| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
| |
Summary: move perl on solaris to a <TBD> path
Description: Changing Solaris perl path (perlexec) to /usr/lib/sparcv9/dirsec/perl5x/bin/perl.
|
|
|
|
|
| |
Summary: move perl on solaris to a <TBD> path
Description: Changing Solaris perl path (perlexec) from /opt/perl5x/bin/perl to /usr/lib/sparcv9/dirsrv/perl5x/bin/perl.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bug Description: Support server-to-server SASL - part 1
Reviewed by: nkinder, nhosoi, ssorce (Thanks!)
Fix Description: I've created two new functions to handle the client side of LDAP in the server - slapi_ldap_init_ext and slapi_ldap_bind. These two functions are designed to work with any connection type (ldap, ldaps, ldap+starttls, and eventually ldapi) and bind type (plain, sasl, client cert). The secure flag has been extended to use a value of 2 to mean use startTLS. One tricky part is that there is no place to store the startTLS flag in init to pass to bind, so we store that in the clientcontrols field which is currently unused. We do that because the semantics of ldap_init are not to do any network traffic, but defer that until the bind operation (or whatever the first actual operation is e.g. start_tls). I plan to replace all of the places in the code that do ldap init and bind with these functions.
I started with replication. I extended the transport to add tls for startTLS and the bind method to add sasl/gssapi and sasl/digest-md5. I removed a lot of code from repl5_connection that is now done with just slapi_ldap_init_ext and slapi_ldap_bind. One tricky part of the replication code is that it polls the connection for write available, using some ldap sdk internals. I had to fix that code to work within the public ldap api since nspr and sasl muck with the internals in different incompatible ways.
Finally, there is a lot of new kerberos code in the server. The way the server does sasl/gssapi auth with its keytab is similar to the way it does client cert auth with its ssl server cert. One big difference is that the server cannot pass the kerberos identity and credentials through the ldap/sasl/gssapi layers directly. Instead, we have to create a memory credentials cache and set the environment variable to point to it. This allows the sasl/gssapi layer to grab the credentials for use with kerberos. The way the code is written, it should also allow "external" kerberos auth e.g. if someone really wants to do some script which does a periodic kinit to refresh the file based cache, that should also work.
I added some kerberos configure options. configure tries to first use krb5-config to get the compiler and linker information. If that fails, it just looks for some standard system libraries. Note that Solaris does not allow direct use of the kerberos api until Solaris 11, so most likely Solaris builds will have to use --without-kerberos (--with-kerberos is on by default).
Fixed a bug in kerberos.m4 found by nkinder.
ssorce has pointed out a few problems with my kerberos usage that will be addressed in the next patch.
Changed the log level in ldap_sasl_get_val - pointed out by nkinder
Platforms tested: Fedora 9, Fedora 8
Flag Day: yes
Doc impact: oh yes
|
|
|
|
| |
Summary: Added 64-bit atomic functions for platforms lacking built-ins.
|
|
|
|
| |
Summary: Convert counters to 64-bit capable Slapi_Counter type.
|
|
|
|
|
|
|
| |
Summary: LDAPI: when nsslapd-ldapiautodnsuffix doesn't exist - Bind is incorrect
Description:
- introducing --enable-auto-dn-suffix option to configure (disabled by default)
- building the auto-dn-suffix code only when the option is set
|
|
|
|
|
|
|
|
|
|
|
|
| |
Summary: (64bitcounters) rhds 7.1 - server stats use 32-bit integers -
entrycachehitratio 1503%
Change description:
1) Makefile.am: instead of the inline assembly langauge file .il, include an
independent .S file to the libslapd_la_SOURCES list.
2) add AM_PROG_AS to configure.ac to accept CCAS and CCASFLAGS.
3) slapi_counter.c: adjusted to slapi_counter_sunos_sparcv9.S.
4) add slapi_counter_sunos_sparcv9.S
5) remove slapi_counter_sunos_sparcv9.il
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Reviewed by: nhosoi (Thanks!)
Fix Description: The intptr_t and uintptr_t are types which are defined as integer types that are the same size as the pointer (void *) type. On the platforms we currently support, this is the same as long and unsigned long, respectively (ILP32 and LP64). However, intptr_t and uintptr_t are more portable. These can be used to assign a value passed as a void * to get an integer value, then "cast down" to an int or PRBool, and vice versa. This seems to be a common idiom in other applications where values must be passed as void *.
For the printf/scanf formats, there is a standard header called inttypes.h which defines formats to use for various 64 bit quantities, so that you don't need to figure out if you have to use %lld or %ld for a 64-bit value - you just use PRId64 which is set to the correct value. I also assumed that size_t is defined as the same size as a pointer so I used the PRIuPTR format macro for size_t.
I removed many unused variables and some unused functions.
I put parentheses around assignments in conditional expressions to tell the compiler not to complain about them.
I cleaned up some #defines that were defined more than once.
I commented out some unused goto labels.
Some of our header files shared among several source files define static variables. I made it so that those variables are not defined unless a macro is set in the source file. This avoids a lot of unused variable warnings.
I added some return values to functions that were declared as returning a value but did not return a value. In all of these cases no one was checking the return value anyway.
I put explicit parentheses around cases like this: expr || expr && expr - the && has greater precedence than the ||. The compiler complains because it wants you to make sure you mean expr || (expr && expr), not (expr || expr) && expr.
I cleaned up several places where the compiler was complaining about possible use of uninitialized variables. There are still a lot of these cases remaining.
There are a lot of warnings like this:
lib/ldaputil/certmap.c:1279: warning: dereferencing type-punned pointer will break strict-aliasing rules
These are due to our use of void ** to pass in addresses of addresses of structures. Many of these are calls to slapi_ch_free, but many are not - they are cases where we do not know what the type is going to be and may have to cast and modify the structure or pointer. I started replacing the calls to slapi_ch_free with slapi_ch_free_string, but there are many many more that need to be fixed.
The dblayer code also contains a fix for https://bugzilla.redhat.com/show_bug.cgi?id=463991 - instead of checking for dbenv->foo_handle to see if a db "feature" is enabled, instead check the flags passed to open the dbenv. This works for bdb 4.2 through bdb 4.7 and probably other releases as well.
Platforms tested: RHEL5 x86_64, Fedora 8 i386
Flag Day: no
Doc impact: no
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Bug Description: Lack of manpages
Reviewed by: nhosoi (Thanks!)
Branch: HEAD
Fix Description: This adds man pages for the command line utilities. The configure.ac diffs were a little bit tricky - apparently, mandir is not set to a correct default value, so we have to make sure we set a reasonable default value it if the user has not set it (e.g. rpmbuild will override it with --mandir=something).
Platforms tested: Fedora 8, Fedora 9
Flag Day: no
Doc impact: no
|
| |
|
|
|
|
|
|
| |
Summary: LDAPI: introduce --enable-autobind to support AUTOBIND
Description: --enable-autobind is supported. Unless it's set, the auto-bind
code is not compiled in.
|
| |
|
| |
|
| |
|
|
|
|
| |
Summary: Don't define _XOPEN_SOURCE_EXTENDED on HP-UX.
|
|
|
|
| |
Summary: Solaris: warnings reported by the Solaris compiler
|
|
|
|
| |
Summary: HP-UX: warnings reported by the HP-UX compiler
|
|
|
|
| |
Summary: Install SNMP subagent mibs.
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bug Description: init script modification needed for kerberos auth
Reviewed by: nhosoi (Thanks!)
Fix Description: I just took Simo's initial patch and ran with it. The initconfigdir parameter is the directory containing the config file for the init script. configure will first try to use $(sysconfdir)/sysconfig, then $(sysconfdir)/default (Solaris and Debian, among others), then the package config directory (the default on HP-UX), for this parameter. The init script and startup script will look in the initconfigdir to find the init config file to source. For directory server, an instance specific file can be used, named e.g. dirsrv-localhost which will apply to the slapd-localhost instance only.
A default init config file is provided for dirsrv and dirsrv-admin, with some examples of how it could be used.
Platforms tested: RHEL5 x86_64
Flag Day: Yes - autotool file changes
Doc impact: Yes. We will need to document how the user can supply environment to the servers at startup time without having to edit the init scripts or the startup scripts.
QA impact: should be covered by regular nightly and manual testing
New Tests integrated into TET: none
|
|
|
|
| |
Summary: Set SASL_PATH in ldclt wrapper script.
|
|
|
|
| |
Summary: Support FHS opt layout for perldir and propertydir.
|
|
|
|
|
|
|
|
|
|
| |
Bug Description: Change filesystem path naming from "fedora-ds" to "dirsrv"
Reviewed by: nkinder (Thanks!)
Fix Description: Mostly just changing the package name in configure.ac, and making sure we consistently use that in path naming (e.g. /etc/@PACKAGE_NAME@ or /etc/@PACKAGE_NAME_BASE@ for adminserver).
Platforms tested: RHEL4, FC6
Flag Day: no
Doc impact: Oh yes.
QA impact: Any existing tests that depend on /path/brand-ds will need to change to use dirsrv. It is highly encouraged to use a macro or variable for the package name in any scripts to minimize the impact of future package name changes.
|
|
|
|
|
|
|
|
|
|
| |
Bug Description: improve perldap script execution ability on bundled platforms
Reviewed by: nkinder (Thanks!)
Fix Description: Most platforms will just use perl from PATH. However, on Solaris and HP-UX, we have to use special 64 bit versions to execute perldap, since perldap is 64 bit on those platforms. Also, if bundling all of the dependent components into the single package, we need to make sure the perl library path is set correctly to find perldap.
The last step will be to build our version of perldap on the bundled platforms to use rpath to point to the correct runtime library location.
Platforms tested: RHEL4, HP-UX 11.23 IPF 64 bit
Flag Day: no
Doc impact: no
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bug Description: Replace ds_newinst binary with perl script
Reviewed by: nhosoi (Thanks!)
Fix Description: The time has come. We can finally get rid of the instance creation C code
once and for all. I've created a DSCreate module that has all of the functionality of the old
create_instance.c code, along with a few items from ldap/admin/lib. The way it works is
this: it first creates the dse.ldif file using template-dse.ldif and the suffix-db template to
create the initial db and suffix. It then adds additional optional configuration depending
on what optional features have been enabled. It creates other config files and copies in
the schema. It then initializes the database. It uses a template file based on the type of
entry implied by the suffix, then adds the default ACIs. If the user chose to do so, it
will also create the ou=people, ou=groups, etc. entries. The user can also supply an LDIF
file which will be used to populate the initial database, in which case none of the default
entries or ACIs will be used. It then starts the server (if desired).
I had to create a function makePaths that works like mkdir -p except that it will chown,
chgrp, and chmod all paths created.
I had to change the other places where instance creation was called to use the new
calling semantics. ds_create changed quite a bit, since it can just use an Inf to pass in the
information instead of calling ds_newinst as a CGI program.
I had to change FileConn to add support for namingContexts (i.e. entries with no parent),
and to have it write each change each time, and to return copies of entries when searching,
to avoid modifying the tree in place. This makes it act much more like LDAP.
I found and fixed a few bugs in Migration along the way that were revealed while integrating
the new DSCreate code.
Platforms tested: RHEL4, FC6
Flag Day: Yes. New instance creation code and autotool changes.
Doc impact: no
|
|
|
|
|
|
|
|
| |
Summary: Configure Pass Thru Auth (comment #8, #9)
Description: 1) Introducing BaseVersion (*.inf files) via PACKAGE_BASE_VERSION
(configure.ac) to generate #.# format version number from #.#.#. The #.#
format version number is used in the jar file names
2) Updated Util.pm.in to include ACIs to the search result.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Description: Move DS Admin Code into Admin Server - ldif templates, pwdhash
Reviewed by: nhosoi (Thanks!)
Fix Description: These changes are primarily to allow the admin server setup to run completely in perl with no more setuputil code.
1) Added LDIF templates for DS config. template-dse.ldif is the core minimal directory server configuration. Values can be replaced with parameters in the same style as used with register_server.pl - %token%. For the plugin entries, the plugin shared library name is now just a name. There is no more full path. The code in dynalib.c handles this case by using the compiled in PLUGINDIR. The NSPR function PR_GetLibraryName knows the correct shared lib suffix for the platform. All of this allows us to do 2).
2) Added ability to run pwdhash with no server configuration. If no configuration is given, it uses the template-dse.ldif above. And instead of having to worry about where the plugins are installed and the shared lib suffix, it just depends on the above changes. This allows us to generate password hashes during setup before the directory server instance is created, and also to keep clear text password usage to a minimum.
3) Added defaultuser and defaultgroup.
4) Added support for continuation lines in Inf files.
5) All user visible messages during setup should be localizable
Platforms tested: RHEL4
Flag Day: Yes, autotool file changes.
Doc impact: Yes, along with the previous fixes for this bug.
|
|
|
|
|
| |
Summary: Move DS Admin Code into Admin Server (Comment #62)
Description: providing slapd.inf having the DS static info for the setup/config
|
|
|
|
|
|
|
|
|
|
|
| |
Description: Move DS Admin Code into Admin Server
Fix Description: The Resource class needs to support more than 1 resource file e.g. for ds-base and ds-admin.
The property dir should be under $datadir. Property files are data files, not really config files.
Added a shared_lib_suffix token
Fixed some wording errors in the resource file.
Platforms tested: RHEL4
Flag Day: no
Doc impact: No new doc impact from previous commits for this bug.
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Description: Move DS Admin Code into Admin Server
Fix Description: This adds the setup related perl modules, scripts, and resource files to the DS base code. This will allow a user to interactively setup (create an instance of) a directory server. This will also form the base of the work to add the console and admin server related setup code.
New files/directories:
$libdir/fedora-ds/perl - this is where the perl modules (Setup.pm, etc.) will be installed.
$bindir/setup-ds.pl - the script to use to interactively create an instance of directory server. This has use lib '$libdir/fedora-ds/perl' hard coded into it at build time, in order to find the "private" setup perl modules. If you invoke this script in silent mode (setup-ds.pl -s) then it is exactly the same as just using ds_newinst.pl.
$sysconfdir/fedora-ds/property/setup-ds.res - Resources for setup-ds.pl and the associated modules.
I also fixed a problem with the libns-dshttpd linkage.
Platforms tested: RHEL4
Flag Day: no
Doc impact: Yes. All of these new items will need to be documented.
|
|
|
|
|
|
|
|
|
|
|
| |
Description: bitwise matching plugin
Fix Description: Samba requires backend LDAP servers to support bitwise operations. This is to support search filters like this:
(|(|(&(!(groupType:1.2.840.113556.1.4.803:=1))(groupType:1.2.840.113556.1.4.803:=2147483648)(groupType:1.2.840.113556.1.4.804:=10))(samAccountType=805306368))(samAccountType=805306369))
Note: This patch works for Samba's tests, but hasn't been more broadly or specifically tested.
This commit also adds an --enable-bitwise option to configure (enabled by default - use --disable-bitwise to disable it) and adds the plugin entry to the configuration during new instance creation.
Platforms tested: FC5/FC6
|
|
|
|
| |
Summary: Modified the with-fhs and with-fhs-opt configure options
|
|
|
|
| |
Summary: Added a configure option for FHS optional software layout style.
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Bug Description: Rename fedora-ds to fedora-ds-base (The package breaks
an previous installation of the Fedora DS!!)
Reviewed by: nhosoi, dgilmore (Thanks!)
Fix Description: As it turns out, only the spec file will have to change. It is ok that we have a package named pkgname-base that uses paths like /etc/pkgname and service pkgname. So this diff has been revised to simply bump the version in the code to differentiate it from the previously withdrawn fedora-ds in Fedora Extras.
Platforms tested: RHEL4, FC6
Flag Day: No.
Doc impact: No.
|
|
|
|
|
|
|
|
|
| |
Bug Description: Add enable switches for optional/experimental features
Reviewed by: nkinder, nhosoi, prowley (Thanks!)
Fix Description: Added --enable-pam-passthru, --enable-dna, and --enable-ldapi. They are all on by default and must be explicitly disabled (--disable-pam-passthru). These all cause ENABLE_xxx to be defined for C code so that we can enclose the code in #ifdef ENABLE_PAM_PASSTHRU blocks, for example. For the first two, these also cause the plugins to be built - so that if you specify --disable-pam-passthru, the plugin code will not be built at all. I discovered a nifty autoconf macro called AS_HELP_STRING - this nicely formats the help messages output by configure --help. I don't know if it's worth going through all of our m4 code to use this, but I went ahead and fixed configure.ac. Create instance will now add plugin configuration entries (but disabled) for pam passthru and dna if the corresponding ENABLE_ macros are defined. I also fixed a bug with passthru (not pam passthru) - the plugin configuration entry was not being added.
Platforms tested: RHEL4, FC6
Flag Day: no
Doc impact: no
|
|
|
|
|
|
|
|
|
| |
Bug Description: Solaris build: link shared libs correctly with libtool
Reviewed by: nkinder, prowley (Thanks!)
Fix Description: We have to use the $(CXXLINK) Makefile macro to build shared libs that use C++ code or link with C++ libs. In addition, Sun C++ link needs -lCstd and -lCrun. I added AC_DISABLE_STATIC so that we wouldn't generate all the .a libs we don't use. Lastly, but not leastly, libtool on rhel/fedora has a "feature" that adds several gcc-isms to the libtool script generated by configure. At best, these cause builds with non-gcc compilers to complain quite a bit, and at worst, cause the build to fail. I've added a sed command in configure to remove these gcc-isms from libtool on non-gcc platforms.
Platforms tested: RHEL4, FC6, Solaris 9
Flag Day: no
Doc impact: no
|
|
|
|
| |
Summary: Fixed build flags for compiling with pthread on HP-UX.
|
| |
|
|
|
|
|
|
|
|
|
| |
Bug Description: FHS: use sysconfdir (/etc) as config file location - allow builders to set dynamic config directory location at configure time
Reviewed by: nhosoi, nkinder, prowley (Thanks!)
Fix Description: I've added a new configure switch: --with-instconfigdir. This switch will allow the user to specify a different location to store the dynamic instance specific config files rather than the default $sysconfdir/$package_name (e.g. /etc/fedora-ds). This is the directory which will contain the slapd-instance directories which contain the instance specific config, schema, and security files. Even though the user could override this with ds_newinst.pl ([slapd] section config_dir), we needed to be able to set the default so that the user would not have to remember to do this every time, and so that packagers could set a reasonable default value for their platform.
Platforms tested: FC6, RHEL4
Flag Day: no
Doc impact: no
|
|
|
|
| |
Summary: Added --enable-bundle option for legacy builds.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bug Description: Add support for /etc/init scripts
Reviewed by: nkinder (Thanks!)
Fix Description: Add the new initscript. The initscript is called $PACKAGE_NAME which by
default is fedora-ds. This script is created from wrappers/initscript.in,
sed'd by the fixupcmd in Makefile.am during make install. The way it works is
this: service fedora-ds cmd will execute the cmd on all instances (found in
/etc/fedora-ds by default). service fedora-ds cmd instance will execute cmd on
only that instance. So if you have
/etc/fedora-ds/slapd-foo
/etc/fedora-ds/slapd-bar
and you do
service start fedora-ds
it will start up both slapd-foo and slapd-bar. If you do
service start fedora-ds bar
it will start up only slapd-bar. If you do
service start fedora-ds biff
you will get an error message. The initdir is platform specific (e.g.
/etc/rc.d/init.d on linux, /etc/init.d on Solaris) so the
definition was added to the platform dependent section of configure.ac.
The init script is explicitly branded, including the filename. I needed to add
support to the autotool files so that we could change the name of the file.
Since package_name is defined when you use the AC_INIT macro in configure.ac,
we don't need to define it elsewhere (e.g. #define BRAND_DS). So I added the
branding and other information to the autotool files, and changed
create_instance to use package_name instead of brand_ds to be consistent.
Having the package_name defined in much fewer places should make it much easier
to change in the future if necessary.
I also fixed a compiler warning in ldaprot.h.
Platforms tested: RHEL4, FC6
Flag Day: no
Doc impact: Yes. We need to document how to use the initscript, and how to enable startup on boot - chkconfig fedora-ds on
|
|
|
|
|
|
|
|
|
|
| |
Bug Description: Solaris build: Need to add other libs for autotool build
Reviewed by: nhosoi (Thanks!)
Fix Description: The AC_CHECK_LIB test for db_create needs -lnsl because libdb links with it on Solaris. Other executables require -lnsl, -lsocket, and -ldl. The strategy is to put these in the platform specific section in configure.ac so they can be exported to the Makefile. Then we can just use the macros directly in Makefile. On platforms where these are not required, they will evaluate to empty.
There was a bug in the regexp that derived the libdir from pkg-config in several m4 files. We needed to use .* instead of just *. pkg-config --libs-only-L returns multiple paths on Solaris but not on linux.
Platforms tested: Solaris 9
Flag Day: no
Doc impact: no
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Bug Description: Move script-templates from sysconfdir to datadir
Reviewed by: nkinder, dennis (Thanks!)
Files: see diff
Branch: HEAD
Fix Description: Just change sysconfdir to datadir in both the Makefile.am (which controls where the files are put during installation) and in create_instance.c (which controls where instance creation looks for the templates to use them to create the real scripts).
Platforms tested: RHEL4
Flag Day: no
Doc impact: no
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bug Description: Allow building on Fedora
Reviewed by: nhosoi (Thanks!)
Fix Description: There are a few issues with building on Fedora (5 or later):
1) Need to be able to build with db4.2, db4.3, db4.4, etc. This version
auto-detects the db version from the db.h file it finds. In order to use a
different db version, just use configure --with-db=path or --with-db-inc=path that points to a
different db.h
2) mozldap and svrcore are now part of Fedora, so we need to look for those
components. Look for mozldap6 first to allow building on RHEL-4 as well.
mozldap now includes libldif, so add that to the link line.
svrcore-devel is now just svrcore - a svrcore runtime package and a
svrcore-devel build time package.
3) FHS means FHS - /etc, /var/, prefix=/usr and exec_prefix=/usr. It doesn't
make any sense to talk about FHS under a prefix. This means the default build
will do /opt/fedora-ds/etc, var, lib, bin, share, and so on instead of /opt/fedora-ds/usr/etc. --with-fhs resets prefix=/usr and exec_prefix=/usr, and overrides the default settings for sysconfdir and localstatedir
So, different build types:
FHS - use configure --with-fhs - uses /etc, /var, /usr/lib, /usr/share, etc.
Nothing - configure - uses /opt/fedora-ds/etc/, var/, bin/, lib/, etc.
GNU style - configure --prefix=/usr/local - /usr/local/etc, /usr/local/bin, /usr/local/var, and so on
Developers can use configure --prefix=/home/user/fds && make && make install to install local versions
Platforms tested: FC-6
Flag Day: no
Doc impact: no
|
|
|
|
| |
Summary: Replacing -D<DEFINE> with AC_DEFINE to reduce the compile command line length
|
|
|
|
|
|
|
|
|
|
| |
Summary: configure needs to support --with-fhs (Comment #13)
Changes:
configure.ac: $prefix should have been @prefix@. $prefix is replaced with the
value of --prefix, but not with AC_PREFIX_DEFAULT when --prefix is not given.
create_instance.[ch]: depending upon the macro IS_FHS, change swich the LIBDIR,
BINDIR, DATADIR, and DOCDIR.
ds_newinst.pl.in: use @libdir@ to get the ds_newinst path.
|