| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
| |
Also added numericstring syntax support.
For more details, see the design doc at http://directory.fedoraproject.org/wiki/Syntax_Validation_Design
|
| |
|
|
| |
Summary: Corrected semaphore name used in SNMP subagent.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Summary: LOG: the intenal type of maxlogsize, maxdiskspace and minfreespace should be 64-bit integer (comment #20)
Description: In log_reverse_convert_time, by initializing "struct tm" with
NULLs:
struct tm tm = {0};
tm_isdst is also set to 0, which means no daylight saving. mktime thinks when
converting struct tm to time_t, use the knowledge "the time that the time_t
represents is not in the daylight saving period". Instead, we should have set
"tm.tm_isdst = -1;". That means, we don't have the knowledge, calculate it in
mktime.
I also fixed a silly bug in generating a rotated log file name which I
introduced in my previous checkin.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Summary: LOG: the intenal type of maxlogsize, maxdiskspace and minfreespace should be 64-bit integer (comment #20)
Description:
1) replaced PR_GetOpenFileInfo with PR_GetOpenFileInfo64 in log_getfilesize.
PR_GetOpenFileInfo does not return the correct file size if the size is
larger than 2GB.
2) when a rotation info file is missing and recreated, the file size stored
in the file was not correct.
3) rotated file name is created with the time stamp when rotated. The reverse
conversion function had a problem and the file name in the rotation info and
the real one could mismatch.
|
| |
|
|
| |
NOTE: We do not have support for atomic 64-bit counters on ppc - ppc platorms use the mutex approach instead
|
| | |
|
| |
|
|
| |
Summary: Ensure we exit with the return code for the status command in the init script.
|
| | |
|
| |
|
|
|
| |
Summary: homePhone is not RFC 1274 compliant
Description: added "homeTelephoneNumber" to the NAME list of "homePhone".
|
| |
|
|
|
| |
Summary: Replication Bind Failure After Migration from DS 7.1 (comment #10)
Description: changed to trim trailing slashes of oldsroot and actualsroot at the beginning.
|
| |
|
|
| |
Summary: Fixup replicated schema during migration.
|
| |
|
|
|
|
| |
Summary: mmldif crashes in PK11_CreateDigestContext
Description: NSS was not initialized. Since cert db, key db, or secmod db are
not needed, changed to call NSS_NoDB_Init to initialize NSS.
|
| |
|
|
|
| |
Summary: move perl on solaris to a <TBD> path
Description: Changing Solaris perl path (perlexec) to /usr/lib/sparcv9/dirsec/perl5x/bin/perl.
|
| |
|
|
|
|
|
|
|
| |
Bug Description: Configuring Replication Server to Server GSSAPI over TLS - attempts replication and can't stop servers
Reviewed by: nhosoi (Thanks!)
Fix Description: The agreement add code did not check the transport and bind method for compatability.
Platforms tested: RHEL5
Flag Day: no
Doc impact: no
|
| |
|
|
|
|
|
|
|
| |
Summary: log module issues unnecessary/inaccurate syslog errors
Description:
1) don't log "Exceeded max number of logs allowed" in syslog messages. It's an
info level log, which is not appropriate to log in syslog messages.
2) when deleting an error log file failed, a wrong file name (audit log) was
printed. I also added the error code and the message why the deletion failed.
|
| |
|
|
|
|
|
| |
Summary: If an independent process db2ldif rotates the error log, it crashes the server.
Description: PR_Rename failure due to the FILE_EXIST is benign. Ignore the
error and goes forward. The procedure is extended to all the log type: error,
access, and audit.
|
| |
|
|
|
|
|
|
|
| |
Bug Description: Replication Bind Failure After Migration from DS 7.1
Reviewed by: nkinder (Thanks!)
Fix Description: We have to quote shell metacharacters before passing them to the shell. I added a new function shellEscape to use for this purpose. We really should shell escape anything passed to system() or back ticks ``. Certainly passwords should contain shell meta characters so I changed places where we use passwords to use shellEscape to pass them to pwdhash or migratecred. I also chomp() the output of migratecred to remove the trailing newline. With the fix, I was able to run setup with a root password of `~!@#$%^&*()\\|[]{}:;<>?/"\ and successfully authenticate.
Platforms tested: RHEL5
Flag Day: no
Doc impact: no
|
| |
|
|
|
|
|
|
|
| |
Description: Bug 480869 - DS console: Can not delete DS instance
Fix Description: Create instance was broken, so no instances could be created for purposes of deletion. Create instance was printing the following error:
Unable to find Pass Through Authentication Plug-In config entry.
This is because the search for this entry in AdminUtil.pm was getting an incorrect error message - something other than "Success"
This is because the FileConn->getErrorString() method was returning "0" instead of "Success".
Platforms tested: RHEL4
|
| |
|
|
|
| |
Summary: rhds80 64b el5.3 - db2ldif lock case
Description: Fixed double free, which confused the server operation and eventually crashed the server.
|
| |
|
|
|
|
|
|
|
|
| |
Bug Description: crash in reliab15 test
Reviewed by: nkinder (Thanks!)
Fix Description: There was still a small window of time during which the connection could be closed out from under the other thread which was sending/reading result. The solution is to use explicit locking using the conn->lock to protect access to the conn->ld. Since this also affected the total update code, I tested it under similar conditions, and found that it exhibited the same behavior. I added checking to the total update code to check for disconnection and coordinate access in the entry sending/result reading threads.
I also fixed a spurious error message about the sasl path.
Platforms tested: RHEL5
Flag Day: no
Doc impact: no
|
| |
|
|
|
|
|
|
|
| |
Bug Description: crash in reliab15 test
Reviewed by: nkinder (Thanks!)
Fix Description: My earlier fix was for the case where the result reader thread disconnects. But it looks like there is still a problem if the update sender thread disconnects out from under the reader thread. We need to use conn_connected() to test to see if the connection is connected before we attempt to access conn->ld in the result reader thread. I also improved the error messages so that I could tell if the errors were coming from the update sender thread or the result reader thread.
Platforms tested: RHEL5
Flag Day: no
Doc impact: no
|
| |
|
|
|
| |
Summary: move perl on solaris to a <TBD> path
Description: Changing Solaris perl path (perlexec) from /opt/perl5x/bin/perl to /usr/lib/sparcv9/dirsrv/perl5x/bin/perl.
|
| |
|
|
|
|
| |
Summary: slapi_ldap_init_ext needs to be modified due to the build failure on Solaris
Description: instead of replacing client_callbacks, set sasl path to SASL_PATH
using putenv.
|
| |
|
|
|
|
| |
Description: mapping tree code inconsistent about treatment of quoted node names
Reviewed by: nhosoi (Thanks!)
Fix Description: Look for (|(%s=\"%s\")(%s=%s))) when looking for mapping tree suffixes - there may be a quoted suffix, or one without quotes, so look for either
|
| |
|
|
|
|
|
|
|
|
| |
Bug Description: crash in reliab15 test
Reviewed by: nhosoi (Thanks!)
Fix Description: I could not reproduce the crash, but I think the problem is that the server is not handling the disconnection case correctly. It seems that in the event of disconnection (LDAP_SERVER_DOWN 81 - Can't contact server) the code would continue to read results.
repl5_inc_result_threadmain() will call conn_read_result_ex() in a loop. If conn_read_result_ex() detects a disconnection or an unrecoverable error, it will call conn_disconnect to close the connection, and return CONN_NOT_CONNECTED. Once this happens, the code must not use conn->ld any more. However, the code did not differentiate between the not connected case and other errors, so it would keep trying to read results (in case some errors are recoverable, the thread still has to read all of the pending results). The code has been fixed to handle disconnect cases specially. I also added some additional locking to make sure the result and the abort flags were set/read correctly. Finally, I changed the code that waits for results to come in, so that if the connection has been closed, it will just return immediately.
Platforms tested: RHEL5 x86_64
Flag Day: no
Doc impact: no
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bug Description: slapd crashes after changelog is moved
Reviewed by: nkinder, nhosoi (Thanks!)
Fix Description: There are a number of real fixes, mixed in with many changes for debugging and instrumentation.
1) When the update thread gets the changelog iterator, it will use _cl5AddThread to increment the count of threads holding an open handle to the changelog. When it releases the iterator, or if there were some error acquiring the database handle, it will decrement the thread count. The way it used to work was that it would increment the thread count when retrieving the DB object, but then would immediately decrement it, meaning it had an open handle to the database, but there was no way for the changelog code to know that (except via the reference count on the DB object itself).
2) Changed the AddThread code to increment the thread count outside of the state lock - this better fits the semantics of the other uses of threadcount which are outside of the lock.
3) The changelog code that closes the databases was not closing things down in the correct order. The first thing it must do is wait for all threads with open database handles or otherwise accessing the database to terminate. Once that is done, it can call _cl5DBClose() to actually close all of the databases. Otherwise, a race condition could cause a database to be accessed after it has been closed.
4) Added clcache cleanup code, and made it possible to re-init the clcache. The clcache was not designed to be dynamically closed and opened.
clcache is init-ed in _cl5Open
clcache_init is re-entrant
Added more code to clean up the clcache
Delete the clcache in _cl5Delete
5) The clcache stores the current buffer in a thread private storage area. If the clcache has been re-initialized, this buffer is also invalid and the clcache code must get a new buffer.
Platforms tested: RHEL5
Flag Day: no
Doc impact: no
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bug Description: During migration, if import fails for some reason,
the exact cause of why it was unable to open the LDIF is not logged.
Reviewed by: nhosoi (thanks!)
Files: see diff
Branch: HEAD
Fix Description: As discussed in the bug council, the fix is to just
report the actual error returned when the open() of the LDIF fails.
This reports the errno and a string description of the error in the
errors log (which is also output to stderr when running ldif2db).
Platforms tested: F9
Flag Day: no
Doc impact: no
|
| |
|
|
| |
Summary: Use backend name from inf when importing during setup.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bug Description: Performing a MOD operation to bring an entry into
the scope of a DNA managed range doesn't trigger DNA to generate
a new value. This happens since we check the DNA filter against
the existing entry instead of the resulting entry after the mods
are applied.
Reviewed by: rmeggins (thanks!)
Files: see diff
Branch: HEAD
Fix Description: This patch handles modify operations that bring entries
into or out of scope of a managed range. If you bring an entry into scope
(say by adding the appropriate objectclass), this will assign a value from
the range if the magic value or no value is supplied for the managed type.
Platforms tested: F9
Flag Day: no
Doc impact: no
|
| |
|
|
|
|
|
|
|
| |
Bug Description: unbind or abandon with unsupported critical controls does not close connection
Reviewed by: nkinder (Thanks!)
Fix Description: When an unbind request is received that has controls marked as critical, and we do not support those controls, we must treat them as non-critical controls and continue processing.
Platforms tested: RHEL4, RHEL5
Flag Day: no
Doc impact: no
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Bug Description: DS console: Can not delete DS instance
Reviewed by: nkinder (Thanks!)
Fix Description: As it turns out, my assumption that ds_remove in CGI mode also did the unregistration was false. It is the console that does the unregistration, only after the ds_remove CGI returns success. So, ds_remove needs to run with AdminSDK off, just like the other "special" CGI programs. In addition, ds_remove needs to be more robust - if there is an error during ds_remove, you should be allowed to try again after fixing something. However, the way the error handling worked did not differentiate between fatal errors and errors that could be ignored. In order to do this properly, we need to propagate the errors back up to the top level (oh how I wish perl had real exception handling . . .). The main type of error we need to ignore is file not found or process not found. If we attempted to remove before and that attempt failed for some reason, and left a partial instance, we need to be able to run the remove command again, skipping over the things we shutdown or removed already, and clean up the stuff we need to remove. This can also happen if you use the console to create a ds instance, and remove-ds.pl to remove the instance. The instance will still show up in the console. We need to be able to use the Remove Server in the console to remove the instance from the console, even through there is no physical instance on disk any more. Since the console will only do the unregistration if the CGI returns success, we need to make sure the CGI returns success even though there is no instance on disk. When ds_remove is run via ds_removal, it will do the unregistration.
I also took this opportunity to refactor the remove code, creating a removeDSInstance method in DSCreate.pm, and moving some of the other removal helper functions to Util.pm. That simplified the code in both ds_remove and remove-ds.pl.
I added a remove-ds-admin.pl script - one of the problems that users have is that they run setup-ds-admin.pl, then hit some error (e.g. bad DNS setup), then find that they cannot restore the system to the state before they ran setup-ds-admin.pl. remove-ds-admin.pl does this.
Finally, I added some man pages to the admin package for those commonly used commands.
Platforms tested: RHEL4
Flag Day: no
Doc impact: no
|
| |
|
|
|
|
| |
Description: CoS operational qualifier doesn't work
Reviewed by: rmeggins
Fix Description: If not using the default, the processing for that case was skipped due to the incorrect if test for pDefAttr. The fix is to move the test for pDefAttr into the lower condition, to make sure it is value before dereferencing it to check for attr_operational or attr_operational_default. The attr_operational || attr_operational_default test has been moved into the using_default && pDefAttr condition, and into the !using_default && pCache condition for the non default case. Parentheses have been added for readability.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bug Description: A crash occurs in the DNA plug-in when you delete an existing
value of a managed attribute.
Reviewed by: rmeggins (thanks!)
Files: see diff
Branch: HEAD
Fix Description: The DNA code was always expecting a value to be present when
processing a modify operation. The delete and replace modify operations can
be issues with no values. These operations were an oversight in the DNA code.
The fix adds cases to handle delete and replace modify operations. For a replace,
we check if we are replacing all values with nothing, and generate a new value from
the range. If we're processing a delete with no values specified, we also generate
a new value. If the delete has values specified, we check to see if the operation
leaves any values in the existing entry. If no existing values would remain after
the operation, we generate a new value.
Platforms tested: F9
Flag Day: no
Doc impact: no
|
| |
|
|
|
|
|
|
|
| |
Bug Description: overriding arguments to setup causes setup to fail
Reviewed by: ulf.weltman, nkinder (Thanks!)
Fix Description: Parameters specified on the command line should override and replace (not add to) any parameters specified in a given .inf file. I refactored the code a little too - I moved the argv processing into the Inf module out of the Setup and Migration modules. The code will first process the args and store the values in a temporary hash ref. Then it will process the temp hash ref, replacing the values in the main inf with the values from the hash.
Platforms tested: RHEL4
Flag Day: no
Doc impact: no
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Bug Description: migration results in incomplete admin server sie
Reviewed by: nkinder (Thanks!)
Fix Description: This is a redesign of one of the core pieces of the setup/migration code - the code that adds the LDAP entries in various places. For starters, I removed the code that would implicitly delete existing trees. This is the root cause of this bug, and other similar problems with setup/instance creation that have been reported. We should never implicitly delete entries. Instead, we should explicitly delete entries by using the changetype: delete in an LDIF template file.
Another source of problems was that to update an entry, we would delete it and add it back. This caused some configuration settings to be wiped out (e.g. encryption settings). We cannot do this any more. The LDIF template entries have been modified to have two sets of information for each entry that requires update - the entry to add if no entry exists (the full entry) or the changes to make to the entry if it does exist. The code in Util.pm has been changed to ignore duplicate entries and to ignore changes made to entries that do not exist.
Another source of problems with migration is that the error checking was not adequate, especially with FileConn and dse.ldif reading. The fix is to add better error checking and reporting in these areas of code, including error messages.
Yet another problem is the run_dir handling. On many platforms the run_dir is shared among all DS instances and the admin server. Older versions of the software allowed you to run the servers as root. We have to make sure run_dir is usable by the least privileged user of all of the servers.
Platforms tested: RHEL4
Flag Day: no
Doc impact: no
|
| |
|
|
| |
Summary: Check process name in initscript in a more cross-platform manner.
|
| |
|
|
|
| |
Description: slapd hang during cs80 cloning setup.
Fix Description: Not exactly related to the bug, but Noriko found a couple of places during investigation of internal add operations where the Slapi_Entry* could be leaked upon error. These fixes ensure that the entry is properly freed in case of error.
|
| |
|
|
|
|
|
|
|
| |
Bug Description: slapd hang during cs80 cloning setup.
Reviewed by: nhosoi (Thanks!)
Fix Description: If replication code attempts to add the RUV entry during replica configuration, and the add operation returns an error, the code will attempt to free the entry. This causes a double free. Internal add operations always consume and free the entry, success or failure. The solution is to set the entry to NULL just after adding it so the clean up code will not be able to free it again.
Platforms tested: RHEL5
Flag Day: no
Doc impact: no
|
| |
|
|
| |
Summary: Make init script verify that existing pidfile refers to a ns-slapd process.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bug Description: Cross Platform Migration Fails with: Unable to access
nsslapd-rundir: Bad address
Reviewed by: nkinder (Thanks!)
Fix Description: Need to add any new attributes added in 8.0 and 8.1 to
the ignoreOld hash table in the migration script. The way migration
works, it assumes an attribute is supported in both the old version and
the new version. So if the attribute is absent in the old entry and
present in the new entry, it assumes the user removed the attribute in
the old entry, so removes it in the new entry. The ignoreOld hash table
holds the list of attributes that we should ignore for the purposes of
attribute comparison. These are the attributes we just want to pass
through.
Platforms tested: RHEL5
Flag Day: no
Doc impact: no
|
| |
|
|
|
|
|
|
| |
Description: RFE change default place for kerberos keytabs
Fix Description: changed to
# KRB5_KTNAME=@instconfigdir@/myname.keytab ; export KRB5_KTNAME
Where @instconfigdir@ will usually expand to /etc/dirsrv
|
| |
|
|
|
|
|
|
|
| |
Bug Description: some cn=config options show up with incorrect value on 64-bit
Reviewed by: nkinder (Thanks!)
Fix Description: The get functions return a specific sized type (e.g. an int). We were assigning this to a void *. We cannot do this. We must assign the return value from the get function to the correct size and type variable. I changed the config code to do this. I also had a look at the database and chaining database config code which does similar things with void *, but that code works a little bit differently and appears to be ok.
Platforms tested: RHEL5 x86_64 (need to test on HP-UX)
Flag Day: no
Doc impact: no
|
| |
|
|
|
|
| |
Summary: Compare operation in nsaccountlock returns error
Description: Compare function for the CoS attribute cos_cache_cmp_attr failed
to set the result.
|
| |
|
|
| |
Summary: Added new remove-ds.pl script and manpage.
|
| |
|
|
|
| |
Description: referential integrity plugin incorrectly treats "rename" operations
Fix Description: join RDNs with "," instead of ", " to make the new DN - thanks to Andrey Ivanov (andrey.ivanov@polytechnique.fr)
|
| |
|
|
|
|
|
| |
Summary: nsIndexType allows a blank value but does not properly apply default indexes
Description: the values retrieved from the index entry were not checked whether
it's empty or not. With this fix, if it's empty, it issues an warning and
returns LDAP_OPERATIONS_ERROR.
|
| |
|
|
|
|
|
| |
Summary: Entry cache: invalid counter usage
Description: if new entry size is larger than old size, the delta is added to
the cache size using slapi_counter_add; otherwise, the delta is subtracted from
the cache size using slapi_counter_subtract.
|
| |
|
|
|
|
|
|
|
| |
Summary: timelimit not honored in some cases
Description: Range search operations could take longer time than the time limit
depending upon the data size, but there was no chance to check the time limit
in the code (index_range_read). Thus, once the range search operation has
started, it could have lasted far exceeding the specified time limit.
I introduced the time check in the range search function.
|
| |
|
|
| |
Summary: Only change permissions of certdb when it is newly created.
|
| |
|
|
|
|
|
| |
Summary: When password policy is on, replacing userpassword starting with
{clear} fails
Description: #484311 is not a bug; this change is just to improve the error
message.
|
