| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=622903
Comment:
Pointer "replica" returned by "object_get_data(prp->replica_object)"
(line 826) is never used. In "case STATE_READY_TO_ACQUIRE", Replica
object "replica" is not needed.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=610281
11813 DEADCODE Triaged Unassigned Bug Minor Fix Required
send_dirsync_search() ds/ldap/servers/plugins/replication/windows_connection.c
Comment:
op_string points to a static string:
731 op_string = "search";
We don't need to check op_string in slapi_log_error.
|
| |
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=610281
11812 DEADCODE Triaged Unassigned Bug Moderate Fix Required
repl_objset_destroy() ds/ldap/servers/plugins/replication/repl_objset.c
Comment:
Fixed a typo. The line 182 is supposed to be:
182 if ((co = llistGetFirst((*o)->objects, &cookie)) != NULL)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=610281
11811 DEADCODE Triaged Unassigned Bug Minor Fix Required
decode_total_update_extop() ds/ldap/servers/plugins/replication/repl5_total.c
Comment:
dn_csn is declared and initialized, but not really used.
We are removing these lines:
710 CSN *dn_csn = NULL;
816 if (NULL != dn_csn)
817 {
Execution cannot reach this statement "csn_free(&dn_csn);".
818 csn_free(&dn_csn);
819 }
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=610281
11809 DEADCODE Triaged Unassigned Bug Minor Ignore
_replica_reap_tombstones() ds/ldap/servers/plugins/replication/repl5_replica.c
Comment:
If replica_name is NULL, _replica_reap_tombstones has returned
at the line 2460. Thus there is no need to check "replica_name"
is NULL or not at line 2555.
11810 DEADCODE Triaged Unassigned Bug Moderate Fix Required
replica_check_for_data_reload() ds/ldap/servers/plugins/replication/repl5_replica.c
Comment:
At the line 1478, !cl_cover_be is always true. Therefore,
there is no possibility that "<" is chosen in slapi_log_error.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=610281
11808 DEADCODE Triaged Unassigned Bug Minor Fix Required
replication_multimaster_plugin_init() ds/ldap/servers/plugins/replication/repl5_init.c
Comment:
There used to be an initializing replica hash code between the
line 573 and 575:
572 /* initialize replica hash - has to be done before mapping tree is
573 initialized so we can't do it in the start function */
575 if (rc != 0)
576 {
Execution cannot reach this statement "slapi_log_error(0, repl_plu...".
577 slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name,
578 "replication_multimaster_plugin_init: failed to initialize replica hash\n");
579 return -1;
580 }
The initializing replica hash code was moved out but the comment
and the result checking code were left. Removing them.
Also, setting non 0 value to a static int variable
multimaster_initialised if the plugin registration was successful.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=610281
11806 DEADCODE Triaged Unassigned Bug Moderate Fix Required
agmt_set_last_init_status() ds/ldap/servers/plugins/replication/repl5_agmt.c
Comment:
macro NSDS50_REPL_REPLICA_READY is 0
repl5.h:#define NSDS50_REPL_REPLICA_READY 0x00 /* Replica ready, go ahead */
Because of this if expression:
1991 else if (replrc != 0)
"Replica acquired successfully" never be set to last_init_status.
Removed (replrc == NSDS50_REPL_REPLICA_READY) checking from the
else if (replrc != 0) clause and added "Replica acquired successfully"
to the string to print message since replrc == NSDS50_REPL_REPLICA_READY
there.
11807 DEADCODE Triaged Unassigned Bug Moderate Fix Required
agmt_set_last_update_status() ds/ldap/servers/plugins/replication/repl5_agmt.c
Comment:
macro NSDS50_REPL_REPLICA_READY is 0
repl5.h:#define NSDS50_REPL_REPLICA_READY 0x00 /* Replica ready, go ahead */
Because of this if expression:
1991 else if (replrc != 0)
"Replica acquired successfully" never be set to last_update_status.
Removed (replrc == NSDS50_REPL_REPLICA_READY) checking from the
else if (replrc != 0) clause and added "Replica acquired successfully"
to the string to print message since replrc == NSDS50_REPL_REPLICA_READY
there.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=610281
11805 DEADCODE Triaged Unassigned Bug Minor Ignore
clcache_load_buffer_bulk() ds/ldap/servers/plugins/replication/cl5_clcache.c
Comment:
Experimented the transaction control, but it was not adopted.
383 /* txn control seems not improving anything so turn it off */
Comment out these lines.
418 if ( txn ) {
Execution cannot reach this statement "(*txn->commit)(txn, 256U);".
419 txn->commit ( txn, DB_TXN_NOSYNC );
420 }
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=610281
11803 DEADCODE Triaged Unassigned Bug Minor Fix Required
_cl5GetFirstEntry() ds/ldap/servers/plugins/replication/cl5_api.c
11804 DEADCODE Triaged Unassigned Bug Minor Fix Required
_cl5GetNextEntry() ds/ldap/servers/plugins/replication/cl5_api.c
Comment:
Eliminated unnecessary codes.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When a change was made to a DN mapped attribute in DS (such as
uniqueMember in a group entry), we may end up searching for the
entries that those values point to in AD when winsync is being
used. We were overwriting the "raw entry" pointer every time we
searched for an entry in AD. The raw entry is intended to point
to the entry that the original modification was made to, not the
entry that a DN mapped attribute value points to.
The fix is to add a flag that will force the raw entry to be kept
when we search for an entry in AD. We set this flag when we search
for entries that are pointed to be DN mapped attribute values and
reset it when we are finished. This results in the raw entry being
the actual entry that is the target of the operation we are syncing.
|
| |
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=609255
12225 UNINIT Triaged Unassigned Bug Minor Fix Required
windows_private_update_dirsync_control() ds/ldap/servers/plugins/replication/windows_private.c
Comment:
If DIRSYNC control is not found, uninitialized serverCookie is passed
to ber_bvfree. We should init serverCookie to NULL.
|
| |
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=609255
12224 UNINIT Triaged Unassigned Bug Minor Fix Required
windows_private_update_dirsync_control() ds/ldap/servers/plugins/replication/windows_private.c
Comment:
If DIRSYNC control is not found, uninitialized ber is passed to
ber_free. We should init ber to NULL.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=609255
12223 UNINIT Triaged Unassigned Bug Minor Fix Required
my_ber_scanf_attr() ds/ldap/servers/plugins/replication/repl5_total.c
Comment:
In case an error occurs between the line 594 and the line 648,
uninitialized value is passed to slapi_value_free. Need to init
value to NULL
|
| |
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=609255
12222 UNINIT Triaged Unassigned Bug Minor Fix Required
replica_get_purl_for_op() ds/ldap/servers/plugins/replication/repl5_plugins.c
Comment:
In case of an error "cannot obtain consumer connection extension or supplier_ruv", uninitialized purl is returned to the caller. Init purl to NULL
|
| |
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=609255
12221 UNINIT Triaged Unassigned Bug Minor Fix Required
create_NSDS50ReplicationExtopPayload() ds/ldap/servers/plugins/replication/repl_extop.c
Comment:
unlikely to cause a problem, but we should init repl_obj to NULL
|
| |
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=609255
12220 UNINIT Triaged Unassigned Bug Minor Fix Required
create_NSDS50ReplicationExtopPayload() ds/ldap/servers/plugins/replication/repl_extop.c
Comment:
unlikely to cause a problem, but we should init sdn to NULL
|
| |
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=609255
12216 UNINIT Triaged Unassigned Bug Minor Fix Required
private_protocol_factory() ds/ldap/servers/plugins/replication/repl5_protocol.c
Comment:
should be impossible for type to be anything but one of the
valid values, but it wouldn't hurt to init prp to NULL anyway
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=609255
12215 UNINIT Triaged Unassigned Bug Minor Fix Required
_cl5LDIF2Operation() ds/ldap/servers/plugins/replication/cl5_api.c
Comment:
should init rawDN to NULL and check if it is NULL before using it.
If rawDN is NULL, it returns error CL5_BAD_FORMAT.
Comment on the particular rawDN at the line 5218:
* When it comes here, case T_DNSTR is already
* passed and rawDN is supposed to set.
* But it's a good idea to make sure it is
* not NULL.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=611850
Resolves: bug 611850
Bug Description: fix coverity Defect Type: Error handling issues
Reviewed by: nhosoi (Thanks!)
Branch: HEAD
Fix Description: Check the error return from the functions. In some cases,
I was able to figure out that the calling function should perform additional
error handling (return early, goto error label), but in general the code
just logs an appropriate error message and continues. I was able to get
rid of some more libacl code. I removed an unused variable from modify.c
Platforms tested: RHEL5 x86_64
Flag Day: no
Doc impact: no
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=610177
Resolves: bug 610177
Bug Description: fix coverity Defect Type: Uninitialized variables issues
Reviewed by: nhosoi (Thanks!)
Branch: HEAD
Fix Description: Initialize variables to 0, NULL, or an appropriate error
code. Got rid of the unused lexer code.
Platforms tested: RHEL5 x86_64
Flag Day: no
Doc impact: no
|
| |
|
|
|
|
|
|
|
| |
The new repl sesssion API will crash when adding a replication agreement.
It should check to see if there is a repl session api before attempting
to get the init function.
Reviewed by: nhosoi
Branch: HEAD
Platforms tested: RHEL5 x86_64
|
| |
|
|
|
| |
The previous patch had a mangled function name in
the function prototype. This corrects the name.
|
| |
|
|
|
|
|
|
| |
This adds the ability to write a plug-in to register callbacks for
controlling when replication is allowed to occur. For details,
please see the design document at:
http://directory.fedoraproject.org/wiki/Replication_Session_Hooks
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fix Description:
. adding slapi_dn_normalize_ext and its siblings to normalize/validate
invalid DNs; deprecating slapi_dn_normalize and its siblings. (dn.c)
. replacing slapi_dn_normalize with new corresponding functions.
. normalizing hardcoded DNs (e.g., removing spaces around ',')
. setting correct DN syntax to nsslapd-suffix, nsslapd-ldapiautodnsuffix,
costemplatedn, nsslapd-changelogsuffix, nsBaseDN, nsBindDN
. if nsslapd-dn-validate-strict is enabled, incoming DN is examined and
rejected if it is invalid. Once approved, the DN is normalized.
. fixing compiler warnings and typos.
See also:
http://directory.fedoraproject.org/wiki/Upgrade_to_New_DN_Format
Related bugs:
Bug 199923 - subtree search fails to find items under a db containing special
characters
Bug 567968 - subtree/user level password policy created using 389-ds-console
doesn't work.
Bug 570107 - The import of LDIFs with base-64 encoded DNs fails, modrdn with
non-ASCII new rdn incorrect
Bug 570962 - ns-inactivate.pl does not work
Bug 572785 - DN syntax: old style of DN <type>="<DN>",<the_rest> is not
correctly normalized
Bug 573060 - DN normalizer: ESC HEX HEX is not normalized
Bug 574167 - An escaped space at the end of the RDN value is not handled
correctly
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
configuring via ConfigFile
https://bugzilla.redhat.com/show_bug.cgi?id=561575
Resolves: bug 561575
Bug Description: setup-ds-admin fails to supply nsds5ReplicaName when configuring via ConfigFile
Reviewed by: nhosoi (Thanks!)
Branch: HEAD
Fix Description: The main problem was that the mod val was a berval, so we
needed |LDAP_MOD_BVALUES for the mod_op. The other problem is that the
mod and values were being used out of scope. While this seems to work, it's
better to make sure all of the values are in scope.
Platforms tested: RHEL5 x86_64
Flag Day: no
Doc impact: no
|
| |
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=455489
Resolves: bug 455489
Bug description: Address compiler warnings about strict-aliasing rules
Fix description: The codes that generate strict-aliasing warnings have
been changed.
Reviewed by: rmeggins (and pushed by)
|
| |
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=548533
Description: repl5_inc_delete and repl5_tot_delete to release the
incremental and total update protocol were not implemented. This
fix implemented them. Also, it fixed a leak of connection in
private_protocol_factory.
|
| |
|
|
|
|
| |
This patch cleans up various build warnings found by compiling the code
with -Wall on RHEL5.
Reviewed by: nhosoi (Thanks!)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
deadlock and data loss
https://bugzilla.redhat.com/show_bug.cgi?id=570667
Description: In the MMR topology, if a master receives a total
update request to initialize the other master and being initialized
by the other master at the same time, the 2 replication threads hang
and the replicated backend instance could be wiped out.
To prevent the server running the total update supplier and the
consumer at the same time, REPLICA_TOTAL_EXCL_SEND and _RECV bits
have been introduced. If the server is sending the total update
to other replicas, the server rejects the total update request
on the backend. But the server can send multiple total updates
to other replicas at the same time. If the total update from
other master is in progress on the server, the server rejects
another total update from yet another master as well as a request
to initialize other replicas.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Reviewed by: nhosoi (Thanks!)
var/tmp/run_gssapi.vg.25032:Memory leak: 99 bytes duplicates: 5
> malloc() at vg_replace_malloc.c:207
> strdup() at /lib/libc-2.10.2.so
> slapi_ch_strdup() at ch_malloc.c:277
> ids_sasl_check_bind() at saslbind.c:924
> do_bind() at bind.c:382
> connection_threadmain() at connection.c:554
> --unknown-- at /lib/libnspr4.so
> start_thread() at /lib/libpthread-2.10.2.so
> clone() at /lib/libc-2.10.2.so
The problem is that ids_sasl_check_bind can reset SLAPI_BIND_TARGET to
a malloc'd value. The do_bind() code should check for this condition
and free it.
var/tmp/entryusn.vg.5997:Memory leak: 8 bytes duplicates: 8
> calloc() at vg_replace_malloc.c:397
> slapi_ch_calloc() at ch_malloc.c:243
> slapi_counter_new() at slapi_counter.c:95
> ldbm_usn_init() at ldbm_usn.c:86
> ldbm_back_start() at start.c:223
> plugin_call_func() at plugin.c:1417
> plugin_dependency_startall.clone.0() at plugin.c:1385
> main() at main.c:1138
The backend cleanup code should free be_usn_counter.
var/tmp/ipv6.vg.15561:Memory leak: 13 bytes duplicates: 3
> malloc() at vg_replace_malloc.c:207
> strdup() at /lib/libc-2.10.2.so
> slapi_ch_strdup() at ch_malloc.c:277
> config_get_listenhost() at libglobs.c:3674
> main() at main.c:874
var/tmp/ipv6.vg.15561:Memory leak: 13 bytes duplicates: 3
> malloc() at vg_replace_malloc.c:207
> strdup() at /lib/libc-2.10.2.so
> slapi_ch_strdup() at ch_malloc.c:277
> config_get_securelistenhost() at libglobs.c:3686
> main() at main.c:881
config_get_listenhost() and config_get_securelistenhost() return malloc'd
memory which must be freed.
var/tmp/dna_scen1.vg.4901:Memory leak: 248 bytes duplicates: 1
> malloc() at vg_replace_malloc.c:207
> nslberi_malloc() at io.c:1677
> ber_flatten() at io.c:1604
> create_NSDS50ReplicationExtopPayload() at repl_extop.c:218
> NSDS50EndReplicationRequest_new() at repl_extop.c:265
> release_replica() at repl5_protocol_util.c:469
> repl5_inc_run() at repl5_inc_protocol.c:1187
> prot_thread_main() at repl5_protocol.c:341
> --unknown-- at /lib/libnspr4.so
> start_thread() at /lib/libpthread-2.10.2.so
> clone() at /lib/libc-2.10.2.so
The payload was not being freed under all function exit conditions. So, just free it immediately after use.
var/tmp/dnarun.vg.2491:Memory leak: 27 bytes duplicates: 0
> malloc() at vg_replace_malloc.c:207
> slapi_ch_malloc() at ch_malloc.c:155
> slapi_entry_attr_get_charptr() at entry.c:2432
> dna_parse_config_entry() at dna.c:816
> dna_pre_op() at dna.c:2587
> plugin_call_func() at plugin.c:1417
> plugin_call_plugins() at plugin.c:1379
> op_shared_add() at add.c:606
> do_add() at add.c:232
> connection_threadmain() at connection.c:564
> --unknown-- at /lib/libnspr4.so
> start_thread() at /lib/libpthread-2.10.2.so
> clone() at /lib/libc-2.10.2.so
The value was not being freed under all conditions.
==9877== 1,890 (252 direct, 1,638 indirect) bytes in 3 blocks are definitely lost in loss record 1,628 of 1,725
==9877== at 0x47E0E5C: calloc (vg_replace_malloc.c:397)
==9877== by 0x4819D89: slapi_ch_calloc (ch_malloc.c:243)
==9877== by 0x48284A6: slapi_entry_alloc (entry.c:1686)
==9877== by 0x4829BA5: str2entry_dupcheck (entry.c:631)
==9877== by 0x482BB5D: slapi_str2entry_ext (entry.c:1194)
==9877== by 0xB2A8E9D: import_producer (import-threads.c:541)
==9877== by 0x72E1990: (within /lib/libnspr4.so)
==9877== by 0x731E8F4: start_thread (in /lib/libpthread-2.10.2.so)
==9877== by 0x75B2FCD: clone (in /lib/libc-2.10.2.so)
Make sure the entry or backentry are freed.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=539618
Back off this commit:
commit 4205086e4f237a52eb9113cd95f9cf87b39e9ed4
Date: Mon Feb 22 08:49:49 2010 -0800
since this change could cause the deadlock between the thread
eventually calling prot_free, which acquired the agreement lock,
and other threads waiting for the agreement lock, which prevents
the protocol stop.
Instead of waiting for prot_thread_main done in prot_free, let
prot_thread_main check the existence of the protocol field in
the agreement. If it's not available, prot_thread_main quits.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=539618
Descriptions: When a protocol is freed by prot_free, prot_close
is supposed to have been called to stop the main thread
prot_thread_main. But, there was no mechanism for the freeing
thread whether the prot_thread_main has already quitted or not,
it could have released the Repl_Protocol even though it was
still being in use. This fix is adding a checking method.
The same test revealed ldbm_back_modrdn had a chance to access
a field of NULL entry structure.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=527848
Change Description:
1. Replication Changelog
1-1. In the clean recover mode, transaction logs should not be removed.
1-2. When nsslapd-db-circular-logging is on (by default, it's on),
call log_archive function with DB_ARCH_REMOVE, which removes
log files that are no longer needed.
1-3. Call transaction checkpoint just before shutting down the server.
1-4. "From string" in the upbrade message had a flaw.
2. Backend dblayer
2-1. In checkpoint_threadmain, call log_archive with DB_ARCH_ABS,
which returns the absolute path of the transaction log files.
It eliminates the code which generates the absolute paths.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There are a number of attributes that AD defines as single-valued
that are multi-valued in the LDAP RFCs. We already had a few
special cases in the winsync code where we only send one attribute
to AD to allow the change to be accepted. We then simply check if
the value in AD is present in DS when comparing entries for further
changes.
This fix cleans up that old implementation a bit by adding a static
list of these single-valued attributes and a helper function to
check if a particular type is in that list. I also had to extend
the attr_compare_present() function to allow a length to be passed
in for limiting the comparison to a portion of the values. This is
needed for the initials attribute, which is single-valued and length
constrained in AD.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=558518
Resolves: bug 558518
Bug Description: several spelling errors
Reviewed by: ???
Branch: HEAD
Fix Description: Fix several spelling errors in error messages and man pages.
Platforms tested: RHEL5 x86_64
Flag Day: no
Doc impact: no
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch includes
- replacing the entrydn index with the entryrdn index
- replacing a full DN in each entry in the DB with an RDN
- extending Slapi_Entry, entry2str, and str2entry to absorb the changes
made on the entry
- adding DN/RDN helper functions
- adding DN cache
- adding a utility and a migration script to convert the DN format database
to the RDN format
- extending a database dump utility dbscan to support the entryrdn
- slapi_dn_syntax_check by nkinder@redhat.com is added to check the dn before
modify operations
- big fix for 171338 - Enhancement: winsync modrdn not synced
In addition to the above, compile warnings and memory leaks found in testing
the new feature are fixed.
For more details, see the feature design document at:
http://directory.fedoraproject.org/wiki/Subtree_Rename
and bugzilla at:
https://bugzilla.redhat.com/show_bug.cgi?id=171338
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When using winsync, setting a mapped DN attribute (such as seeAlso) to
a DN outside the scope of the sync agreement causes an empty modify
operation to be sent to AD. This causes AD to respond with LDAP error
89, which triggers the update to abort.
The problem is that windows_update_remote_entry() uses a flag to
determine if it has a modify to send to AD. This flag is set by
windows_generate_update_mods(), but the mods are empty since it is
detecting that the DN used in seeAlso is not in the scope of the sync
agreement.
The fix is to only set the modify flag if we actually have mods to send.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=537956
Resolves: bug 537956
Bug Description: Password replication from 389DS to AD2008(64bit) fails, all other replication continues
Reviewed by: nhosoi (Thanks!)
Branch: HEAD
Fix Description: Broken during adding support for openldap API. I added the
function slapi_ldap_bind which returns the result code. The old function
being used by the winsync code expected the function to return the msgid, which
is now returned as one of the function arguments instead.
Platforms tested: RHEL5 x86_64
Flag Day: no
Doc impact: no
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
version 1.2.5.a1
Instead of changing configure.ac AC_INIT for each version change, there
is a new file - VERSION.sh. This file also contains support for creating
version numbers for pre-releases, and pre-release strings containing git
commit hashes.
One of the complications is that AC_INIT does not allow you to override the version and package tarname fields. We can override them after the fact everywhere
except in config.h. AC_INIT defines the following which we would like to override but cannot: PACKAGE_VERSION PACKAGE_TARNAME PACKAGE_STRING PACKAGE_BUGREPORT
Instead, we define DS_ versions of these e.g. DS_PACKAGE_VERSION etc. and make
these available with AC_DEFINE(DS_PACKAGE_VERSION,...) etc.
As an extra added precaution, we undefine these in Makefile.am like this:
DS_DEFINES = ... \
-UPACKAGE_VERSION -UPACKAGE_TARNAME -UPACKAGE_STRING -UPACKAGE_BUGREPORT
If someone tries to use PACKAGE_VERSION in C code, they will not be able to,
and will have to use DS_PACKAGE_VERSION instead. All of the DS code that used
PACKAGE_VERSION has been changed to use DS_PACKAGE_VERSION instead.
There is a new make target - git-archive - as a convenience for creating source
tarballs from git. By default, the source archive will be placed in the build
directory - you can specify SRCDISTDIR=/path/to/SOURCES to use an alternate
dir (e.g. make SRCDISTDIR=/path/to/rpmbuild/SOURCES git-archive to make a
source tarball for rpmbuild)
configure will print the branded package name and version
Reviewed by: nkinder (Thanks!)
|
| |
|
|
|
|
|
|
|
|
|
| |
If some sort of error occurs during the sending updates to AD phase
of an incremental winsync update, we still attempt to send the dirsync
control to AD. This can cause spurious error messages to be logged to
the errors log stating that we can't send the control since we are not
connected to AD anymore.
This patch simply skips sending the dirsync control if we encountered
an error sending updates to AD.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The AD tombstone mapping code is not behaving correctly if a
cn contains a comma (such as a "last, first" type value). The
code is supposed to locate the first ":" in the tombstone DN,
then scan for the first "," after that. Everything between is
the GUID. The problem is that the code is starting at the
beginning of the string when searching for the "," instead of
starting at the ":" that was previously found. This causes the
"," in the cn to be found instead, which makes us fail to find
the GUID.
The fix is to simply start searching for the "," from the ":"
in the tombstone DN.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This cleans up the following warnings:
ds.git/ldap/servers/slapd/back-ldbm/ldbm_usn.c:102: warning: unused variable 'li'
ds.git/ldap/servers/plugins/replication/repl5_agmt.c:1184: warning: too many arguments for format
ds.git/ldap/servers/plugins/syntaxes/dn.c:143: warning: unused variable 'val_copy'
ds.git/ldap/servers/plugins/syntaxes/deliverymethod.c:264: warning: unused variable 'p'
ds.git/ldap/servers/plugins/syntaxes/facsimile.c:269: warning: unused variable 'p'
ds.git/ldap/servers/plugins/usn/usn.c:107: warning: value computed is not used
ds.git/ldap/servers/plugins/usn/usn.c:263: warning: control reaches end of non-void function
ds.git/ldap/servers/plugins/usn/usn.c:525: warning: control reaches end of non-void function
The only one I'm not sure about is changing usn_get_attr to always return a 0 - please review that usage.
With these fixes, I only see the llu and lld format warnings on RHEL5 with the default rpmbuild compiler flags.
Reviewed by: nhosoi (Thanks!)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Design doc:
http://directory.fedoraproject.org/wiki/Entry_USN#Plugin_Default_Config_Entr
New slapi APIs in libslapd:
int slapi_set_plugin_default_config(const char *type, Slapi_Value *value);
Description: Add given "type: value" to the plugin default config entry
(cn=plugin default config,cn=config) unless the same "type:
value" pair already exists in the entry.
Parameters: type - Attribute type to add to the default config entry
value - Attribute value to add to the default config entry
Return Value: 0 if the operation was successful
non-0 if the operation was not successful
int slapi_get_plugin_default_config(char *type, Slapi_ValueSet **valueset);
Description: Get attribute values of given type from the plugin default
config entry (cn=plugin default config,cn=config).
Parameters: type - Attribute type to get from the default config entry
valueset - Valueset holding the attribute values
Return Value: 0 if the operation was successful
non-0 if the operation was not successful
warning: Caller is responsible to free attrs by slapi_ch_array_free
Changes in the Replication plugin:
1) Functions to set replicated attributes
agmt_set_replicated_attributes_from_attr and
agmt_set_replicated_attributes_from_entry
call _agmt_set_default_fractional_attrs to sets the default excluded
attribute list from the plugin default config entry before setting
them from each replication agreement.
To support it, agmt_parse_excluded_attrs_config_attr is changed to be
re-entrant.
2) Fixed a minor memory leak in the fractional attributes (ra->frac_attrs).
3) Added a check for the duplicated fractional attributes.
Changes in the USN plugin:
1) usn_start calls slapi_set_plugin_default_config to add "entryusn" to
the EXCLUDE list of the value of nsds5ReplicatedAttributeList in the
plugin default config entry.
2) fix for the bug 518673 - entryusn: wrong lastusn value; When the entryusn
is not assigned yet, the next value to be set is 0. Lastusn is calculate
as (the next entryusn - 1). Although the entryusn is 64-bit unsigned
long, it should be printed as a 64-bit signed integer for lastusn.
Other:
Fixed a compiler error in ldap/servers/slapd/dse.c.
|
| |
|
|
|
|
|
|
|
|
|
| |
Resolves: bug 487425
Bug Description: slapd crashes after changelog is moved
Reviewed by: rmeggins
Fix Description: Call clcache_set_config after the global changelog cache pool has been allocated.
Platforms tested: HPUX 11 (PA-RISC 2.0 64-bit)
Flag Day: no
Doc impact: no
<diffs>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The vendor, brand, and capbrand are set in configure - we should use those
everywhere rather than have to run some sort of script over the code to
change vendor, brand, version, etc. I've added VENDOR, BRAND, CAPBRAND
to the default defines passed to the compiler, and changed the code to use
these defines. And instead of the unintuitively named PRODUCTTEXT macro,
we should use the already defined PRODUCT_VERSION.
This allowed me to get rid of some code. The version was from a generated
file called dirver.h which we don't need anymore, and we don't need the perl
script dirver.pl which generated it.
The vendor string was coming from the dirlite header file. So I also used this
as an excuse to get rid of all references to dirlite once and for all (yay!).
For the places in plain text files which are not substituted, I just used the
generic name Dirsrv or Directory Server instead of having an explicit brand
and/or version in there.
Reviewed by: nkinder (Thanks!)
|
| |
|
|
|
|
|
| |
_cl5DBOpen removes a changelog db if there is no matching replica for the file.
The manner to remove the changelog db file was not good -- not using the API
that Berkeley DB provided, but removing it with NSPR delete function PR_Delete.
This fix replaces PR_Delete with the Berkeley DB API dbremove.
|
| |
|
|
|
|
| |
This cleans up all of the compiler warnings produced with -Wall on RHEL/Fedora platforms.
The warnings about the %lld and %llu formats are still produced and cannot be helped.
Reviewed by: nkinder (Thanks!)
|
| |
|
|
|
|
|
|
|
|
| |
These changes allow the server to be built with OpenLDAP (2.4.17+). A brief summary of the changes:
* #defines not provided by OpenLDAP were copied into slapi-plugin.h and protected with #ifndef blocks
* where it made sense, I created slapi wrapper functions for things like URL and LDIF processing to abstract way the differences in the APIs
* I created a new file utf8.c which contains the UTF8 functions from MozLDAP - this is only compiled when using OpenLDAP
* I tried to clean up the code - use the _ext versions of LDAP functions everywhere since the older versions should be considered deprecated
* I removed some unused code
NOTE that this should still be considered a work in progress since it depends on functionality not yet present in a released version of OpenLDAP, for NSS crypto and for the LDIF public API.
|
| |
|
|
|
|
|
|
|
| |
Bug Description: Configuring Replication Server to Server GSSAPI over TLS - attempts replication and can't stop servers
Reviewed by: nhosoi (Thanks!)
Fix Description: The agreement add code did not check the transport and bind method for compatability.
Platforms tested: RHEL5
Flag Day: no
Doc impact: no
|
| |
|
|
|
|
|
|
|
|
| |
Bug Description: crash in reliab15 test
Reviewed by: nkinder (Thanks!)
Fix Description: There was still a small window of time during which the connection could be closed out from under the other thread which was sending/reading result. The solution is to use explicit locking using the conn->lock to protect access to the conn->ld. Since this also affected the total update code, I tested it under similar conditions, and found that it exhibited the same behavior. I added checking to the total update code to check for disconnection and coordinate access in the entry sending/result reading threads.
I also fixed a spurious error message about the sasl path.
Platforms tested: RHEL5
Flag Day: no
Doc impact: no
|
