ITS#6763,7053 Cleanup after sending entry/searchref.
slap_send_search_entry(), slap_send_search_reference(): Never skip
the cleanup code. Sending an entry did on sizeLimitExceeded/busy.
Sending a ref dropped rs_flush_entry() on error.
Ralf Haferkamp [Tue, 18 Oct 2011 15:08:05 +0000 (17:08 +0200)]
ITS#7066 reworked default deny ACL for cn=config
Dynamically adding ACL for cn=config didn't work correctly, when no
ACLs where present for that database upon startup. Delete the last
ACL from the DB could also lead to unexpected results.
ITS#7034 use mutex for connection handshake when using PEM nss
PEM nss is not thread safe when establishing the initial connection
using SSL_ForceHandshake. Create a new mutex - tlsm_pem_mutex - to
protect this function call.
The call to SSL_ConfigServerSessionIDCache() is not thread-safe - move it
to the init section and protect it with the init mutex.
Howard Chu [Fri, 9 Sep 2011 06:41:06 +0000 (23:41 -0700)]
Add a few NULL checks to defend against dumb API checkers.
Unfortunately automated checkers don't seem to read the documentation
for how APIs are expected to be used, and the C declaration syntax
isn't expressive enough to encode the documented usage.
Done for keywords index,limits. (Also do 'mode' if there were any cases.)
Change generated by: perl -i -pw0777e '
INIT { $q=qr/\#(?:[bh]|index|main)db\#/im; $k=qr/(?:index|limits|mode)\b/ }
0 while s/^$q($k.*\n)((?:$q.*\n)*?)\n?$q\1/\#maindb\#$1$2/imo;
s/^\#maindb\#index/\#indexdb\#index/igm;
' tests/data/*.* tests/data/regressions/*/*.*
Simplifies tests for the DB storage backends.
Adds indexing etc to ndb in some cases, to match bdb/hdb.
This also fixes some broken back-null/back-ldif settings.
Rich Megginson [Tue, 16 Aug 2011 18:01:16 +0000 (12:01 -0600)]
ITS#7022 NSS_Init* functions are not thread safe
The NSS_InitContext et. al, and their corresponding shutdown functions,
are not thread safe. There can only be one thread at a time calling
these functions. Protect the calls with a mutex. Create the mutex
using a PR_CallOnce to ensure that the mutex is only created once and
not used before created. Move the registration of the nss shutdown
callback to also use a PR_CallOnce. Removed the call to
SSL_ClearSessionCache() because it is always called at shutdown, and we must
not call it more than once.
Jan Vcelak [Tue, 9 Aug 2011 13:21:34 +0000 (15:21 +0200)]
ITS#7014 TLS: don't check hostname if reqcert is 'allow'
If server certificate hostname does not match the server hostname,
connection is closed even if client has set TLS_REQCERT to 'allow'. This
is wrong - the documentation says, that bad certificates are being
ignored when TLS_REQCERT is set to 'allow'.
If the olcTLSVerifyClient is set to a value other than "never", the server
should request that the client send a client certificate for possible use
with client cert auth (e.g. SASL/EXTERNAL).
If set to "allow", if the client sends a cert, and there are problems with
it, the server will warn about problems, but will allow the SSL session to
proceed without a client cert.
If set to "try", if the client sends a cert, and there are problems with
it, the server will warn about those problems, and shutdown the SSL session.
If set to "demand" or "hard", the client must send a cert, and the server
will shutdown the SSL session if there are problems.
I added a new member of the tlsm context structure - tc_warn_only - if this
is set, tlsm_verify_cert will only warn about errors, and only if TRACE
level debug is set. This allows the server to warn but allow bad certs
if "allow" is set, and warn and fail if "try" is set.
ITS#7001 MozNSS: free the return of tlsm_find_and_verify_cert_key
If tlsm_find_and_verify_cert_key finds the cert and/or key, and it fails
to verify them, it will leave them allocated for the caller to dispose of.
There were a couple of places that were not disposing of the cert and key
upon error.