Commit 1bd26d59 authored by Kurt Zeilenga's avatar Kurt Zeilenga
Browse files

Ready for release?

parent 77ad6666
......@@ -12,6 +12,11 @@ OpenLDAP 2.3.8 Release
Fixed slapd rewrite session var set bug (ITS#4023)
Fixed slapd syncrepl empty uniqueMember bug (ITS#4040)
Fixed slapd alias resolution bug (ITS#4030)
Fixed slapd password-hash cleartext bug (ITS#4021)
Fixed slapd realloc zero bug (ITS#3981)
Fixed slapd nested overlay configuration bug (ITS#4047)
Fixed slapd password modify oldPassword ignore bug (ITS#4049)
Updated slapd authz backend detection (ITS#4018)
Fixed slapd-bdb/hdb pointer/integer size mismatch (ITS#4015)
Updated slapd-hdb index management
Fixed slapd-glue mixtures bug (ITS#3979)
......@@ -31,8 +36,6 @@ OpenLDAP 2.3.8 Release
Fixed slapcat out-of-memory problem (ITS#4010)
Fixed slurpd unrecognized slave names bug (ITS#4012)
Fixed liblber dgram len bug (ITS#4046)
Updated slapd authz backend detection (ITS#4018)
Fixed slapd realloc zero bug (ITS#3981)
Documentation
Added slapo-valsort(5) man page (ITS#3994)
Added slap tool -F option documentation (ITS#4026)
......@@ -40,6 +43,7 @@ OpenLDAP 2.3.8 Release
Fixed misc POSIX conformance issues (ITS#2667)
Fixed --without-threads build issue (ITS#4006)
Fixed test script exit checks (ITS#4045)
Added test suite parameterized directory support
OpenLDAP 2.3.7 Release
Updated slapd ManageDIT support
......
......@@ -73,6 +73,10 @@ static lutil_cryptfunc lutil_crypt;
lutil_cryptfunc *lutil_cryptptr = lutil_crypt;
#endif
/* KLUDGE:
* chk_fn is NULL iff name is {CLEARTEXT}
* otherwise, things will break
*/
struct pw_scheme {
struct berval name;
LUTIL_PASSWD_CHK_FUNC *chk_fn;
......@@ -147,7 +151,7 @@ static const struct pw_scheme pw_schemes_default[] =
#ifdef SLAPD_CLEARTEXT
/* pseudo scheme */
{ {0, "{CLEARTEXT}"}, NULL, hash_clear },
{ BER_BVC("{CLEARTEXT}"), NULL, hash_clear },
#endif
{ BER_BVNULL, NULL, NULL }
......@@ -306,7 +310,9 @@ lutil_passwd(
*/
if (( passwd->bv_val[0] == '{' ) &&
( strchr( passwd->bv_val, '}' ) > passwd->bv_val+1 ))
{
return 1;
}
if( is_allowed_scheme("{CLEARTEXT}", schemes ) ) {
return ( passwd->bv_len == cred->bv_len ) ?
memcmp( passwd->bv_val, cred->bv_val, passwd->bv_len )
......
......@@ -163,10 +163,15 @@ ldbm_back_modrdn(
}
/* check parent for "children" acl */
if ( ! access_allowed( op, p, children, NULL,
rs->sr_err = access_allowed( op, p, children, NULL,
op->oq_modrdn.rs_newSup != NULL ?
ACL_WDEL : ACL_WRITE,
NULL ) )
NULL );
if ( BER_BVISEMPTY( &p_ndn ))
p = NULL;
if ( !rs->sr_err )
{
Debug( LDAP_DEBUG_TRACE, "no access to parent\n", 0,
0, 0 );
......@@ -176,9 +181,6 @@ ldbm_back_modrdn(
goto return_results;
}
if ( BER_BVISEMPTY( &p_ndn ))
p = NULL;
Debug( LDAP_DEBUG_TRACE,
"ldbm_back_modrdn: wr to children of entry %s OK\n",
p_ndn.bv_val, 0, 0 );
......
......@@ -922,8 +922,6 @@ glue_sub_add( BackendDB *be, int advert, int online )
int
glue_sub_init()
{
int rc;
glue.on_bi.bi_type = "glue";
glue.on_bi.bi_db_init = glue_db_init;
......
......@@ -1379,7 +1379,7 @@ config_passwd_hash(ConfigArgs *c) {
}
for(i = 1; i < c->argc; i++) {
if(!lutil_passwd_scheme(c->argv[i])) {
sprintf( c->msg, "<%s> schema not available", c->argv[0] );
sprintf( c->msg, "<%s> scheme not available", c->argv[0] );
Debug(LDAP_DEBUG_ANY, "%s: %s (%s)\n",
c->log, c->msg, c->argv[i]);
} else {
......
......@@ -261,14 +261,15 @@ int main( int argc, char **argv )
struct sync_cookie *scp = NULL;
struct sync_cookie *scp_entry = NULL;
char *serverNamePrefix = "";
size_t l;
#ifdef CSRIMALLOC
FILE *leakfile;
if( ( leakfile = fopen( "slapd.leak", "w" )) == NULL ) {
leakfile = stderr;
}
#endif
char *serverNamePrefix = "";
size_t l;
slap_sl_mem_init();
......
......@@ -68,13 +68,15 @@ int passwd_extop(
return LDAP_STRONG_AUTH_REQUIRED;
}
qpw->rs_old.bv_len = 0;
qpw->rs_old.bv_val = NULL;
qpw->rs_new.bv_len = 0;
qpw->rs_new.bv_val = NULL;
qpw->rs_mods = NULL;
qpw->rs_modtail = NULL;
rs->sr_err = slap_passwd_parse( op->ore_reqdata, &id, &qpw->rs_old,
&qpw->rs_new, &rs->sr_text );
rs->sr_err = slap_passwd_parse( op->ore_reqdata, &id,
&qpw->rs_old, &qpw->rs_new, &rs->sr_text );
if ( rs->sr_err == LDAP_SUCCESS && !BER_BVISEMPTY( &id ) ) {
Statslog( LDAP_DEBUG_STATS, "%s PASSMOD id=\"%s\"%s%s\n",
......@@ -109,6 +111,12 @@ int passwd_extop(
}
if( op->o_bd == NULL ) {
if ( qpw->rs_old.bv_val != NULL ) {
rs->sr_text = "unwilling to verify old password";
rc = LDAP_UNWILLING_TO_PERFORM;
goto error_return;
}
#ifdef HAVE_CYRUS_SASL
rc = slap_sasl_setpass( op, rs );
#else
......@@ -200,6 +208,12 @@ int passwd_extop(
goto error_return;
}
if ( qpw->rs_old.bv_val != NULL ) {
rs->sr_text = "unwilling to verify old password";
rc = LDAP_UNWILLING_TO_PERFORM;
goto error_return;
}
ml = ch_malloc( sizeof(Modifications) );
if ( !qpw->rs_modtail ) qpw->rs_modtail = &ml->sml_next;
......@@ -349,6 +363,15 @@ int slap_passwd_parse( struct berval *reqdata,
goto decoding_error;
}
if( oldpass->bv_len == 0 ) {
Debug( LDAP_DEBUG_TRACE, "slap_passwd_parse: OLD empty.\n",
0, 0, 0 );
*text = "old password value is empty";
rc = LDAP_UNWILLING_TO_PERFORM;
goto done;
}
tag = ber_peek_tag( ber, &len );
}
......@@ -371,6 +394,15 @@ int slap_passwd_parse( struct berval *reqdata,
goto decoding_error;
}
if( newpass->bv_len == 0 ) {
Debug( LDAP_DEBUG_TRACE, "slap_passwd_parse: NEW empty.\n",
0, 0, 0 );
*text = "new password value is empty";
rc = LDAP_UNWILLING_TO_PERFORM;
goto done;
}
tag = ber_peek_tag( ber, &len );
}
......
......@@ -13,16 +13,16 @@
## top-level directory of the distribution or, alternatively, at
## <http://www.OpenLDAP.org/license.html>.
include ./schema/core.schema
include ./schema/cosine.schema
include ./schema/inetorgperson.schema
include ./schema/openldap.schema
include ./schema/nis.schema
include ./testdata/test.schema
include @SCHEMADIR@/core.schema
include @SCHEMADIR@/cosine.schema
include @SCHEMADIR@/inetorgperson.schema
include @SCHEMADIR@/openldap.schema
include @SCHEMADIR@/nis.schema
include @DATADIR@/test.schema
#
pidfile ./testrun/slapd.1.pid
argsfile ./testrun/slapd.1.args
pidfile @TESTDIR@/slapd.1.pid
argsfile @TESTDIR@/slapd.1.args
#mod#modulepath ../servers/slapd/back-@BACKEND@/
#mod#moduleload back_@BACKEND@.la
......@@ -40,7 +40,7 @@ access to dn="cn=Subschema"
database @BACKEND@
suffix "dc=example,dc=com"
directory ./testrun/db.1.a
directory @TESTDIR@/db.1.a
rootdn "cn=Manager,dc=example,dc=com"
rootpw secret
#bdb#index objectClass eq
......
......@@ -14,13 +14,13 @@
## top-level directory of the distribution or, alternatively, at
## <http://www.OpenLDAP.org/license.html>.
include ./schema/core.schema
include ./schema/cosine.schema
include ./schema/inetorgperson.schema
include ./schema/openldap.schema
include ./schema/nis.schema
pidfile ./testrun/slapd.1.pid
argsfile ./testrun/slapd.1.args
include @SCHEMADIR@/core.schema
include @SCHEMADIR@/cosine.schema
include @SCHEMADIR@/inetorgperson.schema
include @SCHEMADIR@/openldap.schema
include @SCHEMADIR@/nis.schema
pidfile @TESTDIR@/slapd.1.pid
argsfile @TESTDIR@/slapd.1.args
# global ACLs
#
......@@ -44,7 +44,7 @@ access to *
database @BACKEND@
#ldbm#cachesize 0
suffix "dc=example,dc=com"
directory ./testrun/db.1.a
directory @TESTDIR@/db.1.a
rootdn "cn=Manager,dc=example,dc=com"
rootpw secret
#bdb#index objectClass eq
......
......@@ -14,14 +14,14 @@
## top-level directory of the distribution or, alternatively, at
## <http://www.OpenLDAP.org/license.html>.
include ./schema/core.schema
include ./schema/cosine.schema
include ./schema/inetorgperson.schema
include ./schema/openldap.schema
include ./schema/nis.schema
include @SCHEMADIR@/core.schema
include @SCHEMADIR@/cosine.schema
include @SCHEMADIR@/inetorgperson.schema
include @SCHEMADIR@/openldap.schema
include @SCHEMADIR@/nis.schema
#
pidfile ./testrun/slapd.1.pid
argsfile ./testrun/slapd.1.args
pidfile @TESTDIR@/slapd.1.pid
argsfile @TESTDIR@/slapd.1.args
#mod#modulepath ../servers/slapd/back-@BACKEND@/
#mod#moduleload back_@BACKEND@.la
......@@ -34,7 +34,7 @@ argsfile ./testrun/slapd.1.args
database @BACKEND@
suffix "dc=example,dc=com"
directory ./testrun/db.1.a
directory @TESTDIR@/db.1.a
rootdn "cn=Manager,dc=example,dc=com"
rootpw secret
#bdb#index objectClass eq
......
......@@ -14,13 +14,13 @@
## top-level directory of the distribution or, alternatively, at
## <http://www.OpenLDAP.org/license.html>.
include ./schema/core.schema
include ./schema/cosine.schema
include ./schema/inetorgperson.schema
include ./schema/openldap.schema
include ./schema/nis.schema
pidfile ./testrun/slapd.1.pid
argsfile ./testrun/slapd.1.args
include @SCHEMADIR@/core.schema
include @SCHEMADIR@/cosine.schema
include @SCHEMADIR@/inetorgperson.schema
include @SCHEMADIR@/openldap.schema
include @SCHEMADIR@/nis.schema
pidfile @TESTDIR@/slapd.1.pid
argsfile @TESTDIR@/slapd.1.args
#mod#modulepath ../servers/slapd/back-@BACKEND@/
#mod#moduleload back_@BACKEND@.la
......@@ -48,7 +48,7 @@ chain-acl-passwd secret
database @BACKEND@
#ldbm#cachesize 0
suffix "dc=example,dc=com"
directory ./testrun/db.1.a
directory @TESTDIR@/db.1.a
rootdn "cn=Manager,dc=example,dc=com"
rootpw secret
#bdb#index objectClass eq
......
......@@ -14,13 +14,13 @@
## top-level directory of the distribution or, alternatively, at
## <http://www.OpenLDAP.org/license.html>.
include ./schema/core.schema
include ./schema/cosine.schema
include ./schema/inetorgperson.schema
include ./schema/openldap.schema
include ./schema/nis.schema
pidfile ./testrun/slapd.2.pid
argsfile ./testrun/slapd.2.args
include @SCHEMADIR@/core.schema
include @SCHEMADIR@/cosine.schema
include @SCHEMADIR@/inetorgperson.schema
include @SCHEMADIR@/openldap.schema
include @SCHEMADIR@/nis.schema
pidfile @TESTDIR@/slapd.2.pid
argsfile @TESTDIR@/slapd.2.args
#mod#modulepath ../servers/slapd/back-@BACKEND@/
#mod#moduleload back_@BACKEND@.la
......@@ -41,7 +41,7 @@ argsfile ./testrun/slapd.2.args
database @BACKEND@
#ldbm#cachesize 0
suffix "dc=example,dc=com"
directory ./testrun/db.2.a
directory @TESTDIR@/db.2.a
rootdn "cn=Manager,dc=example,dc=com"
rootpw secret
#bdb#index objectClass eq
......
......@@ -14,19 +14,19 @@
## top-level directory of the distribution or, alternatively, at
## <http://www.OpenLDAP.org/license.html>.
include ./schema/core.schema
include ./schema/cosine.schema
include ./schema/inetorgperson.schema
include ./schema/openldap.schema
include ./schema/nis.schema
include @SCHEMADIR@/core.schema
include @SCHEMADIR@/cosine.schema
include @SCHEMADIR@/inetorgperson.schema
include @SCHEMADIR@/openldap.schema
include @SCHEMADIR@/nis.schema
include ./testdata/test.schema
include ./testdata/ditcontentrules.conf
include @DATADIR@/test.schema
include @DATADIR@/ditcontentrules.conf
pidfile ./testrun/slapd.1.pid
argsfile ./testrun/slapd.1.args
pidfile @TESTDIR@/slapd.1.pid
argsfile @TESTDIR@/slapd.1.args
moduleload ./testdata/comp_libs/compmatch.la
moduleload @DATADIR@/comp_libs/compmatch.la
#mod#modulepath ../servers/slapd/back-@BACKEND@/
#mod#moduleload back_@BACKEND@.la
......@@ -39,7 +39,7 @@ moduleload ./testdata/comp_libs/compmatch.la
database @BACKEND@
suffix "dc=example,dc=com"
directory ./testrun/db.1.a
directory @TESTDIR@/db.1.a
rootdn "cn=Manager,dc=example,dc=com"
rootpw secret
#bdb#index objectClass eq
......
......@@ -13,15 +13,15 @@
## top-level directory of the distribution or, alternatively, at
## <http://www.OpenLDAP.org/license.html>.
include ./schema/core.schema
include ./schema/cosine.schema
include ./schema/inetorgperson.schema
include ./schema/openldap.schema
include ./schema/nis.schema
include @SCHEMADIR@/core.schema
include @SCHEMADIR@/cosine.schema
include @SCHEMADIR@/inetorgperson.schema
include @SCHEMADIR@/openldap.schema
include @SCHEMADIR@/nis.schema
#
pidfile ./testrun/slapd.1.pid
argsfile ./testrun/slapd.1.args
pidfile @TESTDIR@/slapd.1.pid
argsfile @TESTDIR@/slapd.1.args
#mod#modulepath ../servers/slapd/back-@BACKEND@/
#mod#moduleload back_@BACKEND@.la
......@@ -34,7 +34,7 @@ argsfile ./testrun/slapd.1.args
database @BACKEND@
suffix "dc=example,dc=com"
directory ./testrun/db.1.a
directory @TESTDIR@/db.1.a
rootdn "cn=Manager,dc=example,dc=com"
rootpw secret
#bdb#index objectClass eq
......
......@@ -14,9 +14,9 @@
## top-level directory of the distribution or, alternatively, at
## <http://www.OpenLDAP.org/license.html>.
include ./schema/core.schema
pidfile ./test-db/slapd.pid
argsfile ./test-db/slapd.args
include @SCHEMADIR@/core.schema
pidfile @TESTDIR@/slapd.pid
argsfile @TESTDIR@/slapd.args
sasl-secprops noanonymous
#sasl-secprops none
......
......@@ -13,15 +13,15 @@
## top-level directory of the distribution or, alternatively, at
## <http://www.OpenLDAP.org/license.html>.
include ./schema/core.schema
include ./schema/cosine.schema
include ./schema/inetorgperson.schema
include ./schema/openldap.schema
include ./schema/nis.schema
include @SCHEMADIR@/core.schema
include @SCHEMADIR@/cosine.schema
include @SCHEMADIR@/inetorgperson.schema
include @SCHEMADIR@/openldap.schema
include @SCHEMADIR@/nis.schema
#
pidfile ./testrun/slapd.1.pid
argsfile ./testrun/slapd.1.args
pidfile @TESTDIR@/slapd.1.pid
argsfile @TESTDIR@/slapd.1.args
access to dn.exact=""
by * read
......@@ -40,7 +40,7 @@ access to dn.exact="cn=Subschema"
database @BACKEND@
suffix "dc=example,dc=com"
directory ./testrun/db.1.a
directory @TESTDIR@/db.1.a
rootdn "cn=Manager,dc=example,dc=com"
rootpw secret
#bdb#index objectClass eq
......@@ -65,7 +65,7 @@ access to dn.subtree="dc=example,dc=com"
database @BACKEND@
suffix ""
directory ./testrun/db.2.a
directory @TESTDIR@/db.2.a
rootdn "cn=Manager,c=US"
rootpw secret
#bdb#index objectClass eq
......
......@@ -13,14 +13,14 @@
## top-level directory of the distribution or, alternatively, at
## <http://www.OpenLDAP.org/license.html>.
include ./schema/core.schema
include ./schema/cosine.schema
include ./schema/inetorgperson.schema
include ./schema/openldap.schema
include ./schema/nis.schema
include ./schema/ppolicy.schema
pidfile ./test-db/slapd.m.pid
argsfile ./test-db/slapd.m.args
include @SCHEMADIR@/core.schema
include @SCHEMADIR@/cosine.schema
include @SCHEMADIR@/inetorgperson.schema
include @SCHEMADIR@/openldap.schema
include @SCHEMADIR@/nis.schema
include @SCHEMADIR@/ppolicy.schema
pidfile @TESTDIR@/slapd.m.pid
argsfile @TESTDIR@/slapd.m.args
#mod#modulepath ../servers/slapd/back-@BACKEND@/
#mod#moduleload back_@BACKEND@.la
......
......@@ -14,13 +14,13 @@
## top-level directory of the distribution or, alternatively, at
## <http://www.OpenLDAP.org/license.html>.
include ./schema/core.schema
include ./schema/cosine.schema
include ./schema/inetorgperson.schema
include ./schema/openldap.schema
include ./schema/nis.schema
pidfile ./testrun/slapd.1.pid
argsfile ./testrun/slapd.1.args
include @SCHEMADIR@/core.schema
include @SCHEMADIR@/cosine.schema
include @SCHEMADIR@/inetorgperson.schema
include @SCHEMADIR@/openldap.schema
include @SCHEMADIR@/nis.schema
pidfile @TESTDIR@/slapd.1.pid
argsfile @TESTDIR@/slapd.1.args
#mod#modulepath ../servers/slapd/back-@BACKEND@/
#mod#moduleload back_@BACKEND@.la
......@@ -35,7 +35,7 @@ argsfile ./testrun/slapd.1.args
database @BACKEND@
suffix "ou=Information Technology Division,ou=People,dc=example,dc=com"
subordinate
directory ./testrun/db.1.a
directory @TESTDIR@/db.1.a
rootdn "cn=Manager 1,dc=example,dc=com"
#bdb#index objectclass eq
#bdb#index uid pres,eq,sub
......@@ -55,7 +55,7 @@ overlay syncprov
database @BACKEND@
suffix "ou=Groups,dc=example,dc=com"
subordinate
directory ./testrun/db.1.b
directory @TESTDIR@/db.1.b
rootdn "cn=Manager 1,dc=example,dc=com"
#bdb#index objectclass eq
#bdb#index uid pres,eq,sub
......@@ -88,7 +88,7 @@ updateref @URI2@
database @BACKEND@
suffix "dc=example,dc=com"
directory ./testrun/db.1.c
directory @TESTDIR@/db.1.c
rootdn "cn=Manager 1,dc=example,dc=com"
rootpw secret
#bdb#index objectclass eq
......
......@@ -14,13 +14,13 @@
## top-level directory of the distribution or, alternatively, at
## <http://www.OpenLDAP.org/license.html>.
include ./schema/core.schema
include ./schema/cosine.schema
include ./schema/inetorgperson.schema
include ./schema/openldap.schema
include ./schema/nis.schema
pidfile ./testrun/slapd.2.pid
argsfile ./testrun/slapd.2.args
include @SCHEMADIR@/core.schema
include @SCHEMADIR@/cosine.schema
include @SCHEMADIR@/inetorgperson.schema
include @SCHEMADIR@/openldap.schema
include @SCHEMADIR@/nis.schema
pidfile @TESTDIR@/slapd.2.pid
argsfile @TESTDIR@/slapd.2.args
#mod#modulepath ../servers/slapd/back-@BACKEND@/
#mod#moduleload back_@BACKEND@.la
......@@ -35,7 +35,7 @@ argsfile ./testrun/slapd.2.args
database @BACKEND@
suffix "ou=Information Technology Division,ou=People,dc=example,dc=com"
subordinate
directory ./testrun/db.2.a
directory @TESTDIR@/db.2.a
rootdn "cn=Manager 2,dc=example,dc=com"
#bdb#index objectclass eq
#bdb#index uid pres,eq,sub
......@@ -68,7 +68,7 @@ updateref @URI1@
database @BACKEND@
suffix "ou=Groups,dc=example,dc=com"
subordinate
directory ./testrun/db.2.b
directory @TESTDIR@/db.2.b
rootdn "cn=Manager 2,dc=example,dc=com"
#bdb#index objectclass eq
#bdb#index uid pres,eq,sub
......@@ -88,7 +88,7 @@ overlay syncprov
database @BACKEND@
suffix "dc=example,dc=com"
directory ./testrun/db.2.c
directory @TESTDIR@/db.2.c
rootdn "cn=Manager 2,dc=example,dc=com"
rootpw secret
#bdb#index objectclass eq
......
......@@ -14,13 +14,13 @@
## top-level directory of the distribution or, alternatively, at
## <http://www.OpenLDAP.org/license.html>.
include ./schema/core.schema
include ./schema/cosine.schema
include ./schema/inetorgperson.schema
include ./schema/openldap.schema
include ./schema/nis.schema
pidfile ./testrun/slapd.1.pid
argsfile ./testrun/slapd.1.args