April 2020 - 389-commits - Fedora Mailing-Lists

[389-ds-base] branch 389-ds-base-1.4.2 updated: Bump version to 1.4.2.12

by pagure＠pagure.io

This is an automated email from the git hooks/post-receive script. mreynolds pushed a commit to branch 389-ds-base-1.4.2 in repository 389-ds-base. The following commit(s) were added to refs/heads/389-ds-base-1.4.2 by this push: new b11942c Bump version to 1.4.2.12 b11942c is described below commit b11942c3650161c8e9855455ef3a84871ad8f6ee Author: Mark Reynolds <mreynolds(a)redhat.com> AuthorDate: Thu Apr 16 17:10:13 2020 -0400 Bump version to 1.4.2.12 --- VERSION.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/VERSION.sh b/VERSION.sh index d12f0f5..da42a3e 100644 --- a/VERSION.sh +++ b/VERSION.sh @@ -10,7 +10,7 @@ vendor="389 Project" # PACKAGE_VERSION is constructed from these VERSION_MAJOR=1 VERSION_MINOR=4 -VERSION_MAINT=2.11 +VERSION_MAINT=2.12 # NOTE: VERSION_PREREL is automatically set for builds made out of a git tree VERSION_PREREL= VERSION_DATE=$(date -u +%Y%m%d) -- To stop receiving notification emails like this one, please contact the administrator of this repository.

4 years, 1 month

1
0
0 / 0

[389-ds-base] branch 389-ds-base-1.4.3 updated: Bump version to 1.4.3.6

by pagure＠pagure.io

This is an automated email from the git hooks/post-receive script. mreynolds pushed a commit to branch 389-ds-base-1.4.3 in repository 389-ds-base. The following commit(s) were added to refs/heads/389-ds-base-1.4.3 by this push: new 56c4338 Bump version to 1.4.3.6 56c4338 is described below commit 56c433833ae0475e4efe44c0ee09e78515080191 Author: Mark Reynolds <mreynolds(a)redhat.com> AuthorDate: Thu Apr 16 14:14:46 2020 -0400 Bump version to 1.4.3.6 --- VERSION.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/VERSION.sh b/VERSION.sh index 7904c31..ebdc741 100644 --- a/VERSION.sh +++ b/VERSION.sh @@ -10,7 +10,7 @@ vendor="389 Project" # PACKAGE_VERSION is constructed from these VERSION_MAJOR=1 VERSION_MINOR=4 -VERSION_MAINT=3.5 +VERSION_MAINT=3.6 # NOTE: VERSION_PREREL is automatically set for builds made out of a git tree VERSION_PREREL= VERSION_DATE=$(date -u +%Y%m%d) -- To stop receiving notification emails like this one, please contact the administrator of this repository.

4 years, 1 month

1
0
0 / 0

[389-ds-base] 01/01: Bump version to 1.4.4

by pagure＠pagure.io

This is an automated email from the git hooks/post-receive script. mreynolds pushed a commit to tag 389-ds-base-1.4.4.0 in repository 389-ds-base. commit 5fc54f4343fca0511f24af29915365a1988a841d Author: Mark Reynolds <mreynolds(a)redhat.com> AuthorDate: Thu Apr 16 10:30:38 2020 -0400 Bump version to 1.4.4 --- VERSION.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/VERSION.sh b/VERSION.sh index 7904c31..8df20ee 100644 --- a/VERSION.sh +++ b/VERSION.sh @@ -10,7 +10,7 @@ vendor="389 Project" # PACKAGE_VERSION is constructed from these VERSION_MAJOR=1 VERSION_MINOR=4 -VERSION_MAINT=3.5 +VERSION_MAINT=4.0 # NOTE: VERSION_PREREL is automatically set for builds made out of a git tree VERSION_PREREL= VERSION_DATE=$(date -u +%Y%m%d) -- To stop receiving notification emails like this one, please contact the administrator of this repository.

4 years, 1 month

1
0
0 / 0

[389-ds-base] branch master updated: Issue 50933 - 10rfc2307compat.ldif is not ready to set used by default

by pagure＠pagure.io

This is an automated email from the git hooks/post-receive script. mreynolds pushed a commit to branch master in repository 389-ds-base. The following commit(s) were added to refs/heads/master by this push: new 9ede55d Issue 50933 - 10rfc2307compat.ldif is not ready to set used by default 9ede55d is described below commit 9ede55d2d5592539b5b33a76bf769687854b697d Author: Mark Reynolds <mreynolds(a)redhat.com> AuthorDate: Thu Apr 16 10:00:07 2020 -0400 Issue 50933 - 10rfc2307compat.ldif is not ready to set used by default Description: The compat schema file is causing issues with upgrades, and schema replication. For now we need to move it out to the optional schema location until we can resolve those issues relates: https://pagure.io/389-ds-base/issue/50933 --- Makefile.am | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Makefile.am b/Makefile.am index bd875dc..2309f30 100644 --- a/Makefile.am +++ b/Makefile.am @@ -707,7 +707,7 @@ sampledata_DATA = ldap/admin/src/scripts/DSSharedLib \ $(srcdir)/ldap/servers/slapd/tools/rsearch/scripts/dbgen-FamilyNames \ $(srcdir)/ldap/servers/slapd/tools/rsearch/scripts/dbgen-GivenNames \ $(srcdir)/ldap/servers/slapd/tools/rsearch/scripts/dbgen-OrgUnits \ - $(srcdir)/ldap/schema/10rfc2307.ldif \ + $(srcdir)/ldap/schema/10rfc2307compat.ldif \ $(srcdir)/ldap/schema/10rfc2307bis.ldif \ $(srcdir)/ldap/schema/60changelog.ldif \ $(srcdir)/ldap/schema/60inetmail.ldif \ @@ -732,7 +732,7 @@ systemschema_DATA = $(srcdir)/ldap/schema/00core.ldif \ $(srcdir)/ldap/schema/10automember-plugin.ldif \ $(srcdir)/ldap/schema/10dna-plugin.ldif \ $(srcdir)/ldap/schema/10mep-plugin.ldif \ - $(srcdir)/ldap/schema/10rfc2307compat.ldif \ + $(srcdir)/ldap/schema/10rfc2307.ldif \ $(srcdir)/ldap/schema/20subscriber.ldif \ $(srcdir)/ldap/schema/25java-object.ldif \ $(srcdir)/ldap/schema/28pilot.ldif \ -- To stop receiving notification emails like this one, please contact the administrator of this repository.

4 years, 1 month

1
0
0 / 0

[389-ds-base] branch 389-ds-base-1.4.1 updated: Issue 50337 - Replace exec() with setattr()

by pagure＠pagure.io

This is an automated email from the git hooks/post-receive script. mreynolds pushed a commit to branch 389-ds-base-1.4.1 in repository 389-ds-base. The following commit(s) were added to refs/heads/389-ds-base-1.4.1 by this push: new 42db968 Issue 50337 - Replace exec() with setattr() 42db968 is described below commit 42db968f32b6a13fcdfc9fd7ddd3c2db9fff35f4 Author: Viktor Ashirov <vashirov(a)redhat.com> AuthorDate: Fri Apr 3 15:16:55 2020 +0200 Issue 50337 - Replace exec() with setattr() Bug Description: Instance IDs now include superfluous quotes that break calling CLI tools from lib389. Fix Description: Remove the quotes. Fixes: https://pagure.io/389-ds-base/issue/50337 Reviewed by: spichugi (Thanks!) --- src/lib389/lib389/_constants.py | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/lib389/lib389/_constants.py b/src/lib389/lib389/_constants.py index 27cd88d..cbffafe 100644 --- a/src/lib389/lib389/_constants.py +++ b/src/lib389/lib389/_constants.py @@ -292,7 +292,7 @@ for i in range(port_start, port_start + number_of_instances): setattr(mod, "HOST_STANDALONE{0}".format(N), "LOCALHOST") setattr(mod, "PORT_STANDALONE{0}".format(N), i) setattr(mod, "SECUREPORT_STANDALONE{0}".format(N), i + 24700) - setattr(mod, "SERVERID_STANDALONE{0}".format(N), "\"standalone{0}\"".format(N)) + setattr(mod, "SERVERID_STANDALONE{0}".format(N), "standalone{0}".format(N)) setattr(mod, "REPLICAID_STANDALONE_{0}".format(N), 65535) # For compatibility @@ -309,7 +309,7 @@ for i in range(port_start, port_start + number_of_instances): setattr(mod, "HOST_MASTER_{0}".format(N), "LOCALHOST") setattr(mod, "PORT_MASTER_{0}".format(N), i) setattr(mod, "SECUREPORT_MASTER_{0}".format(N), i + 24700) - setattr(mod, "SERVERID_MASTER_{0}".format(N), "\"master{0}\"".format(N)) + setattr(mod, "SERVERID_MASTER_{0}".format(N), "master{0}".format(N)) setattr(mod, "REPLICAID_MASTER_{0}".format(N), N) # Replication topology - hubs @@ -320,7 +320,7 @@ for i in range(port_start, port_start + number_of_instances): setattr(mod, "HOST_HUB_{0}".format(N), "LOCALHOST") setattr(mod, "PORT_HUB_{0}".format(N), i) setattr(mod, "SECUREPORT_HUB_{0}".format(N), i + 24700) - setattr(mod, "SERVERID_HUB_{0}".format(N), "\"hub{0}\"".format(N)) + setattr(mod, "SERVERID_HUB_{0}".format(N), "hub{0}".format(N)) setattr(mod, "REPLICAID_HUB_{0}".format(N), 65535) # Replication topology - consumers @@ -331,7 +331,7 @@ for i in range(port_start, port_start + number_of_instances): setattr(mod, "HOST_CONSUMER_{0}".format(N), "LOCALHOST") setattr(mod, "PORT_CONSUMER_{0}".format(N), i) setattr(mod, "SECUREPORT_CONSUMER_{0}".format(N), i + 24700) - setattr(mod, "SERVERID_CONSUMER_{0}".format(N), "\"consumer{0}\"".format(N)) + setattr(mod, "SERVERID_CONSUMER_{0}".format(N), "consumer{0}".format(N)) # Cleanup, we don't need to export that del N, port_start, number_of_instances -- To stop receiving notification emails like this one, please contact the administrator of this repository.

4 years, 1 month

1
0
0 / 0

[389-ds-base] branch 389-ds-base-1.4.2 updated: Issue 50337 - Replace exec() with setattr()

by pagure＠pagure.io

This is an automated email from the git hooks/post-receive script. mreynolds pushed a commit to branch 389-ds-base-1.4.2 in repository 389-ds-base. The following commit(s) were added to refs/heads/389-ds-base-1.4.2 by this push: new 1ff7548 Issue 50337 - Replace exec() with setattr() 1ff7548 is described below commit 1ff7548843aad1e370e32144088efa280d7922d2 Author: Viktor Ashirov <vashirov(a)redhat.com> AuthorDate: Fri Apr 3 15:16:55 2020 +0200 Issue 50337 - Replace exec() with setattr() Bug Description: Instance IDs now include superfluous quotes that break calling CLI tools from lib389. Fix Description: Remove the quotes. Fixes: https://pagure.io/389-ds-base/issue/50337 Reviewed by: spichugi (Thanks!) --- src/lib389/lib389/_constants.py | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/lib389/lib389/_constants.py b/src/lib389/lib389/_constants.py index 086a722..a1729c3 100644 --- a/src/lib389/lib389/_constants.py +++ b/src/lib389/lib389/_constants.py @@ -294,7 +294,7 @@ for i in range(port_start, port_start + number_of_instances): setattr(mod, "HOST_STANDALONE{0}".format(N), "LOCALHOST") setattr(mod, "PORT_STANDALONE{0}".format(N), i) setattr(mod, "SECUREPORT_STANDALONE{0}".format(N), i + 24700) - setattr(mod, "SERVERID_STANDALONE{0}".format(N), "\"standalone{0}\"".format(N)) + setattr(mod, "SERVERID_STANDALONE{0}".format(N), "standalone{0}".format(N)) setattr(mod, "REPLICAID_STANDALONE_{0}".format(N), 65535) # For compatibility @@ -311,7 +311,7 @@ for i in range(port_start, port_start + number_of_instances): setattr(mod, "HOST_MASTER_{0}".format(N), "LOCALHOST") setattr(mod, "PORT_MASTER_{0}".format(N), i) setattr(mod, "SECUREPORT_MASTER_{0}".format(N), i + 24700) - setattr(mod, "SERVERID_MASTER_{0}".format(N), "\"master{0}\"".format(N)) + setattr(mod, "SERVERID_MASTER_{0}".format(N), "master{0}".format(N)) setattr(mod, "REPLICAID_MASTER_{0}".format(N), N) # Replication topology - hubs @@ -322,7 +322,7 @@ for i in range(port_start, port_start + number_of_instances): setattr(mod, "HOST_HUB_{0}".format(N), "LOCALHOST") setattr(mod, "PORT_HUB_{0}".format(N), i) setattr(mod, "SECUREPORT_HUB_{0}".format(N), i + 24700) - setattr(mod, "SERVERID_HUB_{0}".format(N), "\"hub{0}\"".format(N)) + setattr(mod, "SERVERID_HUB_{0}".format(N), "hub{0}".format(N)) setattr(mod, "REPLICAID_HUB_{0}".format(N), 65535) # Replication topology - consumers @@ -333,7 +333,7 @@ for i in range(port_start, port_start + number_of_instances): setattr(mod, "HOST_CONSUMER_{0}".format(N), "LOCALHOST") setattr(mod, "PORT_CONSUMER_{0}".format(N), i) setattr(mod, "SECUREPORT_CONSUMER_{0}".format(N), i + 24700) - setattr(mod, "SERVERID_CONSUMER_{0}".format(N), "\"consumer{0}\"".format(N)) + setattr(mod, "SERVERID_CONSUMER_{0}".format(N), "consumer{0}".format(N)) # Cleanup, we don't need to export that del N, port_start, number_of_instances -- To stop receiving notification emails like this one, please contact the administrator of this repository.

4 years, 1 month

1
0
0 / 0

[389-ds-base] branch 389-ds-base-1.4.2 updated: Issue 50545 - the check for the ds version for the backend config was broken

by pagure＠pagure.io

This is an automated email from the git hooks/post-receive script. mreynolds pushed a commit to branch 389-ds-base-1.4.2 in repository 389-ds-base. The following commit(s) were added to refs/heads/389-ds-base-1.4.2 by this push: new 92e6937 Issue 50545 - the check for the ds version for the backend config was broken 92e6937 is described below commit 92e6937eb56371939e279eeec42209cc97fa1d81 Author: Mark Reynolds <mreynolds(a)redhat.com> AuthorDate: Thu Apr 16 09:31:59 2020 -0400 Issue 50545 - the check for the ds version for the backend config was broken Description: In 1.4.2 the is_ds_older() function took different parameters, this needs to be adjusted Relates: https://pagure.io/389-ds-base/issue/50545 Reviewed by: mreynolds (one line commit rule) --- src/lib389/lib389/monitor.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/lib389/lib389/monitor.py b/src/lib389/lib389/monitor.py index 73750c3..a111182 100644 --- a/src/lib389/lib389/monitor.py +++ b/src/lib389/lib389/monitor.py @@ -161,7 +161,7 @@ class MonitorLDBM(DSLdapObject): 'nsslapd-db-pages-in-use', 'nsslapd-db-txn-region-wait-rate', ] - if not ds_is_older("1.4.0", instance=instance): + if not ds_is_older("1.4.0"): self._backend_keys.extend([ 'normalizeddncachetries', 'normalizeddncachehits', -- To stop receiving notification emails like this one, please contact the administrator of this repository.

4 years, 1 month

1
0
0 / 0

[389-ds-base] branch 389-ds-base-1.4.2 updated: Issue 50875 - Refactor passwordUserAttributes's and passwordBadWords's code

by pagure＠pagure.io

This is an automated email from the git hooks/post-receive script. spichugi pushed a commit to branch 389-ds-base-1.4.2 in repository 389-ds-base. The following commit(s) were added to refs/heads/389-ds-base-1.4.2 by this push: new 24c501d Issue 50875 - Refactor passwordUserAttributes's and passwordBadWords's code 24c501d is described below commit 24c501db384b7927dbd339472e517dd38de4a70a Author: Simon Pichugin <spichugi(a)redhat.com> AuthorDate: Sun Apr 5 21:19:11 2020 +0200 Issue 50875 - Refactor passwordUserAttributes's and passwordBadWords's code Bug Description: Searches on cn=config takes values with spaces and makes multiple attributes out of them. If we set passwordUserAttributes to "cn uid givenname", it will transform it in a multi-valued attribute. Fix Description: Change passwordUserAttributes's and passwordBadWords's type to CONFIG_STRING (it was CONFIG_CHARRAY). Add an additional parameter to store the array (and use it in pw.c). The string and array processing is similar to nsslapd-allowed-sasl-mechanisms. Add tests for both attributes. https://pagure.io/389-ds-base/issue/50875 Reviewed by: mreynolds, tbordaz, firstyear (Thanks!) --- .../tests/suites/password/pwdPolicy_syntax_test.py | 101 ++++++++++++-- ldap/servers/slapd/back-ldbm/vlv.c | 14 -- ldap/servers/slapd/libglobs.c | 151 +++++++++++++-------- ldap/servers/slapd/proto-slap.h | 3 + ldap/servers/slapd/pw.c | 65 +++++---- ldap/servers/slapd/slap.h | 6 +- ldap/servers/slapd/util.c | 11 ++ 7 files changed, 238 insertions(+), 113 deletions(-) diff --git a/dirsrvtests/tests/suites/password/pwdPolicy_syntax_test.py b/dirsrvtests/tests/suites/password/pwdPolicy_syntax_test.py index 82d1a97..291a6fd 100644 --- a/dirsrvtests/tests/suites/password/pwdPolicy_syntax_test.py +++ b/dirsrvtests/tests/suites/password/pwdPolicy_syntax_test.py @@ -48,6 +48,7 @@ def create_user(topology_st): 'gidNumber': '4000', 'homeDirectory': '/home/user', 'description': 'd_e_s_c', + 'loginShell': USER_RDN, 'userPassword': PASSWORD }) @@ -61,7 +62,8 @@ def setPolicy(inst, attr, value): value = str(value) inst.config.set(attr, value) - inst.simple_bind_s(USER_DN, PASSWORD) + policy = inst.config.get_attr_val_utf8(attr) + assert policy == value def resetPasswd(inst): @@ -84,6 +86,7 @@ def tryPassword(inst, policy_attr, value, reset_value, pw_bad, pw_good, msg): """ setPolicy(inst, policy_attr, value) + inst.simple_bind_s(USER_DN, PASSWORD) users = UserAccounts(inst, DEFAULT_SUFFIX) user = users.get(USER_RDN) try: @@ -250,17 +253,17 @@ def test_basic(topology_st, create_user, password_policy): # Sequences tryPassword(topology_st.standalone, 'passwordMaxSequence', 3, 0, 'Za1_1234', - '13_#Kad472h', 'Max montonic sequence is not allowed') + '13_#Kad472h', 'Max monotonic sequence is not allowed') tryPassword(topology_st.standalone, 'passwordMaxSequence', 3, 0, 'Za1_4321', - '13_#Kad472h', 'Max montonic sequence is not allowed') + '13_#Kad472h', 'Max monotonic sequence is not allowed') tryPassword(topology_st.standalone, 'passwordMaxSequence', 3, 0, 'Za1_abcd', - '13_#Kad472h', 'Max montonic sequence is not allowed') + '13_#Kad472h', 'Max monotonic sequence is not allowed') tryPassword(topology_st.standalone, 'passwordMaxSequence', 3, 0, 'Za1_dcba', - '13_#Kad472h', 'Max montonic sequence is not allowed') + '13_#Kad472h', 'Max monotonic sequence is not allowed') # Sequence Sets tryPassword(topology_st.standalone, 'passwordMaxSeqSets', 2, 0, 'Za1_123--123', - '13_#Kad472h', 'Max montonic sequence is not allowed') + '13_#Kad472h', 'Max monotonic sequence is not allowed') # Max characters in a character class tryPassword(topology_st.standalone, 'passwordMaxClassChars', 3, 0, 'Za1_9376', @@ -273,16 +276,94 @@ def test_basic(topology_st, create_user, password_policy): '13_#Kad472h', 'Too may consecutive characters from the same class') # Bad words - tryPassword(topology_st.standalone, 'passwordBadWords', 'redhat fedora', 'none', 'Za1_redhat', - '13_#Kad472h', 'Too may consecutive characters from the same class') - tryPassword(topology_st.standalone, 'passwordBadWords', 'redhat fedora', 'none', 'Za1_fedora', + tryPassword(topology_st.standalone, 'passwordBadWords', 'redhat', 'none', 'Za1_redhat', '13_#Kad472h', 'Too may consecutive characters from the same class') # User Attributes tryPassword(topology_st.standalone, 'passwordUserAttributes', 'description', 0, 'Za1_d_e_s_c', '13_#Kad472h', 'Password found in user entry') - log.info('pwdPolicy tests PASSED') + +(a)pytest.mark.bz1816857 +(a)pytest.mark.ds50875 +(a)pytest.mark.skipif(ds_is_older("1.4.1.18"), reason="Not implemented") +def test_config_set_few_user_attributes(topology_st, create_user, password_policy): + """Test that we can successfully set multiple values to passwordUserAttributes + + :id: 188e0aee-6e29-4857-910c-27d5606f8c08 + :setup: Standalone instance + :steps: + 1. Set passwordUserAttributes to "description loginShell" + 2. Verify passwordUserAttributes has the values + 3. Verify passwordUserAttributes enforced the policy + :expectedresults: + 1. Operation should be successful + 2. Operation should be successful + 3. Operation should be successful + """ + + standalone = topology_st.standalone + + standalone.log.info('Set passwordUserAttributes to "description loginShell"') + standalone.config.set('passwordUserAttributes', 'description loginshell') + + standalone.restart() + + standalone.log.info("Verify passwordUserAttributes has the values") + user_attrs = standalone.config.get_attr_val_utf8('passwordUserAttributes') + assert "description" in user_attrs + assert "loginshell" in user_attrs + standalone.log.info("Reset passwordUserAttributes") + standalone.config.remove_all('passwordUserAttributes') + + standalone.log.info("Verify passwordUserAttributes enforced the policy") + attributes = ['description, loginShell', 'description,loginShell', 'description loginShell'] + values = ['Za1_d_e_s_c', f'Za1_{USER_RDN}', f'Za1_d_e_s_c{USER_RDN}'] + for attr in attributes: + for value in values: + tryPassword(standalone, 'passwordUserAttributes', attr, 0, value, + '13_#Kad472h', 'Password found in user entry') + + +(a)pytest.mark.bz1816857 +(a)pytest.mark.ds50875 +(a)pytest.mark.skipif(ds_is_older("1.4.1.18"), reason="Not implemented") +def test_config_set_few_bad_words(topology_st, create_user, password_policy): + """Test that we can successfully set multiple values to passwordBadWords + + :id: 2977094c-921c-4b2f-af91-4c7a45ded48b + :setup: Standalone instance + :steps: + 1. Set passwordBadWords to "fedora redhat" + 2. Verify passwordBadWords has the values + 3. Verify passwordBadWords enforced the policy + :expectedresults: + 1. Operation should be successful + 2. Operation should be successful + 3. Operation should be successful + """ + + standalone = topology_st.standalone + + standalone.log.info('Set passwordBadWords to "fedora redhat"') + standalone.config.set('passwordBadWords', 'fedora redhat') + + standalone.restart() + + standalone.log.info("Verify passwordBadWords has the values") + user_attrs = standalone.config.get_attr_val_utf8('passwordBadWords') + assert "fedora" in user_attrs + assert "redhat" in user_attrs + standalone.log.info("Reset passwordBadWords") + standalone.config.remove_all('passwordBadWords') + + standalone.log.info("Verify passwordBadWords enforced the policy") + attributes = ['redhat, fedora', 'redhat,fedora', 'redhat fedora'] + values = ['Za1_redhat_fedora', 'Za1_fedora', 'Za1_redhat'] + for attr in attributes: + for value in values: + tryPassword(standalone, 'passwordBadWords', attr, 'none', value, + '13_#Kad472h', 'Too may consecutive characters from the same class') if __name__ == '__main__': diff --git a/ldap/servers/slapd/back-ldbm/vlv.c b/ldap/servers/slapd/back-ldbm/vlv.c index b50bb5a..ef7f26e 100644 --- a/ldap/servers/slapd/back-ldbm/vlv.c +++ b/ldap/servers/slapd/back-ldbm/vlv.c @@ -1962,20 +1962,6 @@ vlv_find_index_by_filter(struct backend *be, const char *base, Slapi_Filter *f) return vlv_find_index_by_filter_txn(be, base, f, NULL); } -/* replace c with c2 in string -- probably exists somewhere but I can't find it slapi maybe? */ - -static void -replace_char(char *name, char c, char c2) -{ - int x; - - for (x = 0; name[x] != '\0'; x++) { - if (c == name[x]) { - name[x] = c2; - } - } -} - /* similar to what the console GUI does */ char * diff --git a/ldap/servers/slapd/libglobs.c b/ldap/servers/slapd/libglobs.c index 7d275eb..0a7143a 100644 --- a/ldap/servers/slapd/libglobs.c +++ b/ldap/servers/slapd/libglobs.c @@ -171,7 +171,6 @@ typedef enum { static int32_t config_set_onoff(const char *attrname, char *value, int32_t *configvalue, char *errorbuf, int apply); static int config_set_schemareplace(const char *attrname, char *value, char *errorbuf, int apply); -static void remove_commas(char *str); static int invalid_sasl_mech(char *str); @@ -530,12 +529,12 @@ static struct config_get_and_set {CONFIG_PW_USERATTRS_ATTRIBUTE, config_set_pw_user_attrs, NULL, 0, (void **)&global_slapdFrontendConfig.pw_policy.pw_cmp_attrs, - CONFIG_CHARRAY, NULL, NULL}, + CONFIG_STRING, NULL, "", NULL}, /* password bad work list */ {CONFIG_PW_BAD_WORDS_ATTRIBUTE, config_set_pw_bad_words, NULL, 0, (void **)&global_slapdFrontendConfig.pw_policy.pw_bad_words, - CONFIG_CHARRAY, NULL, NULL}, + CONFIG_STRING, NULL, "", NULL}, /* password max sequence */ {CONFIG_PW_MAX_SEQ_ATTRIBUTE, config_set_pw_max_seq, NULL, 0, @@ -2896,70 +2895,118 @@ config_set_pw_dict_path(const char *attrname, char *value, char *errorbuf, int a return retVal; } +char ** +config_get_pw_user_attrs_array(void) +{ + /* + * array of password user attributes. If is null, returns NULL thanks to ch_array_dup. + * Caller must free! + */ + char **retVal; + slapdFrontendConfig_t *slapdFrontendConfig = getFrontendConfig(); + + CFG_LOCK_READ(slapdFrontendConfig); + retVal = slapi_ch_array_dup(slapdFrontendConfig->pw_policy.pw_cmp_attrs_array); + CFG_UNLOCK_READ(slapdFrontendConfig); + + return retVal; +} + int32_t config_set_pw_user_attrs(const char *attrname, char *value, char *errorbuf, int apply) { int retVal = LDAP_SUCCESS; - char **attrs = NULL; slapdFrontendConfig_t *slapdFrontendConfig = getFrontendConfig(); if (config_value_is_null(attrname, value, errorbuf, 0)) { value = NULL; } if (apply) { - if (value) { + /* During a reset, the value is "", so we have to handle this case. */ + if (strcmp(value, "") != 0) { + char **nval_array; + char *nval = slapi_ch_strdup(value); + /* A separate variable is used because slapi_str2charray_ext can change it and nval'd become corrupted */ + char *tmp_array_nval = slapi_ch_strdup(nval); + + /* We should accept comma-separated lists but slapi_str2charray_ext will process only space-separated */ + replace_char(tmp_array_nval, ',', ' '); /* Take list of attributes and break it up into a char array */ - char *attr = NULL; - char *token = NULL; - char *next = NULL; - - token = slapi_ch_strdup(value); - for (attr = ldap_utf8strtok_r(token, " ", &next); attr != NULL; - attr = ldap_utf8strtok_r(NULL, " ", &next)) - { - slapi_ch_array_add(&attrs, slapi_ch_strdup(attr)); - } - slapi_ch_free_string(&token); - } + nval_array = slapi_str2charray_ext(tmp_array_nval, " ", 0); + slapi_ch_free_string(&tmp_array_nval); - CFG_LOCK_WRITE(slapdFrontendConfig); - slapi_ch_array_free(slapdFrontendConfig->pw_policy.pw_cmp_attrs); - slapdFrontendConfig->pw_policy.pw_cmp_attrs = attrs; - CFG_UNLOCK_WRITE(slapdFrontendConfig); + CFG_LOCK_WRITE(slapdFrontendConfig); + slapi_ch_free_string(&slapdFrontendConfig->pw_policy.pw_cmp_attrs); + slapi_ch_array_free(slapdFrontendConfig->pw_policy.pw_cmp_attrs_array); + slapdFrontendConfig->pw_policy.pw_cmp_attrs = nval; + slapdFrontendConfig->pw_policy.pw_cmp_attrs_array = nval_array; + CFG_UNLOCK_WRITE(slapdFrontendConfig); + } else { + CFG_LOCK_WRITE(slapdFrontendConfig); + slapi_ch_free_string(&slapdFrontendConfig->pw_policy.pw_cmp_attrs); + slapi_ch_array_free(slapdFrontendConfig->pw_policy.pw_cmp_attrs_array); + slapdFrontendConfig->pw_policy.pw_cmp_attrs = NULL; + slapdFrontendConfig->pw_policy.pw_cmp_attrs_array = NULL; + CFG_UNLOCK_WRITE(slapdFrontendConfig); + } } return retVal; } +char ** +config_get_pw_bad_words_array(void) +{ + /* + * array of words to reject. If is null, returns NULL thanks to ch_array_dup. + * Caller must free! + */ + char **retVal; + slapdFrontendConfig_t *slapdFrontendConfig = getFrontendConfig(); + + CFG_LOCK_READ(slapdFrontendConfig); + retVal = slapi_ch_array_dup(slapdFrontendConfig->pw_policy.pw_bad_words_array); + CFG_UNLOCK_READ(slapdFrontendConfig); + + return retVal; +} + int32_t config_set_pw_bad_words(const char *attrname, char *value, char *errorbuf, int apply) { int retVal = LDAP_SUCCESS; - char **words = NULL; slapdFrontendConfig_t *slapdFrontendConfig = getFrontendConfig(); if (config_value_is_null(attrname, value, errorbuf, 0)) { value = NULL; } if (apply) { - if (value) { + /* During a reset, the value is "", so we have to handle this case. */ + if (strcmp(value, "") != 0) { + char **nval_array; + char *nval = slapi_ch_strdup(value); + /* A separate variable is used because slapi_str2charray_ext can change it and nval'd become corrupted */ + char *tmp_array_nval = slapi_ch_strdup(nval); + + /* We should accept comma-separated lists but slapi_str2charray_ext will process only space-separated */ + replace_char(tmp_array_nval, ',', ' '); /* Take list of attributes and break it up into a char array */ - char *word = NULL; - char *token = NULL; - char *next = NULL; - - token = slapi_ch_strdup(value); - for (word = ldap_utf8strtok_r(token, " ", &next); word != NULL; - word = ldap_utf8strtok_r(NULL, " ", &next)) - { - slapi_ch_array_add(&words, slapi_ch_strdup(word)); - } - slapi_ch_free_string(&token); - } + nval_array = slapi_str2charray_ext(tmp_array_nval, " ", 0); + slapi_ch_free_string(&tmp_array_nval); - CFG_LOCK_WRITE(slapdFrontendConfig); - slapi_ch_array_free(slapdFrontendConfig->pw_policy.pw_bad_words); - slapdFrontendConfig->pw_policy.pw_bad_words = words; - CFG_UNLOCK_WRITE(slapdFrontendConfig); + CFG_LOCK_WRITE(slapdFrontendConfig); + slapi_ch_free_string(&slapdFrontendConfig->pw_policy.pw_bad_words); + slapi_ch_array_free(slapdFrontendConfig->pw_policy.pw_bad_words_array); + slapdFrontendConfig->pw_policy.pw_bad_words = nval; + slapdFrontendConfig->pw_policy.pw_bad_words_array = nval_array; + CFG_UNLOCK_WRITE(slapdFrontendConfig); + } else { + CFG_LOCK_WRITE(slapdFrontendConfig); + slapi_ch_free_string(&slapdFrontendConfig->pw_policy.pw_bad_words); + slapi_ch_array_free(slapdFrontendConfig->pw_policy.pw_bad_words_array); + slapdFrontendConfig->pw_policy.pw_bad_words = NULL; + slapdFrontendConfig->pw_policy.pw_bad_words_array = NULL; + CFG_UNLOCK_WRITE(slapdFrontendConfig); + } } return retVal; } @@ -7281,13 +7328,13 @@ config_set_allowed_sasl_mechs(const char *attrname, char *value, char *errorbuf /* During a reset, the value is "", so we have to handle this case. */ if (strcmp(value, "") != 0) { + char **nval_array; char *nval = slapi_ch_strdup(value); /* A separate variable is used because slapi_str2charray_ext can change it and nval'd become corrupted */ char *tmp_array_nval; /* cyrus sasl doesn't like comma separated lists */ - remove_commas(nval); - tmp_array_nval = slapi_ch_strdup(nval); + replace_char(nval, ',', ' '); if (invalid_sasl_mech(nval)) { slapi_log_err(SLAPI_LOG_ERR, "config_set_allowed_sasl_mechs", @@ -7296,15 +7343,18 @@ config_set_allowed_sasl_mechs(const char *attrname, char *value, char *errorbuf "digits, hyphens, or underscores\n", nval); slapi_ch_free_string(&nval); - slapi_ch_free_string(&tmp_array_nval); return LDAP_UNWILLING_TO_PERFORM; } + + tmp_array_nval = slapi_ch_strdup(nval); + nval_array = slapi_str2charray_ext(tmp_array_nval, " ", 0); + slapi_ch_free_string(&tmp_array_nval); + CFG_LOCK_WRITE(slapdFrontendConfig); slapi_ch_free_string(&slapdFrontendConfig->allowed_sasl_mechs); slapi_ch_array_free(slapdFrontendConfig->allowed_sasl_mechs_array); slapdFrontendConfig->allowed_sasl_mechs = nval; - slapdFrontendConfig->allowed_sasl_mechs_array = slapi_str2charray_ext(tmp_array_nval, " ", 0); - slapi_ch_free_string(&tmp_array_nval); + slapdFrontendConfig->allowed_sasl_mechs_array = nval_array; CFG_UNLOCK_WRITE(slapdFrontendConfig); } else { /* If this value is "", we need to set the list to *all* possible mechs */ @@ -8415,19 +8465,6 @@ slapi_err2string(int result) return ldap_err2string(result); } -/* replace commas with spaces */ -static void -remove_commas(char *str) -{ - int i; - - for (i = 0; str && str[i]; i++) { - if (str[i] == ',') { - str[i] = ' '; - } - } -} - /* * Check the SASL mechanism values * diff --git a/ldap/servers/slapd/proto-slap.h b/ldap/servers/slapd/proto-slap.h index 75259e4..ac02618 100644 --- a/ldap/servers/slapd/proto-slap.h +++ b/ldap/servers/slapd/proto-slap.h @@ -304,7 +304,9 @@ int config_set_pw_syntax(const char *attrname, char *value, char *errorbuf, int int32_t config_set_pw_palindrome(const char *attrname, char *value, char *errorbuf, int apply); int32_t config_set_pw_dict_check(const char *attrname, char *value, char *errorbuf, int apply); int32_t config_set_pw_dict_path(const char *attrname, char *value, char *errorbuf, int apply); +char **config_get_pw_user_attrs_array(void); int32_t config_set_pw_user_attrs(const char *attrname, char *value, char *errorbuf, int apply); +char **config_get_pw_bad_words_array(void); int32_t config_set_pw_bad_words(const char *attrname, char *value, char *errorbuf, int apply); int32_t config_set_pw_max_seq_sets(const char *attrname, char *value, char *errorbuf, int apply); int32_t config_set_pw_max_seq(const char *attrname, char *value, char *errorbuf, int apply); @@ -851,6 +853,7 @@ void slapd_nasty(char *str, int c, int err); int strarray2str(char **a, char *buf, size_t buflen, int include_quotes); int slapd_chown_if_not_owner(const char *filename, uid_t uid, gid_t gid); int slapd_comp_path(char *p0, char *p1); +void replace_char(char *name, char c, char c2); /* diff --git a/ldap/servers/slapd/pw.c b/ldap/servers/slapd/pw.c index 2e11caa..238c9e0 100644 --- a/ldap/servers/slapd/pw.c +++ b/ldap/servers/slapd/pw.c @@ -1068,6 +1068,7 @@ check_pw_syntax_ext(Slapi_PBlock *pb, const Slapi_DN *sdn, Slapi_Value **vals, c int num_repeated = 0; int max_repeated = 0; int num_categories = 0; + char **bad_words_array; pwd = (char *)slapi_value_get_string(vals[i]); @@ -1089,13 +1090,16 @@ check_pw_syntax_ext(Slapi_PBlock *pb, const Slapi_DN *sdn, Slapi_Value **vals, c } /* Check for bad words */ - if (pwpolicy->pw_bad_words) { - for (size_t b = 0; pwpolicy->pw_bad_words && pwpolicy->pw_bad_words[b]; b++) { - if (strcasestr(pwd, pwpolicy->pw_bad_words[b])) { + bad_words_array = config_get_pw_bad_words_array(); + if (bad_words_array) { + for (size_t b = 0; bad_words_array && bad_words_array[b]; b++) { + if (strcasestr(pwd, bad_words_array[b])) { report_pw_violation(pb, pwresponse_req, "Password contains a restricted word"); + charray_free(bad_words_array); return (1); } } + charray_free(bad_words_array); } /* Check for sequences */ @@ -1310,6 +1314,7 @@ check_pw_syntax_ext(Slapi_PBlock *pb, const Slapi_DN *sdn, Slapi_Value **vals, c /* check for trivial words if syntax checking is enabled */ if (pwpolicy->pw_syntax == LDAP_ON) { + char **user_attrs_array; /* e is null if this is an add operation*/ if (check_trivial_words(pb, e, vals, "uid", pwpolicy->pw_mintokenlength, smods) == 1 || check_trivial_words(pb, e, vals, "cn", pwpolicy->pw_mintokenlength, smods) == 1 || @@ -1324,15 +1329,18 @@ check_pw_syntax_ext(Slapi_PBlock *pb, const Slapi_DN *sdn, Slapi_Value **vals, c return 1; } /* Check user attributes */ - if (pwpolicy->pw_cmp_attrs) { - for (size_t a = 0; pwpolicy->pw_cmp_attrs && pwpolicy->pw_cmp_attrs[a]; a++) { - if (check_trivial_words(pb, e, vals, pwpolicy->pw_cmp_attrs[a], pwpolicy->pw_mintokenlength, smods) == 1 ){ + user_attrs_array = config_get_pw_user_attrs_array(); + if (user_attrs_array) { + for (size_t a = 0; user_attrs_array && user_attrs_array[a]; a++) { + if (check_trivial_words(pb, e, vals, user_attrs_array[a], pwpolicy->pw_mintokenlength, smods) == 1 ){ if (mod_op) { slapi_entry_free(e); } + charray_free(user_attrs_array); return 1; } } + charray_free(user_attrs_array); } } @@ -2237,35 +2245,32 @@ new_passwdPolicy(Slapi_PBlock *pb, const char *dn) } } else if (!strcasecmp(attr_name, "passwordUserAttributes")) { if ((sval = attr_get_present_values(attr))) { - char **attrs = NULL; - char *attr = NULL; - char *token = NULL; - char *next = NULL; - - token = slapi_ch_strdup(slapi_value_get_string(*sval)); - for (attr = ldap_utf8strtok_r(token, " ", &next); attr != NULL; - attr = ldap_utf8strtok_r(NULL, " ", &next)) - { - slapi_ch_array_add(&attrs, slapi_ch_strdup(attr)); - } - slapi_ch_free_string(&token); + char *attrs = slapi_ch_strdup(slapi_value_get_string(*sval)); + /* we need a separate string because it gets corrupted after slapi_str2charray_ext */ + char *tmp_array_attrs = slapi_ch_strdup(attrs); + + /* we should accept comma-separated lists but slapi_str2charray_ext will process only space-separated */ + replace_char(tmp_array_attrs, ',', ' '); + pwdpolicy->pw_cmp_attrs = attrs; + /* Take list of attributes and break it up into a char array */ + pwdpolicy->pw_cmp_attrs_array = slapi_str2charray_ext(tmp_array_attrs, " ", 0); + slapi_ch_free_string(&tmp_array_attrs); } } else if (!strcasecmp(attr_name, "passwordBadWords")) { if ((sval = attr_get_present_values(attr))) { - char **words = NULL; - char *word = NULL; - char *token = NULL; - char *next = NULL; - - token = slapi_ch_strdup(slapi_value_get_string(*sval)); - for (word = ldap_utf8strtok_r(token, " ", &next); word != NULL; - word = ldap_utf8strtok_r(NULL, " ", &next)) - { - slapi_ch_array_add(&words, slapi_ch_strdup(word)); - } - slapi_ch_free_string(&token); + char *words = slapi_ch_strdup(slapi_value_get_string(*sval)); + /* we need a separate string because it gets corrupted after slapi_str2charray_ext */ + char *tmp_array_words = slapi_ch_strdup(words); + + /* we should accept comma-separated lists but slapi_str2charray_ext will process only space-separated */ + replace_char(tmp_array_words, ',', ' '); + pwdpolicy->pw_bad_words = words; + /* Take list of attributes and break it up into a char array */ + pwdpolicy->pw_bad_words_array = slapi_str2charray_ext(tmp_array_words, " ", 0); + + slapi_ch_free_string(&tmp_array_words); } } else if (!strcasecmp(attr_name, "passwordMaxSequence")) { if ((sval = attr_get_present_values(attr))) { diff --git a/ldap/servers/slapd/slap.h b/ldap/servers/slapd/slap.h index 96ce7d4..b3bf87d 100644 --- a/ldap/servers/slapd/slap.h +++ b/ldap/servers/slapd/slap.h @@ -1807,10 +1807,12 @@ typedef struct passwordpolicyarray the same character class. */ slapi_onoff_t pw_check_dict; char *pw_dict_path; /* custom dictionary */ - char **pw_cmp_attrs; /* Space-separated list of attributes to see if the + char *pw_cmp_attrs; /* Comma-separated list of attributes to see if the attribute values (and reversed values) in the entry are contained in the new password. */ - char **pw_bad_words; /* Space-separated list of words to reject */ + char **pw_cmp_attrs_array; /* Array of password user attributes */ + char *pw_bad_words; /* Comma-separated list of words to reject */ + char **pw_bad_words_array; /* Array of words to reject */ slapi_onoff_t pw_exp; slapi_onoff_t pw_send_expiring; diff --git a/ldap/servers/slapd/util.c b/ldap/servers/slapd/util.c index e1219c5..5ef1cd9 100644 --- a/ldap/servers/slapd/util.c +++ b/ldap/servers/slapd/util.c @@ -467,6 +467,17 @@ slapi_escape_filter_value(char *filter_str, int len) } } +/* replace c with c2 in str */ +void +replace_char(char *str, char c, char c2) +{ + for (size_t i = 0; (str != NULL) && (str[i] != NULL); i++) { + if (c == str[i]) { + str[i] = c2; + } + } +} + /* ** This function takes a quoted attribute value of the form "abc", ** and strips off the enclosing quotes. It also deals with quoted -- To stop receiving notification emails like this one, please contact the administrator of this repository.

4 years, 1 month

1
0
0 / 0

[389-ds-base] branch 389-ds-base-1.4.1 updated: Issue 50875 - Refactor passwordUserAttributes's and passwordBadWords's code

by pagure＠pagure.io

This is an automated email from the git hooks/post-receive script. spichugi pushed a commit to branch 389-ds-base-1.4.1 in repository 389-ds-base. The following commit(s) were added to refs/heads/389-ds-base-1.4.1 by this push: new 0b88633 Issue 50875 - Refactor passwordUserAttributes's and passwordBadWords's code 0b88633 is described below commit 0b886339959e9e16bf2633535d23726f223b87bd Author: Simon Pichugin <spichugi(a)redhat.com> AuthorDate: Sun Apr 5 21:19:11 2020 +0200 Issue 50875 - Refactor passwordUserAttributes's and passwordBadWords's code Bug Description: Searches on cn=config takes values with spaces and makes multiple attributes out of them. If we set passwordUserAttributes to "cn uid givenname", it will transform it in a multi-valued attribute. Fix Description: Change passwordUserAttributes's and passwordBadWords's type to CONFIG_STRING (it was CONFIG_CHARRAY). Add an additional parameter to store the array (and use it in pw.c). The string and array processing is similar to nsslapd-allowed-sasl-mechanisms. Add tests for both attributes. https://pagure.io/389-ds-base/issue/50875 Reviewed by: mreynolds, tbordaz, firstyear (Thanks!) --- .../tests/suites/password/pwdPolicy_syntax_test.py | 101 ++++++++++++-- ldap/servers/slapd/back-ldbm/vlv.c | 14 -- ldap/servers/slapd/libglobs.c | 151 +++++++++++++-------- ldap/servers/slapd/proto-slap.h | 3 + ldap/servers/slapd/pw.c | 65 +++++---- ldap/servers/slapd/slap.h | 6 +- ldap/servers/slapd/util.c | 11 ++ 7 files changed, 238 insertions(+), 113 deletions(-) diff --git a/dirsrvtests/tests/suites/password/pwdPolicy_syntax_test.py b/dirsrvtests/tests/suites/password/pwdPolicy_syntax_test.py index 82d1a97..291a6fd 100644 --- a/dirsrvtests/tests/suites/password/pwdPolicy_syntax_test.py +++ b/dirsrvtests/tests/suites/password/pwdPolicy_syntax_test.py @@ -48,6 +48,7 @@ def create_user(topology_st): 'gidNumber': '4000', 'homeDirectory': '/home/user', 'description': 'd_e_s_c', + 'loginShell': USER_RDN, 'userPassword': PASSWORD }) @@ -61,7 +62,8 @@ def setPolicy(inst, attr, value): value = str(value) inst.config.set(attr, value) - inst.simple_bind_s(USER_DN, PASSWORD) + policy = inst.config.get_attr_val_utf8(attr) + assert policy == value def resetPasswd(inst): @@ -84,6 +86,7 @@ def tryPassword(inst, policy_attr, value, reset_value, pw_bad, pw_good, msg): """ setPolicy(inst, policy_attr, value) + inst.simple_bind_s(USER_DN, PASSWORD) users = UserAccounts(inst, DEFAULT_SUFFIX) user = users.get(USER_RDN) try: @@ -250,17 +253,17 @@ def test_basic(topology_st, create_user, password_policy): # Sequences tryPassword(topology_st.standalone, 'passwordMaxSequence', 3, 0, 'Za1_1234', - '13_#Kad472h', 'Max montonic sequence is not allowed') + '13_#Kad472h', 'Max monotonic sequence is not allowed') tryPassword(topology_st.standalone, 'passwordMaxSequence', 3, 0, 'Za1_4321', - '13_#Kad472h', 'Max montonic sequence is not allowed') + '13_#Kad472h', 'Max monotonic sequence is not allowed') tryPassword(topology_st.standalone, 'passwordMaxSequence', 3, 0, 'Za1_abcd', - '13_#Kad472h', 'Max montonic sequence is not allowed') + '13_#Kad472h', 'Max monotonic sequence is not allowed') tryPassword(topology_st.standalone, 'passwordMaxSequence', 3, 0, 'Za1_dcba', - '13_#Kad472h', 'Max montonic sequence is not allowed') + '13_#Kad472h', 'Max monotonic sequence is not allowed') # Sequence Sets tryPassword(topology_st.standalone, 'passwordMaxSeqSets', 2, 0, 'Za1_123--123', - '13_#Kad472h', 'Max montonic sequence is not allowed') + '13_#Kad472h', 'Max monotonic sequence is not allowed') # Max characters in a character class tryPassword(topology_st.standalone, 'passwordMaxClassChars', 3, 0, 'Za1_9376', @@ -273,16 +276,94 @@ def test_basic(topology_st, create_user, password_policy): '13_#Kad472h', 'Too may consecutive characters from the same class') # Bad words - tryPassword(topology_st.standalone, 'passwordBadWords', 'redhat fedora', 'none', 'Za1_redhat', - '13_#Kad472h', 'Too may consecutive characters from the same class') - tryPassword(topology_st.standalone, 'passwordBadWords', 'redhat fedora', 'none', 'Za1_fedora', + tryPassword(topology_st.standalone, 'passwordBadWords', 'redhat', 'none', 'Za1_redhat', '13_#Kad472h', 'Too may consecutive characters from the same class') # User Attributes tryPassword(topology_st.standalone, 'passwordUserAttributes', 'description', 0, 'Za1_d_e_s_c', '13_#Kad472h', 'Password found in user entry') - log.info('pwdPolicy tests PASSED') + +(a)pytest.mark.bz1816857 +(a)pytest.mark.ds50875 +(a)pytest.mark.skipif(ds_is_older("1.4.1.18"), reason="Not implemented") +def test_config_set_few_user_attributes(topology_st, create_user, password_policy): + """Test that we can successfully set multiple values to passwordUserAttributes + + :id: 188e0aee-6e29-4857-910c-27d5606f8c08 + :setup: Standalone instance + :steps: + 1. Set passwordUserAttributes to "description loginShell" + 2. Verify passwordUserAttributes has the values + 3. Verify passwordUserAttributes enforced the policy + :expectedresults: + 1. Operation should be successful + 2. Operation should be successful + 3. Operation should be successful + """ + + standalone = topology_st.standalone + + standalone.log.info('Set passwordUserAttributes to "description loginShell"') + standalone.config.set('passwordUserAttributes', 'description loginshell') + + standalone.restart() + + standalone.log.info("Verify passwordUserAttributes has the values") + user_attrs = standalone.config.get_attr_val_utf8('passwordUserAttributes') + assert "description" in user_attrs + assert "loginshell" in user_attrs + standalone.log.info("Reset passwordUserAttributes") + standalone.config.remove_all('passwordUserAttributes') + + standalone.log.info("Verify passwordUserAttributes enforced the policy") + attributes = ['description, loginShell', 'description,loginShell', 'description loginShell'] + values = ['Za1_d_e_s_c', f'Za1_{USER_RDN}', f'Za1_d_e_s_c{USER_RDN}'] + for attr in attributes: + for value in values: + tryPassword(standalone, 'passwordUserAttributes', attr, 0, value, + '13_#Kad472h', 'Password found in user entry') + + +(a)pytest.mark.bz1816857 +(a)pytest.mark.ds50875 +(a)pytest.mark.skipif(ds_is_older("1.4.1.18"), reason="Not implemented") +def test_config_set_few_bad_words(topology_st, create_user, password_policy): + """Test that we can successfully set multiple values to passwordBadWords + + :id: 2977094c-921c-4b2f-af91-4c7a45ded48b + :setup: Standalone instance + :steps: + 1. Set passwordBadWords to "fedora redhat" + 2. Verify passwordBadWords has the values + 3. Verify passwordBadWords enforced the policy + :expectedresults: + 1. Operation should be successful + 2. Operation should be successful + 3. Operation should be successful + """ + + standalone = topology_st.standalone + + standalone.log.info('Set passwordBadWords to "fedora redhat"') + standalone.config.set('passwordBadWords', 'fedora redhat') + + standalone.restart() + + standalone.log.info("Verify passwordBadWords has the values") + user_attrs = standalone.config.get_attr_val_utf8('passwordBadWords') + assert "fedora" in user_attrs + assert "redhat" in user_attrs + standalone.log.info("Reset passwordBadWords") + standalone.config.remove_all('passwordBadWords') + + standalone.log.info("Verify passwordBadWords enforced the policy") + attributes = ['redhat, fedora', 'redhat,fedora', 'redhat fedora'] + values = ['Za1_redhat_fedora', 'Za1_fedora', 'Za1_redhat'] + for attr in attributes: + for value in values: + tryPassword(standalone, 'passwordBadWords', attr, 'none', value, + '13_#Kad472h', 'Too may consecutive characters from the same class') if __name__ == '__main__': diff --git a/ldap/servers/slapd/back-ldbm/vlv.c b/ldap/servers/slapd/back-ldbm/vlv.c index b50bb5a..ef7f26e 100644 --- a/ldap/servers/slapd/back-ldbm/vlv.c +++ b/ldap/servers/slapd/back-ldbm/vlv.c @@ -1962,20 +1962,6 @@ vlv_find_index_by_filter(struct backend *be, const char *base, Slapi_Filter *f) return vlv_find_index_by_filter_txn(be, base, f, NULL); } -/* replace c with c2 in string -- probably exists somewhere but I can't find it slapi maybe? */ - -static void -replace_char(char *name, char c, char c2) -{ - int x; - - for (x = 0; name[x] != '\0'; x++) { - if (c == name[x]) { - name[x] = c2; - } - } -} - /* similar to what the console GUI does */ char * diff --git a/ldap/servers/slapd/libglobs.c b/ldap/servers/slapd/libglobs.c index d1d8801..7810389 100644 --- a/ldap/servers/slapd/libglobs.c +++ b/ldap/servers/slapd/libglobs.c @@ -166,7 +166,6 @@ typedef enum { static int32_t config_set_onoff(const char *attrname, char *value, int32_t *configvalue, char *errorbuf, int apply); static int config_set_schemareplace(const char *attrname, char *value, char *errorbuf, int apply); -static void remove_commas(char *str); static int invalid_sasl_mech(char *str); @@ -525,12 +524,12 @@ static struct config_get_and_set {CONFIG_PW_USERATTRS_ATTRIBUTE, config_set_pw_user_attrs, NULL, 0, (void **)&global_slapdFrontendConfig.pw_policy.pw_cmp_attrs, - CONFIG_CHARRAY, NULL, NULL}, + CONFIG_STRING, NULL, "", NULL}, /* password bad work list */ {CONFIG_PW_BAD_WORDS_ATTRIBUTE, config_set_pw_bad_words, NULL, 0, (void **)&global_slapdFrontendConfig.pw_policy.pw_bad_words, - CONFIG_CHARRAY, NULL, NULL}, + CONFIG_STRING, NULL, "", NULL}, /* password max sequence */ {CONFIG_PW_MAX_SEQ_ATTRIBUTE, config_set_pw_max_seq, NULL, 0, @@ -2886,70 +2885,118 @@ config_set_pw_dict_path(const char *attrname, char *value, char *errorbuf, int a return retVal; } +char ** +config_get_pw_user_attrs_array(void) +{ + /* + * array of password user attributes. If is null, returns NULL thanks to ch_array_dup. + * Caller must free! + */ + char **retVal; + slapdFrontendConfig_t *slapdFrontendConfig = getFrontendConfig(); + + CFG_LOCK_READ(slapdFrontendConfig); + retVal = slapi_ch_array_dup(slapdFrontendConfig->pw_policy.pw_cmp_attrs_array); + CFG_UNLOCK_READ(slapdFrontendConfig); + + return retVal; +} + int32_t config_set_pw_user_attrs(const char *attrname, char *value, char *errorbuf, int apply) { int retVal = LDAP_SUCCESS; - char **attrs = NULL; slapdFrontendConfig_t *slapdFrontendConfig = getFrontendConfig(); if (config_value_is_null(attrname, value, errorbuf, 0)) { value = NULL; } if (apply) { - if (value) { + /* During a reset, the value is "", so we have to handle this case. */ + if (strcmp(value, "") != 0) { + char **nval_array; + char *nval = slapi_ch_strdup(value); + /* A separate variable is used because slapi_str2charray_ext can change it and nval'd become corrupted */ + char *tmp_array_nval = slapi_ch_strdup(nval); + + /* We should accept comma-separated lists but slapi_str2charray_ext will process only space-separated */ + replace_char(tmp_array_nval, ',', ' '); /* Take list of attributes and break it up into a char array */ - char *attr = NULL; - char *token = NULL; - char *next = NULL; - - token = slapi_ch_strdup(value); - for (attr = ldap_utf8strtok_r(token, " ", &next); attr != NULL; - attr = ldap_utf8strtok_r(NULL, " ", &next)) - { - slapi_ch_array_add(&attrs, slapi_ch_strdup(attr)); - } - slapi_ch_free_string(&token); - } + nval_array = slapi_str2charray_ext(tmp_array_nval, " ", 0); + slapi_ch_free_string(&tmp_array_nval); - CFG_LOCK_WRITE(slapdFrontendConfig); - slapi_ch_array_free(slapdFrontendConfig->pw_policy.pw_cmp_attrs); - slapdFrontendConfig->pw_policy.pw_cmp_attrs = attrs; - CFG_UNLOCK_WRITE(slapdFrontendConfig); + CFG_LOCK_WRITE(slapdFrontendConfig); + slapi_ch_free_string(&slapdFrontendConfig->pw_policy.pw_cmp_attrs); + slapi_ch_array_free(slapdFrontendConfig->pw_policy.pw_cmp_attrs_array); + slapdFrontendConfig->pw_policy.pw_cmp_attrs = nval; + slapdFrontendConfig->pw_policy.pw_cmp_attrs_array = nval_array; + CFG_UNLOCK_WRITE(slapdFrontendConfig); + } else { + CFG_LOCK_WRITE(slapdFrontendConfig); + slapi_ch_free_string(&slapdFrontendConfig->pw_policy.pw_cmp_attrs); + slapi_ch_array_free(slapdFrontendConfig->pw_policy.pw_cmp_attrs_array); + slapdFrontendConfig->pw_policy.pw_cmp_attrs = NULL; + slapdFrontendConfig->pw_policy.pw_cmp_attrs_array = NULL; + CFG_UNLOCK_WRITE(slapdFrontendConfig); + } } return retVal; } +char ** +config_get_pw_bad_words_array(void) +{ + /* + * array of words to reject. If is null, returns NULL thanks to ch_array_dup. + * Caller must free! + */ + char **retVal; + slapdFrontendConfig_t *slapdFrontendConfig = getFrontendConfig(); + + CFG_LOCK_READ(slapdFrontendConfig); + retVal = slapi_ch_array_dup(slapdFrontendConfig->pw_policy.pw_bad_words_array); + CFG_UNLOCK_READ(slapdFrontendConfig); + + return retVal; +} + int32_t config_set_pw_bad_words(const char *attrname, char *value, char *errorbuf, int apply) { int retVal = LDAP_SUCCESS; - char **words = NULL; slapdFrontendConfig_t *slapdFrontendConfig = getFrontendConfig(); if (config_value_is_null(attrname, value, errorbuf, 0)) { value = NULL; } if (apply) { - if (value) { + /* During a reset, the value is "", so we have to handle this case. */ + if (strcmp(value, "") != 0) { + char **nval_array; + char *nval = slapi_ch_strdup(value); + /* A separate variable is used because slapi_str2charray_ext can change it and nval'd become corrupted */ + char *tmp_array_nval = slapi_ch_strdup(nval); + + /* We should accept comma-separated lists but slapi_str2charray_ext will process only space-separated */ + replace_char(tmp_array_nval, ',', ' '); /* Take list of attributes and break it up into a char array */ - char *word = NULL; - char *token = NULL; - char *next = NULL; - - token = slapi_ch_strdup(value); - for (word = ldap_utf8strtok_r(token, " ", &next); word != NULL; - word = ldap_utf8strtok_r(NULL, " ", &next)) - { - slapi_ch_array_add(&words, slapi_ch_strdup(word)); - } - slapi_ch_free_string(&token); - } + nval_array = slapi_str2charray_ext(tmp_array_nval, " ", 0); + slapi_ch_free_string(&tmp_array_nval); - CFG_LOCK_WRITE(slapdFrontendConfig); - slapi_ch_array_free(slapdFrontendConfig->pw_policy.pw_bad_words); - slapdFrontendConfig->pw_policy.pw_bad_words = words; - CFG_UNLOCK_WRITE(slapdFrontendConfig); + CFG_LOCK_WRITE(slapdFrontendConfig); + slapi_ch_free_string(&slapdFrontendConfig->pw_policy.pw_bad_words); + slapi_ch_array_free(slapdFrontendConfig->pw_policy.pw_bad_words_array); + slapdFrontendConfig->pw_policy.pw_bad_words = nval; + slapdFrontendConfig->pw_policy.pw_bad_words_array = nval_array; + CFG_UNLOCK_WRITE(slapdFrontendConfig); + } else { + CFG_LOCK_WRITE(slapdFrontendConfig); + slapi_ch_free_string(&slapdFrontendConfig->pw_policy.pw_bad_words); + slapi_ch_array_free(slapdFrontendConfig->pw_policy.pw_bad_words_array); + slapdFrontendConfig->pw_policy.pw_bad_words = NULL; + slapdFrontendConfig->pw_policy.pw_bad_words_array = NULL; + CFG_UNLOCK_WRITE(slapdFrontendConfig); + } } return retVal; } @@ -7271,13 +7318,13 @@ config_set_allowed_sasl_mechs(const char *attrname, char *value, char *errorbuf /* During a reset, the value is "", so we have to handle this case. */ if (strcmp(value, "") != 0) { + char **nval_array; char *nval = slapi_ch_strdup(value); /* A separate variable is used because slapi_str2charray_ext can change it and nval'd become corrupted */ char *tmp_array_nval; /* cyrus sasl doesn't like comma separated lists */ - remove_commas(nval); - tmp_array_nval = slapi_ch_strdup(nval); + replace_char(nval, ',', ' '); if (invalid_sasl_mech(nval)) { slapi_log_err(SLAPI_LOG_ERR, "config_set_allowed_sasl_mechs", @@ -7286,15 +7333,18 @@ config_set_allowed_sasl_mechs(const char *attrname, char *value, char *errorbuf "digits, hyphens, or underscores\n", nval); slapi_ch_free_string(&nval); - slapi_ch_free_string(&tmp_array_nval); return LDAP_UNWILLING_TO_PERFORM; } + + tmp_array_nval = slapi_ch_strdup(nval); + nval_array = slapi_str2charray_ext(tmp_array_nval, " ", 0); + slapi_ch_free_string(&tmp_array_nval); + CFG_LOCK_WRITE(slapdFrontendConfig); slapi_ch_free_string(&slapdFrontendConfig->allowed_sasl_mechs); slapi_ch_array_free(slapdFrontendConfig->allowed_sasl_mechs_array); slapdFrontendConfig->allowed_sasl_mechs = nval; - slapdFrontendConfig->allowed_sasl_mechs_array = slapi_str2charray_ext(tmp_array_nval, " ", 0); - slapi_ch_free_string(&tmp_array_nval); + slapdFrontendConfig->allowed_sasl_mechs_array = nval_array; CFG_UNLOCK_WRITE(slapdFrontendConfig); } else { /* If this value is "", we need to set the list to *all* possible mechs */ @@ -8405,19 +8455,6 @@ slapi_err2string(int result) return ldap_err2string(result); } -/* replace commas with spaces */ -static void -remove_commas(char *str) -{ - int i; - - for (i = 0; str && str[i]; i++) { - if (str[i] == ',') { - str[i] = ' '; - } - } -} - /* * Check the SASL mechanism values * diff --git a/ldap/servers/slapd/proto-slap.h b/ldap/servers/slapd/proto-slap.h index 5964719..1bcc222 100644 --- a/ldap/servers/slapd/proto-slap.h +++ b/ldap/servers/slapd/proto-slap.h @@ -304,7 +304,9 @@ int config_set_pw_syntax(const char *attrname, char *value, char *errorbuf, int int32_t config_set_pw_palindrome(const char *attrname, char *value, char *errorbuf, int apply); int32_t config_set_pw_dict_check(const char *attrname, char *value, char *errorbuf, int apply); int32_t config_set_pw_dict_path(const char *attrname, char *value, char *errorbuf, int apply); +char **config_get_pw_user_attrs_array(void); int32_t config_set_pw_user_attrs(const char *attrname, char *value, char *errorbuf, int apply); +char **config_get_pw_bad_words_array(void); int32_t config_set_pw_bad_words(const char *attrname, char *value, char *errorbuf, int apply); int32_t config_set_pw_max_seq_sets(const char *attrname, char *value, char *errorbuf, int apply); int32_t config_set_pw_max_seq(const char *attrname, char *value, char *errorbuf, int apply); @@ -851,6 +853,7 @@ void slapd_nasty(char *str, int c, int err); int strarray2str(char **a, char *buf, size_t buflen, int include_quotes); int slapd_chown_if_not_owner(const char *filename, uid_t uid, gid_t gid); int slapd_comp_path(char *p0, char *p1); +void replace_char(char *name, char c, char c2); /* diff --git a/ldap/servers/slapd/pw.c b/ldap/servers/slapd/pw.c index 2e11caa..238c9e0 100644 --- a/ldap/servers/slapd/pw.c +++ b/ldap/servers/slapd/pw.c @@ -1068,6 +1068,7 @@ check_pw_syntax_ext(Slapi_PBlock *pb, const Slapi_DN *sdn, Slapi_Value **vals, c int num_repeated = 0; int max_repeated = 0; int num_categories = 0; + char **bad_words_array; pwd = (char *)slapi_value_get_string(vals[i]); @@ -1089,13 +1090,16 @@ check_pw_syntax_ext(Slapi_PBlock *pb, const Slapi_DN *sdn, Slapi_Value **vals, c } /* Check for bad words */ - if (pwpolicy->pw_bad_words) { - for (size_t b = 0; pwpolicy->pw_bad_words && pwpolicy->pw_bad_words[b]; b++) { - if (strcasestr(pwd, pwpolicy->pw_bad_words[b])) { + bad_words_array = config_get_pw_bad_words_array(); + if (bad_words_array) { + for (size_t b = 0; bad_words_array && bad_words_array[b]; b++) { + if (strcasestr(pwd, bad_words_array[b])) { report_pw_violation(pb, pwresponse_req, "Password contains a restricted word"); + charray_free(bad_words_array); return (1); } } + charray_free(bad_words_array); } /* Check for sequences */ @@ -1310,6 +1314,7 @@ check_pw_syntax_ext(Slapi_PBlock *pb, const Slapi_DN *sdn, Slapi_Value **vals, c /* check for trivial words if syntax checking is enabled */ if (pwpolicy->pw_syntax == LDAP_ON) { + char **user_attrs_array; /* e is null if this is an add operation*/ if (check_trivial_words(pb, e, vals, "uid", pwpolicy->pw_mintokenlength, smods) == 1 || check_trivial_words(pb, e, vals, "cn", pwpolicy->pw_mintokenlength, smods) == 1 || @@ -1324,15 +1329,18 @@ check_pw_syntax_ext(Slapi_PBlock *pb, const Slapi_DN *sdn, Slapi_Value **vals, c return 1; } /* Check user attributes */ - if (pwpolicy->pw_cmp_attrs) { - for (size_t a = 0; pwpolicy->pw_cmp_attrs && pwpolicy->pw_cmp_attrs[a]; a++) { - if (check_trivial_words(pb, e, vals, pwpolicy->pw_cmp_attrs[a], pwpolicy->pw_mintokenlength, smods) == 1 ){ + user_attrs_array = config_get_pw_user_attrs_array(); + if (user_attrs_array) { + for (size_t a = 0; user_attrs_array && user_attrs_array[a]; a++) { + if (check_trivial_words(pb, e, vals, user_attrs_array[a], pwpolicy->pw_mintokenlength, smods) == 1 ){ if (mod_op) { slapi_entry_free(e); } + charray_free(user_attrs_array); return 1; } } + charray_free(user_attrs_array); } } @@ -2237,35 +2245,32 @@ new_passwdPolicy(Slapi_PBlock *pb, const char *dn) } } else if (!strcasecmp(attr_name, "passwordUserAttributes")) { if ((sval = attr_get_present_values(attr))) { - char **attrs = NULL; - char *attr = NULL; - char *token = NULL; - char *next = NULL; - - token = slapi_ch_strdup(slapi_value_get_string(*sval)); - for (attr = ldap_utf8strtok_r(token, " ", &next); attr != NULL; - attr = ldap_utf8strtok_r(NULL, " ", &next)) - { - slapi_ch_array_add(&attrs, slapi_ch_strdup(attr)); - } - slapi_ch_free_string(&token); + char *attrs = slapi_ch_strdup(slapi_value_get_string(*sval)); + /* we need a separate string because it gets corrupted after slapi_str2charray_ext */ + char *tmp_array_attrs = slapi_ch_strdup(attrs); + + /* we should accept comma-separated lists but slapi_str2charray_ext will process only space-separated */ + replace_char(tmp_array_attrs, ',', ' '); + pwdpolicy->pw_cmp_attrs = attrs; + /* Take list of attributes and break it up into a char array */ + pwdpolicy->pw_cmp_attrs_array = slapi_str2charray_ext(tmp_array_attrs, " ", 0); + slapi_ch_free_string(&tmp_array_attrs); } } else if (!strcasecmp(attr_name, "passwordBadWords")) { if ((sval = attr_get_present_values(attr))) { - char **words = NULL; - char *word = NULL; - char *token = NULL; - char *next = NULL; - - token = slapi_ch_strdup(slapi_value_get_string(*sval)); - for (word = ldap_utf8strtok_r(token, " ", &next); word != NULL; - word = ldap_utf8strtok_r(NULL, " ", &next)) - { - slapi_ch_array_add(&words, slapi_ch_strdup(word)); - } - slapi_ch_free_string(&token); + char *words = slapi_ch_strdup(slapi_value_get_string(*sval)); + /* we need a separate string because it gets corrupted after slapi_str2charray_ext */ + char *tmp_array_words = slapi_ch_strdup(words); + + /* we should accept comma-separated lists but slapi_str2charray_ext will process only space-separated */ + replace_char(tmp_array_words, ',', ' '); + pwdpolicy->pw_bad_words = words; + /* Take list of attributes and break it up into a char array */ + pwdpolicy->pw_bad_words_array = slapi_str2charray_ext(tmp_array_words, " ", 0); + + slapi_ch_free_string(&tmp_array_words); } } else if (!strcasecmp(attr_name, "passwordMaxSequence")) { if ((sval = attr_get_present_values(attr))) { diff --git a/ldap/servers/slapd/slap.h b/ldap/servers/slapd/slap.h index b24f9cb..71ccdad 100644 --- a/ldap/servers/slapd/slap.h +++ b/ldap/servers/slapd/slap.h @@ -1814,10 +1814,12 @@ typedef struct passwordpolicyarray the same character class. */ slapi_onoff_t pw_check_dict; char *pw_dict_path; /* custom dictionary */ - char **pw_cmp_attrs; /* Space-separated list of attributes to see if the + char *pw_cmp_attrs; /* Comma-separated list of attributes to see if the attribute values (and reversed values) in the entry are contained in the new password. */ - char **pw_bad_words; /* Space-separated list of words to reject */ + char **pw_cmp_attrs_array; /* Array of password user attributes */ + char *pw_bad_words; /* Comma-separated list of words to reject */ + char **pw_bad_words_array; /* Array of words to reject */ slapi_onoff_t pw_exp; slapi_onoff_t pw_send_expiring; diff --git a/ldap/servers/slapd/util.c b/ldap/servers/slapd/util.c index e1219c5..5ef1cd9 100644 --- a/ldap/servers/slapd/util.c +++ b/ldap/servers/slapd/util.c @@ -467,6 +467,17 @@ slapi_escape_filter_value(char *filter_str, int len) } } +/* replace c with c2 in str */ +void +replace_char(char *str, char c, char c2) +{ + for (size_t i = 0; (str != NULL) && (str[i] != NULL); i++) { + if (c == str[i]) { + str[i] = c2; + } + } +} + /* ** This function takes a quoted attribute value of the form "abc", ** and strips off the enclosing quotes. It also deals with quoted -- To stop receiving notification emails like this one, please contact the administrator of this repository.

4 years, 1 month

1
0
0 / 0

[389-ds-base] branch 389-ds-base-1.4.2 updated: Ticket 51014 - slapi_pal.c possible static buffer overflow

by pagure＠pagure.io

This is an automated email from the git hooks/post-receive script. firstyear pushed a commit to branch 389-ds-base-1.4.2 in repository 389-ds-base. The following commit(s) were added to refs/heads/389-ds-base-1.4.2 by this push: new b213ed4 Ticket 51014 - slapi_pal.c possible static buffer overflow b213ed4 is described below commit b213ed417210f223c97369bdb479c6fbe4f49913 Author: William Brown <william(a)blackhats.net.au> AuthorDate: Tue Apr 7 16:30:41 2020 +1000 Ticket 51014 - slapi_pal.c possible static buffer overflow Bug Description: Due to an incorrect use of a buffer size, static analysis in suse detected a possible overflow in slapi pal. However, it requires root permissions to exploit anything, and thus is not a security issues. Fix Description: Change the buffer we read the cgroup into to be maxpathlen size. https://pagure.io/389-ds-base/issue/51014 Author: William Brown <william(a)blackhats.net.au> Review by: ??? --- ldap/servers/slapd/slapi_pal.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ldap/servers/slapd/slapi_pal.c b/ldap/servers/slapd/slapi_pal.c index 3ae7d12..fecc24d 100644 --- a/ldap/servers/slapd/slapi_pal.c +++ b/ldap/servers/slapd/slapi_pal.c @@ -126,7 +126,7 @@ _spal_dir_exist(char *path) static char * _spal_cgroupv2_path() { FILE *f; - char s[256] = {0}; + char s[MAXPATHLEN + 1] = {0}; char *res = NULL; /* We discover our path by looking at /proc/self/cgroup */ f = fopen("/proc/self/cgroup", "r"); -- To stop receiving notification emails like this one, please contact the administrator of this repository.

4 years, 1 month

1
0
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

389-commits April 2020