| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
| |
also applied to "cn=directory manager"
https://bugzilla.redhat.com/show_bug.cgi?id=606920
Description: When a timelimit (as well as a sizelimit) is successfully
retrieved from SLAPIResLimitConnData, the value is always set to pblock.
With this change, it sets "no limit (-1)" if the operation is initiated
by Directory Manager.
|
|
|
|
|
|
|
|
|
| |
If a password is changed using the password modify extended
operation, the modify used to modify the password will be leaked
if the change is rejected due to password policy or access control
settings.
This patch frees the mod when the password change is rejected.
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=574101
Description: To create the ID list for child entries of to-be-renamed
entry, an inappropriate function (idl_append) was used. The function
expects the passed IDs are sorted. If not sorted, idl_insert should
be used instead.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=597375
Fix Description:
1) When a backend was removed, the db instance directory was removed
as well (See also 463774 - index files for database should be deleted
when db is deleted). In case DB_RECOVER_FATAL is set in the DB open
after the removal (e.g., in restore), the logs in the transaction
logs are replayed and compared with the contents of the DB files.
At that time, if the db instance directory does not exist, libdb
returns FATAL error. To prevent the problem, we have to leave the
empty directory.
2) When removing index files, we don't have to open index files
with CREAT flag.
Note: In the bug 463774, the server was fixed so that once a db
backend is removed, the db instance directory is removed. With
this fix (597375), the backend removal leaves the empty db instance
directory. Plus, if backup is restored, even if the backup was
made after the backend is deleted, the restore could create empty
DB files in the deleted db instance directory if the transaction
log files still contain the history of the deleted backend.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=595874
Resolves: bug 595874
Bug Description: 99user.ldif getting overpopulated
Reviewed by: self
Branch: HEAD
Fix Description: The schema code was adding X-ORIGIN 'user defined' to all
schema elements that had no X-ORIGIN. It should only add user defined to
schema elements from the user defined schema file, not to schema defined
in standard (read only) schema files. It looks like the code should work
fine if the schema element has no origin, so there is no reason to add
an origin for schema other than user defined schema.
Platforms tested: RHEL5 x86_64
Flag Day: no
Doc impact: no
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=593392
Resolves: bug 593392
Bug Description: setup-ds-admin.pl -k creates world readable file
Reviewed by: thoger (Thanks!)
Branch: HEAD
Fix Description: Use umask to make sure we create a .inf file that is
only viewable by the user. In addition, only create the temp file and
filename when necessary. In some places, the code was creating a .inf
file on disk when it could just create one in memory. The code should
check to see if the Inf object has a file associated with it before
attemtping to unlink it. Make sure we do not unlink a .inf file given
with -f on the command line. If the user specified -k, always write to
a temp file using __temp__ as the keyword to tell Inf->write to generate
a temp file.
Platforms tested: RHEL5 x86_64
Flag Day: no
Doc impact: no
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=511112
Fix Description: If an entry already having more than 25 password
history attributes is added and password modify is performed on
the entry, it overflows the fixed length values_replace array and
crashes the server. This patch protects the overflow.
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=595893
Fix Description: It must be guaranteed that ndn returned
from slapi_sdn_get_ndn is normalized. Putting back the
normalization code in slapi_sdn_get_ndn.
|
|
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=593899
Additional fix: if a target value is double quoted followed by
trailing spaces, the double quotes were not correctly handled.
Sample failed case:
aci: ( target = "ldap:///ou=organizationalUnit, o=test_ACIs.com" )
^
Changed to call __acl_strip_trailing_space to remove them.
|
|
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=588867
Fix description: _sparcv9_AtomicAdd, _sparcv9_AtomicSub, and
_sparcv9_AtomicSet were not correctly declared. It brought
in the implicit function declaration, where the return value
were casted to 32-bit integer and the comparison against the
64-bit unsigned integer failed. The comparison was in the
endless loop and it caused the server hang.
|
|
|
|
|
|
|
|
|
| |
The new repl sesssion API will crash when adding a replication agreement.
It should check to see if there is a repl session api before attempting
to get the init function.
Reviewed by: nhosoi
Branch: HEAD
Platforms tested: RHEL5 x86_64
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=593899
Fix Description: There was a bug if an invalid syntax acl was given
(e.g., the value of userdn was not double quoted), normalize_nextACERule
mistakenly continued processing the acl and eventually tried to
allocate a huge size of memory (since the end address was less
than the start address, end - start became negative) and it made
the server quit. Added more error handling code to prevent such
failures.
|
|
|
|
|
|
|
|
|
| |
The anonymous resource limits were not being properly set. This
patch ensures that the limits are set properly when an anonymous
or unauthenticated BIND operation is performed. It also sets the
anonymous limits when we do a read on a connection that has not
yet perfomed a BIND. These limits will be overwritten with any
default or user-based limits once a valid BIND is performed.
|
|
|
|
|
| |
The previous patch had a mangled function name in
the function prototype. This corrects the name.
|
|
|
|
|
|
|
|
| |
This adds the ability to write a plug-in to register callbacks for
controlling when replication is allowed to occur. For details,
please see the design document at:
http://directory.fedoraproject.org/wiki/Replication_Session_Hooks
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=593110
Fix description:
ldap/servers/slapd/back-ldbm/dblayer.c -- A memory area that
stores nsslapd-directory was shared between 2 structures:
struct ldbminfo and dblayer_private. In dblayer_post_close,
dblayer_private is released but not struct ldbminfo. The
latter does not know the memory area is freed. This fix
changes it so that each structure has its own copy.
ldap/servers/plugins/acl/acl.c -- A variable result_status
had a chance to be evaluated w/o an initialization.
|
|
|
|
|
|
|
|
|
|
|
|
| |
Server Causes Crash
Fix description: normalized_mods->mod_bvalues is an array of
(struct berval *). When slapi_dn_normalize_ext returns an
allocated memory (case rc > 0), a new struct berval should have
been allocated and the address of the normalized string (normed)
and its length (dnlen) should be set in the berval.
The struct berval allocation was missing in the previous fix
for "Update to New DN Format".
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Change description:
. adding upgradednformat utility to each server instance.
. adding 91upgradednformat.pl for in-place-upgrade.
. implementing ldbm_back_upgradednformat sharing the import/
reincexing codes.
. adding a new DBVERSION ID "dn-4514" for the upgraded db.
. fixing access logs (delete.c and modify.c)
. fixing compiler warnings.
. fixing memory leaks.
. fixing a bug in syntax plugin to free strings.
. adding templates for plugin id, version, vendor, and description,
which are needed for the online upgrade.
. dbversion_write takes an additional bit flags, which indicates
which extra DBVERSION strings are written to the DBVERSION file.
It was introduced for the upgrade tools not to intervene each
other's tasks (e.g., dn2rdn for converting entrydn to entryrdn
and upgradednformat for upgrading the DN format).
. fixing a bug in entryrdn index code which was missing to normalize
RDN.
See also:
https://bugzilla.redhat.com/show_bug.cgi?id=591336
http://directory.fedoraproject.org/wiki/Upgrade_to_New_DN_Format#Migration.2FUpgrade
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fix Description:
1. Got rid of the old hardcoded limit 200MB.
2. Introduced the memory hard limit and soft limit.
Standalone command line import ldif2db behaves as follows:
If import cache autosize is enabled:
nsslapd-import-cache-autosize: -1 or 1 ~ 99
(if the value is greater than or equal to 100,
it's reset to 50 with a warning.)
the import cache size is calculated as
nsslapd-import-cache-autosize * pages / 125
(./125 instead of ./100 is for adjusting the BDB overhead.)
If import cache is disabled:
nsslapd-import-cache-autosize: 0
get the nsslapd-import-cachesize.
Calculate the memory size left after allocating the import cache size.
If the size is less than the hard limit, it issues an error and quit.
If the size is greater than the hard limit and less than the soft limit,
it issues a warning, but continues the import task.
Note: this function is called only if the import is executed as a stand
alone command line (ldif2db).
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=586571
Resolves: bug 586571
Bug Description: DS Console shows escaped DNs
Reviewed by: nkinder (Thanks!)
Branch: HEAD
Fix Description: In order for the console fixed to be used to manage the
correct directory server, the directory server needs to be able to specify
the ds console jar file version down to 3 digits, as opposed to the current
two digits. To support this, instead of overriding PACKAGE_BASE_VERSION,
a new configure macro is introduced - CONSOLE_VERSION. This value is
set in VERSION.sh, so it can be easily updated, and it is used to set
the value for BaseVersion in slapd.inf, which is what the admin server
setup uses to set the ds console jar file version corresponding to the
directory server.
Platforms tested: RHEL5 x86_64, Fedora 12
Flag Day: no
Doc impact: no
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch allows one to set multiple dnaType attributes for a single
DNA range. This allows the same value to be used for each dnaType
(such as ensuring the uidNumber and gidNumber are the same value
from the range when ading a posixAccount).
There are some differences with the way DNA works for multi-type
ranges. For a value to be generated from a multi-type range, the
magic value must be specified to indicate which attributes should
use the newly generated value. This allows a range to be shared
across different entry types (such as having a uidNumber/gidNumber
range that is used or posixAccount and posixGroup entries). A
multi-type range will not generate a value for missing attributes
as DNA does for single-type ranges.
Since a range can have multiple types, the internal ordering of
config structs had to be changed to order by scope only. It was
previously ordered by type and then scope, which allowed us to
easily detect if we had already generated a value for a given type.
This change required a number of helper functions to be added for
tracking and checking which types we have already generated values
for.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
handled correctly
https://bugzilla.redhat.com/show_bug.cgi?id=574167
Bug Description: If a DN contains "\ " at the end of its RDN,
it's be converted to "\20" by slapi_dn_normalize_ext in the
add operation. But the following search returns ' ' (not
an escaped space).
Fix Description: When slapi_dn_normalize_ext was applied to a
string which contains "\20", it converted the string to ' '.
This fix changes the behaviour so that the string "\20" in
DN remains untouched.
Also, this patch includes a fix to add a default suffix value
with no double quotes in template-suffix-db.ldif.in. We keep
double quoted suffix for the backward compatibility.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=585905
Bug Description:
targattrfilters takes this format of value:
(targattrfilters="add=attr1:F1 && attr2:F2... &&
attrn:Fn,del=attr1:F1 && attr2:F2 ... && attrn:Fn")
The ACL plugin code had blindly expected the value contains
the operator "add" or "del" and '=' to concatenate the
attribute and filter pair. The plugin should have checked
the possibility that the value does not follow the format.
Fix Description:
If '=' is not included in the targattrfilters value, the
ACL parser returns ACL_SYNTAX_ERR. Also, adding a check
code for the returned pointer from strchr and strstr.
|
|
|
|
| |
Removed unused format arguments from format string
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=572018
Resolves: bug 572018
Bug Description: Upgrading from 1.2.5 to 1.2.6.a2 deletes userRoot
Reviewed by: self
Branch: HEAD
Fix Description: According to the error message, the entry id cannot be
found in the id2entry file. The entry id comes from the parentid index,
which has just been created by the dn2rdn upgradedb process. The entryid
is the key in the parentid index. I'm not sure how this can happen -
either the parentid contains the id of an entry that does not exist, or
the entryid was somehow corrupted. I've added some additional debugging
statements to try to narrow this down.
Platforms tested: RHEL5 x86_64
Flag Day: no
Doc impact: no
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=145181
Resolves: bug 145181
Bug Description: Plugin target/bind subtrees only take 1 value.
Fix Description: New attributes nsslapd-exclude-targetSubtree and
nsslapd-exclude-bindSubtree have been added to specify excluded subtrees.
The set_plugin_config_from_entry() has been modified to read multiple
subtrees. The plugin_invoke_plugin_sdn() and plugin_allow_internal_op()
have been modified to check for excluded subtrees.
Reviewed by: rmeggins (and pushed)
|
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=542570
Resolves: bug 542570
Bug Description: Directory Server port number is not validated in the beginning.
Fix Description: The code has been modified to validate the port value from the
beginning of the string to the end to ensure that it only contains digits and to
generate the appropriate error message.
Reviewed by: rmeggins (and pushed)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fix Description:
. adding slapi_dn_normalize_ext and its siblings to normalize/validate
invalid DNs; deprecating slapi_dn_normalize and its siblings. (dn.c)
. replacing slapi_dn_normalize with new corresponding functions.
. normalizing hardcoded DNs (e.g., removing spaces around ',')
. setting correct DN syntax to nsslapd-suffix, nsslapd-ldapiautodnsuffix,
costemplatedn, nsslapd-changelogsuffix, nsBaseDN, nsBindDN
. if nsslapd-dn-validate-strict is enabled, incoming DN is examined and
rejected if it is invalid. Once approved, the DN is normalized.
. fixing compiler warnings and typos.
See also:
http://directory.fedoraproject.org/wiki/Upgrade_to_New_DN_Format
Related bugs:
Bug 199923 - subtree search fails to find items under a db containing special
characters
Bug 567968 - subtree/user level password policy created using 389-ds-console
doesn't work.
Bug 570107 - The import of LDIFs with base-64 encoded DNs fails, modrdn with
non-ASCII new rdn incorrect
Bug 570962 - ns-inactivate.pl does not work
Bug 572785 - DN syntax: old style of DN <type>="<DN>",<the_rest> is not
correctly normalized
Bug 573060 - DN normalizer: ESC HEX HEX is not normalized
Bug 574167 - An escaped space at the end of the RDN value is not handled
correctly
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The rsearch utility has an option (-i) that allows one to have a
file containing names to be used as a variable in search filters.
The way this is designed is that you would specify a partial filter
(such as "uid=") as the filter option and a random name from the
name file will be appended to the filter for each search operation.
Unfortunately, this option was broken. The format was missing
where we were creating the filter string, which caused the filter
option to be used as specified without appending a name from the
name file.
|
|
|
|
|
|
|
|
|
|
|
|
| |
The ldapi socket file is only removed when ns-slapd is started
since the server does not have permission to remove it at shutdown.
The causes issues when upgrading to a recetn version that has
SELinux policy since the newly confined ns-slapd daemon will not
be allowed to remove the old ldapi socket file since it doesn't
have a dirsrv specific label. To deal with this, I've added an
upgrade scriptlet that will remove the ldapi socket file. When
the newly confined ns-slapd starts up, it will create a new
socket file with the proper label.
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=584109
Resolves: bug 584109
Bug Description: Slapd crashes while parsing DNA configuration
Fix Description: The dna_parse_config_entry() has been modified to duplicate
the shared_cfg_base value to avoid freeing the same memory location twice.
Reviewed by: rmeggins (and pushed by)
|
|
|
|
| |
ldap/servers/slapd/filterentry.c (line 685) void function cannot return value
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
deleted entries)
https://bugzilla.redhat.com/show_bug.cgi?id=576644
Resolves: bug 576644
Bug Description: segfault while multimaster replication (paired node won't find deleted entries)
Reviewed by: rmeggins
Fixed by: edewata, nhosoi
Branch: HEAD
Fix Description: The delete code stores the actual entry from the entry
cache in the pblock as SLAPI_DELETE_BEPREOP_ENTRY so that the be preop
plugins can have access to the entry. SLAPI_DELETE_BEPREOP_ENTRY is an
alias for SLAPI_ENTRY_PRE_OP which is used by the front-end delete code.
When processing a replicated delete operation, and the
entry has already been deleted (converted to a tombstone), we needed to
restore the original entry in SLAPI_DELETE_BEPREOP_ENTRY so that the
front-end code can free it as SLAPI_ENTRY_PRE_OP instead of freeing the
actual entry from the cache.
Platforms tested: RHEL5 x86_64
Flag Day: no
Doc impact: no
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The password modify extended operation was modifying the local database
on a read-only replica instead of returning a referral. The server is
designed to let the plugin ID used for updating password retry info make
local updates instead of returning a referral. This plugin ID was being
used by the password extop code, which it should not be doing.
The second issue is that we need to check if a referral needs to be sent
as early as possible when processing the extop request. We don't want
to reject the change if an entry does not exist before checking if a
referral is necessary since the server we refer to may have the target
entry present. This required adding a new helper function that allows
one to see if a write operation to a particular DN would require a
referral to be sent. The password modify extop code leverages this new
function to get the referrals and return them to the client if necessary.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
attribute returns all elements.
https://bugzilla.redhat.com/show_bug.cgi?id=572162
Resolves: bug 572162
Bug Description: the string "|*" within a search filter on a non-indexed attribute returns all elements.
Reviewed by: nhosoi (Thanks!)
Branch: HEAD
Fix Description: PCRE interprets the '|' character as the start of
alternative branch. In the search filter, the other side of the '|' is
empty, which means match everything. The solution is to escape this and
other PCRE special chars before matching.
Platforms tested: RHEL5 x86_64
Flag Day: no
Doc impact: no
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=566043
Resolves: bug 566043
Bug description: startpid file is only cleaned by initscript runs
Fix description: The start-dirsrv script has been modified to remove
the startpid file if the server starts successfully.
Reviewed by: rmeggins (and pushed by)
|
|
|
|
|
|
|
| |
The instance files and ports need to be labelled with the proper
SELinux contexts during an upgrade. This patch exports the routine
used to update the policy during regular setup so we can use it
when upgrading.
|
|
|
|
|
|
|
|
|
|
|
| |
This adds a new managed entries plug-in. This plug-in allows
one to have the Directory Server automatically maintain a set
of entries that are based off of another type of entry (such
as user private group entries based off of user entries).
For more details, see the design document at:
http://directory.fedoraproject.org/wiki/Managed_Entry_Design
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
configuring via ConfigFile
https://bugzilla.redhat.com/show_bug.cgi?id=561575
Resolves: bug 561575
Bug Description: setup-ds-admin fails to supply nsds5ReplicaName when configuring via ConfigFile
Reviewed by: nhosoi (Thanks!)
Branch: HEAD
Fix Description: The main problem was that the mod val was a berval, so we
needed |LDAP_MOD_BVALUES for the mod_op. The other problem is that the
mod and values were being used out of scope. While this seems to work, it's
better to make sure all of the values are in scope.
Platforms tested: RHEL5 x86_64
Flag Day: no
Doc impact: no
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The admin server CGIs need to be able to easily parse the
instance name from the start-slapd script. Recent format
changes have caused the existing parsing to break, so this
patch makes the parsing of the instance name easier.
To deal with the change in start-slapd format for an upgraded
instance, I have changed the setup code to regenerate all of
the instance scripts during an upgrade instead of simply adding
missing scripts. This is needed for any bug fix that modifies
a script template to work for an upgraded instance. I also
added code to write the instance sysconfig script during upgrade
if it doesn't exist already. We don't want to overwrite this
file if it already exists since it's designed for local changes
to be made to it.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=578167
Resolves: bug 578167
Bug Description: repl. of mod/replace deletes multi-valued attrs
Reviewed by: nkinder (Thanks!)
Branch: HEAD
Fix Description: The server implements a mod/replace operation as a
mod/delete if all values, followed by a mod/add of the new values. The
mod/delete phase, since it removes all of the values, essentially deletes
the attribute, so it must set the attribute deletion_csn. This is even
true in the case when you do a mod/replace on an attribute that doesn't yet
exist. We have to create an empty attribute on the deleted_attrs list with
the deletion_csn set to the csn of the operation. This preserves the
semantics of the mod/replace operation.
When doing the add phase of the mod/replace, we have to be able to
resurrect attributes and values that may have been deleted by the mod/delete
phase. We can tell that we need to resurrect a deleted value in
resolve_attribute_state_multi_valued, in the deleted_values loop, because
the deletioncsn will be the same as the update csn, and the
delete_priority flag will be 0.
Platforms tested: RHEL5 x86_64
Flag Day: no
Doc impact: no
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=566320
Resolves: bug 566320
Bug description: RFE: add exception to removal of attributes in cn=config for aci
Fix description: The modify_config_dse() has been modified to
check the ignore_attr_type() for all types of modify operation.
Reviewed by: rmeggins (and pushed by)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=567429
Resolves: bug 567429
Bug Description: slapd didn't close connection and get into CLOSE_WAIT state
Reviewed by: nhosoi (Thanks!)
Branch: HEAD
Fix Description: The JNDI code attached to the bug uses persistent search.
The connection pool code handles persistent searches differently than
regular connections. The connection pool code was acquiring a reference
to a conn, but was not releasing it in the persistent search case, assuming
the persistent search code did not also have a reference, but it does. This
caused connection_table_move_connection_out_of_active_list() to not move
the connection out of the active list, and therefore available for closing,
because there was an outstanding reference. The solution is for the
connection pool code to release its reference.
Platforms tested: RHEL5 x86_64
Flag Day: no
Doc impact: no
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=455489
Resolves: bug 455489
Bug description: Address compiler warnings about strict-aliasing rules
Fix description: The codes that generate strict-aliasing warnings have
been changed.
Reviewed by: rmeggins (and pushed by)
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=576074
Resolves: bug 576074
Bug Description: search filters with parentheses fail
Reviewed by: nhosoi (Thanks!)
Branch: HEAD
Fix Description: PCRE requires '(' and ')' to be escaped to match a literal
parenthesis. Otherwise, it thinks the parenthesis is used for grouping.
Platforms tested: RHEL5 x86_64
Flag Day: no
Doc impact: no
|
|
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=520151
Resolves: bug 520151
Bug description: Error when modifying userPassword with proxy user
Fix description: The acl_access_allowed() has been modified to
call aclplugin_preop_common() which will initialize the aclpb.
The aclplugin_preop_common() has been modified to check for the
ACLPB_INITIALIZED flag to avoid re-initializing aclpb.
Reviewed by: rmeggins (and pushed by)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
conflict
https://bugzilla.redhat.com/show_bug.cgi?id=571677
Resolves: bug 571677
Bug Description: Busy replica on consumers when directly deleting a replication conflict
Reviewed by: nhosoi (Thanks!)
Branch: HEAD
Fix Description: In some cases, urp fixup operations can be called from
the bepreop stage of other operations. The ldbm_back_delete() and
ldbm_back_modify() code lock the target entry in the cache. If a bepreop
then attempts to operate on the same entry and acquire the lock on the
entry, deadlock will occur.
The modrdn code does not acquire the cache lock on the target entries
before calling the bepreops. The modify and delete code does not acquire
the cache lock on the target entries before calling the bepostops.
I tried unlocking the target entry before calling the bepreops, then locking
the entry just after. This causes the problem to disappear, but I do not
know if this will lead to race conditions. The modrdn has been working this
way forever, and there are no known race conditions with that code.
I think the most robust fix for this issue would be to introduce some sort
of semaphore instead of a simple mutex on the cached entry. Then
cache_lock_entry would look something like this:
if entry->sem == 0
entry->sem++ /* acquire entry */
entry->locking_thread = this_thread
else if entry->locking_thread == this_thread
entry->sem++ /* increment count on this entry */
else
wait_for_sem(entry->sem) /* wait until released */
and cache_unlock_entry would look something like this:
entry->sem--;
if entry->sem == 0
entry->locking_thread = 0
Platforms tested: RHEL5 x86_64
Flag Day: no
Doc impact: no
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=548533
Description: repl5_inc_delete and repl5_tot_delete to release the
incremental and total update protocol were not implemented. This
fix implemented them. Also, it fixed a leak of connection in
private_protocol_factory.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=515805
Fix Description:
SLAPI_TASK_CANCELLED could be set in task_modify any time by
users' modifying nsTaskCancel value to TRUE. Then the following
slapi_task_status_changed destroys the task, which is called
even via a simple logging call slapi_task_log_status. After the
task is destroyed, any task related calls such as another
slapi_task_log_status or slapi_task_finish crashes the server.
This fix changes the behaviour to destroy the task only when
task_state is SLAPI_TASK_FINISHED. Once SLAPI_TASK_CANCELLED
is set to task_state, changing the state to SLAPI_TASK_FINISHED
by calling slapi_task_finish is the responsibility of the task
application (e.g., import). Until then, it is guranteed that
the task is available.
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=573375
Resolves: bug 573375
Bug Description: MODRDN operation not logged
Fix Description: The slapi_log_access() should be invoked using
LDAP_DEBUG_STATS, LDAP_DEBUG_STATS2, or LDAP_DEBUG_ARGS level.
|