summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Bug 644608 - RHDS 8.1->8.2 upgrade fails to properly migrate ACIsHEADmasterNoriko Hosoi2010-10-221-1/+6
| | | | | | | | | https://bugzilla.redhat.com/show_bug.cgi?id=644608 Description: Previous cherry-pick commit 5cd9fc9826fd88b8672129e41523065c0b692c3b failed the merge for setting a special dup compare callback ai_dup_cmp_fn when it is set.
* Bug 644608 - RHDS 8.1->8.2 upgrade fails to properly migrate ACIsNoriko Hosoi2010-10-211-74/+84
| | | | | | | | | | | | | | | | | | | | | | | | | | | https://bugzilla.redhat.com/show_bug.cgi?id=644608 Description: Upgrade script ##upgradednformat.pl generates an ancestorid index file in which the entry IDs are not sorted in the index values. This was caused because 1. upgradednformat.pl copies db files to a work dir /path/to/db/<inst>/dnupgrade/<inst> and run upgradednformat against the work dir. 2. Since ancestorid index needs to be created from the scratch, import/upgradednformat code deletes the index and recreates it. 3. When creating the index file, dblayer_open_file checks if the to-be-opened index file is (in the standard location AND the file exists) or not. In this case, the condition is satisfied. Thus, the db is created using an absolute path and closed once. Then, it is reopened using a relative path. 4. Before opening an index file, callback functions for libdb are set. idl_new_compare_dups is one of them which is used to sort entry IDs in the secondary index attribute values. The setting is discarded by the close described in 3. This patch resets the db callbacks and flags after the close. Note: cherry-picked 058299aeaf48e34f4359f00cc05eb7186a80fc48
* Bug 629681 - Retro Changelog trimming does not behave as expectedNoriko Hosoi2010-10-202-3/+4
| | | | | | | | | https://bugzilla.redhat.com/show_bug.cgi?id=629681 Description: As reporter Oliver Thalmann (oliver.thalmann@chuv.ch) pointed out, retrocl_init_trimming was repeating the retrocl_ housekeeping event every 5000 minutes instead of 5 minutes. This patch fixes it to 5 minutes.
* Bug 645061 - Upgrade: 06inetorgperson.ldif and 05rfc4524.ldifNoriko Hosoi2010-10-201-1/+1
| | | | | | | | | | are not upgraded in the server instance schema dir https://bugzilla.redhat.com/show_bug.cgi?id=645061 Description: To replace 06inetorgperson.ldif and 05rfc4524.ldif in teh server instance schema dir, adding the 2 schema files to the toremove list in the schema upgrade script 60upgradeschemafiles.pl.
* bump version to 1.2.7.a3Rich Megginson2010-10-201-1/+1
|
* Bug 592397 - Upgrade tool dn2rdn: it does not clean upNoriko Hosoi2010-10-197-28/+101
| | | | | | | | | | | | | | | | | | | | | | | | | the entrydn in id2entry https://bugzilla.redhat.com/show_bug.cgi?id=592397 Description: If entries created by the 389 v1.2.5 or older, the primary db (id2entry.db4) contains "entrydn: <normalized dn>". Upgrading from the old version to v1.2.6 keeps the entrydn attribute type and its value even though v1.2.6 is not supposed to store the entrydn in the database. 1) This patch drops the entrydn attribute and value in upgrading the db. 2) If an ldif file contains entrydn attribute type and value, import (ldif2db[.pl]) ignores it. 3) A leak was found in the export (db2ldif[.pl]) which is fixed. 4) When nsslapd-subtree-rename-switch configuration attribute has the value "on", entrydn is not used nor created. But the server accepted reindexing entrydn request and generated an entrydn index file. This patch rejects it. 5) Entry and dn cache clear calls (cache_clear) are added to dblayer_instance_close in "#if defined(_USE_VALGRIND)", which is not defined. To enable the code, the server needs to be rebuilt with defining the macro. This is purely for debugging.
* Bug 305131 - Allow empty modify operationNathan Kinder2010-10-192-21/+1
| | | | | | | This patch allows an empty modify operation. We currently reject an empty modify operation, but this patch makes the empty operation update the modifyTimestamp and modifiersName attributes similar to a touch-type operation.
* Bug 644013 - uniqueness plugin segfault bugRich Megginson2010-10-181-1/+1
| | | | | | | | | | | | https://bugzilla.redhat.com/show_bug.cgi?id=644013 Resolves: bug 644013 Bug Description: uniqueness plugin segfault bug Reviewed by: self - one liner Branch: master Fix Description: Access the array pointer correctly Platforms tested: RHEL5 x86_64 Flag Day: no Doc impact: no
* Bug 643937 - Initialize replication version flagsNathan Kinder2010-10-182-0/+4
| | | | | | | The flags used to identity the replication protocol versions for 7.1 and 9.0 are not being initialized. This can cause the wrong protocol to be used when replicating to another server. This patch initializes the flags to 0 when the structures are created.
* Bug 643532 - Incorrect DNs sometimes returned on searchesNoriko Hosoi2010-10-151-8/+6
| | | | | | | | | https://bugzilla.redhat.com/show_bug.cgi?id=643532 Description: Some of the functions in ldbm_entryrdn.c uses static memory for reading data from the entryrdn index, where the static initializer should not have been used since the memory cannot be shared among threads. This patch fixes it.
* Bug 244229 - targetattr not verified against schema when setting an aciNoriko Hosoi2010-10-157-36/+74
| | | | | | | | | | | | | | | | | | | https://bugzilla.redhat.com/show_bug.cgi?id=244229 Description: 1. When acl contains targetattr keyword: (targetattr [!]= "attribute_1 || attribute_2 ...|| attribute_n"), where attribute_n does not contain '*', the current ACL plugin accepts any attribute_n value even if it is not defined in the schema. This patch rejects the aci if it contains attribute_n not defined in schema with this error message: NSACLPlugin - targetattr "attribute_n" does not exist in schema. Please add attributeTypes "attribute_n" to schema if necessary. The message is logged in the error log as well as returned to the client. 2. To implement 1, slapi APIs slapi_attr_syntax_exists is added. 3. An attributeTypes "connection" is added to 01core389.ldif which is referred in an aci of cn=monitor.
* Bug 555955 - Allow CoS values to be mergedNathan Kinder2010-10-141-8/+67
| | | | | | | | | | | | | | | | | | | | This patch adds the ability for CoS values to be merged and create multi-valued attributes. One can append "merge-schemes" the the end of the cosAttribute value in a definition entry to allow values to be merged. With a single indirect CoS definition, a merge will make CoS use each specifier attribute value in the target entry to look for CoS values in each of the found template entries. All of these values will then be applied to the target entry (with the exception of duplicate values). With multiple indirect CoS definitions for the same attribute, setting merge mode for all definitions will cause all of the definitions to be used to find the values to apply to the target entry. If merge-schemes is not defined for all of these definitions, the result is undefined (values from the first found CoS definition will be applied).
* remove extra format argument; use %lu for size_t printf formatRich Megginson2010-10-142-4/+3
| | | | | | Removed the extra proxydn format argument that was not being used Use %lu for size_t format arguments Reviewed by: nkinder (Thanks!)
* Bug 573889 - Migration does not remove deprecated schemaEndi S. Dewata2010-10-141-0/+5
| | | | | The DSMigration.pm has been modified such that it executes the update scripts including removing deprecated schema.
* bump version to 1.2.7.a2Rich Megginson2010-10-141-1/+1
|
* Bug 602456 - Allow to add any cn=config attributes;389-ds-base-1.2.7.a1Noriko Hosoi2010-10-134-9/+84
| | | | | | | | | | | | | | | | | | | | | allow to delete some cn=config attributes https://bugzilla.redhat.com/show_bug.cgi?id=602456 Description: 1. Originally, configuration attributes are designed not to allow adding or deleting, but to allow just replacing. Due to a defect in checking the add operation, adding (LDAP_MOD_ADD) is not rejected. Instead of fixing the add checking to disallow adding, this patch logs the operation in the error log. 2. On the other hand, deleting configuration attributes is rejected by LDAP_UNWILLING_TO_PERFORM. We have a request that some attributes need to allow to delete. This patch introduces a config attribute nsslapd-allowed-to-delete-attrs, which value is configuration attributes separated by a space ' '. If an attribute is in the list, the attribute is allowed to delete. The delete operation is also logged in the error log. By default, the list contains "nsslapd- listenhost" and "nsslapd-securelistenhost".
* Bug 586973 - Sample update ldif points to non-existent directoryNoriko Hosoi2010-10-121-1/+1
| | | | | | | | https://bugzilla.redhat.com/show_bug.cgi?id=586973 Description by rcritten@redhat.com: There are no files in /usr/share/dirsrv/ldif. This should be /usr/share/dirsrv/data/template-*.ldif
* Bug 586966 - Sample update script has syntax errorsNoriko Hosoi2010-10-121-5/+5
| | | | | | | https://bugzilla.redhat.com/show_bug.cgi?id=586966 Description: replacing the perl syntax with the corresponding shell syntax.
* Bug 637852 - sasl_io_start_packet: failed - read only 3 bytesNoriko Hosoi2010-10-111-40/+61
| | | | | | | | | | | | | | | | | of sasl packet length on connection 4 https://bugzilla.redhat.com/show_bug.cgi?id=637852 Description: A SASL packet is made from the 4 byte length and the length size of payload. When the first 4 bytes were not successfully received by one PR_Recv call, sasl_io_start_packet in sasl_io.c considered an error occurred and set PR_IO_ERROR, which terminates the SASL IO session. To give clients a chance to send the rest of the length in the next packet, this patch sets PR_WOULD_BLOCK_ERROR to the nspr error code and EWOULDBLOCK/EAGAIN to errno and once the succeeding packet comes in, it appends it to the previous incomplete length data and continues the SASL IO.
* Bug 544321 - remove-ds.pl should not throw error unlabelling portNathan Kinder2010-10-111-2/+2
| | | | | | | | When removing an instance using remove-ds.pl, a fatal error will be thrown when trying to remove the SELinux port label if the port is not labelled. This patch makes this case a non-error since there is no need to complain about removing a label if it has already been removed.
* Cov #16300 - Unused variable in account policy pluginNathan Kinder2010-10-081-2/+0
| | | | | The plugin_id variable is unused in acct_inact_limit(). This patch removes the unused variable.
* Bug 631993 - Log authzid when proxy auth control is usedNathan Kinder2010-10-0822-28502/+22916
| | | | | | This patch makes the access log entries for search, add, mod, del, and modrdn operations display the authzid that is used when the proxy authorization control is sent by the client.
* Bug 640854 - changelog db: _cl5WriteOperation: failed toNoriko Hosoi2010-10-063-2/+23
| | | | | | | | | | | | | | write entry; db error - 22 Invalid argument https://bugzilla.redhat.com/show_bug.cgi?id=640854 Description: DBENV open flags is used to determine the DB_OPEN mode whether to set DB_AUTO_COMMIT or not. The info was eliminated in the change made for "Bug 633168 - Share backend dbEnv with the replication changelog". This patch picks up the backend dbenv openflags and uses it for the changelog DB_OPEN.
* Bug 640027 - Naming attribute with a special char sequence parsing bugNoriko Hosoi2010-10-051-6/+50
| | | | | | | | | | | | | | | | | | | https://bugzilla.redhat.com/show_bug.cgi?id=640027 Description: When DN is made from RDNs containing escaped plus "\+", the dn normalizer considers the value could be nested multi- valued RDNs. (e.g., cn=C\=Z\+A\=X\+B\=Y\,o\=O,o=OO) In that case, multi-valued RDNs are sorted by the normalizer. (==> cn=A\=X\+B\=Y\+C\=Z\,o\=O,o=OO) The sample DN provided by Andrey Ivanov contains "\+", but that is not a separator for the multi-valued RDNs: cn=mytest\+\=-123'\;456,dc=example,dc=com The dn normalizer should have checked the possibility, as well. The check is added in this patch. Also, sorting was not triggered if multi-valued RDNs are located at the end of the value. (e.g., cn=C\=X\,B\=Y\+A\=Z,o=OO) The bug was fixed, as well.
* Bug 625335 - Self-write aci has permission to invalid attributeNathan Kinder2010-10-051-1/+1
| | | | | | | | | | | | The Console throws an error dialog when you attempt to edit the default self-write ACI. The Console thinks that the labeledURL attribute is not valid sicne it does not properly handle attributes that use anything other than the primary short name. This patch changes the default ACI to use the primary short name of labeledURI instead of labeledURL. Fixing the Console to handle non-primary short names will be dealt with in another bug in the future.
* Bug 639289 - Adding a new CN entry with UpperCase UTF-8 CharacterNoriko Hosoi2010-10-052-1/+4
| | | | | | | | | | | | | | | | https://bugzilla.redhat.com/show_bug.cgi?id=639289 Description: There was a bug in the utf8 uppe2Lower table: Character İ (LATIN CAPITAL LETTER I WITH DOT ABOVE) did not map to the corresponding LATIN SMALL LETTER DOTLESS I (2 bytes) but to ascii 'i' (1 byte). The shortened DN tailed with a garbage character and the entry was treated as an orphan entry which does not belong to any suffix. This patch fixes the mapping table mismatch as well as adds a code to dn_ignore_case_to_end to force to NULL terminate the converted string.
* Bug 628096 - spurious error message from /sbin/service when doing a stop on ↵Endi S. Dewata2010-10-051-100/+101
| | | | | | | | | | | no instances https://bugzilla.redhat.com/show_bug.cgi?id=628096 The initscript.in has been modified such that it will suppress the error message from the ls command and generate a consistent error message for all commands in case there is no instance configured.
* fix typos in Makefile.am, acctpolicy schemaacctpolicyRich Megginson2010-10-013-3/+3
| | | | Fixed some typos and copy/paste errors in Makefile.am and acctpolicy schema
* add support for global inactivity limitRich Megginson2010-10-013-8/+42
| | | | | | | | if the attribute accountInactivityLimit is specified in the global config entry cn=config,cn=Account Policy Plugin,cn=plugins,cn=config, it will be the default inactivity limit - if there is an account policy specified by acctPolicySubentry, that one will take precedence over the global policy
* do not register pre/post op plugins if disabledRich Megginson2010-10-011-0/+8
| | | | | | the main init function is responsible for looking to see if it is enabled and should not do any further processing, including registering the pre/post op plugins, if it is disabled
* fix pblock memory leakRich Megginson2010-10-011-28/+11
| | | | | acct_record_login() should use and destroy the pblock locally - it does not need to be passed in from the calling function
* add the account policy plugin and related server code, schema, and configRich Megginson2010-10-0124-21012/+32693
| | | | | | | | | | | Add the account policy plugin and related server code, schema, and config A new switch to configure has been added --enable-acctpolicy - this is enabled by default - so the plugin and the schema will be built and installed by default the plugin will be in dse.ldif, but will be disabled by default The original contribution had some minor problems with the schema and config entries - these have been cleaned up The original contribution had a few memory leaks - these have been cleaned up
* openldap ber_init will assert if the bv->bv_val is NULLRich Megginson2010-10-0112-13/+50
| | | | | | | | | | Have to ensure that all usage of ber_init in the server checks to see if the bv->bv_val is non-NULL before using ber_init, and return the appropriate error if it is NULL Also fixed a problem in dna_extend_exop - would not send the ldap result to the client in certain error conditions Reviewed by: nhosoi (Thanks!) Tested on: RHEL5 x86_64
* Bug 522055 - Scope check for managed attribute failsNathan Kinder2010-10-011-1/+2
| | | | | | | | | | | When using the linked attribute plug-in, an entry that is renamed that is outside of the scope of the plug-in will cause the forward links in other entries to be updated if they contain a managed attribute type. We need to check if the new DN of the renamed entry is within the scope of the configured linked attributes before updating forward links.
* Bug 635987 - Incorrect sub scope search result with ACL containing ldap:///selfNoriko Hosoi2010-09-241-5/+9
| | | | | | | | | | | | | | | | | | https://bugzilla.redhat.com/show_bug.cgi?id=635987 Description: This commit made for the bug 635987 introduced a bug to replication. commit 8ac525e5ac997378f4f2a386e9b96568c8d66db5 Author: Noriko Hosoi <nhosoi@redhat.com> Date: Tue Sep 21 15:12:07 2010 -0700 subtree_candidates (ldbm_search.c) If you do have a tombstone filter, descendants will be NULL, and idl_intersection of candidates and descendents will wipe out all of the candidates, leaving just the one entry, e->ep_id. Changed to call idl_intersection only when the filter is not for tombstone or entryrdn_get_noancestorid (false, by default).
* Bug 630091 - (cov#11973) Array overrun in libaccessNathan Kinder2010-09-241-4/+10
| | | | | | | | When going through the exceptions table in libaccess, we don't check if we are at the last pair of elements in the array before incrementing to the next pair. This patch adds checks to see if we are at the last pair of elements and avoids the increment if necessary.
* Bug 634561 - Server crushes when using Windows Sync AgreementRich Megginson2010-09-234-10/+12
| | | | | | | | | | | | | | | | | | | | | | | | | | https://bugzilla.redhat.com/show_bug.cgi?id=634561 Resolves: bug 634561 Bug Description: Server crushes when using Windows Sync Agreement Reviewed by: ??? Branch: master Fix Description: The regular replication protocol and the windows sync protocol have two completely different struct repl_connection. They are almost the same, almost identical fields, but they are different. When additional fields were added to the struct repl_connection, not at the end of the structure, and identical changes were not made to the struct repl_connection in windows_connection.c, the structures got out of sync. The authors tried to anticipate this condition by providing windows_ versions of all of the conn_ functions. We were not using the windows_ versions of these functions in all places in the winsync code. The fix is to use the windows_ versions of these functions throughout the winsync code, and to make the struct repl_connection the same size up through the char *plain field. If additional fields are added to either structure at the end, this problem should not occur in the future. Platforms tested: RHEL5 x86_64 Flag Day: no Doc impact: no (cherry picked from commit 4bd78323d0bb1299a19e0ed1feebc79ff997c92f)
* Bug 606920 - anonymous resource limit- nstimelimit -Noriko Hosoi2010-09-221-12/+24
| | | | | | | | | | | also applied to "cn=directory manager" https://bugzilla.redhat.com/show_bug.cgi?id=606920 Description: Client side sizelimit / timelimit request should be honoured by the Directory Manager, too. Changing the time/ sizelimit evaluation so that if client side request exists, the value is set even if the bind user is the directory manager.
* Bug 635987 - Incorrect sub scope search result withNoriko Hosoi2010-09-211-6/+4
| | | | | | | | | | | | | ACL containing ldap:///self https://bugzilla.redhat.com/show_bug.cgi?id=635987 Description: When a basedn has no descendants, the code to take an intersection of idl (which was returned from the filter search -- filter_candidates) and the basedn was skipped in subtree_candidates (ldbm_search.c). Regardless of descendants, the intersection should be taken for the idl and a tree starting with the basedn. Note: This bug was introduced with entryrdn.
* Bug 630092 - Coverity #11992,11993: Resource leaks issuesEndi Sukma Dewata2010-09-201-0/+4
| | | | | | | | | https://bugzilla.redhat.com/show_bug.cgi?id=630092 Description: The acl_Parse() has been modified to release newacls and newaclv when an error occurs.
* Bug 630092 - Coverity #11985: Resource leaks issuesEndi Sukma Dewata2010-09-171-0/+1
| | | | | | | | | https://bugzilla.redhat.com/show_bug.cgi?id=630092 Description: The str2simple() has been modified to release unqstr when an error occurs.
* Bug 630092 - Coverity #12003: Resource leaks issuesEndi Sukma Dewata2010-09-171-0/+1
| | | | | | | | | https://bugzilla.redhat.com/show_bug.cgi?id=630092 Description: The cos_cache_add_defn() has been modified to release theDef when an error occurs.
* Bug 630092 - Coverity #12000: Resource leaks issuesEndi Sukma Dewata2010-09-171-2/+2
| | | | | | | | | https://bugzilla.redhat.com/show_bug.cgi?id=630092 Description: The plugin_setup() has been modified to release the value before it returns.
* Bug 630092 - Coverity #11991: Resource leaks issuesEndi Sukma Dewata2010-09-171-3/+1
| | | | | | | | | https://bugzilla.redhat.com/show_bug.cgi?id=630092 Description: The acllas__client_match_URL() has been modified to release the hostport before it returns.
* Bug 630092 - (cov#12068) Resource leak in certmap codeNathan Kinder2010-09-171-0/+1
| | | | | | The ldapu_propval_list_free() function was freeing the nodes in the list, but not the list itself. We need to free the list itself after all of the nodes have been freed.
* Bug 630092 - (cov#12105) Resource leak in pwdscheme config codeNathan Kinder2010-09-171-1/+1
| | | | | We don't free new_scheme if the password encode function is not set. We need to free new_scheme in this error case.
* Bug 630092 - (cov#12116) Resource leak in ldclt codeNathan Kinder2010-09-171-5/+13
| | | | | | There is a chance that we leak the memory pointed to by the new variable if we never have one of the ldclt contexts point to it. We need to jump to the error label in this case to free the memory.
* Bug 630092 - Coverity #15497: Resource leaks issuesEndi Sukma Dewata2010-09-171-0/+1
| | | | | | | | | https://bugzilla.redhat.com/show_bug.cgi?id=630092 Description: The moddn_rename_children() has been modified to release child_entry_copies before it returns.
* Bug 630092 - Coverity #15490: Resource leaks issuesEndi Sukma Dewata2010-09-171-0/+1
| | | | | | | | | https://bugzilla.redhat.com/show_bug.cgi?id=630092 Description: The import_producer() has been modified to release ep when an error occured.
* Bug 630092 - Coverity #15487: Resource leaks issuesEndi Sukma Dewata2010-09-171-0/+2
| | | | | | | | | https://bugzilla.redhat.com/show_bug.cgi?id=630092 Description: The index_set_entry_to_fifo() has been modified to release ep when the job is aborted.
generated by cgit (git 2.34.1) at 2024-04-19 16:07:27 +0000