[Fedora-directory-commits] adminserver/include/libdsa dsalib.h, 1.5, 1.6
Richard Allen Megginson (rmeggins)
fedora-directory-commits at redhat.com
Wed Nov 14 17:51:58 UTC 2007
- Previous message (by thread): [Fedora-directory-commits] adminserver/lib/libdsa dsalib_conf.c, 1.5, 1.6 dsalib_db.c, 1.4, 1.5 dsalib_util.c, 1.3, 1.4 dsalib_dn.c, 1.2, NONE dsalib_filename.c, 1.2, NONE dsalib_ldif.c, 1.3, NONE dsalib_pw.c, 1.2, NONE
- Next message (by thread): [Fedora-directory-commits] ldapserver/ldap/servers/plugins/passthru ptconfig.c, 1.7, 1.8
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: rmeggins
Update of /cvs/dirsec/adminserver/include/libdsa
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv5290/adminserver/include/libdsa
Modified Files:
dsalib.h
Log Message:
Resolves: bug 186280
Bug Description: Close potential security vulnerabilities in CGI code
Reviewed by: nhosoi (Thanks!)
Fix Description: This is for the CGIs moved into adminserver from ds. There is quite a bit of code here that we don't use anymore. We can also get rid of Import.java and Export.java in the ds console code. This addresses the security issues because, even though the console doesn't ever call the tasks that invoke the CGIs for db2ldif, ldif2db, etc. a malicious user could still attempt to invoke a task remotely and pass in bogus file and directory names.
Platforms tested: RHEL5 x86_64
Flag Day: no
Doc impact: no
QA impact: should be covered by regular nightly and manual testing
New Tests integrated into TET: none
Index: dsalib.h
===================================================================
RCS file: /cvs/dirsec/adminserver/include/libdsa/dsalib.h,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- dsalib.h 31 Aug 2007 17:01:38 -0000 1.5
+++ dsalib.h 14 Nov 2007 17:51:56 -0000 1.6
@@ -119,12 +119,6 @@
#endif
#endif
-#if defined( XP_WIN32 )
- #define PATH_FOR_PLATFORM(_path) ds_unixtodospath(_path)
-#else
- #define PATH_FOR_PLATFORM(_path)
-#endif
-
#define START_SCRIPT "start-slapd"
#define RESTART_SCRIPT "restart-slapd"
#define STOP_SCRIPT "stop-slapd"
@@ -230,14 +224,6 @@
extern struct ds_cfg_info ds_cfg_info[];
-#define LDBM_DATA_SIZE 5
-
-/*ldbm specific backend information*/
-struct ldbm_data {
- char *tv[LDBM_DATA_SIZE][2]; /*type and value*/
-};
-
-
/*
* varname for ds_showparam()
* NOTE: these must be kept in synch with the ds_cfg_info array defined
@@ -284,9 +270,6 @@
extern DS_EXPORT_SYMBOL char *ds_get_server_name();
extern DS_EXPORT_SYMBOL void ds_send_error(char *errstr, int print_errno);
extern DS_EXPORT_SYMBOL void ds_send_status(char *str);
-extern DS_EXPORT_SYMBOL char *ds_get_cgi_var(char *cgi_var_name);
-extern DS_EXPORT_SYMBOL char *ds_get_cgi_var_simple(int index);
-extern DS_EXPORT_SYMBOL char *ds_get_cgi_multiple(char *cgi_var_name);
extern DS_EXPORT_SYMBOL char *ds_get_errors_name();
extern DS_EXPORT_SYMBOL char *ds_get_access_name();
extern DS_EXPORT_SYMBOL char *ds_get_audit_name();
@@ -298,19 +281,7 @@
extern DS_EXPORT_SYMBOL int ds_get_file_size(char *fileName);
extern DS_EXPORT_SYMBOL void ds_display_tail(char *fileName, int timeOut,
int startSeek, char *doneMsg, char *lastLine);
-extern DS_EXPORT_SYMBOL int ds_ldif2db_preserve(char *file);
-extern DS_EXPORT_SYMBOL int ds_ldif2db(char *file);
-extern DS_EXPORT_SYMBOL int ds_ldif2db_backend_subtree(char *file, char *backend, char *subtree);
-extern DS_EXPORT_SYMBOL int ds_db2ldif(char *file);
-extern DS_EXPORT_SYMBOL int ds_vlvindex(char **backendList, char **attrList);
-extern DS_EXPORT_SYMBOL int ds_addindex(char **attrList, char *backendName);
-extern DS_EXPORT_SYMBOL int ds_db2ldif_subtree(char *file, char *subtree);
extern DS_EXPORT_SYMBOL char **ds_get_bak_dirs();
-extern DS_EXPORT_SYMBOL int ds_db2bak(char *file);
-extern DS_EXPORT_SYMBOL int ds_bak2db(char *file);
-extern DS_EXPORT_SYMBOL int ds_get_monitor(int frontend, char *port);
-extern DS_EXPORT_SYMBOL int ds_get_bemonitor(char *bemdn, char *port);
-extern DS_EXPORT_SYMBOL int ds_client_access(char *port, char *dn);
extern DS_EXPORT_SYMBOL char **ds_get_config(int type);
extern DS_EXPORT_SYMBOL char *ds_get_config_dir();
extern DS_EXPORT_SYMBOL void ds_set_config_dir(char *config_dir);
@@ -318,84 +289,15 @@
extern DS_EXPORT_SYMBOL void ds_set_run_dir(char *run_dir);
extern DS_EXPORT_SYMBOL char *ds_get_bak_dir();
extern DS_EXPORT_SYMBOL void ds_set_bak_dir(char *bak_dir);
-extern DS_EXPORT_SYMBOL char *ds_get_pwenc(char *passwd_hash, char *password);
extern DS_EXPORT_SYMBOL int ds_check_config(int type);
-extern DS_EXPORT_SYMBOL int ds_check_pw(char *pwhash, char *pwclear);
-extern DS_EXPORT_SYMBOL int ds_set_config(char *change_file_name);
extern DS_EXPORT_SYMBOL char **ds_get_conf_from_file(FILE *conf);
-extern DS_EXPORT_SYMBOL void ds_display_config(char **ds_config);
extern DS_EXPORT_SYMBOL char *ds_get_var_name(int varnum);
-extern DS_EXPORT_SYMBOL int ds_showparam(char **ds_config, int varname, int phase,
- int occurance, char *dispname, int size, int maxlength, unsigned flags,
- char *url);
-extern DS_EXPORT_SYMBOL void ds_show_pwmaxage(char *value);
-extern DS_EXPORT_SYMBOL void ds_show_pwhash(char *value);
extern DS_EXPORT_SYMBOL char *ds_get_value(char **ds_config, char *parm, int phase, int occurance);
-extern DS_EXPORT_SYMBOL void ds_apply_cfg_changes(int param_list[], int changed);
-extern DS_EXPORT_SYMBOL int ds_commit_cfg_changes();
-extern DS_EXPORT_SYMBOL int ds_config_updated();
-extern DS_EXPORT_SYMBOL void ds_display_header(char *font_size, char *header);
-extern DS_EXPORT_SYMBOL void ds_display_message(char *font_size, char *header);
-extern DS_EXPORT_SYMBOL void ds_print_file_form(char *action, char *fileptr, char *full_fileptr);
-extern DS_EXPORT_SYMBOL char *ds_get_file_meaning(char *file);
-extern DS_EXPORT_SYMBOL void ds_print_file_name(char *fileptr);
extern DS_EXPORT_SYMBOL int ds_file_exists(char *filename);
-extern DS_EXPORT_SYMBOL int ds_cp_file(char *sfile, char *dfile, int mode);
-extern DS_EXPORT_SYMBOL time_t ds_get_mtime(char *filename);
extern DS_EXPORT_SYMBOL char *ds_get_config_value( int option );
extern DS_EXPORT_SYMBOL char **ds_get_file_list( char *dir );
extern DS_EXPORT_SYMBOL char *ds_get_tmp_dir();
-extern DS_EXPORT_SYMBOL void ds_unixtodospath(char *szText);
-extern DS_EXPORT_SYMBOL void ds_timetofname(char *szText);
extern DS_EXPORT_SYMBOL void ds_dostounixpath(char *szText);
-extern DS_EXPORT_SYMBOL int ds_saferename(char *szSrc, char *szTarget);
-extern DS_EXPORT_SYMBOL char *get_specific_help_button(char *help_link,
- char *dispname, char *helpinfo);
-
-/* Change the DN to a canonical format (in place); return DN. */
-extern DS_EXPORT_SYMBOL char* dn_normalize (char* DN);
-
-/* Change the DN to a canonical format (in place) and convert to v3; return DN. */
-extern DS_EXPORT_SYMBOL char* dn_normalize_convert (char* DN);
-
-/* if dn contains an unescaped quote return true */
-extern DS_EXPORT_SYMBOL int ds_dn_uses_LDAPv2_quoting(const char *dn);
-
-/* Return a copy of the DN, but with optional whitespace inserted. */
-extern DS_EXPORT_SYMBOL char* ds_dn_expand (char* DN);
-
-/* Return the value if it can be stored 'as is' in a config file.
- If it requires enquoting, allocate and return its enquoted form.
- The caller should free() the returned pointer iff it's != value.
- On Windows, we don't want to double up on "\" characters in filespecs,
- so we need to pass in the value type */
-extern DS_EXPORT_SYMBOL char* ds_enquote_config_value (int paramnum, char* value);
-
-/*
- * Bring up a javascript alert.
- */
-extern DS_EXPORT_SYMBOL void ds_alert_user(char *header, char *message);
-
-/* Construct and return the DN that corresponds to the give DNS name.
- The caller should free() the returned pointer. */
-extern DS_EXPORT_SYMBOL char* ds_DNS_to_DN (char* DNS);
-
-/* Construct and return the DN of the LDAP server's own entry.
- The caller must NOT free() the returned pointer. */
-extern DS_EXPORT_SYMBOL char* ds_get_config_DN (char** ds_config);
-
-/* Encode characters, as described in RFC 1738 section 2.2,
- if they're 'unsafe' (as defined in RFC 1738), or '?' or
- <special> (as defined in RFC 1779).
- The caller should free() the returned pointer. */
-extern DS_EXPORT_SYMBOL char* ds_URL_encode (const char*);
-
-/* Decode characters, as described in RFC 1738 section 2.2.
- The caller should free() the returned pointer. */
-extern DS_EXPORT_SYMBOL char* ds_URL_decode (const char*);
-
-/* Encode all characters, even if 'safe' */
-extern DS_EXPORT_SYMBOL char* ds_encode_all (const char*);
/* Change the effective UID and GID of this process to
those associated with the given localuser (if any). */
@@ -409,8 +311,6 @@
what they were before calling ds_become_localuser(). */
extern DS_EXPORT_SYMBOL char* ds_become_original();
-extern DS_EXPORT_SYMBOL char* ds_makeshort(char *filepath);
-
extern DS_EXPORT_SYMBOL int ds_search_file(char *filename, char *searchstring, char **returnstring);
/* Display an error to the user and exit from a CGI */
@@ -419,34 +319,13 @@
/* Display a warning to the user */
extern DS_EXPORT_SYMBOL void ds_report_warning(int type, char *errmsg, char *details);
-/* These functions are used by the program to alter the output behaviour
-if not executing in a CGI context */
-extern DS_EXPORT_SYMBOL int ds_get_formatted_output(void);
-extern DS_EXPORT_SYMBOL void ds_set_formatted_output(int val);
-
/* show a message to be parsed by the non-HTML front end */
extern DS_EXPORT_SYMBOL void ds_show_message(const char *message);
-/* show a key/value pair to be parsed by the non-HTML front end */
-extern DS_EXPORT_SYMBOL void ds_show_key_value(char *key, char *value);
-
-extern DS_EXPORT_SYMBOL void ds_submit(char *helptarget) ;
-extern DS_EXPORT_SYMBOL char *ds_get_helpbutton(char *topic);
-
extern DS_EXPORT_SYMBOL void alter_startup_line(char *startup_line);
-extern DS_EXPORT_SYMBOL int ds_dir_exists(char *fn);
-extern DS_EXPORT_SYMBOL int ds_mkdir(char *dir, int mode);
-extern DS_EXPORT_SYMBOL char *ds_mkdir_p(char *dir, int mode);
-extern DS_EXPORT_SYMBOL char *ds_salted_sha1_pw_enc (char* pwd);
-extern DS_EXPORT_SYMBOL char * ds_escape_for_shell( char *s );
-
-extern DS_EXPORT_SYMBOL char **ds_string_to_vec(char *s);
-
extern DS_EXPORT_SYMBOL char *ds_system_errmsg(void);
-extern DS_EXPORT_SYMBOL int ds_exec_and_report(char *cmd);
-
/*
remove a registry key and report an error message if unsuccessful
*/
- Previous message (by thread): [Fedora-directory-commits] adminserver/lib/libdsa dsalib_conf.c, 1.5, 1.6 dsalib_db.c, 1.4, 1.5 dsalib_util.c, 1.3, 1.4 dsalib_dn.c, 1.2, NONE dsalib_filename.c, 1.2, NONE dsalib_ldif.c, 1.3, NONE dsalib_pw.c, 1.2, NONE
- Next message (by thread): [Fedora-directory-commits] ldapserver/ldap/servers/plugins/passthru ptconfig.c, 1.7, 1.8
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the Fedora-directory-commits
mailing list