsigned char *)pwd, strlen(pwd)); + rc = PK11_HashBuf(secOID, hash_out, (unsigned char *)pwd, strlen(pwd)); } - + return rc; } char * -salted_sha1_pw_enc( char *pwd ) +salted_sha_pw_enc( char *pwd, unsigned int shaLen ) { - unsigned char hash[ SHA1_LENGTH + SHA1_SALT_LENGTH ]; - unsigned char *salt = hash + SHA1_LENGTH; + unsigned char hash[ MAX_SHA_HASH_SIZE + SHA_SALT_LENGTH ]; + unsigned char *salt = hash + shaLen; struct berval saltval; char *enc; - + char *schemeName; + unsigned int schemeNameLen; + unsigned int secOID; + + /* Determine which algorithm we're using */ + switch (shaLen) { + case SHA1_LENGTH: + schemeName = SALTED_SHA1_SCHEME_NAME; + schemeNameLen = SALTED_SHA1_NAME_LEN; + secOID = SEC_OID_SHA1; + break; + case SHA256_LENGTH: + schemeName = SALTED_SHA256_SCHEME_NAME; + schemeNameLen = SALTED_SHA256_NAME_LEN; + secOID = SEC_OID_SHA256; + break; + case SHA384_LENGTH: + schemeName = SALTED_SHA384_SCHEME_NAME; + schemeNameLen = SALTED_SHA384_NAME_LEN; + secOID = SEC_OID_SHA384; + break; + case SHA512_LENGTH: + schemeName = SALTED_SHA512_SCHEME_NAME; + schemeNameLen = SALTED_SHA512_NAME_LEN; + secOID = SEC_OID_SHA512; + break; + default: + /* An unknown shaLen was passed in. We shouldn't get here. */ + return( NULL ); + } + saltval.bv_val = (void*)salt; - saltval.bv_len = SHA1_SALT_LENGTH; - + saltval.bv_len = SHA_SALT_LENGTH; + /* generate a new random salt */ - /* Note: the uninitialized salt array provides a little extra entropy - * to the random array generation, but it is not really needed since - * PK11_GenerateRandom takes care of seeding. In any case, it doesn't - * hurt. */ - ssha_rand_array( salt, SHA1_SALT_LENGTH ); - - /* SHA1 hash the user's key */ - if ( sha1_salted_hash( hash, pwd, &saltval ) != SECSuccess ) { + /* Note: the uninitialized salt array provides a little extra entropy + * to the random array generation, but it is not really needed since + * PK11_GenerateRandom takes care of seeding. In any case, it doesn't + * hurt. */ + ssha_rand_array( salt, SHA_SALT_LENGTH ); + + /* hash the user's key */ + if ( sha_salted_hash( hash, pwd, &saltval, secOID ) != SECSuccess ) { return( NULL ); } - - if (( enc = slapi_ch_malloc( 3 + SALTED_SHA1_NAME_LEN + + + if (( enc = slapi_ch_malloc( 3 + schemeNameLen + LDIF_BASE64_LEN(sizeof(hash)))) == NULL ) { return( NULL ); } - - sprintf( enc, "%c%s%c", PWD_HASH_PREFIX_START, SALTED_SHA1_SCHEME_NAME, + + sprintf( enc, "%c%s%c", PWD_HASH_PREFIX_START, schemeName, PWD_HASH_PREFIX_END ); - (void)ldif_base64_encode( hash, enc + 2 + SALTED_SHA1_NAME_LEN, + (void)ldif_base64_encode( hash, enc + 2 + schemeNameLen, sizeof(hash), -1 ); - + return( enc ); } +/* + * Wrapper functions for password encoding + */ +char * +salted_sha1_pw_enc( char *pwd ) +{ + return salted_sha_pw_enc( pwd, SHA1_LENGTH ); +} + +char * +salted_sha256_pw_enc( char *pwd ) +{ + return salted_sha_pw_enc( pwd, SHA256_LENGTH ); +} + +char * +salted_sha384_pw_enc( char *pwd ) +{ + return salted_sha_pw_enc( pwd, SHA384_LENGTH ); +} + +char * +salted_sha512_pw_enc( char *pwd ) +{ + return salted_sha_pw_enc( pwd, SHA512_LENGTH ); +} diff --git a/ldap/servers/plugins/uiduniq/7bit.c b/ldap/servers/plugins/uiduniq/7bit.c index cfea16f..fb340fa 100644 --- a/ldap/servers/plugins/uiduniq/7bit.c +++ b/ldap/servers/plugins/uiduniq/7bit.c @@ -344,7 +344,7 @@ addMod(LDAPMod ***modary, int *capacity, int *nmods, LDAPMod *toadd) *modary = (LDAPMod **)slapi_ch_malloc(*capacity * sizeof(LDAPMod *)); } } - *modary[*nmods] = toadd; + (*modary)[*nmods] = toadd; (*nmods)++; } diff --git a/ldap/servers/plugins/uiduniq/uid.c b/ldap/servers/plugins/uiduniq/uid.c index 10beab3..b1f0d1d 100644 --- a/ldap/servers/plugins/uiduniq/uid.c +++ b/ldap/servers/plugins/uiduniq/uid.c @@ -383,8 +383,14 @@ searchAllSubtrees(int argc, char *argv[], const char *attrName, */ for(;argc > 0;argc--,argv++) { - result = search(*argv, attrName, attr, values, dn); - if (result) break; + /* + * The DN should already be normalized, so we don't have to + * worry about that here. + */ + if (slapi_dn_issuffix(dn, *argv)) { + result = search(*argv, attrName, attr, values, dn); + if (result) break; + } } return result; } diff --git a/ldap/servers/plugins/views/views.c b/ldap/servers/plugins/views/views.c index 0377dea..d5c7e69 100644 --- a/ldap/servers/plugins/views/views.c +++ b/ldap/servers/plugins/views/views.c @@ -1529,7 +1529,7 @@ static void views_update_views_cache( Slapi_Entry *e, char *dn, int modtype, Sla theView->parentid = 0; /* add view to the cache */ - views_cache_add_ll_entry((void**)theCache.pCacheViews, (void *)theView); + views_cache_add_ll_entry((void**)&theCache.pCacheViews, (void *)theView); views_cache_discover_parent(theView); if(theView->pParent) diff --git a/ldap/servers/slapd/attr.c b/ldap/servers/slapd/attr.c index 9f8c9f9..053cfa6 100644 --- a/ldap/servers/slapd/attr.c +++ b/ldap/servers/slapd/attr.c @@ -710,19 +710,12 @@ attr_add_deleted_value(Slapi_Attr *a, const Slapi_Value *v) } /* - * If we are adding or deleting SLAPD_MODUTIL_TREE_THRESHHOLD or more - * entries, we use an AVL tree to speed up searching for duplicates or - * values we are trying to delete. This threshhold is somewhat arbitrary; - * we should really take some measurements to determine an optimal number. - */ -#define SLAPD_MODUTIL_TREE_THRESHHOLD 5 - -/* - * Add a value array to an attribute. If SLAPD_MODUTIL_TREE_THRESHHOLD or - * more values are being added, we build an AVL tree of any existing + * Add a value array to an attribute. + * If more than one values are being added, we build an AVL tree of any existing * values and then update that in parallel with the existing values. This - * is done so that we do not waste a lot of CPU time searching for duplicate - * values. The AVL tree is created and destroyed all within this function. + * AVL tree is used to detect the duplicates not only between the existing + * values and to-be-added values but also among the to-be-added values. + * The AVL tree is created and destroyed all within this function. * * Returns * LDAP_SUCCESS - OK @@ -733,28 +726,28 @@ int attr_add_valuearray(Slapi_Attr *a, Slapi_Value **vals, const char *dn) { int i = 0; - int duplicate_index = -1; - int was_present_null = 0; - int rc = LDAP_SUCCESS; + int numofvals = 0; + int duplicate_index = -1; + int was_present_null = 0; + int rc = LDAP_SUCCESS; if (valuearray_isempty(vals)) { /* * No values to add (unexpected but acceptable). */ return rc; - } + } /* * determine whether we should use an AVL tree of values or not */ - while ( i < SLAPD_MODUTIL_TREE_THRESHHOLD - 1 && vals[i] != NULL ) { - i++; - } + for ( i = 0; vals[i] != NULL; i++ ) ; + numofvals = i; /* * detect duplicate values */ - if ( i >= SLAPD_MODUTIL_TREE_THRESHHOLD - 1 ) { + if ( numofvals > 1 ) { /* * Several values to add: use an AVL tree to detect duplicates. */ @@ -763,82 +756,85 @@ attr_add_valuearray(Slapi_Attr *a, Slapi_Value **vals, const char *dn) "detect duplicate values\n", 0, 0, 0 ); if (valueset_isempty(&a->a_present_values)) { - /* if the attribute contains no values yet, just check the - * input vals array for duplicates - */ + /* if the attribute contains no values yet, just check the + * input vals array for duplicates + */ Avlnode *vtree = NULL; rc= valuetree_add_valuearray(a->a_type, a->a_plugin, vals, &vtree, &duplicate_index); valuetree_free(&vtree); - was_present_null = 1; + was_present_null = 1; } else { - /* the attr and vals both contain values, check intersection */ + /* the attr and vals both contain values, check intersection */ rc= valueset_intersectswith_valuearray(&a->a_present_values, a, vals, &duplicate_index); } } else if ( !valueset_isempty(&a->a_present_values) ) { /* - * Small number of values to add: don't bother constructing + * One or no value to add: don't bother constructing * an AVL tree, etc. since it probably isn't worth the time. */ for ( i = 0; vals[i] != NULL; ++i ) { if ( slapi_attr_value_find( a, slapi_value_get_berval(vals[i]) ) == 0 ) { - duplicate_index = i; - rc = LDAP_TYPE_OR_VALUE_EXISTS; - break; + duplicate_index = i; + rc = LDAP_TYPE_OR_VALUE_EXISTS; + break; } - } + } } - /* - * add values if no duplicates detected - */ + /* + * add values if no duplicates detected + */ if(rc==LDAP_SUCCESS) { - valueset_add_valuearray( &a->a_present_values, vals ); - } + valueset_add_valuearray( &a->a_present_values, vals ); + } - /* In the case of duplicate value, rc == LDAP_TYPE_OR_VALUE_EXISTS or - * LDAP_OPERATIONS_ERROR - */ - else if ( duplicate_index >= 0 ) { - char avdbuf[BUFSIZ]; - char bvvalcopy[BUFSIZ]; - char *duplicate_string = "null or non-ASCII"; - - i = 0; - while ( (unsigned int)i < vals[duplicate_index]->bv.bv_len && - i < BUFSIZ - 1 && - vals[duplicate_index]->bv.bv_val[i] && - isascii ( vals[duplicate_index]->bv.bv_val[i] )) { - i++; - } + /* In the case of duplicate value, rc == LDAP_TYPE_OR_VALUE_EXISTS or + * LDAP_OPERATIONS_ERROR + */ + else if ( duplicate_index >= 0 ) { + char avdbuf[BUFSIZ]; + char bvvalcopy[BUFSIZ]; + char *duplicate_string = "null or non-ASCII"; + + i = 0; + while ( (unsigned int)i < vals[duplicate_index]->bv.bv_len && + i < BUFSIZ - 1 && + vals[duplicate_index]->bv.bv_val[i] && + isascii ( vals[duplicate_index]->bv.bv_val[i] )) { + i++; + } - if ( i ) { - if ( vals[duplicate_index]->bv.bv_val[i] == 0 ) { - duplicate_string = vals[duplicate_index]->bv.bv_val; - } - else { - strncpy ( &bvvalcopy[0], vals[duplicate_index]->bv.bv_val, i ); - bvvalcopy[i] = '\0'; - duplicate_string = bvvalcopy; - } - } + if ( i ) { + if ( vals[duplicate_index]->bv.bv_val[i] == 0 ) { + duplicate_string = vals[duplicate_index]->bv.bv_val; + } + else { + strncpy ( &bvvalcopy[0], vals[duplicate_index]->bv.bv_val, i ); + bvvalcopy[i] = '\0'; + duplicate_string = bvvalcopy; + } + } - slapi_log_error( SLAPI_LOG_FATAL, NULL, "add value \"%s\" to " - "attribute type \"%s\" in entry \"%s\" failed: %s\n", - duplicate_string, - a->a_type, - dn ? escape_string(dn,avdbuf) : "", - (was_present_null ? "duplicate new value" : "value exists")); - } + slapi_log_error( SLAPI_LOG_FATAL, NULL, "add value \"%s\" to " + "attribute type \"%s\" in entry \"%s\" failed: %s\n", + duplicate_string, + a->a_type, + dn ? escape_string(dn,avdbuf) : "", + (was_present_null ? "duplicate new value" : "value exists")); + } return( rc ); } /* quickly toss an attribute's values and replace them with new ones * (used by attrlist_replace_fast) + * Returns + * LDAP_SUCCESS - OK + * LDAP_OPERATIONS_ERROR - Existing duplicates in attribute. */ -void attr_replace(Slapi_Attr *a, Slapi_Value **vals) +int attr_replace(Slapi_Attr *a, Slapi_Value **vals) { - valueset_replace(&a->a_present_values, vals); + return valueset_replace(a, &a->a_present_values, vals); } int diff --git a/ldap/servers/slapd/attrlist.c b/ldap/servers/slapd/attrlist.c index 8fd89fc..eacdb3d 100644 --- a/ldap/servers/slapd/attrlist.c +++ b/ldap/servers/slapd/attrlist.c @@ -268,18 +268,24 @@ attrlist_delete(Slapi_Attr **attrs, const char *type) /* * attrlist_replace - replace the attribute value(s) with this value(s) + * + * Returns + * LDAP_SUCCESS - OK (including the attr not found) + * LDAP_OPERATIONS_ERROR - Existing duplicates in attribute. */ -void attrlist_replace(Slapi_Attr **alist, const char *type, struct berval **vals) +int attrlist_replace(Slapi_Attr **alist, const char *type, struct berval **vals) { Slapi_Attr **a = NULL; Slapi_Value **values = NULL; + int rc = LDAP_SUCCESS; if (vals == NULL || vals[0] == NULL) { (void)attrlist_delete(alist, type); } else { attrlist_find_or_create(alist, type, &a); valuearray_init_bervalarray(vals, &values); - attr_replace(*a, values); + rc = attr_replace(*a, values); } + return rc; } diff --git a/ldap/servers/slapd/back-ldbm/back-ldbm.h b/ldap/servers/slapd/back-ldbm/back-ldbm.h index 0a0e355..f469986 100644 --- a/ldap/servers/slapd/back-ldbm/back-ldbm.h +++ b/ldap/servers/slapd/back-ldbm/back-ldbm.h @@ -637,6 +637,7 @@ typedef struct _back_search_result_set #define BE_INDEX_PRESENCE 4 /* (w/DEL) remove the presence index */ #define BE_INDEX_TOMBSTONE 8 /* Index entry as a tombstone */ #define BE_INDEX_DONT_ENCRYPT 16 /* Disable any encryption if this flag is set */ +#define BE_INDEX_EQUALITY 32 /* (w/DEL) remove the equality index */ /* Name of attribute type used for binder-based look through limit */ #define LDBM_LOOKTHROUGHLIMIT_AT "nsLookThroughLimit" diff --git a/ldap/servers/slapd/back-ldbm/index.c b/ldap/servers/slapd/back-ldbm/index.c index e9fac76..750c104 100644 --- a/ldap/servers/slapd/back-ldbm/index.c +++ b/ldap/servers/slapd/back-ldbm/index.c @@ -453,35 +453,120 @@ index_add_mods( ) { int rc = 0; - int i; - Slapi_Attr *attr; + int i, j; ID id = olde->ep_id; - Slapi_Value **svals = NULL; + int flags = 0; + char buf[SLAPD_TYPICAL_ATTRIBUTE_NAME_MAX_LENGTH]; + char *basetype = NULL; + char *tmp = NULL; + Slapi_Attr *curr_attr = NULL; + Slapi_ValueSet *all_vals = NULL; + Slapi_ValueSet *mod_vals = NULL; + Slapi_Value **evals = NULL; /* values that still exist after a + * delete. + */ + Slapi_Value **mods_valueArray = NULL; /* values that are specified in this + * operation. + */ + Slapi_Value **deleted_valueArray = NULL; /* values whose index entries + * should be deleted. + */ for ( i = 0; mods[i] != NULL; i++ ) { + /* Get base attribute type */ + basetype = buf; + tmp = slapi_attr_basetype(mods[i]->mod_type, buf, sizeof(buf)); + if(tmp != NULL) { + basetype = tmp; /* basetype was malloc'd */ + } + + /* Get a list of all remaining values for the base type + * and any present subtypes. + */ + all_vals = slapi_valueset_new(); + + for (curr_attr = newe->ep_entry->e_attrs; curr_attr != NULL; curr_attr = curr_attr->a_next) { + if (slapi_attr_type_cmp( basetype, curr_attr->a_type, SLAPI_TYPE_CMP_BASE ) == 0) { + valueset_add_valuearray(all_vals, attr_get_present_values(curr_attr)); + } + } + + evals = valueset_get_valuearray(all_vals); + + /* Get a list of all values specified in the operation. + */ + if ( mods[i]->mod_bvalues != NULL ) { + valuearray_init_bervalarray(mods[i]->mod_bvalues, + &mods_valueArray); + } + switch ( mods[i]->mod_op & ~LDAP_MOD_BVALUES ) { case LDAP_MOD_REPLACE: + flags = BE_INDEX_DEL; + /* Get a list of all values being deleted. + */ + mod_vals = slapi_valueset_new(); + + for (curr_attr = olde->ep_entry->e_attrs; curr_attr != NULL; curr_attr = curr_attr->a_next) { + if (slapi_attr_type_cmp( mods[i]->mod_type, curr_attr->a_type, SLAPI_TYPE_CMP_EXACT ) == 0) { + valueset_add_valuearray(mod_vals, attr_get_present_values(curr_attr)); + } + } + + deleted_valueArray = valueset_get_valuearray(mod_vals); + + /* If subtypes exist, don't remove the presence + * index. + */ + if ( evals != NULL && deleted_valueArray != NULL) { + /* evals will contain the new value that is being + * added as part of the replace operation if one + * was specified. We must remove this value from + * evals to know if any subtypes are present. + */ + slapi_entry_attr_find( olde->ep_entry, mods[i]->mod_type, &curr_attr ); + if ( mods_valueArray != NULL ) { + for ( j = 0; mods_valueArray[j] != NULL; j++ ) { + valuearray_remove_value(curr_attr, evals, mods_valueArray[j]); + } + } + + /* Search evals for the values being deleted. If + * they don't exist, delete the equality index. + */ + for ( j = 0; deleted_valueArray[j] != NULL; j++ ) { + if (valuearray_find(curr_attr, evals, deleted_valueArray[j]) == -1) { + if (!(flags & BE_INDEX_EQUALITY)) { + flags |= BE_INDEX_EQUALITY; + } + } else { + /* Remove duplicate value from deleted value array */ + valuearray_remove_value(curr_attr, deleted_valueArray, deleted_valueArray[j]); + j--; + } + } + } else { + flags |= BE_INDEX_PRESENCE|BE_INDEX_EQUALITY; + } + /* We need to first remove the old values from the - * index. */ - if ( slapi_entry_attr_find( olde->ep_entry, mods[i]->mod_type, &attr ) == 0 && - (svals = attr_get_present_values(attr)) != NULL ) { + * index, if any. */ + if (deleted_valueArray) { index_addordel_values_sv( be, mods[i]->mod_type, - svals, NULL, id, - BE_INDEX_DEL|BE_INDEX_PRESENCE, - txn ); + deleted_valueArray, evals, id, + flags, txn ); } + + /* Free valuearray */ + slapi_valueset_free(mod_vals); case LDAP_MOD_ADD: - if ( mods[i]->mod_bvalues == NULL ) { + if ( mods_valueArray == NULL ) { rc = 0; } else { - Slapi_Value **mods_valueArray = NULL; - valuearray_init_bervalarray(mods[i]->mod_bvalues, - &mods_valueArray); rc = index_addordel_values_sv( be, mods[i]->mod_type, mods_valueArray, NULL, id, BE_INDEX_ADD, txn ); - valuearray_free(&mods_valueArray); } break; @@ -489,44 +574,92 @@ index_add_mods( if ( (mods[i]->mod_bvalues == NULL) || (mods[i]->mod_bvalues[0] == NULL) ) { rc = 0; - /* if no value are specified all the values will - * be suppressed -> remove the presence index + flags = BE_INDEX_DEL; + + /* Get a list of all values that are being + * deleted. + */ + mod_vals = slapi_valueset_new(); + + for (curr_attr = olde->ep_entry->e_attrs; curr_attr != NULL; curr_attr = curr_attr->a_next) { + if (slapi_attr_type_cmp( mods[i]->mod_type, curr_attr->a_type, SLAPI_TYPE_CMP_EXACT ) == 0) { + valueset_add_valuearray(mod_vals, attr_get_present_values(curr_attr)); + } + } + + deleted_valueArray = valueset_get_valuearray(mod_vals); + + /* If subtypes exist, don't remove the + * presence index. */ - if ( slapi_entry_attr_find( olde->ep_entry, mods[i]->mod_type, &attr ) == 0 && - (svals = attr_get_present_values(attr)) != NULL ) { - index_addordel_values_sv( be, mods[i]->mod_type, - svals, NULL, id, BE_INDEX_DEL|BE_INDEX_PRESENCE, txn); + if (evals != NULL) { + for (curr_attr = newe->ep_entry->e_attrs; (curr_attr != NULL); + curr_attr = curr_attr->a_next) { + if (slapi_attr_type_cmp( basetype, curr_attr->a_type, SLAPI_TYPE_CMP_BASE ) == 0) { + /* Check if the any values being deleted + * also exist in a subtype. + */ + for ( j=0; deleted_valueArray[j] != NULL; j++) { + if ( valuearray_find(curr_attr, evals, deleted_valueArray[j]) == -1 ) { + /* If the equality flag isn't already set, set it */ + if (!(flags & BE_INDEX_EQUALITY)) { + flags |= BE_INDEX_EQUALITY; + } + } else { + /* Remove duplicate value from the mod list */ + valuearray_remove_value(curr_attr, deleted_valueArray, deleted_valueArray[j]); + j--; + } + } + } + } + } else { + flags = BE_INDEX_DEL|BE_INDEX_PRESENCE|BE_INDEX_EQUALITY; } + + /* Update the index */ + index_addordel_values_sv( be, mods[i]->mod_type, + deleted_valueArray, evals, id, flags, txn); + + slapi_valueset_free(mod_vals); } else { + /* determine if the presence key should be * removed (are we removing the last value * for this attribute?) */ - int flags = BE_INDEX_DEL; - Slapi_Value ** svals = NULL; - Slapi_Value **mods_valueArray = NULL; - - valuearray_init_bervalarray(mods[i]->mod_bvalues, - &mods_valueArray); - - if (slapi_entry_attr_find(newe->ep_entry, - mods[i]->mod_type, &attr) == 0) { - svals = attr_get_present_values(attr); + if (evals == NULL || evals[0] == NULL) { + flags = BE_INDEX_DEL|BE_INDEX_PRESENCE; + } else { + flags = BE_INDEX_DEL; } - if (svals == NULL || svals[0] == NULL) { - flags |= BE_INDEX_PRESENCE; - } + /* If the same value doesn't exist in a subtype, set + * BE_INDEX_EQUALITY flag so the equality index is + * removed. + */ + slapi_entry_attr_find( olde->ep_entry, mods[i]->mod_type, &curr_attr); + for (j = 0; mods_valueArray[j] != NULL; j++ ) { + if ( valuearray_find(curr_attr, evals, mods_valueArray[j]) == -1 ) { + if (!(flags & BE_INDEX_EQUALITY)) { + flags |= BE_INDEX_EQUALITY; + } + } + } - rc = index_addordel_values_sv( be, mods[i]->mod_type, + rc = index_addordel_values_sv( be, basetype, mods_valueArray, - svals, id, flags, txn ); - valuearray_free(&mods_valueArray); + evals, id, flags, txn ); } rc = 0; break; } + /* free memory */ + slapi_ch_free((void **)&tmp); + valuearray_free(&mods_valueArray); + slapi_valueset_free(all_vals); + if ( rc != 0 ) { ldbm_nasty(errmsg, 1040, rc); return( rc ); @@ -1595,7 +1728,11 @@ index_addordel_values_ext_sv( /* * equality index entry */ - if ( ai->ai_indexmask & INDEX_EQUALITY ) { + if (( ai->ai_indexmask & INDEX_EQUALITY ) && + (flags & (BE_INDEX_ADD|BE_INDEX_EQUALITY))) { + /* on delete, only remove the equality index if the + * BE_INDEX_EQUALITY flag is set. + */ slapi_call_syntax_values2keys_sv( ai->ai_plugin, vals, &ivals, LDAP_FILTER_EQUALITY ); diff --git a/ldap/servers/slapd/back-ldbm/ldbm_attr.c b/ldap/servers/slapd/back-ldbm/ldbm_attr.c index af53e79..d6a3d16 100644 --- a/ldap/servers/slapd/back-ldbm/ldbm_attr.c +++ b/ldap/servers/slapd/back-ldbm/ldbm_attr.c @@ -632,7 +632,7 @@ ldbm_compute_rewriter(Slapi_PBlock *pb) if ( NULL != fstr ) { char *lc_fstr = (char *)slapi_utf8StrToLower( (unsigned char *)fstr ); - if (string_find(lc_fstr,"subordinates")) { + if (lc_fstr && string_find(lc_fstr,"subordinates")) { Slapi_Filter *f = NULL; /* Look for special filters we want to leave alone */ if (0 == strcmp(lc_fstr, "(&(numsubordinates=*)(numsubordinates>=1))" )) { diff --git a/ldap/servers/slapd/back-ldbm/ldbm_delete.c b/ldap/servers/slapd/back-ldbm/ldbm_delete.c index d76491a..78031d3 100644 --- a/ldap/servers/slapd/back-ldbm/ldbm_delete.c +++ b/ldap/servers/slapd/back-ldbm/ldbm_delete.c @@ -401,7 +401,7 @@ ldbm_back_delete( Slapi_PBlock *pb ) } } /* delete from attribute indexes */ - addordel_flags = BE_INDEX_DEL|BE_INDEX_PRESENCE; + addordel_flags = BE_INDEX_DEL|BE_INDEX_PRESENCE|BE_INDEX_EQUALITY; if (delete_tombstone_entry) { addordel_flags |= BE_INDEX_TOMBSTONE; /* tell index code we are deleting a tombstone */ diff --git a/ldap/servers/slapd/entry.c b/ldap/servers/slapd/entry.c index f690e37..cd5010b 100644 --- a/ldap/servers/slapd/entry.c +++ b/ldap/servers/slapd/entry.c @@ -2792,8 +2792,7 @@ entry_replace_values( struct berval **vals ) { - attrlist_replace( &e->e_attrs, type, vals ); - return 0; + return attrlist_replace( &e->e_attrs, type, vals ); } int @@ -3086,8 +3085,21 @@ slapi_entries_diff(Slapi_Entry **old_entries, Slapi_Entry **curr_entries, { for (cep = curr_entries; cep != NULL && *cep != NULL; ) { - int dncmp = slapi_sdn_compare(slapi_entry_get_sdn_const(*oep), + int dncmp; + if ((*oep != NULL) && (*cep !=NULL)) { + dncmp = slapi_sdn_compare(slapi_entry_get_sdn_const(*oep), slapi_entry_get_sdn_const(*cep)); + } + else if (*oep==NULL) { + dncmp=-1; // OEP is empty, it does not have the entry. + } + else if (*cep==NULL) { + dncmp=1; // CEP is empty, it does not have the entry. + } + else { + continue; // Not sure what happened, but cannot proceed. + } + if (force_update) { pblock_init(&pb); @@ -3159,7 +3171,7 @@ slapi_entries_diff(Slapi_Entry **old_entries, Slapi_Entry **curr_entries, slapi_mods_free(&smods); oep++; cep++; } - else if (dncmp > 0) /* old_entries does not have cep */ + else if (dncmp < 0) /* old_entries does not have cep */ { rval = 1; @@ -3177,7 +3189,7 @@ slapi_entries_diff(Slapi_Entry **old_entries, Slapi_Entry **curr_entries, } cep++; } - else /* if (dncmp < 0) curr_entries does not have oep */ + else /* if (dncmp > 0) curr_entries does not have oep */ { rval = 1; LDAPDebug(LDAP_DEBUG_ANY, "Add %sEntry %s\n", diff --git a/ldap/servers/slapd/filtercmp.c b/ldap/servers/slapd/filtercmp.c index b820563..78ce6d5 100644 --- a/ldap/servers/slapd/filtercmp.c +++ b/ldap/servers/slapd/filtercmp.c @@ -64,7 +64,8 @@ static PRUint32 addhash_casestr(PRUint32 hash, char *data) unsigned char *normstr; normstr = slapi_utf8StrToLower((unsigned char *)data); - hash = addhash(hash, normstr, strlen((char *)normstr)); + hash = addhash(hash, normstr, + normstr ? strlen((char *)normstr) : 0); if ((char *)normstr != data) slapi_ch_free((void **)&normstr); return hash; diff --git a/ldap/servers/slapd/libslapd.def b/ldap/servers/slapd/libslapd.def index 074a887..b6401ca 100644 --- a/ldap/servers/slapd/libslapd.def +++ b/ldap/servers/slapd/libslapd.def @@ -773,10 +773,10 @@ EXPORTS slapi_mod_done @752 slapi_mods_done @753 operation_set_csn @754 -; entry_update_deleted_attribute @755 + valueset_add_valuearray @755 entry_first_deleted_attribute @756 entry_next_deleted_attribute @757 -; config_get_storestateinfo @758 + valuearray_remove_value @758 ; config_set_storestateinfo @759 slapi_value_set_string @760 slapi_is_loglevel_set @761 @@ -1056,6 +1056,7 @@ EXPORTS slapi_entry_delete_values_sv @1058 slapi_entry_attr_replace_sv @1059 + valuearray_find @1060 valuearray_free @1061 slapd_Client_auth @1062 slapi_rand_r @1063 diff --git a/ldap/servers/slapd/plugin.c b/ldap/servers/slapd/plugin.c index cd28d18..a1b9ad7 100644 --- a/ldap/servers/slapd/plugin.c +++ b/ldap/servers/slapd/plugin.c @@ -463,8 +463,11 @@ plugin_get_pwd_storage_scheme(char *name, int len, int index) struct slapdplugin *p; for ( p = global_plugin_list[index]; p != NULL; p = p->plg_next ) { - if (strncasecmp(p->plg_pwdstorageschemename, name, len) == 0) - return( p ); + if (strlen(p->plg_pwdstorageschemename) == len) { + if (strncasecmp(p->plg_pwdstorageschemename, name, len) == 0) { + return( p ); + } + } } return( NULL ); } diff --git a/ldap/servers/slapd/proto-slap.h b/ldap/servers/slapd/proto-slap.h index 5f37b92..a40dd3c 100644 --- a/ldap/servers/slapd/proto-slap.h +++ b/ldap/servers/slapd/proto-slap.h @@ -61,7 +61,7 @@ void do_add( Slapi_PBlock *pb ); */ void attr_done(Slapi_Attr *a); int attr_add_valuearray(Slapi_Attr *a, Slapi_Value **vals, const char *dn); -void attr_replace(Slapi_Attr *a, Slapi_Value **vals); +int attr_replace(Slapi_Attr *a, Slapi_Value **vals); int attr_check_onoff ( const char *attr_name, char *value, long minval, long maxval, char *errorbuf ); int attr_check_minmax ( const char *attr_name, char *value, long minval, long maxval, char *errorbuf ); @@ -80,7 +80,7 @@ Slapi_Attr *attrlist_remove(Slapi_Attr **attrs, const char *type); void attrlist_add(Slapi_Attr **attrs, Slapi_Attr *a); int attrlist_count_subtypes(Slapi_Attr *a, const char *type); Slapi_Attr *attrlist_find_ex( Slapi_Attr *a, const char *type, int *type_name_disposition, char** actual_type_name, void **hint ); -void attrlist_replace(Slapi_Attr **alist, const char *type, struct berval **vals); +int attrlist_replace(Slapi_Attr **alist, const char *type, struct berval **vals); /* * attrsyntax.c @@ -158,7 +158,7 @@ void valueset_add_valueset(Slapi_ValueSet *vs1, const Slapi_ValueSet *vs2); int valueset_intersectswith_valuearray(Slapi_ValueSet *vs, const Slapi_Attr *a, Slapi_Value **values, int *duplicate_index); Slapi_ValueSet *valueset_dup(const Slapi_ValueSet *dupee); void valueset_remove_string(const Slapi_Attr *a, Slapi_ValueSet *vs, const char *s); -void valueset_replace(Slapi_ValueSet *vs, Slapi_Value **vals); +int valueset_replace(Slapi_Attr *a, Slapi_ValueSet *vs, Slapi_Value **vals); void valueset_update_csn_for_valuearray(Slapi_ValueSet *vs, const Slapi_Attr *a, Slapi_Value **valuestoupdate, CSNType t, const CSN *csn, Slapi_Value ***valuesupdated); void valueset_set_valuearray_byval(Slapi_ValueSet *vs, Slapi_Value **addvals); void valueset_set_valuearray_passin(Slapi_ValueSet *vs, Slapi_Value **addvals); diff --git a/ldap/servers/slapd/saslbind.c b/ldap/servers/slapd/saslbind.c index af8eb6d..a38d07e 100644 --- a/ldap/servers/slapd/saslbind.c +++ b/ldap/servers/slapd/saslbind.c @@ -136,7 +136,7 @@ static int ids_sasl_log( { switch (level) { case SASL_LOG_ERR: /* log unusual errors (default) */ - slapi_log_error(SLAPI_LOG_FATAL, "sasl", "%s", message); + slapi_log_error(SLAPI_LOG_FATAL, "sasl", "%s\n", message); break; case SASL_LOG_FAIL: /* log all authentication failures */ @@ -146,7 +146,7 @@ static int ids_sasl_log( case SASL_LOG_TRACE: /* traces of internal protocols */ case SASL_LOG_PASS: /* traces of internal protocols, including * passwords */ - LDAPDebug(LDAP_DEBUG_ANY, "sasl(%d): %s", level, message, 0); + LDAPDebug(LDAP_DEBUG_ANY, "sasl(%d): %s\n", level, message, 0); break; case SASL_LOG_NONE: /* don't log anything */ @@ -446,7 +446,12 @@ static int ids_sasl_canon_user( clear = pw; if (clear) { - if (prop_set(propctx, "userpassword", clear, -1) != 0) { + if (prop_set(propctx, SASL_AUX_PASSWORD_PROP, clear, -1) != 0) { + /* Failure is benign here because some mechanisms don't support this property */ + /*LDAPDebug(LDAP_DEBUG_TRACE, "prop_set(userpassword) failed\n", 0, 0, 0); + goto fail */ ; + } + if (prop_set(propctx, SASL_AUX_PASSWORD, clear, -1) != 0) { /* Failure is benign here because some mechanisms don't support this property */ /*LDAPDebug(LDAP_DEBUG_TRACE, "prop_set(userpassword) failed\n", 0, 0, 0); goto fail */ ; diff --git a/ldap/servers/slapd/slapi-private.h b/ldap/servers/slapd/slapi-private.h index 27b5609..9c9ce5c 100644 --- a/ldap/servers/slapd/slapi-private.h +++ b/ldap/servers/slapd/slapi-private.h @@ -778,6 +778,7 @@ void valuearray_add_value(Slapi_Value ***vals, const Slapi_Value *addval); void valuearray_add_value_fast(Slapi_Value ***vals, Slapi_Value *addval, int nvals, int *maxvals, int exact, int passin); void valuearray_add_valuearray( Slapi_Value ***vals, Slapi_Value **addvals, PRUint32 flags ); void valuearray_add_valuearray_fast( Slapi_Value ***vals, Slapi_Value **addvals, int nvals, int naddvals, int *maxvals, int exact, int passin ); +int valuearray_find(const Slapi_Attr *a, Slapi_Value **va, const Slapi_Value *v); /****************************************************************************** diff --git a/ldap/servers/slapd/test-plugins/testbind.c b/ldap/servers/slapd/test-plugins/testbind.c index d2fadc7..08e12a0 100644 --- a/ldap/servers/slapd/test-plugins/testbind.c +++ b/ldap/servers/slapd/test-plugins/testbind.c @@ -69,7 +69,7 @@ #include #include "slapi-plugin.h" -Slapi_PluginDesc bindpdesc = { "test-bind", "Netscape", "0.5", +Slapi_PluginDesc bindpdesc = { "test-bind", "Fedora Project", "7.1", "sample bind pre-operation plugin" }; static Slapi_ComponentId *plugin_id = NULL; diff --git a/ldap/servers/slapd/test-plugins/testdatainterop.c b/ldap/servers/slapd/test-plugins/testdatainterop.c index 728a146..2c87183 100644 --- a/ldap/servers/slapd/test-plugins/testdatainterop.c +++ b/ldap/servers/slapd/test-plugins/testdatainterop.c @@ -88,8 +88,8 @@ nsslapd-pluginType: preoperation nsslapd-pluginEnabled: on nsslapd-pluginId: nullsuffix-preop - nsslapd-pluginVersion: 6.2 - nsslapd-pluginVendor: Netscape + nsslapd-pluginVersion: 7.1 + nsslapd-pluginVendor: Fedora Project nsslapd-pluginDescription: sample pre-operation null suffix plugin ******************************************/ @@ -113,7 +113,7 @@ /* * Static variables. */ -static Slapi_PluginDesc plugindesc = { PLUGIN_NAME, "Netscape", "0.5", +static Slapi_PluginDesc plugindesc = { PLUGIN_NAME, "Fedora Project", "7.1", "sample pre-operation null suffix plugin" }; static Slapi_ComponentId *plugin_id = NULL; diff --git a/ldap/servers/slapd/test-plugins/testentry.c b/ldap/servers/slapd/test-plugins/testentry.c index 72464d2..fabb1a6 100644 --- a/ldap/servers/slapd/test-plugins/testentry.c +++ b/ldap/servers/slapd/test-plugins/testentry.c @@ -90,7 +90,7 @@ nsslapd-pluginId: test-entry #include #include "slapi-plugin.h" -Slapi_PluginDesc entrypdesc = { "test-entry", "Netscape", "0.5", +Slapi_PluginDesc entrypdesc = { "test-entry", "Fedora Project", "7.1", "sample entry modification plugin" }; /* Entry store plug-in function */ diff --git a/ldap/servers/slapd/test-plugins/testextendedop.c b/ldap/servers/slapd/test-plugins/testextendedop.c index d6e0841..5f5b638 100644 --- a/ldap/servers/slapd/test-plugins/testextendedop.c +++ b/ldap/servers/slapd/test-plugins/testextendedop.c @@ -83,7 +83,7 @@ /* OID of the extended operation handled by this plug-in */ #define MY_OID "1.2.3.4" -Slapi_PluginDesc expdesc = { "test-extendedop", "Netscape", "0.5", +Slapi_PluginDesc expdesc = { "test-extendedop", "Fedora Project", "7.1", "sample extended operation plugin" }; diff --git a/ldap/servers/slapd/test-plugins/testgetip.c b/ldap/servers/slapd/test-plugins/testgetip.c index 8e781ee..8867ee2 100644 --- a/ldap/servers/slapd/test-plugins/testgetip.c +++ b/ldap/servers/slapd/test-plugins/testgetip.c @@ -74,7 +74,7 @@ #include "slapi-plugin.h" #include "nspr.h" -Slapi_PluginDesc getippdesc = { "test-getip", "Netscape", "0.5", +Slapi_PluginDesc getippdesc = { "test-getip", "Fedora Project", "7.1", "sample pre-operation plugin" }; static char *netaddr2str( PRNetAddr *addrp, char *buf, size_t buflen ); diff --git a/ldap/servers/slapd/test-plugins/testpostop.c b/ldap/servers/slapd/test-plugins/testpostop.c index f598259..7c82bf7 100644 --- a/ldap/servers/slapd/test-plugins/testpostop.c +++ b/ldap/servers/slapd/test-plugins/testpostop.c @@ -93,7 +93,7 @@ static char changelogfile[MAX_PATH+1]; static char *changelogfile = "/tmp/changelog"; #endif -Slapi_PluginDesc postoppdesc = { "test-postop", "Netscape", "0.5", +Slapi_PluginDesc postoppdesc = { "test-postop", "Fedora Project", "7.1", "sample post-operation plugin" }; static void write_changelog( int optype, char *dn, void *change, int flag ); diff --git a/ldap/servers/slapd/test-plugins/testpreop.c b/ldap/servers/slapd/test-plugins/testpreop.c index af3ca1f..bc72dd0 100644 --- a/ldap/servers/slapd/test-plugins/testpreop.c +++ b/ldap/servers/slapd/test-plugins/testpreop.c @@ -45,6 +45,7 @@ * testpreop_bind (called before an LDAP bind operation) * testpreop_add (called before an LDAP add operation) + * testpreop_search (called before an LDAP search operation) * testpreop_abandon (called before an LDAP abandon operation) testpreop_bind logs information about the LDAP bind operation @@ -78,7 +79,7 @@ #include #include "slapi-plugin.h" -Slapi_PluginDesc preoppdesc = { "test-preop", "Netscape", "0.5", +Slapi_PluginDesc preoppdesc = { "test-preop", "Fedora Project", "7.1", "sample pre-operation plugin" }; /* Pre-operation plug-in function */ @@ -159,6 +160,26 @@ testpreop_add( Slapi_PBlock *pb ) return( 0 ); /* allow the operation to continue */ } +/* Pre-operation plug-in function */ +int +testpreop_search( Slapi_PBlock *pb ) +{ + char *base; + /* Log a message to indicate when the plug-in function starts */ + slapi_log_error( SLAPI_LOG_FATAL, "testpreop_search", + "*** PREOPERATION SEARCH PLUGIN ***\n"); + /* Get and log the base DN of the search criteria */ + if ( slapi_pblock_get( pb, SLAPI_SEARCH_TARGET, &base ) == 0 ) + slapi_log_error( SLAPI_LOG_FATAL, "SLAPI_SEARCH_TARGET", + "%s\n", base ); + /* Get and log the original base DN */ + if ( slapi_pblock_get( pb, SLAPI_ORIGINAL_TARGET_DN, &base ) == 0 ) + slapi_log_error( SLAPI_LOG_FATAL, "SLAPI_ORIGINAL_TARGET_DN", + "%s\n", base ); + + return( 0 ); /* allow the operation to continue */ +} + /* Pre-operation plug-in function */ int @@ -236,9 +257,11 @@ testpreop_init( Slapi_PBlock *pb ) (void *) testpreop_bind ) != 0 || slapi_pblock_set( pb, SLAPI_PLUGIN_PRE_ADD_FN, (void *) testpreop_add ) != 0 || + slapi_pblock_set( pb, SLAPI_PLUGIN_PRE_SEARCH_FN, + (void *) testpreop_search ) != 0 || slapi_pblock_set( pb, SLAPI_PLUGIN_PRE_ABANDON_FN, (void *) testpreop_abandon ) != 0 ) { - slapi_log_error( SLAPI_LOG_PLUGIN, "testpreop_init", + slapi_log_error( SLAPI_LOG_FATAL, "testpreop_init", "Failed to set version and function\n" ); return( -1 ); } diff --git a/ldap/servers/slapd/test-plugins/testsaslbind.c b/ldap/servers/slapd/test-plugins/testsaslbind.c index 295e5d3..b259a80 100644 --- a/ldap/servers/slapd/test-plugins/testsaslbind.c +++ b/ldap/servers/slapd/test-plugins/testsaslbind.c @@ -65,7 +65,7 @@ objectclass: top objectclass: nsSlapdPlugin objectclass: extensibleObject cn: test-saslbind -nsslapd-pluginpath: /usr/fedora/servers/plugins/slapd/slapi/examples/libtest-plugin.so +nsslapd-pluginpath: /plugins/slapd/slapi/examples/libtest-plugin.so nsslapd-plugininitfunc: testsasl_init nsslapd-plugintype: preoperation nsslapd-pluginenabled: on diff --git a/ldap/servers/slapd/tools/dbscan.c b/ldap/servers/slapd/tools/dbscan.c index 7e1d0a1..b3f610e 100644 --- a/ldap/servers/slapd/tools/dbscan.c +++ b/ldap/servers/slapd/tools/dbscan.c @@ -68,25 +68,25 @@ typedef unsigned char uint8_t; #define CHANGELOGTYPE 0x8 /* display mode */ -#define RAWDATA 0x1 -#define SHOWCOUNT 0x2 -#define SHOWDATA 0x4 +#define RAWDATA 0x1 +#define SHOWCOUNT 0x2 +#define SHOWDATA 0x4 #define SHOWSUMMARY 0x8 /* stolen from slapi-plugin.h */ -#define SLAPI_OPERATION_BIND 0x00000001UL -#define SLAPI_OPERATION_UNBIND 0x00000002UL -#define SLAPI_OPERATION_SEARCH 0x00000004UL -#define SLAPI_OPERATION_MODIFY 0x00000008UL -#define SLAPI_OPERATION_ADD 0x00000010UL -#define SLAPI_OPERATION_DELETE 0x00000020UL -#define SLAPI_OPERATION_MODDN 0x00000040UL -#define SLAPI_OPERATION_MODRDN SLAPI_OPERATION_MODDN -#define SLAPI_OPERATION_COMPARE 0x00000080UL -#define SLAPI_OPERATION_ABANDON 0x00000100UL -#define SLAPI_OPERATION_EXTENDED 0x00000200UL -#define SLAPI_OPERATION_ANY 0xFFFFFFFFUL -#define SLAPI_OPERATION_NONE 0x00000000UL +#define SLAPI_OPERATION_BIND 0x00000001UL +#define SLAPI_OPERATION_UNBIND 0x00000002UL +#define SLAPI_OPERATION_SEARCH 0x00000004UL +#define SLAPI_OPERATION_MODIFY 0x00000008UL +#define SLAPI_OPERATION_ADD 0x00000010UL +#define SLAPI_OPERATION_DELETE 0x00000020UL +#define SLAPI_OPERATION_MODDN 0x00000040UL +#define SLAPI_OPERATION_MODRDN SLAPI_OPERATION_MODDN +#define SLAPI_OPERATION_COMPARE 0x00000080UL +#define SLAPI_OPERATION_ABANDON 0x00000100UL +#define SLAPI_OPERATION_EXTENDED 0x00000200UL +#define SLAPI_OPERATION_ANY 0xFFFFFFFFUL +#define SLAPI_OPERATION_NONE 0x00000000UL #define ONEMEG (1024*1024) @@ -94,7 +94,7 @@ typedef unsigned char uint8_t; #include #endif -typedef u_int32_t ID; +typedef u_int32_t ID; typedef unsigned int uint32; @@ -104,29 +104,41 @@ typedef struct { uint32 id[1]; } IDL; +uint32 file_type = 0; +uint32 min_display = 0; +uint32 display_mode = 0; +int truncatesiz = 0; +long pres_cnt = 0; +long eq_cnt = 0; +long app_cnt = 0; +long sub_cnt = 0; +long match_cnt = 0; +long ind_cnt = 0; +long allids_cnt = 0; +long other_cnt = 0; + /** db_printf - functioning same as printf but a place for manipluating output. */ void db_printf(char *fmt, ...) { - va_list ap; + va_list ap; - va_start(ap, fmt); - vfprintf(stdout, fmt, ap); + va_start(ap, fmt); + vfprintf(stdout, fmt, ap); } void db_printfln(char *fmt, ...) { - va_list ap; + va_list ap; - va_start(ap, fmt); - vfprintf(stdout, fmt, ap); - vfprintf(stdout, "\n", NULL); + va_start(ap, fmt); + vfprintf(stdout, fmt, ap); + vfprintf(stdout, "\n", NULL); } int MAX_BUFFER = 4096; int MIN_BUFFER = 20; - static IDL *idl_make(DBT *data) { IDL *idl = NULL, *xidl; @@ -174,14 +186,17 @@ static IDL *idl_append(IDL *idl, uint32 id) /* format a string for easy printing */ #define FMT_LF_OK 1 #define FMT_SP_OK 2 -static char *format_raw(unsigned char *s, int len, int flags) +static char *format_raw(unsigned char *s, int len, int flags, + unsigned char *buf, int buflen) { - static unsigned char buf[BUFSIZ]; /* not intended to be threadsafe */ static char hex[] = "0123456789ABCDEF"; - unsigned char *p, *o; + unsigned char *p, *o, *bufend = buf + buflen - 1; int i; - for (p = s, o = buf, i = 0; i < len; p++, i++) { + if (NULL == buf || buflen <= 0) + return NULL; + + for (p = s, o = buf, i = 0; i < len && o < bufend; p++, i++) { if ((*p == '%') || (*p <= ' ') || (*p >= 126)) { /* index keys are stored with their trailing NUL */ if ((*p == 0) && (i == len-1)) @@ -199,24 +214,26 @@ static char *format_raw(unsigned char *s, int len, int flags) } else { *o++ = *p; } - if (o-buf > BUFSIZ-5) { - /* out of space */ + if (truncatesiz > 0 && o > bufend - 5) { + /* truncate it */ strcpy(o, " ..."); i = len; + o += 4; } } *o = 0; return (char *)buf; } -static char *format(unsigned char *s, int len) +static char *format(unsigned char *s, int len, unsigned char *buf, int buflen) { - return format_raw(s, len, 0); + return format_raw(s, len, 0, buf, buflen); } -static char *format_entry(unsigned char *s, int len) +static char *format_entry(unsigned char *s, int len, + unsigned char *buf, int buflen) { - return format_raw(s, len, FMT_LF_OK | FMT_SP_OK); + return format_raw(s, len, FMT_LF_OK | FMT_SP_OK, buf, buflen); } static char *idl_format(IDL *idl, int isfirsttime, int *done) @@ -251,46 +268,46 @@ static char *idl_format(IDL *idl, int isfirsttime, int *done) /*** Copied from cl5_api.c: _cl5ReadString ***/ void _cl5ReadString (char **str, char **buff) { - if (str) - { - int len = strlen (*buff); - - if (len) - { - *str = strdup(*buff); - (*buff) += len + 1; - } - else /* just null char - skip it */ - { - *str = NULL; - (*buff) ++; - } - } - else /* just skip this string */ - { - (*buff) += strlen (*buff) + 1; - } + if (str) + { + int len = strlen (*buff); + + if (len) + { + *str = strdup(*buff); + (*buff) += len + 1; + } + else /* just null char - skip it */ + { + *str = NULL; + (*buff) ++; + } + } + else /* just skip this string */ + { + (*buff) += strlen (*buff) + 1; + } } /** print_attr - print attribute name followed by one value. - assume the value stored as null terminated string. + assume the value stored as null terminated string. */ void print_attr(char *attrname, char **buff) { - char *val = NULL; - - _cl5ReadString(&val, buff); - if(attrname != NULL || val != NULL) { - db_printf("\t"); - } - - if(attrname) { - db_printf("%s: ", attrname); - } - if(val != NULL) { - db_printf("%s\n", val); - free(val); - } + char *val = NULL; + + _cl5ReadString(&val, buff); + if(attrname != NULL || val != NULL) { + db_printf("\t"); + } + + if(attrname) { + db_printf("%s: ", attrname); + } + if(val != NULL) { + db_printf("%s\n", val); + free(val); + } } /*** Copied from cl5_api.c: _cl5ReadMods ***/ @@ -302,34 +319,34 @@ void print_attr(char *attrname, char **buff) ----------- <1 byte modop><4 byte count> {<4 byte size><4 byte size>... || - ...} + ...} */ void _cl5ReadMod(char **buff); void _cl5ReadMods(char **buff) { - char *pos = *buff; - uint32 i; - uint32 mod_count; - - /* need to copy first, to skirt around alignment problems on certain - architectures */ - memcpy((char *)&mod_count, *buff, sizeof(mod_count)); - mod_count = ntohl(mod_count); - pos += sizeof (mod_count); - - - for (i = 0; i < mod_count; i++) - { - _cl5ReadMod (&pos); - } + char *pos = *buff; + uint32 i; + uint32 mod_count; + + /* need to copy first, to skirt around alignment problems on certain + architectures */ + memcpy((char *)&mod_count, *buff, sizeof(mod_count)); + mod_count = ntohl(mod_count); + pos += sizeof (mod_count); + + + for (i = 0; i < mod_count; i++) + { + _cl5ReadMod (&pos); + } - *buff = pos; + *buff = pos; } /** print_ber_attr - print one line of attribute, the value was stored - in ber format, length followed by string. + in ber format, length followed by string. */ void print_ber_attr(char* attrname, char** buff) { @@ -341,18 +358,18 @@ void print_ber_attr(char* attrname, char** buff) *buff += sizeof (uint32); if (bv_len > 0) { - db_printf("\t\t"); + db_printf("\t\t"); - if(attrname != NULL) { - db_printf("%s: ", attrname); - } + if(attrname != NULL) { + db_printf("%s: ", attrname); + } - val = malloc(bv_len + 1); - memcpy (val, *buff, bv_len); - val[bv_len] = 0; - *buff += bv_len; - db_printf("%s\n", val); - free(val); + val = malloc(bv_len + 1); + memcpy (val, *buff, bv_len); + val[bv_len] = 0; + *buff += bv_len; + db_printf("%s\n", val); + free(val); } } @@ -362,51 +379,51 @@ void print_ber_attr(char* attrname, char** buff) */ static ID id_stored_to_internal(char* b) { - ID i; - i = (ID)b[3] & 0x000000ff; - i |= (((ID)b[2]) << 8) & 0x0000ff00; - i |= (((ID)b[1]) << 16) & 0x00ff0000; - i |= ((ID)b[0]) << 24; - return i; + ID i; + i = (ID)b[3] & 0x000000ff; + i |= (((ID)b[2]) << 8) & 0x0000ff00; + i |= (((ID)b[1]) << 16) & 0x00ff0000; + i |= ((ID)b[0]) << 24; + return i; } static void id_internal_to_stored(ID i,char *b) { - if ( sizeof(ID) > 4 ) { - memset (b+4, 0, sizeof(ID)-4); - } + if ( sizeof(ID) > 4 ) { + memset (b+4, 0, sizeof(ID)-4); + } - b[0] = (char)(i >> 24); - b[1] = (char)(i >> 16); - b[2] = (char)(i >> 8); - b[3] = (char)i; + b[0] = (char)(i >> 24); + b[1] = (char)(i >> 16); + b[2] = (char)(i >> 8); + b[3] = (char)i; } void _cl5ReadMod(char **buff) { - char *pos = *buff; - uint32 i; - uint32 val_count; - char *type = NULL; - int op; - - op = (*pos) & 0x000000FF; - pos ++; - _cl5ReadString (&type, &pos); - - /* need to do the copy first, to skirt around alignment problems on - certain architectures */ - memcpy((char *)&val_count, pos, sizeof(val_count)); - val_count = ntohl(val_count); - pos += sizeof (uint32); - - for (i = 0; i < val_count; i++) - { - print_ber_attr(type, &pos); - } - - (*buff) = pos; - free(type); + char *pos = *buff; + uint32 i; + uint32 val_count; + char *type = NULL; + int op; + + op = (*pos) & 0x000000FF; + pos ++; + _cl5ReadString (&type, &pos); + + /* need to do the copy first, to skirt around alignment problems on + certain architectures */ + memcpy((char *)&val_count, pos, sizeof(val_count)); + val_count = ntohl(val_count); + pos += sizeof (uint32); + + for (i = 0; i < val_count; i++) + { + print_ber_attr(type, &pos); + } + + (*buff) = pos; + free(type); } /* @@ -427,93 +444,80 @@ width of long (32-bit or 64-bit), it's stored using 4bytes by the server [153306 */ void print_changelog(unsigned char *data, int len) { - uint8_t version; - unsigned long operation_type; - char *pos = (char *)data; - uint32 thetime32; - time_t thetime; - uint32 replgen; - - /* read byte of version */ - version = *((uint8_t *)pos); - if (version != 5) - { - db_printf("Invalid changelog db version %i\nWorks for version 5 only.\n", version); - exit(1); - } - pos += sizeof(version); - - /* read change type */ - operation_type = (unsigned long)(*(uint8_t *)pos); - pos ++; - - /* need to do the copy first, to skirt around alignment problems on - certain architectures */ - memcpy((char *)&thetime32, pos, sizeof(thetime32)); - - replgen = ntohl(thetime32); - pos += sizeof(uint32); - thetime = (time_t)replgen; - db_printf("\treplgen: %ld %s", replgen, ctime((time_t *)&thetime)); - - /* read csn */ - print_attr("csn", &pos); - /* read UniqueID */ - print_attr("uniqueid", &pos); - - /* figure out what else we need to read depending on the operation type */ - switch (operation_type) - { - case SLAPI_OPERATION_ADD: - print_attr("parentuniqueid", &pos); - print_attr("dn", &pos); - /* convert mods to entry */ - db_printf("\toperation: add\n"); - _cl5ReadMods(&pos); - break; - - case SLAPI_OPERATION_MODIFY: - print_attr("dn", &pos); - db_printf("\toperation: modify\n"); - _cl5ReadMods(&pos); - break; - - case SLAPI_OPERATION_MODRDN: - print_attr("dn", &pos); - print_attr("newrdn", &pos); - pos ++; - print_attr("dn", &pos); - print_attr("uniqueid", &pos); - db_printf("\toperation: modrdn\n"); - _cl5ReadMods(&pos); - break; - - case SLAPI_OPERATION_DELETE: - print_attr("dn", &pos); - db_printf("\toperation: delete\n"); - break; - - default: - db_printf("Failed to format entry\n"); - break; - } -} + uint8_t version; + unsigned long operation_type; + char *pos = (char *)data; + uint32 thetime32; + time_t thetime; + uint32 replgen; + + /* read byte of version */ + version = *((uint8_t *)pos); + if (version != 5) + { + db_printf("Invalid changelog db version %i\nWorks for version 5 only.\n", version); + exit(1); + } + pos += sizeof(version); -uint32 file_type = 0; -uint32 min_display = 0; -uint32 display_mode = 0; -int verbose = 0; -long pres_cnt = 0; -long eq_cnt = 0; -long app_cnt = 0; -long sub_cnt = 0; -long match_cnt = 0; -long ind_cnt = 0; -long allids_cnt = 0; -long other_cnt = 0; + /* read change type */ + operation_type = (unsigned long)(*(uint8_t *)pos); + pos ++; + + /* need to do the copy first, to skirt around alignment problems on + certain architectures */ + memcpy((char *)&thetime32, pos, sizeof(thetime32)); + + replgen = ntohl(thetime32); + pos += sizeof(uint32); + thetime = (time_t)replgen; + db_printf("\treplgen: %ld %s", replgen, ctime((time_t *)&thetime)); + + /* read csn */ + print_attr("csn", &pos); + /* read UniqueID */ + print_attr("uniqueid", &pos); + + /* figure out what else we need to read depending on the operation type */ + switch (operation_type) + { + case SLAPI_OPERATION_ADD: + print_attr("parentuniqueid", &pos); + print_attr("dn", &pos); + /* convert mods to entry */ + db_printf("\toperation: add\n"); + _cl5ReadMods(&pos); + break; + + case SLAPI_OPERATION_MODIFY: + print_attr("dn", &pos); + db_printf("\toperation: modify\n"); + _cl5ReadMods(&pos); + break; + + case SLAPI_OPERATION_MODRDN: + print_attr("dn", &pos); + print_attr("newrdn", &pos); + pos ++; + print_attr("dn", &pos); + print_attr("uniqueid", &pos); + db_printf("\toperation: modrdn\n"); + _cl5ReadMods(&pos); + break; + + case SLAPI_OPERATION_DELETE: + print_attr("dn", &pos); + db_printf("\toperation: delete\n"); + break; + default: + db_printf("Failed to format entry\n"); + break; + } +} -static void display_index_item(DBC *cursor, DBT *key, DBT *data) +static void display_index_item(DBC *cursor, DBT *key, DBT *data, + unsigned char *buf, int buflen) { IDL *idl = NULL; int ret = 0; @@ -527,9 +531,10 @@ static void display_index_item(DBC *cursor, DBT *key, DBT *data) if (file_type & VLVINDEXTYPE) { /* vlv index file */ if (1 > min_display) { /* recno is always 1 */ if (display_mode & SHOWCOUNT) { /* key size=1 */ - printf("%-40s 1\n", format(key->data, key->size)); + printf("%-40s 1\n", + format(key->data, key->size, buf, buflen)); } else { - printf("%-40s\n", format(key->data, key->size)); + printf("%-40s\n", format(key->data, key->size, buf, buflen)); } if (display_mode & SHOWDATA) { cursor->c_get(cursor, key, data, DB_GET_RECNO); @@ -558,17 +563,18 @@ static void display_index_item(DBC *cursor, DBT *key, DBT *data) if ( allids_cnt == 0 && (display_mode & SHOWSUMMARY)) { printf("The following index keys reached allids:\n"); } - printf("%-40s(allids)\n", format(key->data, key->size)); + printf("%-40s(allids)\n", format(key->data, key->size, buf, buflen)); allids_cnt++; } else { if (idl->used < min_display) { goto index_done; /* less than minimum display count */ } else if (display_mode & SHOWCOUNT) { /* key size */ - printf("%-40s%d\n", format(key->data, key->size), idl->used); + printf("%-40s%d\n", + format(key->data, key->size, buf, buflen), idl->used); } else if (!(display_mode & SHOWSUMMARY) || (display_mode & SHOWDATA)) { /* show keys only if show summary is not set or - * even if it's set, but with show data */ - printf("%-40s\n", format(key->data, key->size)); + * even if it's set, but with show data */ + printf("%-40s\n", format(key->data, key->size, buf, buflen)); } if (display_mode & SHOWDATA) { char *formatted_idl = NULL; @@ -632,26 +638,48 @@ index_done: static void display_item(DBC *cursor, DBT *key, DBT *data) { + static unsigned char *buf = NULL; + static int buflen = 0; + int tmpbuflen; + + if (truncatesiz > 0) { + tmpbuflen = truncatesiz; + } else if (file_type & INDEXTYPE) { + /* +256: extra buffer for '\t' and '%##' */ + tmpbuflen = key->size + 256; + } else { + /* +1024: extra buffer for '\t' and '%##' */ + tmpbuflen = (key->size > data->size ? key->size : data->size) + 1024; + } + if (buflen < tmpbuflen) { + buflen = tmpbuflen; + buf = (unsigned char *)realloc(buf, buflen); + if (NULL == buf) { + printf("\t(malloc failed -- %d bytes)\n", buflen); + return; + } + } + if (display_mode & RAWDATA) { - printf("%s\n", format(key->data, key->size)); - printf("\t%s\n", format(data->data, data->size)); + printf("%s\n", format(key->data, key->size, buf, buflen)); + printf("\t%s\n", format(data->data, data->size, buf, buflen)); } else { if (file_type & INDEXTYPE) { - display_index_item(cursor, key, data); + display_index_item(cursor, key, data, buf, buflen); } else if (file_type & CHANGELOGTYPE) { - /* changelog db file */ - printf("\ndbid: %s\n", format(key->data, key->size)); + /* changelog db file */ + printf("\ndbid: %s\n", format(key->data, key->size, buf, buflen)); print_changelog(data->data, data->size); return; } else if (file_type & ENTRYTYPE) { /* id2entry file */ ID entry_id = id_stored_to_internal(key->data); printf("id %d\n", entry_id); - printf("\t%s\n", format_entry(data->data, data->size)); + printf("\t%s\n", format_entry(data->data, data->size, buf, buflen)); } else { /* user didn't tell us what kind of file, dump it raw */ - printf("%s\n", format(key->data, key->size)); - printf("\t%s\n", format(data->data, data->size)); + printf("%s\n", format(key->data, key->size, buf, buflen)); + printf("\t%s\n", format(data->data, data->size, buf, buflen)); } } return; @@ -704,6 +732,7 @@ static void usage(char *argv0) printf(" common options:\n"); printf(" -f specify db file\n"); printf(" -R dump as raw data\n"); + printf(" -t entry truncate size (bytes)\n"); printf(" entry file options:\n"); printf(" -K lookup only a specific entry id\n"); printf(" index file options:\n"); @@ -743,7 +772,9 @@ int main(int argc, char **argv) uint32 entry_id = 0xffffffff; int c; - while ((c = getopt(argc, argv, "f:Rl:nG:srk:K:hv")) != EOF) { + key.flags = DB_DBT_REALLOC; + data.flags = DB_DBT_REALLOC; + while ((c = getopt(argc, argv, "f:Rl:nG:srk:K:hvt:")) != EOF) { switch (c) { case 'f': filename = optarg; @@ -782,7 +813,10 @@ int main(int argc, char **argv) find_key = optarg; break; case 'K': - id_internal_to_stored((ID)atoi(optarg), (char *)&entry_id); + id_internal_to_stored((ID)atoi(optarg), (char *)&entry_id); + break; + case 't': + truncatesiz = atoi(optarg); break; case 'h': default: @@ -801,7 +835,7 @@ int main(int argc, char **argv) file_type |= INDEXTYPE; if (0 == strncmp(filename, "vlv#", 4)) { file_type |= VLVINDEXTYPE; - } + } } ret = db_env_create(&env, 0); @@ -907,37 +941,37 @@ int main(int argc, char **argv) if ( display_mode & SHOWSUMMARY) { - if ( allids_cnt > 0 ) { - printf("Index keys that reached ALLIDs threshold: %ld\n", allids_cnt); - } + if ( allids_cnt > 0 ) { + printf("Index keys that reached ALLIDs threshold: %ld\n", allids_cnt); + } - if ( pres_cnt > 0 ) { - printf("Presence index keys: %ld\n", pres_cnt); - } + if ( pres_cnt > 0 ) { + printf("Presence index keys: %ld\n", pres_cnt); + } - if ( eq_cnt > 0 ) { - printf("Equality index keys: %ld\n", eq_cnt); - } + if ( eq_cnt > 0 ) { + printf("Equality index keys: %ld\n", eq_cnt); + } - if ( app_cnt > 0 ) { - printf("Approximate index keys: %ld\n", app_cnt); - } + if ( app_cnt > 0 ) { + printf("Approximate index keys: %ld\n", app_cnt); + } - if ( sub_cnt > 0 ) { - printf("Substring index keys: %ld\n", sub_cnt); - } + if ( sub_cnt > 0 ) { + printf("Substring index keys: %ld\n", sub_cnt); + } - if ( match_cnt > 0 ) { - printf("Match index keys: %ld\n", match_cnt); - } + if ( match_cnt > 0 ) { + printf("Match index keys: %ld\n", match_cnt); + } - if ( ind_cnt > 0 ) { - printf("Indirect index keys: %ld\n", ind_cnt); - } + if ( ind_cnt > 0 ) { + printf("Indirect index keys: %ld\n", ind_cnt); + } - if ( other_cnt > 0 ) { - printf("This file contains %ld number of unknown type ( possible corruption)\n",other_cnt); - } + if ( other_cnt > 0 ) { + printf("This file contains %ld number of unknown type ( possible corruption)\n",other_cnt); + } } diff --git a/ldap/servers/slapd/valueset.c b/ldap/servers/slapd/valueset.c index a65cbdd..653591d 100644 --- a/ldap/servers/slapd/valueset.c +++ b/ldap/servers/slapd/valueset.c @@ -1015,13 +1015,6 @@ valueset_update_csn(Slapi_ValueSet *vs, CSNType t, const CSN *csn) } /* - * If we are adding or deleting SLAPD_MODUTIL_TREE_THRESHHOLD or more - * entries, we use an AVL tree to speed up searching for duplicates or - * values we are trying to delete. This threshhold is somewhat arbitrary; - * we should really take some measurements to determine an optimal number. - */ -#define SLAPD_MODUTIL_TREE_THRESHHOLD 5 -/* * Remove an array of values from a value set. * The removed values are passed back in an array. * @@ -1044,9 +1037,10 @@ valueset_remove_valuearray(Slapi_ValueSet *vs, const Slapi_Attr *a, Slapi_Value } /* - * determine whether we should use an AVL tree of values or not + * If there are more then one values, build an AVL tree to check + * the duplicated values. */ - if ( numberofvaluestodelete >= SLAPD_MODUTIL_TREE_THRESHHOLD) + if ( numberofvaluestodelete > 1 ) { /* * Several values to delete: first build an AVL tree that @@ -1132,7 +1126,7 @@ valueset_remove_valuearray(Slapi_ValueSet *vs, const Slapi_Attr *a, Slapi_Value } else { - /* We don't have to delete very many values, so we use brute force. */ + /* We delete one or no value, so we use brute force. */ int i; for ( i = 0; rc==LDAP_SUCCESS && valuestodelete[i] != NULL; ++i ) { @@ -1210,7 +1204,7 @@ valueset_intersectswith_valuearray(Slapi_ValueSet *vs, const Slapi_Attr *a, Slap { /* No intersection */ } - else if ( numberofvalues >= SLAPD_MODUTIL_TREE_THRESHHOLD) + else if ( numberofvalues > 1 ) { /* * Several values to add: use an AVL tree to detect duplicates. @@ -1234,7 +1228,7 @@ valueset_intersectswith_valuearray(Slapi_ValueSet *vs, const Slapi_Attr *a, Slap else { /* - * Small number of values to add: don't bother constructing + * One value to add: don't bother constructing * an AVL tree, etc. since it probably isn't worth the time. * * JCM - This is actually quite slow because the comparison function is looked up many times. @@ -1267,15 +1261,39 @@ valueset_dup(const Slapi_ValueSet *dupee) /* quickly throw away any old contents of this valueset, and stick in the * new ones. + * + * return value: LDAP_SUCCESS - OK + * : LDAP_OPERATIONS_ERROR - duplicated values given */ -void -valueset_replace(Slapi_ValueSet *vs, Slapi_Value **vals) +int +valueset_replace(Slapi_Attr *a, Slapi_ValueSet *vs, Slapi_Value **valstoreplace) { + int rc = LDAP_SUCCESS; + int numberofvalstoreplace= valuearray_count(valstoreplace); if(!valuearray_isempty(vs->va)) - { + { slapi_valueset_done(vs); - } - vs->va = vals; + } + /* verify the given values are not duplicated. + if replacing with one value, no need to check. just replace it. + */ + if (numberofvalstoreplace > 1) + { + Avlnode *vtree = NULL; + rc = valuetree_add_valuearray( a->a_type, a->a_plugin, valstoreplace, &vtree, NULL ); + valuetree_free(&vtree); + if ( LDAP_SUCCESS != rc ) + { + /* There were already duplicate values in the value set */ + rc = LDAP_OPERATIONS_ERROR; + } + } + + if ( rc == LDAP_SUCCESS ) + { + vs->va = valstoreplace; + } + return rc; } /* @@ -1296,7 +1314,7 @@ valueset_update_csn_for_valuearray(Slapi_ValueSet *vs, const Slapi_Attr *a, Slap struct valuearrayfast vaf_valuesupdated; int numberofvaluestoupdate= valuearray_count(valuestoupdate); valuearrayfast_init(&vaf_valuesupdated,*valuesupdated); - if (numberofvaluestoupdate>=SLAPD_MODUTIL_TREE_THRESHHOLD) + if (numberofvaluestoupdate > 1) /* multiple values to update */ { int i; Avlnode *vtree = NULL; diff --git a/ldap/synctools/passwordsync/passsync/syncserv.cpp b/ldap/synctools/passwordsync/passsync/syncserv.cpp index 5fd1ff4..800ea15 100644 --- a/ldap/synctools/passwordsync/passsync/syncserv.cpp +++ b/ldap/synctools/passwordsync/passsync/syncserv.cpp @@ -411,7 +411,7 @@ int PassSyncService::QueryUsername(char* username) _snprintf(searchFilter, SYNCSERV_BUF_SIZE, "(%s=%s)", ldapUsernameField, username); - lastLdapError = ldap_search_ext_s(mainLdapConnection, ldapSearchBase, LDAP_SCOPE_ONELEVEL, searchFilter, NULL, 0, NULL, NULL, NULL, -1, &results); + lastLdapError = ldap_search_ext_s(mainLdapConnection, ldapSearchBase, LDAP_SCOPE_SUBTREE, searchFilter, NULL, 0, NULL, NULL, NULL, -1, &results); if(lastLdapError != LDAP_SUCCESS) { diff --git a/ldapserver.spec.tmpl b/ldapserver.spec.tmpl index a00ed16..5b469e9 100644 --- a/ldapserver.spec.tmpl +++ b/ldapserver.spec.tmpl @@ -55,6 +55,8 @@ BuildPreReq: perl, fileutils, make # Without Autoreq: 0, rpmbuild finds all sorts of crazy # dependencies that we don't care about, and refuses to install Autoreq: 0 +# Don't automatically generate provides list +AutoProv: 0 # Without Requires: something, rpmbuild will abort! Requires: perl Prefix: /opt/%{name} diff --git a/nsconfig.mk b/nsconfig.mk index e8bc8e3..0425c19 100644 --- a/nsconfig.mk +++ b/nsconfig.mk @@ -66,7 +66,7 @@ ifdef INTERNAL_BUILD USE_ORGCHART:=1 USE_DSGW:=1 USE_JAVATOOLS:=1 - USE_SETUPSDK:=1 + USE_SETUPUTIL:=1 endif include $(BUILD_ROOT)/nsdefs.mk @@ -373,14 +373,15 @@ ifndef COMPONENTS_DIR_DEV COMPONENTS_DIR_DEV = /share/builds/sbsintegration endif +# internal repository for all pre-built RTM components, including Red Hat branded ones ifndef COMPONENTS_DIR COMPONENTS_DIR = /share/builds/components endif -# For now, we need to pick up a private build of the LDAP SDK -#ifndef LDAP_SBC -#LDAP_SBC = /share/builds/sbsintegration/ds/ds70-bozeman -#endif +# internal repository for pre-built RTM Fedora branded components +ifndef FED_COMPONENTS_DIR +FED_COMPONENTS_DIR = /fedora/components +endif ########################################################### @@ -1303,7 +1304,7 @@ NSCP_DISTDIR_FULL_RTL = $(NSCP_DISTDIR) NSCP_ABS_DISTDIR_FULL_RTL = $(ABS_ROOT_PARENT)/dist/$(FULL_RTL_OBJDIR) # these components may have additional RTL debugging support built in on NT -# adminsdk (adminutil), dbm, ldapsdk, NLS, NSPR, NSS (security) +# adminutil, dbm, ldapsdk, NLS, NSPR, NSS (security) # we cannot simply redefine NSOBJDIR_NAME and NSCP_DISTDIR because other # components do not have this RTL support stuff and the .OBJD directory # does not exist diff --git a/nsdefs.mk b/nsdefs.mk index abc53ec..3bb5c59 100644 --- a/nsdefs.mk +++ b/nsdefs.mk @@ -265,6 +265,7 @@ OBJDIR=$(COMMON_OBJDIR) OBJDIR_32=$(COMMON_OBJDIR_32) DO_SEARCH=no DIR_VERSION:=7.1 +NOSP_DIR_VERSION:=7.1 DIR_NORM_VERSION:=7.1 # When you change DIRSDK_VERSION or DIRSDK_VERSION_DLL_SUFFIX, you must # update all of the .exp and .def files by executing the following command: