| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
| |
Add the account policy plugin and related server code, schema, and config
A new switch to configure has been added --enable-acctpolicy - this is
enabled by default - so the plugin and the schema will be built and installed
by default
the plugin will be in dse.ldif, but will be disabled by default
The original contribution had some minor problems with the schema and config
entries - these have been cleaned up
The original contribution had a few memory leaks - these have been cleaned up
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The function slapi_mapping_tree_select_and_check() is only called for
modrdn operations, to make sure we are not attempting to rename a suffix
or move an entry from one backend to another. This defeats datainterop
plugins that may want to perform some other operation in these cases. If
the target suffix/backend is not found, the default backend is used. If
the default backend is being used, don't check for all errors, just allow
the operation to pass through to the preop plugins.
Need to make sure this doesn't cause problems if
1) null suffix is not used - entry really is bogus or doesn't exist
2) null suffix is being used but entry belongs to another null suffix or
is really bogus
Reviewed by: nhosoi (Thanks!)
Tested on: Fedora 14 x86_64
|
| |
|
|
|
|
|
|
|
|
| |
There is no chance for next_node to be anything other than NULL in
the final return statement due to the return in the "if (next_node)"
block immediately before the final return.
We can remove the return inside of the "if (next_node)" block since
the final return statement already deals with returning the proper
value if next_node is non-NULL.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=531642
Resolves: 531642
Fix description:
1. Introduced a config parameter nsslapd-entryusn-global: on|off to
enable | disable the global mode. By default, off.
In the global mode, search on root dse returns "lastusn: <num>"
without the backend subtype (e.g., "lastusn;userroot: <num>")
2. Added slapi_get_next_suffix_ext to mapping_tree.c, which visits
children as well as siblings in the mapping tree.
(Note: slapi_get_next_suffix does just siblings.)
3. import (ldif2db) adds "entryusn: 0" to every entry unless the
entry already contains the entryusn attribute.
4. ldbm_back_delete, ldbm_back_modify, ldbm_back_modrdn: set
ldap_result_code to pblock so that bepost plugin could see if
the operation was successful or not.
See also http://directory.fedoraproject.org/wiki/Entry_USN#Global_mode
|
| |
|
|
|
|
|
|
|
| |
11892 - 11939
https://bugzilla.redhat.com/show_bug.cgi?id=613056
Resolves: bug 613056
Bug description: Fix coverify Defect Type: Null pointer dereferences issues 11892 - 11939
description: Catch possible NULL pointer in mapping_tree_entry_modify_callback() and mtn_remove_node().
|
| |
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=619122
Resolves: bug 619122
Bug description: fix coverify Defect Type: Resource leaks issues CID 11984.
description: The mtn_get_referral_from_entry() has been modified to avoid leaking the referral object.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=610177
Resolves: bug 610177
Bug Description: fix coverity Defect Type: Uninitialized variables issues
Reviewed by: nhosoi (Thanks!)
Branch: HEAD
Fix Description: Initialize variables to 0, NULL, or an appropriate error
code. Got rid of the unused lexer code.
Platforms tested: RHEL5 x86_64
Flag Day: no
Doc impact: no
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Change description:
. adding upgradednformat utility to each server instance.
. adding 91upgradednformat.pl for in-place-upgrade.
. implementing ldbm_back_upgradednformat sharing the import/
reincexing codes.
. adding a new DBVERSION ID "dn-4514" for the upgraded db.
. fixing access logs (delete.c and modify.c)
. fixing compiler warnings.
. fixing memory leaks.
. fixing a bug in syntax plugin to free strings.
. adding templates for plugin id, version, vendor, and description,
which are needed for the online upgrade.
. dbversion_write takes an additional bit flags, which indicates
which extra DBVERSION strings are written to the DBVERSION file.
It was introduced for the upgrade tools not to intervene each
other's tasks (e.g., dn2rdn for converting entrydn to entryrdn
and upgradednformat for upgrading the DN format).
. fixing a bug in entryrdn index code which was missing to normalize
RDN.
See also:
https://bugzilla.redhat.com/show_bug.cgi?id=591336
http://directory.fedoraproject.org/wiki/Upgrade_to_New_DN_Format#Migration.2FUpgrade
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fix Description:
. adding slapi_dn_normalize_ext and its siblings to normalize/validate
invalid DNs; deprecating slapi_dn_normalize and its siblings. (dn.c)
. replacing slapi_dn_normalize with new corresponding functions.
. normalizing hardcoded DNs (e.g., removing spaces around ',')
. setting correct DN syntax to nsslapd-suffix, nsslapd-ldapiautodnsuffix,
costemplatedn, nsslapd-changelogsuffix, nsBaseDN, nsBindDN
. if nsslapd-dn-validate-strict is enabled, incoming DN is examined and
rejected if it is invalid. Once approved, the DN is normalized.
. fixing compiler warnings and typos.
See also:
http://directory.fedoraproject.org/wiki/Upgrade_to_New_DN_Format
Related bugs:
Bug 199923 - subtree search fails to find items under a db containing special
characters
Bug 567968 - subtree/user level password policy created using 389-ds-console
doesn't work.
Bug 570107 - The import of LDIFs with base-64 encoded DNs fails, modrdn with
non-ASCII new rdn incorrect
Bug 570962 - ns-inactivate.pl does not work
Bug 572785 - DN syntax: old style of DN <type>="<DN>",<the_rest> is not
correctly normalized
Bug 573060 - DN normalizer: ESC HEX HEX is not normalized
Bug 574167 - An escaped space at the end of the RDN value is not handled
correctly
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The password modify extended operation was modifying the local database
on a read-only replica instead of returning a referral. The server is
designed to let the plugin ID used for updating password retry info make
local updates instead of returning a referral. This plugin ID was being
used by the password extop code, which it should not be doing.
The second issue is that we need to check if a referral needs to be sent
as early as possible when processing the extop request. We don't want
to reject the change if an entry does not exist before checking if a
referral is necessary since the server we refer to may have the target
entry present. This required adding a new helper function that allows
one to see if a write operation to a particular DN would require a
referral to be sent. The password modify extop code leverages this new
function to get the referrals and return them to the client if necessary.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=559016
[Fix Description] If the target dn of the modrdn operation is a suffix,
check if the new dn already exists or not. If it exists, it returns
LDAP_ALREADY_EXISTS. If the backend associated with the new dn does
not exist, it returns LDAP_NO_SUCH_OBJECT. Otherwise, it returns
LDAP_NAMING_VIOLATION.
If the target dn of the modrdn is attempted to move across backends,
it returns LDAP_AFFECTS_MULTIPLE_DSAS instead of LDAP_UNWILLING_TO_PERFORM.
Modrdn (op_shared_rename) was logging the parameter errors in the
clients request as SLAPI_LOG_FATAL. Reduced the level to SLAPI_LOG_ARGS.
Also, replaced ldap_explode_dn with slapi_dn_syntax_check to verify
the newsuperior.
By the replacement, 2 bugs in slapi_dn_syntax_check were found.
1) The key for the DN in the hashtable of the attribute syntax has
to be "distinguishedName". 2) Argument type for plg_syntax_validate
was not correct.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch includes
- replacing the entrydn index with the entryrdn index
- replacing a full DN in each entry in the DB with an RDN
- extending Slapi_Entry, entry2str, and str2entry to absorb the changes
made on the entry
- adding DN/RDN helper functions
- adding DN cache
- adding a utility and a migration script to convert the DN format database
to the RDN format
- extending a database dump utility dbscan to support the entryrdn
- slapi_dn_syntax_check by nkinder@redhat.com is added to check the dn before
modify operations
- big fix for 171338 - Enhancement: winsync modrdn not synced
In addition to the above, compile warnings and memory leaks found in testing
the new feature are fixed.
For more details, see the feature design document at:
http://directory.fedoraproject.org/wiki/Subtree_Rename
and bugzilla at:
https://bugzilla.redhat.com/show_bug.cgi?id=171338
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
valgrind is a very useful tool - however, the directory server produces a lot
of false positives that have to be suppressed in order to get to the useful
information. These patches attempt to reduce some of that noise.
1) aclparse - should calculate the length of the string _after_ trimming the
spaces
2) something about random number generation causes some of the bits to be uninitialized, and valgrind doesn't like it - this patch doesn't eliminate the error, just reduces it
3) use initialized memory when generating hashes - also remove "magic numbers"
4) bin.c - slapi_value_get_string must not be used with unterminated (binary) values
5) we get these odd valgrind reports from deep within bdb about invalid reads and uninitialized memory - I thought perhaps because we were initializing DBT structures with = {0} which the bdb docs says is not sufficient - they recommend memset or bzero
6) There are some small memory leaks during attrcrypt initialization and in error cases
7) error message in ldif2ldbm.c was attempting to print the Slapi_DN structure rather than getting the char *dn
8) After we call NSS_Initialize, we must call the NSS shutdown functions to clean up the caches and other data structures, otherwise NSS will leak memory. This is harmless since it happens at exit, but valgrind reports hundreds of memory leaks. The solution is to make sure we go through a single exit point after NSS_Initialize. This means many places that just called exit() must instead return with a real return value. This mostly affected main.c, detach.c, and a couple of other places called during startup.
9) minor memory leaks in mapping tree initialization
10) sasl_map.c - should not call this in referral mode
11) minor memory leaks during ssl init
Reviewed by: nkinder, nhosoi (Thanks!)
|
| |
|
|
|
|
| |
Description: mapping tree code inconsistent about treatment of quoted node names
Reviewed by: nhosoi (Thanks!)
Fix Description: Look for (|(%s=\"%s\")(%s=%s))) when looking for mapping tree suffixes - there may be a quoted suffix, or one without quotes, so look for either
|
| |
|
|
|
|
|
|
|
|
| |
Summary: Replica crashes in the consumer initialization if the backend to be
replicated does not exist
Description:
. mapping_tree.c: if NULL mapping tree state is passed, return an error.
. repl_extop.c: if mapping tree node state is NULL, don't reset the mapping
tree state.
. replutil.c: if NULL mapping tree state is passed, log it and return.
|
| |
|
|
| |
Summary: Made replica_set_updatedn detect value add modify operations properly.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Reviewed by: nhosoi (Thanks!)
Fix Description: The intptr_t and uintptr_t are types which are defined as integer types that are the same size as the pointer (void *) type. On the platforms we currently support, this is the same as long and unsigned long, respectively (ILP32 and LP64). However, intptr_t and uintptr_t are more portable. These can be used to assign a value passed as a void * to get an integer value, then "cast down" to an int or PRBool, and vice versa. This seems to be a common idiom in other applications where values must be passed as void *.
For the printf/scanf formats, there is a standard header called inttypes.h which defines formats to use for various 64 bit quantities, so that you don't need to figure out if you have to use %lld or %ld for a 64-bit value - you just use PRId64 which is set to the correct value. I also assumed that size_t is defined as the same size as a pointer so I used the PRIuPTR format macro for size_t.
I removed many unused variables and some unused functions.
I put parentheses around assignments in conditional expressions to tell the compiler not to complain about them.
I cleaned up some #defines that were defined more than once.
I commented out some unused goto labels.
Some of our header files shared among several source files define static variables. I made it so that those variables are not defined unless a macro is set in the source file. This avoids a lot of unused variable warnings.
I added some return values to functions that were declared as returning a value but did not return a value. In all of these cases no one was checking the return value anyway.
I put explicit parentheses around cases like this: expr || expr && expr - the && has greater precedence than the ||. The compiler complains because it wants you to make sure you mean expr || (expr && expr), not (expr || expr) && expr.
I cleaned up several places where the compiler was complaining about possible use of uninitialized variables. There are still a lot of these cases remaining.
There are a lot of warnings like this:
lib/ldaputil/certmap.c:1279: warning: dereferencing type-punned pointer will break strict-aliasing rules
These are due to our use of void ** to pass in addresses of addresses of structures. Many of these are calls to slapi_ch_free, but many are not - they are cases where we do not know what the type is going to be and may have to cast and modify the structure or pointer. I started replacing the calls to slapi_ch_free with slapi_ch_free_string, but there are many many more that need to be fixed.
The dblayer code also contains a fix for https://bugzilla.redhat.com/show_bug.cgi?id=463991 - instead of checking for dbenv->foo_handle to see if a db "feature" is enabled, instead check the flags passed to open the dbenv. This works for bdb 4.2 through bdb 4.7 and probably other releases as well.
Platforms tested: RHEL5 x86_64, Fedora 8 i386
Flag Day: no
Doc impact: no
|
| | |
|
| |
|
|
|
|
| |
Summary: Dynamically reload schema via task interface
Description: implemented task based schema file reloading
(see also http://directory.fedoraproject.org/wiki/Dynamically_Reload_Schema)
|
| |
|
|
| |
Summary: HP-UX: warnings reported by the HP-UX compiler
|
| |
|
|
|
|
|
|
|
|
|
| |
Bug Description: reliab15: slapd hangs on goblin5
Reviewed by: nhosoi (Thanks!)
Fix Description: We are calling the mtn_lock() twice in the same thread. The proposed fix is to move the mtn_lock() so this doesn't happen.
Platforms tested: RHEL5
Flag Day: no
Doc impact: no
QA impact: should be covered by regular nightly and manual testing
New Tests integrated into TET: none
|
| |
|
|
|
|
|
|
|
| |
Bug Description: enabling chain-on-update causes replica to act as a master
Reviewed by: nkinder (Thanks!)
Fix Description: This fix is only minor - we must use sym_load() to look up plugins, including the entry distribution plugin we use for chain on update. But I don't believe this was causing the problem. Chain on update does not work if you BIND as directory manager. You must bind as a regular user. It may be difficult to change this. We need to do more testing to see if, in general, proxy BIND and operations work with directory manager. The chaining backend cannot use directory manager as the proxy user.
Platforms tested: RHEL5
Flag Day: no
Doc impact: Yes, we need to make sure we document exactly how chain on update is to be used.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Bug Description: PAM passthru ENTRY method not working
Reviewed by: prowley (Thanks!)
Fix Description: There are several problems.
1) For the ENTRY method to perform the internal search to get the entry for the bind DN, it must have a component ID (aka plugin identity). The code was already there to get/set it, but it was never initialized in the init function.
2) You cannot mix slapi_sdn_new* with slapi_sdn_init* - slapi_sdn_init will erase the knowledge that the Slapi_DN was allocated with malloc and it will not free it in slapi_sdn_free().
3) People may assume they can specify a subtree (e.g. ou=people,dc=example,dc=com) instead of a suffix for the list of included/excluded suffixes. The error message will not print a list of valid suffixes for the admin to use.
4) slapi_be_exist was failing because the database does not notify the mapping tree code that the backend is started during startup. This works fine under normal conditions because most all of the code in mapping_tree.c will lookup the backend if the mtn_be pointer in the mapping tree node is NULL. However, slapi_be_exist and slapi_be_select do not do this. The proper solution is to call slapi_mtn_be_started() at database startup time. This is the same thing that happens when a backend is added at runtime.
Platforms tested: FC6
Flag Day: no
Doc impact: no
|
| |
|
|
|
|
|
| |
Summary: [195305] make new_task() non-static
Changes: provide slapi_new_task and slapi_destroy_task as slapi APIs
Summary: [195307] task registration by plugins is wiped by task_init()
Changes: clean up old tasks before plugin_startall
|
| |
|
|
|
|
|
|
|
|
| |
Summary: configure needs to support --with-fhs (Comment #6)
Changes: Added the following include next to the end of the copyright block.
+
+#ifdef HAVE_CONFIG_H
+# include <config.h>
+#endif
+
|
| | |
|
| | |
|
| |
|
|
| |
strlen, removing some dead code, other odds and ends.
|
| |
|
|
| |
warnings on Linux; remove pam_passthru from DS 7.1
|
| | |
|
|
|
(foxworth)
|
