| Commit message (Collapse) | Author | Age | Files | Lines |
... | |
|
|
|
|
|
|
|
|
|
|
|
|
| |
The rsearch utility has an option (-i) that allows one to have a
file containing names to be used as a variable in search filters.
The way this is designed is that you would specify a partial filter
(such as "uid=") as the filter option and a random name from the
name file will be appended to the filter for each search operation.
Unfortunately, this option was broken. The format was missing
where we were creating the filter string, which caused the filter
option to be used as specified without appending a name from the
name file.
|
|
|
|
|
|
|
|
|
|
|
|
| |
The ldapi socket file is only removed when ns-slapd is started
since the server does not have permission to remove it at shutdown.
The causes issues when upgrading to a recetn version that has
SELinux policy since the newly confined ns-slapd daemon will not
be allowed to remove the old ldapi socket file since it doesn't
have a dirsrv specific label. To deal with this, I've added an
upgrade scriptlet that will remove the ldapi socket file. When
the newly confined ns-slapd starts up, it will create a new
socket file with the proper label.
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=584109
Resolves: bug 584109
Bug Description: Slapd crashes while parsing DNA configuration
Fix Description: The dna_parse_config_entry() has been modified to duplicate
the shared_cfg_base value to avoid freeing the same memory location twice.
Reviewed by: rmeggins (and pushed by)
|
|
|
|
| |
ldap/servers/slapd/filterentry.c (line 685) void function cannot return value
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
deleted entries)
https://bugzilla.redhat.com/show_bug.cgi?id=576644
Resolves: bug 576644
Bug Description: segfault while multimaster replication (paired node won't find deleted entries)
Reviewed by: rmeggins
Fixed by: edewata, nhosoi
Branch: HEAD
Fix Description: The delete code stores the actual entry from the entry
cache in the pblock as SLAPI_DELETE_BEPREOP_ENTRY so that the be preop
plugins can have access to the entry. SLAPI_DELETE_BEPREOP_ENTRY is an
alias for SLAPI_ENTRY_PRE_OP which is used by the front-end delete code.
When processing a replicated delete operation, and the
entry has already been deleted (converted to a tombstone), we needed to
restore the original entry in SLAPI_DELETE_BEPREOP_ENTRY so that the
front-end code can free it as SLAPI_ENTRY_PRE_OP instead of freeing the
actual entry from the cache.
Platforms tested: RHEL5 x86_64
Flag Day: no
Doc impact: no
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The password modify extended operation was modifying the local database
on a read-only replica instead of returning a referral. The server is
designed to let the plugin ID used for updating password retry info make
local updates instead of returning a referral. This plugin ID was being
used by the password extop code, which it should not be doing.
The second issue is that we need to check if a referral needs to be sent
as early as possible when processing the extop request. We don't want
to reject the change if an entry does not exist before checking if a
referral is necessary since the server we refer to may have the target
entry present. This required adding a new helper function that allows
one to see if a write operation to a particular DN would require a
referral to be sent. The password modify extop code leverages this new
function to get the referrals and return them to the client if necessary.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
attribute returns all elements.
https://bugzilla.redhat.com/show_bug.cgi?id=572162
Resolves: bug 572162
Bug Description: the string "|*" within a search filter on a non-indexed attribute returns all elements.
Reviewed by: nhosoi (Thanks!)
Branch: HEAD
Fix Description: PCRE interprets the '|' character as the start of
alternative branch. In the search filter, the other side of the '|' is
empty, which means match everything. The solution is to escape this and
other PCRE special chars before matching.
Platforms tested: RHEL5 x86_64
Flag Day: no
Doc impact: no
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=566043
Resolves: bug 566043
Bug description: startpid file is only cleaned by initscript runs
Fix description: The start-dirsrv script has been modified to remove
the startpid file if the server starts successfully.
Reviewed by: rmeggins (and pushed by)
|
|
|
|
|
|
|
| |
The instance files and ports need to be labelled with the proper
SELinux contexts during an upgrade. This patch exports the routine
used to update the policy during regular setup so we can use it
when upgrading.
|
|
|
|
|
|
|
|
|
|
|
| |
This adds a new managed entries plug-in. This plug-in allows
one to have the Directory Server automatically maintain a set
of entries that are based off of another type of entry (such
as user private group entries based off of user entries).
For more details, see the design document at:
http://directory.fedoraproject.org/wiki/Managed_Entry_Design
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
configuring via ConfigFile
https://bugzilla.redhat.com/show_bug.cgi?id=561575
Resolves: bug 561575
Bug Description: setup-ds-admin fails to supply nsds5ReplicaName when configuring via ConfigFile
Reviewed by: nhosoi (Thanks!)
Branch: HEAD
Fix Description: The main problem was that the mod val was a berval, so we
needed |LDAP_MOD_BVALUES for the mod_op. The other problem is that the
mod and values were being used out of scope. While this seems to work, it's
better to make sure all of the values are in scope.
Platforms tested: RHEL5 x86_64
Flag Day: no
Doc impact: no
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The admin server CGIs need to be able to easily parse the
instance name from the start-slapd script. Recent format
changes have caused the existing parsing to break, so this
patch makes the parsing of the instance name easier.
To deal with the change in start-slapd format for an upgraded
instance, I have changed the setup code to regenerate all of
the instance scripts during an upgrade instead of simply adding
missing scripts. This is needed for any bug fix that modifies
a script template to work for an upgraded instance. I also
added code to write the instance sysconfig script during upgrade
if it doesn't exist already. We don't want to overwrite this
file if it already exists since it's designed for local changes
to be made to it.
|
|
|
|
|
|
|
|
|
| |
One of the dirsrv selinux module interfaces used by the admin
server creates a conflict with the httpd policy. This change
pulls out the conflicting rule from the interface used to extend
the httpd policy. A new interface is available with the rule that
was pulled out for use by the admin server CGIs (which causes no
conflict for httpd).
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=578167
Resolves: bug 578167
Bug Description: repl. of mod/replace deletes multi-valued attrs
Reviewed by: nkinder (Thanks!)
Branch: HEAD
Fix Description: The server implements a mod/replace operation as a
mod/delete if all values, followed by a mod/add of the new values. The
mod/delete phase, since it removes all of the values, essentially deletes
the attribute, so it must set the attribute deletion_csn. This is even
true in the case when you do a mod/replace on an attribute that doesn't yet
exist. We have to create an empty attribute on the deleted_attrs list with
the deletion_csn set to the csn of the operation. This preserves the
semantics of the mod/replace operation.
When doing the add phase of the mod/replace, we have to be able to
resurrect attributes and values that may have been deleted by the mod/delete
phase. We can tell that we need to resurrect a deleted value in
resolve_attribute_state_multi_valued, in the deleted_values loop, because
the deletioncsn will be the same as the update csn, and the
delete_priority flag will be 0.
Platforms tested: RHEL5 x86_64
Flag Day: no
Doc impact: no
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=566320
Resolves: bug 566320
Bug description: RFE: add exception to removal of attributes in cn=config for aci
Fix description: The modify_config_dse() has been modified to
check the ignore_attr_type() for all types of modify operation.
Reviewed by: rmeggins (and pushed by)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=567429
Resolves: bug 567429
Bug Description: slapd didn't close connection and get into CLOSE_WAIT state
Reviewed by: nhosoi (Thanks!)
Branch: HEAD
Fix Description: The JNDI code attached to the bug uses persistent search.
The connection pool code handles persistent searches differently than
regular connections. The connection pool code was acquiring a reference
to a conn, but was not releasing it in the persistent search case, assuming
the persistent search code did not also have a reference, but it does. This
caused connection_table_move_connection_out_of_active_list() to not move
the connection out of the active list, and therefore available for closing,
because there was an outstanding reference. The solution is for the
connection pool code to release its reference.
Platforms tested: RHEL5 x86_64
Flag Day: no
Doc impact: no
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=455489
Resolves: bug 455489
Bug description: Address compiler warnings about strict-aliasing rules
Fix description: The codes that generate strict-aliasing warnings have
been changed.
Reviewed by: rmeggins (and pushed by)
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=576074
Resolves: bug 576074
Bug Description: search filters with parentheses fail
Reviewed by: nhosoi (Thanks!)
Branch: HEAD
Fix Description: PCRE requires '(' and ')' to be escaped to match a literal
parenthesis. Otherwise, it thinks the parenthesis is used for grouping.
Platforms tested: RHEL5 x86_64
Flag Day: no
Doc impact: no
|
|
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=520151
Resolves: bug 520151
Bug description: Error when modifying userPassword with proxy user
Fix description: The acl_access_allowed() has been modified to
call aclplugin_preop_common() which will initialize the aclpb.
The aclplugin_preop_common() has been modified to check for the
ACLPB_INITIALIZED flag to avoid re-initializing aclpb.
Reviewed by: rmeggins (and pushed by)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
conflict
https://bugzilla.redhat.com/show_bug.cgi?id=571677
Resolves: bug 571677
Bug Description: Busy replica on consumers when directly deleting a replication conflict
Reviewed by: nhosoi (Thanks!)
Branch: HEAD
Fix Description: In some cases, urp fixup operations can be called from
the bepreop stage of other operations. The ldbm_back_delete() and
ldbm_back_modify() code lock the target entry in the cache. If a bepreop
then attempts to operate on the same entry and acquire the lock on the
entry, deadlock will occur.
The modrdn code does not acquire the cache lock on the target entries
before calling the bepreops. The modify and delete code does not acquire
the cache lock on the target entries before calling the bepostops.
I tried unlocking the target entry before calling the bepreops, then locking
the entry just after. This causes the problem to disappear, but I do not
know if this will lead to race conditions. The modrdn has been working this
way forever, and there are no known race conditions with that code.
I think the most robust fix for this issue would be to introduce some sort
of semaphore instead of a simple mutex on the cached entry. Then
cache_lock_entry would look something like this:
if entry->sem == 0
entry->sem++ /* acquire entry */
entry->locking_thread = this_thread
else if entry->locking_thread == this_thread
entry->sem++ /* increment count on this entry */
else
wait_for_sem(entry->sem) /* wait until released */
and cache_unlock_entry would look something like this:
entry->sem--;
if entry->sem == 0
entry->locking_thread = 0
Platforms tested: RHEL5 x86_64
Flag Day: no
Doc impact: no
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=480787
Resolves: bug 480787
Bug Description: Autoconf parameter --with and --without
Fix Description: The configure script has been modified
such that the --with-XXX and --without-XXX switches will
work as --with-XXX=yes and --with-XXX=no, respectively.
If the package is required and none of the switches are
specified, it will default to "yes".
The code that detects LDAPSDK and OpenLDAP conflicts has
been updated. The help messages have been cleaned up.
Reviewed by: rmeggins (and pushed by)
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=548533
Description: repl5_inc_delete and repl5_tot_delete to release the
incremental and total update protocol were not implemented. This
fix implemented them. Also, it fixed a leak of connection in
private_protocol_factory.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=515805
Fix Description:
SLAPI_TASK_CANCELLED could be set in task_modify any time by
users' modifying nsTaskCancel value to TRUE. Then the following
slapi_task_status_changed destroys the task, which is called
even via a simple logging call slapi_task_log_status. After the
task is destroyed, any task related calls such as another
slapi_task_log_status or slapi_task_finish crashes the server.
This fix changes the behaviour to destroy the task only when
task_state is SLAPI_TASK_FINISHED. Once SLAPI_TASK_CANCELLED
is set to task_state, changing the state to SLAPI_TASK_FINISHED
by calling slapi_task_finish is the responsibility of the task
application (e.g., import). Until then, it is guranteed that
the task is available.
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=573375
Resolves: bug 573375
Bug Description: MODRDN operation not logged
Fix Description: The slapi_log_access() should be invoked using
LDAP_DEBUG_STATS, LDAP_DEBUG_STATS2, or LDAP_DEBUG_ARGS level.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=573896
Description: When an import is executed using a task mechanism,
slapi_task_log_notice is called for logging, where task_log field
points the memory storing the log messages. If multiple log
messages were logged by multiple worker threads simultaneously,
there was a chance that the address of the log message was switched
by realloc while the other threads were accessing the old address.
This patch introduces task_log_lock per task to protect task_log.
Note: slapi_ch_malloc and its friends never return NULL. They rather
exits. Thus, to avoid the confusion which may look leaking the
lock, I eliminated 2 error returns from slapi_task_log_notice.
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=573060
Description: there were 2 bugs handling ESC HEX HEXT format.
It was ignoring non-ASCII characters. Now, they are covered.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=470684
Resolves: bug 470684
Bug Description: Pam passthrough doesn't verify account activation
Reviewed by: rmeggins
Branch: HEAD
Fix Description: The check_account_lock() has been renamed to
slapi_check_account_lock() and moved into libslapd.so so any plugins
can use it. The account_inactivation_only parameter has been replaced
by check_password_policy. A new parameter send_result has been added
to determine whether to send LDAP results.
The pam_passthru plugin has been modified to use this function to
check account activation when the pamIDMapMethod is set to ENTRY.
The plugin will not check password policy.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=572677
Resolves: bug 572677
Bug Description: Memory leak in searches including GER control
Reviewed by: Andrey Ivanov (Thanks!)
Branch: HEAD
Fix Description: The per-operation acl pblocks are cached. In order to
release the pblock back to the cache free list, the connection must be
provided. The connection comes from the pblock.
Platforms tested: RHEL5 x86_64
Flag Day: no
Doc impact: no
|
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=572649
Fix Description: There was a chance to jump to error_return before
back_txn structure was initialized. In the error handling, the
transaction abort is called against the garbage address. Slapi_DN
also gets freed without an initialization. Now these variables
are initialized first.
|
|
|
|
|
|
|
|
|
|
|
| |
modrdn with non-ASCII new rdn incorrect
https://bugzilla.redhat.com/show_bug.cgi?id=570107
Description: When getting the DN value from the raw ldif file,
it was strictly checking "dn: ", which was incomplete. We
should have checked "dn:: " for the Base64 encoded DN. This
patch is adding the case.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
containing special characters
https://bugzilla.redhat.com/show_bug.cgi?id=199923
Description: regression observed in the tests.
> as of March 04, 2010, this is happening again.
Fix Description:
dn.c: Based upon RFC 4514, the following characters in the RDN
values need to be escaped:
'+', ';', '<', '>', and '=' for the intermediate characters
'+', ';', '<', '>', '=', '#' and ' ' for leading characters
'+', ';', '<', '>', '=', and ' ' for trailing characters
validate.c: If an escaped character followed by another escaped
character, e.g., \#\<, the pointer was moved twice skipping '\'
before '<' and it makes the validation fail.
ldbm_add.c: a local variable addr was not initialized.
|
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=570542
Resolves: bug 570542
Bug Description: Root password cannot contain matching curly braces
Branch: HEAD
Fix Description: The scripts have been modified to check for matching
curly braces only at the beginning of the password. Matching curly
braces anywhere else would be accepted as a valid password.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=538525
Resolves: bug 538525
Bug Description: Ability to create instance as non-root user
Branch: HEAD
Fix Description: By default for root user the init config file
will be stored in /etc/sysconfig and for non-root user it will
be stored in $HOME/.dirsrv folder.
A new parameter [slapd] initconfig_dir is added to the .inf file
to specify a non-default folder for the init config folder. This
folder must exist prior to running the DS tools. The folder can
also be specified via setup-ds.pl command-line parameter
slapd.initconfig_dir.
A new parameter -d is added to the start-dirsrv, restart-dirsrv,
and stop-dirsrv to specify the non-default init config folder.
A new parameter --initconfig_dir is added to remove-ds.pl to
specify the non-default init config folder.
The templates for start-slapd, restart-slapd, stop-slapd scripts
have been modified to specify the init config folder.
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=559315
Resolves: bug 559315
Bug Description: Searching some attributes are now case sensitive when they were previously case-insensitive
Reviewed by: nhosoi (Thanks!)
Fix Description:
1) The 60qmail.ldif schema we ship used integerMatch and IA5 syntax
because we used not to support numericString syntax and matching rules -
these have been changed to use the standard qmail definitions
2) Allow IA5String syntax to use caseExactSubstringsMatch - this is required
by krbPrincipalName
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=570905
Resolves: bug 570905
Bug Description: postalAddress syntax should allow empty lines (should allow $$)
Reviewed by: nhosoi (Thanks!)
Branch: HEAD
Fix Description: Even though RFC 4517 says a postal address syntax value
should not contain empty lines (e.g. $$), most, if not all, current
applications expect to be able to store $$. This adds an internal switch
to allow support for $$ for now.
Platforms tested: RHEL5 x86_64
Flag Day: no
Doc impact: no
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=571514
Resolves: bug 571514
Bug Description: upgrade to 1.2.6 should upgrade 05rfc4523.ldif (cert schema)
Reviewed by: nhosoi (Thanks!)
Branch: HEAD
Fix Description: Added 05rfc4523.ldif to the list of schema to upgrade.
Platforms tested: RHEL5 x86_64
Flag Day: no
Doc impact: no
|
|
|
|
|
|
| |
This patch cleans up various build warnings found by compiling the code
with -Wall on RHEL5.
Reviewed by: nhosoi (Thanks!)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
sasl/external
https://bugzilla.redhat.com/show_bug.cgi?id=554573
Resolves: bug 554573
Bug Description: ACIs use bind DN from bind req rather than cert mapped DN from sasl/external
Reviewed by: ???
Branch: HEAD
Fix Description: Added a new config option - nsslapd-force-sasl-external (on/off)
default is off - when set to on, a SIMPLE bind on a connection that has set
a DN from a cert will be changed to be a SASL/EXTERNAL bind.
Platforms tested: RHEL5 x86_64
Flag Day: no
Doc impact: yes - new attribute to document
Note: This commit is for reapplying the patch I accidentally reverted
by the previous revert (031e725dce895bf2382ca7801cef772fe6b24c61).
(see commit f4b90ed5e43fa06ea6185cf17073b7a32db6ef4c, as well)
commit 031e725dce895bf2382ca7801cef772fe6b24c61
Author: Noriko Hosoi <nhosoi@redhat.com>
Date: Fri Mar 5 16:09:28 2010 -0800
Revert "Merge branch '547503'"
This reverts commit f2a04fdc45cc8a408267019990504354282c4303, reversing
changes made to 0b95451c7e50cb6b2d0cb310dddca18336e1b2ac.
|
|
|
|
|
| |
This reverts commit f2a04fdc45cc8a408267019990504354282c4303, reversing
changes made to 0b95451c7e50cb6b2d0cb310dddca18336e1b2ac.
|
|\ |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
deadlock and data loss
https://bugzilla.redhat.com/show_bug.cgi?id=570667
Description: In the MMR topology, if a master receives a total
update request to initialize the other master and being initialized
by the other master at the same time, the 2 replication threads hang
and the replicated backend instance could be wiped out.
To prevent the server running the total update supplier and the
consumer at the same time, REPLICA_TOTAL_EXCL_SEND and _RECV bits
have been introduced. If the server is sending the total update
to other replicas, the server rejects the total update request
on the backend. But the server can send multiple total updates
to other replicas at the same time. If the total update from
other master is in progress on the server, the server rejects
another total update from yet another master as well as a request
to initialize other replicas.
|
|/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
sasl/external
https://bugzilla.redhat.com/show_bug.cgi?id=554573
Resolves: bug 554573
Bug Description: ACIs use bind DN from bind req rather than cert mapped DN from sasl/external
Reviewed by: nhosoi (Thanks!)
Branch: HEAD
Fix Description: Added a new config option - nsslapd-force-sasl-external (on/off)
default is off - when set to on, a SIMPLE bind on a connection that has set
a DN from a cert will be changed to be a SASL/EXTERNAL bind.
Platforms tested: RHEL5 x86_64
Flag Day: no
Doc impact: yes - new attribute to document
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=551198
Resolves: bug 551198
Bug Description: LDAPI: incorrect logging to access log - part 2
Reviewed by: andrey.ivanov@polytechnique.fr (Thanks!)
Branch: HEAD
Fix Description: Initialize the from PRNetAddr to nulls. That way, if
PR_Accept doesn't fill in the local fields, we can see that they are
empty and set the printed from field to "local".
Platforms tested: RHEL5 x86_64
Flag Day: no
Doc impact: no
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Reviewed by: nhosoi (Thanks!)
var/tmp/run_gssapi.vg.25032:Memory leak: 99 bytes duplicates: 5
> malloc() at vg_replace_malloc.c:207
> strdup() at /lib/libc-2.10.2.so
> slapi_ch_strdup() at ch_malloc.c:277
> ids_sasl_check_bind() at saslbind.c:924
> do_bind() at bind.c:382
> connection_threadmain() at connection.c:554
> --unknown-- at /lib/libnspr4.so
> start_thread() at /lib/libpthread-2.10.2.so
> clone() at /lib/libc-2.10.2.so
The problem is that ids_sasl_check_bind can reset SLAPI_BIND_TARGET to
a malloc'd value. The do_bind() code should check for this condition
and free it.
var/tmp/entryusn.vg.5997:Memory leak: 8 bytes duplicates: 8
> calloc() at vg_replace_malloc.c:397
> slapi_ch_calloc() at ch_malloc.c:243
> slapi_counter_new() at slapi_counter.c:95
> ldbm_usn_init() at ldbm_usn.c:86
> ldbm_back_start() at start.c:223
> plugin_call_func() at plugin.c:1417
> plugin_dependency_startall.clone.0() at plugin.c:1385
> main() at main.c:1138
The backend cleanup code should free be_usn_counter.
var/tmp/ipv6.vg.15561:Memory leak: 13 bytes duplicates: 3
> malloc() at vg_replace_malloc.c:207
> strdup() at /lib/libc-2.10.2.so
> slapi_ch_strdup() at ch_malloc.c:277
> config_get_listenhost() at libglobs.c:3674
> main() at main.c:874
var/tmp/ipv6.vg.15561:Memory leak: 13 bytes duplicates: 3
> malloc() at vg_replace_malloc.c:207
> strdup() at /lib/libc-2.10.2.so
> slapi_ch_strdup() at ch_malloc.c:277
> config_get_securelistenhost() at libglobs.c:3686
> main() at main.c:881
config_get_listenhost() and config_get_securelistenhost() return malloc'd
memory which must be freed.
var/tmp/dna_scen1.vg.4901:Memory leak: 248 bytes duplicates: 1
> malloc() at vg_replace_malloc.c:207
> nslberi_malloc() at io.c:1677
> ber_flatten() at io.c:1604
> create_NSDS50ReplicationExtopPayload() at repl_extop.c:218
> NSDS50EndReplicationRequest_new() at repl_extop.c:265
> release_replica() at repl5_protocol_util.c:469
> repl5_inc_run() at repl5_inc_protocol.c:1187
> prot_thread_main() at repl5_protocol.c:341
> --unknown-- at /lib/libnspr4.so
> start_thread() at /lib/libpthread-2.10.2.so
> clone() at /lib/libc-2.10.2.so
The payload was not being freed under all function exit conditions. So, just free it immediately after use.
var/tmp/dnarun.vg.2491:Memory leak: 27 bytes duplicates: 0
> malloc() at vg_replace_malloc.c:207
> slapi_ch_malloc() at ch_malloc.c:155
> slapi_entry_attr_get_charptr() at entry.c:2432
> dna_parse_config_entry() at dna.c:816
> dna_pre_op() at dna.c:2587
> plugin_call_func() at plugin.c:1417
> plugin_call_plugins() at plugin.c:1379
> op_shared_add() at add.c:606
> do_add() at add.c:232
> connection_threadmain() at connection.c:564
> --unknown-- at /lib/libnspr4.so
> start_thread() at /lib/libpthread-2.10.2.so
> clone() at /lib/libc-2.10.2.so
The value was not being freed under all conditions.
==9877== 1,890 (252 direct, 1,638 indirect) bytes in 3 blocks are definitely lost in loss record 1,628 of 1,725
==9877== at 0x47E0E5C: calloc (vg_replace_malloc.c:397)
==9877== by 0x4819D89: slapi_ch_calloc (ch_malloc.c:243)
==9877== by 0x48284A6: slapi_entry_alloc (entry.c:1686)
==9877== by 0x4829BA5: str2entry_dupcheck (entry.c:631)
==9877== by 0x482BB5D: slapi_str2entry_ext (entry.c:1194)
==9877== by 0xB2A8E9D: import_producer (import-threads.c:541)
==9877== by 0x72E1990: (within /lib/libnspr4.so)
==9877== by 0x731E8F4: start_thread (in /lib/libpthread-2.10.2.so)
==9877== by 0x75B2FCD: clone (in /lib/libc-2.10.2.so)
Make sure the entry or backentry are freed.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=539618
Back off this commit:
commit 4205086e4f237a52eb9113cd95f9cf87b39e9ed4
Date: Mon Feb 22 08:49:49 2010 -0800
since this change could cause the deadlock between the thread
eventually calling prot_free, which acquired the agreement lock,
and other threads waiting for the agreement lock, which prevents
the protocol stop.
Instead of waiting for prot_thread_main done in prot_free, let
prot_thread_main check the existence of the protocol field in
the agreement. If it's not available, prot_thread_main quits.
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=545620
Previously getopt would interpret initial '-' in root password
as an option which could lead to setup failure. Now a special
argument '--' has been added before the password to distinguish
it from other options.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=551198
Resolves: bug 551198
Bug Description: LDAPI: incorrect logging to access log
Reviewed by: nkinder (Thanks!)
Branch: HEAD
Fix Description: The connection logging code was not ldapi/unix socket
aware. Now we check for the socket type, and check to see if there is
a proper path name in the path field. The "server" side of the socket
seems not to get the path name set correctly - not sure why, but it doesn't
really matter, since the client side path name does seem to be set
correctly. The access log will contain the server side path and the client
side path, so something like "from local to /var/run/slapd-foo.socket"
Platforms tested: RHEL5 x86_64, Fedora 11 x86_64
Flag Day: no
Doc impact: no
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=555970
Description: view read lock was missing in a view api called from
COS.
|