lib/libadminutil
by Mark Reynolds
lib/libadminutil/admutil.c | 63 ++++++++++++++++++++++++++++++++++-----------
1 file changed, 48 insertions(+), 15 deletions(-)
New commits:
commit 4fbee55d45376a344f3d01d82ba933399fc7f3cf
Author: Mark Reynolds <mreynolds(a)redhat.com>
Date: Mon Dec 1 15:38:33 2014 -0500
Ticket 47929 - adminutil - future proof getSSLVersion
Bug Description: Currently all the SSL versions are hardcoded, so as
new versions are released the code will also need to
be updated.
FIx Description: Take a version string and convert it to the SSL version
identifier. Also verify that the max and min versions
are within the acceptable ranges, if not adjust them.
https://fedorahosted.org/389/ticket/47929
Reviewed by: rmeggins(Thanks!)
diff --git a/lib/libadminutil/admutil.c b/lib/libadminutil/admutil.c
index c8e4f6f..88552e4 100644
--- a/lib/libadminutil/admutil.c
+++ b/lib/libadminutil/admutil.c
@@ -63,6 +63,7 @@
#include <time.h>
#include <string.h>
#include <stdlib.h>
+#include <errno.h>
#include <ctype.h>
#include "version.h"
#include "admutil_pvt.h"
@@ -1529,37 +1530,63 @@ destroyAdmldap(AdmldapInfo info)
}
}
+/*
+ * Take a version string: ssl3, tls1.2, ..., tls2.1, etc,
+ * and return the NSS version number.
+ */
static int
getSSLVersion(char *version)
{
- if(version == NULL){
- return 0;
+ if( version == NULL ){
+ return 0;
}
-
- if (!strcasecmp(version, "ssl3")){
+ if( !strcasecmp(version, "ssl3") ){
return SSL_LIBRARY_VERSION_3_0;
- } else if (!strcasecmp(version, "tls1.0")){
- return SSL_LIBRARY_VERSION_TLS_1_0;
- } else if (!strcasecmp(version, "tls1.1")){
- return SSL_LIBRARY_VERSION_TLS_1_1;
- } else if (!strcasecmp(version, "tls1.2")){
- return SSL_LIBRARY_VERSION_TLS_1_2;
- } else if (!strcasecmp(version, "tls1.3")){
- return SSL_LIBRARY_VERSION_TLS_1_3;
} else {
- return 0;
+ char *copy = strdup(version);
+ char *iter = NULL;
+ char *comp;
+ char *endp = NULL;
+ PRUint16 major, minor, ssl_version = 0;
+
+ if( strncasecmp(version,"tls",3) == 0 ){
+ char *m = copy + 3;
+ if((comp = strtok_r(m, ".", &iter))) {
+ major = strtol(comp, &endp, 10);
+ if( major > 0 ){
+ major = (major + 2) << 8;
+ if (( comp = strtok_r(NULL, ".", &iter) )){
+ minor = strtol(comp, &endp, 10);
+ if( minor >= 0 && errno != ERANGE ){
+ minor = (minor & 0xff);
+ ssl_version = major + minor;
+ if( (ssl_version & SSL_LIBRARY_VERSION_3_0) == SSL_LIBRARY_VERSION_3_0 ){
+ ssl_version++;
+ }
+ }
+ }
+ }
+ }
+ }
+ PL_strfree(copy);
+ return ssl_version;
}
}
PR_IMPLEMENT(int)
admldapGetSSLMin(AdmldapInfo info)
{
+ SSLVersionRange range;
AdmldapHdnlPtr admInfo = (AdmldapHdnlPtr)info;
int version = getSSLVersion(treeFindValueAt(admInfo->configInfo, "sslVersionMin", 0));
if(!version){
- return SSL_LIBRARY_VERSION_TLS_1_1;
+ return SSL_LIBRARY_VERSION_TLS_1_0;
} else {
+ SSL_VersionRangeGetSupported(ssl_variant_stream, &range);
+ if (version < range.min){
+ version = range.min;
+ }
return version;
}
}
@@ -1567,12 +1594,18 @@ admldapGetSSLMin(AdmldapInfo info)
PR_IMPLEMENT(int)
admldapGetSSLMax(AdmldapInfo info)
{
+ SSLVersionRange range;
AdmldapHdnlPtr admInfo = (AdmldapHdnlPtr)info;
int version = getSSLVersion(treeFindValueAt(admInfo->configInfo, "sslVersionMax", 0));
+ SSL_VersionRangeGetSupported(ssl_variant_stream, &range);
if(!version){
- return SSL_LIBRARY_VERSION_TLS_1_2;
+ return range.max;
} else {
+ SSL_VersionRangeGetSupported(ssl_variant_stream, &range);
+ if (version > range.max){
+ version = range.max;
+ }
return version;
}
}
9 years, 6 months
Branch '389-ds-base-1.3.3' - ldap/servers
by Mark Reynolds
ldap/servers/slapd/task.c | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
New commits:
commit d34b0ced2ed3ed81c6c487e90d4c372939da4677
Author: Mark Reynolds <mreynolds(a)redhat.com>
Date: Wed Nov 26 16:23:00 2014 -0500
Ticket 47451 - Running a plugin task can crash the server
Bug Description: When a plugin task completes it attempts to update a counter,
but the wrong structure is accessed which can lead to a crash.
Fix Description: When creating a new task, make sure to store the plugin structure,
not the pblock in the task structure.
https://fedorahosted.org/389/ticket/47451
Reviewed by: rmeggins(Thanks!)
(cherry picked from commit 0e0848a8385463532d53db94c0c8cae912c30eb4)
diff --git a/ldap/servers/slapd/task.c b/ldap/servers/slapd/task.c
index 006ae53..b1f7652 100644
--- a/ldap/servers/slapd/task.c
+++ b/ldap/servers/slapd/task.c
@@ -131,9 +131,9 @@ slapi_new_task(const char *dn)
}
Slapi_Task *
-slapi_plugin_new_task(const char *dn, void *plugin)
+slapi_plugin_new_task(const char *dn, void *plugin_pb)
{
- return new_task(dn, plugin);
+ return new_task(dn, plugin_pb);
}
/* slapi_destroy_task: destroy a task
@@ -583,9 +583,11 @@ void slapi_task_set_cancel_fn(Slapi_Task *task, TaskCallbackFn func)
***********************************/
/* create a new task, fill in DN, and setup modify callback */
static Slapi_Task *
-new_task(const char *rawdn, void *plugin)
+new_task(const char *rawdn, void *plugin_pb)
{
Slapi_Task *task = NULL;
+ Slapi_PBlock *pb = (Slapi_PBlock *)plugin_pb;
+ void *plugin = pb ? pb->pb_plugin : NULL;
char *dn = NULL;
if (rawdn == NULL) {
9 years, 6 months
ldap/servers
by Mark Reynolds
ldap/servers/slapd/task.c | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
New commits:
commit 0e0848a8385463532d53db94c0c8cae912c30eb4
Author: Mark Reynolds <mreynolds(a)redhat.com>
Date: Wed Nov 26 16:23:00 2014 -0500
Ticket 47451 - Running a plugin task can crash the server
Bug Description: When a plugin task completes it attempts to update a counter,
but the wrong structure is accessed which can lead to a crash.
Fix Description: When creating a new task, make sure to store the plugin structure,
not the pblock in the task structure.
https://fedorahosted.org/389/ticket/47451
Reviewed by: rmeggins(Thanks!)
diff --git a/ldap/servers/slapd/task.c b/ldap/servers/slapd/task.c
index 006ae53..b1f7652 100644
--- a/ldap/servers/slapd/task.c
+++ b/ldap/servers/slapd/task.c
@@ -131,9 +131,9 @@ slapi_new_task(const char *dn)
}
Slapi_Task *
-slapi_plugin_new_task(const char *dn, void *plugin)
+slapi_plugin_new_task(const char *dn, void *plugin_pb)
{
- return new_task(dn, plugin);
+ return new_task(dn, plugin_pb);
}
/* slapi_destroy_task: destroy a task
@@ -583,9 +583,11 @@ void slapi_task_set_cancel_fn(Slapi_Task *task, TaskCallbackFn func)
***********************************/
/* create a new task, fill in DN, and setup modify callback */
static Slapi_Task *
-new_task(const char *rawdn, void *plugin)
+new_task(const char *rawdn, void *plugin_pb)
{
Slapi_Task *task = NULL;
+ Slapi_PBlock *pb = (Slapi_PBlock *)plugin_pb;
+ void *plugin = pb ? pb->pb_plugin : NULL;
char *dn = NULL;
if (rawdn == NULL) {
9 years, 6 months